[Pkg-openssl-changes] r815 - in openssl/branches/1.1.0/debian: . patches
Sebastian Andrzej Siewior
bigeasy at moszumanska.debian.org
Fri Jul 29 22:02:36 UTC 2016
Author: bigeasy
Date: 2016-07-29 22:02:21 +0000 (Fri, 29 Jul 2016)
New Revision: 815
Removed:
openssl/branches/1.1.0/debian/patches/engines-path.patch
Modified:
openssl/branches/1.1.0/debian/changelog
openssl/branches/1.1.0/debian/libssl1.1.files
openssl/branches/1.1.0/debian/patches/c_rehash-compat.patch
openssl/branches/1.1.0/debian/patches/config-hurd.patch
openssl/branches/1.1.0/debian/patches/debian-targets.patch
openssl/branches/1.1.0/debian/patches/man-section.patch
openssl/branches/1.1.0/debian/patches/no-rpath.patch
openssl/branches/1.1.0/debian/patches/no-symbolic.patch
openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
openssl/branches/1.1.0/debian/patches/pic.patch
openssl/branches/1.1.0/debian/patches/series
openssl/branches/1.1.0/debian/rules
Log:
Update to new snapshow
parallel install fails from time to time
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/changelog 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,3 +1,11 @@
+openssl (1.1.0~pre5-5) UNRELEASED; urgency=medium
+
+ * Update snapshot to commit 976ef6adcc157233fb641ca99e2424630ef1814f
+ - drop engines-path.patch. Upstream uses a 1.1 suffixes now.
+ * use -j1 during install
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 29 Jul 2016 21:35:42 +0200
+
openssl (1.1.0~pre5-5) experimental; urgency=medium
* Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
Modified: openssl/branches/1.1.0/debian/libssl1.1.files
===================================================================
--- openssl/branches/1.1.0/debian/libssl1.1.files 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/libssl1.1.files 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,3 +1,3 @@
usr/lib/*/*.so.*.*
usr/lib/*/*/*.so.*.*
-usr/lib/*/openssl-1.1/engines
+usr/lib/*/engines-*
Modified: openssl/branches/1.1.0/debian/patches/c_rehash-compat.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/c_rehash-compat.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/c_rehash-compat.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -4,14 +4,12 @@
Subject: [PATCH] also create old hash for compatibility
---
- tools/c_rehash.in | 8 +++++++-
- 1 files changed, 7 insertions(+), 1 deletions(-)
+ tools/c_rehash.in | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
-Index: openssl-1.1.0~pre5/tools/c_rehash.in
-===================================================================
---- openssl-1.1.0~pre5.orig/tools/c_rehash.in
-+++ openssl-1.1.0~pre5/tools/c_rehash.in
-@@ -11,8 +11,6 @@ my $prefix = {- quotify1($config{prefix}
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}
my $errorcount = 0;
my $openssl = $ENV{OPENSSL} || "openssl";
my $pwd;
@@ -20,7 +18,7 @@
my $verbose = 0;
my $symlink_exists=eval {symlink("",""); 1};
my $removelinks = 1;
-@@ -21,10 +19,7 @@ my $removelinks = 1;
+@@ -27,10 +25,7 @@ my $removelinks = 1;
while ( $ARGV[0] =~ /^-/ ) {
my $flag = shift @ARGV;
last if ( $flag eq '--');
@@ -32,7 +30,7 @@
help();
} elsif ( $flag eq '-n' ) {
$removelinks = 0;
-@@ -122,7 +117,9 @@ sub hash_dir {
+@@ -128,7 +123,9 @@ sub hash_dir {
next;
}
link_hash_cert($fname) if ($cert);
@@ -42,7 +40,7 @@
}
}
-@@ -155,6 +152,7 @@ sub check_file {
+@@ -161,6 +158,7 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
@@ -50,7 +48,7 @@
$fname =~ s/'/'\\''/g;
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
-@@ -192,10 +190,20 @@ sub link_hash_cert {
+@@ -198,10 +196,20 @@ sub link_hash_cert {
$hashlist{$hash} = $fprint;
}
Modified: openssl/branches/1.1.0/debian/patches/config-hurd.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/config-hurd.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/config-hurd.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,8 +1,10 @@
-Index: openssl-1.0.0c/config
-===================================================================
---- openssl-1.0.0c.orig/config 2010-12-12 16:09:43.000000000 +0100
-+++ openssl-1.0.0c/config 2010-12-12 16:09:48.000000000 +0100
-@@ -170,8 +170,8 @@
+---
+ config | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/config
++++ b/config
+@@ -140,8 +140,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
echo "${MACHINE}-whatever-linux1"; exit 0
;;
Modified: openssl/branches/1.1.0/debian/patches/debian-targets.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/debian-targets.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/debian-targets.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,7 +1,9 @@
-Index: openssl-1.1.0~pre5/Configurations/20-debian.conf
-===================================================================
+---
+ Configurations/20-debian.conf | 133 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 133 insertions(+)
+
--- /dev/null
-+++ openssl-1.1.0~pre5/Configurations/20-debian.conf
++++ b/Configurations/20-debian.conf
@@ -0,0 +1,133 @@
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . "-Wa,--noexecstack -Wall";
+$debian_cflags =~ s/\n/ /g;
Deleted: openssl/branches/1.1.0/debian/patches/engines-path.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/engines-path.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/engines-path.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,53 +0,0 @@
-Index: openssl-1.1.0~pre5/Configurations/unix-Makefile.tmpl
-===================================================================
---- openssl-1.1.0~pre5.orig/Configurations/unix-Makefile.tmpl
-+++ openssl-1.1.0~pre5/Configurations/unix-Makefile.tmpl
-@@ -138,7 +138,7 @@ LIBDIR={- #
- our $libdir = $config{libdir} || "lib$multilib";
- $libdir -}
- ENGINESDIR={- use File::Spec::Functions;
-- catdir($prefix,$libdir,"engines") -}
-+ catdir($prefix,$libdir,"openssl-1.1/engines") -}
-
- MANDIR=$(INSTALLTOP)/share/man
- DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
-@@ -404,7 +404,7 @@ uninstall_dev:
-
- install_engines:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
-- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/
-+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/
- @echo "*** Installing engines"
- @set -e; for e in dummy $(ENGINES); do \
- if [ "$$e" = "dummy" ]; then continue; fi; \
-@@ -412,11 +412,11 @@ install_engines:
- if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
- continue; \
- fi; \
-- echo "install $$e -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn"; \
-- cp $$e $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new; \
-- chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new \
-- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn; \
-+ echo "install $$e -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn"; \
-+ cp $$e $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn.new; \
-+ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn.new; \
-+ mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn.new \
-+ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn; \
- done
-
- uninstall_engines:
-@@ -427,10 +427,10 @@ uninstall_engines:
- if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
- continue; \
- fi; \
-- echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn"; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn; \
-+ echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn"; \
-+ $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines/$$fn; \
- done
-- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines
-+ -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/openssl-1.1/engines
-
- install_runtime:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
Modified: openssl/branches/1.1.0/debian/patches/man-section.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/man-section.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/man-section.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,8 +1,10 @@
-Index: openssl-1.1.0/Configurations/unix-Makefile.tmpl
-===================================================================
---- openssl-1.1.0.orig/Configurations/unix-Makefile.tmpl
-+++ openssl-1.1.0/Configurations/unix-Makefile.tmpl
-@@ -147,7 +147,8 @@ HTMLDIR=$(DOCDIR)/html
+---
+ Configurations/unix-Makefile.tmpl | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -160,7 +160,8 @@ HTMLDIR=$(DOCDIR)/html
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -12,7 +14,7 @@
HTMLSUFFIX=html
-@@ -597,7 +598,7 @@ install_man_docs:
+@@ -635,7 +636,7 @@ UNINSTALL_DOCS=\
@\
OUTSUFFIX='.$${SEC}$(MANSUFFIX)'; \
OUTTOP="$(DESTDIR)$(MANDIR)"; \
Modified: openssl/branches/1.1.0/debian/patches/no-rpath.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/no-rpath.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/no-rpath.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,8 +1,10 @@
-Index: openssl-1.1.0~pre5/Makefile.shared
-===================================================================
---- openssl-1.1.0~pre5.orig/Makefile.shared
-+++ openssl-1.1.0~pre5/Makefile.shared
-@@ -175,7 +175,7 @@ DO_GNU_SO=\
+---
+ Makefile.shared | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -176,7 +176,7 @@ DO_GNU_SO=\
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
Modified: openssl/branches/1.1.0/debian/patches/no-symbolic.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/no-symbolic.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/no-symbolic.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,8 +1,10 @@
-Index: openssl-1.1.0~pre5/Makefile.shared
-===================================================================
---- openssl-1.1.0~pre5.orig/Makefile.shared
-+++ openssl-1.1.0~pre5/Makefile.shared
-@@ -163,7 +163,7 @@ LINK_SO_SHLIB_UNPACKED= \
+---
+ Makefile.shared | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -164,7 +164,7 @@ LINK_SO_SHLIB_UNPACKED= \
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO_COMMON=\
Modified: openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,85 +1,2202 @@
-diff --git a/.gitattributes b/.gitattributes
-new file mode 100644
-index 0000000..f33e22a
+---
+ .gitattributes | 2
+ .gitignore | 117
+ .travis.yml | 41
+ AUTHORS | 21
+ CHANGES | 179
+ CONTRIBUTING | 101
+ Configurations/00-base-templates.conf | 17
+ Configurations/10-main.conf | 190
+ Configurations/50-djgpp.conf | 15
+ Configurations/50-haiku.conf | 29
+ Configurations/50-masm.conf | 17
+ Configurations/99-personal-ben.conf | 95
+ Configurations/99-personal-bodo.conf | 21
+ Configurations/99-personal-geoff.conf | 29
+ Configurations/99-personal-levitte.conf | 21
+ Configurations/99-personal-rse.conf | 12
+ Configurations/99-personal-steve.conf | 50
+ Configurations/README | 30
+ Configurations/README.design | 204
+ Configurations/common.tmpl | 66
+ Configurations/descrip.mms.tmpl | 344
+ Configurations/unix-Makefile.tmpl | 314
+ Configurations/windows-makefile.tmpl | 361
+ Configure | 510 -
+ INSTALL | 277
+ INSTALL.DJGPP | 48
+ INSTALL.WCE | 93
+ LICENSE | 4
+ Makefile.in | 798 -
+ Makefile.shared | 17
+ NEWS | 22
+ NOTES.DJGPP | 48
+ NOTES.PERL | 119
+ NOTES.WIN | 45
+ README | 41
+ README.PERL | 118
+ VMS/VMSify-conf.pl | 9
+ VMS/openssl_ivp.com.in | 40
+ VMS/openssl_shutdown.com.in | 41
+ VMS/openssl_startup.com.in | 90
+ VMS/openssl_utils.com | 12
+ VMS/openssl_utils.com.in | 14
+ VMS/translatesyms.pl | 9
+ apps/CA.pl.in | 15
+ apps/Makefile.in | 159
+ apps/app_rand.c | 117
+ apps/apps.c | 190
+ apps/apps.h | 141
+ apps/asn1pars.c | 75
+ apps/build.info | 9
+ apps/ca.c | 303
+ apps/ciphers.c | 82
+ apps/cms.c | 83
+ apps/crl.c | 74
+ apps/crl2p7.c | 73
+ apps/dgst.c | 60
+ apps/dh1024.pem | 14
+ apps/dh2048.pem | 20
+ apps/dh4096.pem | 31
+ apps/dhparam.c | 144
+ apps/dsa.c | 68
+ apps/dsaparam.c | 63
+ apps/ec.c | 89
+ apps/ecparam.c | 59
+ apps/enc.c | 78
+ apps/engine.c | 97
+ apps/errstr.c | 62
+ apps/gendsa.c | 62
+ apps/genpkey.c | 60
+ apps/genrsa.c | 62
+ apps/nseq.c | 59
+ apps/ocsp.c | 103
+ apps/openssl-vms.cnf | 6
+ apps/openssl.c | 131
+ apps/openssl.cnf | 6
+ apps/opt.c | 68
+ apps/passwd.c | 158
+ apps/pkcs12.c | 140
+ apps/pkcs7.c | 120
+ apps/pkcs8.c | 92
+ apps/pkey.c | 80
+ apps/pkeyparam.c | 60
+ apps/pkeyutl.c | 61
+ apps/prime.c | 80
+ apps/progs.h | 25
+ apps/progs.pl | 32
+ apps/rand.c | 73
+ apps/rehash.c | 109
+ apps/req.c | 90
+ apps/rsa.c | 110
+ apps/rsautl.c | 61
+ apps/s_apps.h | 114
+ apps/s_cb.c | 117
+ apps/s_client.c | 408
+ apps/s_server.c | 344
+ apps/s_socket.c | 110
+ apps/s_time.c | 91
+ apps/sess_id.c | 60
+ apps/smime.c | 81
+ apps/speed.c | 138
+ apps/spkac.c | 60
+ apps/srp.c | 105
+ apps/testdsa.h | 52
+ apps/testrsa.h | 61
+ apps/timeouts.h | 59
+ apps/ts.c | 100
+ apps/tsget.in | 15
+ apps/verify.c | 61
+ apps/version.c | 113
+ apps/vms_decc_init.c | 53
+ apps/winrand.c | 145
+ apps/x509.c | 89
+ appveyor.yml | 16
+ build.info | 29
+ config | 99
+ config.com | 8
+ crypto/LPdir_nyi.c | 8
+ crypto/LPdir_unix.c | 9
+ crypto/LPdir_vms.c | 9
+ crypto/LPdir_win.c | 121
+ crypto/LPdir_win32.c | 9
+ crypto/LPdir_wince.c | 9
+ crypto/Makefile.in | 117
+ crypto/aes/Makefile.in | 106
+ crypto/aes/aes_cbc.c | 53
+ crypto/aes/aes_cfb.c | 53
+ crypto/aes/aes_core.c | 19
+ crypto/aes/aes_ecb.c | 53
+ crypto/aes/aes_ige.c | 53
+ crypto/aes/aes_locl.h | 53
+ crypto/aes/aes_misc.c | 53
+ crypto/aes/aes_ofb.c | 53
+ crypto/aes/aes_wrap.c | 54
+ crypto/aes/aes_x86core.c | 19
+ crypto/aes/asm/aes-586.pl | 9
+ crypto/aes/asm/aes-armv4.pl | 9
+ crypto/aes/asm/aes-c64xplus.pl | 9
+ crypto/aes/asm/aes-ia64.S | 7
+ crypto/aes/asm/aes-mips.pl | 23
+ crypto/aes/asm/aes-parisc.pl | 9
+ crypto/aes/asm/aes-ppc.pl | 9
+ crypto/aes/asm/aes-s390x.pl | 38
+ crypto/aes/asm/aes-sparcv9.pl | 9
+ crypto/aes/asm/aes-x86_64.pl | 11
+ crypto/aes/asm/aesfx-sparcv9.pl | 1270 ++
+ crypto/aes/asm/aesni-mb-x86_64.pl | 11
+ crypto/aes/asm/aesni-sha1-x86_64.pl | 11
+ crypto/aes/asm/aesni-sha256-x86_64.pl | 11
+ crypto/aes/asm/aesni-x86.pl | 9
+ crypto/aes/asm/aesni-x86_64.pl | 11
+ crypto/aes/asm/aesp8-ppc.pl | 1865 ++++
+ crypto/aes/asm/aest4-sparcv9.pl | 9
+ crypto/aes/asm/aesv8-armx.pl | 9
+ crypto/aes/asm/bsaes-armv7.pl | 33
+ crypto/aes/asm/bsaes-x86_64.pl | 11
+ crypto/aes/asm/vpaes-armv8.pl | 9
+ crypto/aes/asm/vpaes-ppc.pl | 9
+ crypto/aes/asm/vpaes-x86.pl | 9
+ crypto/aes/asm/vpaes-x86_64.pl | 11
+ crypto/aes/build.info | 2
+ crypto/alphacpuid.pl | 39
+ crypto/arm64cpuid.pl | 60
+ crypto/arm_arch.h | 9
+ crypto/armcap.c | 9
+ crypto/armv4cpuid.pl | 39
+ crypto/asn1/Makefile.in | 78
+ crypto/asn1/a_bitstr.c | 67
+ crypto/asn1/a_d2i_fp.c | 107
+ crypto/asn1/a_digest.c | 60
+ crypto/asn1/a_dup.c | 60
+ crypto/asn1/a_gentm.c | 97
+ crypto/asn1/a_i2d_fp.c | 60
+ crypto/asn1/a_int.c | 80
+ crypto/asn1/a_mbstr.c | 59
+ crypto/asn1/a_object.c | 66
+ crypto/asn1/a_octet.c | 60
+ crypto/asn1/a_print.c | 61
+ crypto/asn1/a_sign.c | 113
+ crypto/asn1/a_strex.c | 135
+ crypto/asn1/a_strnid.c | 68
+ crypto/asn1/a_time.c | 58
+ crypto/asn1/a_type.c | 64
+ crypto/asn1/a_utctm.c | 60
+ crypto/asn1/a_utf8.c | 60
+ crypto/asn1/a_verify.c | 60
+ crypto/asn1/ameth_lib.c | 59
+ crypto/asn1/asn1_err.c | 125
+ crypto/asn1/asn1_gen.c | 71
+ crypto/asn1/asn1_lib.c | 62
+ crypto/asn1/asn1_locl.h | 59
+ crypto/asn1/asn1_par.c | 65
+ crypto/asn1/asn_mime.c | 115
+ crypto/asn1/asn_moid.c | 66
+ crypto/asn1/asn_mstbl.c | 59
+ crypto/asn1/asn_pack.c | 80
+ crypto/asn1/bio_asn1.c | 69
+ crypto/asn1/bio_ndef.c | 65
+ crypto/asn1/charmap.h | 41
+ crypto/asn1/charmap.pl | 58
+ crypto/asn1/d2i_pr.c | 68
+ crypto/asn1/d2i_pu.c | 60
+ crypto/asn1/evp_asn1.c | 64
+ crypto/asn1/f_int.c | 72
+ crypto/asn1/f_string.c | 74
+ crypto/asn1/i2d_pr.c | 69
+ crypto/asn1/i2d_pu.c | 60
+ crypto/asn1/n_pkey.c | 60
+ crypto/asn1/nsseq.c | 59
+ crypto/asn1/p5_pbe.c | 59
+ crypto/asn1/p5_pbev2.c | 61
+ crypto/asn1/p5_scrypt.c | 59
+ crypto/asn1/p8_pkey.c | 59
+ crypto/asn1/t_bitst.c | 63
+ crypto/asn1/t_pkey.c | 64
+ crypto/asn1/t_spki.c | 59
+ crypto/asn1/tasn_dec.c | 83
+ crypto/asn1/tasn_enc.c | 61
+ crypto/asn1/tasn_fre.c | 67
+ crypto/asn1/tasn_new.c | 63
+ crypto/asn1/tasn_prn.c | 90
+ crypto/asn1/tasn_scn.c | 63
+ crypto/asn1/tasn_typ.c | 60
+ crypto/asn1/tasn_utl.c | 86
+ crypto/asn1/x_algor.c | 59
+ crypto/asn1/x_bignum.c | 77
+ crypto/asn1/x_info.c | 60
+ crypto/asn1/x_long.c | 63
+ crypto/asn1/x_pkey.c | 60
+ crypto/asn1/x_sig.c | 60
+ crypto/asn1/x_spki.c | 60
+ crypto/asn1/x_val.c | 60
+ crypto/async/Makefile.in | 63
+ crypto/async/arch/async_null.c | 57
+ crypto/async/arch/async_null.h | 53
+ crypto/async/arch/async_posix.c | 53
+ crypto/async/arch/async_posix.h | 60
+ crypto/async/arch/async_win.c | 55
+ crypto/async/arch/async_win.h | 53
+ crypto/async/async.c | 58
+ crypto/async/async_err.c | 69
+ crypto/async/async_locl.h | 57
+ crypto/async/async_wait.c | 53
+ crypto/bf/COPYRIGHT | 46
+ crypto/bf/INSTALL | 14
+ crypto/bf/Makefile.in | 51
+ crypto/bf/VERSION | 6
+ crypto/bf/asm/bf-586.pl | 9
+ crypto/bf/bf_cbc.c | 60
+ crypto/bf/bf_cfb64.c | 60
+ crypto/bf/bf_ecb.c | 60
+ crypto/bf/bf_enc.c | 60
+ crypto/bf/bf_locl.h | 60
+ crypto/bf/bf_ofb64.c | 60
+ crypto/bf/bf_pi.h | 60
+ crypto/bf/bf_skey.c | 60
+ crypto/bf/bfs.cpp | 67
+ crypto/bf/build.info | 3
+ crypto/bio/Makefile.in | 55
+ crypto/bio/b_addr.c | 111
+ crypto/bio/b_dump.c | 60
+ crypto/bio/b_print.c | 295
+ crypto/bio/b_sock.c | 82
+ crypto/bio/b_sock2.c | 61
+ crypto/bio/bf_buff.c | 60
+ crypto/bio/bf_lbuf.c | 60
+ crypto/bio/bf_nbio.c | 60
+ crypto/bio/bf_null.c | 60
+ crypto/bio/bio_cb.c | 60
+ crypto/bio/bio_err.c | 93
+ crypto/bio/bio_lcl.h | 9
+ crypto/bio/bio_lib.c | 114
+ crypto/bio/bio_meth.c | 57
+ crypto/bio/bss_acpt.c | 69
+ crypto/bio/bss_bio.c | 77
+ crypto/bio/bss_conn.c | 62
+ crypto/bio/bss_dgram.c | 65
+ crypto/bio/bss_fd.c | 60
+ crypto/bio/bss_file.c | 115
+ crypto/bio/bss_log.c | 57
+ crypto/bio/bss_mem.c | 85
+ crypto/bio/bss_null.c | 60
+ crypto/bio/bss_sock.c | 66
+ crypto/blake2/Makefile.in | 41
+ crypto/blake2/blake2_impl.h | 9
+ crypto/blake2/blake2_locl.h | 9
+ crypto/blake2/blake2b.c | 13
+ crypto/blake2/blake2s.c | 13
+ crypto/blake2/m_blake2b.c | 11
+ crypto/blake2/m_blake2s.c | 11
+ crypto/bn/Makefile.in | 149
+ crypto/bn/README.pod | 247
+ crypto/bn/asm/alpha-mont.pl | 9
+ crypto/bn/asm/armv4-gf2m.pl | 9
+ crypto/bn/asm/armv4-mont.pl | 9
+ crypto/bn/asm/armv8-mont.pl | 9
+ crypto/bn/asm/bn-586.pl | 9
+ crypto/bn/asm/bn-c64xplus.asm | 7
+ crypto/bn/asm/c64xplus-gf2m.pl | 9
+ crypto/bn/asm/co-586.pl | 8
+ crypto/bn/asm/ia64-mont.pl | 9
+ crypto/bn/asm/ia64.S | 7
+ crypto/bn/asm/mips-mont.pl | 9
+ crypto/bn/asm/mips.pl | 9
+ crypto/bn/asm/pa-risc2.s | 6
+ crypto/bn/asm/pa-risc2W.s | 7
+ crypto/bn/asm/parisc-mont.pl | 9
+ crypto/bn/asm/ppc-mont.pl | 9
+ crypto/bn/asm/ppc.pl | 8
+ crypto/bn/asm/ppc64-mont.pl | 9
+ crypto/bn/asm/rsaz-avx2.pl | 11
+ crypto/bn/asm/rsaz-x86_64.pl | 11
+ crypto/bn/asm/s390x-gf2m.pl | 9
+ crypto/bn/asm/s390x-mont.pl | 9
+ crypto/bn/asm/s390x.S | 10
+ crypto/bn/asm/sparct4-mont.pl | 9
+ crypto/bn/asm/sparcv8.S | 10
+ crypto/bn/asm/sparcv8plus.S | 10
+ crypto/bn/asm/sparcv9-gf2m.pl | 9
+ crypto/bn/asm/sparcv9-mont.pl | 9
+ crypto/bn/asm/sparcv9a-mont.pl | 9
+ crypto/bn/asm/via-mont.pl | 9
+ crypto/bn/asm/vis3-mont.pl | 9
+ crypto/bn/asm/vms.mar | 6440 --------------
+ crypto/bn/asm/x86-gf2m.pl | 9
+ crypto/bn/asm/x86-mont.pl | 9
+ crypto/bn/asm/x86.pl | 8
+ crypto/bn/asm/x86_64-gcc.c | 9
+ crypto/bn/asm/x86_64-gf2m.pl | 11
+ crypto/bn/asm/x86_64-mont.pl | 11
+ crypto/bn/asm/x86_64-mont5.pl | 11
+ crypto/bn/bn_add.c | 168
+ crypto/bn/bn_asm.c | 60
+ crypto/bn/bn_blind.c | 114
+ crypto/bn/bn_const.c | 9
+ crypto/bn/bn_ctx.c | 58
+ crypto/bn/bn_depr.c | 58
+ crypto/bn/bn_dh.c | 59
+ crypto/bn/bn_div.c | 68
+ crypto/bn/bn_err.c | 70
+ crypto/bn/bn_exp.c | 123
+ crypto/bn/bn_exp2.c | 113
+ crypto/bn/bn_gcd.c | 117
+ crypto/bn/bn_gf2m.c | 88
+ crypto/bn/bn_intern.c | 57
+ crypto/bn/bn_kron.c | 57
+ crypto/bn/bn_lcl.h | 143
+ crypto/bn/bn_lib.c | 84
+ crypto/bn/bn_mod.c | 115
+ crypto/bn/bn_mont.c | 113
+ crypto/bn/bn_mpi.c | 85
+ crypto/bn/bn_mul.c | 60
+ crypto/bn/bn_nist.c | 58
+ crypto/bn/bn_prime.c | 176
+ crypto/bn/bn_prime.h | 66
+ crypto/bn/bn_prime.pl | 74
+ crypto/bn/bn_print.c | 78
+ crypto/bn/bn_rand.c | 122
+ crypto/bn/bn_recp.c | 60
+ crypto/bn/bn_shift.c | 60
+ crypto/bn/bn_sqr.c | 60
+ crypto/bn/bn_sqrt.c | 59
+ crypto/bn/bn_srp.c | 9
+ crypto/bn/bn_word.c | 82
+ crypto/bn/bn_x931p.c | 76
+ crypto/bn/build.info | 5
+ crypto/bn/rsaz_exp.c | 11
+ crypto/bn/rsaz_exp.h | 9
+ crypto/bn/vms-helper.c | 67
+ crypto/buffer/Makefile.in | 43
+ crypto/buffer/buf_err.c | 67
+ crypto/buffer/buffer.c | 67
+ crypto/build.info | 2
+ crypto/c64xpluscpuid.pl | 31
+ crypto/camellia/Makefile.in | 57
+ crypto/camellia/asm/cmll-x86.pl | 9
+ crypto/camellia/asm/cmll-x86_64.pl | 11
+ crypto/camellia/asm/cmllt4-sparcv9.pl | 9
+ crypto/camellia/build.info | 2
+ crypto/camellia/camellia.c | 60
+ crypto/camellia/cmll_cbc.c | 53
+ crypto/camellia/cmll_cfb.c | 109
+ crypto/camellia/cmll_ctr.c | 53
+ crypto/camellia/cmll_ecb.c | 53
+ crypto/camellia/cmll_locl.h | 60
+ crypto/camellia/cmll_misc.c | 53
+ crypto/camellia/cmll_ofb.c | 109
+ crypto/cast/Makefile.in | 51
+ crypto/cast/asm/cast-586.pl | 9
+ crypto/cast/c_cfb64.c | 60
+ crypto/cast/c_ecb.c | 60
+ crypto/cast/c_enc.c | 60
+ crypto/cast/c_ofb64.c | 60
+ crypto/cast/c_skey.c | 60
+ crypto/cast/cast_lcl.h | 60
+ crypto/cast/cast_s.h | 61
+ crypto/cast/casts.cpp | 70
+ crypto/chacha/Makefile.in | 57
+ crypto/chacha/asm/chacha-armv4.pl | 9
+ crypto/chacha/asm/chacha-armv8.pl | 9
+ crypto/chacha/asm/chacha-c64xplus.pl | 9
+ crypto/chacha/asm/chacha-ppc.pl | 13
+ crypto/chacha/asm/chacha-s390x.pl | 13
+ crypto/chacha/asm/chacha-x86.pl | 13
+ crypto/chacha/asm/chacha-x86_64.pl | 11
+ crypto/chacha/chacha_enc.c | 62
+ crypto/cmac/Makefile.in | 43
+ crypto/cmac/cm_ameth.c | 54
+ crypto/cmac/cm_pmeth.c | 54
+ crypto/cmac/cmac.c | 54
+ crypto/cms/Makefile.in | 49
+ crypto/cms/cms_asn1.c | 54
+ crypto/cms/cms_att.c | 54
+ crypto/cms/cms_cd.c | 54
+ crypto/cms/cms_dd.c | 54
+ crypto/cms/cms_enc.c | 62
+ crypto/cms/cms_env.c | 59
+ crypto/cms/cms_err.c | 68
+ crypto/cms/cms_ess.c | 54
+ crypto/cms/cms_io.c | 54
+ crypto/cms/cms_kari.c | 55
+ crypto/cms/cms_lcl.h | 54
+ crypto/cms/cms_lib.c | 60
+ crypto/cms/cms_pwri.c | 64
+ crypto/cms/cms_sd.c | 56
+ crypto/cms/cms_smime.c | 56
+ crypto/comp/Makefile.in | 46
+ crypto/comp/c_zlib.c | 57
+ crypto/comp/comp_err.c | 67
+ crypto/comp/comp_lcl.h | 57
+ crypto/comp/comp_lib.c | 57
+ crypto/conf/Makefile.in | 46
+ crypto/conf/conf_api.c | 62
+ crypto/conf/conf_def.c | 60
+ crypto/conf/conf_def.h | 89
+ crypto/conf/conf_err.c | 71
+ crypto/conf/conf_lib.c | 80
+ crypto/conf/conf_mall.c | 59
+ crypto/conf/conf_mod.c | 84
+ crypto/conf/conf_sap.c | 69
+ crypto/conf/keysets.pl | 97
+ crypto/cpt_err.c | 77
+ crypto/cryptlib.c | 127
+ crypto/ct/Makefile.in | 45
+ crypto/ct/ct_b64.c | 85
+ crypto/ct/ct_err.c | 90
+ crypto/ct/ct_locl.h | 55
+ crypto/ct/ct_log.c | 128
+ crypto/ct/ct_oct.c | 63
+ crypto/ct/ct_policy.c | 58
+ crypto/ct/ct_prn.c | 59
+ crypto/ct/ct_sct.c | 59
+ crypto/ct/ct_sct_ctx.c | 59
+ crypto/ct/ct_vfy.c | 59
+ crypto/ct/ct_x509v3.c | 61
+ crypto/cversion.c | 60
+ crypto/des/COPYRIGHT | 50
+ crypto/des/Makefile.in | 72
+ crypto/des/asm/crypt586.pl | 11
+ crypto/des/asm/des-586.pl | 9
+ crypto/des/asm/des_enc.m4 | 27
+ crypto/des/asm/desboth.pl | 9
+ crypto/des/asm/dest4-sparcv9.pl | 17
+ crypto/des/asm/readme | 131
+ crypto/des/build.info | 9
+ crypto/des/cbc_cksm.c | 60
+ crypto/des/cbc_enc.c | 60
+ crypto/des/cfb64ede.c | 60
+ crypto/des/cfb64enc.c | 60
+ crypto/des/cfb_enc.c | 60
+ crypto/des/des_enc.c | 60
+ crypto/des/des_locl.h | 88
+ crypto/des/ecb3_enc.c | 60
+ crypto/des/ecb_enc.c | 60
+ crypto/des/enc_read.c | 234
+ crypto/des/enc_writ.c | 180
+ crypto/des/fcrypt.c | 73
+ crypto/des/fcrypt_b.c | 66
+ crypto/des/ncbc_enc.c | 65
+ crypto/des/ofb64ede.c | 60
+ crypto/des/ofb64enc.c | 60
+ crypto/des/ofb_enc.c | 60
+ crypto/des/pcbc_enc.c | 60
+ crypto/des/qud_cksm.c | 60
+ crypto/des/rand_key.c | 57
+ crypto/des/read2pwd.c | 146
+ crypto/des/rpc_des.h | 60
+ crypto/des/rpc_enc.c | 60
+ crypto/des/set_key.c | 60
+ crypto/des/spr.h | 60
+ crypto/des/str2key.c | 68
+ crypto/des/xcbc_enc.c | 60
+ crypto/dh/Makefile.in | 45
+ crypto/dh/dh_ameth.c | 64
+ crypto/dh/dh_asn1.c | 59
+ crypto/dh/dh_check.c | 81
+ crypto/dh/dh_depr.c | 57
+ crypto/dh/dh_err.c | 72
+ crypto/dh/dh_gen.c | 60
+ crypto/dh/dh_kdf.c | 57
+ crypto/dh/dh_key.c | 96
+ crypto/dh/dh_lib.c | 142
+ crypto/dh/dh_locl.h | 7
+ crypto/dh/dh_meth.c | 34
+ crypto/dh/dh_pmeth.c | 86
+ crypto/dh/dh_prn.c | 60
+ crypto/dh/dh_rfc5114.c | 59
+ crypto/dh/example | 50
+ crypto/dh/generate | 65
+ crypto/dllmain.c | 9
+ crypto/dsa/Makefile.in | 47
+ crypto/dsa/dsa_ameth.c | 67
+ crypto/dsa/dsa_asn1.c | 102
+ crypto/dsa/dsa_depr.c | 58
+ crypto/dsa/dsa_err.c | 81
+ crypto/dsa/dsa_gen.c | 62
+ crypto/dsa/dsa_key.c | 81
+ crypto/dsa/dsa_lib.c | 147
+ crypto/dsa/dsa_locl.h | 70
+ crypto/dsa/dsa_meth.c | 48
+ crypto/dsa/dsa_ossl.c | 188
+ crypto/dsa/dsa_pmeth.c | 59
+ crypto/dsa/dsa_prn.c | 59
+ crypto/dsa/dsa_sign.c | 61
+ crypto/dsa/dsa_vrf.c | 60
+ crypto/dsa/fips186a.txt | 122
+ crypto/dso/Makefile.in | 45
+ crypto/dso/README | 22
+ crypto/dso/dso_dl.c | 67
+ crypto/dso/dso_dlfcn.c | 59
+ crypto/dso/dso_err.c | 67
+ crypto/dso/dso_lib.c | 60
+ crypto/dso/dso_locl.h | 11
+ crypto/dso/dso_openssl.c | 59
+ crypto/dso/dso_vms.c | 61
+ crypto/dso/dso_win32.c | 59
+ crypto/ebcdic.c | 90
+ crypto/ec/Makefile.in | 73
+ crypto/ec/asm/ecp_nistz256-armv4.pl | 9
+ crypto/ec/asm/ecp_nistz256-armv8.pl | 9
+ crypto/ec/asm/ecp_nistz256-avx2.pl | 9
+ crypto/ec/asm/ecp_nistz256-sparcv9.pl | 44
+ crypto/ec/asm/ecp_nistz256-x86.pl | 9
+ crypto/ec/asm/ecp_nistz256-x86_64.pl | 11
+ crypto/ec/curve25519.c | 105
+ crypto/ec/ec2_mult.c | 62
+ crypto/ec/ec2_oct.c | 72
+ crypto/ec/ec2_smpl.c | 62
+ crypto/ec/ec_25519.c | 60
+ crypto/ec/ec_ameth.c | 98
+ crypto/ec/ec_asn1.c | 90
+ crypto/ec/ec_check.c | 62
+ crypto/ec/ec_curve.c | 59
+ crypto/ec/ec_cvt.c | 59
+ crypto/ec/ec_err.c | 98
+ crypto/ec/ec_key.c | 115
+ crypto/ec/ec_kmeth.c | 84
+ crypto/ec/ec_lcl.h | 63
+ crypto/ec/ec_lib.c | 80
+ crypto/ec/ec_mult.c | 61
+ crypto/ec/ec_oct.c | 59
+ crypto/ec/ec_pmeth.c | 59
+ crypto/ec/ec_print.c | 57
+ crypto/ec/ecdh_kdf.c | 56
+ crypto/ec/ecdh_ossl.c | 64
+ crypto/ec/ecdsa_ossl.c | 64
+ crypto/ec/ecdsa_sign.c | 59
+ crypto/ec/ecdsa_vrf.c | 60
+ crypto/ec/eck_prn.c | 83
+ crypto/ec/ecp_mont.c | 60
+ crypto/ec/ecp_nist.c | 59
+ crypto/ec/ecp_nistp224.c | 8
+ crypto/ec/ecp_nistp256.c | 8
+ crypto/ec/ecp_nistp521.c | 8
+ crypto/ec/ecp_nistputil.c | 8
+ crypto/ec/ecp_nistz256.c | 15
+ crypto/ec/ecp_nistz256_table.c | 9
+ crypto/ec/ecp_oct.c | 71
+ crypto/ec/ecp_smpl.c | 61
+ crypto/engine/Makefile.in | 53
+ crypto/engine/eng_all.c | 59
+ crypto/engine/eng_cnf.c | 71
+ crypto/engine/eng_cryptodev.c | 99
+ crypto/engine/eng_ctrl.c | 70
+ crypto/engine/eng_dyn.c | 78
+ crypto/engine/eng_err.c | 83
+ crypto/engine/eng_fat.c | 58
+ crypto/engine/eng_init.c | 62
+ crypto/engine/eng_int.h | 66
+ crypto/engine/eng_lib.c | 73
+ crypto/engine/eng_list.c | 78
+ crypto/engine/eng_openssl.c | 87
+ crypto/engine/eng_pkey.c | 57
+ crypto/engine/eng_rdrand.c | 52
+ crypto/engine/eng_table.c | 57
+ crypto/engine/tb_asnmth.c | 63
+ crypto/engine/tb_cipher.c | 57
+ crypto/engine/tb_dh.c | 57
+ crypto/engine/tb_digest.c | 57
+ crypto/engine/tb_dsa.c | 57
+ crypto/engine/tb_eckey.c | 57
+ crypto/engine/tb_pkmeth.c | 57
+ crypto/engine/tb_rand.c | 57
+ crypto/engine/tb_rsa.c | 57
+ crypto/err/Makefile.in | 43
+ crypto/err/README | 44
+ crypto/err/err.c | 190
+ crypto/err/err_all.c | 130
+ crypto/err/err_prn.c | 61
+ crypto/err/openssl.ec | 37
+ crypto/evp/Makefile.in | 68
+ crypto/evp/bio_b64.c | 74
+ crypto/evp/bio_enc.c | 62
+ crypto/evp/bio_md.c | 60
+ crypto/evp/bio_ok.c | 66
+ crypto/evp/c_allc.c | 64
+ crypto/evp/c_alld.c | 60
+ crypto/evp/cmeth_lib.c | 59
+ crypto/evp/digest.c | 125
+ crypto/evp/e_aes.c | 90
+ crypto/evp/e_aes_cbc_hmac_sha1.c | 60
+ crypto/evp/e_aes_cbc_hmac_sha256.c | 65
+ crypto/evp/e_bf.c | 60
+ crypto/evp/e_camellia.c | 57
+ crypto/evp/e_cast.c | 60
+ crypto/evp/e_chacha20_poly1305.c | 79
+ crypto/evp/e_des.c | 60
+ crypto/evp/e_des3.c | 62
+ crypto/evp/e_idea.c | 68
+ crypto/evp/e_null.c | 60
+ crypto/evp/e_old.c | 59
+ crypto/evp/e_rc2.c | 69
+ crypto/evp/e_rc4.c | 60
+ crypto/evp/e_rc4_hmac_md5.c | 57
+ crypto/evp/e_rc5.c | 60
+ crypto/evp/e_seed.c | 60
+ crypto/evp/e_xcbc_d.c | 60
+ crypto/evp/encode.c | 90
+ crypto/evp/evp_cnf.c | 59
+ crypto/evp/evp_enc.c | 121
+ crypto/evp/evp_err.c | 114
+ crypto/evp/evp_key.c | 60
+ crypto/evp/evp_lib.c | 60
+ crypto/evp/evp_locl.h | 59
+ crypto/evp/evp_pbe.c | 64
+ crypto/evp/evp_pkey.c | 59
+ crypto/evp/m_md2.c | 60
+ crypto/evp/m_md4.c | 60
+ crypto/evp/m_md5.c | 60
+ crypto/evp/m_md5_sha1.c | 54
+ crypto/evp/m_mdc2.c | 60
+ crypto/evp/m_null.c | 60
+ crypto/evp/m_ripemd.c | 60
+ crypto/evp/m_sha1.c | 60
+ crypto/evp/m_sigver.c | 59
+ crypto/evp/m_wp.c | 8
+ crypto/evp/names.c | 60
+ crypto/evp/p5_crpt.c | 59
+ crypto/evp/p5_crpt2.c | 62
+ crypto/evp/p_dec.c | 61
+ crypto/evp/p_enc.c | 61
+ crypto/evp/p_lib.c | 90
+ crypto/evp/p_open.c | 60
+ crypto/evp/p_seal.c | 60
+ crypto/evp/p_sign.c | 60
+ crypto/evp/p_verify.c | 60
+ crypto/evp/pmeth_fn.c | 59
+ crypto/evp/pmeth_gn.c | 59
+ crypto/evp/pmeth_lib.c | 59
+ crypto/evp/scrypt.c | 59
+ crypto/ex_data.c | 123
+ crypto/fips_err.h | 226
+ crypto/fips_ers.c | 7
+ crypto/hmac/Makefile.in | 43
+ crypto/hmac/hm_ameth.c | 66
+ crypto/hmac/hm_pmeth.c | 83
+ crypto/hmac/hmac.c | 69
+ crypto/hmac/hmac_lcl.h | 61
+ crypto/ia64cpuid.S | 66
+ crypto/idea/Makefile.in | 43
+ crypto/idea/i_cbc.c | 60
+ crypto/idea/i_cfb64.c | 60
+ crypto/idea/i_ecb.c | 60
+ crypto/idea/i_ofb64.c | 60
+ crypto/idea/i_skey.c | 60
+ crypto/idea/idea_lcl.h | 60
+ crypto/idea/version | 12
+ crypto/include/internal/asn1_int.h | 65
+ crypto/include/internal/async.h | 58
+ crypto/include/internal/bn_conf.h.in | 57
+ crypto/include/internal/bn_dh.h | 9
+ crypto/include/internal/bn_int.h | 57
+ crypto/include/internal/bn_srp.h | 8
+ crypto/include/internal/chacha.h | 53
+ crypto/include/internal/cryptlib.h | 79
+ crypto/include/internal/cryptlib_int.h | 60
+ crypto/include/internal/dso_conf.h.in | 57
+ crypto/include/internal/engine.h | 57
+ crypto/include/internal/err_int.h | 10
+ crypto/include/internal/evp_int.h | 96
+ crypto/include/internal/md32_common.h | 65
+ crypto/include/internal/objects.h | 9
+ crypto/include/internal/poly1305.h | 54
+ crypto/include/internal/rand.h | 9
+ crypto/include/internal/x509_int.h | 72
+ crypto/init.c | 194
+ crypto/kdf/Makefile.in | 53
+ crypto/kdf/hkdf.c | 51
+ crypto/kdf/kdf_err.c | 67
+ crypto/kdf/tls1_prf.c | 59
+ crypto/lhash/Makefile.in | 43
+ crypto/lhash/lh_stats.c | 92
+ crypto/lhash/lhash.c | 191
+ crypto/lhash/lhash_lcl.h | 42
+ crypto/lhash/num.pl | 8
+ crypto/md2/Makefile.in | 43
+ crypto/md2/md2_dgst.c | 62
+ crypto/md2/md2_one.c | 60
+ crypto/md4/Makefile.in | 44
+ crypto/md4/md4_dgst.c | 60
+ crypto/md4/md4_locl.h | 60
+ crypto/md4/md4_one.c | 60
+ crypto/md4/md4s.cpp | 78
+ crypto/md5/Makefile.in | 61
+ crypto/md5/asm/md5-586.pl | 9
+ crypto/md5/asm/md5-ia64.S | 10
+ crypto/md5/asm/md5-sparcv9.pl | 9
+ crypto/md5/asm/md5-x86_64.pl | 16
+ crypto/md5/md5_dgst.c | 60
+ crypto/md5/md5_locl.h | 62
+ crypto/md5/md5_one.c | 60
+ crypto/md5/md5s.cpp | 78
+ crypto/mdc2/Makefile.in | 43
+ crypto/mdc2/mdc2_one.c | 60
+ crypto/mdc2/mdc2dgst.c | 60
+ crypto/mem.c | 67
+ crypto/mem_clr.c | 59
+ crypto/mem_dbg.c | 150
+ crypto/mem_sec.c | 80
+ crypto/modes/Makefile.in | 76
+ crypto/modes/asm/aesni-gcm-x86_64.pl | 52
+ crypto/modes/asm/ghash-alpha.pl | 9
+ crypto/modes/asm/ghash-armv4.pl | 9
+ crypto/modes/asm/ghash-c64xplus.pl | 9
+ crypto/modes/asm/ghash-ia64.pl | 9
+ crypto/modes/asm/ghash-parisc.pl | 9
+ crypto/modes/asm/ghash-s390x.pl | 13
+ crypto/modes/asm/ghash-sparcv9.pl | 11
+ crypto/modes/asm/ghash-x86.pl | 9
+ crypto/modes/asm/ghash-x86_64.pl | 11
+ crypto/modes/asm/ghashp8-ppc.pl | 478 +
+ crypto/modes/asm/ghashv8-armx.pl | 9
+ crypto/modes/build.info | 2
+ crypto/modes/cbc128.c | 53
+ crypto/modes/ccm128.c | 52
+ crypto/modes/cfb128.c | 53
+ crypto/modes/ctr128.c | 53
+ crypto/modes/cts128.c | 10
+ crypto/modes/gcm128.c | 52
+ crypto/modes/modes_lcl.h | 10
+ crypto/modes/ocb128.c | 62
+ crypto/modes/ofb128.c | 53
+ crypto/modes/wrap128.c | 55
+ crypto/modes/xts128.c | 52
+ crypto/o_dir.c | 59
+ crypto/o_fips.c | 59
+ crypto/o_fopen.c | 103
+ crypto/o_init.c | 55
+ crypto/o_str.c | 137
+ crypto/o_time.c | 63
+ crypto/objects/Makefile.in | 58
+ crypto/objects/README | 44
+ crypto/objects/o_names.c | 34
+ crypto/objects/obj_dat.c | 110
+ crypto/objects/obj_dat.h |10854 +++++++++++-------------
+ crypto/objects/obj_dat.pl | 486 -
+ crypto/objects/obj_err.c | 69
+ crypto/objects/obj_lcl.h | 9
+ crypto/objects/obj_lib.c | 119
+ crypto/objects/obj_xref.c | 59
+ crypto/objects/obj_xref.h | 13
+ crypto/objects/objects.README | 44
+ crypto/objects/objects.pl | 73
+ crypto/objects/objxref.pl | 22
+ crypto/ocsp/Makefile.in | 46
+ crypto/ocsp/ocsp_asn.c | 60
+ crypto/ocsp/ocsp_cl.c | 96
+ crypto/ocsp/ocsp_err.c | 76
+ crypto/ocsp/ocsp_ext.c | 70
+ crypto/ocsp/ocsp_ht.c | 59
+ crypto/ocsp/ocsp_lcl.h | 66
+ crypto/ocsp/ocsp_lib.c | 67
+ crypto/ocsp/ocsp_prn.c | 85
+ crypto/ocsp/ocsp_srv.c | 60
+ crypto/ocsp/ocsp_vfy.c | 60
+ crypto/ocsp/v3_ocsp.c | 59
+ crypto/pariscid.pl | 40
+ crypto/pem/Makefile.in | 46
+ crypto/pem/message | 16
+ crypto/pem/pem_all.c | 113
+ crypto/pem/pem_err.c | 74
+ crypto/pem/pem_info.c | 60
+ crypto/pem/pem_lib.c | 261
+ crypto/pem/pem_oth.c | 61
+ crypto/pem/pem_pk8.c | 61
+ crypto/pem/pem_pkey.c | 72
+ crypto/pem/pem_sign.c | 61
+ crypto/pem/pem_x509.c | 59
+ crypto/pem/pem_xaux.c | 59
+ crypto/pem/pkcs7.lis | 22
+ crypto/pem/pvkfmt.c | 109
+ crypto/perlasm/README | 124
+ crypto/perlasm/arm-xlate.pl | 12
+ crypto/perlasm/cbc.pl | 9
+ crypto/perlasm/ppc-xlate.pl | 10
+ crypto/perlasm/readme | 124
+ crypto/perlasm/sparcv9_modes.pl | 13
+ crypto/perlasm/x86_64-xlate.pl | 289
+ crypto/perlasm/x86asm.pl | 14
+ crypto/perlasm/x86gas.pl | 9
+ crypto/perlasm/x86masm.pl | 9
+ crypto/perlasm/x86nasm.pl | 9
+ crypto/pkcs12/Makefile.in | 49
+ crypto/pkcs12/p12_add.c | 59
+ crypto/pkcs12/p12_asn.c | 59
+ crypto/pkcs12/p12_attr.c | 59
+ crypto/pkcs12/p12_crpt.c | 59
+ crypto/pkcs12/p12_crt.c | 65
+ crypto/pkcs12/p12_decr.c | 59
+ crypto/pkcs12/p12_init.c | 59
+ crypto/pkcs12/p12_key.c | 63
+ crypto/pkcs12/p12_kiss.c | 59
+ crypto/pkcs12/p12_lcl.h | 59
+ crypto/pkcs12/p12_mutl.c | 59
+ crypto/pkcs12/p12_npas.c | 152
+ crypto/pkcs12/p12_p8d.c | 59
+ crypto/pkcs12/p12_p8e.c | 59
+ crypto/pkcs12/p12_sbag.c | 60
+ crypto/pkcs12/p12_utl.c | 59
+ crypto/pkcs12/pk12err.c | 77
+ crypto/pkcs7/Makefile.in | 50
+ crypto/pkcs7/bio_pk7.c | 55
+ crypto/pkcs7/pk7_asn1.c | 59
+ crypto/pkcs7/pk7_attr.c | 80
+ crypto/pkcs7/pk7_dgst.c | 61
+ crypto/pkcs7/pk7_doit.c | 66
+ crypto/pkcs7/pk7_enc.c | 61
+ crypto/pkcs7/pk7_lib.c | 60
+ crypto/pkcs7/pk7_mime.c | 56
+ crypto/pkcs7/pk7_smime.c | 59
+ crypto/pkcs7/pkcs7err.c | 107
+ crypto/poly1305/Makefile.in | 61
+ crypto/poly1305/asm/poly1305-armv4.pl | 66
+ crypto/poly1305/asm/poly1305-armv8.pl | 41
+ crypto/poly1305/asm/poly1305-c64xplus.pl | 9
+ crypto/poly1305/asm/poly1305-mips.pl | 425
+ crypto/poly1305/asm/poly1305-ppc.pl | 9
+ crypto/poly1305/asm/poly1305-ppcfp.pl | 9
+ crypto/poly1305/asm/poly1305-s390x.pl | 9
+ crypto/poly1305/asm/poly1305-sparcv9.pl | 30
+ crypto/poly1305/asm/poly1305-x86.pl | 14
+ crypto/poly1305/asm/poly1305-x86_64.pl | 25
+ crypto/poly1305/build.info | 1
+ crypto/poly1305/poly1305.c | 62
+ crypto/poly1305/poly1305_ieee754.c | 10
+ crypto/ppc_arch.h | 13
+ crypto/ppccap.c | 16
+ crypto/ppccpuid.pl | 35
+ crypto/rand/Makefile.in | 45
+ crypto/rand/md_rand.c | 155
+ crypto/rand/rand_egd.c | 58
+ crypto/rand/rand_err.c | 80
+ crypto/rand/rand_lcl.h | 113
+ crypto/rand/rand_lib.c | 60
+ crypto/rand/rand_unix.c | 116
+ crypto/rand/rand_vms.c | 59
+ crypto/rand/rand_win.c | 696 -
+ crypto/rand/randfile.c | 247
+ crypto/rc2/Makefile.in | 43
+ crypto/rc2/rc2_cbc.c | 60
+ crypto/rc2/rc2_ecb.c | 60
+ crypto/rc2/rc2_locl.h | 60
+ crypto/rc2/rc2_skey.c | 60
+ crypto/rc2/rc2cfb64.c | 60
+ crypto/rc2/rc2ofb64.c | 60
+ crypto/rc2/rrc2.doc | 219
+ crypto/rc2/tab.c | 9
+ crypto/rc2/version | 22
+ crypto/rc4/Makefile.in | 71
+ crypto/rc4/asm/rc4-586.pl | 9
+ crypto/rc4/asm/rc4-c64xplus.pl | 9
+ crypto/rc4/asm/rc4-ia64.pl | 9
+ crypto/rc4/asm/rc4-md5-x86_64.pl | 11
+ crypto/rc4/asm/rc4-parisc.pl | 9
+ crypto/rc4/asm/rc4-s390x.pl | 9
+ crypto/rc4/asm/rc4-x86_64.pl | 11
+ crypto/rc4/rc4_enc.c | 60
+ crypto/rc4/rc4_locl.h | 9
+ crypto/rc4/rc4_skey.c | 60
+ crypto/rc5/Makefile.in | 51
+ crypto/rc5/asm/rc5-586.pl | 9
+ crypto/rc5/rc5_ecb.c | 60
+ crypto/rc5/rc5_enc.c | 60
+ crypto/rc5/rc5_locl.h | 60
+ crypto/rc5/rc5_skey.c | 60
+ crypto/rc5/rc5cfb64.c | 60
+ crypto/rc5/rc5ofb64.c | 60
+ crypto/rc5/rc5s.cpp | 70
+ crypto/ripemd/Makefile.in | 51
+ crypto/ripemd/asm/rmd-586.pl | 9
+ crypto/ripemd/rmd_dgst.c | 60
+ crypto/ripemd/rmd_locl.h | 62
+ crypto/ripemd/rmd_one.c | 60
+ crypto/ripemd/rmdconst.h | 61
+ crypto/rsa/Makefile.in | 49
+ crypto/rsa/rsa_ameth.c | 64
+ crypto/rsa/rsa_asn1.c | 59
+ crypto/rsa/rsa_chk.c | 52
+ crypto/rsa/rsa_crpt.c | 81
+ crypto/rsa/rsa_depr.c | 57
+ crypto/rsa/rsa_err.c | 102
+ crypto/rsa/rsa_gen.c | 121
+ crypto/rsa/rsa_lib.c | 228
+ crypto/rsa/rsa_locl.h | 7
+ crypto/rsa/rsa_meth.c | 33
+ crypto/rsa/rsa_none.c | 61
+ crypto/rsa/rsa_null.c | 60
+ crypto/rsa/rsa_oaep.c | 8
+ crypto/rsa/rsa_ossl.c | 310
+ crypto/rsa/rsa_pk1.c | 62
+ crypto/rsa/rsa_pmeth.c | 59
+ crypto/rsa/rsa_prn.c | 59
+ crypto/rsa/rsa_pss.c | 59
+ crypto/rsa/rsa_saos.c | 60
+ crypto/rsa/rsa_sign.c | 60
+ crypto/rsa/rsa_ssl.c | 60
+ crypto/rsa/rsa_x931.c | 60
+ crypto/rsa/rsa_x931g.c | 60
+ crypto/s390xcap.c | 9
+ crypto/s390xcpuid.S | 77
+ crypto/seed/Makefile.in | 44
+ crypto/seed/seed.c | 9
+ crypto/seed/seed_cbc.c | 53
+ crypto/seed/seed_cfb.c | 109
+ crypto/seed/seed_ecb.c | 53
+ crypto/seed/seed_locl.h | 9
+ crypto/seed/seed_ofb.c | 109
+ crypto/sha/Makefile.in | 106
+ crypto/sha/asm/README | 1
+ crypto/sha/asm/sha1-586.pl | 9
+ crypto/sha/asm/sha1-alpha.pl | 11
+ crypto/sha/asm/sha1-armv4-large.pl | 9
+ crypto/sha/asm/sha1-armv8.pl | 9
+ crypto/sha/asm/sha1-c64xplus.pl | 9
+ crypto/sha/asm/sha1-ia64.pl | 9
+ crypto/sha/asm/sha1-mb-x86_64.pl | 11
+ crypto/sha/asm/sha1-mips.pl | 11
+ crypto/sha/asm/sha1-parisc.pl | 9
+ crypto/sha/asm/sha1-ppc.pl | 9
+ crypto/sha/asm/sha1-s390x.pl | 16
+ crypto/sha/asm/sha1-sparcv9.pl | 9
+ crypto/sha/asm/sha1-sparcv9a.pl | 9
+ crypto/sha/asm/sha1-thumb.pl | 9
+ crypto/sha/asm/sha1-x86_64.pl | 11
+ crypto/sha/asm/sha256-586.pl | 9
+ crypto/sha/asm/sha256-armv4.pl | 9
+ crypto/sha/asm/sha256-c64xplus.pl | 9
+ crypto/sha/asm/sha256-mb-x86_64.pl | 11
+ crypto/sha/asm/sha512-586.pl | 9
+ crypto/sha/asm/sha512-armv4.pl | 9
+ crypto/sha/asm/sha512-armv8.pl | 9
+ crypto/sha/asm/sha512-c64xplus.pl | 9
+ crypto/sha/asm/sha512-ia64.pl | 9
+ crypto/sha/asm/sha512-mips.pl | 15
+ crypto/sha/asm/sha512-parisc.pl | 9
+ crypto/sha/asm/sha512-ppc.pl | 9
+ crypto/sha/asm/sha512-s390x.pl | 16
+ crypto/sha/asm/sha512-sparcv9.pl | 9
+ crypto/sha/asm/sha512-x86_64.pl | 11
+ crypto/sha/asm/sha512p8-ppc.pl | 9
+ crypto/sha/build.info | 2
+ crypto/sha/sha1_one.c | 60
+ crypto/sha/sha1dgst.c | 60
+ crypto/sha/sha256.c | 12
+ crypto/sha/sha512.c | 12
+ crypto/sha/sha_locl.h | 60
+ crypto/sparc_arch.h | 19
+ crypto/sparccpuid.S | 49
+ crypto/sparcv9cap.c | 47
+ crypto/srp/Makefile.in | 39
+ crypto/srp/srp_lib.c | 170
+ crypto/srp/srp_vfy.c | 88
+ crypto/stack/Makefile.in | 43
+ crypto/stack/stack.c | 205
+ crypto/threads_none.c | 53
+ crypto/threads_pthread.c | 53
+ crypto/threads_win.c | 84
+ crypto/ts/Makefile.in | 53
+ crypto/ts/ts_asn1.c | 58
+ crypto/ts/ts_conf.c | 59
+ crypto/ts/ts_err.c | 70
+ crypto/ts/ts_lcl.h | 60
+ crypto/ts/ts_lib.c | 64
+ crypto/ts/ts_req_print.c | 59
+ crypto/ts/ts_req_utils.c | 59
+ crypto/ts/ts_rsp_print.c | 59
+ crypto/ts/ts_rsp_sign.c | 65
+ crypto/ts/ts_rsp_utils.c | 59
+ crypto/ts/ts_rsp_verify.c | 84
+ crypto/ts/ts_verify_ctx.c | 59
+ crypto/txt_db/Makefile.in | 43
+ crypto/txt_db/txt_db.c | 64
+ crypto/ui/Makefile.in | 43
+ crypto/ui/ui_err.c | 69
+ crypto/ui/ui_lib.c | 82
+ crypto/ui/ui_locl.h | 59
+ crypto/ui/ui_openssl.c | 118
+ crypto/ui/ui_util.c | 57
+ crypto/uid.c | 57
+ crypto/vms_rms.h | 8
+ crypto/whrlpool/Makefile.in | 56
+ crypto/whrlpool/asm/wp-mmx.pl | 9
+ crypto/whrlpool/asm/wp-x86_64.pl | 11
+ crypto/whrlpool/wp_block.c | 9
+ crypto/whrlpool/wp_dgst.c | 12
+ crypto/whrlpool/wp_locl.h | 9
+ crypto/x509/Makefile.in | 57
+ crypto/x509/by_dir.c | 65
+ crypto/x509/by_file.c | 60
+ crypto/x509/t_crl.c | 59
+ crypto/x509/t_req.c | 64
+ crypto/x509/t_x509.c | 60
+ crypto/x509/x509_att.c | 76
+ crypto/x509/x509_cmp.c | 73
+ crypto/x509/x509_d2.c | 60
+ crypto/x509/x509_def.c | 60
+ crypto/x509/x509_err.c | 73
+ crypto/x509/x509_ext.c | 96
+ crypto/x509/x509_lcl.h | 76
+ crypto/x509/x509_lu.c | 438
+ crypto/x509/x509_obj.c | 87
+ crypto/x509/x509_r2x.c | 60
+ crypto/x509/x509_req.c | 60
+ crypto/x509/x509_set.c | 70
+ crypto/x509/x509_trs.c | 82
+ crypto/x509/x509_txt.c | 68
+ crypto/x509/x509_v3.c | 64
+ crypto/x509/x509_vfy.c | 360
+ crypto/x509/x509_vpm.c | 71
+ crypto/x509/x509cset.c | 71
+ crypto/x509/x509name.c | 68
+ crypto/x509/x509rset.c | 60
+ crypto/x509/x509spki.c | 59
+ crypto/x509/x509type.c | 60
+ crypto/x509/x_all.c | 60
+ crypto/x509/x_attrib.c | 60
+ crypto/x509/x_crl.c | 60
+ crypto/x509/x_exten.c | 59
+ crypto/x509/x_name.c | 104
+ crypto/x509/x_pubkey.c | 60
+ crypto/x509/x_req.c | 60
+ crypto/x509/x_x509.c | 130
+ crypto/x509/x_x509a.c | 61
+ crypto/x509v3/Makefile.in | 53
+ crypto/x509v3/ext_dat.h | 63
+ crypto/x509v3/pcy_cache.c | 62
+ crypto/x509v3/pcy_data.c | 63
+ crypto/x509v3/pcy_int.h | 61
+ crypto/x509v3/pcy_lib.c | 59
+ crypto/x509v3/pcy_map.c | 59
+ crypto/x509v3/pcy_node.c | 59
+ crypto/x509v3/pcy_tree.c | 61
+ crypto/x509v3/tabtest.c | 59
+ crypto/x509v3/v3_addr.c | 69
+ crypto/x509v3/v3_akey.c | 63
+ crypto/x509v3/v3_akeya.c | 59
+ crypto/x509v3/v3_alt.c | 71
+ crypto/x509v3/v3_asid.c | 58
+ crypto/x509v3/v3_bcons.c | 59
+ crypto/x509v3/v3_bitst.c | 59
+ crypto/x509v3/v3_conf.c | 128
+ crypto/x509v3/v3_cpols.c | 65
+ crypto/x509v3/v3_crld.c | 65
+ crypto/x509v3/v3_enum.c | 59
+ crypto/x509v3/v3_extku.c | 59
+ crypto/x509v3/v3_genn.c | 59
+ crypto/x509v3/v3_ia5.c | 68
+ crypto/x509v3/v3_info.c | 59
+ crypto/x509v3/v3_int.c | 61
+ crypto/x509v3/v3_lib.c | 62
+ crypto/x509v3/v3_ncons.c | 109
+ crypto/x509v3/v3_pci.c | 9
+ crypto/x509v3/v3_pcia.c | 9
+ crypto/x509v3/v3_pcons.c | 59
+ crypto/x509v3/v3_pku.c | 59
+ crypto/x509v3/v3_pmaps.c | 80
+ crypto/x509v3/v3_prn.c | 62
+ crypto/x509v3/v3_purp.c | 117
+ crypto/x509v3/v3_skey.c | 59
+ crypto/x509v3/v3_sxnet.c | 69
+ crypto/x509v3/v3_tlsf.c | 60
+ crypto/x509v3/v3_utl.c | 78
+ crypto/x509v3/v3conf.c | 59
+ crypto/x509v3/v3err.c | 78
+ crypto/x509v3/v3prin.c | 59
+ crypto/x86_64cpuid.pl | 106
+ crypto/x86cpuid.pl | 86
+ demos/bio/Makefile.in | 23
+ demos/bio/client-arg.c | 9
+ demos/bio/client-conf.c | 9
+ demos/bio/saccept.c | 9
+ demos/bio/sconnect.c | 9
+ demos/bio/server-arg.c | 9
+ demos/bio/server-cmod.c | 9
+ demos/bio/server-conf.c | 9
+ demos/cms/cms_comp.c | 9
+ demos/cms/cms_ddec.c | 9
+ demos/cms/cms_dec.c | 9
+ demos/cms/cms_denc.c | 9
+ demos/cms/cms_enc.c | 9
+ demos/cms/cms_sign.c | 9
+ demos/cms/cms_sign2.c | 9
+ demos/cms/cms_uncomp.c | 9
+ demos/cms/cms_ver.c | 9
+ demos/evp/aesccm.c | 9
+ demos/evp/aesgcm.c | 9
+ demos/pkcs12/pkread.c | 8
+ demos/pkcs12/pkwrite.c | 8
+ demos/smime/smdec.c | 9
+ demos/smime/smenc.c | 9
+ demos/smime/smsign.c | 9
+ demos/smime/smsign2.c | 9
+ demos/smime/smver.c | 9
+ doc/HOWTO/proxy_certificates.txt | 221
+ doc/apps/CA.pl.pod | 16
+ doc/apps/asn1parse.pod | 39
+ doc/apps/ca.pod | 48
+ doc/apps/ciphers.pod | 44
+ doc/apps/cms.pod | 68
+ doc/apps/config.pod | 32
+ doc/apps/crl.pod | 11
+ doc/apps/crl2pkcs7.pod | 15
+ doc/apps/dgst.pod | 15
+ doc/apps/dhparam.pod | 16
+ doc/apps/dsa.pod | 13
+ doc/apps/dsaparam.pod | 11
+ doc/apps/ec.pod | 21
+ doc/apps/ecparam.pod | 19
+ doc/apps/enc.pod | 34
+ doc/apps/engine.pod | 13
+ doc/apps/errstr.pod | 17
+ doc/apps/gendsa.pod | 9
+ doc/apps/genpkey.pod | 28
+ doc/apps/genrsa.pod | 10
+ doc/apps/nseq.pod | 11
+ doc/apps/ocsp.pod | 62
+ doc/apps/openssl.pod | 35
+ doc/apps/passwd.pod | 9
+ doc/apps/pkcs12.pod | 13
+ doc/apps/pkcs7.pod | 13
+ doc/apps/pkcs8.pod | 125
+ doc/apps/pkey.pod | 25
+ doc/apps/pkeyparam.pod | 14
+ doc/apps/pkeyutl.pod | 19
+ doc/apps/rand.pod | 9
+ doc/apps/rehash.pod | 11
+ doc/apps/req.pod | 106
+ doc/apps/rsa.pod | 18
+ doc/apps/rsautl.pod | 45
+ doc/apps/s_client.pod | 19
+ doc/apps/s_server.pod | 17
+ doc/apps/s_time.pod | 10
+ doc/apps/sess_id.pod | 14
+ doc/apps/smime.pod | 46
+ doc/apps/speed.pod | 9
+ doc/apps/spkac.pod | 9
+ doc/apps/ts.pod | 27
+ doc/apps/tsget.pod | 41
+ doc/apps/verify.pod | 293
+ doc/apps/version.pod | 9
+ doc/apps/x509.pod | 58
+ doc/apps/x509v3_config.pod | 38
+ doc/crypto/ASN1_INTEGER_get_int64.pod | 10
+ doc/crypto/ASN1_OBJECT_new.pod | 9
+ doc/crypto/ASN1_STRING_length.pod | 19
+ doc/crypto/ASN1_STRING_new.pod | 9
+ doc/crypto/ASN1_STRING_print_ex.pod | 15
+ doc/crypto/ASN1_TIME_set.pod | 13
+ doc/crypto/ASN1_TYPE_get.pod | 11
+ doc/crypto/ASN1_generate_nconf.pod | 23
+ doc/crypto/ASYNC_WAIT_CTX_new.pod | 20
+ doc/crypto/ASYNC_start_job.pod | 31
+ doc/crypto/BF_encrypt.pod | 117
+ doc/crypto/BIO_ADDR.pod | 11
+ doc/crypto/BIO_ADDRINFO.pod | 18
+ doc/crypto/BIO_connect.pod | 11
+ doc/crypto/BIO_ctrl.pod | 33
+ doc/crypto/BIO_f_base64.pod | 21
+ doc/crypto/BIO_f_buffer.pod | 33
+ doc/crypto/BIO_f_cipher.pod | 21
+ doc/crypto/BIO_f_md.pod | 43
+ doc/crypto/BIO_f_null.pod | 13
+ doc/crypto/BIO_f_ssl.pod | 197
+ doc/crypto/BIO_find_type.pod | 64
+ doc/crypto/BIO_get_data.pod | 9
+ doc/crypto/BIO_get_ex_new_index.pod | 41
+ doc/crypto/BIO_meth_new.pod | 15
+ doc/crypto/BIO_new.pod | 41
+ doc/crypto/BIO_new_CMS.pod | 11
+ doc/crypto/BIO_parse_hostserv.pod | 22
+ doc/crypto/BIO_push.pod | 13
+ doc/crypto/BIO_read.pod | 19
+ doc/crypto/BIO_s_accept.pod | 56
+ doc/crypto/BIO_s_bio.pod | 39
+ doc/crypto/BIO_s_connect.pod | 37
+ doc/crypto/BIO_s_fd.pod | 37
+ doc/crypto/BIO_s_file.pod | 29
+ doc/crypto/BIO_s_mem.pod | 29
+ doc/crypto/BIO_s_null.pod | 13
+ doc/crypto/BIO_s_socket.pod | 27
+ doc/crypto/BIO_set_callback.pod | 61
+ doc/crypto/BIO_should_retry.pod | 34
+ doc/crypto/BN_BLINDING_new.pod | 33
+ doc/crypto/BN_CTX_new.pod | 11
+ doc/crypto/BN_CTX_start.pod | 9
+ doc/crypto/BN_add.pod | 9
+ doc/crypto/BN_add_word.pod | 9
+ doc/crypto/BN_bn2bin.pod | 26
+ doc/crypto/BN_cmp.pod | 9
+ doc/crypto/BN_copy.pod | 9
+ doc/crypto/BN_generate_prime.pod | 17
+ doc/crypto/BN_mod_inverse.pod | 9
+ doc/crypto/BN_mod_mul_montgomery.pod | 31
+ doc/crypto/BN_mod_mul_reciprocal.pod | 36
+ doc/crypto/BN_new.pod | 20
+ doc/crypto/BN_num_bytes.pod | 9
+ doc/crypto/BN_rand.pod | 9
+ doc/crypto/BN_set_bit.pod | 9
+ doc/crypto/BN_swap.pod | 9
+ doc/crypto/BN_zero.pod | 9
+ doc/crypto/BUF_MEM_new.pod | 77
+ doc/crypto/CMS_add0_cert.pod | 13
+ doc/crypto/CMS_add1_recipient_cert.pod | 11
+ doc/crypto/CMS_add1_signer.pod | 15
+ doc/crypto/CMS_compress.pod | 9
+ doc/crypto/CMS_decrypt.pod | 11
+ doc/crypto/CMS_encrypt.pod | 13
+ doc/crypto/CMS_final.pod | 13
+ doc/crypto/CMS_get0_RecipientInfos.pod | 18
+ doc/crypto/CMS_get0_SignerInfos.pod | 16
+ doc/crypto/CMS_get0_type.pod | 13
+ doc/crypto/CMS_get1_ReceiptRequest.pod | 13
+ doc/crypto/CMS_sign.pod | 13
+ doc/crypto/CMS_sign_receipt.pod | 11
+ doc/crypto/CMS_uncompress.pod | 11
+ doc/crypto/CMS_verify.pod | 17
+ doc/crypto/CMS_verify_receipt.pod | 13
+ doc/crypto/CONF_modules_free.pod | 13
+ doc/crypto/CONF_modules_load_file.pod | 15
+ doc/crypto/CRYPTO_THREAD_run_once.pod | 163
+ doc/crypto/CRYPTO_get_ex_new_index.pod | 24
+ doc/crypto/DEFINE_STACK_OF.pod | 233
+ doc/crypto/DES_random_key.pod | 310
+ doc/crypto/DH_generate_key.pod | 9
+ doc/crypto/DH_generate_parameters.pod | 60
+ doc/crypto/DH_get0_pqg.pod | 26
+ doc/crypto/DH_get_1024_160.pod | 74
+ doc/crypto/DH_meth_new.pod | 12
+ doc/crypto/DH_new.pod | 9
+ doc/crypto/DH_set_method.pod | 10
+ doc/crypto/DH_size.pod | 9
+ doc/crypto/DSA_SIG_new.pod | 25
+ doc/crypto/DSA_do_sign.pod | 11
+ doc/crypto/DSA_dup_DH.pod | 9
+ doc/crypto/DSA_generate_key.pod | 9
+ doc/crypto/DSA_generate_parameters.pod | 15
+ doc/crypto/DSA_get0_pqg.pod | 26
+ doc/crypto/DSA_meth_new.pod | 11
+ doc/crypto/DSA_new.pod | 9
+ doc/crypto/DSA_set_method.pod | 12
+ doc/crypto/DSA_sign.pod | 19
+ doc/crypto/DSA_size.pod | 9
+ doc/crypto/ECDSA_SIG_new.pod | 207
+ doc/crypto/ECPKParameters_print.pod | 44
+ doc/crypto/EC_GFp_simple_method.pod | 11
+ doc/crypto/EC_GROUP_copy.pod | 47
+ doc/crypto/EC_GROUP_new.pod | 23
+ doc/crypto/EC_KEY_get_enc_flags.pod | 59
+ doc/crypto/EC_KEY_new.pod | 17
+ doc/crypto/EC_POINT_add.pod | 12
+ doc/crypto/EC_POINT_new.pod | 33
+ doc/crypto/ENGINE_add.pod | 611 +
+ doc/crypto/ERR_GET_LIB.pod | 9
+ doc/crypto/ERR_clear_error.pod | 9
+ doc/crypto/ERR_error_string.pod | 9
+ doc/crypto/ERR_get_error.pod | 9
+ doc/crypto/ERR_load_crypto_strings.pod | 11
+ doc/crypto/ERR_load_strings.pod | 12
+ doc/crypto/ERR_print_errors.pod | 18
+ doc/crypto/ERR_put_error.pod | 37
+ doc/crypto/ERR_remove_state.pod | 44
+ doc/crypto/ERR_set_mark.pod | 9
+ doc/crypto/EVP_BytesToKey.pod | 19
+ doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod | 9
+ doc/crypto/EVP_CIPHER_meth_new.pod | 60
+ doc/crypto/EVP_DigestInit.pod | 38
+ doc/crypto/EVP_DigestSignInit.pod | 15
+ doc/crypto/EVP_DigestVerifyInit.pod | 15
+ doc/crypto/EVP_EncodeInit.pod | 162
+ doc/crypto/EVP_EncryptInit.pod | 223
+ doc/crypto/EVP_MD_meth_new.pod | 22
+ doc/crypto/EVP_OpenInit.pod | 15
+ doc/crypto/EVP_PKEY_CTX_ctrl.pod | 16
+ doc/crypto/EVP_PKEY_CTX_new.pod | 11
+ doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod | 128
+ doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md | 108
+ doc/crypto/EVP_PKEY_HKDF.pod | 119
+ doc/crypto/EVP_PKEY_TLS1_PRF.pod | 99
+ doc/crypto/EVP_PKEY_cmp.pod | 18
+ doc/crypto/EVP_PKEY_decrypt.pod | 31
+ doc/crypto/EVP_PKEY_derive.pod | 25
+ doc/crypto/EVP_PKEY_encrypt.pod | 35
+ doc/crypto/EVP_PKEY_get_default_digest.pod | 41
+ doc/crypto/EVP_PKEY_get_default_digest_nid.pod | 50
+ doc/crypto/EVP_PKEY_keygen.pod | 58
+ doc/crypto/EVP_PKEY_new.pod | 15
+ doc/crypto/EVP_PKEY_print_private.pod | 21
+ doc/crypto/EVP_PKEY_set1_RSA.pod | 40
+ doc/crypto/EVP_PKEY_sign.pod | 31
+ doc/crypto/EVP_PKEY_verify.pod | 25
+ doc/crypto/EVP_PKEY_verify_recover.pod | 35
+ doc/crypto/EVP_SealInit.pod | 13
+ doc/crypto/EVP_SignInit.pod | 16
+ doc/crypto/EVP_VerifyInit.pod | 19
+ doc/crypto/HMAC.pod | 151
+ doc/crypto/MD5.pod | 101
+ doc/crypto/MDC2_Init.pod | 68
+ doc/crypto/OBJ_nid2obj.pod | 56
+ doc/crypto/OCSP_REQUEST_new.pod | 13
+ doc/crypto/OCSP_cert_to_id.pod | 13
+ doc/crypto/OCSP_request_add1_nonce.pod | 13
+ doc/crypto/OCSP_resp_find_status.pod | 136
+ doc/crypto/OCSP_response_find_status.pod | 109
+ doc/crypto/OCSP_response_status.pod | 15
+ doc/crypto/OCSP_sendreq_new.pod | 9
+ doc/crypto/OPENSSL_Applink.pod | 12
+ doc/crypto/OPENSSL_LH_COMPFUNC.pod | 239
+ doc/crypto/OPENSSL_LH_stats.pod | 64
+ doc/crypto/OPENSSL_VERSION_NUMBER.pod | 9
+ doc/crypto/OPENSSL_config.pod | 20
+ doc/crypto/OPENSSL_ia32cap.pod | 110
+ doc/crypto/OPENSSL_init_crypto.pod | 42
+ doc/crypto/OPENSSL_instrument_bus.pod | 19
+ doc/crypto/OPENSSL_load_builtin_modules.pod | 15
+ doc/crypto/OPENSSL_malloc.pod | 47
+ doc/crypto/OPENSSL_secure_malloc.pod | 41
+ doc/crypto/OpenSSL_add_all_algorithms.pod | 9
+ doc/crypto/PEM_read.pod | 127
+ doc/crypto/PEM_read_CMS.pod | 97
+ doc/crypto/PEM_read_bio_PrivateKey.pod | 481 +
+ doc/crypto/PEM_write_bio_CMS_stream.pod | 13
+ doc/crypto/PEM_write_bio_PKCS7_stream.pod | 12
+ doc/crypto/PKCS12_create.pod | 16
+ doc/crypto/PKCS12_newpass.pod | 103
+ doc/crypto/PKCS12_parse.pod | 9
+ doc/crypto/PKCS5_PBKDF2_HMAC.pod | 15
+ doc/crypto/PKCS7_decrypt.pod | 9
+ doc/crypto/PKCS7_encrypt.pod | 13
+ doc/crypto/PKCS7_sign.pod | 11
+ doc/crypto/PKCS7_sign_add_signer.pod | 15
+ doc/crypto/PKCS7_verify.pod | 15
+ doc/crypto/RAND_add.pod | 36
+ doc/crypto/RAND_bytes.pod | 9
+ doc/crypto/RAND_cleanup.pod | 9
+ doc/crypto/RAND_egd.pod | 9
+ doc/crypto/RAND_load_file.pod | 37
+ doc/crypto/RAND_set_rand_method.pod | 11
+ doc/crypto/RC4_set_key.pod | 66
+ doc/crypto/RIPEMD160_Init.pod | 72
+ doc/crypto/RSA_blinding_on.pod | 9
+ doc/crypto/RSA_check_key.pod | 12
+ doc/crypto/RSA_generate_key.pod | 15
+ doc/crypto/RSA_get0_key.pod | 38
+ doc/crypto/RSA_meth_new.pod | 14
+ doc/crypto/RSA_new.pod | 11
+ doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 9
+ doc/crypto/RSA_print.pod | 11
+ doc/crypto/RSA_private_encrypt.pod | 13
+ doc/crypto/RSA_public_encrypt.pod | 11
+ doc/crypto/RSA_set_method.pod | 51
+ doc/crypto/RSA_sign.pod | 13
+ doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 11
+ doc/crypto/RSA_size.pod | 11
+ doc/crypto/SHA256_Init.pod | 108
+ doc/crypto/SMIME_read_CMS.pod | 11
+ doc/crypto/SMIME_read_PKCS7.pod | 11
+ doc/crypto/SMIME_write_CMS.pod | 11
+ doc/crypto/SMIME_write_PKCS7.pod | 11
+ doc/crypto/UI_new.pod | 186
+ doc/crypto/X509V3_get_d2i.pod | 38
+ doc/crypto/X509_ALGOR_dup.pod | 48
+ doc/crypto/X509_CRL_get0_by_serial.pod | 11
+ doc/crypto/X509_EXTENSION_set_object.pod | 17
+ doc/crypto/X509_LOOKUP_hash_dir.pod | 19
+ doc/crypto/X509_NAME_ENTRY_get_object.pod | 23
+ doc/crypto/X509_NAME_add_entry_by_txt.pod | 31
+ doc/crypto/X509_NAME_get0_der.pod | 40
+ doc/crypto/X509_NAME_get_index_by_NID.pod | 43
+ doc/crypto/X509_NAME_print_ex.pod | 17
+ doc/crypto/X509_PUBKEY.pod | 111
+ doc/crypto/X509_PUBKEY_new.pod | 120
+ doc/crypto/X509_SIG_get0.pod | 32
+ doc/crypto/X509_STORE_CTX_get_error.pod | 59
+ doc/crypto/X509_STORE_CTX_new.pod | 48
+ doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 186
+ doc/crypto/X509_STORE_get0_param.pod | 57
+ doc/crypto/X509_STORE_new.pod | 26
+ doc/crypto/X509_STORE_set_verify_cb_func.pod | 214
+ doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 37
+ doc/crypto/X509_check_ca.pod | 11
+ doc/crypto/X509_check_host.pod | 15
+ doc/crypto/X509_check_issued.pod | 11
+ doc/crypto/X509_dup.pod | 301
+ doc/crypto/X509_get0_signature.pod | 11
+ doc/crypto/X509_get0_uids.pod | 9
+ doc/crypto/X509_get_extension_flags.pod | 51
+ doc/crypto/X509_get_pubkey.pod | 19
+ doc/crypto/X509_get_serialNumber.pod | 11
+ doc/crypto/X509_get_subject_name.pod | 15
+ doc/crypto/X509_get_version.pod | 13
+ doc/crypto/X509_new.pod | 14
+ doc/crypto/X509_sign.pod | 13
+ doc/crypto/X509_verify_cert.pod | 22
+ doc/crypto/X509v3_get_ext_by_NID.pod | 60
+ doc/crypto/bio.pod | 43
+ doc/crypto/blowfish.pod | 108
+ doc/crypto/bn.pod | 188
+ doc/crypto/bn_internal.pod | 238
+ doc/crypto/buffer.pod | 59
+ doc/crypto/crypto.pod | 21
+ doc/crypto/d2i_ASN1_OBJECT.pod | 29
+ doc/crypto/d2i_CMS_ContentInfo.pod | 25
+ doc/crypto/d2i_DHparams.pod | 11
+ doc/crypto/d2i_DSAPublicKey.pod | 91
+ doc/crypto/d2i_ECPKParameters.pod | 84
+ doc/crypto/d2i_ECPrivateKey.pod | 67
+ doc/crypto/d2i_Netscape_RSA.pod | 38
+ doc/crypto/d2i_PKCS8PrivateKey.pod | 52
+ doc/crypto/d2i_PKCS8PrivateKey_bio.pod | 61
+ doc/crypto/d2i_PrivateKey.pod | 71
+ doc/crypto/d2i_RSAPublicKey.pod | 78
+ doc/crypto/d2i_X509.pod | 612 +
+ doc/crypto/d2i_X509_ALGOR.pod | 55
+ doc/crypto/d2i_X509_CRL.pod | 39
+ doc/crypto/d2i_X509_NAME.pod | 45
+ doc/crypto/d2i_X509_REQ.pod | 39
+ doc/crypto/d2i_X509_SIG.pod | 36
+ doc/crypto/des.pod | 320
+ doc/crypto/des_modes.pod | 20
+ doc/crypto/dh.pod | 61
+ doc/crypto/dsa.pod | 109
+ doc/crypto/ec.pod | 198
+ doc/crypto/ecdsa.pod | 189
+ doc/crypto/engine.pod | 566 -
+ doc/crypto/err.pod | 199
+ doc/crypto/evp.pod | 18
+ doc/crypto/hmac.pod | 113
+ doc/crypto/i2d_CMS_bio_stream.pod | 11
+ doc/crypto/i2d_PKCS7_bio_stream.pod | 11
+ doc/crypto/i2d_re_X509_tbs.pod | 79
+ doc/crypto/lh_stats.pod | 54
+ doc/crypto/lhash.pod | 246
+ doc/crypto/md5.pod | 92
+ doc/crypto/mdc2.pod | 59
+ doc/crypto/pem.pod | 458 -
+ doc/crypto/rand.pod | 77
+ doc/crypto/rc4.pod | 57
+ doc/crypto/ripemd.pod | 63
+ doc/crypto/rsa.pod | 103
+ doc/crypto/sha.pod | 99
+ doc/crypto/sk_X509_num.pod | 200
+ doc/crypto/threads.pod | 82
+ doc/crypto/ui.pod | 186
+ doc/crypto/x509.pod | 11
+ doc/ssl/DTLSv1_listen.pod | 11
+ doc/ssl/OPENSSL_init_ssl.pod | 9
+ doc/ssl/SSL_CIPHER_get_name.pod | 15
+ doc/ssl/SSL_COMP_add_compression_method.pod | 11
+ doc/ssl/SSL_CONF_CTX_new.pod | 9
+ doc/ssl/SSL_CONF_CTX_set1_prefix.pod | 11
+ doc/ssl/SSL_CONF_CTX_set_flags.pod | 9
+ doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod | 9
+ doc/ssl/SSL_CONF_cmd.pod | 16
+ doc/ssl/SSL_CONF_cmd_argv.pod | 11
+ doc/ssl/SSL_CTX_add1_chain_cert.pod | 9
+ doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 9
+ doc/ssl/SSL_CTX_add_session.pod | 11
+ doc/ssl/SSL_CTX_config.pod | 11
+ doc/ssl/SSL_CTX_ctrl.pod | 9
+ doc/ssl/SSL_CTX_dane_enable.pod | 114
+ doc/ssl/SSL_CTX_flush_sessions.pod | 13
+ doc/ssl/SSL_CTX_free.pod | 9
+ doc/ssl/SSL_CTX_get0_param.pod | 9
+ doc/ssl/SSL_CTX_get_verify_mode.pod | 9
+ doc/ssl/SSL_CTX_has_client_custom_ext.pod | 9
+ doc/ssl/SSL_CTX_load_verify_locations.pod | 22
+ doc/ssl/SSL_CTX_new.pod | 26
+ doc/ssl/SSL_CTX_sess_number.pod | 9
+ doc/ssl/SSL_CTX_sess_set_cache_size.pod | 9
+ doc/ssl/SSL_CTX_sess_set_get_cb.pod | 17
+ doc/ssl/SSL_CTX_sessions.pod | 9
+ doc/ssl/SSL_CTX_set1_curves.pod | 13
+ doc/ssl/SSL_CTX_set1_sigalgs.pod | 9
+ doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 11
+ doc/ssl/SSL_CTX_set_alpn_select_cb.pod | 12
+ doc/ssl/SSL_CTX_set_cert_cb.pod | 9
+ doc/ssl/SSL_CTX_set_cert_store.pod | 11
+ doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 17
+ doc/ssl/SSL_CTX_set_cipher_list.pod | 9
+ doc/ssl/SSL_CTX_set_client_CA_list.pod | 15
+ doc/ssl/SSL_CTX_set_client_cert_cb.pod | 9
+ doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 40
+ doc/ssl/SSL_CTX_set_ctlog_list_file.pod | 9
+ doc/ssl/SSL_CTX_set_custom_cli_ext.pod | 133
+ doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 43
+ doc/ssl/SSL_CTX_set_generate_session_id.pod | 43
+ doc/ssl/SSL_CTX_set_info_callback.pod | 77
+ doc/ssl/SSL_CTX_set_max_cert_list.pod | 9
+ doc/ssl/SSL_CTX_set_min_proto_version.pod | 11
+ doc/ssl/SSL_CTX_set_mode.pod | 9
+ doc/ssl/SSL_CTX_set_msg_callback.pod | 9
+ doc/ssl/SSL_CTX_set_options.pod | 9
+ doc/ssl/SSL_CTX_set_psk_client_callback.pod | 52
+ doc/ssl/SSL_CTX_set_quiet_shutdown.pod | 9
+ doc/ssl/SSL_CTX_set_read_ahead.pod | 29
+ doc/ssl/SSL_CTX_set_security_level.pod | 23
+ doc/ssl/SSL_CTX_set_session_cache_mode.pod | 11
+ doc/ssl/SSL_CTX_set_session_id_context.pod | 9
+ doc/ssl/SSL_CTX_set_split_send_fragment.pod | 31
+ doc/ssl/SSL_CTX_set_ssl_version.pod | 9
+ doc/ssl/SSL_CTX_set_timeout.pod | 9
+ doc/ssl/SSL_CTX_set_tlsext_status_cb.pod | 71
+ doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 43
+ doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 12
+ doc/ssl/SSL_CTX_set_verify.pod | 17
+ doc/ssl/SSL_CTX_use_certificate.pod | 37
+ doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 49
+ doc/ssl/SSL_CTX_use_serverinfo.pod | 20
+ doc/ssl/SSL_SESSION_free.pod | 9
+ doc/ssl/SSL_SESSION_get0_hostname.pod | 37
+ doc/ssl/SSL_SESSION_get_hostname.pod | 28
+ doc/ssl/SSL_SESSION_get_protocol_version.pod | 44
+ doc/ssl/SSL_SESSION_get_time.pod | 16
+ doc/ssl/SSL_SESSION_has_ticket.pod | 15
+ doc/ssl/SSL_accept.pod | 11
+ doc/ssl/SSL_alert_type_string.pod | 11
+ doc/ssl/SSL_check_chain.pod | 9
+ doc/ssl/SSL_clear.pod | 9
+ doc/ssl/SSL_connect.pod | 11
+ doc/ssl/SSL_do_handshake.pod | 9
+ doc/ssl/SSL_extension_supported.pod | 144
+ doc/ssl/SSL_free.pod | 9
+ doc/ssl/SSL_get0_peer_scts.pod | 9
+ doc/ssl/SSL_get_SSL_CTX.pod | 9
+ doc/ssl/SSL_get_all_async_fds.pod | 19
+ doc/ssl/SSL_get_ciphers.pod | 13
+ doc/ssl/SSL_get_client_CA_list.pod | 11
+ doc/ssl/SSL_get_client_random.pod | 11
+ doc/ssl/SSL_get_current_cipher.pod | 40
+ doc/ssl/SSL_get_default_timeout.pod | 9
+ doc/ssl/SSL_get_error.pod | 25
+ doc/ssl/SSL_get_extms_support.pod | 9
+ doc/ssl/SSL_get_fd.pod | 9
+ doc/ssl/SSL_get_peer_cert_chain.pod | 9
+ doc/ssl/SSL_get_peer_certificate.pod | 9
+ doc/ssl/SSL_get_psk_identity.pod | 41
+ doc/ssl/SSL_get_rbio.pod | 9
+ doc/ssl/SSL_get_session.pod | 9
+ doc/ssl/SSL_get_shared_sigalgs.pod | 11
+ doc/ssl/SSL_get_verify_result.pod | 9
+ doc/ssl/SSL_get_version.pod | 21
+ doc/ssl/SSL_library_init.pod | 17
+ doc/ssl/SSL_load_client_CA_file.pod | 11
+ doc/ssl/SSL_new.pod | 13
+ doc/ssl/SSL_pending.pod | 9
+ doc/ssl/SSL_read.pod | 15
+ doc/ssl/SSL_rstate_string.pod | 9
+ doc/ssl/SSL_session_reused.pod | 9
+ doc/ssl/SSL_set1_host.pod | 16
+ doc/ssl/SSL_set_bio.pod | 11
+ doc/ssl/SSL_set_connect_state.pod | 9
+ doc/ssl/SSL_set_fd.pod | 9
+ doc/ssl/SSL_set_session.pod | 15
+ doc/ssl/SSL_set_shutdown.pod | 9
+ doc/ssl/SSL_set_verify_result.pod | 9
+ doc/ssl/SSL_shutdown.pod | 13
+ doc/ssl/SSL_state_string.pod | 9
+ doc/ssl/SSL_want.pod | 32
+ doc/ssl/SSL_write.pod | 15
+ doc/ssl/d2i_SSL_SESSION.pod | 53
+ doc/ssl/ssl.pod | 63
+ e_os.h | 96
+ engines/Makefile.in | 119
+ engines/afalg/Makefile.in | 75
+ engines/afalg/build.info | 4
+ engines/afalg/e_afalg.c | 84
+ engines/afalg/e_afalg.h | 61
+ engines/afalg/e_afalg_err.c | 57
+ engines/afalg/e_afalg_err.h | 67
+ engines/asm/e_padlock-x86.pl | 9
+ engines/asm/e_padlock-x86_64.pl | 11
+ engines/build.info | 12
+ engines/capierr.bat | 1
+ engines/e_capi.c | 159
+ engines/e_capi_err.c | 57
+ engines/e_capi_err.h | 67
+ engines/e_chil.c | 72
+ engines/e_chil_err.c | 57
+ engines/e_chil_err.h | 69
+ engines/e_dasync.c | 60
+ engines/e_dasync_err.c | 57
+ engines/e_dasync_err.h | 67
+ engines/e_ossltest.c | 53
+ engines/e_ossltest_err.c | 57
+ engines/e_ossltest_err.h | 67
+ engines/e_padlock.c | 70
+ engines/vendor_defns/hwcryptohook.h | 11
+ external/perl/transfer/Text/Template.pm | 7
+ fuzz/README.md | 66
+ fuzz/asn1.c | 208
+ fuzz/asn1parse.c | 33
+ fuzz/bignum.c | 94
+ fuzz/bndiv.c | 107
+ fuzz/build.info | 113
+ fuzz/cms.c | 32
+ fuzz/conf.c | 33
+ fuzz/crl.c | 35
+ fuzz/ct.c | 40
+ fuzz/driver.c | 52
+ fuzz/fuzzer.h | 12
+ fuzz/helper.py | 52
+ fuzz/server.c | 244
+ fuzz/test-corpus.c | 46
+ fuzz/x509.c | 36
+ include/internal/bio.h | 57
+ include/internal/comp.h | 9
+ include/internal/conf.h | 44
+ include/internal/constant_time_locl.h | 48
+ include/internal/dane.h | 65
+ include/internal/dso.h | 80
+ include/internal/err.h | 58
+ include/internal/numbers.h | 57
+ include/internal/o_dir.h | 9
+ include/internal/o_str.h | 61
+ include/internal/thread_once.h | 42
+ include/internal/threads.h | 92
+ include/openssl/__DECC_INCLUDE_EPILOGUE.H | 16
+ include/openssl/__DECC_INCLUDE_PROLOGUE.H | 20
+ include/openssl/__decc_include_epilogue.h | 7
+ include/openssl/__decc_include_prologue.h | 11
+ include/openssl/aes.h | 53
+ include/openssl/asn1.h | 172
+ include/openssl/asn1_mac.h | 10
+ include/openssl/asn1t.h | 71
+ include/openssl/async.h | 68
+ include/openssl/bio.h | 222
+ include/openssl/blowfish.h | 60
+ include/openssl/bn.h | 128
+ include/openssl/buffer.h | 69
+ include/openssl/camellia.h | 53
+ include/openssl/cast.h | 60
+ include/openssl/cmac.h | 58
+ include/openssl/cms.h | 67
+ include/openssl/comp.h | 66
+ include/openssl/conf.h | 71
+ include/openssl/conf_api.h | 60
+ include/openssl/crypto.h | 199
+ include/openssl/ct.h | 95
+ include/openssl/des.h | 72
+ include/openssl/dh.h | 89
+ include/openssl/dsa.h | 117
+ include/openssl/dtls1.h | 59
+ include/openssl/e_os2.h | 73
+ include/openssl/ebcdic.h | 10
+ include/openssl/ec.h | 133
+ include/openssl/ecdh.h | 9
+ include/openssl/ecdsa.h | 9
+ include/openssl/engine.h | 98
+ include/openssl/err.h | 145
+ include/openssl/evp.h | 127
+ include/openssl/hmac.h | 64
+ include/openssl/idea.h | 62
+ include/openssl/kdf.h | 61
+ include/openssl/lhash.h | 202
+ include/openssl/md2.h | 60
+ include/openssl/md4.h | 60
+ include/openssl/md5.h | 60
+ include/openssl/mdc2.h | 61
+ include/openssl/modes.h | 10
+ include/openssl/obj_mac.h | 65
+ include/openssl/objects.h | 69
+ include/openssl/ocsp.h | 228
+ include/openssl/opensslconf.h.in | 7
+ include/openssl/opensslv.h | 15
+ include/openssl/ossl_typ.h | 60
+ include/openssl/pem.h | 86
+ include/openssl/pem2.h | 64
+ include/openssl/pkcs12.h | 86
+ include/openssl/pkcs7.h | 96
+ include/openssl/rand.h | 94
+ include/openssl/rc2.h | 60
+ include/openssl/rc4.h | 60
+ include/openssl/rc5.h | 60
+ include/openssl/ripemd.h | 60
+ include/openssl/rsa.h | 118
+ include/openssl/safestack.h | 156
+ include/openssl/seed.h | 63
+ include/openssl/sha.h | 60
+ include/openssl/srp.h | 94
+ include/openssl/srtp.h | 114
+ include/openssl/ssl.h | 304
+ include/openssl/ssl2.h | 60
+ include/openssl/ssl3.h | 114
+ include/openssl/stack.h | 141
+ include/openssl/symhacks.h | 57
+ include/openssl/tls1.h | 130
+ include/openssl/ts.h | 79
+ include/openssl/txt_db.h | 62
+ include/openssl/ui.h | 98
+ include/openssl/whrlpool.h | 9
+ include/openssl/x509.h | 150
+ include/openssl/x509_vfy.h | 225
+ include/openssl/x509v3.h | 152
+ ms/applink.c | 9
+ ms/cmp.pl | 8
+ ms/segrenam.pl | 8
+ ms/uplink-common.pl | 8
+ ms/uplink-ia64.pl | 8
+ ms/uplink-x86.pl | 8
+ ms/uplink-x86_64.pl | 10
+ ms/uplink.c | 9
+ ms/uplink.h | 9
+ openssl.spec | 210
+ os-dep/haiku.h | 2
+ ssl/Makefile.in | 81
+ ssl/bio_ssl.c | 69
+ ssl/d1_lib.c | 115
+ ssl/d1_msg.c | 117
+ ssl/d1_srtp.c | 131
+ ssl/methods.c | 113
+ ssl/packet_locl.h | 58
+ ssl/pqueue.c | 59
+ ssl/record/dtls1_bitmap.c | 115
+ ssl/record/rec_layer_d1.c | 126
+ ssl/record/rec_layer_s3.c | 161
+ ssl/record/record.h | 122
+ ssl/record/record_locl.h | 121
+ ssl/record/ssl3_buffer.c | 115
+ ssl/record/ssl3_record.c | 167
+ ssl/s3_cbc.c | 65
+ ssl/s3_enc.c | 183
+ ssl/s3_lib.c | 223
+ ssl/s3_msg.c | 115
+ ssl/ssl_asn1.c | 61
+ ssl/ssl_cert.c | 165
+ ssl/ssl_ciph.c | 137
+ ssl/ssl_conf.c | 60
+ ssl/ssl_err.c | 329
+ ssl/ssl_init.c | 78
+ ssl/ssl_lib.c | 507 -
+ ssl/ssl_locl.h | 179
+ ssl/ssl_mcnf.c | 63
+ ssl/ssl_rsa.c | 96
+ ssl/ssl_sess.c | 186
+ ssl/ssl_stat.c | 63
+ ssl/ssl_txt.c | 65
+ ssl/ssl_utst.c | 55
+ ssl/statem/statem.c | 118
+ ssl/statem/statem.h | 59
+ ssl/statem/statem_clnt.c | 1523 +--
+ ssl/statem/statem_dtls.c | 143
+ ssl/statem/statem_lib.c | 171
+ ssl/statem/statem_locl.h | 57
+ ssl/statem/statem_srvr.c | 1436 +--
+ ssl/t1_enc.c | 116
+ ssl/t1_ext.c | 69
+ ssl/t1_lib.c | 260
+ ssl/t1_reneg.c | 114
+ ssl/t1_trce.c | 61
+ ssl/tls_srp.c | 60
+ test/CAss.cnf | 2
+ test/Makefile.in | 410
+ test/README.ssltest.md | 59
+ test/aborttest.c | 7
+ test/afalgtest.c | 67
+ test/asynciotest.c | 308
+ test/asynctest.c | 64
+ test/bftest.c | 62
+ test/bioprinttest.c | 225
+ test/bntest.c | 69
+ test/build.info | 176
+ test/casttest.c | 60
+ test/certs/alt1-cert.pem | 22
+ test/certs/alt1-key.pem | 28
+ test/certs/alt2-cert.pem | 20
+ test/certs/alt2-key.pem | 28
+ test/certs/alt3-cert.pem | 21
+ test/certs/alt3-key.pem | 28
+ test/certs/bad-pc3-cert.pem | 21
+ test/certs/bad-pc3-key.pem | 28
+ test/certs/bad-pc4-cert.pem | 21
+ test/certs/bad-pc4-key.pem | 28
+ test/certs/bad-pc6-cert.pem | 21
+ test/certs/bad-pc6-key.pem | 28
+ test/certs/badalt1-cert.pem | 20
+ test/certs/badalt1-key.pem | 28
+ test/certs/badalt10-cert.pem | 21
+ test/certs/badalt10-key.pem | 28
+ test/certs/badalt2-cert.pem | 20
+ test/certs/badalt2-key.pem | 28
+ test/certs/badalt3-cert.pem | 21
+ test/certs/badalt3-key.pem | 28
+ test/certs/badalt4-cert.pem | 21
+ test/certs/badalt4-key.pem | 28
+ test/certs/badalt5-cert.pem | 20
+ test/certs/badalt5-key.pem | 28
+ test/certs/badalt6-cert.pem | 22
+ test/certs/badalt6-key.pem | 28
+ test/certs/badalt7-cert.pem | 23
+ test/certs/badalt7-key.pem | 28
+ test/certs/badalt8-cert.pem | 21
+ test/certs/badalt8-key.pem | 28
+ test/certs/badalt9-cert.pem | 21
+ test/certs/badalt9-key.pem | 28
+ test/certs/ee-client-chain.pem | 37
+ test/certs/mkcert.sh | 76
+ test/certs/ncca-cert.pem | 21
+ test/certs/ncca-key.pem | 28
+ test/certs/ncca1-cert.pem | 20
+ test/certs/ncca1-key.pem | 28
+ test/certs/ncca2-cert.pem | 20
+ test/certs/ncca2-key.pem | 28
+ test/certs/ncca3-cert.pem | 20
+ test/certs/ncca3-key.pem | 28
+ test/certs/pathlen.pem | 22
+ test/certs/pc1-cert.pem | 20
+ test/certs/pc1-key.pem | 28
+ test/certs/pc2-cert.pem | 21
+ test/certs/pc2-key.pem | 28
+ test/certs/pc5-cert.pem | 21
+ test/certs/pc5-key.pem | 28
+ test/certs/setup.sh | 164
+ test/cipherlist_test.c | 212
+ test/clienthellotest.c | 58
+ test/cms-examples.pl | 56
+ test/constant_time_test.c | 48
+ test/ct_test.c | 200
+ test/d2i_test.c | 123
+ test/danetest.c | 148
+ test/danetest.in | 155
+ test/destest.c | 81
+ test/dhtest.c | 86
+ test/dsatest.c | 69
+ test/dtlsv1listentest.c | 58
+ test/dummytest.c | 57
+ test/ecdhtest.c | 62
+ test/ecdhtest_cavs.h | 13
+ test/ecdsatest.c | 98
+ test/ectest.c | 155
+ test/enginetest.c | 59
+ test/evp_extra_test.c | 71
+ test/evp_test.c | 153
+ test/evptests.txt | 122
+ test/exdatatest.c | 58
+ test/exptest.c | 60
+ test/generate_buildtest.pl | 27
+ test/generate_ssl_tests.pl | 44
+ test/gmdifftest.c | 57
+ test/handshake_helper.c | 518 +
+ test/handshake_helper.h | 28
+ test/heartbeat_test.c | 11
+ test/hmactest.c | 79
+ test/ideatest.c | 60
+ test/igetest.c | 53
+ test/md2test.c | 67
+ test/md4test.c | 66
+ test/md5test.c | 66
+ test/mdc2test.c | 91
+ test/memleaktest.c | 57
+ test/methtest.c | 60
+ test/nptest.c | 66
+ test/p5_crpt2_test.c | 53
+ test/packettest.c | 59
+ test/pbelutest.c | 57
+ test/pkits-test.pl | 56
+ test/r160test.c | 61
+ test/randtest.c | 60
+ test/rc2test.c | 60
+ test/rc4test.c | 60
+ test/rc5test.c | 60
+ test/recipes/01-test_abort.t | 9
+ test/recipes/01-test_ordinals.t | 104
+ test/recipes/01-test_sanity.t | 12
+ test/recipes/01-test_symbol_presence.t | 115
+ test/recipes/02-test_ordinals.t | 58
+ test/recipes/05-test_bf.t | 9
+ test/recipes/05-test_cast.t | 9
+ test/recipes/05-test_des.t | 9
+ test/recipes/05-test_fuzz.t | 40
+ test/recipes/05-test_hmac.t | 9
+ test/recipes/05-test_idea.t | 9
+ test/recipes/05-test_md2.t | 9
+ test/recipes/05-test_md4.t | 9
+ test/recipes/05-test_md5.t | 9
+ test/recipes/05-test_mdc2.t | 9
+ test/recipes/05-test_rand.t | 9
+ test/recipes/05-test_rc2.t | 8
+ test/recipes/05-test_rc4.t | 8
+ test/recipes/05-test_rc5.t | 9
+ test/recipes/05-test_rmd.t | 9
+ test/recipes/05-test_sha1.t | 9
+ test/recipes/05-test_sha256.t | 9
+ test/recipes/05-test_sha512.t | 9
+ test/recipes/05-test_wp.t | 9
+ test/recipes/10-test_bn.t | 13
+ test/recipes/10-test_exp.t | 9
+ test/recipes/15-test_dh.t | 9
+ test/recipes/15-test_dsa.t | 9
+ test/recipes/15-test_ec.t | 9
+ test/recipes/15-test_ecdh.t | 9
+ test/recipes/15-test_ecdsa.t | 9
+ test/recipes/15-test_rsa.t | 9
+ test/recipes/20-test_enc.t | 9
+ test/recipes/25-test_crl.t | 9
+ test/recipes/25-test_d2i.t | 70
+ test/recipes/25-test_gen.t | 44
+ test/recipes/25-test_pkcs7.t | 9
+ test/recipes/25-test_req.t | 43
+ test/recipes/25-test_sid.t | 9
+ test/recipes/25-test_verify.t | 74
+ test/recipes/25-test_x509.t | 15
+ test/recipes/30-test_afalg.t | 57
+ test/recipes/30-test_engine.t | 9
+ test/recipes/30-test_evp.t | 9
+ test/recipes/30-test_evp_extra.t | 9
+ test/recipes/30-test_pbelu.t | 9
+ test/recipes/40-test_rehash.t | 16
+ test/recipes/70-test_asyncio.t | 22
+ test/recipes/70-test_clienthello.t | 9
+ test/recipes/70-test_packet.t | 9
+ test/recipes/70-test_sslcertstatus.t | 70
+ test/recipes/70-test_sslextension.t | 67
+ test/recipes/70-test_sslrecords.t | 140
+ test/recipes/70-test_sslsessiontick.t | 112
+ test/recipes/70-test_sslskewith0p.t | 66
+ test/recipes/70-test_sslvertol.t | 66
+ test/recipes/70-test_tlsextms.t | 81
+ test/recipes/70-test_verify_extra.t | 9
+ test/recipes/80-test_ca.t | 17
+ test/recipes/80-test_cipherlist.t | 26
+ test/recipes/80-test_cms.t | 9
+ test/recipes/80-test_ct.t | 9
+ test/recipes/80-test_dane.t | 9
+ test/recipes/80-test_dtlsv1listen.t | 9
+ test/recipes/80-test_ocsp.t | 9
+ test/recipes/80-test_ssl_new.t | 60
+ test/recipes/80-test_ssl_old.t | 406
+ test/recipes/80-test_ssl_test_ctx.t | 9
+ test/recipes/80-test_tsa.t | 9
+ test/recipes/80-test_x509aux.t | 27
+ test/recipes/90-test_async.t | 9
+ test/recipes/90-test_bioprint.t | 12
+ test/recipes/90-test_constant_time.t | 9
+ test/recipes/90-test_gmdiff.t | 9
+ test/recipes/90-test_heartbeat.t | 9
+ test/recipes/90-test_ige.t | 9
+ test/recipes/90-test_memleak.t | 9
+ test/recipes/90-test_networking.t | 113
+ test/recipes/90-test_np.t | 5
+ test/recipes/90-test_p5_crpt2.t | 9
+ test/recipes/90-test_secmem.t | 9
+ test/recipes/90-test_srp.t | 9
+ test/recipes/90-test_sslapi.t | 22
+ test/recipes/90-test_threads.t | 9
+ test/recipes/90-test_v3name.t | 9
+ test/recipes/bc.pl | 9
+ test/recipes/tconversion.pl | 9
+ test/rmdtest.c | 103
+ test/rsa_test.c | 15
+ test/run_tests.pl | 16
+ test/sanitytest.c | 67
+ test/secmemtest.c | 81
+ test/sha1test.c | 120
+ test/sha256t.c | 81
+ test/sha512t.c | 99
+ test/smime-certs/mksmime-certs.sh | 7
+ test/srptest.c | 9
+ test/ssl-tests/01-simple.conf | 4
+ test/ssl-tests/01-simple.conf.in | 7
+ test/ssl-tests/02-protocol-version.conf | 722 -
+ test/ssl-tests/02-protocol-version.conf.in | 120
+ test/ssl-tests/03-custom_verify.conf | 220
+ test/ssl-tests/03-custom_verify.conf.in | 134
+ test/ssl-tests/04-client_auth.conf | 592 +
+ test/ssl-tests/04-client_auth.conf.in | 125
+ test/ssl-tests/05-sni.conf | 168
+ test/ssl-tests/05-sni.conf.in | 74
+ test/ssl-tests/06-sni-ticket.conf | 631 +
+ test/ssl-tests/06-sni-ticket.conf.in | 86
+ test/ssl-tests/07-dtls-protocol-version.conf | 1820 ++++
+ test/ssl-tests/07-dtls-protocol-version.conf.in | 19
+ test/ssl-tests/08-npn.conf | 362
+ test/ssl-tests/08-npn.conf.in | 165
+ test/ssl-tests/09-alpn.conf | 298
+ test/ssl-tests/09-alpn.conf.in | 136
+ test/ssl-tests/10-resumption.conf | 1336 ++
+ test/ssl-tests/10-resumption.conf.in | 19
+ test/ssl-tests/11-dtls_resumption.conf | 612 +
+ test/ssl-tests/11-dtls_resumption.conf.in | 19
+ test/ssl-tests/protocol_version.pm | 247
+ test/ssl-tests/ssltests_base.pm | 6
+ test/ssl_test.c | 191
+ test/ssl_test.tmpl | 40
+ test/ssl_test_ctx.c | 262
+ test/ssl_test_ctx.h | 95
+ test/ssl_test_ctx_test.c | 115
+ test/ssl_test_ctx_test.conf | 31
+ test/sslapitest.c | 361
+ test/ssltest_old.c | 608 -
+ test/ssltestlib.c | 158
+ test/ssltestlib.h | 21
+ test/test_aesni | 68
+ test/test_padlock | 64
+ test/test_t4 | 70
+ test/testlib/OpenSSL/Test.pm | 86
+ test/testlib/OpenSSL/Test/Simple.pm | 7
+ test/testlib/OpenSSL/Test/Utils.pm | 9
+ test/testutil.c | 78
+ test/testutil.h | 69
+ test/threadstest.c | 57
+ test/times | 113
+ test/v3ext.c | 42
+ test/v3nametest.c | 9
+ test/verify_extra_test.c | 60
+ test/wp_test.c | 24
+ test/x509aux.c | 226
+ tools/Makefile.in | 62
+ tools/build.info | 7
+ tools/c_hash | 9
+ tools/c_info | 12
+ tools/c_issuer | 10
+ tools/c_name | 10
+ tools/c_rehash.in | 10
+ tools/primes.py | 21
+ util/TLSProxy/ClientHello.pm | 56
+ util/TLSProxy/Message.pm | 59
+ util/TLSProxy/NewSessionTicket.pm | 55
+ util/TLSProxy/Proxy.pm | 90
+ util/TLSProxy/Record.pm | 56
+ util/TLSProxy/ServerHello.pm | 56
+ util/TLSProxy/ServerKeyExchange.pm | 56
+ util/ck_errf.pl | 8
+ util/copy-if-different.pl | 78
+ util/copy.pl | 11
+ util/dirname.pl | 18
+ util/dofile.pl | 8
+ util/domd.in | 26
+ util/extract-names.pl | 26
+ util/extract-section.pl | 12
+ util/find-doc-nits.pl | 189
+ util/find-undoc-api.pl | 82
+ util/find-unused-errs | 35
+ util/fipslink.pl | 8
+ util/incore | 10
+ util/indent.pro | 4
+ util/install.sh | 108
+ util/libcrypto.num | 854 -
+ util/libssl.num | 8
+ util/mkbuildinf.pl | 9
+ util/mkdef.pl | 22
+ util/mkdir-p.pl | 18
+ util/mkerr.pl | 189
+ util/mkrc.pl | 9
+ util/openssl-format-source | 8
+ util/perl/OpenSSL/Util/Pod.pm | 158
+ util/perlpath.pl | 35
+ util/process_docs.pl | 235
+ util/selftest.pl | 9
+ util/su-filter.pl | 10
+ util/toutf8.sh | 17
+ util/with_fallback.pm | 7
+ 2090 files changed, 59344 insertions(+), 93505 deletions(-)
+
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+*.der binary
+/fuzz/corpora/** binary
-diff --git a/.gitignore b/.gitignore
-index a6f5bf7..a7ca425 100644
--- a/.gitignore
+++ b/.gitignore
-@@ -31,6 +31,7 @@ Makefile
- /test/test*.pem
- /test/newkey.pem
- /test/*.log
-+/test/buildtest_*
+@@ -1,12 +1,4 @@
+-# Object files
+-*.o
+-*.obj
+-
+-# editor artefacts
+-*.swp
+-.#*
+-\#*#
+-*~
++# Ignore editor artefacts
+ /.dir-locals.el
- # Certificate symbolic links
- *.0
-@@ -38,6 +39,7 @@ Makefile
+ # Top level excludes
+@@ -25,36 +17,18 @@
+ # *all* Makefiles
+ Makefile
+
+-/test/*.ss
+-/test/*.srl
+-/test/.rnd
+-/test/test*.pem
+-/test/newkey.pem
+-/test/*.log
+-
+-# Certificate symbolic links
+-*.0
+-
# Links under apps
/apps/CA.pl
/apps/tsget
+/apps/tsget.pl
/apps/md4.c
+-
+ # Auto generated headers
+ /crypto/buildinf.h
+ /crypto/include/internal/*_conf.h
+ /openssl/include/opensslconf.h
+ /util/domd
-@@ -57,6 +59,22 @@ Makefile
-
+-# Auto generated assembly language source files
+-*.s
+-!/crypto/*/asm/*.s
+-/crypto/arm*.S
+-/crypto/*/*.S
+-*.asm
+-!/crypto/*/asm/*.asm
+-
# Executables
/apps/openssl
-+/fuzz/asn1
-+/fuzz/asn1-test
-+/fuzz/asn1parse
-+/fuzz/asn1parse-test
-+/fuzz/bignum
-+/fuzz/bignum-test
-+/fuzz/bndiv
-+/fuzz/bndiv-test
-+/fuzz/conf
-+/fuzz/conf-test
-+/fuzz/cms
-+/fuzz/cms-test
-+/fuzz/ct
-+/fuzz/ct-test
-+/fuzz/server
-+/fuzz/server-test
/test/sha256t
- /test/sha512t
- /test/gost2814789t
-@@ -71,10 +89,21 @@ Makefile
+@@ -71,30 +45,39 @@ Makefile
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
+-*.so*
+-*.dylib*
+-*.dll*
+-*.exe
+-# Exceptions
+-!/test/bctest
+-!/crypto/des/times/486-50.sol
+/test/ssltest_old
+/test/x509aux
+/test/v3ext
- *.so*
- *.dylib*
- *.dll*
- *.exe
-+*.pyc
-+*.exp
-+*.lib
-+*.pdb
-+*.ilk
-+*.def
-+*.rc
-+*.res
- # Exceptions
- !/test/bctest
- !/crypto/des/times/486-50.sol
-@@ -82,6 +111,7 @@ Makefile
++
++# Certain files that get created by tests on the fly
++/test/*.ss
++/test/*.srl
++/test/.rnd
++/test/test*.pem
++/test/newkey.pem
++/test/*.log
++/test/buildtest_*
++
++# Fuzz stuff.
++# Anything without an extension is an executable on Unix, so we keep files
++# with extensions. And we keep the corpora subddir versioned as well.
++# Anything more generic with extensions that should be ignored will be taken
++# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
++/fuzz/*
++!/fuzz/README*
++!/fuzz/corpora
++!/fuzz/*.*
+
# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
+-/crypto/**/lib
+-/engines/**/lib
+-/ssl/**/lib
+-Makefile.save
+-*.bak
+/tools/c_rehash.pl
- /crypto/**/lib
- /engines/**/lib
- /ssl/**/lib
-@@ -94,7 +124,7 @@ cscope.*
+ /tags
+ /TAGS
+-cscope.*
+-*.d
/crypto.map
/ssl.map
@@ -88,11 +2205,61 @@
/tmp32
/tmp32.dbg
/tmp32dll
-diff --git a/.travis.yml b/.travis.yml
-index f180a44..2232649 100644
+@@ -138,3 +121,51 @@ cscope.*
+ /test/fips_shatest.c
+ /test/fips_test_suite.c
+ /test/shatest.c
++
++##### Generic patterns
++# Auto generated assembly language source files
++*.s
++!/crypto/*/asm/*.s
++/crypto/arm*.S
++/crypto/*/*.S
++*.asm
++!/crypto/*/asm/*.asm
++
++# Object files
++*.o
++*.obj
++
++# editor artefacts
++*.swp
++.#*
++\#*#
++*~
++
++# Certificate symbolic links
++*.0
++
++# All kinds of executables
++*.so
++*.so.*
++*.dylib
++*.dylib.*
++*.dll
++*.dll.*
++*.exe
++*.pyc
++*.exp
++*.lib
++*.pdb
++*.ilk
++*.def
++*.rc
++*.res
++
++# Misc generated stuff
++Makefile.save
++/crypto/**/lib
++/engines/**/lib
++/ssl/**/lib
++*.bak
++cscope.*
++*.d
--- a/.travis.yml
+++ b/.travis.yml
-@@ -23,11 +23,9 @@ compiler:
+@@ -23,11 +23,9 @@ cache: ccache
- gcc
env:
@@ -105,7 +2272,7 @@
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
-@@ -35,16 +33,16 @@ matrix:
+@@ -35,16 +33,16 @@ cache: ccache
include:
- os: linux
compiler: clang-3.6
@@ -114,7 +2281,7 @@
- os: linux
compiler: clang-3.6
- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2 -fno-sanitize=alignment"
-+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -fno-sanitize=alignment"
++ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
- compiler: gcc-5
- env: CONFIG_OPTS="no-shared -fsanitize=address"
@@ -127,7 +2294,7 @@
- os: linux
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic"
-@@ -60,34 +58,24 @@ matrix:
+@@ -60,34 +58,25 @@ cache: ccache
before_script:
- sh .travis-create-release.sh $TRAVIS_OS_NAME
- tar -xvzf _srcdist.tar.gz
@@ -165,10 +2332,11 @@
- cd _build;
- fi
+ - cd _build;
++ - make update
- make
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
-@@ -97,6 +85,10 @@ script:
+@@ -97,6 +86,10 @@ cache: ccache
else
make build_tests;
fi
@@ -179,9 +2347,6 @@
- cd ..
notifications:
-diff --git a/AUTHORS b/AUTHORS
-new file mode 100644
-index 0000000..48211a2
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,21 @@
@@ -206,8 +2371,6 @@
+ Tim Hudson
+ Ulf Möller
+ Viktor Dukhovni
-diff --git a/CHANGES b/CHANGES
-index 477d185..e182b60 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,77 @@
@@ -438,8 +2601,6 @@
[Steve Henson]
*) Fixes and wildcard matching support to hostname and email checking
-diff --git a/CONTRIBUTING b/CONTRIBUTING
-index 3b84ce31..0f11362 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,42 +1,75 @@
@@ -472,21 +2633,23 @@
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag. OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
+-
+-When at all possible, patches should include tests. These can either be
+-added to an existing test, or completely new. Please see test/README for
+-information on the test framework.
+-
+-Our preferred format for patch files is "git format-patch" output. For example
+-to provide a patch file containing the last commit in your local git repository
+-use the following command:
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first. Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
-
--When at all possible, patches should include tests. These can either be
--added to an existing test, or completely new. Please see test/README for
--information on the test framework.
++
+The best way to submit a patch is to make a pull request on GitHub.
+(It is not necessary to send mail to rt at openssl.org to open a ticket!)
+If you think the patch could use feedback from the community, please
+start a thread on openssl-dev.
-
--Our preferred format for patch files is "git format-patch" output. For example
--to provide a patch file containing the last commit in your local git repository
--use the following command:
++
+You can also submit patches by sending it as mail to rt at openssl.org.
+Please include the word "PATCH" and an explanation of what the patch
+does in the subject line. If you do this, our preferred format is "git
@@ -550,11 +2713,20 @@
+ 6. New features or changed functionality must include documentation. Please
+ look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+ our style.
-diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf
-index c28e4e1..515cf00 100644
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
-@@ -185,7 +185,7 @@
+@@ -91,6 +91,10 @@
+ ar => "lib",
+ arflags => "/nologo",
+ aroutflag => "/out:",
++ mt => "mt",
++ mtflags => "-nologo",
++ mtinflag => "-manifest ",
++ mtoutflag => "-outputresource:",
+
+ build_file => "makefile",
+ build_scheme => [ "unified", "windows" ],
+@@ -185,7 +189,7 @@
bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
@@ -563,7 +2735,7 @@
md5_asm_src => "md5-sparcv9.S",
sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
-@@ -203,9 +203,9 @@
+@@ -203,9 +207,9 @@
alpha_asm => {
template => 1,
cpuid_asm_src => "alphacpuid.s",
@@ -576,7 +2748,7 @@
perlasm_scheme => "void"
},
mips32_asm => {
-@@ -217,7 +217,8 @@
+@@ -217,7 +221,8 @@
mips64_asm => {
inherit_from => [ "mips32_asm" ],
template => 1,
@@ -586,7 +2758,7 @@
},
s390x_asm => {
template => 1,
-@@ -244,7 +245,7 @@
+@@ -244,7 +249,7 @@
},
aarch64_asm => {
template => 1,
@@ -595,8 +2767,6 @@
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
bn_asm_src => "bn_asm.c armv8-mont.S",
aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
-diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
-index de591c9..e28fb12 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -9,15 +9,39 @@ sub vc_win64a_info {
@@ -640,7 +2810,15 @@
my $vc_wince_info = {};
sub vc_wince_info {
unless (%$vc_wince_info) {
-@@ -279,44 +303,16 @@ sub vms_info {
+@@ -82,6 +106,7 @@ sub vms_info {
+ my $pointer_size_str = $pointer_size == 0 ? "" : "$pointer_size";
+
+ $vms_info->{disable_warns} = [ ];
++ $vms_info->{pointer_size} = $pointer_size_str;
+ if ($pointer_size == 64) {
+ `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`;
+ if ($? == 0) {
+@@ -279,44 +304,16 @@ sub vms_info {
multilib => "/64",
},
@@ -688,7 +2866,7 @@
bn_ops => "RC4_CHAR SIXTY_FOUR_BIT",
thread_scheme => "pthreads",
perlasm_scheme => "n32",
-@@ -351,6 +347,7 @@ sub vms_info {
+@@ -351,6 +348,7 @@ sub vms_info {
debug => "-g -O0",
release => "-O3"),
threads("-D_SGI_MP_SOURCE")),
@@ -696,7 +2874,7 @@
bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "64",
-@@ -402,9 +399,9 @@ sub vms_info {
+@@ -402,9 +400,9 @@ sub vms_info {
# crypto/sha/sha_lcl.h.
# - originally there were 32-bit hpux-parisc2-* targets. They were
# scrapped, because a) they were not interchangeable with other 32-bit
@@ -709,7 +2887,7 @@
# <appro at fy.chalmers.se>
"hpux-parisc-gcc" => {
inherit_from => [ "BASE_unix" ],
-@@ -571,23 +568,18 @@ sub vms_info {
+@@ -571,23 +569,18 @@ sub vms_info {
bn_ops => "BN_LLONG",
},
@@ -742,7 +2920,7 @@
dso_scheme => "dlfcn",
shared_target => "alpha-osf1-shared",
shared_extension => ".so",
-@@ -595,8 +587,9 @@ sub vms_info {
+@@ -595,8 +588,9 @@ sub vms_info {
"tru64-alpha-cc" => {
inherit_from => [ "BASE_unix", asm("alpha_asm") ],
cc => "cc",
@@ -753,7 +2931,7 @@
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
-@@ -872,17 +865,14 @@ sub vms_info {
+@@ -872,17 +866,14 @@ sub vms_info {
# Special note about unconditional -fPIC and -pie. The underlying
# reason is that Lollipop refuses to run non-PIE. But what about
# older systems and NDKs? -fPIC was never problem, so the only
@@ -774,7 +2952,7 @@
},
"android-x86" => {
inherit_from => [ "android", asm("x86_asm") ],
-@@ -921,11 +911,8 @@ sub vms_info {
+@@ -921,11 +912,8 @@ sub vms_info {
"android64" => {
inherit_from => [ "linux-generic64" ],
@@ -788,7 +2966,7 @@
},
"android64-aarch64" => {
inherit_from => [ "android64", asm("aarch64_asm") ],
-@@ -1260,8 +1247,8 @@ sub vms_info {
+@@ -1260,8 +1248,8 @@ sub vms_info {
coutflag => "/Fo",
rc => "rc",
rcoutflag => "/fo",
@@ -799,7 +2977,7 @@
bin_cflags => "/Zi /Fdapp",
lflags => add("/debug"),
shared_ldflag => "/dll",
-@@ -1280,7 +1267,7 @@ sub vms_info {
+@@ -1280,7 +1268,7 @@ sub vms_info {
release =>
sub {
($disabled{shared} ? "" : "/MD")
@@ -808,7 +2986,7 @@
})),
lib_cflags => add(sub { $disabled{shared} ? "/MT /Zl" : () }),
# Following might/should appears controversial, i.e. defining
-@@ -1344,11 +1331,9 @@ sub vms_info {
+@@ -1344,11 +1332,9 @@ sub vms_info {
# configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE'
inherit_from => [ "VC-noCE-common", asm("x86_asm"),
sub { $disabled{shared} ? () : "uplink_common" } ],
@@ -823,7 +3001,7 @@
ex_libs => add(sub {
my @ex_libs = ();
# WIN32 UNICODE build gets linked with unicows.lib for
-@@ -1359,7 +1344,7 @@ sub vms_info {
+@@ -1359,7 +1345,7 @@ sub vms_info {
}),
sys_id => "WIN32",
bn_ops => "BN_LLONG EXPORT_VAR_AS_FN",
@@ -832,7 +3010,7 @@
build_scheme => add("VC-W32", { separator => undef }),
},
"VC-CE" => {
-@@ -1529,17 +1514,6 @@ sub vms_info {
+@@ -1529,17 +1515,6 @@ sub vms_info {
inherit_from => [ "Cygwin-x86" ]
},
@@ -850,7 +3028,15 @@
##### MacOS X (a.k.a. Darwin) setup
"darwin-common" => {
inherit_from => [ "BASE_unix" ],
-@@ -1741,48 +1715,20 @@ sub vms_info {
+@@ -1643,6 +1618,7 @@ sub vms_info {
+ dso_scheme => "dlfcn",
+ shared_target => "linux-shared",
+ shared_cflag => "-fPIC",
++ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ },
+
+ ##### VxWorks for various targets
+@@ -1741,48 +1717,20 @@ sub vms_info {
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
ranlib => "$ENV{'RANLIB'}",
},
@@ -902,7 +3088,7 @@
shared_target => "vms-shared",
dso_scheme => "vms",
thread_scheme => "pthreads",
-@@ -1790,18 +1736,6 @@ sub vms_info {
+@@ -1790,18 +1738,6 @@ sub vms_info {
apps_aux_src => "vms_decc_init.c",
},
@@ -921,9 +3107,54 @@
"vms-alpha" => {
inherit_from => [ "vms-generic" ],
cflags => add(sub { my @warnings =
-diff --git a/Configurations/50-djgpp.conf b/Configurations/50-djgpp.conf
-new file mode 100644
-index 0000000..f532bd1
+@@ -1814,6 +1750,7 @@ sub vms_info {
+ ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
+ }),
+ ex_libs => add(sub { return vms_info(0)->{zlib} || (); }),
++ pointer_size => sub { return vms_info(0)->{pointer_size} },
+ #as => "???",
+ #debug_aflags => "/NOOPTIMIZE/DEBUG",
+ #release_aflags => "/OPTIMIZE/NODEBUG",
+@@ -1834,6 +1771,7 @@ sub vms_info {
+ ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
+ }),
+ ex_libs => add(sub { return vms_info(32)->{zlib} || (); }),
++ pointer_size => sub { return vms_info(32)->{pointer_size} },
+ },
+ "vms-alpha-p64" => {
+ inherit_from => [ "vms-generic" ],
+@@ -1850,6 +1788,7 @@ sub vms_info {
+ ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
+ }),
+ ex_libs => add(sub { return vms_info(64)->{zlib} || (); }),
++ pointer_size => sub { return vms_info(64)->{pointer_size} },
+ },
+ "vms-ia64" => {
+ inherit_from => [ "vms-generic" ],
+@@ -1863,6 +1802,7 @@ sub vms_info {
+ ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
+ }),
+ ex_libs => add(sub { return vms_info(0)->{zlib} || (); }),
++ pointer_size => sub { return vms_info(0)->{pointer_size} },
+ #as => "I4S",
+ #debug_aflags => "/NOOPTIMIZE/DEBUG",
+ #release_aflags => "/OPTIMIZE/NODEBUG",
+@@ -1883,6 +1823,7 @@ sub vms_info {
+ ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
+ }),
+ ex_libs => add(sub { return vms_info(32)->{zlib} || (); }),
++ pointer_size => sub { return vms_info(32)->{pointer_size} },
+ },
+ "vms-ia64-p64" => {
+ inherit_from => [ "vms-generic" ],
+@@ -1899,6 +1840,7 @@ sub vms_info {
+ ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
+ }),
+ ex_libs => add(sub { return vms_info(64)->{zlib} || (); }),
++ pointer_size => sub { return vms_info(64)->{pointer_size} },
+ },
+
+ );
--- /dev/null
+++ b/Configurations/50-djgpp.conf
@@ -0,0 +1,15 @@
@@ -942,9 +3173,6 @@
+ perlasm_scheme => "a.out",
+ },
+);
-diff --git a/Configurations/50-haiku.conf b/Configurations/50-haiku.conf
-new file mode 100644
-index 0000000..f114666
--- /dev/null
+++ b/Configurations/50-haiku.conf
@@ -0,0 +1,29 @@
@@ -977,9 +3205,6 @@
+ bn_ops => "SIXTY_FOUR_BIT_LONG",
+ },
+);
-diff --git a/Configurations/50-masm.conf b/Configurations/50-masm.conf
-new file mode 100644
-index 0000000..60a5507
--- /dev/null
+++ b/Configurations/50-masm.conf
@@ -0,0 +1,17 @@
@@ -1000,9 +3225,6 @@
+ asoutflag => "/Fo",
+ },
+);
-diff --git a/Configurations/99-personal-ben.conf b/Configurations/99-personal-ben.conf
-deleted file mode 100644
-index 50b9315..0000000
--- a/Configurations/99-personal-ben.conf
+++ /dev/null
@@ -1,95 +0,0 @@
@@ -1101,9 +3323,6 @@
- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
- },
-);
-diff --git a/Configurations/99-personal-bodo.conf b/Configurations/99-personal-bodo.conf
-deleted file mode 100644
-index df9b49c..0000000
--- a/Configurations/99-personal-bodo.conf
+++ /dev/null
@@ -1,21 +0,0 @@
@@ -1128,9 +3347,6 @@
- multilib => "64",
- },
-);
-diff --git a/Configurations/99-personal-geoff.conf b/Configurations/99-personal-geoff.conf
-deleted file mode 100644
-index 5bddfae..0000000
--- a/Configurations/99-personal-geoff.conf
+++ /dev/null
@@ -1,29 +0,0 @@
@@ -1163,9 +3379,6 @@
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
-);
-diff --git a/Configurations/99-personal-levitte.conf b/Configurations/99-personal-levitte.conf
-deleted file mode 100644
-index c67252b..0000000
--- a/Configurations/99-personal-levitte.conf
+++ /dev/null
@@ -1,21 +0,0 @@
@@ -1190,9 +3403,6 @@
- build_file => "Makefile",
- },
-);
-diff --git a/Configurations/99-personal-rse.conf b/Configurations/99-personal-rse.conf
-deleted file mode 100644
-index 9999fcd..0000000
--- a/Configurations/99-personal-rse.conf
+++ /dev/null
@@ -1,12 +0,0 @@
@@ -1208,9 +3418,6 @@
- bn_ops => "BN_LLONG",
- },
-);
-diff --git a/Configurations/99-personal-steve.conf b/Configurations/99-personal-steve.conf
-deleted file mode 100644
-index 473fd24..0000000
--- a/Configurations/99-personal-steve.conf
+++ /dev/null
@@ -1,50 +0,0 @@
@@ -1264,11 +3471,9 @@
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
-);
-diff --git a/Configurations/README b/Configurations/README
-index a5a006e..8451b44 100644
--- a/Configurations/README
+++ b/Configurations/README
-@@ -99,8 +99,7 @@ In each table entry, the following keys are significant:
+@@ -99,8 +99,7 @@ hash table, where each entry represent a
some options. In this case, the first
string in the list is the name of the build
scheme.
@@ -1278,7 +3483,7 @@
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
-@@ -380,6 +379,18 @@ item muct be the generator file. It is, however, entirely up to the
+@@ -380,6 +379,18 @@ item muct be the generator file. It is,
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
@@ -1297,7 +3502,7 @@
NOTE: GENERATE lines are limited to one command only per GENERATE.
As a last resort, it's possible to have raw build file lines, between
-@@ -499,6 +510,10 @@ They are all expected to return a string with the lines they produce.
+@@ -499,6 +510,10 @@ They are all expected to return a string
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
@@ -1308,7 +3513,7 @@
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
-@@ -508,9 +523,14 @@ They are all expected to return a string with the lines they produce.
+@@ -508,9 +523,14 @@ They are all expected to return a string
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
@@ -1326,11 +3531,20 @@
src2obj - function that produces build file lines to build an
object file from source files and associated data.
-diff --git a/Configurations/README.design b/Configurations/README.design
-index 574982f..5777e72 100644
--- a/Configurations/README.design
+++ b/Configurations/README.design
-@@ -91,6 +91,7 @@ depends on the library 'libssl' to function properly.
+@@ -37,7 +37,9 @@ build-file templates, adapted for the pl
+ sections on %unified_info and build-file templates further down).
+
+ The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
+-end products.
++end products. There are variants for them with '_NO_INST' as suffix
++(PROGRAM_NO_INST etc) to specify end products that shouldn't get
++installed.
+
+ The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
+ produced file, and their values are the source used to produce that
+@@ -91,6 +93,7 @@ depends on the library 'libssl' to funct
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
@@ -1338,7 +3552,7 @@
This is the build.info file in 'crypto', and it tells us a little more
about what's needed to produce 'libcrypto'. LIBS is used again to
-@@ -103,9 +104,9 @@ This build.info file informs us that 'libcrypto' is built from a few
+@@ -103,9 +106,9 @@ This build.info file informs us that 'li
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
@@ -1351,7 +3565,42 @@
Two things are worth an extra note:
-@@ -153,13 +154,14 @@ information comes down to this:
+@@ -123,17 +126,24 @@ This is the build.info file in 'ssl/', a
+ library 'libssl' is built from the source file 'ssl/tls.c'.
+
+ # engines/build.info
+- ENGINES=libossltest
+- SOURCE[libossltest]=e_ossltest.c
+- DEPEND[libossltest]=../libcrypto
+- INCLUDE[libossltest]=../include
+-
+-This is the build.info file in 'engines/', telling us that an engine
+-called 'engines/libossltest' shall be built, that it's source is
++ ENGINES=dasync
++ SOURCE[dasync]=e_dasync.c
++ DEPEND[dasync]=../libcrypto
++ INCLUDE[dasync]=../include
++
++ ENGINES_NO_INST=ossltest
++ SOURCE[ossltest]=e_ossltest.c
++ DEPEND[ossltest]=../libcrypto
++ INCLUDE[ossltest]=../include
++
++This is the build.info file in 'engines/', telling us that two engines
++called 'engines/dasync' and 'engines/ossltest' shall be built, that
++dasync's source is 'engines/e_dasync.c' and ossltest's source is
+ 'engines/e_ossltest.c' and that the include directory 'include/' may
+-be used when building anything that will be part of this engine.
+-Finally, the engine 'engines/libossltest' depends on the library
+-'libcrypto' to function properly.
++be used when building anything that will be part of these engines.
++Also, both engines depend on the library 'libcrypto' to function
++properly. Finally, only dasync is being installed, as ossltest is
++only for internal testing.
+
+ When Configure digests these build.info files, the accumulated
+ information comes down to this:
+@@ -153,13 +163,19 @@ When Configure digests these build.info
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
@@ -1359,7 +3608,12 @@
- SOURCE[engines/libossltest]=engines/e_ossltest.c
- DEPEND[engines/libossltest]=libcrypto
- INCLUDE[engines/libossltest]=include
-+ ENGINES=engines/ossltest
++ ENGINES=engines/dasync
++ SOURCE[engines/dasync]=engines/e_dasync.c
++ DEPEND[engines/dasync]=libcrypto
++ INCLUDE[engines/dasync]=include
++
++ ENGINES_NO_INST=engines/ossltest
+ SOURCE[engines/ossltest]=engines/e_ossltest.c
+ DEPEND[engines/ossltest]=libcrypto
+ INCLUDE[engines/ossltest]=include
@@ -1370,7 +3624,7 @@
A few notes worth mentioning:
-@@ -170,13 +172,14 @@ PROGRAMS may be used to declare programs only.
+@@ -170,13 +186,14 @@ PROGRAMS may be used to declare programs
ENGINES may be used to declare engines only.
@@ -1390,7 +3644,7 @@
When Configure processes the build.info files, it will take it as
truth without question, and will therefore perform very few checks.
-@@ -202,6 +205,10 @@ indexes:
+@@ -202,10 +219,19 @@ collected into the %unified_info databas
engines => a list of engines. These are directly inferred from
the ENGINES variable in build.info files.
@@ -1401,7 +3655,16 @@
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
-@@ -247,11 +254,15 @@ section above would be digested into a %unified_info table:
+
++ install => a hash table containing 'type' => [ 'file' ... ] pairs.
++ The types are 'programs', 'libraries', 'engines' and
++ 'scripts', and the array of files list the files of
++ that type that should be installed.
++
+ libraries => a list of libraries. These are directly inferred from
+ the LIBS variable in build.info files.
+
+@@ -247,11 +273,15 @@ As an example, here is how the build.inf
[
"libssl",
],
@@ -1418,7 +3681,7 @@
[
"libcrypto",
],
-@@ -259,11 +270,25 @@ section above would be digested into a %unified_info table:
+@@ -259,11 +289,26 @@ As an example, here is how the build.inf
[
"libcrypto",
],
@@ -1430,6 +3693,7 @@
"engines" =>
[
- "engines/libossltest",
++ "engines/dasync",
+ "engines/ossltest",
],
+ "generate" =>
@@ -1445,7 +3709,7 @@
"includes" =>
{
"apps/openssl" =>
-@@ -271,7 +296,7 @@ section above would be digested into a %unified_info table:
+@@ -271,7 +316,7 @@ As an example, here is how the build.inf
".",
"include",
],
@@ -1454,7 +3718,7 @@
[
"include"
],
-@@ -283,6 +308,10 @@ section above would be digested into a %unified_info table:
+@@ -283,7 +328,27 @@ As an example, here is how the build.inf
[
"include",
],
@@ -1463,9 +3727,26 @@
+ "util",
+ ],
}
++ "install" =>
++ {
++ "engines" =>
++ [
++ "engines/dasync",
++ ],
++ "libraries" =>
++ [
++ "libcrypto",
++ "libssl",
++ ],
++ "programs" =>
++ [
++ "apps/openssl",
++ ],
++ },
"libraries" =>
[
-@@ -308,9 +337,6 @@ section above would be digested into a %unified_info table:
+ "libcrypto",
+@@ -308,9 +373,6 @@ As an example, here is how the build.inf
],
"rawlines" =>
[
@@ -1475,7 +3756,7 @@
],
"sources" =>
{
-@@ -338,7 +364,7 @@ section above would be digested into a %unified_info table:
+@@ -338,7 +400,7 @@ As an example, here is how the build.inf
[
"engines/e_ossltest.c",
],
@@ -1484,7 +3765,7 @@
[
"engines/e_ossltest.o",
],
-@@ -382,6 +408,34 @@ build static libraries from object files, to build shared libraries
+@@ -382,6 +444,34 @@ build static libraries from object files
from static libraries, to programs from object files and libraries,
etc.
@@ -1519,7 +3800,7 @@
src2obj - function that produces build file lines to build an
object file from source files and associated data.
-@@ -501,7 +555,7 @@ programs and all intermediate files, using the rule generating
+@@ -501,7 +591,7 @@ programs and all intermediate files, usi
functions defined in the build-file template.
As an example with the smaller build.info set we've seen as an
@@ -1528,7 +3809,7 @@
following calls:
# Note: libobj2shlib will only be called if shared libraries are
-@@ -509,25 +563,43 @@ following calls:
+@@ -509,25 +599,43 @@ example, producing the rules to build 'l
# Note 2: libobj2shlib gets both the name of the static library
# and the names of all the object files that go into it. It's up
# to the implementation to decide which to use as input.
@@ -1558,6 +3839,12 @@
+
+ src2obj(obj => "crypto/aes"
+ srcs => [ "crypto/aes.c" ],
++ deps => [ ],
++ incs => [ "include" ],
++ intent => "lib");
++
++ src2obj(obj => "crypto/evp"
++ srcs => [ "crypto/evp.c" ],
deps => [ ],
- incs => [ "include" ]);
+ incs => [ "include" ],
@@ -1566,12 +3853,6 @@
- src2dep(obj => "ssl/tls"
- srcs => [ "ssl/tls.c" ],
- incs => [ "include" ]);
-+ src2obj(obj => "crypto/evp"
-+ srcs => [ "crypto/evp.c" ],
-+ deps => [ ],
-+ incs => [ "include" ],
-+ intent => "lib");
-+
+ src2obj(obj => "crypto/cversion"
+ srcs => [ "crypto/cversion.c" ],
+ deps => [ "crypto/buildinf.h" ],
@@ -1589,8 +3870,6 @@
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.
-diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
-index cdcaf53..9d7fbf2 100644
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -1,7 +1,9 @@
@@ -1691,19 +3970,26 @@
# Finally, should there be any applicable BEGINRAW/ENDRAW sections,
# they are added here.
$OUT .= $_."\n" foreach @{$unified_info{rawlines}};
-diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
-index 2e58b1a..8211d01 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
-@@ -37,14 +37,25 @@
+@@ -9,6 +9,9 @@
+ our $osslprefix = 'OSSL$';
+ (our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/;
+
++ our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor};
++ our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
++
+ our $sourcedir = $config{sourcedir};
+ our $builddir = $config{builddir};
+ sub sourcefile {
+@@ -37,14 +40,24 @@
"";
}
+ # Because we need to make two computations of these data,
+ # we store them in arrays for reuse
+ our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}};
-+ our @programs = grep { !m|^\[\.test\]| } @{$unified_info{programs}};
-+ our @testprogs = grep { m|^\[\.test\]| } @{$unified_info{programs}};
++ our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}};
+ our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
+ grep { defined $unified_info{generate}->{$_} }
+ map { @{$unified_info{sources}->{$_}} }
@@ -1723,7 +4009,7 @@
$unified_info{after}->{$x}
= qq(deassign arch);
}
-@@ -52,10 +63,10 @@
+@@ -52,10 +65,10 @@
my $sd2 = sourcedir("ssl","statem");
$unified_info{before}->{"[.test]heartbeat_test.OBJ"}
= $unified_info{before}->{"[.test]ssltest_old.OBJ"}
@@ -1738,7 +4024,7 @@
$unified_info{after}->{"[.test]heartbeat_test.OBJ"}
= $unified_info{after}->{"[.test]ssltest.OBJ"}
= qq(deassign statem
-@@ -63,10 +74,10 @@
+@@ -63,10 +76,10 @@
foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) {
(my $x = $_) =~ s|\.o$|.OBJ|;
$unified_info{before}->{$x}
@@ -1753,7 +4039,7 @@
$unified_info{after}->{$x}
= qq(deassign statem
deassign record);
-@@ -80,7 +91,11 @@ PLATFORM={- $config{target} -}
+@@ -80,7 +93,11 @@ PLATFORM={- $config{target} -}
OPTIONS={- $config{options} -}
CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
SRCDIR={- $config{sourcedir} -}
@@ -1766,7 +4052,7 @@
VERSION={- $config{version} -}
MAJOR={- $config{major} -}
-@@ -95,13 +110,13 @@ EXE_EXT=.EXE
+@@ -95,13 +112,12 @@ EXE_EXT=.EXE
LIB_EXT=.OLB
SHLIB_EXT=.EXE
OBJ_EXT=.OBJ
@@ -1779,18 +4065,21 @@
ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -}
-PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } grep { !m|^\[\.test\]| } @{$unified_info{programs}}) -}
-TESTPROGS={- join(", ", map { "-\n\t".$_.".EXE" } grep { m|^\[\.test\]| } @{$unified_info{programs}}) -}
-+PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @programs) -}
-+TESTPROGS={- join(", ", map { "-\n\t".$_.".EXE" } @testprogs) -}
++PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
-@@ -109,6 +124,13 @@ DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
+@@ -109,6 +125,17 @@ DEPS={- our @deps = map { (my $x = $_) =
keys %{$unified_info{sources}};
join(", ", map { "-\n\t".$_ } @deps); -}
{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
+GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -}
+
++INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -}
++INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
++INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
++INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=[.tools]c_rehash.pl
+MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
@@ -1798,7 +4087,32 @@
# DESTDIR is for package builders so that they can configure for, say,
# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
-@@ -137,6 +159,9 @@ CFLAGS_Q=$(CFLAGS)
+@@ -119,24 +146,28 @@ DEPS={- our @deps = map { (my $x = $_) =
+ DESTDIR=
+
+ # Do not edit this manually. Use Configure --prefix=DIR to change this!
+-INSTALLTOP={- (my $x = $config{version}) =~ s|\.|_|g;
+- our $installtop =
+- catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL-$x]";
++INSTALLTOP={- our $installtop =
++ catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]";
+ $installtop -}
+ SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
+ # This is the standard central area to store certificates, private keys...
+ OPENSSLDIR={- catdir($config{openssldir}) ||
+ $config{prefix} ? catdir($config{prefix},"COMMON")
+ : "SYS\$COMMON:[OPENSSL-COMMON]" -}
+-# Where installed engines reside
+-ENGINESDIR={- $osslprefix -}ENGINES:
++# The same, but for C
++OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000]
++# Where installed engines reside, for C
++ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}:
+
+ CC= {- $target{cc} -}
+-CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
++CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
+ CFLAGS_Q=$(CFLAGS)
DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -})
LDFLAGS= {- $target{lflags} -}
EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -}
@@ -1808,36 +4122,41 @@
PERL={- $config{perl} -}
-@@ -210,20 +235,22 @@ NODEBUG=@
+@@ -210,27 +241,30 @@ NODEBUG=@
# The main targets ###################################################
-all : configdata.pm, -
+- build_libs_nodep, build_engines_nodep, build_apps_nodep, -
+all : build_generated, -
- build_libs_nodep, build_engines_nodep, build_apps_nodep, -
++ build_libs_nodep, build_engines_nodep, build_programs_nodep, -
depend
-build_libs : configdata.pm, build_libs_nodep, depend
+-build_libs_nodep : $(LIBS)
+-build_engines : configdata.pm, build_engines_nodep, depend
+build_libs : build_generated, build_libs_nodep, depend
- build_libs_nodep : $(LIBS)
--build_engines : configdata.pm, build_engines_nodep, depend
++build_libs_nodep : $(LIBS), $(SHLIBS)
+build_engines : build_generated, build_engines_nodep, depend
build_engines_nodep : $(ENGINES)
-build_apps : configdata.pm, build_apps_nodep, depend
-+build_apps : build_generated, build_apps_nodep, depend
- build_apps_nodep : $(PROGRAMS), $(SCRIPTS)
+-build_apps_nodep : $(PROGRAMS), $(SCRIPTS)
-build_tests : configdata.pm, build_tests_nodep, depend
-+build_tests : build_generated, build_tests_nodep, depend
- build_tests_nodep : $(TESTPROGS)
+-build_tests_nodep : $(TESTPROGS)
++build_programs : build_generated, build_programs_nodep, depend
++build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
-test tests : configdata.pm, -
+- build_apps_nodep, build_engines_nodep, build_tests_nodep, -
+build_generated : $(GENERATED_MANDATORY)
+
-+test tests : build_generated, -
- build_apps_nodep, build_engines_nodep, build_tests_nodep, -
++# Kept around for backward compatibility
++build_apps build_tests : build_programs
++
++test tests : build_generated, build_programs_nodep, build_engines_nodep, -
depend
@ ! {- output_off() if $disabled{tests}; "" -}
-@@ -231,6 +258,7 @@ test tests : configdata.pm, -
+ SET DEFAULT [.test]{- move("test") -}
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
@@ -1845,7 +4164,7 @@
$(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
DEASSIGN OPENSSL_ENGINES
DEASSIGN BLDTOP
-@@ -241,18 +269,15 @@ test tests : configdata.pm, -
+@@ -241,26 +275,23 @@ test tests : configdata.pm, -
@ ! {- output_on() if !$disabled{tests}; "" -}
list-tests :
@@ -1872,12 +4191,33 @@
@ WRITE SYS$OUTPUT ""
@ WRITE SYS$OUTPUT "######################################################################"
@ WRITE SYS$OUTPUT ""
-@@ -279,15 +304,29 @@ install : install_sw install_docs
+ @ IF "$(DESTDIR)" .EQS. "" THEN -
+ PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
+ WRITE SYS$OUTPUT "" ; -
+- WRITE SYS$OUTPUT "Run @$(INSTALLTOP)openssl_startup to set up logical names" ; -
+- WRITE SYS$OUTPUT "then run @$(INSTALLTOP)openssl_setup to define commands" ; -
++ WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
++ WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
+ WRITE SYS$OUTPUT "" )
+ @ IF "$(DESTDIR)" .NES. "" THEN -
+ PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
+@@ -273,21 +304,37 @@ install : install_sw install_docs
+ WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
+ WRITE SYS$OUTPUT "" ; -
+ WRITE SYS$OUTPUT "When in its final destination," ; -
+- WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup to set up logical names" ; -
+- WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils to define commands" ; -
++ WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
++ WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
+ WRITE SYS$OUTPUT "" )
++check_install :
++ spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
++
uninstall : uninstall_docs uninstall_sw
+# Because VMS wants the generation number (or *) to delete files, we can't
-+# use $(LIBS), $(PROGRAMS), $(GENERATED), $(ENGINES) and $(TESTPROGS) directly.
++# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly.
+libclean :
+ {- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -}
+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -}
@@ -1891,8 +4231,7 @@
- - DELETE [.test]*.OBJ;*,*.LIS;*
- - DELETE [.test]*.LOG;*
- - DELETE []*.MAP;*
-+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @programs) || "@ !" -}
-+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @testprogs) || "@ !" -}
++ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -}
+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -}
+ {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -}
+ {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -}
@@ -1910,22 +4249,25 @@
depend : descrip.mms
descrip.mms : FORCE
-@@ -306,13 +345,26 @@ descrip.mms : FORCE
+@@ -306,82 +353,113 @@ descrip.mms : FORCE
# Install helper targets #############################################
-install_sw : all install_dev install_engines install_runtime install_config
-+install_sw : all install_dev install_engines install_runtime install_startup
++install_sw : all install_shared _install_dev_ns -
++ install_engines _install_runtime_ns -
++ install_startup install_ivp
++
++uninstall_sw : uninstall_shared _uninstall_dev_ns -
++ uninstall_engines _uninstall_runtime_ns -
++ uninstall_startup uninstall_ivp
++
++install_docs : install_html_docs
-uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime uninstall_config
-+uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime uninstall_startup
++uninstall_docs : uninstall_html_docs
-install_docs : install_man_docs install_html_docs
-+install_docs : install_html_docs
-
--uninstall_docs : uninstall_man_docs uninstall_html_docs
-+uninstall_docs : uninstall_html_docs
-+
+install_ssldirs : check_INSTALLTOP
+ - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
+ IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
@@ -1939,12 +4281,50 @@
+ COPY/PROT=W:RE {- sourcefile("apps", "openssl-vms.cnf") -} -
+ ossl_dataroot:[000000]openssl.cnf
- install_dev : check_INSTALLTOP
+-uninstall_docs : uninstall_man_docs uninstall_html_docs
++install_shared : check_INSTALLTOP
++ @ {- output_off() if $disabled{shared}; "" -} !
++ @ WRITE SYS$OUTPUT "*** Installing shareable images"
++ @ ! Install shared (runtime) libraries
++ - CREATE/DIR ossl_installroot:[LIB.'arch']
++ {- join("\n ",
++ map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
++ @install_shlibs) -}
++ @ {- output_on() if $disabled{shared}; "" -} !
+
+-install_dev : check_INSTALLTOP
++_install_dev_ns : check_INSTALLTOP
@ WRITE SYS$OUTPUT "*** Installing development files"
-@@ -339,13 +391,8 @@ install_runtime : check_INSTALLTOP
- COPY/PROT=W:RE [.APPS]openssl.EXE ossl_installroot:[EXE.'arch']
+ @ ! Install header files
+ - CREATE/DIR ossl_installroot:[include.openssl]
+ COPY/PROT=W:R openssl:*.h ossl_installroot:[include.openssl]
+- @ ! Install libraries
++ @ ! Install static (development) libraries
+ - CREATE/DIR ossl_installroot:[LIB.'arch']
+ {- join("\n ",
+ map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
+- @{$unified_info{libraries}}) -}
+- @ {- output_off() if $disabled{shared}; "" -} !
+- {- join("\n ",
+- map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[LIB.'arch']" }
+- map { $unified_info{sharednames}->{$_} || () }
+- @{$unified_info{libraries}}) -}
+- @ {- output_on() if $disabled{shared}; "" -} !
++ @{$unified_info{install}->{libraries}}) -}
++
++install_dev : install_shared _install_dev_ns
+
+-install_runtime : check_INSTALLTOP
+- @ ! {- output_off() if $disabled{apps}; "" -}
+- @ WRITE SYS$OUTPUT "*** Installing runtime files"
++_install_runtime_ns : check_INSTALLTOP
+ @ ! Install the main program
+ - CREATE/DIR ossl_installroot:[EXE.'arch']
+- COPY/PROT=W:RE [.APPS]openssl.EXE ossl_installroot:[EXE.'arch']
++ COPY/PROT=W:RE [.APPS]openssl.EXE -
++ ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
@ ! Install scripts
- - CREATE/DIR ossl_installroot:[EXE]
+- - CREATE/DIR ossl_installroot:[EXE]
- COPY/PROT=W:RE [.APPS]CA.pl ossl_installroot:[EXE]
- COPY/PROT=W:RE [.TOOLS]c_rehash. ossl_installroot:[EXE]c_rehash.pl
+ COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@@ -1953,30 +4333,47 @@
- - CREATE/DIR ossl_dataroot:[000000]
- COPY/PROT=W:RE {- sourcefile("apps", "openssl-vms.cnf") -} -
- ossl_dataroot:[000000]openssl.cnf
++
++install_runtime : install_shared _install_runtime_ns
install_engines : check_INSTALLTOP
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
-@@ -356,27 +403,26 @@ install_engines : check_INSTALLTOP
- grep(!m|ossltest$|i, @{$unified_info{engines}})) -}
+ @ WRITE SYS$OUTPUT "*** Installing engines"
+- - CREATE/DIR ossl_installroot:[ENGINES.'arch']
++ - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
+ {- join("\n ",
+- map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES.'arch']" }
+- grep(!m|ossltest$|i, @{$unified_info{engines}})) -}
++ map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
++ @{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
-install_config : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
-+install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
- check_INSTALLTOP
+- check_INSTALLTOP
- IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
- CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
- IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
- CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
++install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
++ [.VMS]openssl_utils.com, check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYS$STARTUP]
- COPY/PROT=W:RE -
-+ [.VMS]openssl_startup.com,openssl_startup.com -
-+ ossl_installroot:[SYS$STARTUP]
-+ COPY/PROT=W:RE -
- [.VMS]openssl_startup.com,openssl_shutdown.com -
- ossl_installroot:[SYS$STARTUP]
- COPY/PROT=W:RE -
- {- sourcefile("VMS", "openssl_utils.com") -} -
- ossl_installroot:[SYS$STARTUP]
+- COPY/PROT=W:RE -
+- [.VMS]openssl_startup.com,openssl_shutdown.com -
+- ossl_installroot:[SYS$STARTUP]
+- COPY/PROT=W:RE -
+- {- sourcefile("VMS", "openssl_utils.com") -} -
+- ossl_installroot:[SYS$STARTUP]
++ COPY/PROT=W:RE [.VMS]openssl_startup.com -
++ ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com
++ COPY/PROT=W:RE [.VMS]openssl_shutdown.com -
++ ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com
++ COPY/PROT=W:RE [.VMS]openssl_utils.com -
++ ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com
++
++install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP
++ - CREATE/DIR ossl_installroot:[SYSTEST]
++ COPY/PROT=W:RE [.VMS]openssl_ivp.com -
++ ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
-[.VMS]openssl_startup.com : vmsconfig.pm
+[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -}
@@ -1986,23 +4383,49 @@
> [.VMS]openssl_startup.com
-[.VMS]openssl_shutdown.com : vmsconfig.pm
++[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -}
++ - CREATE/DIR [.VMS]
++ $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
++ {- sourcefile("VMS", "openssl_utils.com.in") -} -
++ > [.VMS]openssl_utils.com
++
+[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -}
- CREATE/DIR [.VMS]
$(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
{- sourcefile("VMS", "openssl_shutdown.com.in") -} -
-@@ -397,7 +443,10 @@ vmsconfig.pm : configdata.pm
+ > [.VMS]openssl_shutdown.com
+
++[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -}
++ - CREATE/DIR [.VMS]
++ $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
++ {- sourcefile("VMS", "openssl_ivp.com.in") -} -
++ > [.VMS]openssl_ivp.com
++
+ vmsconfig.pm : configdata.pm
+ OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm
+ WRITE CONFIG "package vmsconfig;"
+@@ -390,15 +468,14 @@ vmsconfig.pm : configdata.pm
+ WRITE CONFIG "our @ISA = qw(Exporter);"
+ WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);"
+ WRITE CONFIG "our %config = ("
+- WRITE CONFIG " target => '{- $config{target} -}',"
+- WRITE CONFIG " version => '$(MAJOR).$(MINOR)',"
++ WRITE CONFIG " target => '","{- $config{target} -}","',"
++ WRITE CONFIG " version => '","{- $config{version} -}","',"
++ WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","',"
++ WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","',"
+ WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","',"
+ WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)',"
WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)',"
- WRITE CONFIG " pointersize => '","{- $target{pointersize} -}","',"
- WRITE CONFIG " shared_libs => ["
+- WRITE CONFIG " pointersize => '","{- $target{pointersize} -}","',"
+- WRITE CONFIG " shared_libs => ["
- {- join("\n ", map { "WRITE CONFIG \" '$_'," } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "\@ !" -}
-+ {- $disabled{shared}
-+ ? "\@ !"
-+ : join("\n ", map { "WRITE CONFIG \" '$_'," } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}})
-+ -}
- WRITE CONFIG " ],"
+- WRITE CONFIG " ],"
++ WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","',"
WRITE CONFIG ");"
WRITE CONFIG "our %target = ();"
-@@ -407,6 +456,10 @@ vmsconfig.pm : configdata.pm
+ WRITE CONFIG "our %disabled = ();"
+@@ -407,6 +484,10 @@ vmsconfig.pm : configdata.pm
WRITE CONFIG "1;"
CLOSE CONFIG
@@ -2013,7 +4436,7 @@
check_INSTALLTOP :
@ IF "$(INSTALLTOP)" .EQS. "" THEN -
WRITE SYS$ERROR "INSTALLTOP should not be empty"
-@@ -418,9 +471,7 @@ check_INSTALLTOP :
+@@ -418,9 +499,7 @@ vmsconfig.pm : configdata.pm
# Developer targets ##################################################
debug_logicals :
@@ -2024,7 +4447,7 @@
# Building targets ###################################################
-@@ -441,13 +492,25 @@ configdata.pm : {- join(" ", sourcefile("Configurations", "descrip.mms.tmpl"), s
+@@ -441,13 +520,25 @@ configdata.pm : {- join(" ", sourcefile(
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -2039,21 +4462,21 @@
+ "util", "dofile.pl")),
+ rel2abs($config{builddir}));
+ return <<"EOF";
-+$args{src} : $args{generator}->[0] $deps
+ $args{src} : $args{generator}->[0] $deps
+- \$(PERL) $generator > \$@
+ \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\
+ "-o$target{build_file}" $generator > \$@
-+EOF
+ EOF
+ } else {
+ return <<"EOF";
- $args{src} : $args{generator}->[0] $deps
-- \$(PERL) $generator > \$@
++$args{src} : $args{generator}->[0] $deps
+ \$(PERL)$generator_incs $generator > \$@
- EOF
++EOF
+ }
} else {
die "No method to generate assembler source present.\n";
}
-@@ -471,6 +534,9 @@ EOF
+@@ -471,6 +562,9 @@ EOF
my $srcs =
join(", ",
map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
@@ -2063,7 +4486,7 @@
my $incs_on = "\@ !";
my $incs_off = "\@ !";
my $incs = "";
-@@ -494,20 +560,20 @@ EOF
+@@ -494,20 +588,20 @@ EOF
my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
my $depbuild = $disabled{makedepend} ? ""
@@ -2089,7 +4512,16 @@
- PURGE $obj.OBJ
EOF
}
-@@ -545,22 +611,18 @@ EOF
+@@ -517,7 +611,7 @@ EOF
+ my $shlib = $args{shlib};
+ my $libd = dirname($lib);
+ my $libn = basename($lib);
+- (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib//i;
++ (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
+ my @deps = map {
+ $disabled{shared} ? $_.".OLB"
+ : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+@@ -545,22 +639,18 @@ EOF
|| "\@ !";
return <<"EOF";
$shlib.EXE : $lib.OLB $deps $ordinalsfile
@@ -2119,7 +4551,16 @@
EOF
}
sub obj2dso {
-@@ -656,7 +718,7 @@ EOF
+@@ -609,7 +699,7 @@ EOF
+ @{$args{objs}}));
+ return <<"EOF";
+ $lib.OLB : $objs
+- LIBRARY/CREATE/OBJECT $lib
++ LIBRARY/CREATE/OBJECT $lib.OLB
+ $fill_lib
+ - PURGE $lib.OLB
+ EOF
+@@ -656,7 +746,7 @@ EOF
rel2abs($config{builddir}));
return <<"EOF";
$script : $sources
@@ -2128,15 +4569,50 @@
"-o$target{build_file}" $sources > $script
SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
PURGE $script
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index ed64e65..6dbed43 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -84,13 +84,17 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+@@ -14,6 +14,10 @@
+
+ sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
+
++ our $sover = $config{target} =~ /^mingw/
++ ? $config{shlib_major}."_".$config{shlib_minor}
++ : $config{shlib_major}.".".$config{shlib_minor};
++
+ # shlib and shlib_simple both take a static library name and figure
+ # out what the shlib name should be.
+ #
+@@ -56,6 +60,13 @@
+
+ return $engine . $dsoext;
+ }
++ # This makes sure things get built in the order they need
++ # to. You're welcome.
++ sub dependmagic {
++ my $target = shift;
++
++ return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
++ }
+ '';
+ -}
+ PLATFORM={- $config{target} -}
+@@ -75,26 +86,33 @@ SHLIB_TARGET={- $target{shared_target} -
+
+ LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
+ SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
++SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
+ ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
+-PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test/| } @{$unified_info{programs}}) -}
+-TESTPROGS={- join(" ", map { $_.$exeext } grep { m|^test/| } @{$unified_info{programs}}) -}
++PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
+ SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
+ {- output_off() if $disabled{makedepend}; "" -}
+ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
-GENERATED={- join(" ", map { (my $x = $_) =~ s|\.S$|\.s|; $x } keys %{$unified_info{generate}}) -}
+-
+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
+GENERATED={- join(" ",
+ ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
@@ -2144,7 +4620,12 @@
+ map { @{$unified_info{sources}->{$_}} }
+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
+ ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
-
++
++INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
++INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
++INSTALL_SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{install}->{libraries}}) -}
++INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
++INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
-MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \
@@ -2153,8 +4634,21 @@
+MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
{- output_on() if $disabled{apps}; "" -}
- SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
-@@ -169,10 +173,9 @@ LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag}
+-SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
+-
+ # DESTDIR is for package builders so that they can configure for, say,
+ # /usr/ and yet have everything installed to /tmp/somedir/usr/.
+ # Normally it is left empty.
+@@ -133,7 +151,7 @@ LIBDIR={- #
+ our $libdir = $config{libdir} || "lib$multilib";
+ $libdir -}
+ ENGINESDIR={- use File::Spec::Functions;
+- catdir($prefix,$libdir,"engines") -}
++ catdir($prefix,$libdir,"engines-$sover") -}
+
+ MANDIR=$(INSTALLTOP)/share/man
+ DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
+@@ -169,10 +187,9 @@ LIB_LDFLAGS={- $target{shared_ldflag}."
# $prefix is not /usr.
. ($config{target} =~ m|^BSD-| && $prefix !~ m|^/usr/.*$|
? " -Wl,-rpath,\$\$(LIBRPATH)" : "") -}
@@ -2166,7 +4660,7 @@
PERL={- $config{perl} -}
-@@ -180,6 +183,8 @@ ARFLAGS= {- $target{arflags} -}
+@@ -180,6 +197,8 @@ ARFLAGS= {- $target{arflags} -}
AR=$(CROSS_COMPILE){- $target{ar} || "ar" -} $(ARFLAGS) r
RANLIB= {- $target{ranlib} -}
NM= $(CROSS_COMPILE){- $target{nm} || "nm" -}
@@ -2175,36 +4669,35 @@
RM= rm -f
RMDIR= rmdir
TAR= {- $target{tar} || "tar" -}
-@@ -205,24 +210,30 @@ PROCESSOR= {- $config{processor} -}
+@@ -205,24 +224,26 @@ PROCESSOR= {- $config{processor} -}
# The main targets ###################################################
-all: configdata.pm build_libs_nodep build_engines_nodep build_apps_nodep \
-+all: build_generated \
-+ build_libs_nodep build_engines_nodep build_apps_nodep \
- depend link-utils
+- depend link-utils
++{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep link-utils
++{- dependmagic('build_libs'); -}: build_libs_nodep
++{- dependmagic('build_engines'); -}: build_engines_nodep
++{- dependmagic('build_programs'); -}: build_programs_nodep
-build_libs: configdata.pm build_libs_nodep depend
-+build_libs: build_generated build_libs_nodep depend
++build_generated: $(GENERATED_MANDATORY)
build_libs_nodep: libcrypto.pc libssl.pc openssl.pc
-build_engines: configdata.pm build_engines_nodep depend
-+build_engines: build_generated build_engines_nodep depend
build_engines_nodep: $(ENGINES)
-build_apps: configdata.pm build_apps_nodep depend
-+build_apps: build_generated build_apps_nodep depend
- build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
+-build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
-build_tests: configdata.pm build_tests_nodep depend
-+build_tests: build_generated build_tests_nodep depend
- build_tests_nodep: $(TESTPROGS)
+-build_tests_nodep: $(TESTPROGS)
++build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
++
++# Kept around for backward compatibility
++build_apps build_tests: build_programs
-test tests: build_tests_nodep build_apps_nodep build_engines_nodep \
- depend link-utils
-+build_generated: $(GENERATED_MANDATORY)
-+
+test: tests
-+tests: build_generated \
-+ build_tests_nodep build_apps_nodep build_engines_nodep \
-+ depend link-utils
++{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
@ : {- output_off() if $disabled{tests}; "" -}
( cd test; \
SRCTOP=../$(SRCDIR) \
@@ -2213,7 +4706,7 @@
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
-@@ -231,7 +242,16 @@ test tests: build_tests_nodep build_apps_nodep build_engines_nodep \
+@@ -231,7 +252,16 @@ test tests: build_tests_nodep build_apps
@ : {- output_on() if !$disabled{tests}; "" -}
list-tests:
@@ -2231,7 +4724,7 @@
libclean:
@set -e; for s in $(SHLIB_INFO); do \
-@@ -245,21 +265,22 @@ libclean:
+@@ -245,21 +275,22 @@ test tests: build_tests_nodep build_apps
fi; \
done
$(RM) $(LIBS)
@@ -2267,7 +4760,7 @@
# This exists solely for those who still type 'make depend'
#
-@@ -296,6 +317,19 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs
+@@ -296,11 +327,29 @@ uninstall_docs: uninstall_man_docs unins
install_ssldirs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
@@ -2287,10 +4780,159 @@
install_dev:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
-@@ -458,19 +492,6 @@ install_runtime:
+ @echo "*** Installing development files"
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
++ @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
++ @echo "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
++ @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
++ @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
++ @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @set -e; for i in $(SRCDIR)/include/openssl/*.h \
+ $(BLDDIR)/include/openssl/*.h; do \
+ fn=`basename $$i`; \
+@@ -309,7 +358,7 @@ uninstall_docs: uninstall_man_docs unins
+ chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+ done
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
+- @set -e; for l in $(LIBS); do \
++ @set -e; for l in $(INSTALL_LIBS); do \
+ fn=`basename $$l`; \
+ echo "install $$l -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
+ cp $$l $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
+@@ -319,7 +368,7 @@ uninstall_docs: uninstall_man_docs unins
+ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
+ done
+ @ : {- output_off() if $disabled{shared}; "" -}
+- @set -e; for s in $(SHLIB_INFO); do \
++ @set -e; for s in $(INSTALL_SHLIB_INFO); do \
+ s1=`echo "$$s" | cut -f1 -d";"`; \
+ s2=`echo "$$s" | cut -f2 -d";"`; \
+ fn1=`basename $$s1`; \
+@@ -327,7 +376,7 @@ uninstall_docs: uninstall_man_docs unins
+ : {- output_off() if windowsdll(); "" -}; \
+ echo "install $$s1 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \
+ cp $$s1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
+- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
++ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
+ mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new \
+ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \
+ if [ "$$fn1" != "$$fn2" ]; then \
+@@ -337,7 +386,7 @@ uninstall_docs: uninstall_man_docs unins
+ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
+ echo "install $$s2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \
+ cp $$s2 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
+- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
++ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
+ mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new \
+ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
+ : {- output_on() unless windowsdll(); "" -}; \
+@@ -356,6 +405,10 @@ uninstall_docs: uninstall_man_docs unins
+
+ uninstall_dev:
+ @echo "*** Uninstalling development files"
++ @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
++ @echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
++ @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
++ @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @set -e; for i in $(SRCDIR)/include/openssl/*.h \
+ $(BLDDIR)/include/openssl/*.h; do \
+ fn=`basename $$i`; \
+@@ -364,13 +417,13 @@ uninstall_docs: uninstall_man_docs unins
+ done
+ -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
+ -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
+- @set -e; for l in $(LIBS); do \
++ @set -e; for l in $(INSTALL_LIBS); do \
+ fn=`basename $$l`; \
+ echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
+ $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
+ done
+ @ : {- output_off() if $disabled{shared}; "" -}
+- @set -e; for s in $(SHLIB_INFO); do \
++ @set -e; for s in $(INSTALL_SHLIB_INFO); do \
+ s1=`echo "$$s" | cut -f1 -d";"`; \
+ s2=`echo "$$s" | cut -f2 -d";"`; \
+ fn1=`basename $$s1`; \
+@@ -396,51 +449,57 @@ uninstall_docs: uninstall_man_docs unins
+
+ install_engines:
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/
++ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
+ @echo "*** Installing engines"
+- @set -e; for e in dummy $(ENGINES); do \
++ @set -e; for e in dummy $(INSTALL_ENGINES); do \
+ if [ "$$e" = "dummy" ]; then continue; fi; \
+ fn=`basename $$e`; \
+- if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
+- continue; \
+- fi; \
+- echo "install $$e -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn"; \
+- cp $$e $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new; \
+- chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new; \
+- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new \
+- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn; \
++ echo "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \
++ cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
++ chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
++ mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \
++ $(DESTDIR)$(ENGINESDIR)/$$fn; \
+ done
+
+ uninstall_engines:
+ @echo "*** Uninstalling engines"
+- @set -e; for e in dummy $(ENGINES); do \
++ @set -e; for e in dummy $(INSTALL_ENGINES); do \
+ if [ "$$e" = "dummy" ]; then continue; fi; \
+ fn=`basename $$e`; \
+ if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
+ continue; \
+ fi; \
+- echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn"; \
+- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn; \
++ echo "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \
++ $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \
+ done
+- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines
++ -$(RMDIR) $(DESTDIR)$(ENGINESDIR)
+
+ install_runtime:
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
++ @ : {- output_off() if windowsdll(); "" -}
++ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
++ @ : {- output_on() if windowsdll(); "" -}
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
+ @echo "*** Installing runtime files"
+- : {- output_off() unless windowsdll(); "" -};
+- @set -e; for s in dummy $(SHLIBS); do \
++ @set -e; for s in dummy $(INSTALL_SHLIBS); do \
+ if [ "$$s" = "dummy" ]; then continue; fi; \
+ fn=`basename $$s`; \
++ : {- output_off() unless windowsdll(); "" -}; \
+ echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+ cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+ chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
++ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
++ echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
++ cp $$s $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
++ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
++ mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \
++ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
++ : {- output_on() if windowsdll(); "" -}; \
done
+- : {- output_on() unless windowsdll(); "" -};
+- @set -e; for x in dummy $(PROGRAMS); do \
++ @set -e; for x in dummy $(INSTALL_PROGRAMS); do \
+ if [ "$$x" = "dummy" ]; then continue; fi; \
+ fn=`basename $$x`; \
+ echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+@@ -458,23 +517,10 @@ uninstall_docs: uninstall_man_docs unins
+ mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+ $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+ done
- @set -e; for x in dummy $(MISC_SCRIPTS); do \
- if [ "$$x" = "dummy" ]; then continue; fi; \
- fn=`basename $$x`; \
@@ -2307,7 +4949,30 @@
uninstall_runtime:
@echo "*** Uninstalling runtime files"
-@@ -526,6 +547,7 @@ PROCESS_PODS=\
+- @set -e; for x in dummy $(PROGRAMS); \
++ @set -e; for x in dummy $(INSTALL_PROGRAMS); \
+ do \
+ if [ "$$x" = "dummy" ]; then continue; fi; \
+ fn=`basename $$x`; \
+@@ -495,14 +541,14 @@ uninstall_docs: uninstall_man_docs unins
+ echo "$(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
+ $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
+ done
+- : {- output_off() unless windowsdll(); "" -};
+- @set -e; for s in dummy $(SHLIBS); do \
++ @ : {- output_off() unless windowsdll(); "" -}
++ @set -e; for s in dummy $(INSTALL_SHLIBS); do \
+ if [ "$$s" = "dummy" ]; then continue; fi; \
+ fn=`basename $$s`; \
+ echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+ done
+- : {- output_on() unless windowsdll(); "" -};
++ @ : {- output_on() unless windowsdll(); "" -}
+ $(RM) $(DESTDIR)$(OPENSSLDIR)/openssl.cnf
+ -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
+ -$(RMDIR) $(DESTDIR)$(OPENSSLDIR)/misc
+@@ -526,6 +572,7 @@ PROCESS_PODS=\
SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \
[ -z "$$SEC" ] && SEC=$$defsec; \
fn=`basename $$p .pod`; \
@@ -2315,7 +4980,7 @@
NAME=`echo $$fn | tr [a-z] [A-Z]`; \
suf=`eval "echo $$OUTSUFFIX"`; \
top=`eval "echo $$OUTTOP"`; \
-@@ -605,8 +627,8 @@ install_html_docs:
+@@ -605,8 +652,8 @@ UNINSTALL_DOCS=\
OUTSUFFIX='.$(HTMLSUFFIX)'; \
OUTTOP="$(DESTDIR)$(HTMLDIR)"; \
GENERATE="pod2html --podroot=$(SRCDIR)/doc --htmldir=.. \
@@ -2326,7 +4991,7 @@
$(PROCESS_PODS)
uninstall_html_docs:
-@@ -621,16 +643,13 @@ uninstall_html_docs:
+@@ -621,16 +668,13 @@ UNINSTALL_DOCS=\
update: generate errors ordinals
@@ -2345,7 +5010,7 @@
lint:
lint -DLINT $(INCLUDES) $(SRCS)
-@@ -652,18 +671,26 @@ generate_crypto_bn:
+@@ -652,18 +696,26 @@ generate: generate_apps generate_crypto_
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
generate_crypto_objects:
@@ -2375,7 +5040,7 @@
errors:
( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c )
( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write )
-@@ -690,7 +717,7 @@ tags TAGS: FORCE
+@@ -690,7 +742,7 @@ tags TAGS: FORCE
# Release targets (note: only available on Unix) #####################
@@ -2384,7 +5049,7 @@
PREPARE_CMD=:
tar:
TMPDIR=/var/tmp/openssl-copy.$$$$; \
-@@ -698,6 +725,7 @@ tar:
+@@ -698,6 +750,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0
mkdir -p $$TMPDIR/$$DISTDIR; \
(cd $(SRCDIR); \
git ls-tree -r --name-only --full-tree HEAD \
@@ -2392,7 +5057,16 @@
| while read F; do \
mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
cp $$F $$TMPDIR/$$DISTDIR/$$F; \
-@@ -772,11 +800,7 @@ openssl.pc:
+@@ -733,7 +786,7 @@ link-utils: $(BLDDIR)/util/opensslwrap.s
+
+ # Building targets ###################################################
+
+-libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS)
++libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { shlib_simple($_) } @{$unified_info{libraries}}) -}
+ libcrypto.pc:
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+@@ -772,11 +825,7 @@ libcrypto.pc libssl.pc openssl.pc: confi
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
@@ -2405,7 +5079,7 @@
@echo "Detected changed: $?"
@echo "Reconfiguring..."
$(SRCDIR)/Configure reconf
-@@ -807,19 +831,31 @@ configdata.pm: $(SRCDIR)/Configurations/unix-Makefile.tmpl $(SRCDIR)/Configurati
+@@ -807,19 +856,31 @@ configdata.pm: $(SRCDIR)/Configurations/
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -2421,16 +5095,16 @@
+ "util", "dofile.pl")),
+ rel2abs($config{builddir}));
+ return <<"EOF";
-+$args{src}: $args{generator}->[0] $deps
+ $args{src}: $args{generator}->[0] $deps
+- \$(PERL) $generator > \$@
+ \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+ "-o$target{build_file}" $generator > \$@
-+EOF
+ EOF
+ } else {
+ return <<"EOF";
- $args{src}: $args{generator}->[0] $deps
-- \$(PERL) $generator > \$@
++$args{src}: $args{generator}->[0] $deps
+ \$(PERL)$generator_incs $generator > \$@
- EOF
++EOF
+ }
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
@@ -2442,7 +5116,7 @@
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
-@@ -835,7 +871,9 @@ EOF
+@@ -835,7 +896,9 @@ EOF
$target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
$generator \$@.S; \\
@@ -2453,7 +5127,7 @@
EOF
}
# Otherwise....
-@@ -846,7 +884,8 @@ EOF
+@@ -846,7 +909,8 @@ EOF
}
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
@@ -2463,7 +5137,7 @@
EOF
}
}
-@@ -879,7 +918,7 @@ EOF
+@@ -879,7 +943,7 @@ EOF
if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$depext: $deps
@@ -2472,7 +5146,7 @@
>\$\@.tmp 2>/dev/null
-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' \$\@.tmp
\@if cmp \$\@.tmp \$\@ > /dev/null 2> /dev/null; then \\
-@@ -893,13 +932,13 @@ EOF
+@@ -893,13 +957,13 @@ EOF
if ($disabled{makedepend} || $makedepprog =~ /\/makedepend/) {
$recipe .= <<"EOF";
$obj$objext: $deps
@@ -2488,7 +5162,7 @@
\@touch $obj$depext.tmp
\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
rm -f $obj$depext.tmp; \\
-@@ -939,15 +978,15 @@ EOF
+@@ -939,15 +1003,15 @@ EOF
$target: $lib$libext $deps $ordinalsfile
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
@@ -2507,7 +5181,7 @@
link_shlib.$shlib_target
EOF
. (windowsdll() ? <<"EOF" : "");
-@@ -975,7 +1014,7 @@ EOF
+@@ -975,7 +1039,7 @@ EOF
$target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
@@ -2516,7 +5190,7 @@
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
-@@ -1012,7 +1051,7 @@ EOF
+@@ -1012,7 +1076,7 @@ EOF
$bin$exeext: $objs $deps
\$(RM) $bin$exeext
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
@@ -2525,7 +5199,7 @@
APPNAME=$bin$exeext OBJECTS="$objs" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
-@@ -1034,5 +1073,37 @@ $script: $sources
+@@ -1034,5 +1098,37 @@ EOF
chmod a+x $script
EOF
}
@@ -2563,11 +5237,18 @@
+ }
"" # Important! This becomes part of the template result.
-}
-diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
-index 0c043a0..fa430b6 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
-@@ -19,10 +19,14 @@
+@@ -11,6 +11,8 @@
+ our $shlibextimport = $target{shared_import_extension} || ".lib";
+ our $dsoext = $target{dso_extension} || ".dll";
+
++ our $sover = $config{shlib_major}."_".$config{shlib_minor};
++
+ my $win_installenv =
+ $target{build_scheme}->[2] eq "VC-W32" ?
+ "ProgramFiles(x86)" : "ProgramW6432";
+@@ -19,10 +21,14 @@
? "CommonProgramFiles(x86)" : "CommonProgramW6432";
our $win_installroot =
defined($ENV{$win_installenv})
@@ -2584,22 +5265,19 @@
sub shlib {
return () if $disabled{shared};
-@@ -56,45 +60,78 @@ SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+@@ -56,54 +62,93 @@ SHLIB_VERSION_NUMBER={- $config{shlib_ve
LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
+SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
+-PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{programs}}) -}
+-TESTPROGS={- join(" ", map { $_.$exeext } grep { m|^test\\| } @{$unified_info{programs}}) -}
+ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
- PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{programs}}) -}
-+PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{programs}}) -}
- TESTPROGS={- join(" ", map { $_.$exeext } grep { m|^test\\| } @{$unified_info{programs}}) -}
++PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
++PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
-+{- output_off() if $disabled{apps}; "" -}
-+BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
-+MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
-+{- output_on() if $disabled{apps}; "" -}
-
+-
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
@@ -2612,6 +5290,18 @@
+ map { @{$unified_info{sources}->{$_}} }
+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
+ ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
++
++INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
++INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
++INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -}
++INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
++INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -}
++INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
++INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
++{- output_off() if $disabled{apps}; "" -}
++BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
++MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
++{- output_on() if $disabled{apps}; "" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
@@ -2654,7 +5344,7 @@
+ # value appended as a subdirectory.
+ #
+ use File::Spec::Functions qw(:DEFAULT splitpath);
-+ my $openssldir =
++ our $openssldir =
+ $config{openssldir} ?
+ (file_name_is_absolute($config{openssldir}) ?
+ $config{openssldir}
@@ -2670,7 +5360,7 @@
- our $enginesdir = catdir($prefix,$libdir,"engines");
- $enginesdir -}
+ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
-+ my $enginesdir = catdir($prefix,$libdir,"engines");
++ our $enginesdir = catdir($prefix,$libdir,"engines-$sover");
+ our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
+ splitpath($enginesdir, 1);
+ $enginesdir_dev -}
@@ -2687,33 +5377,66 @@
CC={- $target{cc} -}
CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -}
-@@ -127,50 +164,68 @@ PROCESSOR= {- $config{processor} -}
+-COUTFLAG={- $target{coutflag} || "/Fo" -}
++COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY)
+ RC={- $target{rc} || "rc" -}
+-RCOUTFLAG={- $target{rcoutflag} || "/fo" -}
++RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY)
+ LD={- $target{ld} || "link" -}
+ LDFLAGS={- $target{lflags} -}
+-LDOUTFLAG={- $target{loutflag} || "/out:" -}
++LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY)
+ EX_LIBS={- $target{ex_libs} -}
+ LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -}
+ LIB_LDFLAGS={- $target{shared_ldflag} || "" -}
+@@ -116,61 +161,84 @@ PERL={- $config{perl} -}
+ AR={- $target{ar} -}
+ ARFLAGS= {- $target{arflags} -}
+-AROUTFLAG={- $target{aroutflag} || "/out:" -}
++AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY)
++
++MT={- $target{mt} -}
++MTFLAGS= {- $target{mtflags} -}
++MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY)
++MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
+
+ AS={- $target{as} -}
+ ASFLAGS={- $target{asflags} -}
+-ASOUTFLAG={- $target{asoutflag} -}
++ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
+ PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+ PROCESSOR= {- $config{processor} -}
+
# The main targets ###################################################
-all: configdata.pm build_libs_nodep build_engines_nodep build_apps_nodep depend
+all: build_generated \
-+ build_libs_nodep build_engines_nodep build_apps_nodep depend
++ build_libs_nodep build_engines_nodep build_programs_nodep depend
-build_libs: configdata.pm build_libs_nodep depend
+-build_libs_nodep: $(LIBS)
+-build_engines: configdata.pm build_engines_nodep depend
+build_libs: build_generated build_libs_nodep depend
- build_libs_nodep: $(LIBS)
--build_engines: configdata.pm build_engines_nodep depend
++build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
+build_engines: build_generated build_engines_nodep depend
build_engines_nodep: $(ENGINES)
-build_apps: configdata.pm build_apps_nodep depend
-+build_apps: build_generated build_apps_nodep depend
- build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
+-build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
-build_tests: configdata.pm build_tests_nodep depend
-+build_tests: build_generated build_tests_nodep depend
- build_tests_nodep: $(TESTPROGS)
+-build_tests_nodep: $(TESTPROGS)
++build_programs: build_generated build_programs_nodep depend
++build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
-test tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
+build_generated: $(GENERATED_MANDATORY)
+
++# Kept around for backward compatibility
++build_apps build_tests: build_programs
++
+test: tests
-+tests: build_generated \
-+ build_tests_nodep build_apps_nodep build_engines_nodep depend
++tests: build_generated build_programs_nodep build_engines_nodep depend
@rem {- output_off() if $disabled{tests}; "" -}
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
@@ -2758,7 +5481,7 @@
- del /Q /S /F *.exp
- del /Q /S /F engines\*.ilk
- del /Q /S /F engines\*.lib
-+ -del /Q /F $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
++ -del /Q /F $(PROGRAMS) $(ENGINES) $(SCRIPTS)
+ -del /Q /F $(GENERATED)
+ -del /Q /S /F *.d
+ -del /Q /S /F *.obj
@@ -2777,7 +5500,7 @@
depend:
-@@ -180,53 +235,77 @@ install_sw: all install_dev install_engines install_runtime
+@@ -180,53 +248,81 @@ install_sw: all install_dev install_engi
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -2810,12 +5533,16 @@
- @$(PERL) $(SRCDIR)\util\copy.pl $(LIBS) \
- "$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
++ @rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
++ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
++ "$(INSTALLTOP)\include\openssl"
++ @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
+ "$(INSTALLTOP)\include\openssl"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
+ "$(INSTALLTOP)\include\openssl"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(LIBS) \
++ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
+ "$(INSTALLTOP)\$(LIBDIR)"
+ @if "$(SHLIBS)"=="" \
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \
@@ -2830,9 +5557,9 @@
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINES) "$(ENGINESDIR)"
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
+ @if not "$(ENGINES)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINEPDBS) "$(ENGINESDIR)"
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
uninstall_engines:
@@ -2842,15 +5569,15 @@
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\bin"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
+ @if not "$(SHLIBS)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBS) "$(INSTALLTOP)\bin"
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
- @$(PERL) $(SRCDIR)\util\copy.pl $(PROGRAMS) "$(DESTDIR)$(INSTALLTOP)\bin"
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBPDBS) \
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
+ "$(INSTALLTOP)\bin"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(PROGRAMS) \
++ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
+ "$(INSTALLTOP)\bin"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(PROGRAMPDBS) \
++ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
+ "$(INSTALLTOP)\bin"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
+ "$(INSTALLTOP)\bin"
@@ -2874,7 +5601,7 @@
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
-@@ -250,18 +329,31 @@ configdata.pm: {- $config{build_file_template} -} $(SRCDIR)\Configure
+@@ -250,18 +346,31 @@ configdata.pm: {- $config{build_file_tem
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
@@ -2899,12 +5626,12 @@
+$target: "$args{generator}->[0]" $deps
+ "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+ "-o$target{build_file}" $generator > \$@
-+EOF
+ EOF
+ } else {
+ return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+ "\$(PERL)"$generator_incs $generator > \$@
- EOF
++EOF
+ }
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
@@ -2913,7 +5640,7 @@
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
-@@ -273,25 +365,23 @@ EOF
+@@ -273,25 +382,23 @@ EOF
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
@@ -2944,7 +5671,7 @@
EOF
}
}
-@@ -301,12 +391,12 @@ EOF
+@@ -301,12 +408,12 @@ EOF
my $obj = $args{obj};
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
@@ -2961,7 +5688,7 @@
}
}
my $ecflags = { lib => '$(LIB_CFLAGS)',
-@@ -322,20 +412,20 @@ EOF
+@@ -322,20 +429,20 @@ EOF
return <<"EOF" if (!$disabled{makedepend});
$obj$depext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
@@ -2985,7 +5712,7 @@
EOF
}
-@@ -362,18 +452,18 @@ EOF
+@@ -362,18 +469,21 @@ EOF
rel2abs($config{builddir}));
my $target = shlib_import($lib);
return <<"EOF"
@@ -2999,19 +5726,39 @@
- \$(PERL) $mkrc_pl $shlib$shlibext > $shlib.rc
+ "\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc
\$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc
++ IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
$objs $shlib.res$linklibs \$(EX_LIBS)
<<
- DEL /F apps\\$shlib$shlibext
- DEL /F test\\$shlib$shlibext
++ IF EXIST $shlib$shlibext.manifest \\
++ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
+ IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
+ IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
EOF
-@@ -413,7 +503,7 @@ EOF
+@@ -390,6 +500,7 @@ EOF
+ compute_lib_depends(@{$args{deps}}));
return <<"EOF";
+ $dso$dsoext: $deps
++ IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
+ \$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
+ LIBRARY $dso_n
+ EXPORTS
+@@ -398,6 +509,8 @@ EXPORTS
+ <<
+ $objs$linklibs \$(EX_LIBS)
+ <<
++ IF EXIST $dso$dsoext.manifest \\
++ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
+ EOF
+ }
+ sub obj2lib {
+@@ -413,7 +526,7 @@ EOF
+ return <<"EOF";
$lib$libext: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
-\$\?
@@ -3019,7 +5766,18 @@
<<
EOF
}
-@@ -436,15 +526,46 @@ EOF
+@@ -428,23 +541,57 @@ EOF
+ compute_lib_depends(@{$args{deps}}));
+ return <<"EOF";
+ $bin$exeext: $deps
++ IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
+ \$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
+ $objs setargv.obj$linklibs \$(EX_LIBS)
+ <<
++ IF EXIST $bin$exeext.manifest \\
++ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
+ EOF
+ }
sub in2script {
my %args = @_;
my $script = $args{script};
@@ -3068,8 +5826,6 @@
+ }
"" # Important! This becomes part of the template result.
-}
-diff --git a/Configure b/Configure
-index a7b9ed5..f8a6ec2 100755
--- a/Configure
+++ b/Configure
@@ -1,5 +1,11 @@
@@ -3092,7 +5848,7 @@
# see INSTALL for instructions.
-@@ -67,12 +74,12 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
+@@ -67,12 +74,12 @@ my $usage="Usage: Configure [no-<cipher>
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# Following are set automatically by this script
#
@@ -3109,7 +5865,7 @@
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
-@@ -80,7 +87,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
+@@ -80,7 +87,7 @@ my $usage="Usage: Configure [no-<cipher>
# DEBUG_UNUSED enables __owur (warn unused result) checks.
my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -DPEDANTIC complements -pedantic and is meant to mask code that
@@ -3136,7 +5892,7 @@
# chosen target and any target it inherits from.
sub resolve_config;
-@@ -172,6 +179,8 @@ my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
+@@ -172,6 +179,8 @@ my $srcdir = catdir(absolutedir(dirname(
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
@@ -3145,7 +5901,7 @@
$config{sourcedir} = abs2rel($srcdir);
$config{builddir} = abs2rel($blddir);
-@@ -202,10 +211,24 @@ die "erroneous version information in opensslv.h: ",
+@@ -202,10 +211,24 @@ die "erroneous version information in op
# Collect target configurations
my $pattern = catfile(dirname($0), "Configurations", "*.conf");
@@ -3180,7 +5936,7 @@
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
-@@ -238,12 +261,13 @@ $config{sdirs} = [
+@@ -238,12 +261,13 @@ my $default_ranlib;
my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
my @dtls = qw(dtls1 dtls1_2);
@@ -3268,7 +6024,7 @@
"dtls" => [ @dtls ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
-@@ -431,17 +463,6 @@ while ((my $first, my $second) = (shift @list, shift @list)) {
+@@ -431,17 +463,6 @@ while ((my $first, my $second) = (shift
# To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo".
@@ -3380,9 +6136,15 @@
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
-@@ -888,9 +915,13 @@ $config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
+@@ -886,11 +913,19 @@ my %target = resolve_config($target);
+ if $config{cross_compile_prefix} eq "";
+
# Allow overriding the names of some tools. USE WITH CARE
++# Note: only Unix cares about HASHBANGPERL... that explains
++# the default string.
$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl");
++$config{hashbangperl} =
++ $ENV{'HASHBANGPERL'} || $ENV{'PERL'} || "/usr/bin/env perl";
$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
-$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || which("ranlib") || "true";
+$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} ||
@@ -3395,7 +6157,7 @@
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
-@@ -904,22 +935,6 @@ $config{shared_ldflag} = "";
+@@ -904,22 +939,6 @@ my %target = resolve_config($target);
$target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY";
@@ -3418,7 +6180,7 @@
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-@@ -983,7 +998,7 @@ unless ($disabled{threads}) {
+@@ -983,7 +1002,7 @@ unless ($disabled{threads}) {
$disabled{threads} = "unavailable";
}
} else {
@@ -3427,7 +6189,7 @@
# if there's a chance that's possible
if ($target{thread_scheme} eq "(unknown)") {
# If the user asked for "threads" and we don't have internal
-@@ -1030,6 +1045,24 @@ if ($disabled{"dynamic-engine"}) {
+@@ -1030,6 +1049,24 @@ if ($disabled{"dynamic-engine"}) {
$config{dynamic_engines} = 1;
}
@@ -3452,7 +6214,7 @@
#
# Platform fix-ups
#
-@@ -1239,12 +1272,27 @@ my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
+@@ -1239,12 +1276,27 @@ my $buildinfo_debug = defined($ENV{CONFI
if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
@@ -3486,17 +6248,21 @@
$config{build_file_template} = $build_file_template;
use lib catdir(dirname(__FILE__),"util");
-@@ -1284,6 +1332,9 @@ if ($builder eq "unified") {
- }
-
- my @build_infos = ( [ ".", "build.info" ] );
-+ push @build_infos, [ "fuzz", "build.info.fuzz" ]
-+ unless $disabled{"fuzz-afl"} && $disabled{"fuzz-libfuzzer"};
-+
- foreach (@{$config{dirs}}) {
- push @build_infos, [ $_, "build.info" ]
- if (-f catfile($srcdir, $_, "build.info"));
-@@ -1334,6 +1385,7 @@ if ($builder eq "unified") {
+@@ -1308,9 +1360,13 @@ if ($builder eq "unified") {
+ my $f = $_->[1];
+ # The basic things we're trying to build
+ my @programs = ();
++ my @programs_install = ();
+ my @libraries = ();
++ my @libraries_install = ();
+ my @engines = ();
++ my @engines_install = ();
+ my @scripts = ();
++ my @scripts_install = ();
+ my @extra = ();
+ my @overrides = ();
+ my @intermediates = ();
+@@ -1334,6 +1390,7 @@ if ($builder eq "unified") {
$template->fill_in(HASH => { config => \%config,
target => \%target,
disabled => \%disabled,
@@ -3504,25 +6270,58 @@
builddir => abs2rel($buildd, $blddir),
sourcedir => abs2rel($sourced, $blddir),
buildtop => abs2rel($blddir, $blddir),
-@@ -1374,47 +1426,47 @@ if ($builder eq "unified") {
+@@ -1373,48 +1430,72 @@ if ($builder eq "unified") {
+ qr/^\s*ENDIF\s*$/
=> sub { die "ENDIF out of scope" if ! @skip;
pop @skip; },
- qr/^\s*PROGRAMS\s*=\s*(.*)\s*$/
+- qr/^\s*PROGRAMS\s*=\s*(.*)\s*$/
- => sub { push @programs, split(/\s+/, $1)
-+ => sub { push @programs, tokenize($1)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*LIBS\s*=\s*(.*)\s*$/
+- if !@skip || $skip[$#skip] > 0 },
+- qr/^\s*LIBS\s*=\s*(.*)\s*$/
- => sub { push @libraries, split(/\s+/, $1)
-+ => sub { push @libraries, tokenize($1)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*ENGINES\s*=\s*(.*)\s*$/
+- if !@skip || $skip[$#skip] > 0 },
+- qr/^\s*ENGINES\s*=\s*(.*)\s*$/
- => sub { push @engines, split(/\s+/, $1)
-+ => sub { push @engines, tokenize($1)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*SCRIPTS\s*=\s*(.*)\s*$/
+- if !@skip || $skip[$#skip] > 0 },
+- qr/^\s*SCRIPTS\s*=\s*(.*)\s*$/
- => sub { push @scripts, split(/\s+/, $1)
-+ => sub { push @scripts, tokenize($1)
- if !@skip || $skip[$#skip] > 0 },
+- if !@skip || $skip[$#skip] > 0 },
++ qr/^\s*PROGRAMS(_NO_INST)?\s*=\s*(.*)\s*$/
++ => sub {
++ if (!@skip || $skip[$#skip] > 0) {
++ my $install = $1;
++ my @x = tokenize($2);
++ push @programs, @x;
++ push @programs_install, @x unless $install;
++ }
++ },
++ qr/^\s*LIBS(_NO_INST)?\s*=\s*(.*)\s*$/
++ => sub {
++ if (!@skip || $skip[$#skip] > 0) {
++ my $install = $1;
++ my @x = tokenize($2);
++ push @libraries, @x;
++ push @libraries_install, @x unless $install;
++ }
++ },
++ qr/^\s*ENGINES(_NO_INST)?\s*=\s*(.*)\s*$/
++ => sub {
++ if (!@skip || $skip[$#skip] > 0) {
++ my $install = $1;
++ my @x = tokenize($2);
++ push @engines, @x;
++ push @engines_install, @x unless $install;
++ }
++ },
++ qr/^\s*SCRIPTS(_NO_INST)?\s*=\s*(.*)\s*$/
++ => sub {
++ if (!@skip || $skip[$#skip] > 0) {
++ my $install = $1;
++ my @x = tokenize($2);
++ push @scripts, @x;
++ push @scripts_install, @x unless $install;
++ }
++ },
qr/^\s*EXTRA\s*=\s*(.*)\s*$/
- => sub { push @extra, split(/\s+/, $1)
+ => sub { push @extra, tokenize($1)
@@ -3566,8 +6365,68 @@
if !@skip || $skip[$#skip] > 0 },
qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
=> sub {
-@@ -1628,9 +1680,15 @@ EOF
+@@ -1470,6 +1551,14 @@ if ($builder eq "unified") {
+ $unified_info{programs}->{$program} = 1;
+ }
++ foreach (@programs_install) {
++ my $program = cleanfile($buildd, $_, $blddir);
++ if ($unified_info{rename}->{$program}) {
++ $program = $unified_info{rename}->{$program};
++ }
++ $unified_info{install}->{programs}->{$program} = 1;
++ }
++
+ foreach (@libraries) {
+ my $library = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$library}) {
+@@ -1478,6 +1567,14 @@ if ($builder eq "unified") {
+ $unified_info{libraries}->{$library} = 1;
+ }
+
++ foreach (@libraries_install) {
++ my $library = cleanfile($buildd, $_, $blddir);
++ if ($unified_info{rename}->{$library}) {
++ $library = $unified_info{rename}->{$library};
++ }
++ $unified_info{install}->{libraries}->{$library} = 1;
++ }
++
+ die <<"EOF" if scalar @engines and !$config{dynamic_engines};
+ ENGINES can only be used if configured with 'dynamic-engine'.
+ This is usually a fault in a build.info file.
+@@ -1490,6 +1587,14 @@ EOF
+ $unified_info{engines}->{$library} = 1;
+ }
+
++ foreach (@engines_install) {
++ my $library = cleanfile($buildd, $_, $blddir);
++ if ($unified_info{rename}->{$library}) {
++ $library = $unified_info{rename}->{$library};
++ }
++ $unified_info{install}->{engines}->{$library} = 1;
++ }
++
+ foreach (@scripts) {
+ my $script = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$script}) {
+@@ -1498,6 +1603,14 @@ EOF
+ $unified_info{scripts}->{$script} = 1;
+ }
+
++ foreach (@scripts_install) {
++ my $script = cleanfile($buildd, $_, $blddir);
++ if ($unified_info{rename}->{$script}) {
++ $script = $unified_info{rename}->{$script};
++ }
++ $unified_info{install}->{scripts}->{$script} = 1;
++ }
++
+ foreach (@extra) {
+ my $extra = cleanfile($buildd, $_, $blddir);
+ $unified_info{extra}->{$extra} = 1;
+@@ -1628,9 +1741,15 @@ EOF
+
foreach (keys %depends) {
my $dest = $_;
- my $ddest = cleanfile($buildd, $_, $blddir);
@@ -3585,7 +6444,7 @@
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
-@@ -1643,7 +1701,7 @@ EOF
+@@ -1643,7 +1762,7 @@ EOF
if (! -f $d
|| (grep { $d eq $_ }
map { cleanfile($srcdir, $_, $blddir) }
@@ -3594,7 +6453,7 @@
$d = cleanfile($buildd, $_, $blddir);
}
# Take note if the file to depend on is being renamed
-@@ -1651,26 +1709,35 @@ EOF
+@@ -1651,26 +1770,35 @@ EOF
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
@@ -3641,7 +6500,14 @@
}
}
}
-@@ -1687,6 +1754,22 @@ EOF
+@@ -1681,12 +1809,28 @@ EOF
+ $unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
+ }
+ # Two level structures
+- foreach my $l1 (("sources", "shared_sources", "ldadd", "depends")) {
++ foreach my $l1 (("install", "sources", "shared_sources", "ldadd", "depends")) {
+ foreach my $l2 (sort keys %{$unified_info{$l1}}) {
+ $unified_info{$l1}->{$l2} =
[ sort keys %{$unified_info{$l1}->{$l2}} ];
}
}
@@ -3664,7 +6530,7 @@
}
# For the schemes that need it, we provide the old *_obj configs
-@@ -1823,7 +1906,7 @@ print OUT "1;\n";
+@@ -1823,7 +1967,7 @@ print OUT "1;\n";
close(OUT);
@@ -3673,7 +6539,7 @@
print "CFLAG =$target{cflags} $config{cflags}\n";
print "SHARED_CFLAG =$target{shared_cflag}\n";
print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
-@@ -1851,7 +1934,9 @@ print "CHACHA_ENC =$target{chacha_obj}\n";
+@@ -1851,7 +1995,9 @@ print "CHACHA_ENC =$target{chacha_obj
print "POLY1305_OBJ =$target{poly1305_obj}\n";
print "BLAKE2_OBJ =$target{blake2_obj}\n";
print "PROCESSOR =$config{processor}\n";
@@ -3684,7 +6550,7 @@
print "ARFLAGS =$target{arflags}\n";
print "PERL =$config{perl}\n";
print "\n";
-@@ -1861,59 +1946,12 @@ print "THIRTY_TWO_BIT mode\n" if $config{b32};
+@@ -1861,59 +2007,12 @@ print "THIRTY_TWO_BIT mode\n" if $config
print "BN_LLONG mode\n" if $config{bn_ll};
print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int;
@@ -3744,7 +6610,7 @@
);
$builders{$builder}->($builder_platform, @builder_opts);
-@@ -1939,6 +1977,14 @@ or position independent code, please let us know (but please first make sure
+@@ -1939,6 +2038,14 @@ or position independent code, please let
you have tried with a current version of OpenSSL).
EOF
@@ -3759,7 +6625,7 @@
exit(0);
######################################################################
-@@ -2104,8 +2150,8 @@ sub read_config {
+@@ -2104,8 +2211,8 @@ sub read_config {
}
@@ -3770,7 +6636,7 @@
# recursively
sub resolve_config {
my $target = shift;
-@@ -2158,7 +2204,7 @@ sub resolve_config {
+@@ -2158,7 +2265,7 @@ sub resolve_config {
# - If a value is a coderef, it will be executed with the list of
# inherited values as arguments.
# - If the corresponding key doesn't have a value at all or is the
@@ -3779,7 +6645,7 @@
# default combiner (below), and the result becomes this target's
# value.
# - Otherwise, this target's value is assumed to be a string that
-@@ -2266,13 +2312,34 @@ sub run_dofile
+@@ -2266,13 +2373,34 @@ sub run_dofile
foreach (@templates) {
die "Can't open $_, $!" unless -f $_;
}
@@ -3815,7 +6681,7 @@
# Configuration printer ##############################################
sub print_table_entry
-@@ -2400,22 +2467,6 @@ sub absolutedir {
+@@ -2400,22 +2528,6 @@ sub absolutedir {
return realpath($dir);
}
@@ -3838,7 +6704,7 @@
sub quotify {
my %processors = (
perl => sub { my $x = shift;
-@@ -2519,3 +2570,41 @@ sub collect_information {
+@@ -2519,3 +2631,41 @@ sub collect_information {
}
}
}
@@ -3880,8 +6746,6 @@
+ }
+ return @result;
+}
-diff --git a/INSTALL b/INSTALL
-index 2e06aa7..29db22e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,16 +2,15 @@
@@ -3917,7 +6781,7 @@
Quick Start
-----------
-@@ -77,13 +77,28 @@
+@@ -77,13 +77,43 @@
--openssldir depend in what configuration is used and what Windows
implementation OpenSSL is built on. More notes on this in NOTES.WIN):
@@ -3935,10 +6799,25 @@
- OpenVMS: SYS$COMMON:[OPENSSL-'version']
+ --cross-compile-prefix=PREFIX
+ The PREFIX to include in front of commands for your
-+ toolchain. For example to build the mingw64 target on Linux
-+ you might use "--cross-compile-prefix=x86_64-w64-mingw32-".
-+ If the compiler is gcc, then this will attempt to run
-+ x86_64-w64-mingw32-gcc when compiling.
++ toolchain. It's likely to have to end with dash, e.g.
++ a-b-c- would invoke GNU compiler as a-b-c-gcc, etc.
++ Unfortunately cross-compiling is too case-specific to
++ put together one-size-fits-all instructions. You might
++ have to pass more flags or set up environment variables
++ to actually make it work. Android and iOS cases are
++ discussed in corresponding Configurations/10-main.cf
++ sections. But there are cases when this option alone is
++ sufficient. For example to build the mingw64 target on
++ Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
++ works. Naturally provided that mingw packages are
++ installed. Today Debian and Ubuntu users have option to
++ install a number of prepackaged cross-compilers along
++ with corresponding run-time and development packages for
++ "alien" hardware. To give another example
++ "--cross-compile-prefix=mipsel-linux-gnu-" suffices
++ in such case. Needless to mention that you have to
++ invoke ./Configure, not ./config, and pass your target
++ name explicitly.
+
+ --debug
+ Build OpenSSL with debugging symbols.
@@ -3952,7 +6831,7 @@
--openssldir=DIR
Directory for OpenSSL configuration files, and also the
-@@ -94,16 +109,54 @@
+@@ -94,16 +124,54 @@
or C:\Program Files (x86)\Common Files\SSL
OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
@@ -4012,7 +6891,7 @@
no-asm
Do not use assembler code. On some platforms a small amount
of assembler code may still be used.
-@@ -147,6 +200,13 @@
+@@ -147,6 +215,13 @@
enable-crypto-mdebug-backtrace
As for crypto-mdebug, but additionally provide backtrace
information for allocated memory.
@@ -4026,7 +6905,7 @@
no-ct
Don't build support for Certificate Transparency.
-@@ -192,6 +252,12 @@
+@@ -192,6 +267,12 @@
Don't compile in filename and line number information (e.g.
for errors and memory allocation).
@@ -4039,7 +6918,7 @@
no-gost
Don't build support for GOST based ciphersuites. Note that
if this feature is enabled then GOST ciphersuites are only
-@@ -234,9 +300,6 @@
+@@ -234,9 +315,6 @@
Don't build support for RFC3779 ("X.509 Extensions for IP
Addresses and AS Identifiers")
@@ -4049,7 +6928,7 @@
sctp
Build support for SCTP
-@@ -263,7 +326,7 @@
+@@ -263,7 +341,7 @@
"illegal instruction" exception. There might be a way
to enable support in kernel, e.g. FreeBSD kernel can be
compiled with CPU_ENABLE_SSE, and there is a way to
@@ -4058,7 +6937,7 @@
but if you aim for wider "audience" running such kernel,
consider no-sse2. Both the 386 and no-asm options imply
no-sse2.
-@@ -297,6 +360,14 @@
+@@ -297,6 +375,14 @@
no-ts
Don't build Time Stamping Authority support.
@@ -4073,7 +6952,7 @@
no-ui
Don't build with the "UI" capability (i.e. the set of
features enabling text based prompts).
-@@ -415,10 +486,10 @@
+@@ -415,10 +501,10 @@
The generic configurations "cc" or "gcc" should usually work on 32 bit
Unix-like systems.
@@ -4088,7 +6967,7 @@
1c. Configure OpenSSL for building outside of the source tree.
-@@ -471,9 +542,12 @@
+@@ -471,9 +557,12 @@
If the build fails, look at the output. There may be reasons for
the failure that aren't problems in OpenSSL itself (like missing
@@ -4104,7 +6983,7 @@
https://www.openssl.org/community/index.html#bugs and will be
forwarded to a public mailing list). Please check out the request
tracker. Maybe the bug was already reported or has already been
-@@ -491,18 +565,19 @@
+@@ -491,18 +580,19 @@
$ mms test ! OpenVMS
$ nmake test # Windows
@@ -4129,7 +7008,7 @@
If you want to run just one or a few specific tests, you can use
the make variable TESTS to specify them, like this:
-@@ -513,7 +588,7 @@
+@@ -513,7 +603,7 @@
And of course, you can combine (Unix example shown):
@@ -4138,7 +7017,7 @@
You can find the list of available tests like this:
-@@ -528,12 +603,13 @@
+@@ -528,12 +618,13 @@
compiler optimization flags from the CFLAGS line in Makefile and
run "make clean; make" or corresponding.
@@ -4153,7 +7032,7 @@
This will install all the software components in this directory
tree under PREFIX (the directory given with --prefix or its
-@@ -595,7 +671,7 @@
+@@ -595,7 +686,7 @@
* COMPILING existing applications
@@ -4162,7 +7041,7 @@
open. This includes all internal libssl structures and a number
of EVP types. Accessor functions have been added to allow
controlled access to the structures' data.
-@@ -607,11 +683,108 @@
+@@ -607,11 +698,115 @@
provided accessor functions where you would previously access a
structure's field directly.
@@ -4207,8 +7086,15 @@
+ variable can be set to the directory where these files are held.
+
+ PERL
-+ The name of the Perl executable to use.
++ The name of the Perl executable to use when building OpenSSL.
+
++ HASHBANGPERL
++ The command string for the Perl executable to insert in the
++ #! line of perl scripts that will be publically installed.
++ Default: /usr/bin/env perl
++ Note: the value of this variable is added to the same scripts
++ on all platforms, but it's only relevant on Unix-like platforms.
++
+ RC
+ The name of the rc executable to use. The default will be as
+ defined for the target platform in the ".conf" file. If not
@@ -4273,7 +7159,7 @@
Note on multi-threading
-----------------------
-@@ -652,7 +825,7 @@
+@@ -652,7 +847,7 @@
internal PRNG. If not properly seeded, the internal PRNG will refuse
to deliver random bytes and a "PRNG not seeded error" will occur.
On systems without /dev/urandom (or similar) device, it may be necessary
@@ -4282,9 +7168,6 @@
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
and the FAQ for more information.
-diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP
-deleted file mode 100644
-index e1ec676..0000000
--- a/INSTALL.DJGPP
+++ /dev/null
@@ -1,48 +0,0 @@
@@ -4336,9 +7219,6 @@
- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
- obtained from "http://www.rahul.net/dkaufman/index.html".
-diff --git a/INSTALL.WCE b/INSTALL.WCE
-deleted file mode 100644
-index fe1431a..0000000
--- a/INSTALL.WCE
+++ /dev/null
@@ -1,93 +0,0 @@
@@ -4435,8 +7315,6 @@
- look similar to the output produced by running the tests for a regular Windows
- build.
-
-diff --git a/LICENSE b/LICENSE
-index fb03713..c6cc098 100644
--- a/LICENSE
+++ b/LICENSE
@@ -4,9 +4,7 @@
@@ -4450,9 +7328,6 @@
OpenSSL License
---------------
-diff --git a/Makefile.in b/Makefile.in
-deleted file mode 100644
-index baaaf84..0000000
--- a/Makefile.in
+++ /dev/null
@@ -1,798 +0,0 @@
@@ -5254,8 +8129,6 @@
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/Makefile.shared b/Makefile.shared
-index 65980b2..d856180 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -14,6 +14,7 @@ CFLAGS=$(CFLAG)
@@ -5266,7 +8139,7 @@
# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
# or Mingw.
SHARED_RCFLAGS=$(SHARED_RCFLAG)
-@@ -278,9 +279,9 @@ link_shlib.cygwin:
+@@ -278,9 +279,9 @@ link_app.darwin: # is there run-path on
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
@@ -5278,7 +8151,7 @@
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \
-@@ -306,9 +307,9 @@ link_shlib.mingw:
+@@ -306,9 +307,9 @@ link_app.darwin: # is there run-path on
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
@@ -5290,7 +8163,7 @@
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \
-@@ -561,11 +562,11 @@ symlink.hpux:
+@@ -561,11 +562,11 @@ symlink.gnu symlink.solaris symlink.svr3
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
@@ -5306,8 +8179,6 @@
link_dso.bsd-shared: link_dso.bsd
link_shlib.bsd-shared: link_shlib.bsd
link_app.bsd-shared: link_app.bsd
-diff --git a/NEWS b/NEWS
-index 90336bc..a6ac0eb 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,9 @@
@@ -5361,9 +8232,6 @@
argument form 'enable-xxx'.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
-diff --git a/NOTES.DJGPP b/NOTES.DJGPP
-new file mode 100644
-index 0000000..bbe63dc
--- /dev/null
+++ b/NOTES.DJGPP
@@ -0,0 +1,48 @@
@@ -5415,9 +8283,6 @@
+ As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
+ party "randomness" DOS driver. One such driver, NOISE.SYS, can be
+ obtained from "http://www.rahul.net/dkaufman/index.html".
-diff --git a/NOTES.PERL b/NOTES.PERL
-new file mode 100644
-index 0000000..46d585a
--- /dev/null
+++ b/NOTES.PERL
@@ -0,0 +1,119 @@
@@ -5540,8 +8405,6 @@
+ and:
+
+ $ cpan -f -i "Text::Template"
-diff --git a/NOTES.WIN b/NOTES.WIN
-index 1c10b75..3a149fa 100644
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -2,15 +2,16 @@
@@ -5630,8 +8493,6 @@
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
-diff --git a/README b/README
-index 5773613..7e623a1 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
@@ -5721,9 +8582,6 @@
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
-diff --git a/README.PERL b/README.PERL
-deleted file mode 100644
-index 184b377..0000000
--- a/README.PERL
+++ /dev/null
@@ -1,118 +0,0 @@
@@ -5845,8 +8703,6 @@
- and:
-
- $ cpan -f -i "Text::Template"
-diff --git a/VMS/VMSify-conf.pl b/VMS/VMSify-conf.pl
-index 9890362..21eff11 100644
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -1,4 +1,11 @@
@@ -5862,75 +8718,269 @@
use strict;
use warnings;
-diff --git a/VMS/openssl_shutdown.com.in b/VMS/openssl_shutdown.com.in
-index 236979e..5385362 100644
+--- /dev/null
++++ b/VMS/openssl_ivp.com.in
+@@ -0,0 +1,40 @@
++$ ! OpenSSL Internal Verification Procedure
++$ !
++$ ! This script checks the consistency of a OpenSSL installation
++$ ! It had better be spawned, as it creates process logicals
++$
++$ ! Generated information
++$ INSTALLTOP := {- $config{INSTALLTOP} -}
++$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
++$
++$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
++$ ! can use to call the startup procedure
++$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
++ - ".][000000" - "[000000." - "][" - "]A.;" + "."
++$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
++ - ".][000000" - "[000000." - "][" - "]A.;" + "."
++$
++$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
++$ pz := {- $config{pointer_size} -}
++$
++$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
++$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
++$
++$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
++ .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" -
++ .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
++ .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" -
++ .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
++ .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
++ .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
++$ THEN
++$ WRITE SYS$ERROR "Installation inconsistent"
++$ EXIT %x00018292 ! RMS$_FNF, file not found
++$ ENDIF
++$
++$ ! If something else is wrong with the installation, we're likely
++$ ! to get an image activation error here
++$ openssl version -a
++$
++$ WRITE SYS$ERROR "OpenSSL IVP passed"
++$ EXIT %x10000001
--- a/VMS/openssl_shutdown.com.in
+++ b/VMS/openssl_shutdown.com.in
-@@ -39,9 +39,7 @@ $ DEAS OSSL$LIB'v'
- $ DEAS OSSL$SHARE'v'
- $ DEAS OSSL$ENGINES'v'
- $ DEAS OSSL$EXE'v'
+@@ -24,36 +24,29 @@
+ $ IF arch .EQS. "" THEN GOTO unknown_arch
+ $ ENDIF
+ $
+-$ ! Generated information
+-$ VERSION := {- $config{version} -}
+-$ INSTALLTOP := {- $config{INSTALLTOP} -}
+-$ POINTER_SIZE = {- $config{pointersize} -}
+-$
+ $ ! Abbrevs
+ $ DEAS := DEASSIGN /NOLOG 'P1'
+-$ v = VERSION - "." - "."
++$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
++$ pz := {- $config{pointer_size} -}
++$
++$ DEAS OSSL$DATAROOT
++$ DEAS OSSL$INSTROOT
++$ DEAS OSSL$INCLUDE
++$ DEAS OSSL$LIB
++$ DEAS OSSL$SHARE
++$ DEAS OSSL$ENGINES'sv'
++$ DEAS OSSL$EXE
++$ DEAS OSSL$LIBCRYPTO'pz'
++$ DEAS OSSL$LIBSSL'pz'
++$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
++$ DEAS OSSL$LIBSSL'sv'_SHR'pz'
++$ DEAS OPENSSL
+ $
+-$ DEAS OSSL$ROOT'v'
+-$ DEAS OSSL$INCLUDE'v'
+-$ DEAS OSSL$LIB'v'
+-$ DEAS OSSL$SHARE'v'
+-$ DEAS OSSL$ENGINES'v'
+-$ DEAS OSSL$EXE'v'
-$ {- output_off() if $disabled{shared} -}
-$ {- join("\n\$ ", map { "DEAS $_'v'" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
-$ {- output_on() -}
-+$ {- join("\n\$ ", map { my $x = uc $_; "DEAS ${x}'v'" } @{$config{shared_libs}}) -}
$ IF P2 .NES. "NOALIASES"
$ THEN
- $ DEAS OSSL$ROOT
-@@ -51,9 +49,7 @@ $ DEAS OSSL$SHARE
+-$ DEAS OSSL$ROOT
+-$ DEAS OSSL$INCLUDE
+-$ DEAS OSSL$LIB
+-$ DEAS OSSL$SHARE
$ DEAS OSSL$ENGINES
- $ DEAS OSSL$EXE
- $ DEAS OPENSSL
+-$ DEAS OSSL$EXE
+-$ DEAS OPENSSL
-$ {- output_off() if $disabled{shared} -}
-$ {- join("\n\$ ", map { "DEAS $_" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
-$ {- output_on() -}
-+$ {- join("\n\$ ", map { my $x = uc $_; "DEAS ${x}" } @{$config{shared_libs}}) -}
++$ DEAS OSSL$LIBCRYPTO_SHR'pz'
++$ DEAS OSSL$LIBSSL_SHR'pz'
$ ENDIF
$
$ EXIT 'status'
-diff --git a/VMS/openssl_startup.com.in b/VMS/openssl_startup.com.in
-index caad022..e5043b5 100644
--- a/VMS/openssl_startup.com.in
+++ b/VMS/openssl_startup.com.in
-@@ -90,9 +90,7 @@ $ DEF OSSL$LIB'v' OSSL$INSTROOT:[LIB.'arch']
- $ DEF OSSL$SHARE'v' OSSL$INSTROOT:[LIB.'arch']
- $ DEF OSSL$ENGINES'v' OSSL$INSTROOT:[ENGINES.'arch']
- $ DEF OSSL$EXE'v' OSSL$INSTROOT:[EXE.'arch']
+@@ -6,26 +6,33 @@
+ $ !
+ $ ! The logical names created are:
+ $ !
+-$ ! OSSL$ROOTnnn Installation root
+-$ ! OSSL$EXEnnn Where the executables are located
+-$ ! OSSL$LIBnnn Where the library files are located
+-$ ! OSSL$SHAREnnn Where the sahreable images are located
+-$ ! OSSL$INCLUDEnnn Include directory root
+-$ ! OSSL$ENGINESnnn Where the sahreable images are located
++$ ! OSSL$INSTROOT Installation root
++$ ! OSSL$DATAROOT Data root (common directory
++$ ! for certs etc)
++$ ! OSSL$INCLUDE Include directory root
++$ ! OSSL$LIB Where the static library files
++$ ! are located
++$ ! OSSL$SHARE Where the shareable image files
++$ ! are located
++$ ! OSSL$EXE Where the executables are located
++$ ! OSSL$ENGINESnnn Where the shareable images are located
++$ ! OSSL$LIBCRYPTO The static crypto library
++$ ! OSSL$LIBSSL The static ssl library
++$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image
++$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image
++$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
+ $ !
+ $ ! In all these, nnn is the OpenSSL version number. This allows
+-$ ! several OpenSSL versions to be installed simultaneously.
++$ ! several OpenSSL versions to be installed simultaneously, which
++$ ! matters for applications that are linked to the shareable images
++$ ! or that depend on engines.
+ $ !
+ $ ! In addition, unless P2 is "NOALIASES", these logical names are
+ $ ! created:
+ $ !
+-$ ! OSSL$ROOT Alias for OSSL$ROOTnnn
+-$ ! OSSL$EXE Alias for OSSL$EXEnnn
+-$ ! OSSL$LIB Alias for OSSL$LIBnnn
+-$ ! OSSL$SHARE Alias for OSSL$SHAREnnn
+-$ ! OSSL$INCLUDE Alias for OSSL$INCLUDEnnn
+-$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
+-$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
++$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
++$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR
++$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR
+ $ !
+ $ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when
+ $ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
+@@ -51,19 +58,18 @@
+ $ ENDIF
+ $
+ $ ! Generated information
+-$ VERSION := {- $config{version} -}
+ $ INSTALLTOP := {- $config{INSTALLTOP} -}
+ $ OPENSSLDIR := {- $config{OPENSSLDIR} -}
+-$ POINTER_SIZE := {- $config{pointersize} -}
+ $
+ $ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
+ $ ! can build concealed logical names on
+ $ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
+- - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
++ - ".][000000" - "[000000." - "][" - "]A.;" + "."
+ $ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
+- - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+-$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_'
+-$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_'
++ - ".][000000" - "[000000." - "][" - "]A.;" + "."
++$
++$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
++$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
+ $
+ $ ! Check that things are in place, and specifically, the stuff
+ $ ! belonging to this architecture
+@@ -82,36 +88,32 @@
+ $ ! Abbrevs
+ $ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
+ $ DEF := DEFINE /NOLOG 'P1'
+-$ v = VERSION - "." - "."
++$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
++$ pz := {- $config{pointer_size} -}
++$
++$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
++$ DEFT OSSL$INSTROOT 'INSTALLTOP_']
++$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.]
++$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch']
++$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch']
++$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
++$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],-
++ OSSL$INSTROOT:[EXE]
++$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
++$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB
++$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
++$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
++$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
+ $
+-$ DEFT OSSL$INSTROOT'v' 'INSTALLTOP_'
+-$ DEFT OSSL$INCLUDE'v' OSSL$INSTROOT:[INCLUDE.]
+-$ DEF OSSL$LIB'v' OSSL$INSTROOT:[LIB.'arch']
+-$ DEF OSSL$SHARE'v' OSSL$INSTROOT:[LIB.'arch']
+-$ DEF OSSL$ENGINES'v' OSSL$INSTROOT:[ENGINES.'arch']
+-$ DEF OSSL$EXE'v' OSSL$INSTROOT:[EXE.'arch']
-$ {- output_off() if $disabled{shared} -}
-$ {- join("\n\$ ", map { "DEF $_'v' OSSL\$SHARE:$_" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
-$ {- output_on() -}
-+$ {- join("\n\$ ", map { my $x = uc $_; "DEF ${x}'v' OSSL\$SHARE:${x}" } @{$config{shared_libs}}) -}
$ IF P2 .NES. "NOALIASES"
$ THEN
- $ DEF OSSL$INSTROOT OSSL$INSTROOT'v'
-@@ -102,9 +100,7 @@ $ DEF OSSL$SHARE OSSL$SHARE'v'
- $ DEF OSSL$ENGINES OSSL$ENGINES'v'
- $ DEF OSSL$EXE OSSL$EXE'v'
- $ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
+-$ DEF OSSL$INSTROOT OSSL$INSTROOT'v'
+-$ DEF OSSL$INCLUDE OSSL$INCLUDE'v'
+-$ DEF OSSL$LIB OSSL$LIB'v'
+-$ DEF OSSL$SHARE OSSL$SHARE'v'
+-$ DEF OSSL$ENGINES OSSL$ENGINES'v'
+-$ DEF OSSL$EXE OSSL$EXE'v'
+-$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
-$ {- output_off() if $disabled{shared} -}
-$ {- join("\n\$ ", map { "DEF $_ $_'v'" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
-$ {- output_on() -}
-+$ {- join("\n\$ ", map { my $x = uc $_; "DEF ${x} ${x}'v'" } @{$config{shared_libs}}) -}
++$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz'
++$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz'
++$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz'
$ ENDIF
$
- $ DEFT OSSL$DATAROOT 'OPENSSLDIR_'
-diff --git a/VMS/openssl_utils.com b/VMS/openssl_utils.com
-index b9dea72..09c75d9 100644
+-$ DEFT OSSL$DATAROOT 'OPENSSLDIR_'
+-$ DEF OSSL$CERTS OSSL$DATAROOT:[CERTS]
+-$ DEF OSSL$PRIVATE OSSL$DATAROOT:[PRIVATE]
+-$
+ $ bailout:
+ $ DEASSIGN WRK_INSTALLTOP
++$ DEASSIGN WRK_OPENSSLDIR
+ $
+ $ EXIT 'status'
--- a/VMS/openssl_utils.com
-+++ b/VMS/openssl_utils.com
-@@ -5,8 +5,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL
- $
- $ IF F$SYMBOL(PERL) .EQS. "STRING"
- $ THEN
++++ /dev/null
+@@ -1,12 +0,0 @@
+-$ ! OpenSSL utilities
+-$ !
+-$
+-$ OPENSSL :== $OSSL$EXE:OPENSSL
+-$
+-$ IF F$SYMBOL(PERL) .EQS. "STRING"
+-$ THEN
-$ OSSLCA :== 'PERL' OSSL$EXE:CA.pl
-$ OSSLREHASH :== 'PERL' OSSL$EXE:c_rehash.pl
+-$ ELSE
+-$ WRITE SYS$ERROR "NOTE: no perl => no OSSLCA or OSSLREHASH"
+-$ ENDIF
+--- /dev/null
++++ b/VMS/openssl_utils.com.in
+@@ -0,0 +1,14 @@
++$ ! OpenSSL utilities
++$ !
++$
++$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
++$
++$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v'
++$ OPENSSL :== $OSSL$EXE:OPENSSL'v'
++$
++$ IF F$TYPE(PERL) .EQS. "STRING"
++$ THEN
+$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
- $ ELSE
--$ WRITE SYS$ERROR "NOTE: no perl => no OSSLCA or OSSLREHASH"
++$ ELSE
+$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
- $ ENDIF
-diff --git a/VMS/translatesyms.pl b/VMS/translatesyms.pl
-index de3db6c..f61d954 100644
++$ ENDIF
--- a/VMS/translatesyms.pl
+++ b/VMS/translatesyms.pl
@@ -1,4 +1,11 @@
@@ -5946,12 +8996,11 @@
# This script will translate any SYMBOL_VECTOR item that has a translation
# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
-diff --git a/apps/CA.pl.in b/apps/CA.pl.in
-index f5e8e4a..0dec24c 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -1,4 +1,11 @@
- #!{- $config{perl} -}
+-#!{- $config{perl} -}
++#!{- $config{hashbangperl} -}
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
@@ -5989,9 +9038,6 @@
print STDERR " CA -pkcs12 [certname]\n";
print STDERR " CA -crl|-revoke cert-filename [reason]\n";
exit 0;
-diff --git a/apps/Makefile.in b/apps/Makefile.in
-deleted file mode 100644
-index d2ec0c7..0000000
--- a/apps/Makefile.in
+++ /dev/null
@@ -1,159 +0,0 @@
@@ -6154,8 +9200,6 @@
-
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/apps/app_rand.c b/apps/app_rand.c
-index a6805d4..0d44af9 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -1,111 +1,10 @@
@@ -6276,7 +9320,7 @@
*/
#include "apps.h"
-@@ -120,10 +19,6 @@ int app_RAND_load_file(const char *file, int dont_warn)
+@@ -120,10 +19,6 @@ int app_RAND_load_file(const char *file,
int consider_randfile = (file == NULL);
char buffer[200];
@@ -6287,8 +9331,6 @@
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
#ifndef OPENSSL_NO_EGD
-diff --git a/apps/apps.c b/apps/apps.c
-index 6d8c489..3230425 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1,111 +1,10 @@
@@ -6473,7 +9515,7 @@
if (CONF_modules_load(config, NULL, 0) <= 0) {
BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
-@@ -1025,7 +926,7 @@ void* app_malloc(int sz, const char *what)
+@@ -1025,7 +926,7 @@ void* app_malloc(int sz, const char *wha
}
/*
@@ -6482,7 +9524,7 @@
*/
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *desc)
-@@ -1034,7 +935,7 @@ int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+@@ -1034,7 +935,7 @@ int load_certs(const char *file, STACK_O
}
/*
@@ -6491,7 +9533,7 @@
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, const char *desc)
-@@ -1085,6 +986,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
+@@ -1085,6 +986,7 @@ int set_name_ex(unsigned long *flags, co
{
static const NAME_EX_TBL ex_tbl[] = {
{"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
@@ -6499,7 +9541,7 @@
{"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
-@@ -1246,7 +1148,7 @@ void print_name(BIO *out, const char *title, X509_NAME *nm,
+@@ -1246,7 +1148,7 @@ void print_name(BIO *out, const char *ti
}
}
@@ -6508,7 +9550,25 @@
int len, unsigned char *buffer)
{
BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
-@@ -1382,7 +1284,7 @@ static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
+@@ -1291,7 +1193,7 @@ X509_STORE *setup_verify(char *CAfile, c
+ if (store == NULL)
+ goto end;
+
+- if(CAfile != NULL || !noCAfile) {
++ if (CAfile != NULL || !noCAfile) {
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup == NULL)
+ goto end;
+@@ -1304,7 +1206,7 @@ X509_STORE *setup_verify(char *CAfile, c
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
+
+- if(CApath != NULL || !noCApath) {
++ if (CApath != NULL || !noCApath) {
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ goto end;
+@@ -1382,7 +1284,7 @@ static unsigned long index_serial_hash(c
n = a[DB_serial];
while (*n == '0')
n++;
@@ -6526,7 +9586,7 @@
}
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
-@@ -1513,7 +1415,7 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+@@ -1513,7 +1415,7 @@ int save_serial(char *serialfile, char *
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
{
@@ -6535,7 +9595,7 @@
int i, j;
i = strlen(serialfile) + strlen(old_suffix);
-@@ -1882,6 +1784,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+@@ -1882,6 +1784,7 @@ int bio_to_mem(unsigned char **out, int
BIO *mem;
int len, ret;
unsigned char tbuf[1024];
@@ -6555,7 +9615,7 @@
*/
unsigned char *next_protos_parse(size_t *outlen, const char *in)
{
-@@ -2081,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
+@@ -2081,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
@@ -6567,7 +9627,7 @@
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
-@@ -2621,6 +2526,8 @@ BIO *bio_open_default_quiet(const char *filename, char mode, int format)
+@@ -2621,6 +2526,8 @@ BIO *bio_open_default_quiet(const char *
void wait_for_async(SSL *s)
{
@@ -6619,8 +9679,6 @@
+ return _kbhit();
+}
+#endif
-diff --git a/apps/apps.h b/apps/apps.h
-index 10e1534..319b02e 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -1,117 +1,19 @@
@@ -6750,7 +9808,7 @@
# include <assert.h>
# include <openssl/e_os2.h>
-@@ -165,6 +67,9 @@ CONF *app_load_config_quiet(const char *filename);
+@@ -165,6 +67,9 @@ CONF *app_load_config_quiet(const char *
int app_load_modules(const CONF *config);
void unbuffer(FILE *fp);
void wait_for_async(SSL *s);
@@ -6810,7 +9868,18 @@
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
-@@ -407,6 +314,7 @@ typedef struct string_int_pair_st {
+@@ -367,6 +274,10 @@ void wait_for_async(SSL *s);
+ case OPT_S_DHPARAM: \
+ case OPT_S_DEBUGBROKE
+
++#define IS_NO_PROT_FLAG(o) \
++ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
++ || o == OPT_S_NOTLS1_2)
++
+ /*
+ * Option parsing.
+ */
+@@ -407,6 +318,7 @@ typedef struct string_int_pair_st {
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PVK (1L << 10)
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
@@ -6818,7 +9887,7 @@
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
-@@ -474,7 +382,8 @@ int dump_cert_text(BIO *out, X509 *x);
+@@ -474,7 +386,8 @@ int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
@@ -6828,8 +9897,6 @@
void print_array(BIO *, const char *, int, const unsigned char *);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
-diff --git a/apps/asn1pars.c b/apps/asn1pars.c
-index 3da7e3b..64a2d85 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,58 +1,10 @@
@@ -6906,7 +9973,7 @@
{"offset", OPT_OFFSET, 'p', "offset into file"},
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
-@@ -109,7 +61,8 @@ int asn1parse_main(int argc, char **argv)
+@@ -109,7 +61,8 @@ int asn1parse_main(int argc, char **argv
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
char *genstr = NULL, *genconf = NULL;
@@ -6916,7 +9983,7 @@
char *name = NULL, *header = NULL, *prog;
const unsigned char *ctmpbuf;
int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
-@@ -202,7 +155,7 @@ int asn1parse_main(int argc, char **argv)
+@@ -202,7 +155,7 @@ int asn1parse_main(int argc, char **argv
goto end;
if (strictpem) {
@@ -6925,7 +9992,7 @@
1) {
BIO_printf(bio_err, "Error reading PEM file\n");
ERR_print_errors(bio_err);
-@@ -246,14 +199,14 @@ int asn1parse_main(int argc, char **argv)
+@@ -246,14 +199,14 @@ int asn1parse_main(int argc, char **argv
num += i;
}
}
@@ -6942,7 +10009,7 @@
tmplen = num;
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
-@@ -287,7 +240,7 @@ int asn1parse_main(int argc, char **argv)
+@@ -287,7 +240,7 @@ int asn1parse_main(int argc, char **argv
tmpbuf = at->value.asn1_string->data;
tmplen = at->value.asn1_string->length;
}
@@ -6951,7 +10018,7 @@
num = tmplen;
}
-@@ -308,7 +261,7 @@ int asn1parse_main(int argc, char **argv)
+@@ -308,7 +261,7 @@ int asn1parse_main(int argc, char **argv
}
}
if (!noout &&
@@ -6960,8 +10027,6 @@
indent, dump)) {
ERR_print_errors(bio_err);
goto end;
-diff --git a/apps/build.info b/apps/build.info
-index 3baba66..ae64861 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -1,4 +1,5 @@
@@ -6985,14 +10050,14 @@
- SOURCE[tsget]=tsget.in
+ SOURCE[{- $tsget_name -}]=tsget.in
ENDIF
-diff --git a/apps/ca.c b/apps/ca.c
-index 95801fb..acbd388 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -7040,9 +10105,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -7054,7 +10117,16 @@
*/
/* The PPKI stuff has been donated by Jeff Barber <jeffb at issl.atl.hp.com> */
-@@ -181,9 +133,7 @@ char *make_revocation_str(int rev_type, char *rev_arg);
+@@ -137,7 +89,7 @@
+ #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
+ #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
+
+-static void lookup_fail(const char *name, const char *tag);
++static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
+ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+@@ -181,9 +133,7 @@ char *make_revocation_str(int rev_type,
int make_revoked(X509_REVOKED *rev, const char *str);
static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str);
@@ -7104,7 +10176,7 @@
ENGINE *e = NULL;
BIGNUM *crlnumber = NULL, *serial = NULL;
EVP_PKEY *pkey = NULL;
-@@ -281,7 +232,7 @@ int ca_main(int argc, char **argv)
+@@ -281,15 +232,15 @@ int ca_main(int argc, char **argv)
STACK_OF(X509) *cert_sk = NULL;
X509_CRL *crl = NULL;
const EVP_MD *dgst = NULL;
@@ -7113,11 +10185,12 @@
char *md = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
-@@ -289,7 +240,7 @@ int ca_main(int argc, char **argv)
+ char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
char *serialfile = NULL, *startdate = NULL, *subj = NULL;
- char *prog, *enddate = NULL, *tmp_email_dn = NULL;
+- char *prog, *enddate = NULL, *tmp_email_dn = NULL;
- char *dbfile = NULL, *f, *randfile = NULL, *tofree = NULL;
++ char *prog, *enddate = NULL;
+ char *dbfile = NULL, *f, *randfile = NULL;
char buf[3][BSIZE];
char *const *pp;
@@ -7200,7 +10273,7 @@
case OPT_CREATE_SERIAL:
create_ser = 1;
break;
-@@ -481,13 +427,11 @@ end_of_options:
+@@ -481,22 +427,16 @@ int ca_main(int argc, char **argv)
argv = opt_rest();
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
@@ -7218,8 +10291,20 @@
+ goto end;
/* Lets get the config section we are using */
- if (section == NULL) {
-@@ -552,7 +496,7 @@ end_of_options:
+- if (section == NULL) {
+- section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
+- if (section == NULL) {
+- lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
+- goto end;
+- }
+- }
++ if (section == NULL
++ && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
++ goto end;
+
+ if (conf != NULL) {
+ p = NCONF_get_string(conf, NULL, "oid_file");
+@@ -552,13 +492,13 @@ int ca_main(int argc, char **argv)
} else
ERR_clear_error();
@@ -7227,8 +10312,17 @@
+ /*****************************************************************/
/* report status of cert with serial number given on command line */
if (ser_status) {
- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
-@@ -571,7 +515,7 @@ end_of_options:
+- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+- lookup_fail(section, ENV_DATABASE);
++ dbfile = lookup_conf(conf, section, ENV_DATABASE);
++ if (dbfile == NULL)
+ goto end;
+- }
++
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL)
+ goto end;
+@@ -571,16 +511,13 @@ int ca_main(int argc, char **argv)
goto end;
}
@@ -7236,17 +10330,41 @@
+ /*****************************************************************/
/* we definitely need a private key, so let's get it */
- if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
-@@ -596,7 +540,7 @@ end_of_options:
+- if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
+- section,
+- ENV_PRIVATE_KEY)) ==
+- NULL)) {
+- lookup_fail(section, ENV_PRIVATE_KEY);
++ if (keyfile == NULL
++ && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
goto end;
+- }
++
+ if (!key) {
+ free_key = 1;
+ if (!app_passwd(passinarg, NULL, &key, NULL)) {
+@@ -596,16 +533,13 @@ int ca_main(int argc, char **argv)
+ goto end;
}
- /*****************************************************************/
+ /*****************************************************************/
/* we need a certificate */
if (!selfsign || spkac_file || ss_cert_file || gencrl) {
- if ((certfile == NULL)
-@@ -664,7 +608,7 @@ end_of_options:
+- if ((certfile == NULL)
+- && ((certfile = NCONF_get_string(conf,
+- section,
+- ENV_CERTIFICATE)) == NULL)) {
+- lookup_fail(section, ENV_CERTIFICATE);
++ if (certfile == NULL
++ && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
+ goto end;
+- }
++
+ x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
+ if (x509 == NULL)
+ goto end;
+@@ -664,12 +598,12 @@ int ca_main(int argc, char **argv)
} else
ERR_clear_error();
@@ -7255,16 +10373,31 @@
/* lookup where to write new certificates */
if ((outdir == NULL) && (req)) {
-@@ -690,7 +634,7 @@ end_of_options:
+- if ((outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR))
+- == NULL) {
++ outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
++ if (outdir == NULL) {
+ BIO_printf(bio_err,
+ "there needs to be defined a directory for new certificate to be placed in\n");
+ goto end;
+@@ -690,12 +624,12 @@ int ca_main(int argc, char **argv)
#endif
}
- /*****************************************************************/
+ /*****************************************************************/
/* we need to load the database file */
- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
- lookup_fail(section, ENV_DATABASE);
-@@ -748,7 +692,7 @@ end_of_options:
+- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+- lookup_fail(section, ENV_DATABASE);
++ dbfile = lookup_conf(conf, section, ENV_DATABASE);
++ if (dbfile == NULL)
+ goto end;
+- }
++
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL)
+ goto end;
+@@ -748,7 +682,7 @@ int ca_main(int argc, char **argv)
if (!index_index(db))
goto end;
@@ -7273,8 +10406,81 @@
/* Update the db file for expired certificates */
if (doupdatedb) {
if (verbose)
-@@ -1116,7 +1060,7 @@ end_of_options:
+@@ -787,10 +721,11 @@ int ca_main(int argc, char **argv)
+ extfile);
+
+ /* We can have sections in the ext file */
+- if (!extensions
+- && !(extensions =
+- NCONF_get_string(extconf, "default", "extensions")))
+- extensions = "default";
++ if (extensions == NULL) {
++ extensions = NCONF_get_string(extconf, "default", "extensions");
++ if (extensions == NULL)
++ extensions = "default";
++ }
+ }
+
+ /*****************************************************************/
+@@ -801,12 +736,9 @@ int ca_main(int argc, char **argv)
+ goto end;
+ }
+
+- if ((md == NULL) && ((md = NCONF_get_string(conf,
+- section,
+- ENV_DEFAULT_MD)) == NULL)) {
+- lookup_fail(section, ENV_DEFAULT_MD);
++ if (md == NULL
++ && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
+ goto end;
+- }
+
+ if (strcmp(md, "default") == 0) {
+ int def_nid;
+@@ -822,31 +754,26 @@ int ca_main(int argc, char **argv)
+ }
+
+ if (req) {
+- if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
+- section,
+- ENV_DEFAULT_EMAIL_DN))
+- != NULL)) {
+- if (strcmp(tmp_email_dn, "no") == 0)
++ if (email_dn == 1) {
++ char *tmp_email_dn = NULL;
++
++ tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
++ if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
+ email_dn = 0;
}
+ if (verbose)
+ BIO_printf(bio_err, "message digest is %s\n",
+ OBJ_nid2ln(EVP_MD_type(dgst)));
+- if ((policy == NULL) && ((policy = NCONF_get_string(conf,
+- section,
+- ENV_POLICY)) ==
+- NULL)) {
+- lookup_fail(section, ENV_POLICY);
++ if (policy == NULL
++ && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
+ goto end;
+- }
++
+ if (verbose)
+ BIO_printf(bio_err, "policy is %s\n", policy);
+
+- if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
+- == NULL) {
+- lookup_fail(section, ENV_SERIAL);
++ serialfile = lookup_conf(conf, section, ENV_SERIAL);
++ if (serialfile == NULL)
+ goto end;
+- }
+
+ if (!extconf) {
+ /*
+@@ -1116,7 +1043,7 @@ int ca_main(int argc, char **argv)
+ }
}
- /*****************************************************************/
@@ -7282,7 +10488,7 @@
if (gencrl) {
int crl_v2 = 0;
if (!crl_ext) {
-@@ -1257,7 +1201,7 @@ end_of_options:
+@@ -1257,7 +1184,7 @@ int ca_main(int argc, char **argv)
goto end;
}
@@ -7291,7 +10497,7 @@
if (dorevoke) {
if (infile == NULL) {
BIO_printf(bio_err, "no input files\n");
-@@ -1283,10 +1227,9 @@ end_of_options:
+@@ -1283,10 +1210,9 @@ int ca_main(int argc, char **argv)
BIO_printf(bio_err, "Data Base Updated\n");
}
}
@@ -7303,8 +10509,115 @@
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
-diff --git a/apps/ciphers.c b/apps/ciphers.c
-index 924c015..c0f43ea 100644
+@@ -1310,9 +1236,12 @@ int ca_main(int argc, char **argv)
+ return (ret);
+ }
+
+-static void lookup_fail(const char *name, const char *tag)
++static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+ {
+- BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
++ char *entry = NCONF_get_string(conf, section, tag);
++ if (entry == NULL)
++ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
++ return entry;
+ }
+
+ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+@@ -1445,7 +1374,7 @@ static int do_body(X509 **xret, EVP_PKEY
+ {
+ X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
+ NULL;
+- ASN1_UTCTIME *tm, *tmptm;
++ ASN1_UTCTIME *tm;
+ ASN1_STRING *str, *str2;
+ ASN1_OBJECT *obj;
+ X509 *ret = NULL;
+@@ -1460,12 +1389,6 @@ static int do_body(X509 **xret, EVP_PKEY
+ OPENSSL_STRING *rrow = NULL;
+ char buf[25];
+
+- tmptm = ASN1_UTCTIME_new();
+- if (tmptm == NULL) {
+- BIO_printf(bio_err, "malloc error\n");
+- return (0);
+- }
+-
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
+@@ -1601,7 +1524,8 @@ static int do_body(X509 **xret, EVP_PKEY
+ j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
+ if ((j < 0) && (last2 == -1)) {
+ BIO_printf(bio_err,
+- "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",
++ "The %s field does not exist in the CA certificate,\n"
++ "the 'policy' is misconfigured\n",
+ cv->name);
+ goto end;
+ }
+@@ -1615,7 +1539,8 @@ static int do_body(X509 **xret, EVP_PKEY
+ }
+ if (j < 0) {
+ BIO_printf(bio_err,
+- "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
++ "The %s field is different between\n"
++ "CA certificate (%s) and the request (%s)\n",
+ cv->name,
+ ((str2 == NULL) ? "NULL" : (char *)str2->data),
+ ((str == NULL) ? "NULL" : (char *)str->data));
+@@ -1934,7 +1859,6 @@ static int do_body(X509 **xret, EVP_PKEY
+ X509_NAME_free(subject);
+ if (dn_subject != subject)
+ X509_NAME_free(dn_subject);
+- ASN1_UTCTIME_free(tmptm);
+ if (ok <= 0)
+ X509_free(ret);
+ else
+@@ -2194,27 +2118,28 @@ static int get_certificate_status(const
+ {
+ char *row[DB_NUMBER], **rrow;
+ int ok = -1, i;
++ size_t serial_len = strlen(serial);
+
+ /* Free Resources */
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
+ /* Malloc needed char spaces */
+- row[DB_serial] = app_malloc(strlen(serial) + 2, "row serial#");
++ row[DB_serial] = app_malloc(serial_len + 2, "row serial#");
+
+- if (strlen(serial) % 2) {
++ if (serial_len % 2) {
+ /*
+ * Set the first char to 0
+ */ ;
+ row[DB_serial][0] = '0';
+
+ /* Copy String from serial to row[DB_serial] */
+- memcpy(row[DB_serial] + 1, serial, strlen(serial));
+- row[DB_serial][strlen(serial) + 1] = '\0';
++ memcpy(row[DB_serial] + 1, serial, serial_len);
++ row[DB_serial][serial_len + 1] = '\0';
+ } else {
+ /* Copy String from serial to row[DB_serial] */
+- memcpy(row[DB_serial], serial, strlen(serial));
+- row[DB_serial][strlen(serial)] = '\0';
++ memcpy(row[DB_serial], serial, serial_len);
++ row[DB_serial][serial_len] = '\0';
+ }
+
+ /* Make it Upper Case */
+@@ -2270,7 +2195,7 @@ static int do_updatedb(CA_DB *db)
+
+ /* get actual time and make a string */
+ a_tm = X509_gmtime_adj(a_tm, 0);
+- a_tm_s = (char *)app_malloc(a_tm->length + 1, "time string");
++ a_tm_s = app_malloc(a_tm->length + 1, "time string");
+
+ memcpy(a_tm_s, a_tm->data, a_tm->length);
+ a_tm_s[a_tm->length] = '\0';
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,58 +1,10 @@
@@ -7390,7 +10703,7 @@
{NULL}
};
-@@ -108,6 +64,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
+@@ -108,6 +64,12 @@ static unsigned int dummy_psk(SSL *ssl,
return 0;
}
#endif
@@ -7436,8 +10749,6 @@
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
-diff --git a/apps/cms.c b/apps/cms.c
-index 95f2124..ad771d2 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1,54 +1,10 @@
@@ -7576,6 +10887,15 @@
flags |= CMS_CRLFEOL;
break;
case OPT_NOOUT:
+@@ -522,7 +480,7 @@ int cms_main(int argc, char **argv)
+ signerfile = opt_arg();
+ break;
+ case OPT_INKEY:
+- /* If previous -inkey arument add signer to list */
++ /* If previous -inkey argument add signer to list */
+ if (keyfile) {
+ if (signerfile == NULL) {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
@@ -1084,11 +1042,11 @@ int cms_main(int argc, char **argv)
CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
} else if (outformat == FORMAT_SMIME) {
@@ -7591,7 +10911,7 @@
if (operation == SMIME_RESIGN)
ret = SMIME_write_CMS(out, cms, indata, flags);
else
-@@ -1282,7 +1240,7 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+@@ -1282,7 +1240,7 @@ static CMS_ReceiptRequest *make_receipt_
*rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
*rr_from)
{
@@ -7600,7 +10920,7 @@
CMS_ReceiptRequest *rr;
rct_to = make_names_stack(rr_to);
if (!rct_to)
-@@ -1297,6 +1255,7 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+@@ -1297,6 +1255,7 @@ static CMS_ReceiptRequest *make_receipt_
rct_to);
return rr;
err:
@@ -7608,8 +10928,6 @@
return NULL;
}
-diff --git a/apps/crl.c b/apps/crl.c
-index 915c9ac..3e30bdc 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -1,58 +1,10 @@
@@ -7722,8 +11040,6 @@
if (xobj == NULL) {
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
-diff --git a/apps/crl2p7.c b/apps/crl2p7.c
-index e864973..9c5f79f 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,64 +1,10 @@
@@ -7797,7 +11113,7 @@
*/
#include <stdio.h>
-@@ -138,10 +84,8 @@ int crl2pkcs7_main(int argc, char **argv)
+@@ -138,10 +84,8 @@ int crl2pkcs7_main(int argc, char **argv
if ((certflst == NULL)
&& (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
@@ -7809,7 +11125,7 @@
break;
}
}
-@@ -197,8 +141,6 @@ int crl2pkcs7_main(int argc, char **argv)
+@@ -197,8 +141,6 @@ int crl2pkcs7_main(int argc, char **argv
}
}
@@ -7818,7 +11134,7 @@
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
-@@ -214,6 +156,7 @@ int crl2pkcs7_main(int argc, char **argv)
+@@ -214,6 +156,7 @@ int crl2pkcs7_main(int argc, char **argv
}
ret = 0;
end:
@@ -7826,8 +11142,6 @@
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
-diff --git a/apps/dgst.c b/apps/dgst.c
-index bebaaf5..e438b7c 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -1,58 +1,10 @@
@@ -7895,8 +11209,6 @@
*/
#include <stdio.h>
-diff --git a/apps/dh1024.pem b/apps/dh1024.pem
-index 6eaeca9..f1a5e18 100644
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,10 +1,10 @@
@@ -7917,8 +11229,6 @@
+Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
-diff --git a/apps/dh2048.pem b/apps/dh2048.pem
-index dcd0b8d..e899f2e 100644
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
@@ -1,12 +1,14 @@
@@ -7945,8 +11255,6 @@
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
-diff --git a/apps/dh4096.pem b/apps/dh4096.pem
-index 1b35ad8..adada2b 100644
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
@@ -1,18 +1,19 @@
@@ -7984,8 +11292,6 @@
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
-diff --git a/apps/dhparam.c b/apps/dhparam.c
-index 9ad80ed..ab2e787 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -1,111 +1,10 @@
@@ -8166,8 +11472,6 @@
DH_get0_pqg(dh, NULL, &q, NULL);
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
-diff --git a/apps/dsa.c b/apps/dsa.c
-index 1c841a3..6ac9a40 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -1,58 +1,10 @@
@@ -8263,8 +11567,6 @@
DSA_get0_key(dsa, &pub_key, NULL);
BIO_printf(out, "Public Key=");
BN_print(out, pub_key);
-diff --git a/apps/dsaparam.c b/apps/dsaparam.c
-index 5c282be..4042660 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -1,58 +1,10 @@
@@ -8349,8 +11651,6 @@
}
if (!noout) {
-diff --git a/apps/ec.c b/apps/ec.c
-index 432e9ff..007bf0a 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -1,58 +1,10 @@
@@ -8495,8 +11795,6 @@
} else {
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
-diff --git a/apps/ecparam.c b/apps/ecparam.c
-index 55d71f7..4e6cf22 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -1,59 +1,12 @@
@@ -8565,8 +11863,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-diff --git a/apps/enc.c b/apps/enc.c
-index 9e7d069..403d14e 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -1,58 +1,10 @@
@@ -8634,7 +11930,7 @@
*/
#include <stdio.h>
-@@ -82,6 +34,7 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_);
+@@ -82,6 +34,7 @@ static void show_ciphers(const OBJ_NAME
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -8684,8 +11980,33 @@
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
-diff --git a/apps/engine.c b/apps/engine.c
-index b60bfbc..c98839a 100644
+@@ -428,6 +382,8 @@ int enc_main(int argc, char **argv)
+ * output BIO. If decrypting read salt from input BIO.
+ */
+ unsigned char *sptr;
++ size_t str_len = strlen(str);
++
+ if (nosalt)
+ sptr = NULL;
+ else {
+@@ -467,7 +423,7 @@ int enc_main(int argc, char **argv)
+
+ if (!EVP_BytesToKey(cipher, dgst, sptr,
+ (unsigned char *)str,
+- strlen(str), 1, key, iv)) {
++ str_len, 1, key, iv)) {
+ BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+ goto end;
+ }
+@@ -478,7 +434,7 @@ int enc_main(int argc, char **argv)
+ if (str == strbuf)
+ OPENSSL_cleanse(str, SIZE);
+ else
+- OPENSSL_cleanse(str, strlen(str));
++ OPENSSL_cleanse(str, str_len);
+ }
+ if (hiv != NULL) {
+ int siz = EVP_CIPHER_iv_length(cipher);
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,59 +1,10 @@
@@ -8764,7 +12085,7 @@
static int append_buf(char **buf, int *size, const char *s)
{
if (*buf == NULL) {
-@@ -107,13 +54,17 @@ static int append_buf(char **buf, int *size, const char *s)
+@@ -107,13 +54,17 @@ static int append_buf(char **buf, int *s
}
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
@@ -8786,7 +12107,7 @@
if (**buf != '\0')
OPENSSL_strlcat(*buf, ", ", *size);
OPENSSL_strlcat(*buf, s, *size);
-@@ -262,7 +213,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
+@@ -262,7 +213,7 @@ static int util_verbose(ENGINE *e, int v
BIO_printf(out, "\n");
ret = 1;
err:
@@ -8849,8 +12170,6 @@
BIO_free_all(out);
return (ret);
}
-diff --git a/apps/errstr.c b/apps/errstr.c
-index 141338a..ae7acf5 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -1,58 +1,10 @@
@@ -8927,8 +12246,6 @@
ret = 0;
for (argv = opt_rest(); *argv; argv++) {
-diff --git a/apps/gendsa.c b/apps/gendsa.c
-index 33166b7..5dacf1b 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -1,58 +1,10 @@
@@ -9005,8 +12322,6 @@
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
-diff --git a/apps/genpkey.c b/apps/genpkey.c
-index ca5d848..7abb3e6 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -1,60 +1,12 @@
@@ -9076,8 +12391,6 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
-diff --git a/apps/genrsa.c b/apps/genrsa.c
-index 8b6dd03..4d104d2 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -1,58 +1,10 @@
@@ -9154,8 +12467,6 @@
RSA *rsa = NULL;
const EVP_CIPHER *enc = NULL;
int ret = 1, num = DEFBITS, private = 0;
-diff --git a/apps/nseq.c b/apps/nseq.c
-index 4bc4f32..018d5eb 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,59 +1,10 @@
@@ -9223,8 +12534,6 @@
*/
#include <stdio.h>
-diff --git a/apps/ocsp.c b/apps/ocsp.c
-index ca293a9..1886504 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,59 +1,10 @@
@@ -9292,6 +12601,24 @@
*/
#include <openssl/opensslconf.h>
+@@ -154,7 +105,7 @@ OPTIONS ocsp_options[] = {
+ {"timeout", OPT_TIMEOUT, 'p',
+ "Connection timeout (in seconds) to the OCSP responder"},
+ {"url", OPT_URL, 's', "Responder URL"},
+- {"host", OPT_HOST, 's', "host:prot top to connect to"},
++ {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
+ {"port", OPT_PORT, 'p', "Port to run responder on"},
+ {"ignore_err", OPT_IGNORE_ERR, '-'},
+ {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
+@@ -163,7 +114,7 @@ OPTIONS ocsp_options[] = {
+ {"resp_no_certs", OPT_RESP_NO_CERTS, '-',
+ "Don't include any certificates in response"},
+ {"resp_key_id", OPT_RESP_KEY_ID, '-',
+- "Identify reponse by signing certificate key ID"},
++ "Identify response by signing certificate key ID"},
+ {"no_certs", OPT_NO_CERTS, '-',
+ "Don't include any certificates in signed request"},
+ {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
@@ -178,7 +129,8 @@ OPTIONS ocsp_options[] = {
"Don't verify additional certificates"},
{"no_intern", OPT_NO_INTERN, '-',
@@ -9386,7 +12713,7 @@
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
-@@ -1027,13 +989,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+@@ -1027,13 +989,13 @@ static char **lookup_serial(CA_DB *db, A
static BIO *init_responder(const char *port)
{
@@ -9403,7 +12730,7 @@
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
goto err;
-@@ -1060,9 +1022,10 @@ static BIO *init_responder(const char *port)
+@@ -1060,9 +1022,10 @@ static BIO *init_responder(const char *p
BIO_free_all(acbio);
BIO_free(bufbio);
return NULL;
@@ -9429,7 +12756,7 @@
int len;
OCSP_REQUEST *req = NULL;
char inbuf[2048], reqbuf[2048];
-@@ -1169,7 +1136,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
+@@ -1169,7 +1136,7 @@ static int do_responder(OCSP_REQUEST **p
*preq = req;
return 1;
@@ -9438,8 +12765,6 @@
}
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
-diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
-index 5b3a27f..0092a65 100644
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
@@ -9455,8 +12780,6 @@
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
-diff --git a/apps/openssl.c b/apps/openssl.c
-index c8912ee..78ed023 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -1,111 +1,10 @@
@@ -9606,7 +12929,7 @@
BIO_printf(bio_err, "Usage: %s\n", prog);
return 1;
}
-@@ -628,7 +524,7 @@ static int function_cmp(const FUNCTION * a, const FUNCTION * b)
+@@ -628,7 +524,7 @@ static int function_cmp(const FUNCTION *
static unsigned long function_hash(const FUNCTION * a)
{
@@ -9641,8 +12964,6 @@
#ifdef OPENSSL_NO_TLS1
BIO_puts(bio_out, "TLS1\n");
#endif
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 53c4bef..b3e7444 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
@@ -9658,8 +12979,6 @@
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
-diff --git a/apps/opt.c b/apps/opt.c
-index 63d3215..f72ac64 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -1,50 +1,10 @@
@@ -9736,7 +13055,7 @@
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == ':' || *p == ']' || *p == '>') {
p++;
-@@ -179,7 +140,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
+@@ -179,7 +140,7 @@ char *opt_init(int ac, char **av, const
switch (i) {
case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
@@ -9745,7 +13064,7 @@
break;
default:
assert(0);
-@@ -615,10 +576,13 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
+@@ -615,10 +576,13 @@ int opt_verify(int opt, X509_VERIFY_PARA
break;
case OPT_V_NO_ALT_CHAINS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
@@ -9783,8 +13102,6 @@
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
continue;
-diff --git a/apps/passwd.c b/apps/passwd.c
-index 98092bb..e282521 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -1,50 +1,10 @@
@@ -9852,8 +13169,150 @@
break;
}
}
-diff --git a/apps/pkcs12.c b/apps/pkcs12.c
-index 406b103..8602a99 100644
+@@ -326,69 +287,93 @@ static char *md5crypt(const char *passwd
+ char *salt_out;
+ int n;
+ unsigned int i;
+- EVP_MD_CTX *md, *md2;
+- size_t passwd_len, salt_len;
++ EVP_MD_CTX *md = NULL, *md2 = NULL;
++ size_t passwd_len, salt_len, magic_len;
+
+ passwd_len = strlen(passwd);
+ out_buf[0] = '$';
+ out_buf[1] = 0;
+- assert(strlen(magic) <= 4); /* "1" or "apr1" */
++ magic_len = strlen(magic);
++
++ if (magic_len > 4) /* assert it's "1" or "apr1" */
++ return NULL;
++
+ OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
+ OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
+ OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
+- assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+- salt_out = out_buf + 2 + strlen(magic);
++
++ if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
++ return NULL;
++
++ salt_out = out_buf + 2 + magic_len;
+ salt_len = strlen(salt_out);
+- assert(salt_len <= 8);
+
+- md = EVP_MD_CTX_new();
+- if (md == NULL)
++ if (salt_len > 8)
+ return NULL;
+- EVP_DigestInit_ex(md, EVP_md5(), NULL);
+- EVP_DigestUpdate(md, passwd, passwd_len);
+- EVP_DigestUpdate(md, "$", 1);
+- EVP_DigestUpdate(md, magic, strlen(magic));
+- EVP_DigestUpdate(md, "$", 1);
+- EVP_DigestUpdate(md, salt_out, salt_len);
++
++ md = EVP_MD_CTX_new();
++ if (md == NULL
++ || !EVP_DigestInit_ex(md, EVP_md5(), NULL)
++ || !EVP_DigestUpdate(md, passwd, passwd_len)
++ || !EVP_DigestUpdate(md, "$", 1)
++ || !EVP_DigestUpdate(md, magic, magic_len)
++ || !EVP_DigestUpdate(md, "$", 1)
++ || !EVP_DigestUpdate(md, salt_out, salt_len))
+
+ md2 = EVP_MD_CTX_new();
+- if (md2 == NULL)
+- return NULL;
+- EVP_DigestInit_ex(md2, EVP_md5(), NULL);
+- EVP_DigestUpdate(md2, passwd, passwd_len);
+- EVP_DigestUpdate(md2, salt_out, salt_len);
+- EVP_DigestUpdate(md2, passwd, passwd_len);
+- EVP_DigestFinal_ex(md2, buf, NULL);
+-
+- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+- EVP_DigestUpdate(md, buf, sizeof buf);
+- EVP_DigestUpdate(md, buf, i);
++ if (md2 == NULL
++ || !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
++ || !EVP_DigestUpdate(md2, passwd, passwd_len)
++ || !EVP_DigestUpdate(md2, salt_out, salt_len)
++ || !EVP_DigestUpdate(md2, passwd, passwd_len)
++ || !EVP_DigestFinal_ex(md2, buf, NULL))
++ goto err;
++
++ for (i = passwd_len; i > sizeof buf; i -= sizeof buf) {
++ if (!EVP_DigestUpdate(md, buf, sizeof buf))
++ goto err;
++ }
++ if (!EVP_DigestUpdate(md, buf, i))
++ goto err;
+
+ n = passwd_len;
+ while (n) {
+- EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1);
++ if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
++ goto err;
+ n >>= 1;
+ }
+- EVP_DigestFinal_ex(md, buf, NULL);
++ if (!EVP_DigestFinal_ex(md, buf, NULL))
++ return NULL;
+
+ for (i = 0; i < 1000; i++) {
+- EVP_DigestInit_ex(md2, EVP_md5(), NULL);
+- EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf,
+- (i & 1) ? passwd_len : sizeof buf);
+- if (i % 3)
+- EVP_DigestUpdate(md2, salt_out, salt_len);
+- if (i % 7)
+- EVP_DigestUpdate(md2, passwd, passwd_len);
+- EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd,
+- (i & 1) ? sizeof buf : passwd_len);
+- EVP_DigestFinal_ex(md2, buf, NULL);
++ if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
++ goto err;
++ if (!EVP_DigestUpdate(md2,
++ (i & 1) ? (unsigned const char *)passwd : buf,
++ (i & 1) ? passwd_len : sizeof buf))
++ goto err;
++ if (i % 3) {
++ if (!EVP_DigestUpdate(md2, salt_out, salt_len))
++ goto err;
++ }
++ if (i % 7) {
++ if (!EVP_DigestUpdate(md2, passwd, passwd_len))
++ goto err;
++ }
++ if (!EVP_DigestUpdate(md2,
++ (i & 1) ? buf : (unsigned const char *)passwd,
++ (i & 1) ? sizeof buf : passwd_len))
++ goto err;
++ if (!EVP_DigestFinal_ex(md2, buf, NULL))
++ goto err;
+ }
+ EVP_MD_CTX_free(md2);
+ EVP_MD_CTX_free(md);
++ md2 = NULL;
++ md = NULL;
+
+ {
+ /* transform buf into output string */
+-
+ unsigned char buf_perm[sizeof buf];
+ int dest, source;
+ char *output;
+@@ -425,6 +410,11 @@ static char *md5crypt(const char *passwd
+ }
+
+ return out_buf;
++
++ err:
++ EVP_MD_CTX_free(md2);
++ EVP_MD_CTX_free(md);
++ return NULL;
+ }
+ # endif
+
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,59 +1,10 @@
@@ -9921,7 +13380,7 @@
*/
#include <openssl/opensslconf.h>
-@@ -674,6 +625,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+@@ -674,6 +625,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
STACK_OF(X509_ATTRIBUTE) *attrs;
@@ -9929,7 +13388,7 @@
attrs = PKCS12_SAFEBAG_get0_attrs(bag);
-@@ -688,7 +640,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+@@ -688,7 +640,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
return 0;
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
@@ -9938,7 +13397,7 @@
EVP_PKEY_free(pkey);
break;
-@@ -713,7 +665,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+@@ -713,7 +665,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
}
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
@@ -9947,7 +13406,7 @@
EVP_PKEY_free(pkey);
break;
-@@ -733,7 +685,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+@@ -733,7 +685,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
return 0;
dump_cert_text(out, x509);
@@ -9956,7 +13415,7 @@
X509_free(x509);
break;
-@@ -750,7 +702,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+@@ -750,7 +702,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
BIO_printf(bio_err, "\n");
return 1;
}
@@ -9965,8 +13424,86 @@
}
/* Given a single certificate return a verified chain or NULL if error */
-diff --git a/apps/pkcs7.c b/apps/pkcs7.c
-index ad8330d..8763df0 100644
+@@ -786,16 +738,70 @@ static int get_cert_chain(X509 *cert, X5
+
+ static int alg_print(X509_ALGOR *alg)
+ {
+- PBEPARAM *pbe;
+- const unsigned char *p = alg->parameter->value.sequence->data;
++ int pbenid, aparamtype;
++ ASN1_OBJECT *aoid;
++ void *aparam;
++ PBEPARAM *pbe = NULL;
++
++ X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
++
++ pbenid = OBJ_obj2nid(aoid);
++
++ BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
++
++ /*
++ * If PBE algorithm is PBES2 decode algorithm parameters
++ * for additional details.
++ */
++ if (pbenid == NID_pbes2) {
++ PBE2PARAM *pbe2 = NULL;
++ int encnid;
++ if (aparamtype == V_ASN1_SEQUENCE)
++ pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
++ if (pbe2 == NULL) {
++ BIO_puts(bio_err, "<unsupported parameters>");
++ goto done;
++ }
++ X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
++ pbenid = OBJ_obj2nid(aoid);
++ X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
++ encnid = OBJ_obj2nid(aoid);
++ BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
++ OBJ_nid2sn(encnid));
++ /* If KDF is PBKDF2 decode parameters */
++ if (pbenid == NID_id_pbkdf2) {
++ PBKDF2PARAM *kdf = NULL;
++ int prfnid;
++ if (aparamtype == V_ASN1_SEQUENCE)
++ kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
++ if (kdf == NULL) {
++ BIO_puts(bio_err, "<unsupported parameters>");
++ goto done;
++ }
+
+- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+- if (!pbe)
+- return 1;
+- BIO_printf(bio_err, "%s, Iteration %ld\n",
+- OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+- ASN1_INTEGER_get(pbe->iter));
+- PBEPARAM_free(pbe);
++ if (kdf->prf == NULL) {
++ prfnid = NID_hmacWithSHA1;
++ } else {
++ X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
++ prfnid = OBJ_obj2nid(aoid);
++ }
++ BIO_printf(bio_err, ", Iteration %ld, PRF %s",
++ ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
++ PBKDF2PARAM_free(kdf);
++ }
++ PBE2PARAM_free(pbe2);
++ } else {
++ if (aparamtype == V_ASN1_SEQUENCE)
++ pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
++ if (pbe == NULL) {
++ BIO_puts(bio_err, "<unsupported parameters>");
++ goto done;
++ }
++ BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
++ PBEPARAM_free(pbe);
++ }
++ done:
++ BIO_puts(bio_err, "\n");
+ return 1;
+ }
+
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -1,106 +1,10 @@
@@ -10103,8 +13640,6 @@
break;
default:
break;
-diff --git a/apps/pkcs8.c b/apps/pkcs8.c
-index 15b8e6a..22b5866 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,60 +1,12 @@
@@ -10263,8 +13798,6 @@
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
-diff --git a/apps/pkey.c b/apps/pkey.c
-index 122ced7..50ee05f 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -1,60 +1,12 @@
@@ -10393,8 +13926,6 @@
}
} else if (outformat == FORMAT_ASN1) {
if (pubout)
-diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
-index d55adef..f6bcb8f 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -1,60 +1,12 @@
@@ -10464,8 +13995,6 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
-diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
-index fe7f586..0dc3897 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -1,59 +1,10 @@
@@ -10542,8 +14071,6 @@
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
-diff --git a/apps/prime.c b/apps/prime.c
-index b18257d..b0f5969 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,50 +1,10 @@
@@ -10652,8 +14179,6 @@
+ BN_free(bn);
return ret;
}
-diff --git a/apps/progs.h b/apps/progs.h
-index c8779d9..ac9d208 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -1,12 +1,13 @@
@@ -10704,8 +14229,6 @@
#ifndef OPENSSL_NO_MDC2
{ FT_md, "mdc2", dgst_main},
#endif
-diff --git a/apps/progs.pl b/apps/progs.pl
-index ee6ce92..3ec16d5 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,12 +1,10 @@
@@ -10769,8 +14292,6 @@
}
}
-diff --git a/apps/rand.c b/apps/rand.c
-index bd6fdff..d60f1ec 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -1,55 +1,10 @@
@@ -10868,8 +14389,6 @@
BIO_free_all(out);
return (ret);
}
-diff --git a/apps/rehash.c b/apps/rehash.c
-index 895a222..4686b53 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -1,65 +1,22 @@
@@ -10959,7 +14478,18 @@
# ifndef NAME_MAX
# define NAME_MAX 255
# endif
-@@ -203,7 +163,7 @@ static int handle_symlink(const char *filename, const char *fullpath)
+@@ -154,8 +114,8 @@ static int add_entry(enum Type type, uns
+ for (ep = bp->first_entry; ep; ep = ep->next) {
+ if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
+ BIO_printf(bio_err,
+- "%s: skipping duplicate certificate in %s\n",
+- opt_getprog(), filename);
++ "%s: skipping duplicate %s in %s\n", opt_getprog(),
++ type == TYPE_CERT ? "certificate" : "CRL", filename);
+ return 1;
+ }
+ if (strcmp(filename, ep->filename) == 0) {
+@@ -203,7 +163,7 @@ static int handle_symlink(const char *fi
int i, type, id;
unsigned char ch;
char linktarget[PATH_MAX], *endptr;
@@ -10968,7 +14498,21 @@
for (i = 0; i < 8; i++) {
ch = filename[i];
-@@ -300,6 +260,11 @@ end:
+@@ -214,9 +174,11 @@ static int handle_symlink(const char *fi
+ }
+ if (filename[i++] != '.')
+ return -1;
+- for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--)
+- if (strcasecmp(suffixes[type], &filename[i]) == 0)
++ for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
++ const char *suffix = suffixes[type];
++ if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
+ break;
++ }
+ i += strlen(suffixes[type]);
+
+ id = strtoul(&filename[i], &endptr, 10);
+@@ -300,6 +262,11 @@ static int do_file(const char *filename,
return errs;
}
@@ -10980,7 +14524,7 @@
/*
* Process a directory; return number of errors found.
*/
-@@ -310,11 +275,12 @@ static int do_dir(const char *dirname, enum Hash h)
+@@ -310,11 +277,12 @@ static int do_dir(const char *dirname, e
OPENSSL_DIR_CTX *d = NULL;
struct stat st;
unsigned char idmask[MAX_COLLISIONS / 8];
@@ -10995,7 +14539,7 @@
if (app_access(dirname, W_OK) < 0) {
BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
-@@ -328,7 +294,23 @@ static int do_dir(const char *dirname, enum Hash h)
+@@ -328,7 +296,23 @@ static int do_dir(const char *dirname, e
if (verbose)
BIO_printf(bio_out, "Doing %s\n", dirname);
@@ -11019,7 +14563,7 @@
if (snprintf(buf, buflen, "%s%s%s",
dirname, pathsep, filename) >= buflen)
continue;
-@@ -338,7 +320,7 @@ static int do_dir(const char *dirname, enum Hash h)
+@@ -338,7 +322,7 @@ static int do_dir(const char *dirname, e
continue;
errs += do_file(filename, buf, h);
}
@@ -11028,8 +14572,14 @@
for (i = 0; i < OSSL_NELEM(hash_table); i++) {
for (bp = hash_table[i]; bp; bp = nextbp) {
-diff --git a/apps/req.c b/apps/req.c
-index 7f4a946..f1ee951 100644
+@@ -382,6 +366,7 @@ static int do_dir(const char *dirname, e
+ strerror(errno));
+ errs++;
+ }
++ bit_set(idmask, nextid);
+ } else if (remove_links) {
+ /* Link to be deleted */
+ snprintf(buf, buflen, "%s%s%n%08x.%s%d",
--- a/apps/req.c
+++ b/apps/req.c
@@ -1,58 +1,10 @@
@@ -11130,7 +14680,37 @@
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
-@@ -812,7 +768,7 @@ int req_main(int argc, char **argv)
+@@ -771,15 +727,14 @@ int req_main(int argc, char **argv)
+ goto end;
+
+ if (pubkey) {
+- EVP_PKEY *tpubkey;
+- tpubkey = X509_REQ_get_pubkey(req);
++ EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
++
+ if (tpubkey == NULL) {
+ BIO_printf(bio_err, "Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(out, tpubkey);
+- EVP_PKEY_free(tpubkey);
+ }
+
+ if (text) {
+@@ -802,9 +757,9 @@ int req_main(int argc, char **argv)
+ EVP_PKEY *tpubkey;
+
+ if (x509)
+- tpubkey = X509_get_pubkey(x509ss);
++ tpubkey = X509_get0_pubkey(x509ss);
+ else
+- tpubkey = X509_REQ_get_pubkey(req);
++ tpubkey = X509_REQ_get0_pubkey(req);
+ if (tpubkey == NULL) {
+ fprintf(stdout, "Modulus=unavailable\n");
+ goto end;
+@@ -812,13 +767,12 @@ int req_main(int argc, char **argv)
fprintf(stdout, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
@@ -11139,7 +14719,13 @@
RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
BN_print(out, n);
} else
-@@ -1153,12 +1109,12 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+ #endif
+ fprintf(stdout, "Wrong Algorithm type");
+- EVP_PKEY_free(tpubkey);
+ fprintf(stdout, "\n");
+ }
+
+@@ -1153,12 +1107,12 @@ static int auto_info(X509_REQ *req, STAC
}
}
#ifndef CHARSET_EBCDIC
@@ -11155,8 +14741,6 @@
mval = -1;
} else
mval = 0;
-diff --git a/apps/rsa.c b/apps/rsa.c
-index 980d9ef..63e88e6 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -1,106 +1,10 @@
@@ -11281,8 +14865,6 @@
RSA_get0_key(rsa, &n, NULL, NULL);
BIO_printf(out, "Modulus=");
BN_print(out, n);
-diff --git a/apps/rsautl.c b/apps/rsautl.c
-index 728352c..84f0164 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -1,59 +1,10 @@
@@ -11359,8 +14941,6 @@
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
-diff --git a/apps/s_apps.h b/apps/s_apps.h
-index b029635..c47932b 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -1,112 +1,12 @@
@@ -11483,8 +15063,6 @@
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-diff --git a/apps/s_cb.c b/apps/s_cb.c
-index abcbad4..9481fa5 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,111 +1,10 @@
@@ -11605,7 +15183,7 @@
*/
/* callback functions used by s_client, s_server, and s_time */
-@@ -406,8 +305,6 @@ int ssl_print_point_formats(BIO *out, SSL *s)
+@@ -406,8 +305,6 @@ int ssl_print_point_formats(BIO *out, SS
}
}
@@ -11614,7 +15192,7 @@
BIO_puts(out, "\n");
return 1;
}
-@@ -439,8 +336,6 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared)
+@@ -439,8 +336,6 @@ int ssl_print_curves(BIO *out, SSL *s, i
BIO_printf(out, "%s", cname);
}
}
@@ -11623,8 +15201,6 @@
OPENSSL_free(curves);
if (noshared) {
BIO_puts(out, "\n");
-diff --git a/apps/s_client.c b/apps/s_client.c
-index d658e04..e79cf7e 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1,112 +1,12 @@
@@ -11765,7 +15341,7 @@
/* We just do busy waiting. Nothing clever */
continue;
}
-@@ -259,9 +157,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+@@ -259,9 +157,9 @@ static unsigned int psk_client_cb(SSL *s
unsigned char *psk,
unsigned int max_psk_len)
{
@@ -11777,7 +15353,7 @@
if (c_debug)
BIO_printf(bio_c_out, "psk_client_cb\n");
-@@ -282,31 +180,29 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+@@ -282,31 +180,29 @@ static unsigned int psk_client_cb(SSL *s
if (c_debug)
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
ret);
@@ -11831,7 +15407,7 @@
} SRP_ARG;
# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
-@@ -353,10 +249,10 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
+@@ -353,10 +249,10 @@ static int srp_Verify_N_and_g(const BIGN
BIGNUM *r = BN_new();
int ret =
g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
@@ -11844,7 +15420,7 @@
r != NULL &&
/* verify g^((N-1)/2) == -1 (mod N) */
BN_mod_exp(r, g, p, N, bn_ctx) &&
-@@ -375,7 +271,7 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
+@@ -375,7 +271,7 @@ static int srp_Verify_N_and_g(const BIGN
* The callback is only called for a non default group.
*
* An application does not need the call back at all if
@@ -11853,7 +15429,7 @@
* client and server already share well known groups,
* thus there is no need to verify them.
* Furthermore, in case that a server actually proposes a group that
-@@ -508,7 +404,7 @@ static ossl_ssize_t hexdecode(const char **inptr, void *result)
+@@ -508,7 +404,7 @@ static ossl_ssize_t hexdecode(const char
{
unsigned char **out = (unsigned char **)result;
const char *in = *inptr;
@@ -11862,7 +15438,7 @@
unsigned char *cp = ret;
uint8_t byte;
int nibble = 0;
-@@ -517,19 +413,16 @@ static ossl_ssize_t hexdecode(const char **inptr, void *result)
+@@ -517,19 +413,16 @@ static ossl_ssize_t hexdecode(const char
return -1;
for (byte = 0; *in; ++in) {
@@ -11940,7 +15516,7 @@
{"smtp", PROTO_SMTP},
{"pop3", PROTO_POP3},
{"imap", PROTO_IMAP},
-@@ -860,9 +761,22 @@ static OPT_PAIR services[] = {
+@@ -860,9 +761,26 @@ static OPT_PAIR services[] = {
{"xmpp-server", PROTO_XMPP_SERVER},
{"telnet", PROTO_TELNET},
{"irc", PROTO_IRC},
@@ -11952,6 +15528,10 @@
+ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
+#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
+
++#define IS_PROT_FLAG(o) \
++ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
++ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
++
+/* Free |*dest| and optionally set it to a copy of |source|. */
+static void freeandcopy(char **dest, const char *source)
+{
@@ -11964,7 +15544,7 @@
int s_client_main(int argc, char **argv)
{
BIO *sbio;
-@@ -883,7 +797,7 @@ int s_client_main(int argc, char **argv)
+@@ -883,7 +801,7 @@ int s_client_main(int argc, char **argv)
char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
@@ -11973,7 +15553,7 @@
char *inrand = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p;
-@@ -902,6 +816,7 @@ int s_client_main(int argc, char **argv)
+@@ -902,6 +820,7 @@ int s_client_main(int argc, char **argv)
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
@@ -11981,10 +15561,12 @@
int read_buf_len = 0;
int fallback_scsv = 0;
long randamt = 0;
-@@ -937,6 +852,11 @@ int s_client_main(int argc, char **argv)
+@@ -936,7 +855,12 @@ int s_client_main(int argc, char **argv)
+ char *ctlog_file = NULL;
int ct_validation = 0;
#endif
- int min_version = 0, max_version = 0;
+- int min_version = 0, max_version = 0;
++ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+ int async = 0;
+ unsigned int split_send_fragment = 0;
+ unsigned int max_pipelines = 0;
@@ -11993,7 +15575,7 @@
FD_ZERO(&readfds);
FD_ZERO(&writefds);
-@@ -972,6 +892,19 @@ int s_client_main(int argc, char **argv)
+@@ -972,6 +896,32 @@ int s_client_main(int argc, char **argv)
prog = opt_init(argc, argv, s_client_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -12010,10 +15592,23 @@
+ prog);
+ goto end;
+ }
++
++ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
++ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
++ goto end;
++ }
++ if (IS_NO_PROT_FLAG(o))
++ no_prot_opt++;
++ if (prot_opt == 1 && no_prot_opt) {
++ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
++ "\"-no_<prot>\"\n");
++ goto end;
++ }
++
switch (o) {
case OPT_EOF:
case OPT_ERR:
-@@ -983,59 +916,28 @@ int s_client_main(int argc, char **argv)
+@@ -983,59 +933,28 @@ int s_client_main(int argc, char **argv)
ret = 0;
goto end;
case OPT_4:
@@ -12086,7 +15681,7 @@
break;
case OPT_PROXY:
proxystr = opt_arg();
-@@ -1043,9 +945,9 @@ int s_client_main(int argc, char **argv)
+@@ -1043,9 +962,9 @@ int s_client_main(int argc, char **argv)
break;
#ifdef AF_UNIX
case OPT_UNIX:
@@ -12098,7 +15693,7 @@
break;
#endif
case OPT_XMPPHOST:
-@@ -1136,7 +1038,6 @@ int s_client_main(int argc, char **argv)
+@@ -1136,7 +1055,6 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "Error getting client auth engine\n");
goto opthelp;
}
@@ -12106,7 +15701,7 @@
#endif
break;
case OPT_RAND:
-@@ -1200,10 +1101,6 @@ int s_client_main(int argc, char **argv)
+@@ -1200,10 +1118,6 @@ int s_client_main(int argc, char **argv)
goto end;
}
break;
@@ -12117,7 +15712,7 @@
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPUSER:
-@@ -1233,13 +1130,6 @@ int s_client_main(int argc, char **argv)
+@@ -1233,13 +1147,6 @@ int s_client_main(int argc, char **argv)
if (min_version < TLS1_VERSION)
min_version = TLS1_VERSION;
break;
@@ -12131,7 +15726,7 @@
#endif
case OPT_SSL_CONFIG:
ssl_config = opt_arg();
-@@ -1384,6 +1274,7 @@ int s_client_main(int argc, char **argv)
+@@ -1384,6 +1291,7 @@ int s_client_main(int argc, char **argv)
case OPT_STARTTLS:
if (!opt_pair(opt_arg(), services, &starttls_proto))
goto end;
@@ -12139,7 +15734,7 @@
case OPT_SERVERNAME:
servername = opt_arg();
break;
-@@ -1417,6 +1308,10 @@ int s_client_main(int argc, char **argv)
+@@ -1417,6 +1325,10 @@ int s_client_main(int argc, char **argv)
break;
}
}
@@ -12150,7 +15745,7 @@
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
-@@ -1801,9 +1696,9 @@ int s_client_main(int argc, char **argv)
+@@ -1801,9 +1713,9 @@ int s_client_main(int argc, char **argv)
goto end;
}
} else if (dane_tlsa_rrset != NULL) {
@@ -12163,7 +15758,37 @@
}
re_start:
-@@ -2227,7 +2122,12 @@ int s_client_main(int argc, char **argv)
+@@ -1824,18 +1736,25 @@ int s_client_main(int argc, char **argv)
+ }
+ #ifndef OPENSSL_NO_DTLS
+ if (socket_type == SOCK_DGRAM) {
+- struct sockaddr peer;
+- int peerlen = sizeof peer;
++ union BIO_sock_info_u peer_info;
+
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++ if ((peer_info.addr = BIO_ADDR_new()) == NULL) {
++ BIO_printf(bio_err, "memory allocation failure\n");
++ BIO_closesocket(s);
++ goto end;
++ }
++ if (!BIO_sock_info(s, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
+ BIO_printf(bio_err, "getsockname:errno=%d\n",
+ get_last_socket_error());
++ BIO_ADDR_free(peer_info.addr);
+ BIO_closesocket(s);
+ goto end;
+ }
+
+- (void)BIO_ctrl_set_connected(sbio, &peer);
++ (void)BIO_ctrl_set_connected(sbio, peer_info.addr);
++ BIO_ADDR_free(peer_info.addr);
++ peer_info.addr = NULL;
+
+ if (enable_timeouts) {
+ timeout.tv_sec = 0;
+@@ -2227,7 +2146,12 @@ int s_client_main(int argc, char **argv)
if (!ssl_pending) {
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
if (tty_on) {
@@ -12177,13 +15802,14 @@
openssl_fdset(fileno(stdin), &readfds);
if (write_tty)
openssl_fdset(fileno(stdout), &writefds);
-@@ -2267,18 +2167,8 @@ int s_client_main(int argc, char **argv)
+@@ -2267,18 +2191,8 @@ int s_client_main(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
-# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- if (!i && (!_kbhit() || !read_tty))
-- continue;
++ if (!i && (!has_stdin_waiting() || !read_tty))
+ continue;
-# else
- if (!i && (!((_kbhit())
- || (WAIT_OBJECT_0 ==
@@ -12191,13 +15817,12 @@
- (STD_INPUT_HANDLE),
- 0)))
- || !read_tty))
-+ if (!i && (!has_stdin_waiting() || !read_tty))
- continue;
+- continue;
-# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, timeoutp);
-@@ -2359,6 +2249,8 @@ int s_client_main(int argc, char **argv)
+@@ -2359,6 +2273,8 @@ int s_client_main(int argc, char **argv)
write_ssl = 0;
}
break;
@@ -12206,7 +15831,7 @@
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
-@@ -2445,20 +2337,17 @@ int s_client_main(int argc, char **argv)
+@@ -2445,20 +2361,17 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_c_out, "closed\n");
ret = 0;
goto shut;
@@ -12232,7 +15857,7 @@
#else
else if (FD_ISSET(fileno(stdin), &readfds))
#endif
-@@ -2484,6 +2373,9 @@ int s_client_main(int argc, char **argv)
+@@ -2484,6 +2397,9 @@ int s_client_main(int argc, char **argv)
} else
i = raw_read_stdin(cbuf, BUFSIZZ);
@@ -12242,7 +15867,7 @@
if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
BIO_printf(bio_err, "DONE\n");
ret = 0;
-@@ -2520,6 +2412,16 @@ int s_client_main(int argc, char **argv)
+@@ -2520,6 +2436,16 @@ int s_client_main(int argc, char **argv)
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
@@ -12259,7 +15884,7 @@
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
-@@ -2669,6 +2571,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
+@@ -2669,6 +2595,7 @@ static void print_stuff(BIO *bio, SSL *s
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
@@ -12267,9 +15892,29 @@
pktmp = X509_get0_pubkey(peer);
BIO_printf(bio, "Server public key is %d bit\n",
EVP_PKEY_bits(pktmp));
-@@ -2730,7 +2633,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
+@@ -2688,11 +2615,15 @@ static void print_stuff(BIO *bio, SSL *s
+ {
+ /* Print out local port of connection: useful for debugging */
+ int sock;
+- struct sockaddr_in ladd;
+- socklen_t ladd_size = sizeof(ladd);
++ union BIO_sock_info_u info;
++
+ sock = SSL_get_fd(s);
+- getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
+- BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
++ if ((info.addr = BIO_ADDR_new()) != NULL
++ && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
++ BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
++ ntohs(BIO_ADDR_rawport(info.addr)));
++ }
++ BIO_ADDR_free(info.addr);
+ }
#endif
+@@ -2730,7 +2661,8 @@ static void print_stuff(BIO *bio, SSL *s
+ #endif
+
SSL_SESSION_print(bio, SSL_get_session(s));
- if (keymatexportlabel != NULL) {
+ if ((SSL_get_session(s) != NULL) &&
@@ -12277,14 +15922,12 @@
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
-@@ -2781,4 +2685,4 @@ static int ocsp_resp_cb(SSL *s, void *arg)
+@@ -2781,4 +2713,4 @@ static int ocsp_resp_cb(SSL *s, void *ar
}
# endif
-#endif
+#endif /* OPENSSL_NO_SOCK */
-diff --git a/apps/s_server.c b/apps/s_server.c
-index 6c8541e..45c128d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1,112 +1,12 @@
@@ -12417,7 +16060,7 @@
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
static int sv_body(int s, int stype, unsigned char *context);
-@@ -243,9 +146,6 @@ static int async = 0;
+@@ -243,19 +146,15 @@ static int async = 0;
static unsigned int split_send_fragment = 0;
static unsigned int max_pipelines = 0;
@@ -12427,7 +16070,18 @@
static const char *session_id_prefix = NULL;
#ifndef OPENSSL_NO_DTLS
-@@ -266,9 +166,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+ static int enable_timeouts = 0;
+ static long socket_mtu;
+-static int cert_chain = 0;
++
+ #endif
+ static int dtlslisten = 0;
+
+-static BIO *serverinfo_in = NULL;
+ static const char *s_serverinfo_file = NULL;
+
+ #ifndef OPENSSL_NO_PSK
+@@ -266,9 +165,8 @@ static unsigned int psk_server_cb(SSL *s
unsigned char *psk,
unsigned int max_psk_len)
{
@@ -12439,7 +16093,7 @@
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
-@@ -290,31 +189,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+@@ -290,31 +188,26 @@ static unsigned int psk_server_cb(SSL *s
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
@@ -12482,7 +16136,7 @@
out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
-@@ -402,9 +296,6 @@ static void s_server_init(void)
+@@ -402,9 +295,6 @@ static void s_server_init(void)
async = 0;
split_send_fragment = 0;
max_pipelines = 0;
@@ -12492,7 +16146,7 @@
}
static int local_argc = 0;
-@@ -420,17 +311,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size);
+@@ -420,17 +310,7 @@ static int ebcdic_gets(BIO *bp, char *bu
static int ebcdic_puts(BIO *bp, const char *str);
# define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
@@ -12511,7 +16165,7 @@
/* This struct is "unwarranted chumminess with the compiler." */
typedef struct {
-@@ -438,9 +319,22 @@ typedef struct {
+@@ -438,9 +318,22 @@ typedef struct {
char buff[1];
} EBCDIC_OUTBUFF;
@@ -12536,7 +16190,7 @@
}
static int ebcdic_new(BIO *bi)
-@@ -451,68 +345,71 @@ static int ebcdic_new(BIO *bi)
+@@ -451,68 +344,71 @@ static int ebcdic_new(BIO *bi)
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
@@ -12628,7 +16282,7 @@
return (ret);
}
-@@ -520,15 +417,16 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
+@@ -520,15 +416,16 @@ static int ebcdic_write(BIO *b, const ch
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
@@ -12647,7 +16301,7 @@
break;
}
return (ret);
-@@ -537,8 +435,10 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+@@ -537,8 +434,10 @@ static long ebcdic_ctrl(BIO *b, int cmd,
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
int i, ret = 0;
@@ -12660,7 +16314,7 @@
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i = 0; i < size - 1; ++i) {
ret = ebcdic_read(bp, &buf[i], 1);
-@@ -556,8 +456,8 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
+@@ -556,8 +455,8 @@ static int ebcdic_gets(BIO *bp, char *bu
static int ebcdic_puts(BIO *bp, const char *str)
{
@@ -12671,7 +16325,7 @@
return ebcdic_write(bp, str, strlen(str));
}
#endif
-@@ -664,19 +564,19 @@ static int cert_status_cb(SSL *s, void *arg)
+@@ -664,19 +563,19 @@ static int cert_status_cb(SSL *s, void *
SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
NULL, NULL))
goto err;
@@ -12696,7 +16350,42 @@
if (!OCSP_request_add0_id(req, id))
goto err;
id = NULL;
-@@ -1007,12 +907,12 @@ OPTIONS s_server_options[] = {
+@@ -813,7 +712,7 @@ typedef enum OPTION_choice {
+ OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
+ OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
+ OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+- OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
++ OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
+ OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+ OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
+ OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+@@ -841,7 +740,7 @@ OPTIONS s_server_options[] = {
+ {"Verify", OPT_UPPER_V_VERIFY, 'n',
+ "Turn on peer certificate verification, must have a cert"},
+ {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
+- {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
++ {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
+ {"serverinfo", OPT_SERVERINFO, 's',
+ "PEM serverinfo file for certificate"},
+ {"certform", OPT_CERTFORM, 'F',
+@@ -889,7 +788,7 @@ OPTIONS s_server_options[] = {
+ "-Private Key file to use for servername if not in -cert2"},
+ {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+ "Hex dump of all TLS extensions received"},
+- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
++ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
+ {"id_prefix", OPT_ID_PREFIX, 's',
+ "Generate SSL/TLS session IDs prefixed by arg"},
+ {"rand", OPT_RAND, 's',
+@@ -981,7 +880,6 @@ OPTIONS s_server_options[] = {
+ {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
+ {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+ {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+- {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
+ {"listen", OPT_LISTEN, '-',
+ "Listen for a DTLS ClientHello with a cookie and then connect"},
+ #endif
+@@ -1007,12 +905,16 @@ OPTIONS s_server_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@@ -12704,6 +16393,10 @@
+ {NULL, OPT_EOF, 0, NULL}
};
++#define IS_PROT_FLAG(o) \
++ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
++ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
++
int s_server_main(int argc, char *argv[])
{
- ENGINE *e = NULL;
@@ -12711,7 +16404,46 @@
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
const SSL_METHOD *meth = TLS_server_method();
-@@ -1484,7 +1384,7 @@ int s_server_main(int argc, char *argv[])
+@@ -1070,7 +972,7 @@ int s_server_main(int argc, char *argv[]
+ char *srpuserseed = NULL;
+ char *srp_verifier_file = NULL;
+ #endif
+- int min_version = 0, max_version = 0;
++ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+
+ local_argc = argc;
+ local_argv = argv;
+@@ -1084,6 +986,17 @@ int s_server_main(int argc, char *argv[]
+
+ prog = opt_init(argc, argv, s_server_options);
+ while ((o = opt_next()) != OPT_EOF) {
++ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
++ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
++ goto end;
++ }
++ if (IS_NO_PROT_FLAG(o))
++ no_prot_opt++;
++ if (prot_opt == 1 && no_prot_opt) {
++ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
++ "\"-no_<prot>\"\n");
++ goto end;
++ }
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+@@ -1470,11 +1383,6 @@ int s_server_main(int argc, char *argv[]
+ socket_mtu = atol(opt_arg());
+ #endif
+ break;
+- case OPT_CHAIN:
+-#ifndef OPENSSL_NO_DTLS
+- cert_chain = 1;
+-#endif
+- break;
+ case OPT_LISTEN:
+ #ifndef OPENSSL_NO_DTLS
+ dtlslisten = 1;
+@@ -1484,7 +1392,7 @@ int s_server_main(int argc, char *argv[]
session_id_prefix = opt_arg();
break;
case OPT_ENGINE:
@@ -12720,7 +16452,7 @@
break;
case OPT_RAND:
inrand = opt_arg();
-@@ -1590,7 +1490,7 @@ int s_server_main(int argc, char *argv[])
+@@ -1590,7 +1498,7 @@ int s_server_main(int argc, char *argv[]
goto end;
if (nocert == 0) {
@@ -12729,7 +16461,7 @@
"server certificate private key file");
if (!s_key) {
ERR_print_errors(bio_err);
-@@ -1611,7 +1511,7 @@ int s_server_main(int argc, char *argv[])
+@@ -1611,7 +1519,7 @@ int s_server_main(int argc, char *argv[]
}
if (tlsextcbp.servername) {
@@ -12738,7 +16470,7 @@
"second server certificate private key file");
if (!s_key2) {
ERR_print_errors(bio_err);
-@@ -1670,7 +1570,7 @@ int s_server_main(int argc, char *argv[])
+@@ -1670,7 +1578,7 @@ int s_server_main(int argc, char *argv[]
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
@@ -12747,7 +16479,7 @@
if (!s_dkey) {
ERR_print_errors(bio_err);
goto end;
-@@ -1854,9 +1754,10 @@ int s_server_main(int argc, char *argv[])
+@@ -1854,9 +1762,10 @@ int s_server_main(int argc, char *argv[]
if (async)
SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
@@ -12760,7 +16492,15 @@
}
if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
-@@ -2079,6 +1980,9 @@ int s_server_main(int argc, char *argv[])
+@@ -2067,7 +1976,6 @@ int s_server_main(int argc, char *argv[]
+ SSL_CTX_free(ctx2);
+ X509_free(s_cert2);
+ EVP_PKEY_free(s_key2);
+- BIO_free(serverinfo_in);
+ #ifndef OPENSSL_NO_NEXTPROTONEG
+ OPENSSL_free(next_proto.data);
+ #endif
+@@ -2079,6 +1987,9 @@ int s_server_main(int argc, char *argv[]
bio_s_out = NULL;
BIO_free(bio_s_msg);
bio_s_msg = NULL;
@@ -12770,7 +16510,7 @@
return (ret);
}
-@@ -2257,10 +2161,10 @@ static int sv_body(int s, int stype, unsigned char *context)
+@@ -2257,10 +2168,10 @@ static int sv_body(int s, int stype, uns
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
@@ -12784,7 +16524,7 @@
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
-@@ -2399,13 +2303,19 @@ static int sv_body(int s, int stype, unsigned char *context)
+@@ -2399,13 +2310,19 @@ static int sv_body(int s, int stype, uns
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
@@ -12804,7 +16544,7 @@
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
BIO_printf(bio_s_out, "ERROR\n");
-@@ -2469,17 +2379,24 @@ static int sv_body(int s, int stype, unsigned char *context)
+@@ -2469,17 +2386,24 @@ static int sv_body(int s, int stype, uns
ascii2ebcdic(buf, buf, i);
#endif
raw_write_stdout(buf, (unsigned int)i);
@@ -12829,15 +16569,33 @@
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
BIO_printf(bio_s_out, "ERROR\n");
-@@ -2530,6 +2447,7 @@ static int init_ssl_connection(SSL *con)
+@@ -2530,9 +2454,10 @@ static int init_ssl_connection(SSL *con)
unsigned next_proto_neg_len;
#endif
unsigned char *exportedkeymat;
+ int retry = 0;
#ifndef OPENSSL_NO_DTLS
- if(dtlslisten) {
-@@ -2557,6 +2475,8 @@ static int init_ssl_connection(SSL *con)
+- if(dtlslisten) {
++ if (dtlslisten) {
+ BIO_ADDR *client = NULL;
+
+ if ((client = BIO_ADDR_new()) == NULL) {
+@@ -2545,11 +2470,11 @@ static int init_ssl_connection(SSL *con)
+ int fd = -1;
+
+ wbio = SSL_get_wbio(con);
+- if(wbio) {
++ if (wbio) {
+ BIO_get_fd(wbio, &fd);
+ }
+
+- if(!wbio || BIO_connect(fd, client, 0) == 0) {
++ if (!wbio || BIO_connect(fd, client, 0) == 0) {
+ BIO_printf(bio_err, "ERROR - unable to connect\n");
+ BIO_ADDR_free(client);
+ return 0;
+@@ -2557,6 +2482,8 @@ static int init_ssl_connection(SSL *con)
BIO_ADDR_free(client);
dtlslisten = 0;
i = SSL_accept(con);
@@ -12846,7 +16604,7 @@
}
} else
#endif
-@@ -2564,6 +2484,8 @@ static int init_ssl_connection(SSL *con)
+@@ -2564,6 +2491,8 @@ static int init_ssl_connection(SSL *con)
do {
i = SSL_accept(con);
@@ -12855,7 +16613,7 @@
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
-@@ -2571,6 +2493,8 @@ static int init_ssl_connection(SSL *con)
+@@ -2571,6 +2500,8 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
@@ -12864,7 +16622,7 @@
}
}
#endif
-@@ -2589,13 +2513,15 @@ static int init_ssl_connection(SSL *con)
+@@ -2589,13 +2520,15 @@ static int init_ssl_connection(SSL *con)
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
i = SSL_accept(con);
@@ -12881,7 +16639,7 @@
BIO_printf(bio_s_out, "DELAY\n");
return (1);
}
-@@ -2681,6 +2607,7 @@ static int init_ssl_connection(SSL *con)
+@@ -2681,6 +2614,7 @@ static int init_ssl_connection(SSL *con)
OPENSSL_free(exportedkeymat);
}
@@ -12889,14 +16647,12 @@
return (1);
}
-@@ -3377,4 +3304,4 @@ static void free_sessions(void)
+@@ -3377,4 +3311,4 @@ static void free_sessions(void)
first = NULL;
}
-#endif
+#endif /* OPENSSL_NO_SOCK */
-diff --git a/apps/s_socket.c b/apps/s_socket.c
-index 4653217..d16f5ad 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,106 +1,10 @@
@@ -13012,7 +16768,7 @@
*/
/* socket-related functions used by s_client and s_server */
-@@ -195,6 +99,8 @@ int init_client(int *sock, const char *host, const char *port,
+@@ -195,6 +99,8 @@ int init_client(int *sock, const char *h
if (*sock == INVALID_SOCKET) {
ERR_print_errors(bio_err);
} else {
@@ -13021,8 +16777,6 @@
ret = 1;
}
BIO_ADDRINFO_free(res);
-diff --git a/apps/s_time.c b/apps/s_time.c
-index 6890bc1..ecab515 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -1,67 +1,14 @@
@@ -13099,8 +16853,76 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-diff --git a/apps/sess_id.c b/apps/sess_id.c
-index f40f131..2b63e69 100644
+@@ -94,8 +41,6 @@
+ #undef BUFSIZZ
+ #define BUFSIZZ 1024*10
+
+-#define MYBUFSIZ 1024*8
+-
+ #undef min
+ #undef max
+ #define min(a,b) (((a) < (b)) ? (a) : (b))
+@@ -110,6 +55,8 @@ extern int verify_error;
+
+ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
+
++static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
++
+ typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
+@@ -162,11 +109,11 @@ int s_time_main(int argc, char **argv)
+ char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
+ double totalTime = 0.0;
+ int noCApath = 0, noCAfile = 0;
+- int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
+- 0, ver;
++ int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
+ long bytes_read = 0, finishtime = 0;
+ OPTION_CHOICE o;
+- int max_version = 0;
++ int max_version = 0, ver, buf_len;
++ size_t buf_size;
+
+ meth = TLS_client_method();
+ verify_depth = 0;
+@@ -229,8 +176,9 @@ int s_time_main(int argc, char **argv)
+ break;
+ case OPT_WWW:
+ www_path = opt_arg();
+- if (strlen(www_path) > MYBUFSIZ - 100) {
+- BIO_printf(bio_err, "%s: -www option too long\n", prog);
++ buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2; /* 2 is for %s */
++ if (buf_size > sizeof(buf)) {
++ BIO_printf(bio_err, "%s: -www option is too long\n", prog);
+ goto end;
+ }
+ break;
+@@ -285,9 +233,9 @@ int s_time_main(int argc, char **argv)
+ goto end;
+
+ if (www_path != NULL) {
+- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
+- www_path);
+- if (SSL_write(scon, buf, strlen(buf)) <= 0)
++ buf_len = BIO_snprintf(buf, sizeof buf,
++ fmt_http_get_cmd, www_path);
++ if (SSL_write(scon, buf, buf_len) <= 0)
+ goto end;
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+ bytes_read += i;
+@@ -343,8 +291,9 @@ int s_time_main(int argc, char **argv)
+ }
+
+ if (www_path != NULL) {
+- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path);
+- if (SSL_write(scon, buf, strlen(buf)) <= 0)
++ buf_len = BIO_snprintf(buf, sizeof buf,
++ fmt_http_get_cmd, www_path);
++ if (SSL_write(scon, buf, buf_len) <= 0)
+ goto end;
+ while (SSL_read(scon, buf, sizeof(buf)) > 0)
+ continue;
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -1,58 +1,10 @@
@@ -13168,8 +16990,6 @@
*/
#include <stdio.h>
-diff --git a/apps/smime.c b/apps/smime.c
-index 60daeb4..f9f3d23 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -1,59 +1,10 @@
@@ -13298,6 +17118,15 @@
break;
case OPT_RAND:
inrand = opt_arg();
+@@ -322,7 +275,7 @@ int smime_main(int argc, char **argv)
+ goto opthelp;
+ break;
+ case OPT_INKEY:
+- /* If previous -inkey arument add signer to list */
++ /* If previous -inkey argument add signer to list */
+ if (keyfile) {
+ if (signerfile == NULL) {
+ BIO_printf(bio_err,
@@ -623,11 +576,11 @@ int smime_main(int argc, char **argv)
PEM_write_bio_PKCS7(out, p7);
else {
@@ -13313,8 +17142,6 @@
if (outformat == FORMAT_SMIME) {
if (operation == SMIME_RESIGN)
rv = SMIME_write_PKCS7(out, p7, indata, flags);
-diff --git a/apps/speed.c b/apps/speed.c
-index 160841d..3b162e1 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,59 +1,12 @@
@@ -13384,7 +17211,81 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -1239,6 +1192,7 @@ static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_
+@@ -648,9 +601,11 @@ static int EVP_Digest_MD2_loop(void *arg
+ unsigned char *buf = tempargs->buf;
+ unsigned char md2[MD2_DIGEST_LENGTH];
+ int count;
+- for (count = 0; COND(c[D_MD2][testnum]); count++)
+- EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
+- EVP_md2(), NULL);
++ for (count = 0; COND(c[D_MD2][testnum]); count++) {
++ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
++ EVP_md2(), NULL))
++ return -1;
++ }
+ return count;
+ }
+ #endif
+@@ -662,9 +617,11 @@ static int EVP_Digest_MDC2_loop(void *ar
+ unsigned char *buf = tempargs->buf;
+ unsigned char mdc2[MDC2_DIGEST_LENGTH];
+ int count;
+- for (count = 0; COND(c[D_MDC2][testnum]); count++)
+- EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
+- EVP_mdc2(), NULL);
++ for (count = 0; COND(c[D_MDC2][testnum]); count++) {
++ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
++ EVP_mdc2(), NULL))
++ return -1;
++ }
+ return count;
+ }
+ #endif
+@@ -676,9 +633,11 @@ static int EVP_Digest_MD4_loop(void *arg
+ unsigned char *buf = tempargs->buf;
+ unsigned char md4[MD4_DIGEST_LENGTH];
+ int count;
+- for (count = 0; COND(c[D_MD4][testnum]); count++)
+- EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
+- NULL, EVP_md4(), NULL);
++ for (count = 0; COND(c[D_MD4][testnum]); count++) {
++ if (!EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
++ NULL, EVP_md4(), NULL))
++ return -1;
++ }
+ return count;
+ }
+ #endif
+@@ -764,9 +723,11 @@ static int EVP_Digest_RMD160_loop(void *
+ unsigned char *buf = tempargs->buf;
+ unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+ int count;
+- for (count = 0; COND(c[D_RMD160][testnum]); count++)
+- EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]), NULL,
+- EVP_ripemd160(), NULL);
++ for (count = 0; COND(c[D_RMD160][testnum]); count++) {
++ if (!EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]),
++ NULL, EVP_ripemd160(), NULL))
++ return -1;
++ }
+ return count;
+ }
+ #endif
+@@ -935,9 +896,10 @@ static int EVP_Digest_loop(void *args)
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int count;
+ for (count = 0;
+- COND(save_count * 4 * lengths[0] / lengths[testnum]); count++)
+- EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL);
+-
++ COND(save_count * 4 * lengths[0] / lengths[testnum]); count++) {
++ if (!EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL))
++ return -1;
++ }
+ return count;
+ }
+
+@@ -1239,6 +1201,7 @@ static int run_benchmark(int async_jobs,
int speed_main(int argc, char **argv)
{
loopargs_t *loopargs = NULL;
@@ -13392,7 +17293,7 @@
int loopargs_len = 0;
char *prog;
const EVP_CIPHER *evp_cipher = NULL;
-@@ -1565,7 +1519,8 @@ int speed_main(int argc, char **argv)
+@@ -1565,7 +1528,8 @@ int speed_main(int argc, char **argv)
/* Initialize the job pool if async mode is enabled */
if (async_jobs > 0) {
@@ -13402,7 +17303,7 @@
BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
goto end;
}
-@@ -2650,20 +2605,20 @@ int speed_main(int argc, char **argv)
+@@ -2650,20 +2614,20 @@ int speed_main(int argc, char **argv)
break;
}
}
@@ -13437,7 +17338,7 @@
}
}
-@@ -2846,7 +2801,9 @@ int speed_main(int argc, char **argv)
+@@ -2846,7 +2810,9 @@ int speed_main(int argc, char **argv)
if (async_jobs > 0) {
for (i = 0; i < loopargs_len; i++)
ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
@@ -13447,8 +17348,17 @@
ASYNC_cleanup_thread();
}
OPENSSL_free(loopargs);
-diff --git a/apps/spkac.c b/apps/spkac.c
-index 07f36d3..b6fc46d 100644
+@@ -2888,6 +2854,10 @@ static void pkey_print_message(const cha
+
+ static void print_result(int alg, int run_no, int count, double time_used)
+ {
++ if (count == -1) {
++ BIO_puts(bio_err, "EVP error!\n");
++ exit(1);
++ }
+ BIO_printf(bio_err,
+ mr ? "+R:%d:%s:%f\n"
+ : "%d %s's in %.2fs\n", count, names[alg], time_used);
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -1,60 +1,12 @@
@@ -13518,8 +17428,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-diff --git a/apps/srp.c b/apps/srp.c
-index 1bf2ee2..5ba9375 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -1,59 +1,10 @@
@@ -13587,7 +17495,40 @@
*/
#include <openssl/opensslconf.h>
-@@ -256,13 +207,12 @@ OPTIONS srp_options[] = {
+@@ -156,9 +107,12 @@ static int update_index(CA_DB *db, char
+ return 1;
+ }
+
+-static void lookup_fail(const char *name, const char *tag)
++static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+ {
+- BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
++ char *entry = NCONF_get_string(conf, section, tag);
++ if (entry == NULL)
++ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
++ return entry;
+ }
+
+ static char *srp_verify_user(const char *user, const char *srp_verifier,
+@@ -173,7 +127,7 @@ static char *srp_verify_user(const char
+ cb_tmp.prompt_info = user;
+ cb_tmp.password = passin;
+
+- if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
++ if (password_callback(password, sizeof(password), 0, &cb_tmp) > 0) {
+ if (verbose)
+ BIO_printf(bio_err,
+ "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+@@ -206,7 +160,7 @@ static char *srp_create_user(char *user,
+ cb_tmp.prompt_info = user;
+ cb_tmp.password = passout;
+
+- if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
++ if (password_callback(password, sizeof(password), 1, &cb_tmp) > 0) {
+ if (verbose)
+ BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+ user, g, N);
+@@ -256,13 +210,12 @@ OPTIONS srp_options[] = {
int srp_main(int argc, char **argv)
{
CA_DB *db = NULL;
@@ -13602,7 +17543,7 @@
char **gNrow = NULL, *configfile = NULL;
char *srpvfile = NULL, **pp, *prog;
OPTION_CHOICE o;
-@@ -360,7 +310,7 @@ int srp_main(int argc, char **argv)
+@@ -360,7 +313,7 @@ int srp_main(int argc, char **argv)
conf = app_load_config(configfile);
if (conf == NULL)
goto end;
@@ -13611,7 +17552,40 @@
goto end;
/* Lets get the config section we are using */
-@@ -401,7 +351,7 @@ int srp_main(int argc, char **argv)
+@@ -370,14 +323,12 @@ int srp_main(int argc, char **argv)
+ "trying to read " ENV_DEFAULT_SRP
+ " in " BASE_SECTION "\n");
+
+- section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+- if (section == NULL) {
+- lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
++ section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
++ if (section == NULL)
+ goto end;
+- }
+ }
+
+- if (randfile == NULL && conf)
++ if (randfile == NULL)
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+
+ if (verbose)
+@@ -385,12 +336,9 @@ int srp_main(int argc, char **argv)
+ "trying to read " ENV_DATABASE " in section \"%s\"\n",
+ section);
+
+- if ((srpvfile = NCONF_get_string(conf, section, ENV_DATABASE))
+- == NULL) {
+- lookup_fail(section, ENV_DATABASE);
++ srpvfile = lookup_conf(conf, section, ENV_DATABASE);
++ if (srpvfile == NULL)
+ goto end;
+- }
+-
+ }
+ if (randfile == NULL)
+ ERR_clear_error();
+@@ -401,7 +349,7 @@ int srp_main(int argc, char **argv)
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
srpvfile);
@@ -13620,8 +17594,25 @@
if (db == NULL)
goto end;
-@@ -646,7 +596,9 @@ int srp_main(int argc, char **argv)
+@@ -441,12 +389,11 @@ int srp_main(int argc, char **argv)
+ while (mode == OPT_LIST || user) {
+ int userindex = -1;
+- if (user)
+- if (verbose > 1)
+- BIO_printf(bio_err, "Processing user \"%s\"\n", user);
++
++ if (user != NULL && verbose > 1)
++ BIO_printf(bio_err, "Processing user \"%s\"\n", user);
+ if ((userindex = get_index(db, user, 'U')) >= 0) {
+- print_user(db, userindex, (verbose > 0)
+- || mode == OPT_LIST);
++ print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
+ }
+
+ if (mode == OPT_LIST) {
+@@ -646,7 +593,9 @@ int srp_main(int argc, char **argv)
+
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
- OPENSSL_free(tofree);
@@ -13631,8 +17622,6 @@
if (ret)
ERR_print_errors(bio_err);
if (randfile)
-diff --git a/apps/testdsa.h b/apps/testdsa.h
-index c72c71e..1e4502a 100644
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -1,50 +1,10 @@
@@ -13692,8 +17681,6 @@
*/
/* used by speed.c */
-diff --git a/apps/testrsa.h b/apps/testrsa.h
-index b163313..1350ce5 100644
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -1,59 +1,10 @@
@@ -13762,8 +17749,6 @@
*/
static unsigned char test512[] = {
-diff --git a/apps/timeouts.h b/apps/timeouts.h
-index dc83e9d..e023b0a 100644
--- a/apps/timeouts.h
+++ b/apps/timeouts.h
@@ -1,59 +1,10 @@
@@ -13831,8 +17816,6 @@
*/
#ifndef INCLUDED_TIMEOUTS_H
-diff --git a/apps/ts.c b/apps/ts.c
-index 70a9013..1ae57d2 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1,59 +1,10 @@
@@ -13950,30 +17933,80 @@
vpmtouched ? vpm : NULL);
}
-@@ -1015,7 +964,7 @@ static X509_STORE *create_cert_store(char *CApath, char *CAfile, X509_VERIFY_PAR
+@@ -543,28 +492,30 @@ static int create_digest(BIO *input, cha
+ unsigned char **md_value)
+ {
+ int md_value_len;
++ int rv = 0;
++ EVP_MD_CTX *md_ctx = NULL;
+
+ md_value_len = EVP_MD_size(md);
+ if (md_value_len < 0)
+ return 0;
+
+ if (input) {
+- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+ unsigned char buffer[4096];
+ int length;
+
++ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL)
+ return 0;
+ *md_value = app_malloc(md_value_len, "digest buffer");
+- EVP_DigestInit(md_ctx, md);
++ if (!EVP_DigestInit(md_ctx, md))
++ goto err;
+ while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
+- EVP_DigestUpdate(md_ctx, buffer, length);
+- }
+- if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) {
+- EVP_MD_CTX_free(md_ctx);
+- return 0;
++ if (!EVP_DigestUpdate(md_ctx, buffer, length))
++ goto err;
}
+- EVP_MD_CTX_free(md_ctx);
++ if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
++ goto err;
++ md_value_len = EVP_MD_size(md);
+ } else {
+ long digest_len;
+ *md_value = OPENSSL_hexstr2buf(digest, &digest_len);
+@@ -576,7 +527,10 @@ static int create_digest(BIO *input, cha
+ return 0;
+ }
}
+- return md_value_len;
++ rv = md_value_len;
++ err:
++ EVP_MD_CTX_free(md_ctx);
++ return rv;
+ }
+ static ASN1_INTEGER *create_nonce(int bits)
+@@ -1015,7 +969,7 @@ static X509_STORE *create_cert_store(cha
+ }
+ }
+
- if (vpm != NULL)
+ if (vpm != NULL)
X509_STORE_set1_param(cert_ctx, vpm);
return cert_ctx;
-@@ -1029,4 +978,4 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
+@@ -1029,4 +983,4 @@ static int verify_cb(int ok, X509_STORE_
{
return ok;
}
-#endif
+#endif /* ndef OPENSSL_NO_TS */
-diff --git a/apps/tsget.in b/apps/tsget.in
-index fe029f3..7067111 100644
--- a/apps/tsget.in
+++ b/apps/tsget.in
@@ -1,7 +1,11 @@
- #!{- $config{perl} -}
+-#!{- $config{perl} -}
-# Written by Zoltan Glozik <zglozik at stones.com>.
-# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
-$::version = '$Id: tsget,v 1.3 2009/09/07 17:57:18 steve Exp $';
++#!{- $config{hashbangperl} -}
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -13994,8 +18027,6 @@
# Options for POST method.
$curl->setopt(CURLOPT_UPLOAD, 1);
-diff --git a/apps/verify.c b/apps/verify.c
-index fa51783..40e19d4 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -1,58 +1,10 @@
@@ -14063,7 +18094,7 @@
*/
#include <stdio.h>
-@@ -262,6 +214,7 @@ static int check(X509_STORE *ctx, char *file,
+@@ -262,6 +214,7 @@ static int check(X509_STORE *ctx, char *
(file == NULL) ? "stdin" : file);
goto end;
}
@@ -14071,8 +18102,6 @@
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
printf("error %s: X.509 store context initialization failed\n",
-diff --git a/apps/version.c b/apps/version.c
-index 0a252e7..e3c8299 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -1,111 +1,10 @@
@@ -14193,8 +18222,6 @@
*/
#include <stdio.h>
-diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c
-index ecf21af..f83f716 100644
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
@@ -1,53 +1,10 @@
@@ -14256,9 +18283,6 @@
*/
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
-diff --git a/apps/winrand.c b/apps/winrand.c
-deleted file mode 100644
-index a5fe791..0000000
--- a/apps/winrand.c
+++ /dev/null
@@ -1,145 +0,0 @@
@@ -14407,8 +18431,6 @@
-
- return DefWindowProc(hwnd, iMsg, wParam, lParam);
-}
-diff --git a/apps/x509.c b/apps/x509.c
-index 6e6ee08..ed49c4e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1,58 +1,10 @@
@@ -14584,7 +18606,7 @@
OPENSSL_free(passin);
return (ret);
}
-@@ -991,6 +948,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+@@ -991,6 +948,10 @@ static int x509_certify(X509_STORE *ctx,
EVP_PKEY *upkey;
upkey = X509_get0_pubkey(xca);
@@ -14595,7 +18617,7 @@
EVP_PKEY_copy_parameters(upkey, pkey);
xsc = X509_STORE_CTX_new();
-@@ -1127,7 +1088,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+@@ -1127,7 +1088,7 @@ static int sign(X509 *x, EVP_PKEY *pkey,
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
{
int id, i, idret;
@@ -14604,11 +18626,9 @@
id = X509_PURPOSE_get_id(pt);
pname = X509_PURPOSE_get0_name(pt);
for (i = 0; i < 2; i++) {
-diff --git a/appveyor.yml b/appveyor.yml
-index 46eaf39..c668b39 100644
--- a/appveyor.yml
+++ b/appveyor.yml
-@@ -27,13 +27,27 @@ before_build:
+@@ -27,13 +27,27 @@
}
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
@@ -14637,8 +18657,6 @@
notifications:
- provider: Email
-diff --git a/build.info b/build.info
-index ab941f8..cfaa712 100644
--- a/build.info
+++ b/build.info
@@ -1,11 +1,22 @@
@@ -14667,29 +18685,43 @@
IF[{- $config{target} =~ /^Cygwin/ -}]
SHARED_NAME[libcrypto]=cygcrypto-{- $config{shlib_major}.".".$config{shlib_minor} -}
SHARED_NAME[libssl]=cygssl-{- $config{shlib_major}.".".$config{shlib_minor} -}
-diff --git a/config b/config
-index 9dfe1c3..1d33126 100755
+@@ -20,11 +31,11 @@ ENDIF
+ # VMS has a cultural standard where all libraries are prefixed.
+ # For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
+ # conversation with VSI, Tuesday January 26 2016)
+-# Also, it seems it's usual to have a suffix to the shared library name
+-# for the different pointer sizes that were built for.
++# Also, it seems it's usual to have the pointer size the libraries
++# were built for as part of the name.
+ IF[{- $config{target} =~ /^vms/ -}]
+- RENAME[libcrypto]=ossl$libcrypto
+- RENAME[libssl]=ossl$libssl
+- SHARED_NAME[libcrypto]=ossl$libcrypto_shr{- $target{pointer_size} -}
+- SHARED_NAME[libssl]=ossl$libssl_shr{- $target{pointer_size} -}
++ RENAME[libcrypto]=ossl$libcrypto{- $target{pointer_size} -}
++ RENAME[libssl]=ossl$libssl{- $target{pointer_size} -}
++ SHARED_NAME[libcrypto]=ossl$libcrypto{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -}
++ SHARED_NAME[libssl]=ossl$libssl{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -}
+ ENDIF
--- a/config
+++ b/config
@@ -1,25 +1,15 @@
#!/bin/sh
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # OpenSSL config: determine the operating system and run ./Configure
-+# Derived from minarch and GuessOS from Apache.
- #
+-# OpenSSL config: determine the operating system and run ./Configure
+-#
-# "config -h" for usage information.
-#
-# this is a merge of minarch and GuessOS from the Apache Group.
-# Originally written by Tim Hudson <tjh at cryptsoft.com>.
-
-# Original Apache Group comments on GuessOS
--
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
-# Simple OS/Platform guesser. Similar to config.guess but
-# much, much smaller. Since it was developed for use with
-# Apache, it follows under Apache's regular licensing
@@ -14697,7 +18729,9 @@
-# to this script should be Emailed to the Apache
-# group (apache at apache.org) in general and to
-# Jim Jagielski (jim at jaguNET.com) in specific.
--#
++# OpenSSL config: determine the operating system and run ./Configure
++# Derived from minarch and GuessOS from Apache.
+ #
-# Be as similar to the output of config.guess/config.sub
-# as possible.
-
@@ -14705,7 +18739,7 @@
SUFFIX=""
TEST="false"
EXE=""
-@@ -134,10 +124,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+@@ -134,10 +124,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
esac
;;
@@ -14716,7 +18750,7 @@
IRIX:6.*)
echo "mips3-sgi-irix"; exit 0
;;
-@@ -265,6 +251,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+@@ -265,6 +251,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
Power*)
echo "ppc-apple-darwin${VERSION}"
;;
@@ -14836,8 +18870,6 @@
*-*-osf) OUT="osf1-alpha-cc" ;;
*-*-tru64) OUT="tru64-alpha-cc" ;;
-diff --git a/config.com b/config.com
-index 4151a88..015de51 100644
--- a/config.com
+++ b/config.com
@@ -1,4 +1,10 @@
@@ -14851,44 +18883,48 @@
$ !
$ ! Very simple for the moment, it will take the following arguments:
$ !
-diff --git a/crypto/LPdir_nyi.c b/crypto/LPdir_nyi.c
-index 283d5b0..18566fd 100644
+@@ -8,7 +14,7 @@
+ $ ! -h prints a usage and exits
+ $ ! -t test mode, doesn't run Configure
+ $
+-$ arch == f$edit( f$getsyi( "arch_name"), "lowercase")
++$ arch = f$edit( f$getsyi( "arch_name"), "lowercase")
+ $ pointer_size = ""
+ $ test = 0
+ $ here = F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"),,,"SYNTAX_ONLY") - "A.;"
--- a/crypto/LPdir_nyi.c
+++ b/crypto/LPdir_nyi.c
-@@ -1,4 +1,13 @@
+@@ -1,6 +1,12 @@
/*
+- * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
-+ */
+ */
+
-+/*
- * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
- */
/*
-diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
-index 1428cd1..8f27f70 100644
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
-@@ -1,4 +1,13 @@
+@@ -1,7 +1,12 @@
/*
+- * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
+- * $
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
-+ */
+ */
+
-+/*
- * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
- * $
- */
-diff --git a/crypto/LPdir_vms.c b/crypto/LPdir_vms.c
-index 362918d..1a5b60f 100644
+ /*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
--- a/crypto/LPdir_vms.c
+++ b/crypto/LPdir_vms.c
@@ -1,4 +1,13 @@
@@ -14905,84 +18941,217 @@
* Copyright (c) 2004, Richard Levitte <richard at levitte.org>
* All rights reserved.
*
-diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c
-index 4ff514f..71103da 100644
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
-@@ -1,28 +1,12 @@
+@@ -1,4 +1,13 @@
/*
-- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
-- * All rights reserved.
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
++ */
++
++/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+@@ -23,8 +32,10 @@
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+
#include <windows.h>
#include <tchar.h>
++#include "internal/numbers.h"
#ifndef LPDIR_H
-diff --git a/crypto/LPdir_win32.c b/crypto/LPdir_win32.c
-index b1c983d..8f6d6ad 100644
+ # include "LPdir.h"
+ #endif
+@@ -45,6 +56,12 @@
+ # define NAME_MAX 255
+ #endif
+
++#ifdef CP_UTF8
++# define CP_DEFAULT CP_UTF8
++#else
++# define CP_DEFAULT CP_ACP
++#endif
++
+ struct LP_dir_context_st {
+ WIN32_FIND_DATA ctx;
+ HANDLE handle;
+@@ -60,11 +77,9 @@ const char *LP_find_file(LP_DIR_CTX **ct
+
+ errno = 0;
+ if (*ctx == NULL) {
+- const char *extdir = directory;
+- char *extdirbuf = NULL;
+ size_t dirlen = strlen(directory);
+
+- if (dirlen == 0) {
++ if (dirlen == 0 || dirlen > INT_MAX - 3) {
+ errno = ENOENT;
+ return 0;
+ }
+@@ -76,50 +91,76 @@ const char *LP_find_file(LP_DIR_CTX **ct
+ }
+ memset(*ctx, 0, sizeof(**ctx));
+
+- if (directory[dirlen - 1] != '*') {
+- extdirbuf = (char *)malloc(dirlen + 3);
+- if (extdirbuf == NULL) {
+- free(*ctx);
+- *ctx = NULL;
+- errno = ENOMEM;
+- return 0;
+- }
+- if (directory[dirlen - 1] != '/' && directory[dirlen - 1] != '\\')
+- extdir = strcat(strcpy(extdirbuf, directory), "/*");
+- else
+- extdir = strcat(strcpy(extdirbuf, directory), "*");
+- }
+-
+ if (sizeof(TCHAR) != sizeof(char)) {
+ TCHAR *wdir = NULL;
+ /* len_0 denotes string length *with* trailing 0 */
+- size_t index = 0, len_0 = strlen(extdir) + 1;
++ size_t index = 0, len_0 = dirlen + 1;
++#ifdef LP_MULTIBYTE_AVAILABLE
++ int sz = 0;
++ UINT cp;
+
+- wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
+- if (wdir == NULL) {
+- if (extdirbuf != NULL) {
+- free(extdirbuf);
++ do {
++# ifdef CP_UTF8
++ if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
++ directory, len_0,
++ NULL, 0)) > 0 ||
++ GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
++ break;
++# endif
++ sz = MultiByteToWideChar((cp = CP_ACP), 0,
++ directory, len_0,
++ NULL, 0);
++ } while (0);
++
++ if (sz > 0) {
++ /*
++ * allocate two additional characters in case we need to
++ * concatenate asterisk, |sz| covers trailing '\0'!
++ */
++ wdir = _alloca((sz + 2) * sizeof(TCHAR));
++ if (!MultiByteToWideChar(cp, 0, directory, len_0,
++ (WCHAR *)wdir, sz)) {
++ free(*ctx);
++ *ctx = NULL;
++ errno = EINVAL;
++ return 0;
+ }
+- free(*ctx);
+- *ctx = NULL;
+- errno = ENOMEM;
+- return 0;
+- }
+-#ifdef LP_MULTIBYTE_AVAILABLE
+- if (!MultiByteToWideChar
+- (CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
++ } else
+ #endif
++ {
++ sz = len_0;
++ /*
++ * allocate two additional characters in case we need to
++ * concatenate asterisk, |sz| covers trailing '\0'!
++ */
++ wdir = _alloca((sz + 2) * sizeof(TCHAR));
+ for (index = 0; index < len_0; index++)
+- wdir[index] = (TCHAR)extdir[index];
++ wdir[index] = (TCHAR)directory[index];
++ }
+
+- (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
++ sz--; /* wdir[sz] is trailing '\0' now */
++ if (wdir[sz - 1] != TEXT('*')) {
++ if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\'))
++ _tcscpy(wdir + sz, TEXT("/*"));
++ else
++ _tcscpy(wdir + sz, TEXT("*"));
++ }
+
+- free(wdir);
++ (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+ } else {
+- (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
+- }
+- if (extdirbuf != NULL) {
+- free(extdirbuf);
++ if (directory[dirlen - 1] != '*') {
++ char *buf = _alloca(dirlen + 3);
++
++ strcpy(buf, directory);
++ if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\')
++ strcpy(buf + dirlen, "/*");
++ else
++ strcpy(buf + dirlen, "*");
++
++ directory = buf;
++ }
++
++ (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+ }
+
+ if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+@@ -142,9 +183,9 @@ const char *LP_find_file(LP_DIR_CTX **ct
+ len_0++;
+
+ #ifdef LP_MULTIBYTE_AVAILABLE
+- if (!WideCharToMultiByte
+- (CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+- sizeof((*ctx)->entry_name), NULL, 0))
++ if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
++ (*ctx)->entry_name,
++ sizeof((*ctx)->entry_name), NULL, 0))
+ #endif
+ for (index = 0; index < len_0; index++)
+ (*ctx)->entry_name[index] = (char)wdir[index];
--- a/crypto/LPdir_win32.c
+++ b/crypto/LPdir_win32.c
-@@ -1,4 +1,13 @@
+@@ -1,7 +1,12 @@
/*
+- * $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
+- * $
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
-+ */
+ */
+
-+/*
- * $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
- * $
- */
-diff --git a/crypto/LPdir_wince.c b/crypto/LPdir_wince.c
-index ae8a56f..163479e 100644
+ /*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
--- a/crypto/LPdir_wince.c
+++ b/crypto/LPdir_wince.c
-@@ -1,4 +1,13 @@
+@@ -1,7 +1,12 @@
/*
+- * $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
+- * $
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
-+ */
+ */
+
-+/*
- * $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
- * $
- */
-diff --git a/crypto/Makefile.in b/crypto/Makefile.in
-deleted file mode 100644
-index 60304ac..0000000
+ /*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
--- a/crypto/Makefile.in
+++ /dev/null
@@ -1,117 +0,0 @@
@@ -15103,9 +19272,6 @@
- @target=clean; $(RECURSIVE_MAKE)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/aes/Makefile.in b/crypto/aes/Makefile.in
-deleted file mode 100644
-index 0dc96e4..0000000
--- a/crypto/aes/Makefile.in
+++ /dev/null
@@ -1,106 +0,0 @@
@@ -15215,8 +19381,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c
-index 826de68..342841f 100644
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@@ -1,51 +1,10 @@
@@ -15277,8 +19441,6 @@
*/
#include <openssl/aes.h>
-diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c
-index 3962c3e..f010e3c 100644
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -1,51 +1,10 @@
@@ -15339,8 +19501,6 @@
*/
#include <openssl/aes.h>
-diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
-index 837d4fe..69be3d8 100644
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -1,3 +1,12 @@
@@ -15356,7 +19516,31 @@
/**
* rijndael-alg-fst.c
*
-@@ -1346,7 +1355,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+@@ -635,9 +644,9 @@ int AES_set_encrypt_key(const unsigned c
+
+ rk = key->rd_key;
+
+- if (bits==128)
++ if (bits == 128)
+ key->rounds = 10;
+- else if (bits==192)
++ else if (bits == 192)
+ key->rounds = 12;
+ else
+ key->rounds = 14;
+@@ -1213,9 +1222,9 @@ int AES_set_encrypt_key(const unsigned c
+
+ rk = key->rd_key;
+
+- if (bits==128)
++ if (bits == 128)
+ key->rounds = 10;
+- else if (bits==192)
++ else if (bits == 192)
+ key->rounds = 12;
+ else
+ key->rounds = 14;
+@@ -1346,7 +1355,7 @@ int AES_set_decrypt_key(const unsigned c
rk[j] = tpe ^ ROTATE(tpd,16) ^
ROTATE(tp9,24) ^ ROTATE(tpb,8);
#else
@@ -15365,8 +19549,6 @@
(tp9 >> 8) ^ (tp9 << 24) ^
(tpb >> 24) ^ (tpb << 8);
#endif
-diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c
-index 6639c78..29bfc1a 100644
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@@ -1,51 +1,10 @@
@@ -15427,8 +19609,6 @@
*/
#include <assert.h>
-diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
-index f8f4ba5..9125264 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -1,51 +1,10 @@
@@ -15489,8 +19669,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h
-index e49f357..adee29d 100644
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@@ -1,51 +1,10 @@
@@ -15551,8 +19729,6 @@
*/
#ifndef HEADER_AES_LOCL_H
-diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
-index ca84a6c..7403c84 100644
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@@ -1,51 +1,10 @@
@@ -15613,8 +19789,6 @@
*/
#include <openssl/opensslv.h>
-diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c
-index bc24038..215b538 100644
--- a/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
@@ -1,51 +1,10 @@
@@ -15675,8 +19849,6 @@
*/
#include <openssl/aes.h>
-diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
-index c9cd3d3..cae0b21 100644
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
@@ -1,54 +1,10 @@
@@ -15739,8 +19911,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c
-index 1b64f5b..95b49bb 100644
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@@ -1,3 +1,12 @@
@@ -15756,7 +19926,7 @@
/**
* rijndael-alg-fst.c
*
-@@ -612,7 +621,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+@@ -612,7 +621,7 @@ int AES_set_decrypt_key(const unsigned c
rk[j] = tpe ^ ROTATE(tpd,16) ^
ROTATE(tp9,8) ^ ROTATE(tpb,24);
#else
@@ -15765,7 +19935,7 @@
(tp9 >> 24) ^ (tp9 << 8) ^
(tpb >> 8) ^ (tpb << 24);
#endif
-@@ -901,7 +910,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@@ -901,7 +910,7 @@ void AES_decrypt(const unsigned char *in
(u32)Td4[(s1 >> 16) & 0xff] << 16 ^
(u32)Td4[(s0 >> 24) ] << 24;
@@ -15774,7 +19944,7 @@
{
int i;
u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-@@ -925,7 +934,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@@ -925,7 +934,7 @@ void AES_decrypt(const unsigned char *in
t[i] = tpe ^ ROTATE(tpd,16) ^
ROTATE(tp9,8) ^ ROTATE(tpb,24);
#else
@@ -15783,7 +19953,7 @@
(tp9 >> 24) ^ (tp9 << 8) ^
(tpb >> 8) ^ (tpb << 24);
#endif
-@@ -978,7 +987,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@@ -978,7 +987,7 @@ void AES_decrypt(const unsigned char *in
(u32)Td4[(s1 >> 16) & 0xff] << 16 ^
(u32)Td4[(s0 >> 24) ] << 24;
@@ -15792,7 +19962,7 @@
{
int i;
u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-@@ -1002,7 +1011,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@@ -1002,7 +1011,7 @@ void AES_decrypt(const unsigned char *in
t[i] = tpe ^ ROTATE(tpd,16) ^
ROTATE(tp9,8) ^ ROTATE(tpb,24);
#else
@@ -15801,8 +19971,6 @@
(tp9 >> 24) ^ (tp9 << 8) ^
(tpb >> 8) ^ (tpb << 24);
#endif
-diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
-index 5a7f1b4..1ba3565 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -1,4 +1,11 @@
@@ -15818,8 +19986,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
-index 3efe415..16d79aa 100644
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl
@@ -1,4 +1,11 @@
@@ -15835,8 +20001,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl
-index 54426f7..19d2cc1 100644
--- a/crypto/aes/asm/aes-c64xplus.pl
+++ b/crypto/aes/asm/aes-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -15852,8 +20016,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
-index 7f6c4c3..ef44f7c 100644
--- a/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
@@ -1,3 +1,10 @@
@@ -15867,8 +20029,6 @@
// ====================================================================
// Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
// project. Rights for redistribution and usage in source and binary
-diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl
-index 77dfe1a..439578d 100644
--- a/crypto/aes/asm/aes-mips.pl
+++ b/crypto/aes/asm/aes-mips.pl
@@ -1,4 +1,11 @@
@@ -15900,7 +20060,7 @@
$PTR_ADD="add";
$PTR_SUB="sub";
$PTR_INS="ins";
-@@ -110,7 +119,7 @@ ___
+@@ -110,7 +119,7 @@ my ($MSB,$LSB)=(0,3); # automatically co
�
{{{
my $FRAMESIZE=16*$SZREG;
@@ -15909,7 +20069,7 @@
my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7);
my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
-@@ -646,7 +655,7 @@ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
+@@ -646,7 +655,7 @@ my ($key0,$cnt)=($gp,$fp);
___
$code.=<<___;
.set reorder
@@ -15918,7 +20078,7 @@
lwl $s0,0+$MSB($inp)
lwl $s1,4+$MSB($inp)
-@@ -1217,7 +1226,7 @@ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
+@@ -1217,7 +1226,7 @@ my ($key0,$cnt)=($gp,$fp);
___
$code.=<<___;
.set reorder
@@ -15927,7 +20087,7 @@
lwl $s0,0+$MSB($inp)
lwl $s1,4+$MSB($inp)
-@@ -1267,7 +1276,7 @@ ___
+@@ -1267,7 +1276,7 @@ my ($key0,$cnt)=($gp,$fp);
�
{{{
my $FRAMESIZE=8*$SZREG;
@@ -15936,7 +20096,7 @@
my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3);
my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
-@@ -1556,7 +1565,7 @@ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
+@@ -1556,7 +1565,7 @@ my ($rcon,$cnt)=($gp,$fp);
___
$code.=<<___;
.set reorder
@@ -15945,7 +20105,7 @@
bal _mips_AES_set_encrypt_key
-@@ -1611,7 +1620,7 @@ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
+@@ -1611,7 +1620,7 @@ my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)
___
$code.=<<___;
.set reorder
@@ -15954,8 +20114,6 @@
bal _mips_AES_set_encrypt_key
-diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl
-index 714dcfb..2c785bc 100644
--- a/crypto/aes/asm/aes-parisc.pl
+++ b/crypto/aes/asm/aes-parisc.pl
@@ -1,4 +1,11 @@
@@ -15971,8 +20129,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl
-index 5b83016..d02dde5 100644
--- a/crypto/aes/asm/aes-ppc.pl
+++ b/crypto/aes/asm/aes-ppc.pl
@@ -1,4 +1,11 @@
@@ -15988,8 +20144,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
-index 4aacf1b..a93d601 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -1,4 +1,11 @@
@@ -16005,7 +20159,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -818,13 +825,9 @@ $code.=<<___ if (!$softonly);
+@@ -818,13 +825,9 @@ sub _data_word()
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
@@ -16022,7 +20176,7 @@
jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits...
-@@ -1444,13 +1447,10 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
+@@ -1444,13 +1447,10 @@ my $fp ="%r7";
llgfr $s0,%r0
lgr $s1,%r1
@@ -16038,7 +20192,7 @@
lgr %r0,$s0
lgr %r1,$s1
jz .Lctr32_km_loop
-@@ -1597,12 +1597,10 @@ $code.=<<___ if(1);
+@@ -1597,12 +1597,10 @@ my $tweak=16*$SIZE_T+16; # or $stdframe-
llgfr $s0,%r0 # put aside the function code
lghi $s1,0x7f
nr $s1,%r0
@@ -16055,7 +20209,7 @@
lgr %r0,$s0 # restore the function code
la %r1,0($key1) # restore $key1
jz .Lxts_km_vanilla
-@@ -2229,7 +2227,7 @@ ___
+@@ -2229,7 +2227,7 @@ my $tweak=16*$SIZE_T+16; # or $stdframe-
}
$code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
@@ -16064,8 +20218,6 @@
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
-diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl
-index 9eb0c3d..883fae8 100755
--- a/crypto/aes/asm/aes-sparcv9.pl
+++ b/crypto/aes/asm/aes-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -16081,8 +20233,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
-index e95593e..ce4ca30 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -1,4 +1,11 @@
@@ -16098,7 +20248,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -37,7 +44,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -37,7 +44,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -16107,12 +20257,9 @@
*STDOUT=*OUT;
$verticalspin=1; # unlike 32-bit version $verticalspin performs
-diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl
-new file mode 100755
-index 0000000..c72f865
--- /dev/null
+++ b/crypto/aes/asm/aesfx-sparcv9.pl
-@@ -0,0 +1,446 @@
+@@ -0,0 +1,1270 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -16133,6 +20280,20 @@
+#
+# Initial support for Fujitsu SPARC64 X/X+ comprises minimally
+# required key setup and single-block procedures.
++#
++# April 2016
++#
++# Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means
++# that parallelizeable nature of CBC decrypt and CTR is not utilized
++# yet. CBC encrypt on the other hand is as good as it can possibly
++# get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X.
++# This is ~6x faster than pure software implementation...
++#
++# July 2016
++#
++# Switch from faligndata to fshiftorx, which allows to omit alignaddr
++# instructions and improve single-block and short-input performance
++# with misaligned data.
+
+$output = pop;
+open STDOUT,">$output";
@@ -16141,34 +20302,44 @@
+my ($inp,$out,$key,$rounds,$tmp,$mask) = map("%o$_",(0..5));
+
+$code.=<<___;
++#include "sparc_arch.h"
++
++#define LOCALS (STACK_BIAS+STACK_FRAME)
++
+.text
+
+.globl aes_fx_encrypt
+.align 32
+aes_fx_encrypt:
+ and $inp, 7, $tmp ! is input aligned?
-+ alignaddr $inp, %g0, $inp
++ andn $inp, 7, $inp
++ ldd [$key + 0], %f6 ! round[0]
++ ldd [$key + 8], %f8
++ mov %o7, %g1
+ ld [$key + 240], $rounds
-+ ldd [$key + 0], %f6
-+ ldd [$key + 8], %f8
+
++1: call .+8
++ add %o7, .Linp_align-1b, %o7
++
++ sll $tmp, 3, $tmp
+ ldd [$inp + 0], %f0 ! load input
+ brz,pt $tmp, .Lenc_inp_aligned
+ ldd [$inp + 8], %f2
+
++ ldd [%o7 + $tmp], %f14 ! shift left params
+ ldd [$inp + 16], %f4
-+ faligndata %f0, %f2, %f0
-+ faligndata %f2, %f4, %f2
++ fshiftorx %f0, %f2, %f14, %f0
++ fshiftorx %f2, %f4, %f14, %f2
+
+.Lenc_inp_aligned:
-+ ldd [$key + 16], %f10
++ ldd [$key + 16], %f10 ! round[1]
+ ldd [$key + 24], %f12
-+ add $key, 32, $key
+
+ fxor %f0, %f6, %f0 ! ^=round[0]
+ fxor %f2, %f8, %f2
-+ ldd [$key + 0], %f6
-+ ldd [$key + 8], %f8
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++ add $key, 32, $key
+ sub $rounds, 4, $rounds
+
+.Loop_enc:
@@ -16189,35 +20360,41 @@
+ sub $rounds, 2, $rounds
+
+ andcc $out, 7, $tmp ! is output aligned?
++ andn $out, 7, $out
+ mov 0xff, $mask
-+ alignaddrl $out, %g0, $out
+ srl $mask, $tmp, $mask
++ add %o7, 64, %o7
++ sll $tmp, 3, $tmp
+
+ fmovd %f0, %f4
+ faesencx %f2, %f10, %f0
+ faesencx %f4, %f12, %f2
++ ldd [%o7 + $tmp], %f14 ! shift right params
++
+ fmovd %f0, %f4
+ faesenclx %f2, %f6, %f0
+ faesenclx %f4, %f8, %f2
+
+ bnz,pn %icc, .Lenc_out_unaligned
-+ nop
++ mov %g1, %o7
+
+ std %f0, [$out + 0]
+ retl
+ std %f2, [$out + 8]
+
++.align 16
+.Lenc_out_unaligned:
-+ faligndata %f0, %f0, %f4
-+ faligndata %f0, %f2, %f6
-+ faligndata %f2, %f2, %f8
++ add $out, 16, $inp
++ orn %g0, $mask, $tmp
++ fshiftorx %f0, %f0, %f14, %f4
++ fshiftorx %f0, %f2, %f14, %f6
++ fshiftorx %f2, %f2, %f14, %f8
+
+ stda %f4, [$out + $mask]0xc0 ! partial store
+ std %f6, [$out + 8]
-+ add $out, 16, $out
-+ orn %g0, $mask, $mask
++ stda %f8, [$inp + $tmp]0xc0 ! partial store
+ retl
-+ stda %f8, [$out + $mask]0xc0 ! partial store
++ nop
+.type aes_fx_encrypt,#function
+.size aes_fx_encrypt,.-aes_fx_encrypt
+
@@ -16225,28 +20402,34 @@
+.align 32
+aes_fx_decrypt:
+ and $inp, 7, $tmp ! is input aligned?
-+ alignaddr $inp, %g0, $inp
++ andn $inp, 7, $inp
++ ldd [$key + 0], %f6 ! round[0]
++ ldd [$key + 8], %f8
++ mov %o7, %g1
+ ld [$key + 240], $rounds
-+ ldd [$key + 0], %f6
-+ ldd [$key + 8], %f8
+
++1: call .+8
++ add %o7, .Linp_align-1b, %o7
++
++ sll $tmp, 3, $tmp
+ ldd [$inp + 0], %f0 ! load input
+ brz,pt $tmp, .Ldec_inp_aligned
+ ldd [$inp + 8], %f2
+
++ ldd [%o7 + $tmp], %f14 ! shift left params
+ ldd [$inp + 16], %f4
-+ faligndata %f0, %f2, %f0
-+ faligndata %f2, %f4, %f2
++ fshiftorx %f0, %f2, %f14, %f0
++ fshiftorx %f2, %f4, %f14, %f2
+
+.Ldec_inp_aligned:
-+ ldd [$key + 16], %f10
++ ldd [$key + 16], %f10 ! round[1]
+ ldd [$key + 24], %f12
-+ add $key, 32, $key
+
+ fxor %f0, %f6, %f0 ! ^=round[0]
+ fxor %f2, %f8, %f2
-+ ldd [$key + 0], %f6
-+ ldd [$key + 8], %f8
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++ add $key, 32, $key
+ sub $rounds, 4, $rounds
+
+.Loop_dec:
@@ -16267,35 +20450,41 @@
+ sub $rounds, 2, $rounds
+
+ andcc $out, 7, $tmp ! is output aligned?
++ andn $out, 7, $out
+ mov 0xff, $mask
-+ alignaddrl $out, %g0, $out
+ srl $mask, $tmp, $mask
++ add %o7, 64, %o7
++ sll $tmp, 3, $tmp
+
+ fmovd %f0, %f4
+ faesdecx %f2, %f10, %f0
+ faesdecx %f4, %f12, %f2
++ ldd [%o7 + $tmp], %f14 ! shift right params
++
+ fmovd %f0, %f4
+ faesdeclx %f2, %f6, %f0
+ faesdeclx %f4, %f8, %f2
+
+ bnz,pn %icc, .Ldec_out_unaligned
-+ nop
++ mov %g1, %o7
+
+ std %f0, [$out + 0]
+ retl
+ std %f2, [$out + 8]
+
++.align 16
+.Ldec_out_unaligned:
-+ faligndata %f0, %f0, %f4
-+ faligndata %f0, %f2, %f6
-+ faligndata %f2, %f2, %f8
++ add $out, 16, $inp
++ orn %g0, $mask, $tmp
++ fshiftorx %f0, %f0, %f14, %f4
++ fshiftorx %f0, %f2, %f14, %f6
++ fshiftorx %f2, %f2, %f14, %f8
+
+ stda %f4, [$out + $mask]0xc0 ! partial store
+ std %f6, [$out + 8]
-+ add $out, 16, $out
-+ orn %g0, $mask, $mask
++ stda %f8, [$inp + $tmp]0xc0 ! partial store
+ retl
-+ stda %f8, [$out + $mask]0xc0 ! partial store
++ nop
+.type aes_fx_decrypt,#function
+.size aes_fx_decrypt,.-aes_fx_decrypt
+___
@@ -16317,11 +20506,19 @@
+.align 32
+aes_fx_set_encrypt_key:
+ mov 1, $inc
++ nop
+.Lset_encrypt_key:
+ and $inp, 7, $tmp
-+ alignaddr $inp, %g0, $inp
-+ nop
++ andn $inp, 7, $inp
++ sll $tmp, 3, $tmp
++ mov %o7, %g1
+
++1: call .+8
++ add %o7, .Linp_align-1b, %o7
++
++ ldd [%o7 + $tmp], %f10 ! shift left params
++ mov %g1, %o7
++
+ cmp $bits, 192
+ ldd [$inp + 0], %f0
+ bl,pt %icc, .L128
@@ -16333,10 +20530,10 @@
+ ldd [$inp + 24], %f6
+
+ ldd [$inp + 32], %f8
-+ faligndata %f0, %f2, %f0
-+ faligndata %f2, %f4, %f2
-+ faligndata %f4, %f6, %f4
-+ faligndata %f6, %f8, %f6
++ fshiftorx %f0, %f2, %f10, %f0
++ fshiftorx %f2, %f4, %f10, %f2
++ fshiftorx %f4, %f6, %f10, %f4
++ fshiftorx %f6, %f8, %f10, %f6
+
+.L256aligned:
+ mov 14, $bits
@@ -16365,11 +20562,11 @@
+ std %f2, [$out + 8]
+ add $out, $inc, $out
+ faeskeyx %f0, 0x00, %f2
-+ std %f4,[$out+0]
-+ std %f6,[$out+8]
++ std %f4,[$out + 0]
++ std %f6,[$out + 8]
+ add $out, $inc, $out
-+ std %f0,[$out+0]
-+ std %f2,[$out+8]
++ std %f0,[$out + 0]
++ std %f2,[$out + 8]
+ retl
+ xor %o0, %o0, %o0 ! return 0
+
@@ -16379,9 +20576,9 @@
+ nop
+
+ ldd [$inp + 24], %f6
-+ faligndata %f0, %f2, %f0
-+ faligndata %f2, %f4, %f2
-+ faligndata %f4, %f6, %f4
++ fshiftorx %f0, %f2, %f10, %f0
++ fshiftorx %f2, %f4, %f10, %f2
++ fshiftorx %f4, %f6, %f10, %f4
+
+.L192aligned:
+ mov 12, $bits
@@ -16423,8 +20620,8 @@
+ nop
+
+ ldd [$inp + 16], %f4
-+ faligndata %f0, %f2, %f0
-+ faligndata %f2, %f4, %f2
++ fshiftorx %f0, %f2, %f10, %f0
++ fshiftorx %f2, %f4, %f10, %f2
+
+.L128aligned:
+ mov 10, $bits
@@ -16451,7 +20648,749 @@
+.size aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key
+___
+}
++{
++my ($inp,$out,$len,$key,$ivp,$dir) = map("%i$_",(0..5));
++my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
++my ($iv0,$iv1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
++ = map("%f$_",grep { !($_ & 1) } (16 .. 62));
++my ($ileft,$iright) = ($ialign,$oalign);
+
++$code.=<<___;
++.globl aes_fx_cbc_encrypt
++.align 32
++aes_fx_cbc_encrypt:
++ save %sp, -STACK_FRAME-16, %sp
++ srln $len, 4, $len
++ and $inp, 7, $ialign
++ andn $inp, 7, $inp
++ brz,pn $len, .Lcbc_no_data
++ sll $ialign, 3, $ileft
++
++1: call .+8
++ add %o7, .Linp_align-1b, %o7
++
++ ld [$key + 240], $rounds
++ and $out, 7, $oalign
++ ld [$ivp + 0], %f0 ! load ivec
++ andn $out, 7, $out
++ ld [$ivp + 4], %f1
++ sll $oalign, 3, $mask
++ ld [$ivp + 8], %f2
++ ld [$ivp + 12], %f3
++
++ sll $rounds, 4, $rounds
++ add $rounds, $key, $end
++ ldd [$key + 0], $r0hi ! round[0]
++ ldd [$key + 8], $r0lo
++
++ add $inp, 16, $inp
++ sub $len, 1, $len
++ ldd [$end + 0], $rlhi ! round[last]
++ ldd [$end + 8], $rllo
++
++ mov 16, $inc
++ movrz $len, 0, $inc
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ ldd [%o7 + $ileft], $fshift ! shift left params
++ add %o7, 64, %o7
++ ldd [$inp - 16], $in0 ! load input
++ ldd [$inp - 8], $in1
++ ldda [$inp]0x82, $intail ! non-faulting load
++ brz $dir, .Lcbc_decrypt
++ add $inp, $inc, $inp ! inp+=16
++
++ fxor $r0hi, %f0, %f0 ! ivec^=round[0]
++ fxor $r0lo, %f2, %f2
++ fshiftorx $in0, $in1, $fshift, $in0
++ fshiftorx $in1, $intail, $fshift, $in1
++ nop
++
++.Loop_cbc_enc:
++ fxor $in0, %f0, %f0 ! inp^ivec^round[0]
++ fxor $in1, %f2, %f2
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++ add $key, 32, $end
++ sub $rounds, 16*6, $inner
++
++.Lcbc_enc:
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10
++ ldd [$end + 24], %f12
++ add $end, 32, $end
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ ldd [$end + 0], %f6
++ ldd [$end + 8], %f8
++
++ brnz,a $inner, .Lcbc_enc
++ sub $inner, 16*2, $inner
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10 ! round[last-1]
++ ldd [$end + 24], %f12
++
++ movrz $len, 0, $inc
++ fmovd $intail, $in0
++ ldd [$inp - 8], $in1 ! load next input block
++ ldda [$inp]0x82, $intail ! non-faulting load
++ add $inp, $inc, $inp ! inp+=16
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++
++ fshiftorx $in0, $in1, $fshift, $in0
++ fshiftorx $in1, $intail, $fshift, $in1
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ fxor $r0hi, $in0, $in0 ! inp^=round[0]
++ fxor $r0lo, $in1, $in1
++
++ fmovd %f0, %f4
++ faesenclx %f2, $rlhi, %f0
++ faesenclx %f4, $rllo, %f2
++
++ brnz,pn $oalign, .Lcbc_enc_unaligned_out
++ nop
++
++ std %f0, [$out + 0]
++ std %f2, [$out + 8]
++ add $out, 16, $out
++
++ brnz,a $len, .Loop_cbc_enc
++ sub $len, 1, $len
++
++ st %f0, [$ivp + 0] ! output ivec
++ st %f1, [$ivp + 4]
++ st %f2, [$ivp + 8]
++ st %f3, [$ivp + 12]
++
++.Lcbc_no_data:
++ ret
++ restore
++
++.align 32
++.Lcbc_enc_unaligned_out:
++ ldd [%o7 + $mask], $fshift ! shift right params
++ mov 0xff, $mask
++ srl $mask, $oalign, $mask
++ sub %g0, $ileft, $iright
++
++ fshiftorx %f0, %f0, $fshift, %f6
++ fshiftorx %f0, %f2, $fshift, %f8
++
++ stda %f6, [$out + $mask]0xc0 ! partial store
++ orn %g0, $mask, $mask
++ std %f8, [$out + 8]
++ add $out, 16, $out
++ brz $len, .Lcbc_enc_unaligned_out_done
++ sub $len, 1, $len
++ b .Loop_cbc_enc_unaligned_out
++ nop
++
++.align 32
++.Loop_cbc_enc_unaligned_out:
++ fmovd %f2, $outhead
++ fxor $in0, %f0, %f0 ! inp^ivec^round[0]
++ fxor $in1, %f2, %f2
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$key + 48], %f10 ! round[3]
++ ldd [$key + 56], %f12
++
++ ldx [$inp - 16], %o0
++ ldx [$inp - 8], %o1
++ brz $ileft, .Lcbc_enc_aligned_inp
++ movrz $len, 0, $inc
++
++ ldx [$inp], %o2
++ sllx %o0, $ileft, %o0
++ srlx %o1, $iright, %g1
++ sllx %o1, $ileft, %o1
++ or %g1, %o0, %o0
++ srlx %o2, $iright, %o2
++ or %o2, %o1, %o1
++
++.Lcbc_enc_aligned_inp:
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ ldd [$key + 64], %f6 ! round[4]
++ ldd [$key + 72], %f8
++ add $key, 64, $end
++ sub $rounds, 16*8, $inner
++
++ stx %o0, [%sp + LOCALS + 0]
++ stx %o1, [%sp + LOCALS + 8]
++ add $inp, $inc, $inp ! inp+=16
++ nop
++
++.Lcbc_enc_unaligned:
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10
++ ldd [$end + 24], %f12
++ add $end, 32, $end
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ ldd [$end + 0], %f6
++ ldd [$end + 8], %f8
++
++ brnz,a $inner, .Lcbc_enc_unaligned
++ sub $inner, 16*2, $inner
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10 ! round[last-1]
++ ldd [$end + 24], %f12
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++
++ ldd [%sp + LOCALS + 0], $in0
++ ldd [%sp + LOCALS + 8], $in1
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ fxor $r0hi, $in0, $in0 ! inp^=round[0]
++ fxor $r0lo, $in1, $in1
++
++ fmovd %f0, %f4
++ faesenclx %f2, $rlhi, %f0
++ faesenclx %f4, $rllo, %f2
++
++ fshiftorx $outhead, %f0, $fshift, %f6
++ fshiftorx %f0, %f2, $fshift, %f8
++ std %f6, [$out + 0]
++ std %f8, [$out + 8]
++ add $out, 16, $out
++
++ brnz,a $len, .Loop_cbc_enc_unaligned_out
++ sub $len, 1, $len
++
++.Lcbc_enc_unaligned_out_done:
++ fshiftorx %f2, %f2, $fshift, %f8
++ stda %f8, [$out + $mask]0xc0 ! partial store
++
++ st %f0, [$ivp + 0] ! output ivec
++ st %f1, [$ivp + 4]
++ st %f2, [$ivp + 8]
++ st %f3, [$ivp + 12]
++
++ ret
++ restore
++
++.align 32
++.Lcbc_decrypt:
++ fshiftorx $in0, $in1, $fshift, $in0
++ fshiftorx $in1, $intail, $fshift, $in1
++ fmovd %f0, $iv0
++ fmovd %f2, $iv1
++
++.Loop_cbc_dec:
++ fxor $in0, $r0hi, %f0 ! inp^round[0]
++ fxor $in1, $r0lo, %f2
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++ add $key, 32, $end
++ sub $rounds, 16*6, $inner
++
++.Lcbc_dec:
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$end + 16], %f10
++ ldd [$end + 24], %f12
++ add $end, 32, $end
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f6, %f0
++ faesdecx %f4, %f8, %f2
++ ldd [$end + 0], %f6
++ ldd [$end + 8], %f8
++
++ brnz,a $inner, .Lcbc_dec
++ sub $inner, 16*2, $inner
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$end + 16], %f10 ! round[last-1]
++ ldd [$end + 24], %f12
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f6, %f0
++ faesdecx %f4, %f8, %f2
++ fxor $iv0, $rlhi, %f6 ! ivec^round[last]
++ fxor $iv1, $rllo, %f8
++ fmovd $in0, $iv0
++ fmovd $in1, $iv1
++
++ movrz $len, 0, $inc
++ fmovd $intail, $in0
++ ldd [$inp - 8], $in1 ! load next input block
++ ldda [$inp]0x82, $intail ! non-faulting load
++ add $inp, $inc, $inp ! inp+=16
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ fshiftorx $in0, $in1, $fshift, $in0
++ fshiftorx $in1, $intail, $fshift, $in1
++
++ fmovd %f0, %f4
++ faesdeclx %f2, %f6, %f0
++ faesdeclx %f4, %f8, %f2
++
++ brnz,pn $oalign, .Lcbc_dec_unaligned_out
++ nop
++
++ std %f0, [$out + 0]
++ std %f2, [$out + 8]
++ add $out, 16, $out
++
++ brnz,a $len, .Loop_cbc_dec
++ sub $len, 1, $len
++
++ st $iv0, [$ivp + 0] ! output ivec
++ st $iv0#lo, [$ivp + 4]
++ st $iv1, [$ivp + 8]
++ st $iv1#lo, [$ivp + 12]
++
++ ret
++ restore
++
++.align 32
++.Lcbc_dec_unaligned_out:
++ ldd [%o7 + $mask], $fshift ! shift right params
++ mov 0xff, $mask
++ srl $mask, $oalign, $mask
++ sub %g0, $ileft, $iright
++
++ fshiftorx %f0, %f0, $fshift, %f6
++ fshiftorx %f0, %f2, $fshift, %f8
++
++ stda %f6, [$out + $mask]0xc0 ! partial store
++ orn %g0, $mask, $mask
++ std %f8, [$out + 8]
++ add $out, 16, $out
++ brz $len, .Lcbc_dec_unaligned_out_done
++ sub $len, 1, $len
++ b .Loop_cbc_dec_unaligned_out
++ nop
++
++.align 32
++.Loop_cbc_dec_unaligned_out:
++ fmovd %f2, $outhead
++ fxor $in0, $r0hi, %f0 ! inp^round[0]
++ fxor $in1, $r0lo, %f2
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$key + 48], %f10 ! round[3]
++ ldd [$key + 56], %f12
++
++ ldx [$inp - 16], %o0
++ ldx [$inp - 8], %o1
++ brz $ileft, .Lcbc_dec_aligned_inp
++ movrz $len, 0, $inc
++
++ ldx [$inp], %o2
++ sllx %o0, $ileft, %o0
++ srlx %o1, $iright, %g1
++ sllx %o1, $ileft, %o1
++ or %g1, %o0, %o0
++ srlx %o2, $iright, %o2
++ or %o2, %o1, %o1
++
++.Lcbc_dec_aligned_inp:
++ fmovd %f0, %f4
++ faesdecx %f2, %f6, %f0
++ faesdecx %f4, %f8, %f2
++ ldd [$key + 64], %f6 ! round[4]
++ ldd [$key + 72], %f8
++ add $key, 64, $end
++ sub $rounds, 16*8, $inner
++
++ stx %o0, [%sp + LOCALS + 0]
++ stx %o1, [%sp + LOCALS + 8]
++ add $inp, $inc, $inp ! inp+=16
++ nop
++
++.Lcbc_dec_unaligned:
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$end + 16], %f10
++ ldd [$end + 24], %f12
++ add $end, 32, $end
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f6, %f0
++ faesdecx %f4, %f8, %f2
++ ldd [$end + 0], %f6
++ ldd [$end + 8], %f8
++
++ brnz,a $inner, .Lcbc_dec_unaligned
++ sub $inner, 16*2, $inner
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$end + 16], %f10 ! round[last-1]
++ ldd [$end + 24], %f12
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f6, %f0
++ faesdecx %f4, %f8, %f2
++
++ fxor $iv0, $rlhi, %f6 ! ivec^round[last]
++ fxor $iv1, $rllo, %f8
++ fmovd $in0, $iv0
++ fmovd $in1, $iv1
++ ldd [%sp + LOCALS + 0], $in0
++ ldd [%sp + LOCALS + 8], $in1
++
++ fmovd %f0, %f4
++ faesdecx %f2, %f10, %f0
++ faesdecx %f4, %f12, %f2
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ fmovd %f0, %f4
++ faesdeclx %f2, %f6, %f0
++ faesdeclx %f4, %f8, %f2
++
++ fshiftorx $outhead, %f0, $fshift, %f6
++ fshiftorx %f0, %f2, $fshift, %f8
++ std %f6, [$out + 0]
++ std %f8, [$out + 8]
++ add $out, 16, $out
++
++ brnz,a $len, .Loop_cbc_dec_unaligned_out
++ sub $len, 1, $len
++
++.Lcbc_dec_unaligned_out_done:
++ fshiftorx %f2, %f2, $fshift, %f8
++ stda %f8, [$out + $mask]0xc0 ! partial store
++
++ st $iv0, [$ivp + 0] ! output ivec
++ st $iv0#lo, [$ivp + 4]
++ st $iv1, [$ivp + 8]
++ st $iv1#lo, [$ivp + 12]
++
++ ret
++ restore
++.type aes_fx_cbc_encrypt,#function
++.size aes_fx_cbc_encrypt,.-aes_fx_cbc_encrypt
++___
++}
++{
++my ($inp,$out,$len,$key,$ivp) = map("%i$_",(0..5));
++my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
++my ($ctr0,$ctr1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
++ = map("%f$_",grep { !($_ & 1) } (16 .. 62));
++my ($ileft,$iright) = ($ialign, $oalign);
++my $one = "%f14";
++
++$code.=<<___;
++.globl aes_fx_ctr32_encrypt_blocks
++.align 32
++aes_fx_ctr32_encrypt_blocks:
++ save %sp, -STACK_FRAME-16, %sp
++ srln $len, 0, $len
++ and $inp, 7, $ialign
++ andn $inp, 7, $inp
++ brz,pn $len, .Lctr32_no_data
++ sll $ialign, 3, $ileft
++
++.Lpic: call .+8
++ add %o7, .Linp_align - .Lpic, %o7
++
++ ld [$key + 240], $rounds
++ and $out, 7, $oalign
++ ld [$ivp + 0], $ctr0 ! load counter
++ andn $out, 7, $out
++ ld [$ivp + 4], $ctr0#lo
++ sll $oalign, 3, $mask
++ ld [$ivp + 8], $ctr1
++ ld [$ivp + 12], $ctr1#lo
++ ldd [%o7 + 128], $one
++
++ sll $rounds, 4, $rounds
++ add $rounds, $key, $end
++ ldd [$key + 0], $r0hi ! round[0]
++ ldd [$key + 8], $r0lo
++
++ add $inp, 16, $inp
++ sub $len, 1, $len
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ mov 16, $inc
++ movrz $len, 0, $inc
++ ldd [$end + 0], $rlhi ! round[last]
++ ldd [$end + 8], $rllo
++
++ ldd [%o7 + $ileft], $fshift ! shiftleft params
++ add %o7, 64, %o7
++ ldd [$inp - 16], $in0 ! load input
++ ldd [$inp - 8], $in1
++ ldda [$inp]0x82, $intail ! non-faulting load
++ add $inp, $inc, $inp ! inp+=16
++
++ fshiftorx $in0, $in1, $fshift, $in0
++ fshiftorx $in1, $intail, $fshift, $in1
++
++.Loop_ctr32:
++ fxor $ctr0, $r0hi, %f0 ! counter^round[0]
++ fxor $ctr1, $r0lo, %f2
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++ add $key, 32, $end
++ sub $rounds, 16*6, $inner
++
++.Lctr32_enc:
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10
++ ldd [$end + 24], %f12
++ add $end, 32, $end
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ ldd [$end + 0], %f6
++ ldd [$end + 8], %f8
++
++ brnz,a $inner, .Lctr32_enc
++ sub $inner, 16*2, $inner
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10 ! round[last-1]
++ ldd [$end + 24], %f12
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ fxor $in0, $rlhi, %f6 ! inp^round[last]
++ fxor $in1, $rllo, %f8
++
++ movrz $len, 0, $inc
++ fmovd $intail, $in0
++ ldd [$inp - 8], $in1 ! load next input block
++ ldda [$inp]0x82, $intail ! non-faulting load
++ add $inp, $inc, $inp ! inp+=16
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ fshiftorx $in0, $in1, $fshift, $in0
++ fshiftorx $in1, $intail, $fshift, $in1
++ fpadd32 $ctr1, $one, $ctr1 ! increment counter
++
++ fmovd %f0, %f4
++ faesenclx %f2, %f6, %f0
++ faesenclx %f4, %f8, %f2
++
++ brnz,pn $oalign, .Lctr32_unaligned_out
++ nop
++
++ std %f0, [$out + 0]
++ std %f2, [$out + 8]
++ add $out, 16, $out
++
++ brnz,a $len, .Loop_ctr32
++ sub $len, 1, $len
++
++.Lctr32_no_data:
++ ret
++ restore
++
++.align 32
++.Lctr32_unaligned_out:
++ ldd [%o7 + $mask], $fshift ! shift right params
++ mov 0xff, $mask
++ srl $mask, $oalign, $mask
++ sub %g0, $ileft, $iright
++
++ fshiftorx %f0, %f0, $fshift, %f6
++ fshiftorx %f0, %f2, $fshift, %f8
++
++ stda %f6, [$out + $mask]0xc0 ! partial store
++ orn %g0, $mask, $mask
++ std %f8, [$out + 8]
++ add $out, 16, $out
++ brz $len, .Lctr32_unaligned_out_done
++ sub $len, 1, $len
++ b .Loop_ctr32_unaligned_out
++ nop
++
++.align 32
++.Loop_ctr32_unaligned_out:
++ fmovd %f2, $outhead
++ fxor $ctr0, $r0hi, %f0 ! counter^round[0]
++ fxor $ctr1, $r0lo, %f2
++ ldd [$key + 32], %f6 ! round[2]
++ ldd [$key + 40], %f8
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$key + 48], %f10 ! round[3]
++ ldd [$key + 56], %f12
++
++ ldx [$inp - 16], %o0
++ ldx [$inp - 8], %o1
++ brz $ileft, .Lctr32_aligned_inp
++ movrz $len, 0, $inc
++
++ ldx [$inp], %o2
++ sllx %o0, $ileft, %o0
++ srlx %o1, $iright, %g1
++ sllx %o1, $ileft, %o1
++ or %g1, %o0, %o0
++ srlx %o2, $iright, %o2
++ or %o2, %o1, %o1
++
++.Lctr32_aligned_inp:
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ ldd [$key + 64], %f6 ! round[4]
++ ldd [$key + 72], %f8
++ add $key, 64, $end
++ sub $rounds, 16*8, $inner
++
++ stx %o0, [%sp + LOCALS + 0]
++ stx %o1, [%sp + LOCALS + 8]
++ add $inp, $inc, $inp ! inp+=16
++ nop
++
++.Lctr32_enc_unaligned:
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10
++ ldd [$end + 24], %f12
++ add $end, 32, $end
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ ldd [$end + 0], %f6
++ ldd [$end + 8], %f8
++
++ brnz,a $inner, .Lctr32_enc_unaligned
++ sub $inner, 16*2, $inner
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$end + 16], %f10 ! round[last-1]
++ ldd [$end + 24], %f12
++ fpadd32 $ctr1, $one, $ctr1 ! increment counter
++
++ fmovd %f0, %f4
++ faesencx %f2, %f6, %f0
++ faesencx %f4, %f8, %f2
++ fxor $in0, $rlhi, %f6 ! inp^round[last]
++ fxor $in1, $rllo, %f8
++ ldd [%sp + LOCALS + 0], $in0
++ ldd [%sp + LOCALS + 8], $in1
++
++ fmovd %f0, %f4
++ faesencx %f2, %f10, %f0
++ faesencx %f4, %f12, %f2
++ ldd [$key + 16], %f10 ! round[1]
++ ldd [$key + 24], %f12
++
++ fmovd %f0, %f4
++ faesenclx %f2, %f6, %f0
++ faesenclx %f4, %f8, %f2
++
++ fshiftorx $outhead, %f0, $fshift, %f6
++ fshiftorx %f0, %f2, $fshift, %f8
++ std %f6, [$out + 0]
++ std %f8, [$out + 8]
++ add $out, 16, $out
++
++ brnz,a $len, .Loop_ctr32_unaligned_out
++ sub $len, 1, $len
++
++.Lctr32_unaligned_out_done:
++ fshiftorx %f2, %f2, $fshift, %f8
++ stda %f8, [$out + $mask]0xc0 ! partial store
++
++ ret
++ restore
++.type aes_fx_ctr32_encrypt_blocks,#function
++.size aes_fx_ctr32_encrypt_blocks,.-aes_fx_ctr32_encrypt_blocks
++
++.align 32
++.Linp_align: ! fshiftorx parameters for left shift toward %rs1
++ .byte 0, 0, 64, 0, 0, 64, 0, -64
++ .byte 0, 0, 56, 8, 0, 56, 8, -56
++ .byte 0, 0, 48, 16, 0, 48, 16, -48
++ .byte 0, 0, 40, 24, 0, 40, 24, -40
++ .byte 0, 0, 32, 32, 0, 32, 32, -32
++ .byte 0, 0, 24, 40, 0, 24, 40, -24
++ .byte 0, 0, 16, 48, 0, 16, 48, -16
++ .byte 0, 0, 8, 56, 0, 8, 56, -8
++.Lout_align: ! fshiftorx parameters for right shift toward %rs2
++ .byte 0, 0, 0, 64, 0, 0, 64, 0
++ .byte 0, 0, 8, 56, 0, 8, 56, -8
++ .byte 0, 0, 16, 48, 0, 16, 48, -16
++ .byte 0, 0, 24, 40, 0, 24, 40, -24
++ .byte 0, 0, 32, 32, 0, 32, 32, -32
++ .byte 0, 0, 40, 24, 0, 40, 24, -40
++ .byte 0, 0, 48, 16, 0, 48, 16, -48
++ .byte 0, 0, 56, 8, 0, 56, 8, -56
++.Lone:
++ .word 0, 1
++.asciz "AES for Fujitsu SPARC64 X, CRYPTOGAMS by <appro\@openssl.org>"
++.align 4
++___
++}
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
@@ -16462,6 +21401,7 @@
+my ($ref,$opf);
+my %visopf = ( "faligndata" => 0x048,
+ "bshuffle" => 0x04c,
++ "fpadd32" => 0x052,
+ "fxor" => 0x06c,
+ "fsrc2" => 0x078 );
+
@@ -16543,12 +21483,43 @@
+ }
+}
+
++sub unfx3src {
++my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
++my ($ref,$opf);
++my %aesopf = ( "fshiftorx" => 0x0b );
++
++ $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
++
++ if (defined($opf=$aesopf{$mnemonic})) {
++ foreach ($rs1,$rs2,$rs3,$rd) {
++ return $ref if (!/%f([0-9]{1,2})/);
++ $_=$1;
++ if ($1>=32) {
++ return $ref if ($1&1);
++ # re-encode for upper double register addressing
++ $_=($1|$1>>5)&31;
++ }
++ }
++
++ return sprintf ".word\t0x%08x !%s",
++ 2<<30|$rd<<25|0x37<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
++ $ref;
++ } else {
++ return $ref;
++ }
++}
++
+foreach (split("\n",$code)) {
+ s/\`([^\`]*)\`/eval $1/ge;
+
++ s/%f([0-9]+)#lo/sprintf "%%f%d",$1+1/ge;
++
+ s/\b(faes[^x]{3,4}x)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
-+ &unfx($1,$2,$3,$4,$5)
++ &unfx($1,$2,$3,$4)
+ /ge or
++ s/\b([f][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
++ &unfx3src($1,$2,$3,$4,$5)
++ /ge or
+ s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+ &unvis($1,$2,$3,$4)
+ /ge or
@@ -16559,8 +21530,6 @@
+}
+
+close STDOUT;
-diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl
-index d7ad788..aa2735e 100644
--- a/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -1,4 +1,11 @@
@@ -16576,7 +21545,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -16585,8 +21554,6 @@
*STDOUT=*OUT;
# void aesni_multi_cbc_encrypt (
-diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
-index 4a746e9..4b979a7 100644
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1,4 +1,11 @@
@@ -16602,7 +21569,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -102,7 +109,7 @@ $shaext=1; ### set to zero if compiling for 1.0.1
+@@ -102,7 +109,7 @@ die "can't locate x86_64-xlate.pl";
$stitched_decrypt=0;
@@ -16611,8 +21578,6 @@
*STDOUT=*OUT;
# void aesni_cbc_sha1_enc(const void *inp,
-diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl
-index 6d195a4..e9ad24f 100644
--- a/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -1,4 +1,11 @@
@@ -16628,7 +21593,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$shaext=$avx; ### set to zero if compiling for 1.0.1
$avx=1 if (!$shaext && $avx);
@@ -16637,8 +21602,6 @@
*STDOUT=*OUT;
$func="aesni_cbc_sha256_enc";
-diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
-index b85d0c4..ed1a47c 100644
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
@@ -1,4 +1,11 @@
@@ -16654,8 +21617,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
-index 6e41a1a..a03da20 100644
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
@@ -1,4 +1,11 @@
@@ -16671,7 +21632,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -193,7 +200,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -193,7 +200,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -16680,8 +21641,6 @@
*STDOUT=*OUT;
$movkey = $PREFIX eq "aesni" ? "movups" : "movups";
-diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl
-index a1891cc..3fdf1ec 100755
--- a/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/aes/asm/aesp8-ppc.pl
@@ -1,4 +1,11 @@
@@ -16717,7 +21676,7 @@
$flavour = shift;
-@@ -1887,6 +1907,1849 @@ Lctr32_enc8x_done:
+@@ -1887,6 +1907,1849 @@ my ($two,$three,$four)=($outhead,$outper
___
}} }}}
@@ -18567,8 +23526,6 @@
my $consts=1;
foreach(split("\n",$code)) {
s/\`([^\`]*)\`/eval($1)/geo;
-diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl
-index 5b0159e..bf479c6 100644
--- a/crypto/aes/asm/aest4-sparcv9.pl
+++ b/crypto/aes/asm/aest4-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -18584,8 +23541,6 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index 9844ca1..aa36ed2 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -1,4 +1,11 @@
@@ -18601,8 +23556,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
-index 58d0173..12091ef 100644
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl
@@ -1,4 +1,11 @@
@@ -18618,7 +23571,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -1832,8 +1839,6 @@ $code.=<<___;
+@@ -1832,8 +1839,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_enc_done
.align 4
.Lxts_enc_6:
@@ -18627,7 +23580,7 @@
veor @XMM[4], @XMM[4], @XMM[12]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -1869,8 +1874,6 @@ $code.=<<___;
+@@ -1869,8 +1874,6 @@ for($i=9;$i<16;$i++) {
.align 5
.Lxts_enc_5:
@@ -18636,7 +23589,7 @@
veor @XMM[3], @XMM[3], @XMM[11]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -1899,8 +1902,6 @@ $code.=<<___;
+@@ -1899,8 +1902,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_enc_done
.align 4
.Lxts_enc_4:
@@ -18645,7 +23598,7 @@
veor @XMM[2], @XMM[2], @XMM[10]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -1926,8 +1927,6 @@ $code.=<<___;
+@@ -1926,8 +1927,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_enc_done
.align 4
.Lxts_enc_3:
@@ -18654,7 +23607,7 @@
veor @XMM[1], @XMM[1], @XMM[9]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -1952,8 +1951,6 @@ $code.=<<___;
+@@ -1952,8 +1951,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_enc_done
.align 4
.Lxts_enc_2:
@@ -18663,7 +23616,7 @@
veor @XMM[0], @XMM[0], @XMM[8]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -1976,7 +1973,7 @@ $code.=<<___;
+@@ -1976,7 +1973,7 @@ for($i=9;$i<16;$i++) {
.align 4
.Lxts_enc_1:
mov r0, sp
@@ -18672,7 +23625,7 @@
mov r1, sp
vst1.8 {@XMM[0]}, [sp,:128]
mov r2, $key
-@@ -2288,8 +2285,6 @@ $code.=<<___;
+@@ -2288,8 +2285,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_dec_done
.align 4
.Lxts_dec_5:
@@ -18681,7 +23634,7 @@
veor @XMM[3], @XMM[3], @XMM[11]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -2318,8 +2313,6 @@ $code.=<<___;
+@@ -2318,8 +2313,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_dec_done
.align 4
.Lxts_dec_4:
@@ -18690,7 +23643,7 @@
veor @XMM[2], @XMM[2], @XMM[10]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -2345,8 +2338,6 @@ $code.=<<___;
+@@ -2345,8 +2338,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_dec_done
.align 4
.Lxts_dec_3:
@@ -18699,7 +23652,7 @@
veor @XMM[1], @XMM[1], @XMM[9]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -2371,8 +2362,6 @@ $code.=<<___;
+@@ -2371,8 +2362,6 @@ for($i=9;$i<16;$i++) {
b .Lxts_dec_done
.align 4
.Lxts_dec_2:
@@ -18708,7 +23661,7 @@
veor @XMM[0], @XMM[0], @XMM[8]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
-@@ -2395,12 +2384,12 @@ $code.=<<___;
+@@ -2395,12 +2384,12 @@ for($i=9;$i<16;$i++) {
.align 4
.Lxts_dec_1:
mov r0, sp
@@ -18723,8 +23676,6 @@
bl AES_decrypt
-diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl
-index 3f7d33c..6b14a51 100644
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
@@ -1,4 +1,11 @@
@@ -18740,7 +23691,7 @@
###################################################################
### AES-128 [originally in CTR mode] ###
-@@ -99,7 +106,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -99,7 +106,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -18749,8 +23700,6 @@
*STDOUT=*OUT;
my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
-diff --git a/crypto/aes/asm/vpaes-armv8.pl b/crypto/aes/asm/vpaes-armv8.pl
-index f44c62a..776a9b7 100755
--- a/crypto/aes/asm/vpaes-armv8.pl
+++ b/crypto/aes/asm/vpaes-armv8.pl
@@ -1,4 +1,11 @@
@@ -18766,8 +23715,6 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
-diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl
-index 1759ae9..7f81209 100644
--- a/crypto/aes/asm/vpaes-ppc.pl
+++ b/crypto/aes/asm/vpaes-ppc.pl
@@ -1,4 +1,11 @@
@@ -18783,8 +23730,6 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
-diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl
-index 4fcd561..47615c0 100644
--- a/crypto/aes/asm/vpaes-x86.pl
+++ b/crypto/aes/asm/vpaes-x86.pl
@@ -1,4 +1,11 @@
@@ -18800,8 +23745,6 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
-diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl
-index f2ef318..265b6aa 100644
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
@@ -1,4 +1,11 @@
@@ -18817,7 +23760,7 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
-@@ -57,7 +64,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -57,7 +64,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -18826,8 +23769,6 @@
*STDOUT=*OUT;
$PREFIX="vpaes";
-diff --git a/crypto/aes/build.info b/crypto/aes/build.info
-index 08c3afe..cf6cb5e 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -25,6 +25,8 @@ INCLUDE[aes-sparcv9.o]=..
@@ -18839,8 +23780,6 @@
GENERATE[aes-ppc.s]=asm/aes-ppc.pl $(PERLASM_SCHEME)
GENERATE[vpaes-ppc.s]=asm/vpaes-ppc.pl $(PERLASM_SCHEME)
-diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl
-index 8af0f09..6c7fd4c 100644
--- a/crypto/alphacpuid.pl
+++ b/crypto/alphacpuid.pl
@@ -1,7 +1,14 @@
@@ -18860,7 +23799,7 @@
print <<'___';
.text
-@@ -127,6 +134,34 @@ OPENSSL_cleanse:
+@@ -127,6 +134,34 @@ print <<'___';
bne $17,.Little
.Ldone: ret ($26)
.end OPENSSL_cleanse
@@ -18895,8 +23834,6 @@
___
{
my ($out,$cnt,$max)=("\$16","\$17","\$18");
-diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl
-index bfec664..caa3387 100755
--- a/crypto/arm64cpuid.pl
+++ b/crypto/arm64cpuid.pl
@@ -1,4 +1,11 @@
@@ -18912,7 +23849,7 @@
$flavour = shift;
$output = shift;
-@@ -62,6 +69,57 @@ _armv8_pmull_probe:
+@@ -62,6 +69,57 @@ open OUT,"| \"$^X\" $xlate $flavour $out
pmull v0.1q, v0.1d, v0.1d
ret
.size _armv8_pmull_probe,.-_armv8_pmull_probe
@@ -18970,8 +23907,6 @@
___
print $code;
-diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
-index 31dbd3a..3fc9e69 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -1,3 +1,12 @@
@@ -18987,8 +23922,6 @@
#ifndef __ARM_ARCH_H__
# define __ARM_ARCH_H__
-diff --git a/crypto/armcap.c b/crypto/armcap.c
-index 1afbc9f..4215766 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,3 +1,12 @@
@@ -19004,8 +23937,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl
-index c669623..33c893d 100644
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
@@ -1,4 +1,11 @@
@@ -19021,7 +23952,7 @@
$flavour = shift;
$output = shift;
-@@ -98,6 +105,36 @@ OPENSSL_cleanse:
+@@ -98,6 +105,36 @@ open OUT,"| \"$^X\" $xlate $flavour $out
#endif
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -19058,9 +23989,6 @@
#if __ARM_MAX_ARCH__>=7
.arch armv7-a
.fpu neon
-diff --git a/crypto/asn1/Makefile.in b/crypto/asn1/Makefile.in
-deleted file mode 100644
-index 282bd45..0000000
--- a/crypto/asn1/Makefile.in
+++ /dev/null
@@ -1,78 +0,0 @@
@@ -19142,14 +24070,14 @@
-
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
-index 00b0854..33be907 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -19197,9 +24125,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -19211,7 +24137,7 @@
*/
#include <stdio.h>
-@@ -114,10 +66,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+@@ -114,10 +66,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING
*(p++) = (unsigned char)bits;
d = a->data;
@@ -19226,8 +24152,6 @@
*pp = p;
return (ret);
}
-diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
-index 5ba6e1d..e5c1d0e 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -1,63 +1,16 @@
@@ -19301,7 +24225,7 @@
#include <openssl/buffer.h>
#include <openssl/asn1.h>
-@@ -138,13 +91,14 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+@@ -138,13 +91,14 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
#endif
#define HEADER_SIZE 8
@@ -19317,7 +24241,7 @@
size_t off = 0;
size_t len = 0;
-@@ -199,16 +153,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+@@ -199,16 +153,16 @@ static int asn1_d2i_read_bio(BIO *in, BU
if (inf & 1) {
/* no data body so go round again */
@@ -19337,7 +24261,7 @@
break;
else
want = HEADER_SIZE;
-@@ -216,29 +170,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+@@ -216,29 +170,44 @@ static int asn1_d2i_read_bio(BIO *in, BU
/* suck in slen bytes of data */
want = slen;
if (want > (len - off)) {
@@ -19392,7 +24316,7 @@
}
}
if (off + slen < off) {
-@@ -246,7 +215,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+@@ -246,7 +215,7 @@ static int asn1_d2i_read_bio(BIO *in, BU
goto err;
}
off += slen;
@@ -19401,8 +24325,6 @@
break;
} else
want = HEADER_SIZE;
-diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
-index a2c837c..2f9b63b 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -1,58 +1,10 @@
@@ -19470,14 +24392,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
-index 569fcee..d9a57b2 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -19525,9 +24447,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -19539,8 +24459,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
-index 7ba5e52..8d43ee5 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -1,62 +1,14 @@
@@ -19613,7 +24531,7 @@
*/
#include <stdio.h>
-@@ -220,41 +172,48 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+@@ -220,41 +172,48 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTI
struct tm *ts;
struct tm data;
size_t len = 20;
@@ -19676,8 +24594,6 @@
}
const char *_asn1_mon[12] = {
-diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
-index 68eedc4..1514ede 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -1,58 +1,10 @@
@@ -19745,8 +24661,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
-index ec623f7..43174f7 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -1,58 +1,10 @@
@@ -19814,7 +24728,7 @@
*/
#include <stdio.h>
-@@ -163,21 +115,21 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
+@@ -163,21 +115,21 @@ static size_t i2c_ibuf(const unsigned ch
memcpy(p, b, blen);
else {
/* Begin at the end of the encoding */
@@ -19842,7 +24756,7 @@
}
*pp += ret;
-@@ -249,18 +201,18 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
+@@ -249,18 +201,18 @@ static size_t c2i_ibuf(unsigned char *b,
/* Must be negative: calculate twos complement */
if (b) {
const unsigned char *from = p + plen - 1 + pad;
@@ -19865,8 +24779,6 @@
}
return plen;
}
-diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
-index 8c38e19..5578e92 100644
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -1,59 +1,10 @@
@@ -19934,8 +24846,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
-index 5d3ebd6..4cca7a0 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -1,58 +1,10 @@
@@ -20003,8 +24913,30 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
-index 7b5bf6f..2e1205c 100644
+@@ -65,7 +17,7 @@
+ #include "internal/asn1_int.h"
+ #include "asn1_locl.h"
+
+-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
++int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
+ {
+ unsigned char *p;
+ int objsize;
+@@ -209,12 +161,12 @@ int a2d_ASN1_OBJECT(unsigned char *out,
+ return (0);
+ }
+
+-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
++int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
+ {
+ return OBJ_obj2txt(buf, buf_len, a, 0);
+ }
+
+-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
++int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
+ {
+ char buf[80], *p = buf;
+ int i;
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -1,58 +1,10 @@
@@ -20072,8 +25004,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
-index 9c70891..1aafe7c 100644
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -1,61 +1,14 @@
@@ -20145,8 +25075,6 @@
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
-diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
-index 616f979..7e21a5e 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -1,111 +1,10 @@
@@ -20267,11 +25195,9 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 977f523..d419e9d 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
-@@ -1,59 +1,10 @@
+@@ -1,64 +1,16 @@
/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2000.
@@ -20336,7 +25262,13 @@
*/
#include <stdio.h>
-@@ -74,6 +25,7 @@
+ #include <string.h>
+ #include "internal/cryptlib.h"
++#include "internal/asn1_int.h"
+ #include <openssl/crypto.h>
+ #include <openssl/x509.h>
+ #include <openssl/asn1.h>
+@@ -74,6 +26,7 @@
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
@@ -20344,7 +25276,7 @@
ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB)
-@@ -113,7 +65,8 @@ typedef int char_io (void *arg, const void *buf, int len);
+@@ -113,7 +66,8 @@ typedef int char_io (void *arg, const vo
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
char_io *io_ch, void *arg)
{
@@ -20354,7 +25286,7 @@
char tmphex[HEX_SIZE(long) + 3];
if (c > 0xffffffffL)
-@@ -150,7 +103,9 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
+@@ -150,7 +104,9 @@ static int do_esc_char(unsigned long c,
return -1;
return 2;
}
@@ -20365,7 +25297,7 @@
BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
if (!io_ch(arg, tmphex, 3))
return -1;
-@@ -180,11 +135,12 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
+@@ -180,11 +136,12 @@ static int do_esc_char(unsigned long c,
*/
static int do_buf(unsigned char *buf, int buflen,
@@ -20380,7 +25312,7 @@
unsigned long c;
p = buf;
q = buf + buflen;
-@@ -234,7 +190,7 @@ static int do_buf(unsigned char *buf, int buflen,
+@@ -234,7 +191,7 @@ static int do_buf(unsigned char *buf, in
* character will never be escaped on first and last.
*/
len =
@@ -20389,7 +25321,7 @@
quotes, io_ch, arg);
if (len < 0)
return -1;
-@@ -242,7 +198,7 @@ static int do_buf(unsigned char *buf, int buflen,
+@@ -242,7 +199,7 @@ static int do_buf(unsigned char *buf, in
}
} else {
len =
@@ -20398,7 +25330,7 @@
io_ch, arg);
if (len < 0)
return -1;
-@@ -326,7 +282,7 @@ static const signed char tag2nbyte[] = {
+@@ -326,7 +283,7 @@ static const signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */
@@ -20407,7 +25339,7 @@
-1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */
-@@ -344,10 +300,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
+@@ -344,10 +301,10 @@ static int do_print_ex(char_io *io_ch, v
int outlen, len;
int type;
char quotes;
@@ -20420,8 +25352,69 @@
type = str->type;
-diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
-index 79748bf..53832c8 100644
+@@ -612,7 +569,7 @@ int ASN1_STRING_print_ex_fp(FILE *fp, AS
+ * in output string or a negative error code
+ */
+
+-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
++int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
+ {
+ ASN1_STRING stmp, *str = &stmp;
+ int mbflag, type, ret;
+@@ -636,3 +593,53 @@ int ASN1_STRING_to_UTF8(unsigned char **
+ *out = stmp.data;
+ return stmp.length;
+ }
++
++/* Return 1 if host is a valid hostname and 0 otherwise */
++int asn1_valid_host(const ASN1_STRING *host)
++{
++ int hostlen = host->length;
++ const unsigned char *hostptr = host->data;
++ int type = host->type;
++ int i;
++ char width = -1;
++ unsigned short chflags = 0, prevchflags;
++
++ if (type > 0 && type < 31)
++ width = tag2nbyte[type];
++ if (width == -1 || hostlen == 0)
++ return 0;
++ /* Treat UTF8String as width 1 as any MSB set is invalid */
++ if (width == 0)
++ width = 1;
++ for (i = 0 ; i < hostlen; i+= width) {
++ prevchflags = chflags;
++ /* Value must be <= 0x7F: check upper bytes are all zeroes */
++ if (width == 4) {
++ if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
++ return 0;
++ } else if (width == 2) {
++ if (*hostptr++ != 0)
++ return 0;
++ }
++ if (*hostptr > 0x7f)
++ return 0;
++ chflags = char_type[*hostptr++];
++ if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
++ /* Nothing else allowed at start or end of string */
++ if (i == 0 || i == hostlen - 1)
++ return 0;
++ /* Otherwise invalid if not dot or hyphen */
++ if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
++ return 0;
++ /*
++ * If previous is dot or hyphen then illegal unless both
++ * are hyphens: as .- -. .. are all illegal
++ */
++ if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
++ && ((prevchflags & CHARTYPE_HOST_DOT)
++ || (chflags & CHARTYPE_HOST_DOT)))
++ return 0;
++ }
++ }
++ return 1;
++}
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -1,59 +1,10 @@
@@ -20489,7 +25482,7 @@
*/
#include <stdio.h>
-@@ -167,6 +118,10 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+@@ -167,6 +118,10 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1
#define ub_email_address 128
#define ub_serial_number 64
@@ -20500,7 +25493,7 @@
/* This table must be kept in NID order */
static const ASN1_STRING_TABLE tbl_standard[] = {
-@@ -192,6 +147,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
+@@ -192,6 +147,8 @@ static const ASN1_STRING_TABLE tbl_stand
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
@@ -20509,7 +25502,7 @@
{NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
{NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
{NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
-@@ -242,7 +199,7 @@ static ASN1_STRING_TABLE *stable_get(int nid)
+@@ -242,7 +199,7 @@ static ASN1_STRING_TABLE *stable_get(int
tmp = ASN1_STRING_TABLE_get(nid);
if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
return tmp;
@@ -20518,7 +25511,7 @@
if (rv == NULL)
return NULL;
if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
-@@ -258,7 +215,6 @@ static ASN1_STRING_TABLE *stable_get(int nid)
+@@ -258,7 +215,6 @@ static ASN1_STRING_TABLE *stable_get(int
} else {
rv->minsize = -1;
rv->maxsize = -1;
@@ -20526,8 +25519,6 @@
rv->flags = STABLE_FLAGS_MALLOC;
}
return rv;
-diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
-index ef429da..3f82c2b 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -1,55 +1,10 @@
@@ -20600,8 +25591,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
-index 8dea2e0..8547513 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -1,58 +1,10 @@
@@ -20669,7 +25658,16 @@
*/
#include <stdio.h>
-@@ -122,9 +74,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+@@ -61,7 +13,7 @@
+ #include <openssl/objects.h>
+ #include "asn1_locl.h"
+
+-int ASN1_TYPE_get(ASN1_TYPE *a)
++int ASN1_TYPE_get(const ASN1_TYPE *a)
+ {
+ if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+ return (a->type);
+@@ -122,9 +74,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
result = 0; /* They do not have content. */
break;
case V_ASN1_INTEGER:
@@ -20679,8 +25677,6 @@
case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
-diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
-index 432125b..eadc31a 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -1,58 +1,10 @@
@@ -20748,14 +25744,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
-index 64e983e..e2dc09f 100644
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20803,9 +25799,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20817,8 +25811,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
-index 211689b..00ab136 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -1,58 +1,10 @@
@@ -20886,8 +25878,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
-index a0c6320..577e205 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -1,59 +1,10 @@
@@ -20955,8 +25945,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
-index 465b263..a363fdb 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,61 +1,11 @@
@@ -21028,7 +26016,7 @@
*/
#include <stdio.h>
-@@ -70,14 +20,12 @@
+@@ -70,36 +20,29 @@
static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
@@ -21043,9 +26031,10 @@
{ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"},
{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"},
{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
-@@ -85,21 +33,15 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
+ {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"},
{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"},
++ {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"},
{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
- {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
- {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
@@ -21065,7 +26054,7 @@
{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
{ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"},
-@@ -114,12 +56,8 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
+@@ -114,12 +57,8 @@ static ERR_STRING_DATA ASN1_str_functs[]
{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"},
@@ -21078,7 +26067,7 @@
{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"},
{ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"},
-@@ -132,49 +70,28 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
+@@ -132,49 +71,28 @@ static ERR_STRING_DATA ASN1_str_functs[]
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"},
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"},
{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
@@ -21128,7 +26117,7 @@
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
-@@ -192,13 +109,11 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
+@@ -192,13 +110,11 @@ static ERR_STRING_DATA ASN1_str_functs[]
{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"},
@@ -21142,7 +26131,7 @@
{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
{0, NULL}
};
-@@ -208,10 +123,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -208,10 +124,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
{ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
@@ -21153,7 +26142,7 @@
{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
"bmpstring is wrong length"},
{ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
-@@ -222,21 +134,16 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -222,21 +135,16 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"},
{ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
{ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
@@ -21175,7 +26164,7 @@
{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
"explicit tag not constructed"},
-@@ -278,13 +185,10 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -278,13 +186,10 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
{ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE),
"invalid string table value"},
@@ -21189,7 +26178,7 @@
{ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
{ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
-@@ -299,7 +203,6 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -299,7 +204,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
{ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
@@ -21197,7 +26186,7 @@
{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
"no multipart body failure"},
-@@ -308,8 +211,6 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -308,8 +212,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
@@ -21206,7 +26195,7 @@
{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
-@@ -320,7 +221,6 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -320,7 +222,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
{ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
{ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
@@ -21214,7 +26203,7 @@
{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
"the asn1 object identifier is not known for this md"},
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
-@@ -329,9 +229,6 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -329,9 +230,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_TOO_SMALL), "too small"},
{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
@@ -21224,7 +26213,7 @@
{ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
"universalstring is wrong length"},
-@@ -345,16 +242,12 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+@@ -345,22 +243,18 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
"unsupported any defined by type"},
@@ -21241,8 +26230,19 @@
{0, NULL}
};
-diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
-index 59a99ed..493a693 100644
+ #endif
+
+-void ERR_load_ASN1_strings(void)
++int ERR_load_ASN1_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -369,4 +263,5 @@ void ERR_load_ASN1_strings(void)
+ ERR_load_strings(0, ASN1_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -1,59 +1,10 @@
@@ -21319,7 +26319,7 @@
int *perr);
static int bitstr_cb(const char *elem, int len, void *bitstr);
static int asn1_cb(const char *elem, int len, void *bitstr);
-@@ -124,7 +75,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+@@ -124,7 +75,7 @@ static ASN1_TYPE *asn1_multi(int utype,
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
static int asn1_str2tag(const char *tagstr, int len);
@@ -21328,7 +26328,7 @@
{
X509V3_CTX cnf;
-@@ -135,7 +86,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+@@ -135,7 +86,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str
return ASN1_generate_v3(str, &cnf);
}
@@ -21337,7 +26337,7 @@
{
int err = 0;
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
-@@ -144,7 +95,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+@@ -144,7 +95,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X
return ret;
}
@@ -21346,7 +26346,7 @@
int *perr)
{
ASN1_TYPE *ret;
-@@ -670,7 +621,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+@@ -670,7 +621,7 @@ static ASN1_TYPE *asn1_str2type(const ch
goto bad_form;
}
if ((atmp->value.integer
@@ -21355,7 +26355,7 @@
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
goto bad_str;
}
-@@ -743,7 +694,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+@@ -743,7 +694,7 @@ static ASN1_TYPE *asn1_str2type(const ch
}
if (format == ASN1_GEN_FORMAT_HEX) {
@@ -21364,8 +26364,6 @@
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
goto bad_str;
}
-diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
-index 938984d..aecb4ad 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -1,58 +1,10 @@
@@ -21433,8 +26431,15 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
-index ea3d20a..56c9954 100644
+@@ -402,7 +354,7 @@ void ASN1_STRING_length_set(ASN1_STRING
+ x->length = len;
+ }
+
+-int ASN1_STRING_type(ASN1_STRING *x)
++int ASN1_STRING_type(const ASN1_STRING *x)
+ {
+ return x->type;
+ }
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -1,59 +1,10 @@
@@ -21502,8 +26507,6 @@
*/
/* Internal ASN1 structures and functions: not for application use */
-diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
-index e412820..4db3df9 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -1,58 +1,10 @@
@@ -21571,7 +26574,7 @@
*/
#include <stdio.h>
-@@ -134,8 +86,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+@@ -134,8 +86,7 @@ static int asn1_parse2(BIO *bp, const un
dump_indent = 6; /* Because we know BIO_dump_indent() */
p = *pp;
tot = p + length;
@@ -21581,7 +26584,7 @@
op = p;
j = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (j & 0x80) {
-@@ -165,7 +116,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+@@ -165,7 +116,7 @@ static int asn1_parse2(BIO *bp, const un
goto end;
if (j & V_ASN1_CONSTRUCTED) {
const unsigned char *sp = p;
@@ -21590,8 +26593,6 @@
ep = p + len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
-diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
-index 851fb91..a6b3893 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -1,55 +1,10 @@
@@ -21655,7 +26656,7 @@
*/
#include <stdio.h>
-@@ -89,19 +44,19 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+@@ -89,19 +44,19 @@ static int asn1_output_data(BIO *out, BI
static char *strip_ends(char *name);
static char *strip_start(char *name);
static char *strip_end(char *name);
@@ -21681,7 +26682,7 @@
static void mime_hdr_free(MIME_HEADER *hdr);
#define MAX_SMLEN 1024
-@@ -187,7 +142,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+@@ -187,7 +142,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bi
if (!val)
ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
(void)BIO_flush(bio);
@@ -21699,7 +26700,59 @@
{
char linebuf[MAX_SMLEN];
int len, blen;
-@@ -818,7 +773,7 @@ static char *strip_end(char *name)
+@@ -670,7 +625,7 @@ static STACK_OF(MIME_HEADER) *mime_parse
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+- MIME_HEADER *mhdr = NULL;
++ MIME_HEADER *mhdr = NULL, *new_hdr = NULL;
+ STACK_OF(MIME_HEADER) *headers;
+ int len, state, save_state = 0;
+
+@@ -707,8 +662,13 @@ static STACK_OF(MIME_HEADER) *mime_parse
+ if (c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+- mhdr = mime_hdr_new(ntmp, strip_ends(q));
+- sk_MIME_HEADER_push(headers, mhdr);
++ new_hdr = mime_hdr_new(ntmp, strip_ends(q));
++ if (new_hdr == NULL)
++ goto err;
++ if (!sk_MIME_HEADER_push(headers, new_hdr))
++ goto err;
++ mhdr = new_hdr;
++ new_hdr = NULL;
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+@@ -759,8 +719,13 @@ static STACK_OF(MIME_HEADER) *mime_parse
+ }
+
+ if (state == MIME_TYPE) {
+- mhdr = mime_hdr_new(ntmp, strip_ends(q));
+- sk_MIME_HEADER_push(headers, mhdr);
++ new_hdr = mime_hdr_new(ntmp, strip_ends(q));
++ if (new_hdr == NULL)
++ goto err;
++ if (!sk_MIME_HEADER_push(headers, new_hdr))
++ goto err;
++ mhdr = new_hdr;
++ new_hdr = NULL;
+ } else if (state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if (p == linebuf)
+@@ -769,6 +734,10 @@ static STACK_OF(MIME_HEADER) *mime_parse
+
+ return headers;
+
++err:
++ mime_hdr_free(new_hdr);
++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
++ return NULL;
+ }
+
+ static char *strip_ends(char *name)
+@@ -818,7 +787,7 @@ static char *strip_end(char *name)
return NULL;
}
@@ -21708,7 +26761,7 @@
{
MIME_HEADER *mhdr = NULL;
char *tmpname = NULL, *tmpval = NULL, *p;
-@@ -862,7 +817,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
+@@ -862,7 +831,7 @@ static MIME_HEADER *mime_hdr_new(char *n
return NULL;
}
@@ -21717,7 +26770,7 @@
{
char *tmpname = NULL, *tmpval = NULL, *p;
int c;
-@@ -919,22 +874,28 @@ static int mime_param_cmp(const MIME_PARAM *const *a,
+@@ -919,22 +888,28 @@ static int mime_param_cmp(const MIME_PAR
/* Find a header with a given name (if possible) */
@@ -21750,7 +26803,7 @@
idx = sk_MIME_PARAM_find(hdr->params, ¶m);
if (idx < 0)
return NULL;
-@@ -963,7 +924,7 @@ static void mime_param_free(MIME_PARAM *param)
+@@ -963,7 +938,7 @@ static void mime_param_free(MIME_PARAM *
* 1 : part boundary
* 2 : final boundary
*/
@@ -21759,8 +26812,6 @@
{
if (linelen == -1)
linelen = strlen(line);
-diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
-index a5c8601..8176b76 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -1,59 +1,10 @@
@@ -21852,8 +26903,6 @@
p = strrchr(value, ',');
if (!p) {
ln = name;
-diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c
-index f90b442..8260939 100644
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@@ -1,55 +1,10 @@
@@ -21935,8 +26984,6 @@
{
char *eptr;
int nid, i, rv = 0;
-diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
-index 93b7b90..1f5be53 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -1,59 +1,10 @@
@@ -22004,7 +27051,7 @@
*/
#include <stdio.h>
-@@ -66,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+@@ -66,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, c
{
ASN1_STRING *octmp;
@@ -22047,8 +27094,6 @@
}
/* Extract an ASN1 object from an ASN1_STRING */
-diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
-index 1657ac7..400effa 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -1,59 +1,10 @@
@@ -22127,7 +27172,7 @@
if (ctx == NULL)
return 0;
if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
-@@ -164,14 +115,8 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
+@@ -164,14 +115,8 @@ static int asn1_bio_init(BIO_ASN1_BUF_CT
if (ctx->buf == NULL)
return 0;
ctx->bufsize = size;
@@ -22142,8 +27187,6 @@
ctx->state = ASN1_STATE_START;
return 1;
}
-diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
-index 9a6eaf6..0f206b2 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -1,55 +1,10 @@
@@ -22207,7 +27250,7 @@
*/
#include <openssl/asn1.h>
-@@ -105,21 +60,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+@@ -105,21 +60,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
return NULL;
}
@@ -22234,11 +27277,9 @@
* needs.
*/
-diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
-index 3305ad1..6e42f86 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
-@@ -1,15 +1,26 @@
+@@ -1,15 +1,34 @@
/*
- * Auto generated with chartype.pl script. Mask of various character
- * properties
@@ -22262,22 +27303,28 @@
- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
- 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
++#define CHARTYPE_HOST_ANY 4096
++#define CHARTYPE_HOST_DOT 8192
++#define CHARTYPE_HOST_HYPHEN 16384
++#define CHARTYPE_HOST_WILD 32768
++
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
-+ 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-+ 120, 0, 1, 40, 0, 0, 0, 16, 1040, 1040, 1024, 25, 25, 16, 16, 16,
-+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
-+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
-+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1025, 0, 0, 0,
-+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
-+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
++ 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1, 40,
++ 0, 0, 0, 16, 1040, 1040, 33792, 25, 25, 16400, 8208, 16,
++ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 16, 9,
++ 9, 16, 9, 16, 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
++ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
++ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 0, 1025, 0, 0, 0,
++ 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
++ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
++ 4112, 4112, 4112, 0, 0, 0, 0, 2
};
-diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
-index 878504f..a3511da 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -1,7 +1,10 @@
@@ -22295,15 +27342,28 @@
use strict;
-@@ -18,6 +21,7 @@ my $NOESC_QUOTE = 8; # Not escaped if quoted
+@@ -18,6 +21,11 @@ my $NOESC_QUOTE = 8; # Not escaped if qu
my $PSTRING_CHAR = 0x10; # Valid PrintableString character
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
+my $RFC2254_ESC = 0x400; # Character escaped \XX
++my $HOST_ANY = 0x1000; # Valid hostname character anywhere in label
++my $HOST_DOT = 0x2000; # Dot: hostname label separator
++my $HOST_HYPHEN = 0x4000; # Hyphen: not valid at start or end.
++my $HOST_WILD = 0x8000; # Wildcard character
for($i = 0; $i < 128; $i++) {
# Set the RFC2253 escape characters (control)
-@@ -49,6 +53,14 @@ $arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+@@ -30,7 +38,7 @@ for($i = 0; $i < 128; $i++) {
+ if( ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+ || ( ( $i >= ord("A")) && ( $i <= ord("Z")) )
+ || ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) {
+- $arr[$i] |= $PSTRING_CHAR;
++ $arr[$i] |= $PSTRING_CHAR | $HOST_ANY;
+ }
+ }
+
+@@ -49,6 +57,14 @@ for($i = 0; $i < 128; $i++) {
$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
@@ -22312,13 +27372,24 @@
+$arr[0] |= $RFC2254_ESC;
+$arr[ord("(")] |= $RFC2254_ESC;
+$arr[ord(")")] |= $RFC2254_ESC;
-+$arr[ord("*")] |= $RFC2254_ESC;
++$arr[ord("*")] |= $RFC2254_ESC | $HOST_WILD;
+$arr[ord("\\")] |= $RFC2254_ESC;
+
# Remaining PrintableString characters
$arr[ord(" ")] |= $PSTRING_CHAR;
-@@ -67,17 +79,30 @@ $arr[ord("?")] |= $PSTRING_CHAR;
+@@ -57,8 +73,8 @@ for($i = 0; $i < 128; $i++) {
+ $arr[ord(")")] |= $PSTRING_CHAR;
+ $arr[ord("+")] |= $PSTRING_CHAR;
+ $arr[ord(",")] |= $PSTRING_CHAR;
+-$arr[ord("-")] |= $PSTRING_CHAR;
+-$arr[ord(".")] |= $PSTRING_CHAR;
++$arr[ord("-")] |= $PSTRING_CHAR | $HOST_HYPHEN;
++$arr[ord(".")] |= $PSTRING_CHAR | $HOST_DOT;
+ $arr[ord("/")] |= $PSTRING_CHAR;
+ $arr[ord(":")] |= $PSTRING_CHAR;
+ $arr[ord("=")] |= $PSTRING_CHAR;
+@@ -67,17 +83,35 @@ for($i = 0; $i < 128; $i++) {
# Now generate the C code
print <<EOF;
@@ -22335,6 +27406,11 @@
+ * https://www.openssl.org/source/license.html
+ */
+
++#define CHARTYPE_HOST_ANY $HOST_ANY
++#define CHARTYPE_HOST_DOT $HOST_DOT
++#define CHARTYPE_HOST_HYPHEN $HOST_HYPHEN
++#define CHARTYPE_HOST_WILD $HOST_WILD
++
+/*
* Mask of various character properties
*/
@@ -22347,21 +27423,21 @@
for($i = 0; $i < 128; $i++) {
- print("\n") if($i && (($i % 16) == 0));
- printf("%2d", $arr[$i]);
-+ print("\n ") if($i && (($i % 16) == 0));
-+ printf(" %2d", $arr[$i]);
++ print("\n ") if($i && (($i % 12) == 0));
++ printf(" %4d", $arr[$i]);
print(",") if ($i != 127);
}
-print("\n};\n\n");
+print("\n};\n");
-diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
-index 85567ce..e311b90 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -22409,9 +27485,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -22423,7 +27497,7 @@
*/
#include <stdio.h>
-@@ -93,15 +45,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+@@ -93,15 +45,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_P
if (!ret->ameth->old_priv_decode ||
!ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
@@ -22444,8 +27518,6 @@
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
-diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
-index 3ebdb5d..dfdc1a6 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -1,58 +1,10 @@
@@ -22513,8 +27585,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
-index 79e7121..f7416e5 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -1,58 +1,10 @@
@@ -22582,8 +27652,24 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
-index 0feb7a1..0f16ac0 100644
+@@ -75,7 +27,7 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE
+ }
+
+ /* int max_len: for returned value */
+-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
++int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
+ {
+ int ret, num;
+ unsigned char *p;
+@@ -128,7 +80,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_T
+ * we return the actual length...
+ */
+ /* int max_len: for returned value */
+-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
++int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len)
+ {
+ asn1_int_oct *atmp = NULL;
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -1,61 +1,14 @@
@@ -22655,7 +27741,7 @@
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/asn1.h>
-@@ -174,14 +127,8 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+@@ -174,14 +127,8 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
}
for (j = 0; j < i; j++, k += 2) {
for (n = 0; n < 2; n++) {
@@ -22672,7 +27758,7 @@
ASN1err(ASN1_F_A2I_ASN1_INTEGER,
ASN1_R_NON_HEX_CHARACTERS);
goto err;
-@@ -201,6 +148,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+@@ -201,6 +148,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
return 1;
err:
ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
@@ -22680,8 +27766,6 @@
return 0;
}
-diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
-index 7d9eb14..0e03139 100644
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -1,61 +1,14 @@
@@ -22753,7 +27837,7 @@
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/asn1.h>
-@@ -151,6 +104,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+@@ -151,6 +104,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
i -= again;
if (i % 2 != 0) {
ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
@@ -22761,7 +27845,7 @@
return 0;
}
i /= 2;
-@@ -166,16 +120,11 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+@@ -166,16 +120,11 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
}
for (j = 0; j < i; j++, k += 2) {
for (n = 0; n < 2; n++) {
@@ -22781,15 +27865,13 @@
return 0;
}
s[num + j] <<= 4;
-@@ -194,5 +143,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+@@ -194,5 +143,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
err:
ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+ OPENSSL_free(s);
return 0;
}
-diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
-index 7ca643f..445b0c8 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -1,58 +1,10 @@
@@ -22857,7 +27939,7 @@
*/
#include <stdio.h>
-@@ -69,10 +21,13 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+@@ -69,10 +21,13 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned
}
if (a->ameth && a->ameth->priv_encode) {
PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
@@ -22874,8 +27956,6 @@
- return (-1);
+ return -1;
}
-diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
-index c1504d8..8986c43 100644
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -1,58 +1,10 @@
@@ -22943,8 +28023,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
-index c7382bd..267ce60 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -1,58 +1,10 @@
@@ -23012,8 +28090,6 @@
*/
#include "openssl/opensslconf.h"
-diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c
-index 550fc8e..c7baf40 100644
--- a/crypto/asn1/nsseq.c
+++ b/crypto/asn1/nsseq.c
@@ -1,59 +1,10 @@
@@ -23081,8 +28157,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
-index e75ab7e..92da23e 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -1,59 +1,10 @@
@@ -23150,8 +28224,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
-index 244706a..9687057 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -1,59 +1,10 @@
@@ -23219,7 +28291,7 @@
*/
#include <stdio.h>
-@@ -140,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+@@ -140,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_
if ((prf_nid == -1) &&
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
ERR_clear_error();
@@ -23228,8 +28300,6 @@
}
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
-diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
-index 6ee7ef4..cc1f76c 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -1,59 +1,10 @@
@@ -23297,8 +28367,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
-index 1e062a9..ebee6b5 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -1,59 +1,10 @@
@@ -23366,8 +28434,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
-index 2b38e05..c0aeca4 100644
--- a/crypto/asn1/t_bitst.c
+++ b/crypto/asn1/t_bitst.c
@@ -1,59 +1,10 @@
@@ -23435,7 +28501,7 @@
*/
#include <stdio.h>
-@@ -79,7 +30,7 @@ int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+@@ -79,7 +30,7 @@ int ASN1_BIT_STRING_name_print(BIO *out,
return 1;
}
@@ -23444,7 +28510,7 @@
BIT_STRING_BITNAME *tbl)
{
int bitnum;
-@@ -93,7 +44,7 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+@@ -93,7 +44,7 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STR
return 1;
}
@@ -23453,8 +28519,6 @@
{
BIT_STRING_BITNAME *bnam;
for (bnam = tbl; bnam->lname; bnam++) {
-diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
-index b17862c..7a570ee 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -1,58 +1,10 @@
@@ -23522,7 +28586,16 @@
*/
#include <stdio.h>
-@@ -79,7 +31,7 @@ int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent)
+@@ -66,7 +18,7 @@
+ /* Maximum indent */
+ #define ASN1_PRINT_MAX_INDENT 128
+
+-int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent)
++int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
+ {
+ size_t i;
+
+@@ -79,7 +31,7 @@ int ASN1_buf_print(BIO *bp, unsigned cha
}
/*
* Use colon separators for each octet for compatibility as
@@ -23531,8 +28604,6 @@
*/
if (BIO_printf(bp, "%02x%s", buf[i],
(i == buflen - 1) ? "" : ":") <= 0)
-diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
-index bc20c14..51b56d0 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -1,59 +1,10 @@
@@ -23600,8 +28671,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
-index 5715921..a1b0e28 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -1,59 +1,10 @@
@@ -23677,16 +28746,18 @@
#include "asn1_locl.h"
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
-@@ -349,6 +301,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+@@ -348,7 +300,9 @@ static int asn1_item_embed_d2i(ASN1_VALU
+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 1);
+- seqtt = asn1_do_adb(pval, tt, 1);
++ seqtt = asn1_do_adb(pval, tt, 0);
+ if (seqtt == NULL)
+ continue;
pseqval = asn1_get_field_ptr(pval, seqtt);
asn1_template_free(pseqval, seqtt);
}
-@@ -359,7 +313,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+@@ -359,7 +313,7 @@ static int asn1_item_embed_d2i(ASN1_VALU
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
@@ -23695,7 +28766,7 @@
goto err;
pseqval = asn1_get_field_ptr(pval, seqtt);
/* Have we ran out of data? */
-@@ -424,7 +378,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+@@ -424,7 +378,7 @@ static int asn1_item_embed_d2i(ASN1_VALU
for (; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(pval, tt, 1);
@@ -23704,7 +28775,7 @@
goto err;
if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
ASN1_VALUE **pseqval;
-@@ -584,7 +538,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+@@ -584,7 +538,7 @@ static int asn1_template_noexp_d2i(ASN1_
} else if (ret == -1)
return -1;
if (!*val)
@@ -23713,7 +28784,7 @@
else {
/*
* We've got a valid STACK: free up any items present
-@@ -858,9 +812,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+@@ -858,9 +812,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval
break;
case V_ASN1_INTEGER:
@@ -23723,7 +28794,7 @@
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
-@@ -946,7 +898,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+@@ -946,7 +898,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval
static int asn1_find_end(const unsigned char **in, long len, char inf)
{
@@ -23732,7 +28803,7 @@
long plen;
const unsigned char *p = *in, *q;
/* If not indefinite length constructed just add length */
-@@ -976,10 +928,15 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
+@@ -976,10 +928,15 @@ static int asn1_find_end(const unsigned
ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
@@ -23750,8 +28821,6 @@
len -= p - q;
}
if (expected_eoc) {
-diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
-index 0d25cf9..9526cff 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -1,59 +1,10 @@
@@ -23819,7 +28888,7 @@
*/
#include <stddef.h>
-@@ -600,9 +551,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+@@ -600,9 +551,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval
cout ? &cout : NULL);
case V_ASN1_INTEGER:
@@ -23829,8 +28898,6 @@
/*
* These are all have the same content format as ASN1_INTEGER
*/
-diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
-index 2fc036f..d467b89 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -1,59 +1,10 @@
@@ -23898,7 +28965,7 @@
*/
#include <stddef.h>
-@@ -138,7 +89,7 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+@@ -138,7 +89,7 @@ static void asn1_item_embed_free(ASN1_VA
case ASN1_ITYPE_NDEF_SEQUENCE:
case ASN1_ITYPE_SEQUENCE:
@@ -23907,7 +28974,7 @@
return;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
-@@ -151,9 +102,11 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+@@ -151,9 +102,11 @@ static void asn1_item_embed_free(ASN1_VA
* field and we wont be able to determine the type of the field it
* defines. So free up in reverse order.
*/
@@ -23921,8 +28988,6 @@
seqtt = asn1_do_adb(pval, tt, 0);
if (!seqtt)
continue;
-diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
-index 9e8ba9c..897120d 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -1,59 +1,10 @@
@@ -23990,7 +29055,7 @@
*/
#include <stddef.h>
-@@ -172,7 +123,9 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+@@ -172,7 +123,9 @@ int asn1_item_embed_new(ASN1_VALUE **pva
if (*pval == NULL)
goto memerr;
}
@@ -24001,8 +29066,6 @@
asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
-diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
-index f6bd218..9f4c81e 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -1,59 +1,10 @@
@@ -24070,8 +29133,18 @@
*/
#include <stddef.h>
-@@ -218,7 +169,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+@@ -200,7 +151,8 @@ static int asn1_item_print_ctx(BIO *out,
+ } else
+ asn1_cb = 0;
+
+- if (*fld == NULL) {
++ if (((it->itype != ASN1_ITYPE_PRIMITIVE)
++ || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
+ if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
+ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
return 0;
+@@ -218,7 +170,7 @@ static int asn1_item_print_ctx(BIO *out,
+ return 0;
break;
}
- /* fall thru */
@@ -24079,7 +29152,7 @@
case ASN1_ITYPE_MSTRING:
if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
return 0;
-@@ -314,6 +265,7 @@ int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+@@ -314,6 +266,7 @@ int asn1_template_print_ctx(BIO *out, AS
{
int i, flags;
const char *sname, *fname;
@@ -24087,7 +29160,7 @@
flags = tt->flags;
if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
sname = ASN1_ITEM_ptr(tt->item)->sname;
-@@ -323,6 +275,16 @@ int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+@@ -323,6 +276,16 @@ int asn1_template_print_ctx(BIO *out, AS
fname = NULL;
else
fname = tt->field_name;
@@ -24104,8 +29177,44 @@
if (flags & ASN1_TFLG_SK_MASK) {
char *tname;
ASN1_VALUE *skitem;
-diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c
-index a775839..e1df2cf 100644
+@@ -431,6 +394,8 @@ static int asn1_print_integer(BIO *out,
+ char *s;
+ int ret = 1;
+ s = i2s_ASN1_INTEGER(NULL, str);
++ if (s == NULL)
++ return 0;
+ if (BIO_puts(out, s) <= 0)
+ ret = 0;
+ OPENSSL_free(s);
+@@ -458,7 +423,7 @@ static int asn1_print_obstring(BIO *out,
+ } else if (BIO_puts(out, "\n") <= 0)
+ return 0;
+ if ((str->length > 0)
+- && BIO_dump_indent(out, (char *)str->data, str->length,
++ && BIO_dump_indent(out, (const char *)str->data, str->length,
+ indent + 2) <= 0)
+ return 0;
+ return 1;
+@@ -479,11 +444,16 @@ static int asn1_primitive_print(BIO *out
+ return 0;
+ if (pf && pf->prim_print)
+ return pf->prim_print(out, fld, it, indent, pctx);
+- str = (ASN1_STRING *)*fld;
+- if (it->itype == ASN1_ITYPE_MSTRING)
++ if (it->itype == ASN1_ITYPE_MSTRING) {
++ str = (ASN1_STRING *)*fld;
+ utype = str->type & ~V_ASN1_NEG;
+- else
++ } else {
+ utype = it->utype;
++ if (utype == V_ASN1_BOOLEAN)
++ str = NULL;
++ else
++ str = (ASN1_STRING *)*fld;
++ }
+ if (utype == V_ASN1_ANY) {
+ ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+ utype = atype->type;
--- a/crypto/asn1/tasn_scn.c
+++ b/crypto/asn1/tasn_scn.c
@@ -1,59 +1,10 @@
@@ -24184,8 +29293,6 @@
if (ret == NULL) {
ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
-diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c
-index da9a80a..98d9879 100644
--- a/crypto/asn1/tasn_typ.c
+++ b/crypto/asn1/tasn_typ.c
@@ -1,60 +1,12 @@
@@ -24255,8 +29362,6 @@
#include <stdio.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
-diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
-index 41f2fc2..f79d7d6 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -1,59 +1,10 @@
@@ -24324,7 +29429,7 @@
*/
#include <stddef.h>
-@@ -95,12 +46,14 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+@@ -95,12 +46,14 @@ int asn1_set_choice_selector(ASN1_VALUE
}
/*
@@ -24344,7 +29449,7 @@
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
{
const ASN1_AUX *aux;
-@@ -117,17 +70,22 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+@@ -117,17 +70,22 @@ int asn1_do_lock(ASN1_VALUE **pval, int
if (op == 0) {
*lck = 1;
*lock = CRYPTO_THREAD_lock_new();
@@ -24371,7 +29476,7 @@
return ret;
}
-@@ -235,7 +193,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+@@ -235,7 +193,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VA
sfld = offset2ptr(*pval, adb->offset);
/* Check if NULL */
@@ -24380,8 +29485,6 @@
if (!adb->null_tt)
goto err;
return adb->null_tt;
-diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
-index 30c59d8..dfebf68 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -1,59 +1,10 @@
@@ -24449,8 +29552,6 @@
*/
#include <stddef.h>
-diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
-index c8072e3..db6ce82 100644
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@@ -1,59 +1,10 @@
@@ -24518,8 +29619,49 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
-index b49c787..8d99f07 100644
+@@ -80,6 +31,8 @@ static int bn_c2i(ASN1_VALUE **pval, con
+ int utype, char *free_cont, const ASN1_ITEM *it);
+ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it);
++static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
++ int indent, const ASN1_PCTX *pctx);
+
+ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+ NULL, 0,
+@@ -87,7 +40,8 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf =
+ bn_free,
+ 0,
+ bn_c2i,
+- bn_i2c
++ bn_i2c,
++ bn_print
+ };
+
+ static ASN1_PRIMITIVE_FUNCS cbignum_pf = {
+@@ -96,7 +50,8 @@ static ASN1_PRIMITIVE_FUNCS cbignum_pf =
+ bn_free,
+ 0,
+ bn_secure_c2i,
+- bn_i2c
++ bn_i2c,
++ bn_print
+ };
+
+ ASN1_ITEM_start(BIGNUM)
+@@ -179,3 +134,13 @@ static int bn_secure_c2i(ASN1_VALUE **pv
+ bn_secure_new(pval, it);
+ return bn_c2i(pval, cont, len, utype, free_cont, it);
+ }
++
++static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
++ int indent, const ASN1_PCTX *pctx)
++{
++ if (!BN_print(out, *(BIGNUM **)pval))
++ return 0;
++ if (BIO_puts(out, "\n") <= 0)
++ return 0;
++ return 1;
++}
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -1,58 +1,10 @@
@@ -24587,8 +29729,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
-index f804282..0af7875 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -1,59 +1,10 @@
@@ -24656,7 +29796,16 @@
*/
#include <stdio.h>
-@@ -177,8 +128,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+@@ -125,7 +76,7 @@ static int long_i2c(ASN1_VALUE **pval, u
+ * set.
+ */
+ if (ltmp < 0)
+- utmp = -ltmp - 1;
++ utmp = -(unsigned long)ltmp - 1;
+ else
+ utmp = ltmp;
+ clen = BN_num_bits_word(utmp);
+@@ -177,8 +128,8 @@ static int long_c2i(ASN1_VALUE **pval, c
}
ltmp = (long)utmp;
if (neg) {
@@ -24666,8 +29815,6 @@
}
if (ltmp == it->size) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
-index 1e80d9e..593049f 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -1,58 +1,10 @@
@@ -24735,8 +29882,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
-index b880e24..d5b0b69 100644
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@@ -1,58 +1,10 @@
@@ -24804,8 +29949,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
-index 636f69b..c45400b 100644
--- a/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
@@ -1,58 +1,10 @@
@@ -24873,8 +30016,6 @@
*/
/*
-diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
-index d9ebfe1..d1f1d3b 100644
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
@@ -1,58 +1,10 @@
@@ -24942,9 +30083,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/async/Makefile.in b/crypto/async/Makefile.in
-deleted file mode 100644
-index aa85749..0000000
--- a/crypto/async/Makefile.in
+++ /dev/null
@@ -1,63 +0,0 @@
@@ -25011,11 +30149,9 @@
- $(CC) $(CFLAGS) -c $< -o $@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c
-index 19fb72c..a9ae35d 100644
--- a/crypto/async/arch/async_null.c
+++ b/crypto/async/arch/async_null.c
-@@ -1,53 +1,10 @@
+@@ -1,62 +1,16 @@
/*
- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
- */
@@ -25038,7 +30174,8 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -25052,8 +30189,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -25074,8 +30210,22 @@
*/
/* This must be the first #include file */
-diff --git a/crypto/async/arch/async_null.h b/crypto/async/arch/async_null.h
-index a965bdb..aef40b5 100644
+ #include "../async_locl.h"
+
+ #ifdef ASYNC_NULL
+-# include <openssl/ct.h>
+-# include <openssl/x509v3.h>
+-
+ int ASYNC_is_capable(void)
+ {
+ return 0;
+@@ -65,6 +19,5 @@ int ASYNC_is_capable(void)
+ void async_local_cleanup(void)
+ {
+ }
+-
+ #endif
+
--- a/crypto/async/arch/async_null.h
+++ b/crypto/async/arch/async_null.h
@@ -1,53 +1,10 @@
@@ -25137,8 +30287,6 @@
*/
#include <openssl/async.h>
-diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c
-index 33f2a3f..02c342d 100644
--- a/crypto/async/arch/async_posix.c
+++ b/crypto/async/arch/async_posix.c
@@ -1,53 +1,10 @@
@@ -25200,8 +30348,6 @@
*/
/* This must be the first #include file */
-diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
-index de80f95..3c61f7f 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@@ -1,59 +1,19 @@
@@ -25282,8 +30428,6 @@
{
o->env_init = 1;
-diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c
-index 4f4c799..37a3111 100644
--- a/crypto/async/arch/async_win.c
+++ b/crypto/async/arch/async_win.c
@@ -1,53 +1,10 @@
@@ -25345,8 +30489,15 @@
*/
/* This must be the first #include file */
-diff --git a/crypto/async/arch/async_win.h b/crypto/async/arch/async_win.h
-index 4287330..61cfdd7 100644
+@@ -68,7 +25,7 @@ void async_local_cleanup(void)
+ async_ctx *ctx = async_get_ctx();
+ if (ctx != NULL) {
+ async_fibre *fibre = &ctx->dispatcher;
+- if(fibre != NULL && fibre->fibre != NULL && fibre->converted) {
++ if (fibre != NULL && fibre->fibre != NULL && fibre->converted) {
+ ConvertFiberToThread();
+ fibre->fibre = NULL;
+ }
--- a/crypto/async/arch/async_win.h
+++ b/crypto/async/arch/async_win.h
@@ -1,53 +1,10 @@
@@ -25408,8 +30559,6 @@
*/
/*
-diff --git a/crypto/async/async.c b/crypto/async/async.c
-index b4ba561..965a195 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -1,53 +1,10 @@
@@ -25435,7 +30584,8 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -25449,8 +30599,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -25479,8 +30628,23 @@
#include <openssl/err.h>
#include <internal/cryptlib_int.h>
#include <string.h>
-diff --git a/crypto/async/async_err.c b/crypto/async/async_err.c
-index 26b34d4..13c41cd 100644
+@@ -440,7 +396,7 @@ ASYNC_JOB *ASYNC_get_current_job(void)
+ async_ctx *ctx;
+
+ ctx = async_get_ctx();
+- if(ctx == NULL)
++ if (ctx == NULL)
+ return NULL;
+
+ return ctx->currjob;
+@@ -472,6 +428,6 @@ void ASYNC_unblock_pause(void)
+ */
+ return;
+ }
+- if(ctx->blocked > 0)
++ if (ctx->blocked > 0)
+ ctx->blocked--;
+ }
--- a/crypto/async/async_err.c
+++ b/crypto/async/async_err.c
@@ -1,61 +1,11 @@
@@ -25552,7 +30716,7 @@
*/
#include <stdio.h>
-@@ -79,12 +29,10 @@ static ERR_STRING_DATA ASYNC_str_functs[] = {
+@@ -79,18 +29,16 @@ static ERR_STRING_DATA ASYNC_str_functs[
};
static ERR_STRING_DATA ASYNC_str_reasons[] = {
@@ -25565,8 +30729,19 @@
{0, NULL}
};
-diff --git a/crypto/async/async_locl.h b/crypto/async/async_locl.h
-index 7fa1f26..786cf00 100644
+ #endif
+
+-void ERR_load_ASYNC_strings(void)
++int ERR_load_ASYNC_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -99,4 +47,5 @@ void ERR_load_ASYNC_strings(void)
+ ERR_load_strings(0, ASYNC_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/async/async_locl.h
+++ b/crypto/async/async_locl.h
@@ -1,53 +1,10 @@
@@ -25592,7 +30767,8 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -25606,8 +30782,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -25628,8 +30803,17 @@
*/
/*
-diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c
-index ece995f..e5ecaeb 100644
+@@ -59,6 +16,10 @@
+ # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ #endif
+
++#if defined(_WIN32)
++# include <windows.h>
++#endif
++
+ #include <internal/async.h>
+ #include <openssl/crypto.h>
+
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
@@ -1,53 +1,10 @@
@@ -25691,9 +30875,6 @@
*/
/* This must be the first #include file */
-diff --git a/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT
-deleted file mode 100644
-index 6857223..0000000
--- a/crypto/bf/COPYRIGHT
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -25743,9 +30924,6 @@
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
-diff --git a/crypto/bf/INSTALL b/crypto/bf/INSTALL
-deleted file mode 100644
-index 3b25923..0000000
--- a/crypto/bf/INSTALL
+++ /dev/null
@@ -1,14 +0,0 @@
@@ -25763,9 +30941,6 @@
-
-eric 15-Apr-1997
-
-diff --git a/crypto/bf/Makefile.in b/crypto/bf/Makefile.in
-deleted file mode 100644
-index a41b9d1..0000000
--- a/crypto/bf/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -25820,9 +30995,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/bf/VERSION b/crypto/bf/VERSION
-deleted file mode 100644
-index be99585..0000000
--- a/crypto/bf/VERSION
+++ /dev/null
@@ -1,6 +0,0 @@
@@ -25832,8 +31004,6 @@
- Peter Gutman <pgut001 at cs.auckland.ac.nz>
-
-0.7.2m - the first release
-diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl
-index 319a638..ebc24f4 100644
--- a/crypto/bf/asm/bf-586.pl
+++ b/crypto/bf/asm/bf-586.pl
@@ -1,4 +1,11 @@
@@ -25849,8 +31019,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
-diff --git a/crypto/bf/bf_cbc.c b/crypto/bf/bf_cbc.c
-index b052951..6ed6257 100644
--- a/crypto/bf/bf_cbc.c
+++ b/crypto/bf/bf_cbc.c
@@ -1,58 +1,10 @@
@@ -25918,14 +31086,14 @@
*/
#include <openssl/blowfish.h>
-diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
-index cab8bf8..ce6e13b 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -25973,9 +31141,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -25987,14 +31153,14 @@
*/
#include <openssl/blowfish.h>
-diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
-index a7640d8..aa73540 100644
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -26042,9 +31208,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -26056,14 +31220,14 @@
*/
#include <openssl/blowfish.h>
-diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
-index 04eb391..9f80c56 100644
--- a/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -26111,9 +31275,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -26125,14 +31287,14 @@
*/
#include <openssl/blowfish.h>
-diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
-index 5ad9ec2..7e5f92c 100644
--- a/crypto/bf/bf_locl.h
+++ b/crypto/bf/bf_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -26180,9 +31342,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -26194,14 +31354,14 @@
*/
#ifndef HEADER_BF_LOCL_H
-diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
-index 97a58ce..6418217 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -26249,9 +31409,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -26263,8 +31421,6 @@
*/
#include <openssl/blowfish.h>
-diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
-index c3e1873..a054b03 100644
--- a/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
@@ -1,58 +1,10 @@
@@ -26332,8 +31488,6 @@
*/
static const BF_KEY bf_init = {
-diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
-index 3cfc6a1..a4903a2 100644
--- a/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
@@ -1,58 +1,10 @@
@@ -26401,9 +31555,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bf/bfs.cpp b/crypto/bf/bfs.cpp
-deleted file mode 100644
-index d74c457..0000000
--- a/crypto/bf/bfs.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
@@ -26474,8 +31625,6 @@
- }
- }
-
-diff --git a/crypto/bf/build.info b/crypto/bf/build.info
-index b8f9820..37a004e 100644
--- a/crypto/bf/build.info
+++ b/crypto/bf/build.info
@@ -1,5 +1,6 @@
@@ -26486,9 +31635,6 @@
GENERATE[bf-586.s]=asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
-diff --git a/crypto/bio/Makefile.in b/crypto/bio/Makefile.in
-deleted file mode 100644
-index f57d357..0000000
--- a/crypto/bio/Makefile.in
+++ /dev/null
@@ -1,55 +0,0 @@
@@ -26547,11 +31693,9 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
-index eed40bf..b77fd4b 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
-@@ -1,61 +1,16 @@
+@@ -1,65 +1,21 @@
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
- *
@@ -26620,7 +31764,12 @@
#ifndef OPENSSL_NO_SOCK
#include <openssl/err.h>
-@@ -83,6 +38,11 @@ BIO_ADDR *BIO_ADDR_new(void)
+ #include <openssl/buffer.h>
++#include <internal/thread_once.h>
+ #include <ctype.h>
+
+ CRYPTO_RWLOCK *bio_lookup_lock;
+@@ -83,6 +39,11 @@ BIO_ADDR *BIO_ADDR_new(void)
{
BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
@@ -26632,7 +31781,7 @@
ret->sa.sa_family = AF_UNSPEC;
return ret;
}
-@@ -268,21 +228,35 @@ static int addr_strings(const BIO_ADDR *ap, int numeric,
+@@ -268,21 +229,35 @@ static int addr_strings(const BIO_ADDR *
ntohs(BIO_ADDR_rawport(ap)));
}
@@ -26672,7 +31821,7 @@
return 1;
}
-@@ -583,7 +557,7 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+@@ -583,7 +558,7 @@ int BIO_parse_hostserv(const char *hosts
* family, such as AF_UNIX
*
* the return value is 1 on success, or 0 on failure, which
@@ -26681,7 +31830,19 @@
*/
static int addrinfo_wrap(int family, int socktype,
const void *where, size_t wherelen,
-@@ -692,9 +666,6 @@ int BIO_lookup(const char *host, const char *service,
+@@ -627,9 +602,10 @@ static int addrinfo_wrap(int family, int
+ return 1;
+ }
+
+-static void do_bio_lookup_init(void)
++DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
+ {
+ bio_lookup_lock = CRYPTO_THREAD_lock_new();
++ return (bio_lookup_lock != NULL);
+ }
+
+ /*-
+@@ -692,9 +668,6 @@ int BIO_lookup(const char *host, const c
struct addrinfo hints;
memset(&hints, 0, sizeof hints);
@@ -26691,7 +31852,7 @@
hints.ai_family = family;
hints.ai_socktype = socktype;
-@@ -734,12 +705,12 @@ int BIO_lookup(const char *host, const char *service,
+@@ -734,12 +707,12 @@ int BIO_lookup(const char *host, const c
/* Windows doesn't seem to have in_addr_t */
#ifdef OPENSSL_SYS_WINDOWS
static uint32_t he_fallback_address;
@@ -26708,7 +31869,7 @@
#endif
static const struct hostent he_fallback =
{ NULL, NULL, AF_INET, sizeof(he_fallback_address),
-@@ -749,7 +720,7 @@ int BIO_lookup(const char *host, const char *service,
+@@ -749,14 +722,18 @@ int BIO_lookup(const char *host, const c
#endif
struct servent *se;
@@ -26717,8 +31878,18 @@
#ifdef _WIN64
struct servent se_fallback = { NULL, NULL, NULL, 0 };
#else
-diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
-index c586b76..a27954f 100644
+ struct servent se_fallback = { NULL, NULL, 0, NULL };
+ #endif
+
+- CRYPTO_THREAD_run_once(&bio_lookup_init, do_bio_lookup_init);
++ if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
++ BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
++ ret = 0;
++ goto err;
++ }
+
+ CRYPTO_THREAD_write_lock(bio_lookup_lock);
+ he_fallback_address = INADDR_ANY;
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -1,58 +1,10 @@
@@ -26786,8 +31957,6 @@
*/
/*
-diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
-index 72a2ee8..6808cdc 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -1,69 +1,16 @@
@@ -26898,7 +32067,7 @@
#ifdef HAVE_LONG_DOUBLE
# define LDOUBLE long double
#else
-@@ -122,7 +52,7 @@ static int fmtstr(char **, char **, size_t *, size_t *,
+@@ -122,7 +52,7 @@ static int fmtstr(char **, char **, size
static int fmtint(char **, char **, size_t *, size_t *,
LLONG, int, int, int, int);
static int fmtfp(char **, char **, size_t *, size_t *,
@@ -26907,7 +32076,7 @@
static int doapr_outch(char **, char **, size_t *, size_t *, int);
static int _dopr(char **sbuffer, char **buffer,
size_t *maxlen, size_t *retlen, int *truncated,
-@@ -139,12 +69,19 @@ static int _dopr(char **sbuffer, char **buffer,
+@@ -139,12 +69,19 @@ static int _dopr(char **sbuffer, char **
#define DP_S_DONE 7
/* format flags - Bits */
@@ -26927,7 +32096,7 @@
#define DP_F_UNSIGNED (1 << 6)
/* conversion flags */
-@@ -153,6 +90,11 @@ static int _dopr(char **sbuffer, char **buffer,
+@@ -153,6 +90,11 @@ static int _dopr(char **sbuffer, char **
#define DP_C_LDOUBLE 3
#define DP_C_LLONG 4
@@ -26939,7 +32108,7 @@
/* some handy macros */
#define char_to_int(p) (p - '0')
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-@@ -331,7 +273,7 @@ _dopr(char **sbuffer,
+@@ -331,7 +273,7 @@ static int
else
fvalue = va_arg(args, double);
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
@@ -26948,7 +32117,7 @@
return 0;
break;
case 'E':
-@@ -341,6 +283,9 @@ _dopr(char **sbuffer,
+@@ -341,6 +283,9 @@ static int
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
@@ -26958,7 +32127,7 @@
break;
case 'G':
flags |= DP_F_UP;
-@@ -349,6 +294,9 @@ _dopr(char **sbuffer,
+@@ -349,6 +294,9 @@ static int
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
@@ -26968,7 +32137,7 @@
break;
case 'c':
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-@@ -415,9 +363,15 @@ _dopr(char **sbuffer,
+@@ -415,9 +363,15 @@ static int
break;
}
}
@@ -27031,6 +32200,15 @@
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
++padlen;
+@@ -488,7 +451,7 @@ fmtint(char **sbuffer,
+ if (!(flags & DP_F_UNSIGNED)) {
+ if (value < 0) {
+ signvalue = '-';
+- uvalue = -value;
++ uvalue = -(unsigned LLONG)value;
+ } else if (flags & DP_F_PLUS)
+ signvalue = '+';
+ else if (flags & DP_F_SPACE)
@@ -599,23 +562,28 @@ static int
fmtfp(char **sbuffer,
char **buffer,
@@ -27247,8 +32425,6 @@
memcpy(*buffer, *sbuffer, *currlen);
}
*sbuffer = NULL;
-diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
-index a2d0100..ac2c2d1 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -1,58 +1,10 @@
@@ -27316,7 +32492,7 @@
*/
#include <stdio.h>
-@@ -141,7 +93,7 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
+@@ -141,7 +93,7 @@ int BIO_get_port(const char *str, unsign
int BIO_sock_error(int sock)
{
int j = 0, i;
@@ -27359,8 +32535,6 @@
OPENSSL_free(host);
OPENSSL_free(port);
}
-diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
-index 9f092fc..726b062 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -1,55 +1,10 @@
@@ -27425,7 +32599,7 @@
*/
#include <stdio.h>
-@@ -294,8 +249,10 @@ int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options)
+@@ -294,8 +249,10 @@ int BIO_accept_ex(int accept_sock, BIO_A
return INVALID_SOCKET;
}
@@ -27437,8 +32611,6 @@
return accepted_sock;
}
-diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
-index 361d26a..702581e 100644
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -1,58 +1,10 @@
@@ -27506,8 +32678,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
-index d8c90f5..ed25b1f 100644
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -1,58 +1,10 @@
@@ -27575,14 +32745,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
-index cefd35f..364d9fb 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -27630,9 +32800,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -27644,14 +32812,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
-index 162e250..0736b3f 100644
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -27699,9 +32867,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -27713,8 +32879,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
-index 552b66e..860208b 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -1,58 +1,10 @@
@@ -27782,8 +32946,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
-index 36b9dfe..7553182 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -1,62 +1,11 @@
@@ -27856,7 +33018,7 @@
*/
#include <stdio.h>
-@@ -74,13 +23,11 @@ static ERR_STRING_DATA BIO_str_functs[] = {
+@@ -74,13 +23,11 @@ static ERR_STRING_DATA BIO_str_functs[]
{ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"},
{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
{ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"},
@@ -27871,15 +33033,7 @@
{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
{ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"},
-@@ -96,6 +43,7 @@ static ERR_STRING_DATA BIO_str_functs[] = {
- {ERR_FUNC(BIO_F_BIO_PARSE_HOSTSERV), "BIO_parse_hostserv"},
- {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
- {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
-+ {ERR_FUNC(BIO_F_BIO_SET), "BIO_set"},
- {ERR_FUNC(BIO_F_BIO_SOCKET), "BIO_socket"},
- {ERR_FUNC(BIO_F_BIO_SOCKET_NBIO), "BIO_socket_nbio"},
- {ERR_FUNC(BIO_F_BIO_SOCK_INFO), "BIO_sock_info"},
-@@ -109,10 +57,8 @@ static ERR_STRING_DATA BIO_str_functs[] = {
+@@ -109,10 +56,8 @@ static ERR_STRING_DATA BIO_str_functs[]
{ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"},
{ERR_FUNC(BIO_F_FILE_READ), "file_read"},
{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"},
@@ -27890,7 +33044,7 @@
{0, NULL}
};
-@@ -120,17 +66,11 @@ static ERR_STRING_DATA BIO_str_reasons[] = {
+@@ -120,17 +65,11 @@ static ERR_STRING_DATA BIO_str_reasons[]
{ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
{ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
"addrinfo addr is not af inet"},
@@ -27910,7 +33064,7 @@
{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
"gethostbyname addr is not af inet"},
{ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
-@@ -138,25 +78,20 @@ static ERR_STRING_DATA BIO_str_reasons[] = {
+@@ -138,25 +77,20 @@ static ERR_STRING_DATA BIO_str_reasons[]
"getsockname truncated address"},
{ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"},
{ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
@@ -27938,8 +33092,21 @@
{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
{ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"},
-diff --git a/crypto/bio/bio_lcl.h b/crypto/bio/bio_lcl.h
-index 52c9e79..f5a886c 100644
+@@ -177,7 +111,7 @@ static ERR_STRING_DATA BIO_str_reasons[]
+
+ #endif
+
+-void ERR_load_BIO_strings(void)
++int ERR_load_BIO_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -186,4 +120,5 @@ void ERR_load_BIO_strings(void)
+ ERR_load_strings(0, BIO_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/bio/bio_lcl.h
+++ b/crypto/bio/bio_lcl.h
@@ -1,3 +1,12 @@
@@ -27955,14 +33122,14 @@
#define USE_SOCKETS
#include "e_os.h"
-diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
-index 94c97da..0b111c6 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -28010,9 +33177,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -28024,21 +33189,81 @@
*/
#include <stdio.h>
-@@ -93,10 +45,12 @@ int BIO_set(BIO *bio, const BIO_METHOD *method)
+@@ -60,56 +12,42 @@
+ #include <openssl/crypto.h>
+ #include "bio_lcl.h"
+ #include "internal/cryptlib.h"
+-#include <openssl/stack.h>
+
+ BIO *BIO_new(const BIO_METHOD *method)
+ {
+- BIO *ret = OPENSSL_malloc(sizeof(*ret));
++ BIO *bio = OPENSSL_zalloc(sizeof(*bio));
+
+- if (ret == NULL) {
++ if (bio == NULL) {
+ BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+- if (!BIO_set(ret, method)) {
+- OPENSSL_free(ret);
+- ret = NULL;
+- }
+- return (ret);
+-}
+
+-int BIO_set(BIO *bio, const BIO_METHOD *method)
+-{
+ bio->method = method;
+- bio->callback = NULL;
+- bio->cb_arg = NULL;
+- bio->init = 0;
+ bio->shutdown = 1;
+- bio->flags = 0;
+- bio->retry_reason = 0;
+- bio->num = 0;
+- bio->ptr = NULL;
+- bio->prev_bio = NULL;
+- bio->next_bio = NULL;
bio->references = 1;
- bio->num_read = 0L;
- bio->num_write = 0L;
+- bio->num_read = 0L;
+- bio->num_write = 0L;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
++
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
-+ return 0;
++ goto err;
bio->lock = CRYPTO_THREAD_lock_new();
if (bio->lock == NULL) {
-+ BIOerr(BIO_F_BIO_SET, ERR_R_MALLOC_FAILURE);
++ BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
- return 0;
+- return 0;
++ goto err;
}
-@@ -130,13 +84,13 @@ int BIO_free(BIO *a)
+
+- if (method->create != NULL) {
+- if (!method->create(bio)) {
+- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+- CRYPTO_THREAD_lock_free(bio->lock);
+- return 0;
+- }
++ if (method->create != NULL && !method->create(bio)) {
++ BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL);
++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
++ CRYPTO_THREAD_lock_free(bio->lock);
++ goto err;
+ }
+
+- return 1;
++ return bio;
++
++err:
++ OPENSSL_free(bio);
++ return NULL;
+ }
+
+ int BIO_free(BIO *a)
+@@ -130,13 +68,13 @@ int BIO_free(BIO *a)
((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
return i;
@@ -28055,8 +33280,6 @@
OPENSSL_free(a);
return 1;
-diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c
-index 88ce8c3..d172047 100644
--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
@@ -1,55 +1,10 @@
@@ -28121,8 +33344,6 @@
*/
#include "bio_lcl.h"
-diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
-index 8cd66fe..628da9e 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -1,58 +1,10 @@
@@ -28190,7 +33411,7 @@
*/
#include <stdio.h>
-@@ -474,16 +426,17 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+@@ -474,16 +426,17 @@ static long acpt_ctrl(BIO *b, int cmd, l
data->param_serv = BUF_strdup(ptr);
b->init = 1;
} else if (num == 2) {
@@ -28212,8 +33433,6 @@
}
break;
case BIO_C_SET_NBIO:
-diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
-index 2991c3a..de34f6b 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -1,55 +1,10 @@
@@ -28296,7 +33515,7 @@
bio->ptr = b;
return 1;
-@@ -627,16 +579,15 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+@@ -627,16 +579,15 @@ static long bio_ctrl(BIO *bio, int cmd,
break;
case BIO_CTRL_EOF:
@@ -28320,8 +33539,6 @@
}
break;
-diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
-index a4949b3..dfd0988 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -1,58 +1,10 @@
@@ -28389,7 +33606,7 @@
*/
#include <stdio.h>
-@@ -198,7 +150,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
+@@ -198,7 +150,7 @@ static int conn_state(BIO *b, BIO_CONNEC
ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
BIO_SOCK_KEEPALIVE | c->connect_mode);
b->retry_reason = 0;
@@ -28398,8 +33615,6 @@
if (BIO_sock_should_retry(ret)) {
BIO_set_retry_special(b);
c->state = BIO_CONN_S_BLOCKED_CONNECT;
-diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
-index cf2f9f6..6dfcc9b 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -1,59 +1,10 @@
@@ -28480,14 +33695,14 @@
static int dgram_write(BIO *h, const char *buf, int num);
static int dgram_read(BIO *h, char *buf, int size);
static int dgram_puts(BIO *h, const char *str);
-diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
-index 983e9fe..1e56cb6 100644
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -28535,9 +33750,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -28549,8 +33762,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
-index a37e89d..4f79c32 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -1,58 +1,10 @@
@@ -28618,7 +33829,7 @@
*/
/*-
-@@ -109,61 +61,10 @@ static const BIO_METHOD methods_filep = {
+@@ -109,61 +61,10 @@ static const BIO_METHOD methods_filep =
NULL,
};
@@ -28681,7 +33892,7 @@
int fp_flags = BIO_CLOSE;
if (strchr(mode, 'b') == NULL)
-@@ -381,7 +282,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+@@ -381,7 +282,7 @@ static long file_ctrl(BIO *b, int cmd, l
else
strcat(p, "t");
# endif
@@ -28690,8 +33901,6 @@
if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
-diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c
-index c2c8c79..6cbde4d 100644
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@@ -1,55 +1,10 @@
@@ -28756,8 +33965,6 @@
*/
/*
-diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
-index 46bd034..80da3a1 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -1,58 +1,10 @@
@@ -28825,7 +34032,7 @@
*/
#include <stdio.h>
-@@ -150,17 +102,22 @@ static int mem_init(BIO *bi, unsigned long flags)
+@@ -150,17 +102,22 @@ static int mem_init(BIO *bi, unsigned lo
BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb));
if (bb == NULL)
@@ -28854,8 +34061,34 @@
}
static int mem_new(BIO *bi)
-diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
-index 29561c7..e5c4adc 100644
+@@ -187,12 +144,12 @@ static int mem_buf_free(BIO *a, int free
+ BUF_MEM *b;
+ BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+
+- if(bb != NULL) {
++ if (bb != NULL) {
+ b = bb->buf;
+ if (a->flags & BIO_FLAGS_MEM_RDONLY)
+ b->data = NULL;
+ BUF_MEM_free(b);
+- if(free_all) {
++ if (free_all) {
+ OPENSSL_free(bb->readp);
+ OPENSSL_free(bb);
+ }
+@@ -208,10 +165,10 @@ static int mem_buf_free(BIO *a, int free
+ */
+ static int mem_buf_sync(BIO *b)
+ {
+- if((b != NULL) && (b->init) && (b->ptr != NULL)) {
++ if (b != NULL && b->init != 0 && b->ptr != NULL) {
+ BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+- if(bbm->readp->data != bbm->buf->data) {
++ if (bbm->readp->data != bbm->buf->data) {
+ memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length);
+ bbm->buf->length = bbm->readp->length;
+ bbm->readp->data = bbm->buf->data;
--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
@@ -1,58 +1,10 @@
@@ -28923,8 +34156,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
-index c1f76a2..570e898 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -1,58 +1,10 @@
@@ -29005,9 +34236,6 @@
# define sock_read SockRead
# define sock_puts SockPuts
# endif
-diff --git a/crypto/blake2/Makefile.in b/crypto/blake2/Makefile.in
-deleted file mode 100644
-index ebfaa04..0000000
--- a/crypto/blake2/Makefile.in
+++ /dev/null
@@ -1,41 +0,0 @@
@@ -29052,8 +34280,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/blake2/blake2_impl.h b/crypto/blake2/blake2_impl.h
-index 335a383..8fe5c95 100644
--- a/crypto/blake2/blake2_impl.h
+++ b/crypto/blake2/blake2_impl.h
@@ -1,16 +1,15 @@
@@ -29077,8 +34303,6 @@
* More information about the BLAKE2 hash function and its implementations
* can be found at https://blake2.net.
*/
-diff --git a/crypto/blake2/blake2_locl.h b/crypto/blake2/blake2_locl.h
-index 10334b1..fb7beb9 100644
--- a/crypto/blake2/blake2_locl.h
+++ b/crypto/blake2/blake2_locl.h
@@ -1,16 +1,15 @@
@@ -29102,8 +34326,6 @@
* More information about the BLAKE2 hash function and its implementations
* can be found at https://blake2.net.
*/
-diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c
-index 8e92a0a..e77bd9a 100644
--- a/crypto/blake2/blake2b.c
+++ b/crypto/blake2/blake2b.c
@@ -1,16 +1,15 @@
@@ -29127,7 +34349,7 @@
* More information about the BLAKE2 hash function and its implementations
* can be found at https://blake2.net.
*/
-@@ -229,8 +228,8 @@ int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+@@ -229,8 +228,8 @@ int BLAKE2b_Update(BLAKE2B_CTX *c, const
if (datalen > BLAKE2B_BLOCKBYTES) {
size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
/*
@@ -29138,8 +34360,6 @@
*/
stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
datalen -= stashlen;
-diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c
-index 227fa10..0b3503e 100644
--- a/crypto/blake2/blake2s.c
+++ b/crypto/blake2/blake2s.c
@@ -1,16 +1,15 @@
@@ -29163,7 +34383,7 @@
* More information about the BLAKE2 hash function and its implementations
* can be found at https://blake2.net.
*/
-@@ -223,8 +222,8 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+@@ -223,8 +222,8 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const
if (datalen > BLAKE2S_BLOCKBYTES) {
size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
/*
@@ -29174,8 +34394,6 @@
*/
stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
datalen -= stashlen;
-diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c
-index e06bb5b..82c6f6b 100644
--- a/crypto/blake2/m_blake2b.c
+++ b/crypto/blake2/m_blake2b.c
@@ -1,16 +1,15 @@
@@ -29208,8 +34426,6 @@
sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
};
-diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c
-index 6150e98..467e91a 100644
--- a/crypto/blake2/m_blake2s.c
+++ b/crypto/blake2/m_blake2s.c
@@ -1,16 +1,15 @@
@@ -29242,9 +34458,6 @@
sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
};
-diff --git a/crypto/bn/Makefile.in b/crypto/bn/Makefile.in
-deleted file mode 100644
-index 420eebb..0000000
--- a/crypto/bn/Makefile.in
+++ /dev/null
@@ -1,149 +0,0 @@
@@ -29397,9 +34610,6 @@
- $(CC) $(CFLAGS) -c $< -o $@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/bn/README.pod b/crypto/bn/README.pod
-new file mode 100644
-index 0000000..07e72aa
--- /dev/null
+++ b/crypto/bn/README.pod
@@ -0,0 +1,247 @@
@@ -29441,9 +34651,9 @@
+ int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-+ int dna,int dnb,BN_ULONG *tmp);
++ int dna, int dnb, BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
-+ int n, int tna,int tnb, BN_ULONG *tmp);
++ int n, int tna, int tnb, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n2, BN_ULONG *tmp);
+ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
@@ -29501,8 +34711,8 @@
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
-+flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and
-+BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
++flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
++BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+structure B<b>.
+
+Various routines in this library require the use of temporary
@@ -29529,7 +34739,7 @@
+B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
-+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
++bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
@@ -29650,8 +34860,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl
-index 2ac3532..1d68d6d 100644
--- a/crypto/bn/asm/alpha-mont.pl
+++ b/crypto/bn/asm/alpha-mont.pl
@@ -1,4 +1,11 @@
@@ -29667,8 +34875,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
-index 36681ee..0bb5433 100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -1,4 +1,11 @@
@@ -29684,8 +34890,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
-index c791502..0dc4fe9 100644
--- a/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/bn/asm/armv4-mont.pl
@@ -1,4 +1,11 @@
@@ -29701,8 +34905,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
-index f04aab1..5d5af1b 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -1,4 +1,11 @@
@@ -29718,8 +34920,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl
-index 3f34abe..1ca1bbf 100644
--- a/crypto/bn/asm/bn-586.pl
+++ b/crypto/bn/asm/bn-586.pl
@@ -1,4 +1,11 @@
@@ -29735,8 +34935,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
-diff --git a/crypto/bn/asm/bn-c64xplus.asm b/crypto/bn/asm/bn-c64xplus.asm
-index 7b72bff..de6d377 100644
--- a/crypto/bn/asm/bn-c64xplus.asm
+++ b/crypto/bn/asm/bn-c64xplus.asm
@@ -1,3 +1,10 @@
@@ -29750,8 +34948,6 @@
;;====================================================================
;; Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
;; project.
-diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl
-index c79f46f..c0e5400 100644
--- a/crypto/bn/asm/c64xplus-gf2m.pl
+++ b/crypto/bn/asm/c64xplus-gf2m.pl
@@ -1,4 +1,11 @@
@@ -29767,8 +34963,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl
-index ec3ea34..60d0363 100644
--- a/crypto/bn/asm/co-586.pl
+++ b/crypto/bn/asm/co-586.pl
@@ -1,4 +1,10 @@
@@ -29783,8 +34977,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
-diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl
-index 710ca3c..5cc5c59 100644
--- a/crypto/bn/asm/ia64-mont.pl
+++ b/crypto/bn/asm/ia64-mont.pl
@@ -1,4 +1,11 @@
@@ -29800,8 +34992,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
-index 9e090ab..2fdf5bb 100644
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@@ -3,6 +3,13 @@
@@ -29818,8 +35008,6 @@
//
// ====================================================================
// Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl
-index 3bccdf6..a907571 100644
--- a/crypto/bn/asm/mips-mont.pl
+++ b/crypto/bn/asm/mips-mont.pl
@@ -1,4 +1,11 @@
@@ -29835,8 +35023,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
-index 4c8eba0..e3a38bd 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -1,4 +1,11 @@
@@ -29852,8 +35038,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
-index f3b1629..413eac7 100644
--- a/crypto/bn/asm/pa-risc2.s
+++ b/crypto/bn/asm/pa-risc2.s
@@ -1,3 +1,9 @@
@@ -29866,8 +35050,6 @@
;
; PA-RISC 2.0 implementation of bn_asm code, based on the
; 64-bit version of the code. This code is effectively the
-diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
-index a995457..9738117 100644
--- a/crypto/bn/asm/pa-risc2W.s
+++ b/crypto/bn/asm/pa-risc2W.s
@@ -1,3 +1,10 @@
@@ -29881,8 +35063,6 @@
;
; PA-RISC 64-bit implementation of bn_asm code
;
-diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl
-index aa6c797..8aa94e8 100644
--- a/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/bn/asm/parisc-mont.pl
@@ -1,4 +1,11 @@
@@ -29898,8 +35078,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl
-index 6930a3a..5802260 100644
--- a/crypto/bn/asm/ppc-mont.pl
+++ b/crypto/bn/asm/ppc-mont.pl
@@ -1,4 +1,11 @@
@@ -29915,8 +35093,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl
-index 446d8ba..346e01f 100644
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
@@ -1,5 +1,11 @@
@@ -29932,8 +35108,6 @@
# Implemented as a Perl wrapper as we want to support several different
# architectures with single file. We pick up the target based on the
# file name we are asked to generate.
-diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl
-index 595fc6d..1e19c95 100644
--- a/crypto/bn/asm/ppc64-mont.pl
+++ b/crypto/bn/asm/ppc64-mont.pl
@@ -1,4 +1,11 @@
@@ -29949,8 +35123,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
-index 712a77f..0c1b236 100755
--- a/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/bn/asm/rsaz-avx2.pl
@@ -1,4 +1,11 @@
@@ -29966,7 +35138,7 @@
##############################################################################
# #
-@@ -103,7 +110,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-
+@@ -103,7 +110,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^cl
$addx = ($ver>=3.03);
}
@@ -29975,8 +35147,6 @@
*STDOUT = *OUT;
if ($avx>1) {{{
-diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
-index 3290054..6f3b664 100755
--- a/crypto/bn/asm/rsaz-x86_64.pl
+++ b/crypto/bn/asm/rsaz-x86_64.pl
@@ -1,4 +1,11 @@
@@ -29992,7 +35162,7 @@
##############################################################################
# #
-@@ -95,7 +102,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -95,7 +102,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -30001,8 +35171,6 @@
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl
-index 1d76c9f..cbd16f4 100644
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/bn/asm/s390x-gf2m.pl
@@ -1,4 +1,11 @@
@@ -30018,8 +35186,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl
-index bdad486..2205bc2 100644
--- a/crypto/bn/asm/s390x-mont.pl
+++ b/crypto/bn/asm/s390x-mont.pl
@@ -1,4 +1,11 @@
@@ -30035,8 +35201,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
-index f5eebe4..292a7a9 100755
--- a/crypto/bn/asm/s390x.S
+++ b/crypto/bn/asm/s390x.S
@@ -1,11 +1,11 @@
@@ -30056,8 +35220,6 @@
// ====================================================================
.text
-diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl
-index 7ec83c2..4faf66f 100755
--- a/crypto/bn/asm/sparct4-mont.pl
+++ b/crypto/bn/asm/sparct4-mont.pl
@@ -1,4 +1,11 @@
@@ -30073,8 +35235,6 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
-diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S
-index 88c5dc4..9c31073 100644
--- a/crypto/bn/asm/sparcv8.S
+++ b/crypto/bn/asm/sparcv8.S
@@ -3,12 +3,12 @@
@@ -30095,8 +35255,6 @@
* ====================================================================
*/
-diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S
-index 915a4e7..e77e67a 100644
--- a/crypto/bn/asm/sparcv8plus.S
+++ b/crypto/bn/asm/sparcv8plus.S
@@ -3,12 +3,12 @@
@@ -30117,8 +35275,6 @@
* ====================================================================
*/
-diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl
-index c7bf9f2..dcf11a8 100644
--- a/crypto/bn/asm/sparcv9-gf2m.pl
+++ b/crypto/bn/asm/sparcv9-gf2m.pl
@@ -1,4 +1,11 @@
@@ -30134,8 +35290,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
-index 4f922c3..771cd96 100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
@@ -1,4 +1,11 @@
@@ -30151,8 +35305,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/sparcv9a-mont.pl b/crypto/bn/asm/sparcv9a-mont.pl
-index 7a4782e..902c0d3 100755
--- a/crypto/bn/asm/sparcv9a-mont.pl
+++ b/crypto/bn/asm/sparcv9a-mont.pl
@@ -1,4 +1,11 @@
@@ -30168,8 +35320,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl
-index 8cf4dde..9f81bc8 100644
--- a/crypto/bn/asm/via-mont.pl
+++ b/crypto/bn/asm/via-mont.pl
@@ -1,4 +1,11 @@
@@ -30185,8 +35335,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl
-index 7b953a2..64dba44 100644
--- a/crypto/bn/asm/vis3-mont.pl
+++ b/crypto/bn/asm/vis3-mont.pl
@@ -1,4 +1,11 @@
@@ -30202,9 +35350,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/vms.mar b/crypto/bn/asm/vms.mar
-deleted file mode 100644
-index aefab15..0000000
--- a/crypto/bn/asm/vms.mar
+++ /dev/null
@@ -1,6440 +0,0 @@
@@ -36648,8 +41793,6 @@
-
-; For now, the code below doesn't work, so I end this prematurely.
-.end
-diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl
-index 0292178..f464368 100644
--- a/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/bn/asm/x86-gf2m.pl
@@ -1,4 +1,11 @@
@@ -36665,8 +41808,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl
-index 7c4e0b2..9994b0b 100755
--- a/crypto/bn/asm/x86-mont.pl
+++ b/crypto/bn/asm/x86-mont.pl
@@ -1,4 +1,11 @@
@@ -36682,8 +41823,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/bn/asm/x86.pl b/crypto/bn/asm/x86.pl
-index c1cab72..d57571d 100644
--- a/crypto/bn/asm/x86.pl
+++ b/crypto/bn/asm/x86.pl
@@ -1,4 +1,10 @@
@@ -36698,8 +41837,6 @@
push(@INC,"perlasm","../../perlasm");
require "x86asm.pl";
-diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
-index d77dc43..d46109a 100644
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -1,3 +1,12 @@
@@ -36715,8 +41852,6 @@
#include "../bn_lcl.h"
#if !(defined(__GNUC__) && __GNUC__>=2)
# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
-diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
-index 42bbec2..d962f62 100644
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
@@ -1,4 +1,11 @@
@@ -36732,7 +41867,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -31,7 +38,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -31,7 +38,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -36741,8 +41876,6 @@
*STDOUT=*OUT;
($lo,$hi)=("%rax","%rdx"); $a=$lo;
-diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
-index 3e0a78e..3a2511f 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1,4 +1,11 @@
@@ -36758,7 +41891,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -50,7 +57,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -50,7 +57,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -36767,8 +41900,6 @@
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
-index aa6a5d1..2a7972d 100755
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -1,4 +1,11 @@
@@ -36784,7 +41915,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -35,7 +42,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -35,7 +42,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -36793,8 +41924,6 @@
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
-index 3e7d86b..6479650 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -1,58 +1,10 @@
@@ -36870,7 +41999,7 @@
int a_neg = a->neg, ret;
bn_check_top(a);
-@@ -76,6 +27,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -76,6 +27,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, c
if (a_neg ^ b->neg) {
/* only one is negative */
if (a_neg) {
@@ -36879,7 +42008,7 @@
tmp = a;
a = b;
b = tmp;
-@@ -85,14 +38,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -85,14 +38,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, c
if (BN_ucmp(a, b) < 0) {
if (!BN_usub(r, b, a))
@@ -36897,7 +42026,7 @@
}
ret = BN_uadd(r, a, b);
-@@ -107,12 +60,13 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -107,12 +60,13 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a,
int max, min, dif;
const BN_ULONG *ap, *bp;
BN_ULONG *rp, carry, t1, t2;
@@ -36912,12 +42041,12 @@
tmp = a;
a = b;
b = tmp;
-@@ -133,29 +87,17 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -133,29 +87,17 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a,
carry = bn_add_words(rp, ap, bp, min);
rp += min;
ap += min;
- bp += min;
--
+
- if (carry) {
- while (dif) {
- dif--;
@@ -36934,7 +42063,6 @@
- *rp = 1;
- r->top++;
- }
-+
+ while (dif) {
+ dif--;
+ t1 = *(ap++);
@@ -36952,7 +42080,7 @@
r->neg = 0;
bn_check_top(r);
return 1;
-@@ -165,9 +107,8 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -165,9 +107,8 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a,
int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
int max, min, dif;
@@ -36964,7 +42092,7 @@
bn_check_top(a);
bn_check_top(b);
-@@ -178,63 +119,38 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -178,63 +119,38 @@ int BN_usub(BIGNUM *r, const BIGNUM *a,
if (dif < 0) { /* hmm... should not be happening */
BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
@@ -37039,7 +42167,7 @@
bn_check_top(a);
bn_check_top(b);
-@@ -247,6 +163,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -247,6 +163,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, c
*/
if (a->neg) {
if (b->neg) {
@@ -37048,7 +42176,7 @@
tmp = a;
a = b;
b = tmp;
-@@ -263,25 +181,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+@@ -263,25 +181,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, c
if (add) {
if (!BN_uadd(r, a, b))
@@ -37080,14 +42208,14 @@
- return (1);
+ return 1;
}
-diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
-index 4c67d28..39c6c21 100644
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -37135,9 +42263,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -37149,8 +42275,6 @@
*/
#include <assert.h>
-diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
-index 81b895c..24d1383 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -1,116 +1,14 @@
@@ -37276,8 +42400,6 @@
#include "bn_lcl.h"
#define BN_BLINDING_COUNTER 32
-diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c
-index 881b4cc..39dd612 100644
--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
@@ -1,4 +1,11 @@
@@ -37293,8 +42415,6 @@
#include <openssl/bn.h>
-diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
-index 700234b..68c0468 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -1,56 +1,10 @@
@@ -37360,8 +42480,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
-index debed8d..7d89214 100644
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@@ -1,55 +1,10 @@
@@ -37434,8 +42552,6 @@
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem,
-diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
-index ad4a16e..17d0559 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -1,59 +1,10 @@
@@ -37503,8 +42619,6 @@
*/
#include "bn_lcl.h"
-diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
-index 486a31d..0bec12b 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -1,58 +1,10 @@
@@ -37572,7 +42686,7 @@
*/
#include <openssl/bn.h>
-@@ -178,7 +130,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+@@ -178,7 +130,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, cons
# endif /* OPENSSL_NO_ASM */
/*-
@@ -37581,7 +42695,7 @@
* zero, and sets up rm such that dv*divisor + rm = num holds.
* Thus:
* dv->neg == num->neg ^ divisor->neg (unless the result is zero)
-@@ -326,6 +278,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+@@ -326,6 +278,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
res->top--;
}
@@ -37591,7 +42705,7 @@
/*
* if res->top == 0 then clear the neg value otherwise decrease the resp
* pointer
-@@ -335,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+@@ -335,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
else
resp--;
@@ -37600,7 +42714,7 @@
BN_ULONG q, l0;
/*
* the first part of the loop uses the top two words of snum and sdiv
-@@ -441,6 +396,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+@@ -441,6 +396,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
(*wnump)++;
}
/* store part of the result */
@@ -37608,8 +42722,6 @@
*resp = q;
}
bn_correct_top(snum);
-diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
-index 7412859..a71b265 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -1,61 +1,11 @@
@@ -37681,7 +42793,7 @@
*/
#include <stdio.h>
-@@ -82,10 +32,8 @@ static ERR_STRING_DATA BN_str_functs[] = {
+@@ -82,10 +32,8 @@ static ERR_STRING_DATA BN_str_functs[] =
{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
@@ -37692,7 +42804,7 @@
{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"},
{ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"},
{ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"},
-@@ -107,7 +55,6 @@ static ERR_STRING_DATA BN_str_functs[] = {
+@@ -107,7 +55,6 @@ static ERR_STRING_DATA BN_str_functs[] =
{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
@@ -37700,8 +42812,21 @@
{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
-index c5e579c..e2f0d5e 100644
+@@ -147,7 +94,7 @@ static ERR_STRING_DATA BN_str_reasons[]
+
+ #endif
+
+-void ERR_load_BN_strings(void)
++int ERR_load_BN_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -156,4 +103,5 @@ void ERR_load_BN_strings(void)
+ ERR_load_strings(0, BN_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1,111 +1,10 @@
@@ -37822,7 +42947,7 @@
*/
#include "internal/cryptlib.h"
-@@ -198,7 +97,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+@@ -198,7 +97,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *
bn_check_top(m);
/*-
@@ -37831,7 +42956,7 @@
* a^p mod m_odd and a^p mod 2^k separately (with Montgomery
* exponentiation for the odd part), using appropriate exponent
* reductions, and combine the results using the CRT.
-@@ -628,6 +527,14 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+@@ -628,6 +527,14 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
{
int i, j;
int width = 1 << window;
@@ -37846,8 +42971,6 @@
volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
if (bn_wexpand(b, top) == NULL)
-diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
-index f836158..5141c21 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -1,111 +1,10 @@
@@ -37968,8 +43091,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
-index a6e909d..e1aac13 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -1,111 +1,10 @@
@@ -38099,7 +43220,7 @@
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
-@@ -666,7 +565,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+@@ -666,7 +565,7 @@ static BIGNUM *BN_mod_inverse_no_branch(
* i.e.
* sign*(Y + D*X)*a == B (mod |n|).
*
@@ -38108,8 +43229,6 @@
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
-diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
-index 84837a0..003c15b 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -1,3 +1,12 @@
@@ -38211,8 +43330,6 @@
*/
#include <assert.h>
-diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c
-index abc8fc4..9227b6e 100644
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
@@ -1,55 +1,10 @@
@@ -38277,8 +43394,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
-index 4477bec..b9bc6cc 100644
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@@ -1,55 +1,10 @@
@@ -38343,8 +43458,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
-index 412740d..ebf17b0 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -1,111 +1,10 @@
@@ -38465,8 +43578,58 @@
*/
#ifndef HEADER_BN_LCL_H
-diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
-index 4b37906..b606cc9 100644
+@@ -258,18 +157,18 @@ int RAND_pseudo_bytes(unsigned char *buf
+ # endif
+ # define bn_pollute(a) \
+ do { \
+- const BIGNUM *_bnum1 = (a); \
+- if(_bnum1->top < _bnum1->dmax) { \
+- unsigned char _tmp_char; \
+- /* We cast away const without the compiler knowing, any \
+- * *genuinely* constant variables that aren't mutable \
+- * wouldn't be constructed with top!=dmax. */ \
+- BN_ULONG *_not_const; \
+- memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
+- RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
+- memset(_not_const + _bnum1->top, _tmp_char, \
+- sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
+- } \
++ const BIGNUM *_bnum1 = (a); \
++ if (_bnum1->top < _bnum1->dmax) { \
++ unsigned char _tmp_char; \
++ /* We cast away const without the compiler knowing, any \
++ * *genuinely* constant variables that aren't mutable \
++ * wouldn't be constructed with top!=dmax. */ \
++ BN_ULONG *_not_const; \
++ memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
++ RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
++ memset(_not_const + _bnum1->top, _tmp_char, \
++ sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
++ } \
+ } while(0)
+ # ifdef BN_DEBUG_TRIX
+ # undef RAND_pseudo_bytes
+@@ -358,9 +257,9 @@ struct bn_gencb_st {
+ unsigned int ver; /* To handle binary (in)compatibility */
+ void *arg; /* callback-specific data */
+ union {
+- /* if(ver==1) - handles old style callbacks */
++ /* if (ver==1) - handles old style callbacks */
+ void (*cb_1) (int, int, void *);
+- /* if(ver==2) - new callback style */
++ /* if (ver==2) - new callback style */
+ int (*cb_2) (int, int, BN_GENCB *);
+ } cb;
+ };
+@@ -779,7 +678,7 @@ static ossl_inline BIGNUM *bn_expand(BIG
+ if (bits > (INT_MAX - BN_BITS2 + 1))
+ return NULL;
+
+- if(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
++ if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
+ return a;
+
+ return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -1,58 +1,10 @@
@@ -38543,7 +43706,7 @@
a->top = 0;
a->neg = 0;
}
-@@ -613,9 +565,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+@@ -613,9 +565,9 @@ BIGNUM *BN_lebin2bn(const unsigned char
if (ret == NULL)
return (NULL);
bn_check_top(ret);
@@ -38555,7 +43718,7 @@
continue;
n = len;
if (n == 0) {
-@@ -632,7 +584,8 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+@@ -632,7 +584,8 @@ BIGNUM *BN_lebin2bn(const unsigned char
ret->neg = 0;
l = 0;
while (n--) {
@@ -38565,7 +43728,7 @@
if (m-- == 0) {
ret->d[--i] = l;
l = 0;
-@@ -658,10 +611,11 @@ int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
+@@ -658,10 +611,11 @@ int BN_bn2lebinpad(const BIGNUM *a, unsi
/* Add trailing zeroes if necessary */
if (tolen > i)
memset(to + i, 0, tolen - i);
@@ -38579,7 +43742,7 @@
}
return tolen;
}
-@@ -839,9 +793,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+@@ -839,9 +793,9 @@ int bn_cmp_words(const BN_ULONG *a, cons
/*
* Here follows a specialised variants of bn_cmp_words(). It has the
@@ -38605,8 +43768,6 @@
a->top = tmp_top;
}
bn_pollute(a);
-diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
-index 99789b9..13b583f 100644
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
@@ -1,115 +1,10 @@
@@ -38730,8 +43891,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
-index dfa395a..6d37279 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -1,111 +1,10 @@
@@ -38852,8 +44011,6 @@
*/
/*
-diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
-index 80d105d..043e21d 100644
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -1,58 +1,10 @@
@@ -38921,7 +44078,7 @@
*/
#include <stdio.h>
-@@ -87,41 +39,48 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+@@ -87,41 +39,48 @@ int BN_bn2mpi(const BIGNUM *a, unsigned
return (num + 4 + ext);
}
@@ -38979,14 +44136,14 @@
- return (a);
+ return a;
}
-diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
-index 0d2a743..66139ed 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39034,9 +44191,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -39048,8 +44203,6 @@
*/
#include <assert.h>
-diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
-index 35d0eef..53598f9 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -1,58 +1,10 @@
@@ -39116,8 +44269,6 @@
*/
#include "bn_lcl.h"
-diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
-index a5887d9..8e7f4f5 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -1,118 +1,18 @@
@@ -39228,11 +44379,12 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -39247,7 +44399,7 @@
/*
* The quick sieve algorithm approach to weeding out primes is Philip
-@@ -208,9 +108,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+@@ -208,9 +108,6 @@ int BN_generate_prime_ex(BIGNUM *ret, in
prime_t *mods = NULL;
int checks = BN_prime_checks_for_size(bits);
@@ -39257,7 +44409,7 @@
if (bits < 2) {
/* There are no prime numbers this small. */
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
-@@ -221,6 +118,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+@@ -221,6 +118,10 @@ int BN_generate_prime_ex(BIGNUM *ret, in
return 0;
}
@@ -39268,7 +44420,7 @@
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-@@ -242,7 +143,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+@@ -242,7 +143,7 @@ int BN_generate_prime_ex(BIGNUM *ret, in
goto err;
}
}
@@ -39277,7 +44429,7 @@
if (!BN_GENCB_call(cb, 0, c1++))
/* aborted */
goto err;
-@@ -317,9 +218,13 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+@@ -317,9 +218,13 @@ int BN_is_prime_fasttest_ex(const BIGNUM
/* a is even => a is prime if and only if a == 2 */
return BN_is_word(a, 2);
if (do_trial_division) {
@@ -39293,7 +44445,7 @@
if (!BN_GENCB_call(cb, 1, -1))
goto err;
}
-@@ -412,7 +317,10 @@ int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx)
+@@ -412,7 +317,10 @@ int bn_probable_prime_dh_retry(BIGNUM *r
for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is a prime */
@@ -39305,7 +44457,7 @@
goto loop;
}
}
-@@ -438,7 +346,8 @@ int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
+@@ -438,7 +346,8 @@ int bn_probable_prime_dh_coprime(BIGNUM
if ((offset_count = BN_CTX_get(ctx)) == NULL)
goto err;
@@ -39315,7 +44467,7 @@
loop:
if (!BN_rand(rnd, bits - prime_multiplier_bits, 0, 1))
-@@ -448,17 +357,20 @@ int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
+@@ -448,17 +357,20 @@ int bn_probable_prime_dh_coprime(BIGNUM
if (!BN_rand_range(offset_index, offset_count))
goto err;
@@ -39340,7 +44492,7 @@
}
ret = 1;
-@@ -506,15 +418,19 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
+@@ -506,15 +418,19 @@ static int probable_prime(BIGNUM *rnd, i
if (!BN_rand(rnd, bits, 1, 1))
return (0);
/* we now have a random number 'rnd' to test. */
@@ -39363,7 +44515,7 @@
if (bits == BN_BITS2) {
/*
* Shifting by this much has undefined behaviour so we do it a
-@@ -605,7 +521,10 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+@@ -605,7 +521,10 @@ int bn_probable_prime_dh(BIGNUM *rnd, in
loop:
for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is a prime */
@@ -39375,7 +44527,7 @@
if (!BN_add(rnd, rnd, add))
goto err;
goto loop;
-@@ -666,8 +585,11 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+@@ -666,8 +585,11 @@ static int probable_prime_dh_safe(BIGNUM
/*
* check that for p and q gcd(p-1,primes) == 1 (except for 2)
*/
@@ -39389,23 +44541,17 @@
if (!BN_add(p, p, padd))
goto err;
if (!BN_add(q, q, qadd))
-diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
-index 6f6949c..41440fa 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -1,59 +1,13 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/bn/bn_prime.pl
- *
+- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
@@ -39454,6 +44600,12 @@
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
++/*
++ * WARNING: do not edit!
++ * Generated by crypto/bn/bn_prime.pl
++ *
++ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -39461,8 +44613,6 @@
*/
typedef unsigned short prime_t;
-diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
-index 3a5f064..163d4a9 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -1,62 +1,22 @@
@@ -39478,16 +44628,11 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-+print <<"EOF";
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/bn/bn_prime.pl
- *
+- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
@@ -39536,6 +44681,13 @@
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
++print <<"EOF";
++/*
++ * WARNING: do not edit!
++ * Generated by crypto/bn/bn_prime.pl
++ *
++ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -39543,8 +44695,6 @@
*/
EOF
-diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
-index 0c3b214..8672c7e 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -1,58 +1,10 @@
@@ -39612,7 +44762,7 @@
*/
#include <stdio.h>
-@@ -187,7 +139,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
+@@ -187,7 +139,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a
for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
continue;
@@ -39621,7 +44771,7 @@
goto err;
num = i + neg;
-@@ -215,13 +167,8 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
+@@ -215,13 +167,8 @@ int BN_hex2bn(BIGNUM **bn, const char *a
l = 0;
for (;;) {
c = a[j - m];
@@ -39637,7 +44787,7 @@
k = 0; /* paranoia */
l = (l << 4) | k;
-@@ -262,7 +209,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
+@@ -262,7 +209,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a
for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
continue;
@@ -39646,7 +44796,7 @@
goto err;
num = i + neg;
-@@ -294,8 +241,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
+@@ -294,8 +241,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a
l += *a - '0';
a++;
if (++j == BN_DEC_NUM) {
@@ -39658,8 +44808,6 @@
l = 0;
j = 0;
}
-diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
-index ce4a0e1..9c0a4ee 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -1,111 +1,10 @@
@@ -39780,7 +44928,7 @@
*/
#include <stdio.h>
-@@ -145,13 +44,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+@@ -145,13 +44,8 @@ static int bnrand(int pseudorand, BIGNUM
time(&tim);
RAND_add(&tim, sizeof(tim), 0.0);
@@ -39796,14 +44944,14 @@
if (pseudorand == 2) {
/*
-diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
-index ef15c8f..e532b6e 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39851,9 +44999,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -39865,8 +45011,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
-index 4c85275..9907b82 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -1,58 +1,10 @@
@@ -39934,14 +45078,14 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
-index 389b7cf..a62bb1a 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39989,9 +45133,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40003,8 +45145,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
-index 7ae7536..84376c7 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -1,59 +1,10 @@
@@ -40072,8 +45212,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c
-index a1e438c..58b1691 100644
--- a/crypto/bn/bn_srp.c
+++ b/crypto/bn/bn_srp.c
@@ -1,3 +1,12 @@
@@ -40089,8 +45227,6 @@
#include "bn_lcl.h"
#include "e_os.h"
-diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
-index 718777b..a34244c 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -1,58 +1,10 @@
@@ -40158,7 +45294,7 @@
*/
#include "internal/cryptlib.h"
-@@ -70,10 +22,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+@@ -70,10 +22,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN
if (w == 0)
return (BN_ULONG)-1;
@@ -40191,8 +45327,6 @@
ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
#else
-diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
-index 3c74fd5..d863386 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -1,59 +1,10 @@
@@ -40269,7 +45403,7 @@
if (!BN_copy(pi, Xpi))
return 0;
if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
-@@ -79,7 +30,10 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+@@ -79,7 +30,10 @@ static int bn_x931_derive_pi(BIGNUM *pi,
i++;
BN_GENCB_call(cb, 0, i);
/* NB 27 MR is specified in X9.31 */
@@ -40281,7 +45415,7 @@
break;
if (!BN_add_word(pi, 2))
return 0;
-@@ -168,14 +122,18 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+@@ -168,14 +122,18 @@ int BN_X931_derive_prime_ex(BIGNUM *p, B
goto err;
if (!BN_gcd(t, pm1, e, ctx))
goto err;
@@ -40303,8 +45437,6 @@
if (!BN_add(p, p, p1p2))
goto err;
}
-diff --git a/crypto/bn/build.info b/crypto/bn/build.info
-index 83a5b81..c608ecc 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -1,4 +1,3 @@
@@ -40321,7 +45453,7 @@
INCLUDE[bn_exp.o]=..
-@@ -57,7 +56,7 @@ GENERATE[bn-ppc.s]=asm/ppc.pl $(PERLASM_SCHEME)
+@@ -57,7 +56,7 @@ GENERATE[bn-ppc.s]=asm/ppc.pl $(PERLASM_
GENERATE[ppc-mont.s]=asm/ppc-mont.pl $(PERLASM_SCHEME)
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl $(PERLASM_SCHEME)
@@ -40330,8 +45462,6 @@
GENERATE[armv4-mont.S]=asm/armv4-mont.pl $(PERLASM_SCHEME)
INCLUDE[armv4-mont.o]=..
-diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c
-index d85e612..1a70f6c 100644
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
@@ -1,3 +1,12 @@
@@ -40347,7 +45477,7 @@
/*****************************************************************************
* *
* Copyright (c) 2012, Intel Corporation *
-@@ -244,7 +253,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
+@@ -244,7 +253,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG res
rsaz_1024_sqr_avx2(result, result, m, k0, 5);
@@ -40356,8 +45486,6 @@
wvalue = (wvalue >> (index % 8)) & 31;
index -= 5;
-diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
-index 229e181..9501cc8 100644
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -1,3 +1,12 @@
@@ -40373,9 +45501,6 @@
/*****************************************************************************
* *
* Copyright (c) 2012, Intel Corporation *
-diff --git a/crypto/bn/vms-helper.c b/crypto/bn/vms-helper.c
-deleted file mode 100644
-index cb519c4..0000000
--- a/crypto/bn/vms-helper.c
+++ /dev/null
@@ -1,67 +0,0 @@
@@ -40446,9 +45571,6 @@
- abort();
-#endif
-}
-diff --git a/crypto/buffer/Makefile.in b/crypto/buffer/Makefile.in
-deleted file mode 100644
-index 97e1094..0000000
--- a/crypto/buffer/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -40495,8 +45617,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
-index 0fb9d4f..b7679ae 100644
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
@@ -1,61 +1,11 @@
@@ -40568,8 +45688,21 @@
*/
#include <stdio.h>
-diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
-index a16f3bd..6b0bd4a 100644
+@@ -81,7 +31,7 @@ static ERR_STRING_DATA BUF_str_reasons[]
+
+ #endif
+
+-void ERR_load_BUF_strings(void)
++int ERR_load_BUF_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -90,4 +40,5 @@ void ERR_load_BUF_strings(void)
+ ERR_load_strings(0, BUF_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -1,58 +1,10 @@
@@ -40645,7 +45778,7 @@
if (a->flags & BUF_MEM_FLAG_SECURE)
OPENSSL_secure_free(a->data);
else
-@@ -128,7 +79,8 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
+@@ -128,7 +79,8 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t
return (len);
}
if (str->max >= len) {
@@ -40655,7 +45788,7 @@
str->length = len;
return (len);
}
-@@ -160,7 +112,8 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
+@@ -160,7 +112,8 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str,
size_t n;
if (str->length >= len) {
@@ -40665,8 +45798,6 @@
str->length = len;
return (len);
}
-diff --git a/crypto/build.info b/crypto/build.info
-index 1b4ed14..916d24f 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -2,7 +2,7 @@
@@ -40678,8 +45809,6 @@
threads_pthread.c threads_win.c threads_none.c \
o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
{- $target{uplink_aux_src} -}
-diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl
-index 2feb4e3..9efe120 100644
--- a/crypto/c64xpluscpuid.pl
+++ b/crypto/c64xpluscpuid.pl
@@ -1,5 +1,10 @@
@@ -40694,7 +45823,7 @@
while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
open STDOUT,">$output";
-@@ -13,6 +18,7 @@ $code.=<<___;
+@@ -13,6 +18,7 @@ open STDOUT,">$output";
.if __TI_EABI__
.asg OPENSSL_rdtsc,_OPENSSL_rdtsc
.asg OPENSSL_cleanse,_OPENSSL_cleanse
@@ -40702,7 +45831,7 @@
.asg OPENSSL_atomic_add,_OPENSSL_atomic_add
.asg OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu
.asg OPENSSL_instrument_bus,_OPENSSL_instrument_bus
-@@ -82,6 +88,29 @@ _OPENSSL_cleanse:
+@@ -82,6 +88,29 @@ open STDOUT,">$output";
[A1] STB A2,*A4++[2]
.endasmfunc
@@ -40732,9 +45861,6 @@
.global _OPENSSL_atomic_add
_OPENSSL_atomic_add:
.asmfunc
-diff --git a/crypto/camellia/Makefile.in b/crypto/camellia/Makefile.in
-deleted file mode 100644
-index 5a806e2..0000000
--- a/crypto/camellia/Makefile.in
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -40795,8 +45921,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl
-index de354aa..59f9ed9 100644
--- a/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/camellia/asm/cmll-x86.pl
@@ -1,4 +1,11 @@
@@ -40812,8 +45936,6 @@
# ====================================================================
# Copyright (c) 2008 Andy Polyakov <appro at openssl.org>
-diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl
-index d94f46b..da5ad7b 100644
--- a/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/camellia/asm/cmll-x86_64.pl
@@ -1,4 +1,11 @@
@@ -40829,7 +45951,7 @@
# ====================================================================
# Copyright (c) 2008 Andy Polyakov <appro at openssl.org>
-@@ -40,7 +47,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -40,7 +47,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -40838,8 +45960,6 @@
*STDOUT=*OUT;
sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
-diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl
-index fac5362..ffe4a7d 100644
--- a/crypto/camellia/asm/cmllt4-sparcv9.pl
+++ b/crypto/camellia/asm/cmllt4-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -40855,8 +45975,6 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
-diff --git a/crypto/camellia/build.info b/crypto/camellia/build.info
-index 152e0a4..fd78272 100644
--- a/crypto/camellia/build.info
+++ b/crypto/camellia/build.info
@@ -8,4 +8,4 @@ DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
@@ -40865,8 +45983,6 @@
INCLUDE[cmllt4-sparcv9.o]=..
-DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9-modes.pl
+DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl
-diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c
-index 68651b6..6641a62 100644
--- a/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
@@ -1,3 +1,12 @@
@@ -40940,8 +46056,6 @@
*/
/*
-diff --git a/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c
-index 742af6d..b19171d 100644
--- a/crypto/camellia/cmll_cbc.c
+++ b/crypto/camellia/cmll_cbc.c
@@ -1,51 +1,10 @@
@@ -41002,14 +46116,14 @@
*/
#include <openssl/camellia.h>
-diff --git a/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c
-index 8f9f8a6..4f49ead 100644
--- a/crypto/camellia/cmll_cfb.c
+++ b/crypto/camellia/cmll_cfb.c
@@ -1,107 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -41106,9 +46220,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -41120,8 +46232,6 @@
*/
#include <openssl/camellia.h>
-diff --git a/crypto/camellia/cmll_ctr.c b/crypto/camellia/cmll_ctr.c
-index b891a04..161d1e1 100644
--- a/crypto/camellia/cmll_ctr.c
+++ b/crypto/camellia/cmll_ctr.c
@@ -1,51 +1,10 @@
@@ -41182,8 +46292,6 @@
*/
#include <openssl/camellia.h>
-diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c
-index 4edaa6d..d932f1b 100644
--- a/crypto/camellia/cmll_ecb.c
+++ b/crypto/camellia/cmll_ecb.c
@@ -1,51 +1,10 @@
@@ -41244,8 +46352,6 @@
*/
#include <openssl/camellia.h>
-diff --git a/crypto/camellia/cmll_locl.h b/crypto/camellia/cmll_locl.h
-index 0cbcba2..6403b39 100644
--- a/crypto/camellia/cmll_locl.h
+++ b/crypto/camellia/cmll_locl.h
@@ -1,3 +1,12 @@
@@ -41319,8 +46425,6 @@
*/
#ifndef HEADER_CAMELLIA_LOCL_H
-diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c
-index ba93702..e5f014b 100644
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
@@ -1,51 +1,10 @@
@@ -41381,14 +46485,14 @@
*/
#include <openssl/opensslv.h>
-diff --git a/crypto/camellia/cmll_ofb.c b/crypto/camellia/cmll_ofb.c
-index 8d004b9..b43c685 100644
--- a/crypto/camellia/cmll_ofb.c
+++ b/crypto/camellia/cmll_ofb.c
@@ -1,107 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -41485,9 +46589,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -41499,9 +46601,6 @@
*/
#include <openssl/camellia.h>
-diff --git a/crypto/cast/Makefile.in b/crypto/cast/Makefile.in
-deleted file mode 100644
-index 218c480..0000000
--- a/crypto/cast/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -41556,8 +46655,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl
-index 267d699..6beb9c5 100644
--- a/crypto/cast/asm/cast-586.pl
+++ b/crypto/cast/asm/cast-586.pl
@@ -1,4 +1,11 @@
@@ -41573,14 +46670,14 @@
# This flag makes the inner loop one cycle longer, but generates
# code that runs %30 faster on the pentium pro/II, 44% faster
-diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
-index 32641b5..bd7cb2f 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -41628,9 +46725,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -41642,8 +46737,6 @@
*/
#include <openssl/cast.h>
-diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
-index 1e736f0..da41794 100644
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
@@ -1,58 +1,10 @@
@@ -41711,8 +46804,6 @@
*/
#include <openssl/cast.h>
-diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c
-index 8fe3b26..9a85812 100644
--- a/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
@@ -1,58 +1,10 @@
@@ -41780,14 +46871,14 @@
*/
#include <openssl/cast.h>
-diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
-index c7b4259..dffb074 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -41835,9 +46926,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -41849,8 +46938,6 @@
*/
#include <openssl/cast.h>
-diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c
-index 5ce379b..962d2a6 100644
--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
@@ -1,58 +1,10 @@
@@ -41918,8 +47005,6 @@
*/
#include <openssl/cast.h>
-diff --git a/crypto/cast/cast_lcl.h b/crypto/cast/cast_lcl.h
-index 4a3c603..504232a 100644
--- a/crypto/cast/cast_lcl.h
+++ b/crypto/cast/cast_lcl.h
@@ -1,58 +1,10 @@
@@ -41987,8 +47072,6 @@
*/
#include "e_os.h"
-diff --git a/crypto/cast/cast_s.h b/crypto/cast/cast_s.h
-index 6eb0542..d9fd6ac 100644
--- a/crypto/cast/cast_s.h
+++ b/crypto/cast/cast_s.h
@@ -1,59 +1,12 @@
@@ -42058,9 +47141,6 @@
OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
-diff --git a/crypto/cast/casts.cpp b/crypto/cast/casts.cpp
-deleted file mode 100644
-index 8d7bd46..0000000
--- a/crypto/cast/casts.cpp
+++ /dev/null
@@ -1,70 +0,0 @@
@@ -42134,9 +47214,6 @@
- }
- }
-
-diff --git a/crypto/chacha/Makefile.in b/crypto/chacha/Makefile.in
-deleted file mode 100644
-index 067fbed..0000000
--- a/crypto/chacha/Makefile.in
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -42197,8 +47274,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl
-index c908399..5b3e7be 100755
--- a/crypto/chacha/asm/chacha-armv4.pl
+++ b/crypto/chacha/asm/chacha-armv4.pl
@@ -1,4 +1,11 @@
@@ -42214,8 +47289,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl
-index 16cb1fa..03e8616 100755
--- a/crypto/chacha/asm/chacha-armv8.pl
+++ b/crypto/chacha/asm/chacha-armv8.pl
@@ -1,4 +1,11 @@
@@ -42231,8 +47304,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/chacha/asm/chacha-c64xplus.pl b/crypto/chacha/asm/chacha-c64xplus.pl
-index b2ea406..bdb3804 100755
--- a/crypto/chacha/asm/chacha-c64xplus.pl
+++ b/crypto/chacha/asm/chacha-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -42248,8 +47319,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl
-index 2bb3fce..b978f58 100755
--- a/crypto/chacha/asm/chacha-ppc.pl
+++ b/crypto/chacha/asm/chacha-ppc.pl
@@ -1,4 +1,11 @@
@@ -42265,7 +47334,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -527,9 +534,11 @@ $code.=<<___;
+@@ -527,9 +534,11 @@ my ($a,$b,$c,$d,$t)=@_;
?lvsl $outperm,0,$out # prepare for unaligned store
?vperm $outmask,$outmask,$T0,$outperm
@@ -42278,8 +47347,6 @@
b Loop_outer_vmx
-diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl
-index 42faadc..c315264 100755
--- a/crypto/chacha/asm/chacha-s390x.pl
+++ b/crypto/chacha/asm/chacha-s390x.pl
@@ -1,4 +1,11 @@
@@ -42295,7 +47362,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -140,7 +147,8 @@ $code.=<<___;
+@@ -140,7 +147,8 @@ my @x=map("\"$_\"", at x);
.type ChaCha20_ctr32,\@function
.align 32
ChaCha20_ctr32:
@@ -42305,7 +47372,7 @@
a${g}hi $len,-64
l${g}hi %r1,-$frame
stm${g} %r6,%r15,`6*$SIZE_T`($sp)
-@@ -272,7 +280,6 @@ $code.=<<___;
+@@ -272,7 +280,6 @@ my @x=map("\"$_\"", at x);
stmg %r0,%r3,$stdframe+4*12($sp)
lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
@@ -42313,8 +47380,6 @@
br %r14
.align 16
-diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl
-index 8b9696f..3c6e67d 100755
--- a/crypto/chacha/asm/chacha-x86.pl
+++ b/crypto/chacha/asm/chacha-x86.pl
@@ -1,4 +1,11 @@
@@ -42330,7 +47395,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -437,8 +444,10 @@ my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous
+@@ -437,8 +444,10 @@ my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)
&function_begin("ChaCha20_ssse3");
&set_label("ssse3_shortcut");
@@ -42341,7 +47406,7 @@
&mov ($out,&wparam(0));
&mov ($inp,&wparam(1));
-@@ -770,7 +779,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round
+@@ -770,7 +779,7 @@ sub SSSE3ROUND { # critical path is 20 "
}
&asciz ("ChaCha20 for x86, CRYPTOGAMS by <appro\@openssl.org>");
@@ -42350,8 +47415,6 @@
my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
my ($out,$inp,$len)=("edi","esi","ecx");
-diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
-index 4b36b58..4b1750c 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -1,4 +1,11 @@
@@ -42367,7 +47430,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -42376,8 +47439,6 @@
*STDOUT=*OUT;
# input parameter block
-diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c
-index 281a9be..239f68a 100644
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
@@ -1,50 +1,10 @@
@@ -42437,7 +47498,7 @@
*/
/* Adapted from the public domain code by D. Bernstein from SUPERCOP. */
-@@ -150,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+@@ -150,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out,
inp += todo;
len -= todo;
@@ -42453,9 +47514,6 @@
+ input[12]++;
}
}
-diff --git a/crypto/cmac/Makefile.in b/crypto/cmac/Makefile.in
-deleted file mode 100644
-index 1d6f0bd..0000000
--- a/crypto/cmac/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -42502,8 +47560,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
-index d9a550e..a58454a 100644
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
@@ -1,54 +1,10 @@
@@ -42566,8 +47622,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
-index f00a32e..10748f1 100644
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
@@ -1,54 +1,10 @@
@@ -42630,8 +47684,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
-index cb30e6d..c4f13a0 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -1,54 +1,10 @@
@@ -42694,9 +47746,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/cms/Makefile.in b/crypto/cms/Makefile.in
-deleted file mode 100644
-index 19a50b2..0000000
--- a/crypto/cms/Makefile.in
+++ /dev/null
@@ -1,49 +0,0 @@
@@ -42749,8 +47798,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
-index d839935..81e9a53 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,54 +1,10 @@
@@ -42813,8 +47860,6 @@
*/
#include <openssl/asn1t.h>
-diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
-index 834a254..5c560b4 100644
--- a/crypto/cms/cms_att.c
+++ b/crypto/cms/cms_att.c
@@ -1,54 +1,10 @@
@@ -42877,8 +47922,6 @@
*/
#include <openssl/asn1t.h>
-diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
-index 9e12078..c0cb368 100644
--- a/crypto/cms/cms_cd.c
+++ b/crypto/cms/cms_cd.c
@@ -1,54 +1,10 @@
@@ -42941,8 +47984,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
-index 54444b1..5da6802 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -1,54 +1,10 @@
@@ -43005,8 +48046,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
-index 23adc2f..ed91342 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -1,54 +1,10 @@
@@ -43069,7 +48108,7 @@
*/
#include "internal/cryptlib.h"
-@@ -175,8 +131,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+@@ -175,8 +131,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
CMS_R_CIPHER_INITIALISATION_ERROR);
goto err;
}
@@ -43079,7 +48118,7 @@
calg->parameter = ASN1_TYPE_new();
if (calg->parameter == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
-@@ -187,6 +142,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+@@ -187,6 +142,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
@@ -43091,8 +48130,6 @@
}
ok = 1;
-diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index c54667f..8d45943 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -1,54 +1,10 @@
@@ -43163,7 +48200,7 @@
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
-@@ -877,10 +832,10 @@ static void cms_env_set_version(CMS_EnvelopedData *env)
+@@ -877,10 +832,10 @@ static void cms_env_set_version(CMS_Enve
env->version = 2;
}
}
@@ -43176,8 +48213,6 @@
env->version = 0;
}
-diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
-index 8d43bb1..cfda019 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -1,61 +1,11 @@
@@ -43249,7 +48284,7 @@
*/
#include <stdio.h>
-@@ -209,7 +159,6 @@ static ERR_STRING_DATA CMS_str_reasons[] = {
+@@ -209,7 +159,6 @@ static ERR_STRING_DATA CMS_str_reasons[]
{ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
{ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
{ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
@@ -43257,8 +48292,21 @@
{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
"error reading messagedigest attribute"},
-diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
-index 353ec0e..4780231 100644
+@@ -296,7 +245,7 @@ static ERR_STRING_DATA CMS_str_reasons[]
+
+ #endif
+
+-void ERR_load_CMS_strings(void)
++int ERR_load_CMS_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -305,4 +254,5 @@ void ERR_load_CMS_strings(void)
+ ERR_load_strings(0, CMS_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -1,54 +1,10 @@
@@ -43321,8 +48369,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
-index bac583e..d18f980 100644
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@@ -1,54 +1,10 @@
@@ -43385,8 +48431,6 @@
*/
#include <openssl/asn1t.h>
-diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
-index 562b1e5..3bc46fe 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -1,54 +1,10 @@
@@ -43457,8 +48501,6 @@
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
-diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
-index 7f04f20..d0c0e81 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -1,54 +1,10 @@
@@ -43521,8 +48563,6 @@
*/
#ifndef HEADER_CMS_LCL_H
-diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
-index a0a1adb..86d9299 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -1,54 +1,10 @@
@@ -43603,7 +48643,7 @@
return &cms->d.envelopedData->originatorInfo->certificates;
default:
-@@ -464,6 +422,8 @@ static STACK_OF(CMS_RevocationInfoChoice)
+@@ -464,6 +422,8 @@ static STACK_OF(CMS_RevocationInfoChoice
return &cms->d.signedData->crls;
case NID_pkcs7_enveloped:
@@ -43612,8 +48652,6 @@
return &cms->d.envelopedData->originatorInfo->crls;
default:
-diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
-index 5ab20e2..0571bb8 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -1,54 +1,10 @@
@@ -43676,7 +48714,7 @@
*/
#include "internal/cryptlib.h"
-@@ -323,7 +279,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+@@ -323,7 +279,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_Con
CMS_PasswordRecipientInfo *pwri;
int r = 0;
X509_ALGOR *algtmp, *kekalg = NULL;
@@ -43685,7 +48723,7 @@
const EVP_CIPHER *kekcipher;
unsigned char *key = NULL;
size_t keylen;
-@@ -331,7 +287,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+@@ -331,7 +287,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_Con
ec = cms->d.envelopedData->encryptedContentInfo;
pwri = ri->d.pwri;
@@ -43693,7 +48731,7 @@
if (!pwri->pass) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
-@@ -358,9 +313,14 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+@@ -358,9 +313,14 @@ int cms_RecipientInfo_pwri_crypt(CMS_Con
if (!kekcipher) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
@@ -43709,8 +48747,6 @@
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
-diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
-index 151f40f..6c3db3b 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -1,54 +1,10 @@
@@ -43773,7 +48809,7 @@
*/
#include "internal/cryptlib.h"
-@@ -588,7 +544,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+@@ -588,7 +544,7 @@ static int cms_SignerInfo_content_sign(C
if (!si->pkey) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
@@ -43782,8 +48818,6 @@
}
if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
-diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
-index 98054b3..4a8f819 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,54 +1,10 @@
@@ -43846,9 +48880,15 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/comp/Makefile.in b/crypto/comp/Makefile.in
-deleted file mode 100644
-index 0673d46..0000000
+@@ -716,7 +672,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
+
+ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+- unsigned char *id, size_t idlen)
++ const unsigned char *id, size_t idlen)
+ {
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
--- a/crypto/comp/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -43898,8 +48938,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
-index 6dd7684..2f38c2e 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -1,55 +1,10 @@
@@ -43964,8 +49002,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
-index 96f2a99..0233e94 100644
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
@@ -1,61 +1,11 @@
@@ -44037,8 +49073,21 @@
*/
#include <stdio.h>
-diff --git a/crypto/comp/comp_lcl.h b/crypto/comp/comp_lcl.h
-index 613437e..aa45fca 100644
+@@ -85,7 +35,7 @@ static ERR_STRING_DATA COMP_str_reasons[
+
+ #endif
+
+-void ERR_load_COMP_strings(void)
++int ERR_load_COMP_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -94,4 +44,5 @@ void ERR_load_COMP_strings(void)
+ ERR_load_strings(0, COMP_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/comp/comp_lcl.h
+++ b/crypto/comp/comp_lcl.h
@@ -1,57 +1,12 @@
@@ -44105,8 +49154,6 @@
struct comp_method_st {
int type; /* NID for compression library */
const char *name; /* A text string to identify the library */
-diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
-index 83fea93..32afd0d 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -1,55 +1,10 @@
@@ -44171,9 +49218,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/conf/Makefile.in b/crypto/conf/Makefile.in
-deleted file mode 100644
-index 5acaa1c..0000000
--- a/crypto/conf/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -44223,8 +49267,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
-index 5365c97..5535416 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -1,58 +1,10 @@
@@ -44292,7 +49334,7 @@
*/
/* Part of the code in here was originally in conf.c, which is now removed */
-@@ -148,7 +100,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
+@@ -148,7 +100,7 @@ char *_CONF_get_string(const CONF *conf,
static unsigned long conf_value_hash(const CONF_VALUE *v)
{
@@ -44301,8 +49343,6 @@
}
static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
-diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
-index 0f3f52a..8861b3a 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -1,58 +1,10 @@
@@ -44370,8 +49410,6 @@
*/
/* Part of the code in here was originally in conf.c, which is now removed */
-diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
-index 3ebb0f7..da4767e 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -1,63 +1,12 @@
@@ -44476,8 +49514,6 @@
#endif /* CHARSET_EBCDIC */
static const unsigned short CONF_type_default[256] = {
-diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
-index 80ea3ce..31bb15c 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -1,61 +1,11 @@
@@ -44559,7 +49595,7 @@
{ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"},
{ERR_FUNC(CONF_F_DEF_LOAD), "def_load"},
{ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"},
-@@ -82,7 +30,6 @@ static ERR_STRING_DATA CONF_str_functs[] = {
+@@ -82,7 +30,6 @@ static ERR_STRING_DATA CONF_str_functs[]
{ERR_FUNC(CONF_F_MODULE_RUN), "module_run"},
{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
@@ -44567,7 +49603,7 @@
{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
-@@ -100,7 +47,6 @@ static ERR_STRING_DATA CONF_str_reasons[] = {
+@@ -100,7 +47,6 @@ static ERR_STRING_DATA CONF_str_reasons[
{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
"missing close square bracket"},
{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
@@ -44575,8 +49611,21 @@
{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
"module initialization error"},
-diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
-index f197714..3532114 100644
+@@ -120,7 +66,7 @@ static ERR_STRING_DATA CONF_str_reasons[
+
+ #endif
+
+-void ERR_load_CONF_strings(void)
++int ERR_load_CONF_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -129,4 +75,5 @@ void ERR_load_CONF_strings(void)
+ ERR_load_strings(0, CONF_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -1,59 +1,10 @@
@@ -44652,7 +49701,7 @@
static CONF_METHOD *default_CONF_method = NULL;
-@@ -388,16 +340,26 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
+@@ -388,16 +340,26 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
#ifndef OPENSSL_NO_STDIO
@@ -44684,8 +49733,6 @@
+ free(settings->appname);
free(settings);
}
-diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
-index a5c961d..4e7a434 100644
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -1,59 +1,10 @@
@@ -44753,8 +49800,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
-index cef805d..31f838e 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,59 +1,10 @@
@@ -44822,7 +49867,7 @@
*/
#include <stdio.h>
-@@ -105,15 +56,16 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+@@ -105,15 +56,16 @@ static STACK_OF(CONF_IMODULE) *initializ
static void module_free(CONF_MODULE *md);
static void module_finish(CONF_IMODULE *imod);
@@ -44843,7 +49888,7 @@
/* Main function: load modules from a CONF structure */
-@@ -193,7 +145,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
+@@ -193,7 +145,7 @@ int CONF_modules_load_file(const char *f
return ret;
}
@@ -44852,7 +49897,7 @@
unsigned long flags)
{
CONF_MODULE *md;
-@@ -229,12 +181,13 @@ static int module_run(const CONF *cnf, char *name, char *value,
+@@ -229,12 +181,13 @@ static int module_run(const CONF *cnf, c
}
/* Load a module from a DSO */
@@ -44868,7 +49913,7 @@
int errcode = 0;
CONF_MODULE *md;
/* Look for alternative path in module section */
-@@ -286,8 +239,13 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
+@@ -286,8 +239,13 @@ static CONF_MODULE *module_add(DSO *dso,
tmod->name = OPENSSL_strdup(name);
tmod->init = ifunc;
tmod->finish = ffunc;
@@ -44882,7 +49927,7 @@
OPENSSL_free(tmod);
return NULL;
}
-@@ -301,7 +259,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
+@@ -301,7 +259,7 @@ static CONF_MODULE *module_add(DSO *dso,
* initialized more than once.
*/
@@ -44891,7 +49936,7 @@
{
CONF_MODULE *tmod;
int i, nchar;
-@@ -324,7 +282,7 @@ static CONF_MODULE *module_find(char *name)
+@@ -324,7 +282,7 @@ static CONF_MODULE *module_find(char *na
}
/* initialize a module */
@@ -44900,8 +49945,6 @@
const CONF *cnf)
{
int ret = 1;
-diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
-index ab034c2..bed95ab 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -1,59 +1,10 @@
@@ -44992,7 +50035,7 @@
{
if (openssl_configured)
return;
-@@ -96,7 +47,7 @@ void openssl_config_int(const char *config_name)
+@@ -96,7 +47,7 @@ void openssl_config_int(const char *conf
#endif
ERR_clear_error();
#ifndef OPENSSL_SYS_UEFI
@@ -45001,8 +50044,6 @@
CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
#endif
-diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
-index 087c087..5af08ae 100644
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -1,4 +1,10 @@
@@ -45122,8 +50163,6 @@
#endif /* CHARSET_EBCDIC */
EOF
-diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
-index 8ad93a9..3c6e8d5 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -1,61 +1,11 @@
@@ -45195,7 +50234,7 @@
*/
#include <stdio.h>
-@@ -72,22 +22,14 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = {
+@@ -72,22 +22,14 @@ static ERR_STRING_DATA CRYPTO_str_functs
{ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"},
{ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"},
{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
@@ -45219,8 +50258,21 @@
{0, NULL}
};
-diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
-index 7e1d780..01b8ce5 100644
+@@ -100,7 +42,7 @@ static ERR_STRING_DATA CRYPTO_str_reason
+
+ #endif
+
+-void ERR_load_CRYPTO_strings(void)
++int ERR_load_CRYPTO_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -109,4 +51,5 @@ void ERR_load_CRYPTO_strings(void)
+ ERR_load_strings(0, CRYPTO_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -1,112 +1,12 @@
@@ -45372,7 +50424,7 @@
#endif
int OPENSSL_NONPIC_relocated = 0;
#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
-@@ -417,6 +306,7 @@ void OPENSSL_die(const char *message, const char *file, int line)
+@@ -417,6 +306,7 @@ void OPENSSL_die(const char *message, co
#endif
}
@@ -45380,14 +50432,11 @@
/* volatile unsigned char* pointers are there because
* 1. Accessing a variable declared volatile via a pointer
* that lacks a volatile qualifier causes undefined behavior.
-@@ -448,3 +338,4 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
+@@ -448,3 +338,4 @@ int CRYPTO_memcmp(const volatile void *
return x;
}
+#endif
-diff --git a/crypto/ct/Makefile.in b/crypto/ct/Makefile.in
-deleted file mode 100644
-index 794efbc..0000000
--- a/crypto/ct/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -45436,8 +50485,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
-index a1693a6..d6279d2 100644
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -1,59 +1,10 @@
@@ -45505,8 +50552,57 @@
*/
#include <limits.h>
-diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c
-index 1754395..8581dbb 100644
+@@ -164,17 +115,27 @@ SCT *SCT_new_from_base64(unsigned char v
+ return NULL;
+ }
+
+-CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name)
++/*
++ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
++ * It returns 1 on success,
++ * 0 on decoding failure, or invalid parameter if any
++ * -1 on internal (malloc) failure
++ */
++int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
+ {
+ unsigned char *pkey_der = NULL;
+ int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+ const unsigned char *p;
+ EVP_PKEY *pkey = NULL;
+- CTLOG *log = NULL;
++
++ if (ct_log == NULL) {
++ CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
++ return 0;
++ }
+
+ if (pkey_der_len <= 0) {
+ CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+- return NULL;
++ return 0;
+ }
+
+ p = pkey_der;
+@@ -182,14 +143,14 @@ CTLOG *CTLOG_new_from_base64(const char
+ OPENSSL_free(pkey_der);
+ if (pkey == NULL) {
+ CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+- return NULL;
++ return 0;
+ }
+
+- log = CTLOG_new(pkey, name);
+- if (log == NULL) {
++ *ct_log = CTLOG_new(pkey, name);
++ if (*ct_log == NULL) {
+ EVP_PKEY_free(pkey);
+- return NULL;
++ return -1;
+ }
+
+- return log;
++ return 1;
+ }
--- a/crypto/ct/ct_err.c
+++ b/crypto/ct/ct_err.c
@@ -1,61 +1,11 @@
@@ -45578,13 +50674,15 @@
*/
#include <stdio.h>
-@@ -73,26 +23,11 @@ static ERR_STRING_DATA CT_str_functs[] = {
+@@ -73,26 +23,13 @@ static ERR_STRING_DATA CT_str_functs[] =
{ERR_FUNC(CT_F_CTLOG_NEW_FROM_BASE64), "CTLOG_new_from_base64"},
{ERR_FUNC(CT_F_CTLOG_NEW_FROM_CONF), "ctlog_new_from_conf"},
{ERR_FUNC(CT_F_CTLOG_NEW_NULL), "CTLOG_new_null"},
- {ERR_FUNC(CT_F_CTLOG_STORE_GET0_LOG_BY_ID), "CTLOG_STORE_get0_log_by_id"},
{ERR_FUNC(CT_F_CTLOG_STORE_LOAD_CTX_NEW), "ctlog_store_load_ctx_new"},
{ERR_FUNC(CT_F_CTLOG_STORE_LOAD_FILE), "CTLOG_STORE_load_file"},
++ {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_LOG), "ctlog_store_load_log"},
++ {ERR_FUNC(CT_F_CTLOG_STORE_NEW), "CTLOG_STORE_new"},
{ERR_FUNC(CT_F_CT_BASE64_DECODE), "ct_base64_decode"},
- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_GET0_CERT),
- "CT_POLICY_EVAL_CTX_get0_cert"},
@@ -45605,7 +50703,7 @@
{ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"},
{ERR_FUNC(CT_F_I2O_SCT_LIST), "i2o_SCT_LIST"},
{ERR_FUNC(CT_F_I2O_SCT_SIGNATURE), "i2o_SCT_signature"},
-@@ -100,7 +35,6 @@ static ERR_STRING_DATA CT_str_functs[] = {
+@@ -100,7 +37,6 @@ static ERR_STRING_DATA CT_str_functs[] =
{ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},
{ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},
{ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"},
@@ -45613,7 +50711,7 @@
{ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},
{ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"},
{ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},
-@@ -110,8 +44,6 @@ static ERR_STRING_DATA CT_str_functs[] = {
+@@ -110,8 +46,6 @@ static ERR_STRING_DATA CT_str_functs[] =
{ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
{ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
{ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
@@ -45622,7 +50720,7 @@
{ERR_FUNC(CT_F_SCT_VERIFY), "SCT_verify"},
{ERR_FUNC(CT_F_SCT_VERIFY_V1), "SCT_verify_v1"},
{0, NULL}
-@@ -126,15 +58,12 @@ static ERR_STRING_DATA CT_str_reasons[] = {
+@@ -126,15 +60,12 @@ static ERR_STRING_DATA CT_str_reasons[]
"log conf missing description"},
{ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"},
{ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"},
@@ -45638,8 +50736,21 @@
{ERR_REASON(CT_R_UNRECOGNIZED_SIGNATURE_NID),
"unrecognized signature nid"},
{ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"},
-diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
-index b1a65d6..1180455 100644
+@@ -144,7 +75,7 @@ static ERR_STRING_DATA CT_str_reasons[]
+
+ #endif
+
+-void ERR_load_CT_strings(void)
++int ERR_load_CT_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -153,4 +84,5 @@ void ERR_load_CT_strings(void)
+ ERR_load_strings(0, CT_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -1,53 +1,10 @@
@@ -45701,14 +50812,12 @@
*/
#include <stddef.h>
-@@ -211,4 +168,4 @@ __owur int SCT_signature_is_complete(const SCT *sct);
+@@ -211,4 +168,4 @@ void SCT_CTX_free(SCT_CTX *sctx);
/*
* Handlers for Certificate Transparency X509v3/OCSP extensions
*/
-extern const X509V3_EXT_METHOD v3_ct_scts[];
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
-diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
-index 47bd08f..6fc21b7 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -1,56 +1,10 @@
@@ -45774,8 +50883,156 @@
*/
#include <stdlib.h>
-diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
-index ece353b..cacc3bd 100644
+@@ -104,15 +58,10 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store
+ {
+ CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+- if (ctx == NULL) {
++ if (ctx == NULL)
+ CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
+
+ return ctx;
+-err:
+- ctlog_store_load_ctx_free(ctx);
+- return NULL;
+ }
+
+ static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
+@@ -144,8 +93,10 @@ CTLOG_STORE *CTLOG_STORE_new(void)
+ {
+ CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+- if (ret == NULL)
+- goto err;
++ if (ret == NULL) {
++ CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
+
+ ret->logs = sk_CTLOG_new_null();
+ if (ret->logs == NULL)
+@@ -153,7 +104,7 @@ CTLOG_STORE *CTLOG_STORE_new(void)
+
+ return ret;
+ err:
+- CTLOG_STORE_free(ret);
++ OPENSSL_free(ret);
+ return NULL;
+ }
+
+@@ -165,31 +116,23 @@ void CTLOG_STORE_free(CTLOG_STORE *store
+ }
+ }
+
+-static CTLOG *ctlog_new_from_conf(const CONF *conf, const char *section)
++static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
+ {
+- CTLOG *ret = NULL;
+- char *description = NCONF_get_string(conf, section, "description");
++ const char *description = NCONF_get_string(conf, section, "description");
+ char *pkey_base64;
+
+ if (description == NULL) {
+ CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
+- goto end;
++ return 0;
+ }
+
+ pkey_base64 = NCONF_get_string(conf, section, "key");
+ if (pkey_base64 == NULL) {
+ CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
+- goto end;
++ return 0;
+ }
+
+- ret = CTLOG_new_from_base64(pkey_base64, description);
+- if (ret == NULL) {
+- CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_INVALID);
+- goto end;
+- }
+-
+-end:
+- return ret;
++ return CTLOG_new_from_base64(ct_log, pkey_base64, description);
+ }
+
+ int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
+@@ -203,33 +146,50 @@ int CTLOG_STORE_load_default_file(CTLOG_
+ }
+
+ /*
+- * Called by CONF_parse_list, which stops if this returns <= 0, so don't unless
+- * something very bad happens. Otherwise, one bad log entry would stop loading
+- * of any of the following log entries.
++ * Called by CONF_parse_list, which stops if this returns <= 0,
++ * Otherwise, one bad log entry would stop loading of any of
++ * the following log entries.
++ * It may stop parsing and returns -1 on any internal (malloc) error.
+ */
+ static int ctlog_store_load_log(const char *log_name, int log_name_len,
+ void *arg)
+ {
+ CTLOG_STORE_LOAD_CTX *load_ctx = arg;
+- CTLOG *ct_log;
++ CTLOG *ct_log = NULL;
+ /* log_name may not be null-terminated, so fix that before using it */
+ char *tmp;
++ int ret = 0;
+
+ /* log_name will be NULL for empty list entries */
+ if (log_name == NULL)
+ return 1;
+
+ tmp = OPENSSL_strndup(log_name, log_name_len);
+- ct_log = ctlog_new_from_conf(load_ctx->conf, tmp);
++ if (tmp == NULL)
++ goto mem_err;
++
++ ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
+ OPENSSL_free(tmp);
+- if (ct_log == NULL) {
++
++ if (ret < 0) {
++ /* Propagate any internal error */
++ return ret;
++ }
++ if (ret == 0) {
+ /* If we can't load this log, record that fact and skip it */
+ ++load_ctx->invalid_log_entries;
+ return 1;
+ }
+
+- sk_CTLOG_push(load_ctx->log_store->logs, ct_log);
++ if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
++ goto mem_err;
++ }
+ return 1;
++
++mem_err:
++ CTLOG_free(ct_log);
++ CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
++ return -1;
+ }
+
+ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
+@@ -277,11 +237,13 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, c
+ CTLOG *ret = CTLOG_new_null();
+
+ if (ret == NULL)
+- goto err;
++ return NULL;
+
+ ret->name = OPENSSL_strdup(name);
+- if (ret->name == NULL)
++ if (ret->name == NULL) {
++ CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+ goto err;
++ }
+
+ ret->public_key = public_key;
+ if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -1,59 +1,10 @@
@@ -45843,7 +51100,7 @@
*/
#ifdef OPENSSL_NO_CT
-@@ -414,9 +365,9 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+@@ -414,9 +365,9 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a,
if (pp != NULL) {
p = *pp;
s2n(len2 - 2, p);
@@ -45855,8 +51112,6 @@
return len2;
err:
-diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
-index f97cfdf..4c4f9b3 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -1,55 +1,11 @@
@@ -45922,8 +51177,6 @@
#ifdef OPENSSL_NO_CT
# error "CT is disabled"
-diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
-index 5004ae0..2786746 100644
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -1,59 +1,10 @@
@@ -45991,8 +51244,6 @@
*/
#ifdef OPENSSL_NO_CT
-diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
-index 1fc7456..1aec3e2 100644
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -1,59 +1,10 @@
@@ -46060,8 +51311,6 @@
*/
#ifdef OPENSSL_NO_CT
-diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c
-index 13937c7..28fd044 100644
--- a/crypto/ct/ct_sct_ctx.c
+++ b/crypto/ct/ct_sct_ctx.c
@@ -1,59 +1,10 @@
@@ -46129,8 +51378,6 @@
*/
#ifdef OPENSSL_NO_CT
-diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c
-index 71c0361..8305ce6 100644
--- a/crypto/ct/ct_vfy.c
+++ b/crypto/ct/ct_vfy.c
@@ -1,59 +1,10 @@
@@ -46198,8 +51445,6 @@
*/
#include <string.h>
-diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
-index ed361dc..805ada0 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -1,59 +1,10 @@
@@ -46267,7 +51512,7 @@
*/
#ifdef OPENSSL_NO_CT
-@@ -80,7 +31,7 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
+@@ -80,7 +31,7 @@ static int i2r_SCT_LIST(X509V3_EXT_METHO
}
/* Handlers for X509v3/OCSP Certificate Transparency extensions */
@@ -46276,8 +51521,6 @@
/* X509v3 extension in certificates that contains SCTs */
{ NID_ct_precert_scts, 0, NULL,
NULL, (X509V3_EXT_FREE)SCT_LIST_free,
-diff --git a/crypto/cversion.c b/crypto/cversion.c
-index a13ccf4..96d8a5b 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -1,58 +1,10 @@
@@ -46345,9 +51588,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT
-deleted file mode 100644
-index 5469e1e..0000000
--- a/crypto/des/COPYRIGHT
+++ /dev/null
@@ -1,50 +0,0 @@
@@ -46401,9 +51641,6 @@
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
-diff --git a/crypto/des/Makefile.in b/crypto/des/Makefile.in
-deleted file mode 100644
-index 5f87f22..0000000
--- a/crypto/des/Makefile.in
+++ /dev/null
@@ -1,72 +0,0 @@
@@ -46479,8 +51716,6 @@
- rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl
-index d94528f..d5911a1 100644
--- a/crypto/des/asm/crypt586.pl
+++ b/crypto/des/asm/crypt586.pl
@@ -1,10 +1,13 @@
@@ -46501,8 +51736,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
-diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl
-index e56eae4..3d7c7f1 100644
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
@@ -1,8 +1,13 @@
@@ -46521,8 +51754,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
-diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
-index 3efe246..2d794d3 100644
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
@@ -1,26 +1,9 @@
@@ -46557,8 +51788,6 @@
!
! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
!
-diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
-index eec0088..76759fb 100644
--- a/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
@@ -1,4 +1,11 @@
@@ -46574,8 +51803,6 @@
$L="edi";
$R="esi";
-diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
-index 858df0b..4a6e29f 100644
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -46591,7 +51818,7 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
-@@ -99,7 +106,7 @@ $code.=<<___;
+@@ -99,7 +106,7 @@ open STDOUT,">$output";
des_t4_cbc_encrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
@@ -46600,7 +51827,7 @@
ld [$ivec + 0], %f0 ! load ivec
ld [$ivec + 4], %f1
-@@ -200,7 +207,7 @@ des_t4_cbc_encrypt:
+@@ -200,7 +207,7 @@ open STDOUT,">$output";
des_t4_cbc_decrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
@@ -46609,7 +51836,7 @@
ld [$ivec + 0], %f2 ! load ivec
ld [$ivec + 4], %f3
-@@ -308,7 +315,7 @@ $code.=<<___;
+@@ -308,7 +315,7 @@ open STDOUT,">$output";
des_t4_ede3_cbc_encrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
@@ -46618,7 +51845,7 @@
ld [$ivec + 0], %f0 ! load ivec
ld [$ivec + 4], %f1
-@@ -460,7 +467,7 @@ des_t4_ede3_cbc_encrypt:
+@@ -460,7 +467,7 @@ open STDOUT,">$output";
des_t4_ede3_cbc_decrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
@@ -46627,9 +51854,6 @@
ld [$ivec + 0], %f2 ! load ivec
ld [$ivec + 4], %f3
-diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
-deleted file mode 100644
-index 1beafe2..0000000
--- a/crypto/des/asm/readme
+++ /dev/null
@@ -1,131 +0,0 @@
@@ -46764,8 +51988,6 @@
-13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
-raw DES at 281,000 per second on a pentium 100.
-
-diff --git a/crypto/des/build.info b/crypto/des/build.info
-index 10927cc..c0306cf 100644
--- a/crypto/des/build.info
+++ b/crypto/des/build.info
@@ -1,12 +1,11 @@
@@ -46785,8 +52007,6 @@
GENERATE[des_enc-sparc.S]=asm/des_enc.m4
GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
-diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
-index 1903765..a7bf068 100644
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -1,58 +1,10 @@
@@ -46854,8 +52074,6 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
-index 5b84e84..92e773f 100644
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -1,58 +1,10 @@
@@ -46923,14 +52141,14 @@
*/
#define CBC_ENC_C__DONT_UPDATE_IV
-diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
-index 4922245..5edb979 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -46978,9 +52196,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -46992,14 +52208,14 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
-index f9dce3d..96de51b 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -47047,9 +52263,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -47061,14 +52275,14 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
-index dd213b0..6c428ba 100644
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -47116,9 +52330,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -47130,8 +52342,6 @@
*/
#include "e_os.h"
-diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
-index 1f827f2..600f6df 100644
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -1,58 +1,10 @@
@@ -47199,14 +52409,14 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
-index 7ed783c..53881d4 100644
--- a/crypto/des/des_locl.h
+++ b/crypto/des/des_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -47254,9 +52464,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -47308,8 +52516,6 @@
# ifdef OPENSSL_BUILD_SHLIBCRYPTO
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
-diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
-index e96dd9e..6ac89d4 100644
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -1,58 +1,10 @@
@@ -47377,8 +52583,6 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
-index 109ffd4..bd130c6 100644
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -1,58 +1,10 @@
@@ -47446,9 +52650,6 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
-deleted file mode 100644
-index a37e753..0000000
--- a/crypto/des/enc_read.c
+++ /dev/null
@@ -1,234 +0,0 @@
@@ -47686,9 +52887,6 @@
- return num;
-#endif /* OPENSSL_NO_POSIX_IO */
-}
-diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
-deleted file mode 100644
-index dd1c0f9..0000000
--- a/crypto/des/enc_writ.c
+++ /dev/null
@@ -1,180 +0,0 @@
@@ -47872,8 +53070,6 @@
- return (len);
-#endif /* OPENSSL_NO_POSIX_IO */
-}
-diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
-index 0c7484c..5215ad3 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -1,3 +1,12 @@
@@ -47909,27 +53105,27 @@
#include <openssl/crypto.h>
#include "des_locl.h"
-@@ -70,27 +66,23 @@ char *DES_crypt(const char *buf, const char *salt)
+@@ -70,27 +66,23 @@ char *DES_crypt(const char *buf, const c
char e_buf[32 + 1]; /* replace 32 by 8 ? */
char *ret;
- /* Copy at most 2 chars of salt */
- if ((e_salt[0] = salt[0]) != '\0')
- e_salt[1] = salt[1];
--
-- /* Copy at most 32 chars of password */
-- strncpy(e_buf, buf, sizeof(e_buf));
+ if (salt[0] == '\0' || salt[1] == '\0')
+ return NULL;
-- /* Make sure we have a delimiter */
-- e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
+- /* Copy at most 32 chars of password */
+- strncpy(e_buf, buf, sizeof(e_buf));
+ /* Copy salt, convert to ASCII. */
+ e_salt[0] = salt[0];
+ e_salt[1] = salt[1];
+ e_salt[2] = '\0';
+ ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
+- /* Make sure we have a delimiter */
+- e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
+-
- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
@@ -47949,7 +53145,7 @@
return ret;
#endif
-@@ -107,25 +99,14 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+@@ -107,25 +99,14 @@ char *DES_fcrypt(const char *buf, const
unsigned char *b = bb;
unsigned char c, u;
@@ -47981,8 +53177,6 @@
/*
* EAY r=strlen(buf); r=(r+7)/8;
-diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
-index 6e02ac7..fe2369a 100644
--- a/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
@@ -1,68 +1,14 @@
@@ -48060,8 +53254,6 @@
#define DES_FCRYPT
#include "des_locl.h"
#undef DES_FCRYPT
-diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
-index 208615d..244f15c 100644
--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -1,64 +1,17 @@
@@ -48138,14 +53330,14 @@
#include "des_locl.h"
-diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
-index 97d4f61..a551a07 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -48193,9 +53385,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -48207,14 +53397,14 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
-index 53c558f..30976c8 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -48262,9 +53452,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -48276,14 +53464,14 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
-index c37709b..65a9b86 100644
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -48331,9 +53519,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -48345,8 +53531,6 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
-index 91a6caf..0fa058f 100644
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -1,58 +1,10 @@
@@ -48414,8 +53598,6 @@
*/
#include "des_locl.h"
-diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
-index 1ff0b75..8710cec 100644
--- a/crypto/des/qud_cksm.c
+++ b/crypto/des/qud_cksm.c
@@ -1,58 +1,10 @@
@@ -48483,8 +53665,6 @@
*/
/*
-diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
-index da95bfe..61e4f9d 100644
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
@@ -1,55 +1,10 @@
@@ -48549,9 +53729,6 @@
*/
#include <openssl/des.h>
-diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
-deleted file mode 100644
-index 748d0e6..0000000
--- a/crypto/des/read2pwd.c
+++ /dev/null
@@ -1,146 +0,0 @@
@@ -48701,14 +53878,14 @@
- return (ok);
-}
-#endif
-diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h
-index 727e285..fe59e22 100644
--- a/crypto/des/rpc_des.h
+++ b/crypto/des/rpc_des.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -48756,9 +53933,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -48770,8 +53945,6 @@
*/
/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */
-diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
-index 76cdd0c..bfa8511 100644
--- a/crypto/des/rpc_enc.c
+++ b/crypto/des/rpc_enc.c
@@ -1,58 +1,10 @@
@@ -48839,8 +54012,6 @@
*/
#include "rpc_des.h"
-diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
-index d9fc921..93adff3 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -1,58 +1,10 @@
@@ -48908,8 +54079,6 @@
*/
/*-
-diff --git a/crypto/des/spr.h b/crypto/des/spr.h
-index cd55a45..42adfbf 100644
--- a/crypto/des/spr.h
+++ b/crypto/des/spr.h
@@ -1,58 +1,10 @@
@@ -48977,8 +54146,6 @@
*/
OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
-diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
-index e671d14..78998a1 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -1,58 +1,10 @@
@@ -49046,7 +54213,7 @@
*/
#include <openssl/crypto.h>
-@@ -62,7 +14,6 @@ void DES_string_to_key(const char *str, DES_cblock *key)
+@@ -62,7 +14,6 @@ void DES_string_to_key(const char *str,
{
DES_key_schedule ks;
int i, length;
@@ -49054,7 +54221,7 @@
memset(key, 0, 8);
length = strlen(str);
-@@ -71,7 +22,8 @@ void DES_string_to_key(const char *str, DES_cblock *key)
+@@ -71,7 +22,8 @@ void DES_string_to_key(const char *str,
(*key)[i % 8] ^= (str[i] << 1);
#else /* MIT COMPATIBLE */
for (i = 0; i < length; i++) {
@@ -49064,7 +54231,7 @@
if ((i % 16) < 8)
(*key)[i % 8] ^= (j << 1);
else {
-@@ -94,7 +46,6 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+@@ -94,7 +46,6 @@ void DES_string_to_2keys(const char *str
{
DES_key_schedule ks;
int i, length;
@@ -49072,7 +54239,7 @@
memset(key1, 0, 8);
memset(key2, 0, 8);
-@@ -114,7 +65,8 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+@@ -114,7 +65,8 @@ void DES_string_to_2keys(const char *str
}
#else /* MIT COMPATIBLE */
for (i = 0; i < length; i++) {
@@ -49082,8 +54249,6 @@
if ((i % 32) < 16) {
if ((i % 16) < 8)
(*key1)[i % 8] ^= (j << 1);
-diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
-index 11ee004..c4e455d 100644
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -1,58 +1,10 @@
@@ -49151,9 +54316,6 @@
*/
#include "des_locl.h"
-diff --git a/crypto/dh/Makefile.in b/crypto/dh/Makefile.in
-deleted file mode 100644
-index 205909a..0000000
--- a/crypto/dh/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -49202,8 +54364,6 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index 54d5ba5..78aea36 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -1,59 +1,10 @@
@@ -49271,7 +54431,7 @@
*/
#include <stdio.h>
-@@ -329,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
+@@ -329,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH
else
pub_key = NULL;
@@ -49281,7 +54441,7 @@
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
-@@ -486,7 +438,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+@@ -486,7 +438,7 @@ static int dh_copy_parameters(EVP_PKEY *
static int dh_missing_parameters(const EVP_PKEY *a)
{
@@ -49290,8 +54450,6 @@
return 1;
return 0;
}
-diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
-index aa80291..7c72fd6 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -1,59 +1,10 @@
@@ -49359,8 +54517,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 5d14265..fcc1d99 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -1,58 +1,10 @@
@@ -49483,8 +54639,6 @@
*ret |= DH_CHECK_P_NOT_SAFE_PRIME;
}
ok = 1;
-diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
-index 90ce0b0..f8ed1b7 100644
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
@@ -1,55 +1,10 @@
@@ -49549,8 +54703,6 @@
*/
/* This file contains deprecated functions as wrappers to the new ones */
-diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
-index 4778b8d..a5348b1 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,61 +1,11 @@
@@ -49622,7 +54774,7 @@
*/
#include <stdio.h>
-@@ -75,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = {
+@@ -75,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
{ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"},
@@ -49632,7 +54784,7 @@
{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
{ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"},
{ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"},
-@@ -83,7 +36,6 @@ static ERR_STRING_DATA DH_str_functs[] = {
+@@ -83,7 +36,6 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"},
{ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"},
{ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"},
@@ -49640,7 +54792,7 @@
{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"},
{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"},
{0, NULL}
-@@ -97,7 +49,6 @@ static ERR_STRING_DATA DH_str_reasons[] = {
+@@ -97,7 +49,6 @@ static ERR_STRING_DATA DH_str_reasons[]
{ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
{ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
{ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
@@ -49648,8 +54800,21 @@
{ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
{ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
-diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
-index 5c96dac..27ecb98 100644
+@@ -109,7 +60,7 @@ static ERR_STRING_DATA DH_str_reasons[]
+
+ #endif
+
+-void ERR_load_DH_strings(void)
++int ERR_load_DH_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -118,4 +69,5 @@ void ERR_load_DH_strings(void)
+ ERR_load_strings(0, DH_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -1,58 +1,10 @@
@@ -49717,8 +54882,6 @@
*/
/*
-diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
-index 6c31fec..f2f3d24 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -1,53 +1,10 @@
@@ -49780,8 +54943,17 @@
*/
#include <e_os.h>
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index d957550..21dada3 100644
+@@ -160,8 +117,8 @@ int DH_KDF_X9_42(unsigned char *out, siz
+ goto err;
+ for (i = 1;; i++) {
+ unsigned char mtmp[EVP_MAX_MD_SIZE];
+- EVP_DigestInit_ex(mctx, md, NULL);
+- if (!EVP_DigestUpdate(mctx, Z, Zlen))
++ if (!EVP_DigestInit_ex(mctx, md, NULL)
++ || !EVP_DigestUpdate(mctx, Z, Zlen))
+ goto err;
+ ctr[3] = i & 0xFF;
+ ctr[2] = (i >> 8) & 0xFF;
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -1,63 +1,14 @@
@@ -49886,7 +55058,7 @@
}
dh->pub_key = pub_key;
-@@ -223,10 +168,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+@@ -223,10 +168,7 @@ static int compute_key(unsigned char *ke
if (dh->flags & DH_FLAG_CACHE_MONT_P) {
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
dh->lock, dh->p, ctx);
@@ -49898,7 +55070,7 @@
if (!mont)
goto err;
}
-@@ -255,15 +197,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+@@ -255,15 +197,7 @@ static int dh_bn_mod_exp(const DH *dh, B
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
@@ -49915,8 +55087,6 @@
}
static int dh_init(DH *dh)
-diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
-index bf9f8d3..adf1771 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -1,58 +1,10 @@
@@ -50053,7 +55223,7 @@
{
if (p != NULL)
*p = dh->p;
-@@ -245,15 +196,25 @@ void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g)
+@@ -245,15 +196,25 @@ void DH_get0_pqg(const DH *dh, BIGNUM **
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
@@ -50096,7 +55266,7 @@
{
if (pub_key != NULL)
*pub_key = dh->pub_key;
-@@ -283,14 +244,21 @@ void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key)
+@@ -283,14 +244,21 @@ void DH_get0_key(const DH *dh, BIGNUM **
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
{
@@ -50124,8 +55294,6 @@
return 1;
}
-diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h
-index 46e4bc7..19301c3 100644
--- a/crypto/dh/dh_locl.h
+++ b/crypto/dh/dh_locl.h
@@ -1,11 +1,10 @@
@@ -50143,8 +55311,6 @@
*/
#include <openssl/dh.h>
-diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c
-index 0bc5e53..45753b6 100644
--- a/crypto/dh/dh_meth.c
+++ b/crypto/dh/dh_meth.c
@@ -1,16 +1,15 @@
@@ -50168,7 +55334,7 @@
DH_METHOD *DH_meth_new(const char *name, int flags)
{
-@@ -18,6 +17,11 @@ DH_METHOD *DH_meth_new(const char *name, int flags)
+@@ -18,6 +17,11 @@ DH_METHOD *DH_meth_new(const char *name,
if (dhm != NULL) {
dhm->name = OPENSSL_strdup(name);
@@ -50180,7 +55346,7 @@
dhm->flags = flags;
}
-@@ -27,8 +31,7 @@ DH_METHOD *DH_meth_new(const char *name, int flags)
+@@ -27,8 +31,7 @@ DH_METHOD *DH_meth_new(const char *name,
void DH_meth_free(DH_METHOD *dhm)
{
if (dhm != NULL) {
@@ -50190,7 +55356,7 @@
OPENSSL_free(dhm);
}
}
-@@ -42,6 +45,11 @@ DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)
+@@ -42,6 +45,11 @@ DH_METHOD *DH_meth_dup(const DH_METHOD *
if (ret != NULL) {
memcpy(ret, dhm, sizeof(*dhm));
ret->name = OPENSSL_strdup(dhm->name);
@@ -50202,7 +55368,7 @@
}
return ret;
-@@ -54,10 +62,18 @@ const char *DH_meth_get0_name(const DH_METHOD *dhm)
+@@ -54,10 +62,18 @@ const char *DH_meth_get0_name(const DH_M
int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
{
@@ -50223,8 +55389,6 @@
}
int DH_meth_get_flags(DH_METHOD *dhm)
-diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index 5d357a3..c3e03c7 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -1,59 +1,10 @@
@@ -50292,7 +55456,7 @@
*/
#include <stdio.h>
-@@ -112,6 +63,17 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
+@@ -112,6 +63,17 @@ static int pkey_dh_init(EVP_PKEY_CTX *ct
return 1;
}
@@ -50310,7 +55474,7 @@
static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
DH_PKEY_CTX *dctx, *sctx;
-@@ -128,27 +90,19 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+@@ -128,27 +90,19 @@ static int pkey_dh_copy(EVP_PKEY_CTX *ds
dctx->kdf_type = sctx->kdf_type;
dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
@@ -50342,8 +55506,6 @@
static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
DH_PKEY_CTX *dctx = ctx->data;
-diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c
-index 4c89a14..283fb0f 100644
--- a/crypto/dh/dh_prn.c
+++ b/crypto/dh/dh_prn.c
@@ -1,58 +1,10 @@
@@ -50411,8 +55573,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
-index 48b199d..c4a2195 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -1,59 +1,10 @@
@@ -50480,9 +55640,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/dh/example b/crypto/dh/example
-deleted file mode 100644
-index 16a33d2..0000000
--- a/crypto/dh/example
+++ /dev/null
@@ -1,50 +0,0 @@
@@ -50536,9 +55693,6 @@
-Phil Karn
-
-
-diff --git a/crypto/dh/generate b/crypto/dh/generate
-deleted file mode 100644
-index 5d40723..0000000
--- a/crypto/dh/generate
+++ /dev/null
@@ -1,65 +0,0 @@
@@ -50607,8 +55761,6 @@
-
-
-
-diff --git a/crypto/dllmain.c b/crypto/dllmain.c
-index 0a229b5..91904aa 100644
--- a/crypto/dllmain.c
+++ b/crypto/dllmain.c
@@ -1,3 +1,12 @@
@@ -50624,9 +55776,6 @@
#include "internal/cryptlib_int.h"
#if defined(_WIN32) || defined(__CYGWIN__)
-diff --git a/crypto/dsa/Makefile.in b/crypto/dsa/Makefile.in
-deleted file mode 100644
-index 145034e..0000000
--- a/crypto/dsa/Makefile.in
+++ /dev/null
@@ -1,47 +0,0 @@
@@ -50677,8 +55826,6 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
-index 54cdb3d..c7573bf 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -1,59 +1,10 @@
@@ -50746,7 +55893,7 @@
*/
#include <stdio.h>
-@@ -315,7 +266,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
+@@ -315,7 +266,7 @@ static int dsa_missing_parameters(const
{
DSA *dsa;
dsa = pkey->pkey.dsa;
@@ -50755,7 +55902,7 @@
return 1;
return 0;
}
-@@ -486,9 +437,9 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+@@ -486,9 +437,9 @@ static int dsa_sig_print(BIO *bp, const
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) {
int rv = 0;
@@ -50767,7 +55914,7 @@
if (BIO_write(bp, "\n", 1) != 1)
goto err;
-@@ -558,7 +509,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+@@ -558,7 +509,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
/* NB these are sorted in pkey_id order, lowest first */
@@ -50776,8 +55923,6 @@
{
EVP_PKEY_DSA2,
-diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
-index 1468fb1..540d01f 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -1,59 +1,10 @@
@@ -50845,7 +55990,7 @@
*/
#include <stdio.h>
-@@ -63,11 +14,6 @@
+@@ -63,22 +14,47 @@
#include <openssl/asn1t.h>
#include <openssl/rand.h>
@@ -50857,11 +56002,28 @@
ASN1_SEQUENCE(DSA_SIG) = {
ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-@@ -75,10 +21,23 @@ ASN1_SEQUENCE(DSA_SIG) = {
+ } static_ASN1_SEQUENCE_END(DSA_SIG)
- IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
-
--void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig)
+-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
++IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
++
++DSA_SIG *DSA_SIG_new(void)
++{
++ DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
++ if (sig == NULL)
++ DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
++ return sig;
++}
++
++void DSA_SIG_free(DSA_SIG *sig)
++{
++ if (sig == NULL)
++ return;
++ BN_clear_free(sig->r);
++ BN_clear_free(sig->s);
++ OPENSSL_free(sig);
++}
++
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+ if (pr != NULL)
@@ -50869,7 +56031,8 @@
+ if (ps != NULL)
+ *ps = sig->s;
+}
-+
+
+-void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig)
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
{
- *pr = sig->r;
@@ -50884,8 +56047,6 @@
}
/* Override the default free and new methods */
-diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
-index f50fcc0..f51aea7 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -1,55 +1,10 @@
@@ -50958,8 +56119,6 @@
# include <openssl/sha.h>
DSA *DSA_generate_parameters(int bits,
-diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
-index 2e29258..96bd4d3 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -1,61 +1,11 @@
@@ -51050,11 +56209,10 @@
{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
{ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "dsa_param_decode"},
{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
-@@ -87,14 +37,9 @@ static ERR_STRING_DATA DSA_str_functs[] = {
- {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"},
+@@ -88,13 +38,9 @@ static ERR_STRING_DATA DSA_str_functs[]
{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
-- {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
+ {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
- {ERR_FUNC(DSA_F_DSA_SIG_PRINT), "dsa_sig_print"},
- {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
- {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
@@ -51065,7 +56223,7 @@
{0, NULL}
};
-@@ -102,15 +47,11 @@ static ERR_STRING_DATA DSA_str_reasons[] = {
+@@ -102,15 +48,11 @@ static ERR_STRING_DATA DSA_str_reasons[]
{ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
{ERR_REASON(DSA_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_REASON(DSA_R_BN_ERROR), "bn error"},
@@ -51081,8 +56239,21 @@
{ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
-diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
-index c278d98..3dac550 100644
+@@ -119,7 +61,7 @@ static ERR_STRING_DATA DSA_str_reasons[]
+
+ #endif
+
+-void ERR_load_DSA_strings(void)
++int ERR_load_DSA_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -128,4 +70,5 @@ void ERR_load_DSA_strings(void)
+ ERR_load_strings(0, DSA_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -1,58 +1,10 @@
@@ -51150,7 +56321,7 @@
*/
/*
-@@ -406,6 +358,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+@@ -406,6 +358,8 @@ int dsa_builtin_paramgen2(DSA *ret, size
X = BN_CTX_get(ctx);
c = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
@@ -51159,8 +56330,6 @@
/* if p, q already supplied generate g only */
if (ret->p && ret->q) {
-diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
-index 4415884..31442b1 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -1,58 +1,10 @@
@@ -51268,8 +56437,6 @@
}
dsa->priv_key = priv_key;
-diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
-index facb97f..9c001d7 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -1,58 +1,10 @@
@@ -51415,7 +56582,7 @@
{
if (p != NULL)
*p = d->p;
-@@ -315,19 +266,32 @@ void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g)
+@@ -315,19 +266,32 @@ void DSA_get0_pqg(const DSA *d, BIGNUM *
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
@@ -51456,7 +56623,7 @@
{
if (pub_key != NULL)
*pub_key = d->pub_key;
-@@ -337,14 +301,21 @@ void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key)
+@@ -337,14 +301,21 @@ void DSA_get0_key(const DSA *d, BIGNUM *
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
{
@@ -51484,8 +56651,6 @@
return 1;
}
-diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
-index 657fbff..9021fce 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -1,55 +1,10 @@
@@ -51578,8 +56743,6 @@
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int (*init) (DSA *dsa);
int (*finish) (DSA *dsa);
-diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c
-index 816e35e..a8cee06 100644
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
@@ -1,4 +1,13 @@
@@ -51604,7 +56767,7 @@
DSA_METHOD *DSA_meth_new(const char *name, int flags)
{
-@@ -15,6 +25,11 @@ DSA_METHOD *DSA_meth_new(const char *name, int flags)
+@@ -15,6 +25,11 @@ DSA_METHOD *DSA_meth_new(const char *nam
if (dsam != NULL) {
dsam->name = OPENSSL_strdup(name);
@@ -51616,7 +56779,7 @@
dsam->flags = flags;
}
-@@ -24,8 +39,7 @@ DSA_METHOD *DSA_meth_new(const char *name, int flags)
+@@ -24,8 +39,7 @@ DSA_METHOD *DSA_meth_new(const char *nam
void DSA_meth_free(DSA_METHOD *dsam)
{
if (dsam != NULL) {
@@ -51626,7 +56789,7 @@
OPENSSL_free(dsam);
}
}
-@@ -39,6 +53,11 @@ DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)
+@@ -39,6 +53,11 @@ DSA_METHOD *DSA_meth_dup(const DSA_METHO
if (ret != NULL) {
memcpy(ret, dsam, sizeof(*dsam));
ret->name = OPENSSL_strdup(dsam->name);
@@ -51638,7 +56801,7 @@
}
return ret;
-@@ -51,10 +70,18 @@ const char *DSA_meth_get0_name(const DSA_METHOD *dsam)
+@@ -51,10 +70,18 @@ const char *DSA_meth_get0_name(const DSA
int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
{
@@ -51659,7 +56822,7 @@
}
int DSA_meth_get_flags(DSA_METHOD *dsam)
-@@ -119,29 +146,30 @@ int DSA_meth_set_verify(DSA_METHOD *dsam,
+@@ -119,29 +146,30 @@ int DSA_meth_set_verify(DSA_METHOD *dsam
}
int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
@@ -51696,8 +56859,6 @@
const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
{
dsam->bn_mod_exp = bn_mod_exp;
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index 9285553..8913fcc 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -1,58 +1,10 @@
@@ -51816,7 +56977,7 @@
const DSA_METHOD *DSA_OpenSSL(void)
{
return &openssl_dsa_meth;
-@@ -136,11 +51,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+@@ -136,11 +51,9 @@ static DSA_SIG *dsa_do_sign(const unsign
BIGNUM *kinv = NULL;
BIGNUM *m;
BIGNUM *xr;
@@ -51828,12 +56989,17 @@
int rv = 0;
m = BN_new();
-@@ -157,13 +70,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+@@ -156,14 +69,16 @@ static DSA_SIG *dsa_do_sign(const unsign
+ ret = DSA_SIG_new();
if (ret == NULL)
goto err;
+-
+- DSA_SIG_get0(&r, &s, ret);
++ ret->r = BN_new();
++ ret->s = BN_new();
++ if (ret->r == NULL || ret->s == NULL)
++ goto err;
-- DSA_SIG_get0(&r, &s, ret);
--
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@@ -51843,7 +57009,7 @@
goto err;
if (dlen > BN_num_bytes(dsa->q))
-@@ -177,27 +88,22 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+@@ -177,27 +92,22 @@ static DSA_SIG *dsa_do_sign(const unsign
goto err;
/* Compute s = inv(k) (m + xr) mod q */
@@ -51877,7 +57043,7 @@
rv = 1;
-@@ -225,7 +131,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+@@ -225,7 +135,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C
const unsigned char *dgst, int dlen)
{
BN_CTX *ctx = NULL;
@@ -51886,7 +57052,7 @@
int ret = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
-@@ -234,8 +140,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+@@ -234,8 +144,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C
}
k = BN_new();
@@ -51896,7 +57062,7 @@
goto err;
if (ctx_in == NULL) {
-@@ -258,9 +163,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+@@ -258,9 +167,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C
goto err;
} while (BN_is_zero(k));
@@ -51907,7 +57073,7 @@
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -270,30 +173,29 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+@@ -270,30 +177,29 @@ static int dsa_sign_setup(DSA *dsa, BN_C
/* Compute r = (g^k mod p) mod q */
@@ -51956,7 +57122,7 @@
if (!BN_mod(r, r, dsa->q, ctx))
goto err;
-@@ -311,7 +213,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+@@ -311,7 +217,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
if (ctx != ctx_in)
BN_CTX_free(ctx);
BN_clear_free(k);
@@ -51964,7 +57130,7 @@
return ret;
}
-@@ -321,7 +222,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+@@ -321,7 +226,7 @@ static int dsa_do_verify(const unsigned
BN_CTX *ctx;
BIGNUM *u1, *u2, *t1;
BN_MONT_CTX *mont = NULL;
@@ -51973,7 +57139,7 @@
int ret = -1, i;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
-@@ -346,7 +247,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+@@ -346,7 +251,7 @@ static int dsa_do_verify(const unsigned
if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
goto err;
@@ -51982,7 +57148,7 @@
if (BN_is_zero(r) || BN_is_negative(r) ||
BN_ucmp(r, dsa->q) >= 0) {
-@@ -391,9 +292,16 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+@@ -391,9 +296,16 @@ static int dsa_do_verify(const unsigned
goto err;
}
@@ -52002,8 +57168,6 @@
/* let u1 = u1 mod q */
if (!BN_mod(u1, t1, dsa->q, ctx))
goto err;
-diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
-index 8eca37f..4180958 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -1,59 +1,10 @@
@@ -52071,8 +57235,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
-index de33745..f3c20ea 100644
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c
@@ -1,59 +1,10 @@
@@ -52140,8 +57302,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
-index b9dcd5b..2e29d40 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -1,65 +1,16 @@
@@ -52216,8 +57376,6 @@
#include <openssl/bn.h>
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
-index 6ce9968..a84d521 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -1,58 +1,10 @@
@@ -52285,9 +57443,6 @@
*/
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-diff --git a/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt
-deleted file mode 100644
-index 974f255..0000000
--- a/crypto/dsa/fips186a.txt
+++ /dev/null
@@ -1,122 +0,0 @@
@@ -52413,9 +57568,6 @@
-
-v =
- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
-diff --git a/crypto/dso/Makefile.in b/crypto/dso/Makefile.in
-deleted file mode 100644
-index e2fec28..0000000
--- a/crypto/dso/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -52464,9 +57616,6 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/dso/README b/crypto/dso/README
-deleted file mode 100644
-index d0bc9a8..0000000
--- a/crypto/dso/README
+++ /dev/null
@@ -1,22 +0,0 @@
@@ -52492,8 +57641,6 @@
- (ii) default to the normal behaviour - we're not on win32, eg.
- finish with (return dso->meth->dso_name_converter(dso,NULL)).
-
-diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
-index 5a138b3..bc29fb2 100644
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -1,59 +1,10 @@
@@ -52573,7 +57720,7 @@
goto err;
}
if (!sk_push(dso->meth_data, (char *)ptr)) {
-@@ -179,8 +132,10 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+@@ -179,8 +132,10 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *d
return (NULL);
}
if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
@@ -52585,8 +57732,6 @@
return (NULL);
}
return ((DSO_FUNC_TYPE)sym);
-diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
-index f1773c8..624052b 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -1,59 +1,10 @@
@@ -52654,8 +57799,6 @@
*/
/*
-diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c
-index 136c4fe..870c80b 100644
--- a/crypto/dso/dso_err.c
+++ b/crypto/dso/dso_err.c
@@ -1,61 +1,11 @@
@@ -52727,8 +57870,21 @@
*/
#include <stdio.h>
-diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
-index a6cc700..bea8776 100644
+@@ -128,7 +78,7 @@ static ERR_STRING_DATA DSO_str_reasons[]
+
+ #endif
+
+-void ERR_load_DSO_strings(void)
++int ERR_load_DSO_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -137,4 +87,5 @@ void ERR_load_DSO_strings(void)
+ ERR_load_strings(0, DSO_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -1,59 +1,10 @@
@@ -52796,7 +57952,7 @@
*/
#include "dso_locl.h"
-@@ -88,6 +39,7 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
+@@ -88,6 +39,7 @@ static DSO *DSO_new_method(DSO_METHOD *m
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
@@ -52804,8 +57960,6 @@
sk_void_free(ret->meth_data);
OPENSSL_free(ret);
return NULL;
-diff --git a/crypto/dso/dso_locl.h b/crypto/dso/dso_locl.h
-index 622e69e..1976787 100644
--- a/crypto/dso/dso_locl.h
+++ b/crypto/dso/dso_locl.h
@@ -1,11 +1,12 @@
@@ -52826,8 +57980,6 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/dso.h"
-diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c
-index 62191d7..6626331 100644
--- a/crypto/dso/dso_openssl.c
+++ b/crypto/dso/dso_openssl.c
@@ -1,59 +1,10 @@
@@ -52895,8 +58047,6 @@
*/
#include "dso_locl.h"
-diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c
-index 654e766..90d387e 100644
--- a/crypto/dso/dso_vms.c
+++ b/crypto/dso/dso_vms.c
@@ -1,59 +1,10 @@
@@ -52973,8 +58123,6 @@
if (filename == NULL) {
DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
-diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
-index 01d2a72..4ac6e71 100644
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -1,59 +1,10 @@
@@ -53042,8 +58190,6 @@
*/
#include "dso_locl.h"
-diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c
-index 1248cba..6871953 100644
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@@ -1,17 +1,103 @@
@@ -53152,9 +58298,6 @@
/*
* "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
* AG, Germany, for their BS2000 mainframe machines. Within the POSIX
-diff --git a/crypto/ec/Makefile.in b/crypto/ec/Makefile.in
-deleted file mode 100644
-index cc5e4b6..0000000
--- a/crypto/ec/Makefile.in
+++ /dev/null
@@ -1,73 +0,0 @@
@@ -53231,8 +58374,6 @@
- rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl
-index 6eafaa0..62761f8 100755
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -1,4 +1,11 @@
@@ -53248,8 +58389,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
-index 53e974b..c5c1280 100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1,4 +1,11 @@
@@ -53265,8 +58404,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl
-index 43f3c1d..3bdd2cf 100755
--- a/crypto/ec/asm/ecp_nistz256-avx2.pl
+++ b/crypto/ec/asm/ecp_nistz256-avx2.pl
@@ -1,4 +1,11 @@
@@ -53282,8 +58419,6 @@
##############################################################################
# #
-diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
-index 3c4b071..3f39088 100755
--- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -53299,7 +58434,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -94,6 +101,7 @@ my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1");
+@@ -94,6 +101,7 @@ my ($bi,$a0,$mask,$carry)=(map("%i$_",(3
my ($rp_real,$ap_real)=("%g2","%g3");
$code.=<<___;
@@ -53307,7 +58442,7 @@
.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
.align 64
.LRR: ! 2^512 mod P precomputed for NIST P256 polynomial
-@@ -115,6 +123,7 @@ ecp_nistz256_to_mont:
+@@ -115,6 +123,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
nop
ret
restore
@@ -53315,7 +58450,7 @@
.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
! void ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -129,6 +138,7 @@ ecp_nistz256_from_mont:
+@@ -129,6 +138,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
nop
ret
restore
@@ -53323,7 +58458,7 @@
.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
! void ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8],
-@@ -142,6 +152,7 @@ ecp_nistz256_mul_mont:
+@@ -142,6 +152,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
nop
ret
restore
@@ -53331,7 +58466,7 @@
.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
! void ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]);
-@@ -154,6 +165,7 @@ ecp_nistz256_sqr_mont:
+@@ -154,6 +165,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
nop
ret
restore
@@ -53339,7 +58474,7 @@
.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
___
-@@ -353,6 +365,7 @@ $code.=<<___;
+@@ -353,6 +365,7 @@ for($i=1;$i<8;$i++) {
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
@@ -53347,7 +58482,7 @@
.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
! void ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8],
-@@ -372,6 +385,7 @@ ecp_nistz256_add:
+@@ -372,6 +385,7 @@ for($i=1;$i<8;$i++) {
ld [$ap+28], at acc[7]
ret
restore
@@ -53355,7 +58490,7 @@
.size ecp_nistz256_add,.-ecp_nistz256_add
.align 32
-@@ -422,6 +436,7 @@ __ecp_nistz256_add:
+@@ -422,6 +436,7 @@ for($i=1;$i<8;$i++) {
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
@@ -53363,7 +58498,7 @@
.size __ecp_nistz256_add,.-__ecp_nistz256_add
! void ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -440,6 +455,7 @@ ecp_nistz256_mul_by_2:
+@@ -440,6 +455,7 @@ for($i=1;$i<8;$i++) {
ld [$ap+28], at acc[7]
ret
restore
@@ -53371,7 +58506,7 @@
.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
.align 32
-@@ -454,6 +470,7 @@ __ecp_nistz256_mul_by_2:
+@@ -454,6 +470,7 @@ for($i=1;$i<8;$i++) {
addccc @acc[7], at acc[7], at acc[7]
b .Lreduce_by_sub
subc %g0,%g0,$carry ! broadcast carry bit
@@ -53379,7 +58514,7 @@
.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
! void ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -472,6 +489,7 @@ ecp_nistz256_mul_by_3:
+@@ -472,6 +489,7 @@ for($i=1;$i<8;$i++) {
ld [$ap+28], at acc[7]
ret
restore
@@ -53387,7 +58522,7 @@
.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
.align 32
-@@ -506,6 +524,7 @@ __ecp_nistz256_mul_by_3:
+@@ -506,6 +524,7 @@ for($i=1;$i<8;$i++) {
addccc $t7, at acc[7], at acc[7]
b .Lreduce_by_sub
subc %g0,%g0,$carry ! broadcast carry bit
@@ -53395,7 +58530,7 @@
.size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3
! void ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8],
-@@ -525,6 +544,7 @@ ecp_nistz256_sub:
+@@ -525,6 +544,7 @@ for($i=1;$i<8;$i++) {
ld [$ap+28], at acc[7]
ret
restore
@@ -53403,7 +58538,7 @@
.size ecp_nistz256_sub,.-ecp_nistz256_sub
! void ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -544,6 +564,7 @@ ecp_nistz256_neg:
+@@ -544,6 +564,7 @@ for($i=1;$i<8;$i++) {
mov 0, at acc[7]
ret
restore
@@ -53411,7 +58546,7 @@
.size ecp_nistz256_neg,.-ecp_nistz256_neg
.align 32
-@@ -594,6 +615,7 @@ __ecp_nistz256_sub_from:
+@@ -594,6 +615,7 @@ for($i=1;$i<8;$i++) {
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
@@ -53419,7 +58554,7 @@
.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
.align 32
-@@ -616,6 +638,7 @@ __ecp_nistz256_sub_morf:
+@@ -616,6 +638,7 @@ for($i=1;$i<8;$i++) {
subccc $t7, at acc[7], at acc[7]
b .Lreduce_by_add
subc %g0,%g0,$carry ! broadcast borrow bit
@@ -53427,7 +58562,7 @@
.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
! void ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -634,6 +657,7 @@ ecp_nistz256_div_by_2:
+@@ -634,6 +657,7 @@ for($i=1;$i<8;$i++) {
ld [$ap+28], at acc[7]
ret
restore
@@ -53435,7 +58570,7 @@
.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
.align 32
-@@ -687,6 +711,7 @@ __ecp_nistz256_div_by_2:
+@@ -687,6 +711,7 @@ for($i=1;$i<8;$i++) {
st @acc[6],[$rp+24]
retl
st @acc[7],[$rp+28]
@@ -53443,7 +58578,7 @@
.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
___
-@@ -816,6 +841,7 @@ ecp_nistz256_point_double:
+@@ -816,6 +841,7 @@ SPARC_PIC_THUNK(%g1)
ret
restore
@@ -53451,7 +58586,7 @@
.size ecp_nistz256_point_double,.-ecp_nistz256_point_double
___
}
-@@ -1118,6 +1144,7 @@ $code.=<<___;
+@@ -1118,6 +1144,7 @@ for($i=0;$i<96;$i+=8) { # conditional
.Ladd_done:
ret
restore
@@ -53459,7 +58594,7 @@
.size ecp_nistz256_point_add,.-ecp_nistz256_point_add
___
}
-@@ -1341,6 +1368,7 @@ ___
+@@ -1341,6 +1368,7 @@ my $j=($i-64)/4;
$code.=<<___;
ret
restore
@@ -53467,7 +58602,7 @@
.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
___
} }}}
-@@ -1416,6 +1444,7 @@ ecp_nistz256_scatter_w5:
+@@ -1416,6 +1444,7 @@ my $mask="%o0";
ret
restore
@@ -53475,7 +58610,7 @@
.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
! void ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1,
-@@ -1513,6 +1542,7 @@ ecp_nistz256_gather_w5:
+@@ -1513,6 +1542,7 @@ my $mask="%o0";
ret
restore
@@ -53483,7 +58618,7 @@
.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
! void ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1,
-@@ -1540,6 +1570,7 @@ ecp_nistz256_scatter_w7:
+@@ -1540,6 +1570,7 @@ my $mask="%o0";
ret
restore
@@ -53491,7 +58626,7 @@
.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
! void ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1,
-@@ -1580,6 +1611,7 @@ ecp_nistz256_gather_w7:
+@@ -1580,6 +1611,7 @@ my $mask="%o0";
ret
restore
@@ -53499,7 +58634,7 @@
.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
___
}}}
-@@ -1607,6 +1639,7 @@ __ecp_nistz256_mul_by_2_vis3:
+@@ -1607,6 +1639,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
addxccc $acc3,$acc3,$acc3
b .Lreduce_by_sub_vis3
addxc %g0,%g0,$acc4 ! did it carry?
@@ -53507,7 +58642,7 @@
.size __ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3
.align 32
-@@ -1640,6 +1673,7 @@ __ecp_nistz256_add_noload_vis3:
+@@ -1640,6 +1673,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
@@ -53515,7 +58650,7 @@
.size __ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3
! Trouble with subtraction is that there is no subtraction with 64-bit
-@@ -1686,6 +1720,7 @@ __ecp_nistz256_sub_from_vis3:
+@@ -1686,6 +1720,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
subc %g0,%g0,$acc4 ! did it borrow?
b .Lreduce_by_add_vis3
or $acc3,$acc5,$acc3
@@ -53523,7 +58658,7 @@
.size __ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3
.align 32
-@@ -1744,6 +1779,7 @@ __ecp_nistz256_sub_morf_vis3:
+@@ -1744,6 +1779,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
@@ -53531,7 +58666,7 @@
.size __ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3
.align 32
-@@ -1784,6 +1820,7 @@ __ecp_nistz256_div_by_2_vis3:
+@@ -1784,6 +1820,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
@@ -53539,7 +58674,7 @@
.size __ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3
! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and
-@@ -1881,6 +1918,7 @@ $code.=<<___;
+@@ -1881,6 +1918,7 @@ for($i=1;$i<4;$i++) {
addxccc $acc4,$t3,$acc3
b .Lmul_final_vis3 ! see below
addxc $acc5,%g0,$acc4
@@ -53547,7 +58682,7 @@
.size __ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3
! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less
-@@ -2005,6 +2043,7 @@ $code.=<<___;
+@@ -2005,6 +2043,7 @@ for($i=0;$i<3;$i++) { # reductions, se
stx $acc2,[$rp+16]
retl
stx $acc3,[$rp+24]
@@ -53555,7 +58690,7 @@
.size __ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3
___
-@@ -2268,6 +2307,7 @@ ecp_nistz256_point_double_vis3:
+@@ -2268,6 +2307,7 @@ my ($res_x,$res_y,$res_z,
ret
restore
@@ -53563,7 +58698,7 @@
.size ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3
___
}
-@@ -2688,6 +2728,7 @@ $code.=<<___;
+@@ -2688,6 +2728,7 @@ for($i=0;$i<96;$i+=16) { # conditional
.Ladd_done_vis3:
ret
restore
@@ -53571,7 +58706,7 @@
.size ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3
___
}
-@@ -3006,6 +3047,7 @@ ___
+@@ -3006,6 +3047,7 @@ for(;$i<96;$i+=16) {
$code.=<<___;
ret
restore
@@ -53579,8 +58714,6 @@
.size ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3
.align 64
.Lone_mont_vis3:
-diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl
-index 7aa9b0f..e9fa038 100755
--- a/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -1,4 +1,11 @@
@@ -53596,8 +58729,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl
-index 824d7b5..cce92b9 100755
--- a/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -1,4 +1,11 @@
@@ -53613,7 +58744,7 @@
##############################################################################
# #
-@@ -60,7 +67,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -60,7 +67,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -53622,8 +58753,6 @@
*STDOUT=*OUT;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
-index 3dbf4ac..e535823 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -1,50 +1,10 @@
@@ -53683,7 +58812,7 @@
*/
/* This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
-@@ -670,60 +630,91 @@ static void fe_invert(fe out, const fe z) {
+@@ -670,60 +630,91 @@ static void fe_invert(fe out, const fe z
fe t3;
int i;
@@ -53786,8 +58915,6 @@
fe_mul(out, t1, t0);
}
-diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
-index c9723bf..d253eba 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -1,3 +1,12 @@
@@ -53863,8 +58990,6 @@
#include <openssl/err.h>
-diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
-index 8c88607..ea88ce8 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -1,3 +1,12 @@
@@ -53940,7 +59065,7 @@
#include <openssl/err.h>
-@@ -378,16 +334,14 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+@@ -378,16 +334,14 @@ int ec_GF2m_simple_oct2point(const EC_GR
}
}
@@ -53961,8 +59086,6 @@
ret = 1;
err:
-diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
-index 8d8d853..cfeef5f 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -1,3 +1,12 @@
@@ -54038,8 +59161,6 @@
#include <openssl/err.h>
-diff --git a/crypto/ec/ec_25519.c b/crypto/ec/ec_25519.c
-index 3acb275..035a415 100644
--- a/crypto/ec/ec_25519.c
+++ b/crypto/ec/ec_25519.c
@@ -1,54 +1,10 @@
@@ -54102,7 +59223,16 @@
*/
#include <string.h>
-@@ -297,9 +253,9 @@ static int x25519_compute_key(unsigned char **psec, size_t *pseclen,
+@@ -199,7 +155,7 @@ static int x25519_keycopy(EC_KEY *dest,
+ return x25519_init_private(dest, src->custom_data);
+ }
+
+-static int x25519_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len)
++static int x25519_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+ {
+ if (len != EC_X25519_KEYLEN)
+ return 0;
+@@ -297,9 +253,9 @@ static int x25519_compute_key(unsigned c
const EC_POINT *pub_key, const EC_KEY *ecdh)
{
unsigned char *key;
@@ -54114,8 +59244,6 @@
key = OPENSSL_malloc(EC_X25519_KEYLEN);
if (key == NULL)
return 0;
-diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
-index ca354c0..3212984 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -1,59 +1,10 @@
@@ -54183,8 +59311,71 @@
*/
#include <stdio.h>
-@@ -341,7 +292,7 @@ static int ec_security_bits(const EVP_PKEY *pkey)
+@@ -65,6 +16,7 @@
+ #include <openssl/asn1t.h>
+ #include "internal/asn1_int.h"
+ #include "internal/evp_int.h"
++#include "ec_lcl.h"
+ #ifndef OPENSSL_NO_CMS
+ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
+@@ -262,15 +214,13 @@ static int eckey_priv_decode(EVP_PKEY *p
+
+ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+ {
+- EC_KEY *ec_key;
++ EC_KEY ec_key = *(pkey->pkey.ec);
+ unsigned char *ep, *p;
+ int eplen, ptype;
+ void *pval;
+- unsigned int tmp_flags, old_flags;
++ unsigned int old_flags;
+
+- ec_key = pkey->pkey.ec;
+-
+- if (!eckey_param2type(&ptype, &pval, ec_key)) {
++ if (!eckey_param2type(&ptype, &pval, &ec_key)) {
+ ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+ return 0;
+ }
+@@ -281,30 +231,25 @@ static int eckey_priv_encode(PKCS8_PRIV_
+ * do not include the parameters in the SEC1 private key see PKCS#11
+ * 12.11
+ */
+- old_flags = EC_KEY_get_enc_flags(ec_key);
+- tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
+- EC_KEY_set_enc_flags(ec_key, tmp_flags);
+- eplen = i2d_ECPrivateKey(ec_key, NULL);
++ old_flags = EC_KEY_get_enc_flags(&ec_key);
++ EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
++
++ eplen = i2d_ECPrivateKey(&ec_key, NULL);
+ if (!eplen) {
+- EC_KEY_set_enc_flags(ec_key, old_flags);
+ ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+ return 0;
+ }
+ ep = OPENSSL_malloc(eplen);
+ if (ep == NULL) {
+- EC_KEY_set_enc_flags(ec_key, old_flags);
+ ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p = ep;
+- if (!i2d_ECPrivateKey(ec_key, &p)) {
+- EC_KEY_set_enc_flags(ec_key, old_flags);
++ if (!i2d_ECPrivateKey(&ec_key, &p)) {
+ OPENSSL_free(ep);
+ ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+ return 0;
+ }
+- /* restore old encoding flags */
+- EC_KEY_set_enc_flags(ec_key, old_flags);
+
+ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
+ ptype, pval, ep, eplen))
+@@ -341,7 +286,7 @@ static int ec_security_bits(const EVP_PK
+
static int ec_missing_parameters(const EVP_PKEY *pkey)
{
- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
@@ -54192,7 +59383,7 @@
return 1;
return 0;
}
-@@ -592,6 +543,19 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
+@@ -592,6 +537,19 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_me
old_ec_priv_encode
};
@@ -54212,8 +59403,6 @@
#ifndef OPENSSL_NO_CMS
static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index bc43878..be7a96b 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1,58 +1,10 @@
@@ -54280,16 +59469,36 @@
*/
#include <string.h>
-@@ -1220,7 +1172,7 @@ DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+@@ -1218,9 +1170,26 @@ ASN1_SEQUENCE(ECDSA_SIG) = {
+
+ DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
- IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
+-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
++IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
-void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig)
++ECDSA_SIG *ECDSA_SIG_new(void)
++{
++ ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
++ if (sig == NULL)
++ ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
++ return sig;
++}
++
++void ECDSA_SIG_free(ECDSA_SIG *sig)
++{
++ if (sig == NULL)
++ return;
++ BN_clear_free(sig->r);
++ BN_clear_free(sig->s);
++ OPENSSL_free(sig);
++}
++
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
{
if (pr != NULL)
*pr = sig->r;
-@@ -1228,6 +1180,17 @@ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig)
+@@ -1228,6 +1197,17 @@ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM
*ps = sig->s;
}
@@ -54307,8 +59516,6 @@
int ECDSA_size(const EC_KEY *r)
{
int ret, i;
-diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
-index 601559f..eeb06ec 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -1,55 +1,10 @@
@@ -54373,7 +59580,7 @@
*/
#include "ec_lcl.h"
-@@ -73,9 +28,6 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+@@ -73,9 +28,6 @@ int EC_GROUP_check(const EC_GROUP *group
goto err;
}
}
@@ -54383,7 +59590,7 @@
/* check the discriminant */
if (!EC_GROUP_check_discriminant(group, ctx)) {
-@@ -114,8 +66,6 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+@@ -114,8 +66,6 @@ int EC_GROUP_check(const EC_GROUP *group
ret = 1;
err:
@@ -54392,8 +59599,6 @@
BN_CTX_free(new_ctx);
EC_POINT_free(point);
return ret;
-diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
-index a95d519..6e125f4 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -1,59 +1,12 @@
@@ -54462,8 +59667,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
-index c995141..bfff6d6 100644
--- a/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
@@ -1,59 +1,12 @@
@@ -54532,8 +59735,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
-index 8e2a7fc..56aacd4 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,61 +1,11 @@
@@ -54613,7 +59814,15 @@
{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
-@@ -101,13 +50,8 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -83,6 +32,7 @@ static ERR_STRING_DATA EC_str_functs[] =
+ {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
+ {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
+ {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
++ {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"},
+ {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"},
+ {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"},
+ {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"},
+@@ -101,13 +51,8 @@ static ERR_STRING_DATA EC_str_functs[] =
{ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"},
{ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"},
{ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"},
@@ -54627,7 +59836,7 @@
{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
"ec_GF2m_montgomery_point_multiply"},
{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
-@@ -130,8 +74,6 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -130,8 +75,6 @@ static ERR_STRING_DATA EC_str_functs[] =
{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
"ec_GFp_mont_group_set_curve"},
@@ -54636,7 +59845,7 @@
{ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),
"ec_GFp_nistp224_group_set_curve"},
{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
-@@ -155,10 +97,6 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -155,10 +98,6 @@ static ERR_STRING_DATA EC_str_functs[] =
"ec_GFp_simple_group_check_discriminant"},
{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
"ec_GFp_simple_group_set_curve"},
@@ -54647,7 +59856,7 @@
{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
-@@ -166,29 +104,20 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -166,29 +105,20 @@ static ERR_STRING_DATA EC_str_functs[] =
"ec_GFp_simple_points_make_affine"},
{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
"ec_GFp_simple_point_get_affine_coordinates"},
@@ -54677,7 +59886,7 @@
{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
"EC_GROUP_get_pentanomial_basis"},
{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
-@@ -200,10 +129,8 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -200,10 +130,8 @@ static ERR_STRING_DATA EC_str_functs[] =
"EC_GROUP_new_from_ecparameters"},
{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS),
"EC_GROUP_new_from_ecpkparameters"},
@@ -54688,7 +59897,7 @@
{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
{ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
-@@ -234,7 +161,6 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -234,7 +162,6 @@ static ERR_STRING_DATA EC_str_functs[] =
{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
@@ -54696,7 +59905,7 @@
{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
-@@ -249,7 +175,6 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -249,7 +176,6 @@ static ERR_STRING_DATA EC_str_functs[] =
{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
"EC_POINT_set_Jprojective_coordinates_GFp"},
{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
@@ -54704,7 +59913,7 @@
{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"},
{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
-@@ -276,7 +201,6 @@ static ERR_STRING_DATA EC_str_functs[] = {
+@@ -276,7 +202,6 @@ static ERR_STRING_DATA EC_str_functs[] =
static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
@@ -54712,7 +59921,7 @@
{ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
{ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
{ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
-@@ -312,18 +236,14 @@ static ERR_STRING_DATA EC_str_reasons[] = {
+@@ -312,18 +237,14 @@ static ERR_STRING_DATA EC_str_reasons[]
{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
{ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
@@ -54731,8 +59940,21 @@
{ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"},
{ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"},
-diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
-index f7948cc..b3ea1b0 100644
+@@ -350,7 +271,7 @@ static ERR_STRING_DATA EC_str_reasons[]
+
+ #endif
+
+-void ERR_load_EC_strings(void)
++int ERR_load_EC_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -359,4 +280,5 @@ void ERR_load_EC_strings(void)
+ ERR_load_strings(0, EC_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -1,59 +1,12 @@
@@ -54801,7 +60023,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions originally developed by SUN MICROSYSTEMS, INC., and
-@@ -148,28 +101,29 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src)
+@@ -148,28 +101,29 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY
return NULL;
if (!EC_GROUP_copy(dest->group, src->group))
return NULL;
@@ -54851,7 +60073,7 @@
}
-@@ -398,8 +352,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+@@ -398,8 +352,9 @@ int EC_KEY_set_public_key_affine_coordin
}
ctx = BN_CTX_new();
if (ctx == NULL)
@@ -54862,7 +60084,7 @@
point = EC_POINT_new(key->group);
if (point == NULL)
-@@ -454,6 +409,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+@@ -454,6 +409,7 @@ int EC_KEY_set_public_key_affine_coordin
ok = 1;
err:
@@ -54870,7 +60092,7 @@
BN_CTX_free(ctx);
EC_POINT_free(point);
return ok;
-@@ -483,8 +439,8 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+@@ -483,8 +439,8 @@ int EC_KEY_set_private_key(EC_KEY *key,
{
if (key->group == NULL || key->group->meth == NULL)
return 0;
@@ -54881,8 +60103,34 @@
return 0;
if (key->meth->set_private != NULL
&& key->meth->set_private(key, priv_key) == 0)
-diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
-index 003421e..eb469ba 100644
+@@ -590,7 +546,8 @@ int EC_KEY_oct2key(EC_KEY *key, const un
+ return 1;
+ }
+
+-size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len)
++size_t EC_KEY_priv2oct(const EC_KEY *eckey,
++ unsigned char *buf, size_t len)
+ {
+ if (eckey->group == NULL || eckey->group->meth == NULL)
+ return 0;
+@@ -625,7 +582,7 @@ size_t ec_key_simple_priv2oct(const EC_K
+ return buf_len;
+ }
+
+-int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len)
++int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+ {
+ if (eckey->group == NULL || eckey->group->meth == NULL)
+ return 0;
+@@ -636,7 +593,7 @@ int EC_KEY_oct2priv(EC_KEY *eckey, unsig
+ return eckey->group->meth->oct2priv(eckey, buf, len);
+ }
+
+-int ec_key_simple_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len)
++int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+ {
+ if (eckey->priv_key == NULL)
+ eckey->priv_key = BN_secure_new();
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -1,54 +1,10 @@
@@ -54945,7 +60193,7 @@
*/
#include <string.h>
-@@ -122,15 +78,11 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
+@@ -122,15 +78,11 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -54962,7 +60210,7 @@
OPENSSL_free(ret);
return NULL;
}
-@@ -140,10 +92,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
+@@ -140,10 +92,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
@@ -54974,7 +60222,7 @@
}
ret->engine = engine;
} else
-@@ -152,24 +101,27 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
+@@ -152,24 +101,27 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine
ret->meth = ENGINE_get_EC(ret->engine);
if (ret->meth == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
@@ -55010,8 +60258,6 @@
}
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
-index 15caf4e..2cef3bc 100644
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -1,59 +1,12 @@
@@ -55080,8 +60326,24 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 67e322f..c592c06 100644
+@@ -206,7 +159,7 @@ struct ec_method_st {
+ int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
+ /* private key operations */
+ size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
+- int (*oct2priv)(EC_KEY *eckey, unsigned char *buf, size_t len);
++ int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len);
+ int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
+ int (*keygen)(EC_KEY *eckey);
+ int (*keycheck)(const EC_KEY *eckey);
+@@ -600,7 +553,7 @@ const EC_METHOD *EC_GFp_nistz256_method(
+
+ size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+ unsigned char *buf, size_t len);
+-int ec_key_simple_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len);
++int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+ int ec_key_simple_generate_key(EC_KEY *eckey);
+ int ec_key_simple_generate_public_key(EC_KEY *eckey);
+ int ec_key_simple_check_key(const EC_KEY *eckey);
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1,59 +1,12 @@
@@ -55150,7 +60412,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Binary polynomial ECC support in OpenSSL originally developed by
-@@ -331,7 +284,6 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+@@ -331,7 +284,6 @@ int EC_GROUP_set_generator(EC_GROUP *gro
} else
BN_zero(group->cofactor);
@@ -55158,7 +60420,7 @@
/*
* Some groups have an order with
* factors of two, which makes the Montgomery setup fail.
-@@ -747,7 +699,15 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+@@ -747,7 +699,15 @@ int EC_POINT_set_affine_coordinates_GFp(
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
@@ -55175,7 +60437,7 @@
}
#ifndef OPENSSL_NO_EC2M
-@@ -765,7 +725,15 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+@@ -765,7 +725,15 @@ int EC_POINT_set_affine_coordinates_GF2m
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
@@ -55192,8 +60454,6 @@
}
#endif
-diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
-index 3c283e5..036cdde 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -1,59 +1,12 @@
@@ -55262,7 +60522,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
-@@ -359,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+@@ -359,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, E
numblocks = (tmp_len + blocksize - 1) / blocksize;
if (numblocks > pre_comp->numblocks) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
@@ -55270,7 +60530,7 @@
goto err;
}
totalnum = num + numblocks;
-@@ -373,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+@@ -373,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, E
wNAF_len[i] = blocksize;
if (tmp_len < blocksize) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
@@ -55278,8 +60538,6 @@
goto err;
}
tmp_len -= blocksize;
-diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c
-index d6bb62a..effc42a 100644
--- a/crypto/ec/ec_oct.c
+++ b/crypto/ec/ec_oct.c
@@ -1,59 +1,12 @@
@@ -55348,8 +60606,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Binary polynomial ECC support in OpenSSL originally developed by
-diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
-index bcb5063..68ff2bb 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -1,59 +1,10 @@
@@ -55417,8 +60673,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
-index b80ce38..1afa2ce 100644
--- a/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
@@ -1,55 +1,10 @@
@@ -55483,8 +60737,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
-index e60574f..6cb0e11 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -1,53 +1,10 @@
@@ -55546,8 +60798,16 @@
*/
#include <string.h>
-diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
-index d1bebc4..caf65de 100644
+@@ -77,7 +34,8 @@ int ECDH_KDF_X9_62(unsigned char *out, s
+ mdlen = EVP_MD_size(md);
+ for (i = 1;; i++) {
+ unsigned char mtmp[EVP_MAX_MD_SIZE];
+- EVP_DigestInit_ex(mctx, md, NULL);
++ if (!EVP_DigestInit_ex(mctx, md, NULL))
++ goto err;
+ ctr[3] = i & 0xFF;
+ ctr[2] = (i >> 8) & 0xFF;
+ ctr[1] = (i >> 16) & 0xFF;
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -1,3 +1,12 @@
@@ -55623,7 +60883,7 @@
#include <string.h>
#include <limits.h>
-@@ -82,7 +38,7 @@ int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+@@ -82,7 +38,7 @@ int ossl_ecdh_compute_key(unsigned char
{
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
@@ -55632,8 +60892,6 @@
}
return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
-diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
-index 113bcdf..6ff5a46 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -1,58 +1,10 @@
@@ -55700,8 +60958,19 @@
*/
#include <string.h>
-diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c
-index 738c276..aee06e9 100644
+@@ -269,6 +221,12 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
++ ret->r = BN_new();
++ ret->s = BN_new();
++ if (ret->r == NULL || ret->s == NULL) {
++ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
+ s = ret->s;
+
+ if ((ctx = BN_CTX_new()) == NULL ||
--- a/crypto/ec/ecdsa_sign.c
+++ b/crypto/ec/ecdsa_sign.c
@@ -1,61 +1,14 @@
@@ -55772,8 +61041,6 @@
#include <openssl/err.h>
ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
-diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c
-index f519b59..f61a200 100644
--- a/crypto/ec/ecdsa_vrf.c
+++ b/crypto/ec/ecdsa_vrf.c
@@ -1,64 +1,14 @@
@@ -55846,8 +61113,6 @@
#include <openssl/err.h>
/*-
-diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
-index eacdb9e..dd3f857 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -1,59 +1,12 @@
@@ -55916,7 +61181,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions originally developed by SUN MICROSYSTEMS, INC., and
-@@ -113,30 +66,6 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+@@ -113,30 +66,6 @@ int ECParameters_print_fp(FILE *fp, cons
}
#endif
@@ -55947,8 +61212,6 @@
static int print_bin(BIO *fp, const char *str, const unsigned char *num,
size_t len, int off);
-diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
-index aa1f451..a9c6040 100644
--- a/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
@@ -1,59 +1,12 @@
@@ -56017,8 +61280,14 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
-diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
-index c4729bf..615563b 100644
+@@ -225,6 +178,7 @@ int ec_GFp_mont_group_set_curve(EC_GROUP
+ }
+
+ err:
++ BN_free(one);
+ BN_CTX_free(new_ctx);
+ BN_MONT_CTX_free(mont);
+ return ret;
--- a/crypto/ec/ecp_nist.c
+++ b/crypto/ec/ecp_nist.c
@@ -1,59 +1,12 @@
@@ -56087,8 +61356,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
-diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
-index 78bdc35..0c11abc 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1,6 +1,12 @@
@@ -56105,8 +61372,6 @@
/* Copyright 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
-diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
-index 2da266c..8cd7222 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1,6 +1,12 @@
@@ -56123,8 +61388,6 @@
/* Copyright 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
-diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
-index a9b4295..7207494 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -1,6 +1,12 @@
@@ -56141,8 +61404,6 @@
/* Copyright 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
-diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c
-index 01c88d8..97fb631 100644
--- a/crypto/ec/ecp_nistputil.c
+++ b/crypto/ec/ecp_nistputil.c
@@ -1,6 +1,12 @@
@@ -56159,8 +61420,6 @@
/* Copyright 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
-diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
-index f2ef9be..f824a82 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1,3 +1,12 @@
@@ -56176,7 +61435,7 @@
/******************************************************************************
* *
* Copyright 2014 Intel Corporation *
-@@ -625,9 +634,9 @@ __owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
+@@ -625,9 +634,9 @@ static void ecp_nistz256_mod_inverse(BN_
}
/*
@@ -56189,8 +61448,6 @@
*/
ecp_nistz256_scatter_w5 (row, &temp[0], 1);
-diff --git a/crypto/ec/ecp_nistz256_table.c b/crypto/ec/ecp_nistz256_table.c
-index 216d024..3f5625c 100644
--- a/crypto/ec/ecp_nistz256_table.c
+++ b/crypto/ec/ecp_nistz256_table.c
@@ -1,4 +1,13 @@
@@ -56207,8 +61464,6 @@
* This is the precomputed constant time access table for the code in
* ecp_montp256.c, for the default generator. The table consists of 37
* subtables, each subtable contains 64 affine points. The affine points are
-diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
-index 14f6252..4d142a4 100644
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -1,61 +1,12 @@
@@ -56279,7 +61534,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
-@@ -404,16 +355,14 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+@@ -404,16 +355,14 @@ int ec_GFp_simple_oct2point(const EC_GRO
}
}
@@ -56300,8 +61555,6 @@
ret = 1;
err:
-diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
-index a5f3610..76e0caf 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -1,61 +1,12 @@
@@ -56372,9 +61625,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
-diff --git a/crypto/engine/Makefile.in b/crypto/engine/Makefile.in
-deleted file mode 100644
-index 9f4edc6..0000000
--- a/crypto/engine/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -56431,8 +61681,6 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 6df6ef1..4600acb 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -1,59 +1,10 @@
@@ -56500,8 +61748,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
-index 400b229..8bea37f 100644
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -1,59 +1,10 @@
@@ -56569,8 +61815,39 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1959123..cd362be 100644
+@@ -63,11 +14,11 @@
+
+ /* ENGINE config module */
+
+-static char *skip_dot(char *name)
++static const char *skip_dot(const char *name)
+ {
+- char *p;
+- p = strchr(name, '.');
+- if (p)
++ const char *p = strchr(name, '.');
++
++ if (p != NULL)
+ return p + 1;
+ return name;
+ }
+@@ -87,14 +38,14 @@ static int int_engine_init(ENGINE *e)
+ return 1;
+ }
+
+-static int int_engine_configure(char *name, char *value, const CONF *cnf)
++static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
+ {
+ int i;
+ int ret = 0;
+ long do_init = -1;
+ STACK_OF(CONF_VALUE) *ecmds;
+ CONF_VALUE *ecmd = NULL;
+- char *ctrlname, *ctrlvalue;
++ const char *ctrlname, *ctrlvalue;
+ ENGINE *e = NULL;
+ int soft = 0;
+
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -1,4 +1,13 @@
@@ -56587,7 +61864,7 @@
* Copyright (c) 2002 Bob Beck <beck at openbsd.org>
* Copyright (c) 2002 Theo de Raadt
* Copyright (c) 2002 Markus Friedl
-@@ -124,13 +133,13 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+@@ -124,13 +133,13 @@ static int cryptodev_rsa_nocrt_mod_exp(B
static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
#ifndef OPENSSL_NO_DSA
@@ -56606,7 +61883,7 @@
static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa);
static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-@@ -446,7 +455,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -446,7 +455,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, un
cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
@@ -56615,7 +61892,7 @@
if (!EVP_CIPHER_CTX_encrypting(ctx)) {
iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
-@@ -1248,8 +1257,7 @@ static void zapparams(struct crypt_kop *kop)
+@@ -1248,8 +1257,7 @@ static void zapparams(struct crypt_kop *
int i;
for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
@@ -56625,7 +61902,7 @@
kop->crk_param[i].crp_p = NULL;
kop->crk_param[i].crp_nbits = 0;
}
-@@ -1262,16 +1270,24 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+@@ -1262,16 +1270,24 @@ cryptodev_asym(struct crypt_kop *kop, in
int fd, ret = -1;
if ((fd = get_asym_dev_crypto()) < 0)
@@ -56653,7 +61930,7 @@
kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
kop->crk_oparams++;
}
-@@ -1284,7 +1300,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+@@ -1284,7 +1300,7 @@ cryptodev_asym(struct crypt_kop *kop, in
ret = 0;
}
@@ -56662,7 +61939,7 @@
}
static int
-@@ -1337,8 +1353,8 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+@@ -1337,8 +1353,8 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0,
BN_CTX *ctx)
{
int r;
@@ -56673,7 +61950,7 @@
ctx = BN_CTX_new();
RSA_get0_key(rsa, &n, NULL, &d);
-@@ -1352,12 +1368,12 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+@@ -1352,12 +1368,12 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const
{
struct crypt_kop kop;
int ret = 1;
@@ -56692,7 +61969,7 @@
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-@@ -1404,21 +1420,23 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+@@ -1404,21 +1420,23 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const
#ifndef OPENSSL_NO_DSA
static int
@@ -56723,7 +62000,7 @@
BN_CTX *, BN_MONT_CTX *);
t2 = BN_new();
-@@ -1445,12 +1463,10 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+@@ -1445,12 +1463,10 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGN
/* let t2 = y ^ u2 mod p */
if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
goto err;
@@ -56738,7 +62015,7 @@
ret = 1;
err:
BN_free(t2);
-@@ -1461,14 +1477,14 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+@@ -1461,14 +1477,14 @@ static DSA_SIG *cryptodev_dsa_do_sign(co
DSA *dsa)
{
struct crypt_kop kop;
@@ -56756,7 +62033,7 @@
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_SIGN;
-@@ -1488,8 +1504,15 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+@@ -1488,8 +1504,15 @@ static DSA_SIG *cryptodev_dsa_do_sign(co
goto err;
kop.crk_iparams = 5;
@@ -56772,7 +62049,7 @@
dsaret = dsasig;
} else {
dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
-@@ -1508,7 +1531,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+@@ -1508,7 +1531,7 @@ cryptodev_dsa_verify(const unsigned char
{
struct crypt_kop kop;
int dsaret = 1;
@@ -56781,7 +62058,7 @@
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_VERIFY;
-@@ -1526,7 +1549,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+@@ -1526,7 +1549,7 @@ cryptodev_dsa_verify(const unsigned char
DSA_get0_key(dsa, &pub_key, NULL);
if (bn2crparam(pub_key, &kop.crk_param[4]))
goto err;
@@ -56790,7 +62067,7 @@
if (bn2crparam(pr, &kop.crk_param[5]))
goto err;
if (bn2crparam(ps, &kop.crk_param[6]))
-@@ -1564,8 +1587,8 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+@@ -1564,8 +1587,8 @@ cryptodev_dh_compute_key(unsigned char *
struct crypt_kop kop;
int dhret = 1;
int fd, keylen;
@@ -56801,8 +62078,6 @@
if ((fd = get_asym_dev_crypto()) < 0) {
const DH_METHOD *meth = DH_OpenSSL();
-diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
-index c912c1d..7589c21 100644
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@@ -1,55 +1,10 @@
@@ -56867,8 +62142,38 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
-index f224255..843226c 100644
+@@ -286,15 +241,15 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
+ int num, flags;
+ long l;
+ char *ptr;
++
+ if ((e == NULL) || (cmd_name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+- ENGINE_CTRL_GET_CMD_FROM_NAME,
+- 0, (void *)cmd_name,
+- NULL)) <= 0)) {
++ if (e->ctrl == NULL
++ || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
++ 0, (void *)cmd_name, NULL)) <= 0) {
+ /*
+ * If the command didn't *have* to be supported, we fake success.
+ * This allows certain settings to be specified for multiple ENGINEs
+@@ -315,8 +270,9 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
+ ENGINE_R_CMD_NOT_EXECUTABLE);
+ return 0;
+ }
+- if ((flags =
+- ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) {
++
++ flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
++ if (flags < 0) {
+ /*
+ * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+ * success.
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -1,59 +1,10 @@
@@ -56936,7 +62241,7 @@
*/
#include "eng_int.h"
-@@ -203,6 +154,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+@@ -203,6 +154,7 @@ static void dynamic_data_ctx_free_func(v
static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
{
dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
@@ -56944,7 +62249,7 @@
if (c == NULL) {
ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-@@ -222,9 +174,11 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+@@ -222,9 +174,11 @@ static int dynamic_set_data_ctx(ENGINE *
dynamic_ex_data_idx))
== NULL) {
/* Good, we're the first */
@@ -56959,7 +62264,7 @@
}
CRYPTO_THREAD_unlock(global_engine_lock);
/*
-@@ -234,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+@@ -234,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *
if (c)
sk_OPENSSL_STRING_free(c->dirs);
OPENSSL_free(c);
@@ -56968,7 +62273,7 @@
}
/*
-@@ -395,11 +349,15 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -395,11 +349,15 @@ static int dynamic_ctrl(ENGINE *e, int c
}
{
char *tmp_str = OPENSSL_strdup(p);
@@ -56986,8 +62291,6 @@
}
return 1;
default:
-diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
-index 9a9337a..c8f628b 100644
--- a/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
@@ -1,61 +1,11 @@
@@ -57059,7 +62362,7 @@
*/
#include <stdio.h>
-@@ -80,9 +30,7 @@ static ERR_STRING_DATA ENGINE_str_functs[] = {
+@@ -80,10 +30,10 @@ static ERR_STRING_DATA ENGINE_str_functs
{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
@@ -57067,9 +62370,17 @@
{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
- {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
++ {ERR_FUNC(ENGINE_F_ENGINE_GET_FIRST), "ENGINE_get_first"},
++ {ERR_FUNC(ENGINE_F_ENGINE_GET_LAST), "ENGINE_get_last"},
{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),
-@@ -100,17 +48,14 @@ static ERR_STRING_DATA ENGINE_str_functs[] = {
+ "ENGINE_get_pkey_asn1_meth"},
+@@ -97,20 +47,19 @@ static ERR_STRING_DATA ENGINE_str_functs
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+ "ENGINE_load_ssl_client_cert"},
+ {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
++ {ERR_FUNC(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR),
++ "ENGINE_pkey_asn1_find_str"},
{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
"ENGINE_set_default_string"},
@@ -57087,7 +62398,7 @@
{0, NULL}
};
-@@ -124,8 +69,6 @@ static ERR_STRING_DATA ENGINE_str_reasons[] = {
+@@ -124,8 +73,6 @@ static ERR_STRING_DATA ENGINE_str_reason
{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
@@ -57096,7 +62407,7 @@
{ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
{ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
-@@ -138,8 +81,6 @@ static ERR_STRING_DATA ENGINE_str_reasons[] = {
+@@ -138,8 +85,6 @@ static ERR_STRING_DATA ENGINE_str_reason
{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
"failed loading public key"},
{ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
@@ -57105,7 +62416,7 @@
{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
{ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
-@@ -155,9 +96,6 @@ static ERR_STRING_DATA ENGINE_str_reasons[] = {
+@@ -155,9 +100,6 @@ static ERR_STRING_DATA ENGINE_str_reason
{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
{ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
@@ -57115,8 +62426,21 @@
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
-diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
-index b331608..631aa39 100644
+@@ -168,7 +110,7 @@ static ERR_STRING_DATA ENGINE_str_reason
+
+ #endif
+
+-void ERR_load_ENGINE_strings(void)
++int ERR_load_ENGINE_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -177,4 +119,5 @@ void ERR_load_ENGINE_strings(void)
+ ERR_load_strings(0, ENGINE_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
@@ -1,56 +1,12 @@
@@ -57183,8 +62507,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
-index f3c0de9..c51a38d 100644
--- a/crypto/engine/eng_init.c
+++ b/crypto/engine/eng_init.c
@@ -1,55 +1,10 @@
@@ -57249,8 +62571,18 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index beaa878..6b6ff9f 100644
+@@ -125,7 +80,10 @@ int ENGINE_init(ENGINE *e)
+ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
++ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
++ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
+ CRYPTO_THREAD_write_lock(global_engine_lock);
+ ret = engine_unlocked_init(e);
+ CRYPTO_THREAD_unlock(global_engine_lock);
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -1,60 +1,12 @@
@@ -57320,15 +62652,26 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-@@ -65,7 +17,6 @@
+@@ -65,8 +17,8 @@
# define HEADER_ENGINE_INT_H
# include "internal/cryptlib.h"
-# include "internal/threads.h"
# include <internal/engine.h>
++# include <internal/thread_once.h>
#ifdef __cplusplus
-@@ -207,7 +158,7 @@ struct engine_st {
+ extern "C" {
+@@ -172,7 +124,7 @@ void engine_pkey_asn1_meths_free(ENGINE
+
+ /* Once initialisation function */
+ extern CRYPTO_ONCE engine_lock_init;
+-void do_engine_lock_init(void);
++DECLARE_RUN_ONCE(do_engine_lock_init)
+
+ /*
+ * This is a structure for storing implementations of various crypto
+@@ -207,7 +159,7 @@ struct engine_st {
int struct_ref;
/*
* reference count on usability of the engine type. NB: This controls the
@@ -57337,8 +62680,6 @@
* engine, whereas the previous count is simply to cope with
* (de)allocation of this structure. Hence, running_ref <= struct_ref at
* all times.
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index d0bc716..f7d0216 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -1,59 +1,10 @@
@@ -57406,7 +62747,29 @@
*/
#include "eng_int.h"
-@@ -83,7 +34,10 @@ ENGINE *ENGINE_new(void)
+@@ -65,25 +16,27 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ON
+
+ /* The "new"/"free" stuff first */
+
+-void do_engine_lock_init(void)
++DEFINE_RUN_ONCE(do_engine_lock_init)
+ {
+ global_engine_lock = CRYPTO_THREAD_lock_new();
++ return global_engine_lock != NULL;
+ }
+
+ ENGINE *ENGINE_new(void)
+ {
+ ENGINE *ret;
+
+- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
+-
+- ret = OPENSSL_zalloc(sizeof(*ret));
+- if (ret == NULL) {
++ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)
++ || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
}
ret->struct_ref = 1;
engine_ref_debug(ret, 0, 1);
@@ -57418,8 +62781,6 @@
return ret;
}
-diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
-index 15ba1ca..a7252e9 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -1,60 +1,12 @@
@@ -57489,8 +62850,45 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
-index 0ec51bb..7e28604 100644
+@@ -184,7 +136,11 @@ ENGINE *ENGINE_get_first(void)
+ {
+ ENGINE *ret;
+
+- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
++ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
++ ENGINEerr(ENGINE_F_ENGINE_GET_FIRST, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++
+ CRYPTO_THREAD_write_lock(global_engine_lock);
+ ret = engine_list_head;
+ if (ret) {
+@@ -199,7 +155,11 @@ ENGINE *ENGINE_get_last(void)
+ {
+ ENGINE *ret;
+
+- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
++ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
++ ENGINEerr(ENGINE_F_ENGINE_GET_LAST, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++
+ CRYPTO_THREAD_write_lock(global_engine_lock);
+ ret = engine_list_tail;
+ if (ret) {
+@@ -327,7 +287,11 @@ ENGINE *ENGINE_by_id(const char *id)
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
++ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
++ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++
+ CRYPTO_THREAD_write_lock(global_engine_lock);
+ iterator = engine_list_head;
+ while (iterator && (strcmp(id, iterator->id) != 0))
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -1,60 +1,12 @@
@@ -57560,7 +62958,16 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-@@ -489,6 +441,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
+@@ -312,7 +264,7 @@ static void test_r4_40_cipher_destroy(vo
+ }
+ static int test_cipher_nids(const int **nids)
+ {
+- static int cipher_nids[4] = { 0, 0, 0 };
++ static int cipher_nids[4] = { 0, 0, 0, 0 };
+ static int pos = 0;
+ static int init = 0;
+
+@@ -489,6 +441,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new();
@@ -57571,7 +62978,7 @@
EVP_PKEY_CTX_set_data(ctx, hctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
# ifdef TEST_ENG_OPENSSL_HMAC_INIT
-@@ -497,31 +453,42 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
+@@ -497,31 +453,42 @@ static int ossl_hmac_init(EVP_PKEY_CTX *
return 1;
}
@@ -57619,8 +63026,6 @@
}
static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
-index ee6ba28..305a648 100644
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
@@ -1,55 +1,10 @@
@@ -57685,8 +63090,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
-index b62f910..b3defcb 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -1,50 +1,10 @@
@@ -57746,8 +63149,6 @@
*/
#include <openssl/opensslconf.h>
-diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
-index 9648c0c..219253a 100644
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -1,55 +1,10 @@
@@ -57812,8 +63213,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
-index 28aa8e8..2a6a4ae 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -1,55 +1,10 @@
@@ -57878,8 +63277,19 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c
-index 7df01ca..ac49141 100644
+@@ -234,7 +189,11 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_
+ fstr.str = str;
+ fstr.len = len;
+
+- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
++ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
++ ENGINEerr(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++
+ CRYPTO_THREAD_write_lock(global_engine_lock);
+ engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+ /* If found obtain a structural reference to engine */
--- a/crypto/engine/tb_cipher.c
+++ b/crypto/engine/tb_cipher.c
@@ -1,55 +1,10 @@
@@ -57944,8 +63354,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
-index 4f68975..c6440df 100644
--- a/crypto/engine/tb_dh.c
+++ b/crypto/engine/tb_dh.c
@@ -1,55 +1,10 @@
@@ -58010,8 +63418,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c
-index 03096b3..194b9c7 100644
--- a/crypto/engine/tb_digest.c
+++ b/crypto/engine/tb_digest.c
@@ -1,55 +1,10 @@
@@ -58076,8 +63482,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
-index adfb11f..fdb80cd 100644
--- a/crypto/engine/tb_dsa.c
+++ b/crypto/engine/tb_dsa.c
@@ -1,55 +1,10 @@
@@ -58142,8 +63546,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c
-index 7c05c01..75750b2 100644
--- a/crypto/engine/tb_eckey.c
+++ b/crypto/engine/tb_eckey.c
@@ -1,55 +1,10 @@
@@ -58208,8 +63610,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c
-index 947e139..2e82d85 100644
--- a/crypto/engine/tb_pkmeth.c
+++ b/crypto/engine/tb_pkmeth.c
@@ -1,55 +1,10 @@
@@ -58274,8 +63674,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
-index b67cff5..225e7c8 100644
--- a/crypto/engine/tb_rand.c
+++ b/crypto/engine/tb_rand.c
@@ -1,55 +1,10 @@
@@ -58340,8 +63738,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
-index 4405d67..e2cc680 100644
--- a/crypto/engine/tb_rsa.c
+++ b/crypto/engine/tb_rsa.c
@@ -1,55 +1,10 @@
@@ -58406,9 +63802,6 @@
*/
#include "eng_int.h"
-diff --git a/crypto/err/Makefile.in b/crypto/err/Makefile.in
-deleted file mode 100644
-index c12ea3f..0000000
--- a/crypto/err/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -58455,9 +63848,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/err/README b/crypto/err/README
-new file mode 100644
-index 0000000..6d2ce0c
--- /dev/null
+++ b/crypto/err/README
@@ -0,0 +1,44 @@
@@ -58505,8 +63895,6 @@
+files stdio.h, openssl/err.h and openssl/xxx.h so the
+header file must load any additional header files containing any
+definitions it uses.
-diff --git a/crypto/err/err.c b/crypto/err/err.c
-index b0fd19e..836fac4 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -1,118 +1,16 @@
@@ -58634,7 +64022,15 @@
#include <internal/err.h>
#include <internal/err_int.h>
#include <openssl/lhash.h>
-@@ -197,26 +95,14 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
+@@ -120,6 +18,7 @@
+ #include <openssl/buffer.h>
+ #include <openssl/bio.h>
+ #include <openssl/opensslconf.h>
++#include <internal/thread_once.h>
+
+ static void err_load_strings(int lib, ERR_STRING_DATA *str);
+
+@@ -197,26 +96,14 @@ static ERR_STRING_DATA ERR_str_reasons[]
{ERR_R_DSA_LIB, "DSA lib"},
{ERR_R_X509_LIB, "X509 lib"},
{ERR_R_ASN1_LIB, "ASN1 lib"},
@@ -58661,7 +64057,7 @@
{ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
{ERR_R_FATAL, "fatal"},
-@@ -334,12 +220,8 @@ static void build_SYS_str_reasons(void)
+@@ -334,12 +221,8 @@ static void build_SYS_str_reasons(void)
str->error = (unsigned long)i;
if (str->string == NULL) {
char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
@@ -58675,7 +64071,115 @@
}
if (str->string == NULL)
str->string = "unknown";
-@@ -740,7 +622,7 @@ const char *ERR_reason_error_string(unsigned long e)
+@@ -388,9 +271,10 @@ static void ERR_STATE_free(ERR_STATE *s)
+ OPENSSL_free(s);
+ }
+
+-static void do_err_strings_init(void)
++DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+ {
+ err_string_lock = CRYPTO_THREAD_lock_new();
++ return err_string_lock != NULL;
+ }
+
+ void err_cleanup(void)
+@@ -399,10 +283,11 @@ void err_cleanup(void)
+ err_string_lock = NULL;
+ }
+
+-void ERR_load_ERR_strings(void)
++int ERR_load_ERR_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
++ return 0;
+
+ err_load_strings(0, ERR_str_libraries);
+ err_load_strings(0, ERR_str_reasons);
+@@ -410,6 +295,7 @@ void ERR_load_ERR_strings(void)
+ build_SYS_str_reasons();
+ err_load_strings(ERR_LIB_SYS, SYS_str_reasons);
+ #endif
++ return 1;
+ }
+
+ static void err_load_strings(int lib, ERR_STRING_DATA *str)
+@@ -428,17 +314,20 @@ static void err_load_strings(int lib, ER
+ CRYPTO_THREAD_unlock(err_string_lock);
+ }
+
+-void ERR_load_strings(int lib, ERR_STRING_DATA *str)
++int ERR_load_strings(int lib, ERR_STRING_DATA *str)
+ {
+- ERR_load_ERR_strings();
++ if (ERR_load_ERR_strings() == 0)
++ return 0;
+ err_load_strings(lib, str);
++ return 1;
+ }
+
+-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
++int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+ {
+ LHASH_OF(ERR_STRING_DATA) *hash;
+
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
++ return 0;
+
+ CRYPTO_THREAD_write_lock(err_string_lock);
+ hash = get_hash(0, 0);
+@@ -450,11 +339,14 @@ void ERR_unload_strings(int lib, ERR_STR
+ }
+ }
+ CRYPTO_THREAD_unlock(err_string_lock);
++
++ return 1;
+ }
+
+ void err_free_strings_int(void)
+ {
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
++ return;
+
+ CRYPTO_THREAD_write_lock(err_string_lock);
+ lh_ERR_STRING_DATA_free(int_error_hash);
+@@ -700,7 +592,9 @@ const char *ERR_lib_error_string(unsigne
+ ERR_STRING_DATA d, *p;
+ unsigned long l;
+
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
++ return NULL;
++ }
+
+ l = ERR_GET_LIB(e);
+ d.error = ERR_PACK(l, 0, 0);
+@@ -713,7 +607,9 @@ const char *ERR_func_error_string(unsign
+ ERR_STRING_DATA d, *p;
+ unsigned long l, f;
+
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
++ return NULL;
++ }
+
+ l = ERR_GET_LIB(e);
+ f = ERR_GET_FUNC(e);
+@@ -727,7 +623,9 @@ const char *ERR_reason_error_string(unsi
+ ERR_STRING_DATA d, *p = NULL;
+ unsigned long l, r;
+
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
++ return NULL;
++ }
+
+ l = ERR_GET_LIB(e);
+ r = ERR_GET_REASON(e);
+@@ -740,7 +638,7 @@ const char *ERR_reason_error_string(unsi
return ((p == NULL) ? NULL : p->string);
}
@@ -58684,7 +64188,7 @@
{
ERR_STATE *state = ERR_get_state();
if (state == NULL)
-@@ -750,10 +632,15 @@ void ERR_remove_thread_state(void)
+@@ -750,23 +648,29 @@ void ERR_remove_thread_state(void)
ERR_STATE_free(state);
}
@@ -58701,8 +64205,34 @@
}
#endif
-diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
-index 97078b4..f617dd1 100644
+-static void err_do_init(void)
++DEFINE_RUN_ONCE_STATIC(err_do_init)
+ {
+- CRYPTO_THREAD_init_local(&err_thread_local, NULL);
++ return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+ }
+
+ ERR_STATE *ERR_get_state(void)
+ {
+ ERR_STATE *state = NULL;
+
+- CRYPTO_THREAD_run_once(&err_init, err_do_init);
++ if (!RUN_ONCE(&err_init, err_do_init))
++ return NULL;
+
+ state = CRYPTO_THREAD_get_local(&err_thread_local);
+
+@@ -792,7 +696,9 @@ int ERR_get_next_error_library(void)
+ {
+ int ret;
+
+- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
++ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
++ return 0;
++ }
+
+ CRYPTO_THREAD_write_lock(err_string_lock);
+ ret = int_err_library_number++;
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -1,58 +1,10 @@
@@ -58770,8 +64300,110 @@
*/
#include <stdio.h>
-diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
-index 0f7d40c..c7dc1d1 100644
+@@ -88,66 +40,70 @@
+ #include <openssl/async.h>
+ #include <openssl/kdf.h>
+
+-void err_load_crypto_strings_int(void)
++int err_load_crypto_strings_int(void)
+ {
++ if (
+ #ifdef OPENSSL_FIPS
+- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
++ FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 ||
+ #endif
+ #ifndef OPENSSL_NO_ERR
+- ERR_load_ERR_strings(); /* include error strings for SYSerr */
+- ERR_load_BN_strings();
++ ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
++ ERR_load_BN_strings() == 0 ||
+ # ifndef OPENSSL_NO_RSA
+- ERR_load_RSA_strings();
++ ERR_load_RSA_strings() == 0 ||
+ # endif
+ # ifndef OPENSSL_NO_DH
+- ERR_load_DH_strings();
++ ERR_load_DH_strings() == 0 ||
+ # endif
+- ERR_load_EVP_strings();
+- ERR_load_BUF_strings();
+- ERR_load_OBJ_strings();
+- ERR_load_PEM_strings();
++ ERR_load_EVP_strings() == 0 ||
++ ERR_load_BUF_strings() == 0 ||
++ ERR_load_OBJ_strings() == 0 ||
++ ERR_load_PEM_strings() == 0 ||
+ # ifndef OPENSSL_NO_DSA
+- ERR_load_DSA_strings();
++ ERR_load_DSA_strings() == 0 ||
+ # endif
+- ERR_load_X509_strings();
+- ERR_load_ASN1_strings();
+- ERR_load_CONF_strings();
+- ERR_load_CRYPTO_strings();
++ ERR_load_X509_strings() == 0 ||
++ ERR_load_ASN1_strings() == 0 ||
++ ERR_load_CONF_strings() == 0 ||
++ ERR_load_CRYPTO_strings() == 0 ||
+ # ifndef OPENSSL_NO_COMP
+- ERR_load_COMP_strings();
++ ERR_load_COMP_strings() == 0 ||
+ # endif
+ # ifndef OPENSSL_NO_EC
+- ERR_load_EC_strings();
++ ERR_load_EC_strings() == 0 ||
+ # endif
+- /* skip ERR_load_SSL_strings() because it is not in this library */
+- ERR_load_BIO_strings();
+- ERR_load_PKCS7_strings();
+- ERR_load_X509V3_strings();
+- ERR_load_PKCS12_strings();
+- ERR_load_RAND_strings();
+- ERR_load_DSO_strings();
++ /* skip ERR_load_SSL_strings() because it is not in this library */
++ ERR_load_BIO_strings() == 0 ||
++ ERR_load_PKCS7_strings() == 0 ||
++ ERR_load_X509V3_strings() == 0 ||
++ ERR_load_PKCS12_strings() == 0 ||
++ ERR_load_RAND_strings() == 0 ||
++ ERR_load_DSO_strings() == 0 ||
+ # ifndef OPENSSL_NO_TS
+- ERR_load_TS_strings();
++ ERR_load_TS_strings() == 0 ||
+ # endif
+ # ifndef OPENSSL_NO_ENGINE
+- ERR_load_ENGINE_strings();
++ ERR_load_ENGINE_strings() == 0 ||
+ # endif
+ # ifndef OPENSSL_NO_OCSP
+- ERR_load_OCSP_strings();
++ ERR_load_OCSP_strings() == 0 ||
+ # endif
+ #ifndef OPENSSL_NO_UI
+- ERR_load_UI_strings();
++ ERR_load_UI_strings() == 0 ||
+ #endif
+ # ifdef OPENSSL_FIPS
+- ERR_load_FIPS_strings();
++ ERR_load_FIPS_strings() == 0 ||
+ # endif
+ # ifndef OPENSSL_NO_CMS
+- ERR_load_CMS_strings();
++ ERR_load_CMS_strings() == 0 ||
+ # endif
+ # ifndef OPENSSL_NO_CT
+- ERR_load_CT_strings();
++ ERR_load_CT_strings() == 0 ||
+ # endif
+- ERR_load_ASYNC_strings();
++ ERR_load_ASYNC_strings() == 0 ||
+ #endif
+- ERR_load_KDF_strings();
++ ERR_load_KDF_strings() == 0)
++ return 0;
++
++ return 1;
+ }
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -1,63 +1,14 @@
@@ -58844,11 +64476,9 @@
#include <openssl/lhash.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
-diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
-index a969d7a..1abd774 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
-@@ -28,11 +28,10 @@ L ENGINE include/openssl/engine.h crypto/engine/eng_err.c
+@@ -28,11 +28,10 @@ L ENGINE include/openssl/engine.h crypto
L OCSP include/openssl/ocsp.h crypto/ocsp/ocsp_err.c
L UI include/openssl/ui.h crypto/ui/ui_err.c
L COMP include/openssl/comp.h crypto/comp/comp_err.c
@@ -58862,9 +64492,45 @@
L CT include/openssl/ct.h crypto/ct/ct_err.c
L ASYNC include/openssl/async.h crypto/async/async_err.c
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
-diff --git a/crypto/evp/Makefile.in b/crypto/evp/Makefile.in
-deleted file mode 100644
-index 15080d0..0000000
+@@ -52,6 +51,38 @@ F RSAREF_F_RSA_PRIVATE_ENCRYPT
+ F RSAREF_F_RSA_PUBLIC_DECRYPT
+ F RSAREF_F_RSA_PUBLIC_ENCRYPT
+
++R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
++R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
++R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
++R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
++R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
++R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
++R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
++R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
++R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
++R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
++R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
++R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
++R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
++R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
++R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
++R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
++R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
++R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
++R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
++R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
++R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
++R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
++R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
++R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
++R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
++R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
++R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
++R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
++R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
++R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115
++R TLS1_AD_NO_APPLICATION_PROTOCOL 1120
++
+ R RSAREF_R_CONTENT_ENCODING 0x0400
+ R RSAREF_R_DATA 0x0401
+ R RSAREF_R_DIGEST_ALGORITHM 0x0402
--- a/crypto/evp/Makefile.in
+++ /dev/null
@@ -1,68 +0,0 @@
@@ -58936,8 +64602,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
-index cdb50b4..32a884a 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -1,58 +1,10 @@
@@ -59023,7 +64687,7 @@
BIO_set_data(bi, ctx);
BIO_set_init(bi, 1);
-@@ -446,9 +403,10 @@ static int b64_write(BIO *b, const char *in, int inl)
+@@ -446,9 +403,10 @@ static int b64_write(BIO *b, const char
ret += n;
}
} else {
@@ -59037,8 +64701,6 @@
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
-diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
-index ad94ba4..5a4d9c5 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -1,58 +1,10 @@
@@ -59106,14 +64768,30 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
-index 46c5583..cd968ec 100644
+@@ -211,6 +163,7 @@ static int enc_read(BIO *b, char *out, i
+ (unsigned char *)&(ctx->buf[BUF_OFFSET]),
+ i)) {
+ BIO_clear_retry_flags(b);
++ ctx->ok = 0;
+ return 0;
+ }
+ ctx->cont = 1;
+@@ -278,6 +231,7 @@ static int enc_write(BIO *b, const char
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)in, n)) {
+ BIO_clear_retry_flags(b);
++ ctx->ok = 0;
+ return 0;
+ }
+ inl -= n;
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -59161,9 +64839,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -59175,8 +64851,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
-index 0ac1a31..7974b96 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -1,58 +1,10 @@
@@ -59255,7 +64929,7 @@
BIO_set_init(bi, 0);
BIO_set_data(bi, ctx);
-@@ -446,7 +402,7 @@ static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+@@ -446,7 +402,7 @@ static long ok_callback_ctrl(BIO *b, int
{
long ret = 1;
BIO *next;
@@ -59264,8 +64938,6 @@
next = BIO_next(b);
if (next == NULL)
-diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
-index ac172e8..6ed31ed 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -1,58 +1,10 @@
@@ -59345,8 +65017,6 @@
EVP_add_cipher(EVP_des_ede3_wrap());
EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
#endif
-diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
-index 1612c2f..ec79734 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -1,58 +1,10 @@
@@ -59414,8 +65084,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
-index 33944e1..e2295c4 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -1,59 +1,10 @@
@@ -59483,8 +65151,6 @@
*/
#include <string.h>
-diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index aee8127..65eff7c 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,111 +1,10 @@
@@ -59614,7 +65280,7 @@
return 1;
}
-@@ -169,10 +68,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+@@ -169,10 +68,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
* previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unnecessary.
*/
@@ -59627,7 +65293,7 @@
goto skip_to_init;
if (type) {
/*
-@@ -218,7 +115,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+@@ -218,7 +115,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
#endif
if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size) {
@@ -59636,7 +65302,7 @@
ctx->md_data = NULL;
}
ctx->digest = type;
-@@ -273,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+@@ -273,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
@@ -59645,8 +65311,6 @@
return ret;
}
-diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
-index f0e410f..7b66c9e 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,51 +1,10 @@
@@ -59707,7 +65371,7 @@
*/
#include <openssl/opensslconf.h>
-@@ -184,7 +143,7 @@ void AES_xts_decrypt(const char *inp, char *out, size_t len,
+@@ -184,7 +143,7 @@ void AES_xts_decrypt(const char *inp, ch
const unsigned char iv[16]);
#endif
@@ -59716,7 +65380,7 @@
# include "ppc_arch.h"
# ifdef VPAES_ASM
# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
-@@ -196,14 +155,15 @@ void AES_xts_decrypt(const char *inp, char *out, size_t len,
+@@ -196,14 +155,15 @@ void AES_xts_decrypt(const char *inp, ch
# define HWAES_decrypt aes_p8_decrypt
# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
@@ -59734,7 +65398,7 @@
extern unsigned int OPENSSL_ia32cap_P[];
-@@ -587,6 +547,15 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+@@ -587,6 +547,17 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
extern unsigned int OPENSSL_sparcv9cap_P[];
@@ -59746,11 +65410,13 @@
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
++# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
++# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
-@@ -1041,6 +1010,12 @@ void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+@@ -1041,6 +1012,12 @@ void HWAES_cbc_encrypt(const unsigned ch
void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
const unsigned char ivec[16]);
@@ -59763,7 +65429,7 @@
#endif
#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
-@@ -1060,7 +1035,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -1060,7 +1037,7 @@ static int aes_init_key(EVP_CIPHER_CTX *
mode = EVP_CIPHER_CTX_mode(ctx);
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
@@ -59772,7 +65438,7 @@
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
ret = HWAES_set_decrypt_key(key,
-@@ -1099,6 +1074,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -1099,6 +1076,7 @@ static int aes_init_key(EVP_CIPHER_CTX *
dat->block = (block128_f) AES_decrypt;
dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
(cbc128_f) AES_cbc_encrypt : NULL;
@@ -59780,7 +65446,7 @@
} else
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
-@@ -1836,11 +1812,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -1836,11 +1814,17 @@ static int aes_xts_init_key(EVP_CIPHER_C
EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) HWAES_encrypt;
@@ -59798,8 +65464,24 @@
}
HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index 4d8c973..0e1ad74 100644
+@@ -2442,7 +2426,7 @@ void HWAES_ocb_encrypt(const unsigned ch
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+ # else
+-# define HWAES_ocb_encrypt NULL
++# define HWAES_ocb_encrypt ((ocb128_f)NULL)
+ # endif
+ # ifdef HWAES_ocb_decrypt
+ void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+@@ -2452,7 +2436,7 @@ void HWAES_ocb_decrypt(const unsigned ch
+ const unsigned char L_[][16],
+ unsigned char checksum[16]);
+ # else
+-# define HWAES_ocb_decrypt NULL
++# define HWAES_ocb_decrypt ((ocb128_f)NULL)
+ # endif
+ # endif
+
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,50 +1,10 @@
@@ -59877,7 +65559,7 @@
extern unsigned int OPENSSL_ia32cap_P[];
# define AESNI_CAPABLE (1<<(57-32))
-@@ -584,6 +544,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -584,6 +544,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
@@ -59886,7 +65568,7 @@
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
-@@ -856,7 +818,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+@@ -856,7 +818,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
@@ -59895,8 +65577,6 @@
len = p[arg - 2] << 8 | p[arg - 1];
if (EVP_CIPHER_CTX_encrypting(ctx)) {
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
-index 075a8e8..3b9cdf4 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -1,50 +1,10 @@
@@ -59974,7 +65654,7 @@
extern unsigned int OPENSSL_ia32cap_P[];
# define AESNI_CAPABLE (1<<(57-32))
-@@ -121,10 +81,9 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
+@@ -121,10 +81,9 @@ static int aesni_cbc_hmac_sha256_init_ke
int ret;
if (enc)
@@ -59988,7 +65668,7 @@
else
ret = aesni_set_decrypt_key(inkey,
EVP_CIPHER_CTX_key_length(ctx) * 8,
-@@ -595,6 +554,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
+@@ -595,6 +554,8 @@ static int aesni_cbc_hmac_sha256_cipher(
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
@@ -59997,8 +65677,6 @@
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
-diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
-index 108a80b..dc38690 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -1,58 +1,10 @@
@@ -60066,8 +65744,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
-index 0d9f7f1..b50fa0b 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,55 +1,10 @@
@@ -60132,8 +65808,6 @@
*/
#include <openssl/opensslconf.h>
-diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
-index e4df25f..259d440 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -1,58 +1,10 @@
@@ -60201,8 +65875,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
-index c3c72a1..26fefd9 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -1,51 +1,10 @@
@@ -60263,7 +65935,7 @@
*/
#include <stdio.h>
-@@ -205,7 +164,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+@@ -205,7 +164,6 @@ static int chacha20_poly1305_init_key(EV
const unsigned char *iv, int enc)
{
EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
@@ -60271,7 +65943,7 @@
if (!inkey && !iv)
return 1;
-@@ -216,16 +174,21 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+@@ -216,16 +174,21 @@ static int chacha20_poly1305_init_key(EV
actx->mac_inited = 0;
actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
@@ -60279,17 +65951,19 @@
- memset(temp, 0, sizeof(temp));
- if (actx->nonce_len <= CHACHA_CTR_SIZE)
- memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
+-
+- chacha_init_key(ctx, inkey, temp, enc);
+-
+- actx->nonce[0] = actx->key.counter[1];
+- actx->nonce[1] = actx->key.counter[2];
+- actx->nonce[2] = actx->key.counter[3];
+ if (iv != NULL) {
+ unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
-
-- chacha_init_key(ctx, inkey, temp, enc);
++
+ /* pad on the left */
+ if (actx->nonce_len <= CHACHA_CTR_SIZE)
+ memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
-
-- actx->nonce[0] = actx->key.counter[1];
-- actx->nonce[1] = actx->key.counter[2];
-- actx->nonce[2] = actx->key.counter[3];
++
+ chacha_init_key(ctx, inkey, temp, enc);
+
+ actx->nonce[0] = actx->key.counter[1];
@@ -60301,14 +65975,14 @@
return 1;
}
-diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
-index ebdaadf..9b2facf 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -60356,9 +66030,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -60370,8 +66042,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
-index 100ae3c..a842913 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -1,58 +1,10 @@
@@ -60439,7 +66109,7 @@
*/
#include <stdio.h>
-@@ -212,6 +164,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -212,6 +164,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
size_t n;
unsigned char c[1], d[1];
@@ -60448,8 +66118,6 @@
for (n = 0; n < inl; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c, d, 1, 1,
-diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
-index 38e0c0a..93f6a41 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -1,58 +1,10 @@
@@ -60517,7 +66185,7 @@
*/
#include <stdio.h>
-@@ -82,13 +34,13 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -82,13 +34,13 @@ static int idea_ecb_cipher(EVP_CIPHER_CT
const unsigned char *in, size_t inl)
{
BLOCK_CIPHER_ecb_loop()
@@ -60535,8 +66203,6 @@
BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
0, idea_init_key, NULL,
-diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
-index 7843196..0dfc48a 100644
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -1,58 +1,10 @@
@@ -60604,8 +66270,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c
-index 5f0cbee..927908f 100644
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
@@ -1,59 +1,10 @@
@@ -60673,8 +66337,6 @@
*/
#include <openssl/opensslconf.h>
-diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
-index 8a56723..ed10bb3 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -1,58 +1,10 @@
@@ -60742,7 +66404,7 @@
*/
#include <stdio.h>
-@@ -178,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+@@ -178,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_
OPENSSL_assert(l <= sizeof(iv));
i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
if (i != (int)l)
@@ -60764,8 +66426,6 @@
}
static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
-index be6b6a0..1a2895f 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -1,58 +1,10 @@
@@ -60833,8 +66493,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
-index ded3090..832daef 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -1,50 +1,10 @@
@@ -60894,7 +66552,7 @@
*/
#include <openssl/opensslconf.h>
-@@ -102,8 +62,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
+@@ -102,8 +62,7 @@ static int rc4_hmac_md5_init_key(EVP_CIP
# if !defined(OPENSSL_NO_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
@@ -60904,7 +66562,7 @@
# define STITCHED_CALL
# endif
-@@ -254,6 +213,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+@@ -254,6 +213,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_
MD5_Init(&key->tail);
MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
@@ -60913,8 +66571,6 @@
return 1;
}
case EVP_CTRL_AEAD_TLS1_AAD:
-diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
-index 58980f5..1bc8141 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -1,58 +1,10 @@
@@ -60982,8 +66638,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
-index 6964b1e..40aec5f 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -1,55 +1,10 @@
@@ -61058,8 +66712,6 @@
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
-index 92fe893..effaf5c 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -1,58 +1,10 @@
@@ -61127,8 +66779,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
-index ed85f89..d140da6 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -1,61 +1,14 @@
@@ -61209,7 +66859,22 @@
static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-@@ -161,20 +114,20 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+@@ -149,6 +102,14 @@ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX
+ {
+ OPENSSL_free(ctx);
+ }
++
++int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
++{
++ memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
++
++ return 1;
++}
++
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+ {
+ return ctx->num;
+@@ -161,20 +122,20 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
ctx->line_num = 0;
}
@@ -61235,7 +66900,7 @@
}
if (ctx->num != 0) {
i = ctx->length - ctx->num;
-@@ -188,7 +141,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+@@ -188,7 +149,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
*out = '\0';
total = j + 1;
}
@@ -61244,7 +66909,7 @@
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
-@@ -197,10 +150,17 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+@@ -197,10 +158,17 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
*out = '\0';
total += j + 1;
}
@@ -61262,8 +66927,6 @@
}
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
-index 45e82c9..71d13b8 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -1,59 +1,10 @@
@@ -61331,8 +66994,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index d7cc1f4..e43a5d2 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,61 +1,14 @@
@@ -61404,7 +67065,7 @@
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/err.h>
-@@ -120,7 +73,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+@@ -120,7 +73,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
* reinitialisation, when it may all be unnecessary.
*/
if (ctx->engine && ctx->cipher
@@ -61413,7 +67074,7 @@
goto skip_to_init;
#endif
if (cipher) {
-@@ -300,12 +253,53 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+@@ -300,12 +253,53 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *c
return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
}
@@ -61467,7 +67128,7 @@
i = ctx->cipher->do_cipher(ctx, out, in, inl);
if (i < 0)
return 0;
-@@ -318,6 +312,8 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+@@ -318,6 +312,8 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
*outl = 0;
return inl == 0;
}
@@ -61476,7 +67137,7 @@
if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
-@@ -332,7 +328,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+@@ -332,7 +328,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
@@ -61485,7 +67146,7 @@
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
-@@ -340,10 +336,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+@@ -340,10 +336,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
} else {
j = bl - i;
memcpy(&(ctx->buf[i]), in, j);
@@ -61500,7 +67161,7 @@
out += bl;
*outl = bl;
}
-@@ -419,6 +417,9 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+@@ -419,6 +417,9 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
unsigned int b;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
@@ -61510,7 +67171,7 @@
fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
if (fix_len < 0) {
*outl = 0;
-@@ -440,6 +441,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+@@ -440,6 +441,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
OPENSSL_assert(b <= sizeof ctx->final);
if (ctx->final_used) {
@@ -61521,8 +67182,6 @@
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
-diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
-index 3b77e3b..50277ff 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,61 +1,11 @@
@@ -61617,18 +67276,17 @@
{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
-@@ -116,9 +57,9 @@ static ERR_STRING_DATA EVP_str_functs[] = {
- {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
- {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
+@@ -118,8 +59,8 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
-+ {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_ECDSA), "EVP_PKEY_GET0_ECDSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
++ {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
-@@ -133,23 +74,13 @@ static ERR_STRING_DATA EVP_str_functs[] = {
+ {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
+@@ -133,23 +74,13 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),
"EVP_PKEY_verify_recover_init"},
@@ -61652,7 +67310,7 @@
{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"},
{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"},
{ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"},
-@@ -157,16 +88,11 @@ static ERR_STRING_DATA EVP_str_functs[] = {
+@@ -157,16 +88,11 @@ static ERR_STRING_DATA EVP_str_functs[]
};
static ERR_STRING_DATA EVP_str_reasons[] = {
@@ -61671,7 +67329,7 @@
{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
{ERR_REASON(EVP_R_COPY_ERROR), "copy error"},
-@@ -178,25 +104,22 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
+@@ -178,25 +104,22 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
@@ -61700,7 +67358,7 @@
{ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
{ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"},
{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
-@@ -205,21 +128,14 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
+@@ -205,21 +128,14 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
{ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
@@ -61722,7 +67380,7 @@
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-@@ -238,7 +154,6 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
+@@ -238,13 +154,12 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
{ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
@@ -61730,14 +67388,27 @@
{0, NULL}
};
-diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
-index 995d355..8a4297c 100644
+ #endif
+
+-void ERR_load_EVP_strings(void)
++int ERR_load_EVP_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -253,4 +168,5 @@ void ERR_load_EVP_strings(void)
+ ERR_load_strings(0, EVP_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -61785,9 +67456,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -61799,8 +67468,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
-index bc24d5a..4333fb9 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -1,58 +1,10 @@
@@ -61868,8 +67535,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
-index c85a46a..7f3526f 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -1,59 +1,10 @@
@@ -61937,8 +67602,6 @@
*/
/* EVP_MD_CTX related stuff */
-diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
-index ddf9bff..623f447 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -1,59 +1,10 @@
@@ -62006,8 +67669,18 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
-index a44d972..c84ddc3 100644
+@@ -222,7 +173,10 @@ int EVP_PBE_alg_add_type(int pbe_type, i
+ pbe_tmp->md_nid = md_nid;
+ pbe_tmp->keygen = keygen;
+
+- sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp);
++ if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
++ OPENSSL_free(pbe_tmp);
++ goto err;
++ }
+ return 1;
+
+ err:
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -1,59 +1,10 @@
@@ -62075,8 +67748,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
-index 0e83dfe..c4e28ae 100644
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -1,58 +1,10 @@
@@ -62144,8 +67815,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
-index 933d82a..f3decaa 100644
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -1,58 +1,10 @@
@@ -62213,8 +67882,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
-index b28be91..f4dc0c4 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -1,58 +1,10 @@
@@ -62282,8 +67949,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c
-index 6367dc7..1213ff6 100644
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
@@ -1,54 +1,10 @@
@@ -62346,8 +68011,6 @@
*/
#if !defined(OPENSSL_NO_MD5)
-diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
-index f7fa600..b7f0fd8 100644
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -1,58 +1,10 @@
@@ -62415,8 +68078,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c
-index 0fc8c99..6c4daf5 100644
--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
@@ -1,58 +1,10 @@
@@ -62484,8 +68145,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
-index d4488be..07b46bd 100644
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -1,58 +1,10 @@
@@ -62553,14 +68212,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
-index e673e41..4f00956 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -62608,9 +68267,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -62622,8 +68279,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 0fe223f..3b74f72 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -1,59 +1,10 @@
@@ -62691,8 +68346,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c
-index 12b7765..94fac22 100644
--- a/crypto/evp/m_wp.c
+++ b/crypto/evp/m_wp.c
@@ -1,3 +1,11 @@
@@ -62707,8 +68360,6 @@
#include <stdio.h>
#include "internal/cryptlib.h"
-diff --git a/crypto/evp/names.c b/crypto/evp/names.c
-index 2e8281a..a92be1f 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -1,58 +1,10 @@
@@ -62776,8 +68427,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
-index 7900e28..7e55d0b 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -1,59 +1,10 @@
@@ -62845,8 +68494,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
-index 76dcf02..2e45aa3 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -1,60 +1,12 @@
@@ -62916,7 +68563,7 @@
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
-@@ -213,7 +165,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+@@ -213,7 +165,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX
/* See if we recognise the key derivation function */
if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
@@ -62925,8 +68572,6 @@
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
goto err;
-diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
-index 5729ed7..6bec406 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -1,63 +1,14 @@
@@ -62999,8 +68644,6 @@
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
-diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
-index f1fc818..3277fbb 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -1,63 +1,14 @@
@@ -63073,8 +68716,6 @@
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
-diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
-index a8fa301..802f6dd 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1,58 +1,10 @@
@@ -63142,7 +68783,7 @@
*/
#include <stdio.h>
-@@ -132,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+@@ -132,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *t
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
goto err;
}
@@ -63176,7 +68817,7 @@
}
/*
-@@ -271,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey)
+@@ -271,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey
return pkey->pkey.ptr;
}
@@ -63195,8 +68836,6 @@
#ifndef OPENSSL_NO_RSA
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
{
-diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
-index 7f9c733..b65bc74 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -1,58 +1,10 @@
@@ -63264,8 +68903,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
-index d802d84..faa2464 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -1,58 +1,10 @@
@@ -63333,8 +68970,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
-index 46d2dcc..6cb442e 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -1,58 +1,10 @@
@@ -63402,8 +69037,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
-index 631ce35..6e8c565 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -1,58 +1,10 @@
@@ -63471,8 +69104,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
-index 872947a..8ff50da 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -1,59 +1,10 @@
@@ -63540,8 +69171,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
-index 6d58f1b..6adc3a9 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -1,59 +1,10 @@
@@ -63609,8 +69238,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 08466ef..2e5e932 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1,59 +1,10 @@
@@ -63678,8 +69305,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c
-index f9b368b..101bb1e 100644
--- a/crypto/evp/scrypt.c
+++ b/crypto/evp/scrypt.c
@@ -1,59 +1,10 @@
@@ -63747,11 +69372,9 @@
*/
#include <stddef.h>
-diff --git a/crypto/ex_data.c b/crypto/ex_data.c
-index ca1c204..0666393 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
-@@ -1,115 +1,13 @@
+@@ -1,115 +1,14 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
@@ -63870,12 +69493,34 @@
#include "internal/cryptlib_int.h"
-#include "internal/threads.h"
++#include "internal/thread_once.h"
#include <openssl/lhash.h>
/*
-diff --git a/crypto/fips_err.h b/crypto/fips_err.h
-deleted file mode 100644
-index b2fcabd..0000000
+@@ -137,9 +36,10 @@ static EX_CALLBACKS ex_data[CRYPTO_EX_IN
+ static CRYPTO_RWLOCK *ex_data_lock = NULL;
+ static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
+
+-static void do_ex_data_init(void)
++DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
+ {
+ ex_data_lock = CRYPTO_THREAD_lock_new();
++ return ex_data_lock != NULL;
+ }
+
+ /*
+@@ -155,7 +55,10 @@ static EX_CALLBACKS *get_and_lock(int cl
+ return NULL;
+ }
+
+- CRYPTO_THREAD_run_once(&ex_data_init, do_ex_data_init);
++ if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) {
++ CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
+
+ if (ex_data_lock == NULL) {
+ /*
--- a/crypto/fips_err.h
+++ /dev/null
@@ -1,226 +0,0 @@
@@ -64105,9 +69750,6 @@
- }
-#endif
-}
-diff --git a/crypto/fips_ers.c b/crypto/fips_ers.c
-deleted file mode 100644
-index ad6935f..0000000
--- a/crypto/fips_ers.c
+++ /dev/null
@@ -1,7 +0,0 @@
@@ -64118,9 +69760,6 @@
-#else
-# include "fips_err.h"
-#endif
-diff --git a/crypto/hmac/Makefile.in b/crypto/hmac/Makefile.in
-deleted file mode 100644
-index 2da801c..0000000
--- a/crypto/hmac/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -64167,8 +69806,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
-index 98e73e9..78ae0ea 100644
--- a/crypto/hmac/hm_ameth.c
+++ b/crypto/hmac/hm_ameth.c
@@ -1,59 +1,10 @@
@@ -64236,7 +69873,7 @@
*/
#include <stdio.h>
-@@ -95,6 +46,11 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+@@ -95,6 +46,11 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey
}
}
@@ -64248,7 +69885,7 @@
#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
/*
* A bogus private key format for test purposes. This is simply the HMAC key
-@@ -150,7 +106,7 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
+@@ -150,7 +106,7 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_met
"HMAC",
"OpenSSL HMAC method",
@@ -64257,8 +69894,6 @@
0, 0, 0,
-diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
-index 268b48d..5b98477 100644
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -1,59 +1,10 @@
@@ -64326,7 +69961,7 @@
*/
#include <stdio.h>
-@@ -81,6 +32,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+@@ -81,6 +32,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new();
@@ -64337,7 +69972,7 @@
ctx->data = hctx;
ctx->keygen_info_count = 0;
-@@ -88,33 +43,41 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+@@ -88,33 +43,41 @@ static int pkey_hmac_init(EVP_PKEY_CTX *
return 1;
}
@@ -64385,8 +70020,6 @@
}
}
-diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
-index 9504aad..3374105 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -1,58 +1,10 @@
@@ -64454,7 +70087,7 @@
*/
#include <stdio.h>
-@@ -164,7 +116,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+@@ -164,7 +116,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
return 0;
}
@@ -64463,7 +70096,7 @@
{
return EVP_MD_size((ctx)->md);
}
-@@ -189,7 +141,7 @@ static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+@@ -189,7 +141,7 @@ static void hmac_ctx_cleanup(HMAC_CTX *c
EVP_MD_CTX_reset(ctx->md_ctx);
ctx->md = NULL;
ctx->key_length = 0;
@@ -64472,7 +70105,7 @@
}
void HMAC_CTX_free(HMAC_CTX *ctx)
-@@ -281,3 +233,8 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+@@ -281,3 +233,8 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, u
EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
}
@@ -64481,8 +70114,6 @@
+{
+ return ctx->md;
+}
-diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_lcl.h
-index f93e61f..4c156dc 100644
--- a/crypto/hmac/hmac_lcl.h
+++ b/crypto/hmac/hmac_lcl.h
@@ -1,59 +1,12 @@
@@ -64552,8 +70183,6 @@
#ifndef HEADER_HMAC_LCL_H
# define HEADER_HMAC_LCL_H
-diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
-index bf5abc3..ffd6d6c 100644
--- a/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
@@ -1,7 +1,19 @@
@@ -64576,7 +70205,7 @@
.global OPENSSL_cpuid_setup#
.proc OPENSSL_cpuid_setup#
OPENSSL_cpuid_setup:
-@@ -131,9 +143,7 @@ OPENSSL_wipe_cpu:
+@@ -131,9 +143,7 @@
.proc OPENSSL_cleanse#
OPENSSL_cleanse:
{ .mib; cmp.eq p6,p0=0,r33 // len==0
@@ -64587,7 +70216,7 @@
(p6) br.ret.spnt b0 };;
{ .mib; and r2=7,r32
cmp.leu p6,p0=15,r33 // len>=15
-@@ -166,14 +176,51 @@ OPENSSL_cleanse:
+@@ -166,14 +176,51 @@
(p6) br.ret.sptk.many b0 };;
.endp OPENSSL_cleanse#
@@ -64643,7 +70272,7 @@
{ .mmi; mov r8=ar.itc;;
mov r10=r0
mov r9=r8 };;
-@@ -208,10 +255,7 @@ OPENSSL_instrument_bus:
+@@ -208,10 +255,7 @@
.proc OPENSSL_instrument_bus2#
OPENSSL_instrument_bus2:
{ .mmi; mov r2=r33 // put aside cnt
@@ -64655,9 +70284,6 @@
{ .mmi; mov r8=ar.itc;;
mov r10=r0
mov r9=r8 };;
-diff --git a/crypto/idea/Makefile.in b/crypto/idea/Makefile.in
-deleted file mode 100644
-index 61ab62b..0000000
--- a/crypto/idea/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -64704,8 +70330,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c
-index 5cdcc64..a70a868 100644
--- a/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
@@ -1,58 +1,10 @@
@@ -64773,14 +70397,14 @@
*/
#include <openssl/idea.h>
-diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
-index f6ed632..daf467e 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -64828,9 +70452,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -64842,8 +70464,6 @@
*/
#include <openssl/idea.h>
-diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c
-index 9ab64b7..2208287 100644
--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
@@ -1,58 +1,10 @@
@@ -64911,14 +70531,14 @@
*/
#include <openssl/idea.h>
-diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
-index 174f635..997a7b8 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -64966,9 +70586,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -64980,8 +70598,6 @@
*/
#include <openssl/idea.h>
-diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
-index c86140f..0285324 100644
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -1,58 +1,10 @@
@@ -65049,8 +70665,6 @@
*/
#include <openssl/idea.h>
-diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h
-index 9be76cd..f227d0d 100644
--- a/crypto/idea/idea_lcl.h
+++ b/crypto/idea/idea_lcl.h
@@ -1,58 +1,10 @@
@@ -65118,9 +70732,6 @@
*/
/*
-diff --git a/crypto/idea/version b/crypto/idea/version
-deleted file mode 100644
-index 3f22293..0000000
--- a/crypto/idea/version
+++ /dev/null
@@ -1,12 +0,0 @@
@@ -65136,8 +70747,6 @@
-
-1.0 ??/??/95 - eay
- First version.
-diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
-index 0b38eaa..1bd1fab 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -1,59 +1,10 @@
@@ -65205,7 +70814,7 @@
*/
/* Internal ASN1 structures and functions: not for application use */
-@@ -108,10 +59,10 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+@@ -108,10 +59,10 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METH
extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
@@ -65218,8 +70827,12 @@
/*
* These are used internally in the ASN1_OBJECT to keep track of whether the
-diff --git a/crypto/include/internal/async.h b/crypto/include/internal/async.h
-index 76fe4d1..db56258 100644
+@@ -138,3 +89,5 @@ struct asn1_pctx_st {
+ unsigned long oid_flags;
+ unsigned long str_flags;
+ } /* ASN1_PCTX */ ;
++
++int asn1_valid_host(const ASN1_STRING *host);
--- a/crypto/include/internal/async.h
+++ b/crypto/include/internal/async.h
@@ -1,58 +1,10 @@
@@ -65286,8 +70899,6 @@
*/
#include <openssl/async.h>
-diff --git a/crypto/include/internal/bn_conf.h.in b/crypto/include/internal/bn_conf.h.in
-index e25a435..ec6e4f6 100644
--- a/crypto/include/internal/bn_conf.h.in
+++ b/crypto/include/internal/bn_conf.h.in
@@ -1,56 +1,11 @@
@@ -65353,8 +70964,6 @@
*/
#ifndef HEADER_BN_CONF_H
-diff --git a/crypto/include/internal/bn_dh.h b/crypto/include/internal/bn_dh.h
-index 3810514..b4bca40 100644
--- a/crypto/include/internal/bn_dh.h
+++ b/crypto/include/internal/bn_dh.h
@@ -1,3 +1,12 @@
@@ -65370,8 +70979,6 @@
#define declare_dh_bn(x) \
const extern BIGNUM _bignum_dh##x##_p; \
const extern BIGNUM _bignum_dh##x##_g; \
-diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h
-index 8ea5193..9c984ba 100644
--- a/crypto/include/internal/bn_int.h
+++ b/crypto/include/internal/bn_int.h
@@ -1,55 +1,10 @@
@@ -65436,8 +71043,6 @@
*/
#ifndef HEADER_BN_INT_H
-diff --git a/crypto/include/internal/bn_srp.h b/crypto/include/internal/bn_srp.h
-index 153c8cd..d4b282a 100644
--- a/crypto/include/internal/bn_srp.h
+++ b/crypto/include/internal/bn_srp.h
@@ -1,3 +1,11 @@
@@ -65452,8 +71057,6 @@
#ifndef OPENSSL_NO_SRP
-diff --git a/crypto/include/internal/chacha.h b/crypto/include/internal/chacha.h
-index dacbdf5..7d4366e 100644
--- a/crypto/include/internal/chacha.h
+++ b/crypto/include/internal/chacha.h
@@ -1,51 +1,10 @@
@@ -65514,8 +71117,6 @@
*/
#ifndef HEADER_CHACHA_H
-diff --git a/crypto/include/internal/cryptlib.h b/crypto/include/internal/cryptlib.h
-index 5fc7f0d..c9f76ba 100644
--- a/crypto/include/internal/cryptlib.h
+++ b/crypto/include/internal/cryptlib.h
@@ -1,58 +1,10 @@
@@ -65599,7 +71200,24 @@
#ifdef __cplusplus
extern "C" {
-@@ -115,6 +67,13 @@ void OPENSSL_showfatal(const char *fmta, ...);
+@@ -94,11 +46,11 @@ DEFINE_LHASH_OF(MEM);
+ # define X509_PRIVATE_DIR OPENSSLDIR "/private"
+ # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf"
+ # else
+-# define X509_CERT_AREA "SSLROOT:[000000]"
+-# define X509_CERT_DIR "SSLCERTS:"
+-# define X509_CERT_FILE "SSLCERTS:cert.pem"
+-# define X509_PRIVATE_DIR "SSLPRIVATE:"
+-# define CTLOG_FILE "SSLROOT:ct_log_list.cnf"
++# define X509_CERT_AREA "OSSL$DATAROOT:[000000]"
++# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]"
++# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem"
++# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]"
++# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf"
+ # endif
+
+ # define X509_CERT_DIR_EVP "SSL_CERT_DIR"
+@@ -115,6 +67,13 @@ void OPENSSL_showfatal(const char *fmta,
extern int OPENSSL_NONPIC_relocated;
void crypto_cleanup_all_ex_data_int(void);
@@ -65613,8 +71231,6 @@
#ifdef __cplusplus
}
#endif
-diff --git a/crypto/include/internal/cryptlib_int.h b/crypto/include/internal/cryptlib_int.h
-index a38ac18..aa02ddc 100644
--- a/crypto/include/internal/cryptlib_int.h
+++ b/crypto/include/internal/cryptlib_int.h
@@ -1,58 +1,10 @@
@@ -65681,7 +71297,7 @@
*/
#include <internal/cryptlib.h>
-@@ -68,7 +20,7 @@ int ossl_init_thread_start(uint64_t opts);
+@@ -68,7 +20,7 @@ int ossl_init_thread_start(uint64_t opts
/*
* OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
@@ -65690,8 +71306,6 @@
* use".
*/
# define OPENSSL_INIT_ZLIB 0x00010000L
-diff --git a/crypto/include/internal/dso_conf.h.in b/crypto/include/internal/dso_conf.h.in
-index e78e727..daa5e24 100644
--- a/crypto/include/internal/dso_conf.h.in
+++ b/crypto/include/internal/dso_conf.h.in
@@ -1,56 +1,11 @@
@@ -65757,8 +71371,6 @@
*/
#ifndef HEADER_DSO_CONF_H
-diff --git a/crypto/include/internal/engine.h b/crypto/include/internal/engine.h
-index fffce40..977cf06 100644
--- a/crypto/include/internal/engine.h
+++ b/crypto/include/internal/engine.h
@@ -1,55 +1,10 @@
@@ -65823,11 +71435,9 @@
*/
#include <openssl/engine.h>
-diff --git a/crypto/include/internal/err_int.h b/crypto/include/internal/err_int.h
-index 7f1037e..749a8db 100644
--- a/crypto/include/internal/err_int.h
+++ b/crypto/include/internal/err_int.h
-@@ -1,11 +1,10 @@
+@@ -1,17 +1,17 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
@@ -65842,15 +71452,14 @@
*/
#ifndef INTERNAL_ERR_INT_H
-@@ -13,5 +12,6 @@
+ # define INTERNAL_ERR_INT_H
- void err_load_crypto_strings_int(void);
+-void err_load_crypto_strings_int(void);
++int err_load_crypto_strings_int(void);
void err_cleanup(void);
+void err_delete_thread_state(void);
#endif
-diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
-index ca130c2..1c35319 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -1,59 +1,10 @@
@@ -65918,8 +71527,58 @@
*/
struct evp_pkey_ctx_st {
-diff --git a/crypto/include/internal/md32_common.h b/crypto/include/internal/md32_common.h
-index 156fa3a..6e4ce14 100644
+@@ -187,9 +138,9 @@ struct evp_cipher_st {
+ #define BLOCK_CIPHER_ecb_loop() \
+ size_t i, bl; \
+ bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \
+- if(inl < bl) return 1;\
++ if (inl < bl) return 1;\
+ inl -= bl; \
+- for(i=0; i <= inl; i+=bl)
++ for (i=0; i <= inl; i+=bl)
+
+ #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+@@ -238,20 +189,25 @@ static int cname##_cbc_cipher(EVP_CIPHER
+ #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+ {\
+- size_t chunk=EVP_MAXCHUNK;\
+- if (cbits==1) chunk>>=3;\
+- if (inl<chunk) chunk=inl;\
+- while(inl && inl>=chunk)\
+- {\
+- int num = EVP_CIPHER_CTX_num(ctx);\
+- cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx)); \
+- EVP_CIPHER_CTX_set_num(ctx, num);\
+- inl-=chunk;\
+- in +=chunk;\
+- out+=chunk;\
+- if(inl<chunk) chunk=inl;\
+- }\
+- return 1;\
++ size_t chunk = EVP_MAXCHUNK;\
++ if (cbits == 1) chunk >>= 3;\
++ if (inl < chunk) chunk = inl;\
++ while (inl && inl >= chunk)\
++ {\
++ int num = EVP_CIPHER_CTX_num(ctx);\
++ cprefix##_cfb##cbits##_encrypt(in, out, (long) \
++ ((cbits == 1) \
++ && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
++ ? inl*8 : inl), \
++ &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
++ &num, EVP_CIPHER_CTX_encrypting(ctx));\
++ EVP_CIPHER_CTX_set_num(ctx, num);\
++ inl -= chunk;\
++ in += chunk;\
++ out += chunk;\
++ if (inl < chunk) chunk = inl;\
++ }\
++ return 1;\
+ }
+
+ #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
--- a/crypto/include/internal/md32_common.h
+++ b/crypto/include/internal/md32_common.h
@@ -1,51 +1,10 @@
@@ -65989,7 +71648,7 @@
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif
-@@ -317,6 +278,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+@@ -317,6 +278,12 @@ int HASH_UPDATE(HASH_CTX *c, const void
data += n;
len -= n;
c->num = 0;
@@ -66002,7 +71661,7 @@
memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
} else {
memcpy(p + n, data, len);
-@@ -372,7 +339,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+@@ -372,7 +339,7 @@ int HASH_FINAL(unsigned char *md, HASH_C
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER(c, p, 1);
c->num = 0;
@@ -66011,7 +71670,7 @@
#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
-@@ -387,7 +354,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+@@ -387,7 +354,7 @@ int HASH_FINAL(unsigned char *md, HASH_C
# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
# define MD32_REG_T long
/*
@@ -66020,8 +71679,6 @@
* discusses A-D. But it basically applies to all 32-bit digests,
* which is why it was moved to common header file.
*
-diff --git a/crypto/include/internal/objects.h b/crypto/include/internal/objects.h
-index 86000b6..76e1b4d 100644
--- a/crypto/include/internal/objects.h
+++ b/crypto/include/internal/objects.h
@@ -1,9 +1,10 @@
@@ -66039,8 +71696,6 @@
*/
#include <openssl/objects.h>
-diff --git a/crypto/include/internal/poly1305.h b/crypto/include/internal/poly1305.h
-index 8e2cac5..1bc8716 100644
--- a/crypto/include/internal/poly1305.h
+++ b/crypto/include/internal/poly1305.h
@@ -1,52 +1,12 @@
@@ -66103,8 +71758,6 @@
#include <stddef.h>
#define POLY1305_BLOCK_SIZE 16
-diff --git a/crypto/include/internal/rand.h b/crypto/include/internal/rand.h
-index be92fa1..30887c4 100644
--- a/crypto/include/internal/rand.h
+++ b/crypto/include/internal/rand.h
@@ -1,4 +1,13 @@
@@ -66121,8 +71774,6 @@
* Licensed under the OpenSSL licenses, (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
-diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
-index ee49f2a..c5472e1 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -1,59 +1,10 @@
@@ -66214,14 +71865,29 @@
int references;
int flags;
/*
-@@ -312,3 +263,5 @@ struct x509_object_st {
+@@ -224,8 +175,6 @@ struct x509_st {
+ */
+ struct x509_store_ctx_st { /* X509_STORE_CTX */
+ X509_STORE *ctx;
+- /* used when looking up certs */
+- int current_method;
+ /* The following are set by the caller */
+ /* The cert to check */
+ X509 *cert;
+@@ -253,6 +202,7 @@ struct x509_store_ctx_st { /* X509_
+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+ /* Check certificate against CRL */
+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
++ /* Check policy status of the chain */
+ int (*check_policy) (X509_STORE_CTX *ctx);
+ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+@@ -312,3 +262,5 @@ struct x509_object_st {
EVP_PKEY *pkey;
} data;
};
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
-diff --git a/crypto/init.c b/crypto/init.c
-index 48f74c4..693037f 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,61 +1,12 @@
@@ -66291,13 +71957,115 @@
#include <internal/cryptlib_int.h>
#include <openssl/err.h>
#include <internal/rand.h>
-@@ -202,15 +153,15 @@ static void ossl_init_no_add_algs(void)
+@@ -71,6 +22,7 @@
+ #include <internal/objects.h>
+ #include <stdlib.h>
+ #include <assert.h>
++#include <internal/thread_once.h>
+ static int stopped = 0;
+
+@@ -110,7 +62,7 @@ static CRYPTO_RWLOCK *init_lock = NULL;
+
+ static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
+ static int base_inited = 0;
+-static void ossl_init_base(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_base)
+ {
+ #ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
+@@ -123,21 +75,24 @@ static void ossl_init_base(void)
+ #ifndef OPENSSL_SYS_UEFI
+ atexit(OPENSSL_cleanup);
+ #endif
+- init_lock = CRYPTO_THREAD_lock_new();
++ if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
++ return 0;
+ OPENSSL_cpuid_setup();
+ base_inited = 1;
++ return 1;
+ }
+
+ static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
+ static int load_crypto_strings_inited = 0;
+-static void ossl_init_no_load_crypto_strings(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
+ {
+ /* Do nothing in this case */
+- return;
++ return 1;
+ }
+
+-static void ossl_init_load_crypto_strings(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
+ {
++ int ret = 1;
+ /*
+ * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+ * pulling in all the error strings during static linking
+@@ -147,13 +102,14 @@ static void ossl_init_load_crypto_string
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
+ "err_load_crypto_strings_int()\n");
+ # endif
+- err_load_crypto_strings_int();
++ ret = err_load_crypto_strings_int();
+ #endif
+ load_crypto_strings_inited = 1;
++ return ret;
+ }
+
+ static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_add_all_ciphers(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
+ {
+ /*
+ * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+@@ -165,16 +121,12 @@ static void ossl_init_add_all_ciphers(vo
+ "openssl_add_all_ciphers_int()\n");
+ # endif
+ openssl_add_all_ciphers_int();
+-# ifndef OPENSSL_NO_ENGINE
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+- ENGINE_setup_bsd_cryptodev();
+-# endif
+-# endif
+ #endif
++ return 1;
+ }
+
+ static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_add_all_digests(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
+ {
+ /*
+ * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+@@ -186,34 +138,31 @@ static void ossl_init_add_all_digests(vo
+ "openssl_add_all_digests()\n");
+ # endif
+ openssl_add_all_digests_int();
+-# ifndef OPENSSL_NO_ENGINE
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+- ENGINE_setup_bsd_cryptodev();
+-# endif
+-# endif
+ #endif
++ return 1;
+ }
+
+-static void ossl_init_no_add_algs(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
+ {
+ /* Do nothing */
+- return;
++ return 1;
+ }
+
static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
static int config_inited = 0;
-static const char *config_filename;
+-static void ossl_init_config(void)
+static const char *appname;
- static void ossl_init_config(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_config)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr,
@@ -66308,9 +72076,152 @@
- openssl_config_int(config_filename);
+ openssl_config_int(appname);
config_inited = 1;
++ return 1;
}
- static void ossl_init_no_config(void)
-@@ -351,9 +302,9 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
+-static void ossl_init_no_config(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
+ {
+ #ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr,
+@@ -221,103 +170,114 @@ static void ossl_init_no_config(void)
+ #endif
+ openssl_no_config_int();
+ config_inited = 1;
++ return 1;
+ }
+
+ static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
+ static int async_inited = 0;
+-static void ossl_init_async(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_async)
+ {
+ #ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
+ #endif
+- async_init();
++ if (!async_init())
++ return 0;
+ async_inited = 1;
++ return 1;
+ }
+
+ #ifndef OPENSSL_NO_ENGINE
+ static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_openssl(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
+ "engine_load_openssl_int()\n");
+ # endif
+ engine_load_openssl_int();
++ return 1;
+ }
+ # if !defined(OPENSSL_NO_HW) && \
+ (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+ static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_cryptodev(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: "
+ "engine_load_cryptodev_int()\n");
+ # endif
+ engine_load_cryptodev_int();
++ return 1;
+ }
+ # endif
+
+ # ifndef OPENSSL_NO_RDRAND
+ static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_rdrand(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
+ "engine_load_rdrand_int()\n");
+ # endif
+ engine_load_rdrand_int();
++ return 1;
+ }
+ # endif
+ static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_dynamic(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
+ "engine_load_dynamic_int()\n");
+ # endif
+ engine_load_dynamic_int();
++ return 1;
+ }
+ # ifndef OPENSSL_NO_STATIC_ENGINE
+ # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+ static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_padlock(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
+ "engine_load_padlock_int()\n");
+ # endif
+ engine_load_padlock_int();
++ return 1;
+ }
+ # endif
+ # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_capi(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
+ "engine_load_capi_int()\n");
+ # endif
+ engine_load_capi_int();
++ return 1;
+ }
+ # endif
+ static CRYPTO_ONCE engine_dasync = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_dasync(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dasync)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dasync: "
+ "engine_load_dasync_int()\n");
+ # endif
+ engine_load_dasync_int();
++ return 1;
+ }
+ # if !defined(OPENSSL_NO_AFALGENG)
+ static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
+-static void ossl_init_engine_afalg(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
+ {
+ # ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
+ "engine_load_afalg_int()\n");
+ # endif
+ engine_load_afalg_int();
++ return 1;
+ }
+ # endif
+ # endif
+@@ -327,10 +287,11 @@ static void ossl_init_engine_afalg(void)
+ static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
+
+ static int zlib_inited = 0;
+-static void ossl_init_zlib(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
+ {
+ /* Do nothing - we need to know about this for the later cleanup */
+ zlib_inited = 1;
++ return 1;
+ }
+ #endif
+
+@@ -351,9 +312,9 @@ static void ossl_init_thread_stop(struct
if (locals->err_state) {
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
@@ -66322,18 +72233,130 @@
}
OPENSSL_free(locals);
-@@ -561,7 +512,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+@@ -523,94 +484,87 @@ int OPENSSL_init_crypto(uint64_t opts, c
+ return 0;
+ }
+
+- if (!CRYPTO_THREAD_run_once(&base, ossl_init_base))
++ if (!RUN_ONCE(&base, ossl_init_base))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
+- && !CRYPTO_THREAD_run_once(&load_crypto_strings,
+- ossl_init_no_load_crypto_strings))
++ && !RUN_ONCE(&load_crypto_strings,
++ ossl_init_no_load_crypto_strings))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+- && !CRYPTO_THREAD_run_once(&load_crypto_strings,
+- ossl_init_load_crypto_strings))
++ && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
+- && !CRYPTO_THREAD_run_once(&add_all_ciphers, ossl_init_no_add_algs))
++ && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
+- && !CRYPTO_THREAD_run_once(&add_all_ciphers,
+- ossl_init_add_all_ciphers))
++ && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
+- && !CRYPTO_THREAD_run_once(&add_all_digests, ossl_init_no_add_algs))
++ && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
+- && !CRYPTO_THREAD_run_once(&add_all_digests,
+- ossl_init_add_all_digests))
++ && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
+- && !CRYPTO_THREAD_run_once(&config, ossl_init_no_config))
++ && !RUN_ONCE(&config, ossl_init_no_config))
+ return 0;
+
if (opts & OPENSSL_INIT_LOAD_CONFIG) {
int ret;
CRYPTO_THREAD_write_lock(init_lock);
- config_filename = (settings == NULL) ? NULL : settings->config_name;
+- ret = CRYPTO_THREAD_run_once(&config, ossl_init_config);
+ appname = (settings == NULL) ? NULL : settings->appname;
- ret = CRYPTO_THREAD_run_once(&config, ossl_init_config);
++ ret = RUN_ONCE(&config, ossl_init_config);
CRYPTO_THREAD_unlock(init_lock);
if (!ret)
-diff --git a/crypto/kdf/Makefile.in b/crypto/kdf/Makefile.in
-deleted file mode 100644
-index 5ab2cbf..0000000
+ return 0;
+ }
+
+ if ((opts & OPENSSL_INIT_ASYNC)
+- && !CRYPTO_THREAD_run_once(&async, ossl_init_async))
++ && !RUN_ONCE(&async, ossl_init_async))
+ return 0;
+
+ #ifndef OPENSSL_NO_ENGINE
+ if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
+- && !CRYPTO_THREAD_run_once(&engine_openssl,
+- ossl_init_engine_openssl))
++ && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
+ return 0;
+ # if !defined(OPENSSL_NO_HW) && \
+ (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+ if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+- && !CRYPTO_THREAD_run_once(&engine_cryptodev,
+- ossl_init_engine_cryptodev))
++ && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev))
+ return 0;
+ # endif
+ # ifndef OPENSSL_NO_RDRAND
+ if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
+- && !CRYPTO_THREAD_run_once(&engine_rdrand, ossl_init_engine_rdrand))
++ && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
+ return 0;
+ # endif
+ if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
+- && !CRYPTO_THREAD_run_once(&engine_dynamic,
+- ossl_init_engine_dynamic))
++ && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
+ return 0;
+ # ifndef OPENSSL_NO_STATIC_ENGINE
+ # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+ if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
+- && !CRYPTO_THREAD_run_once(&engine_padlock,
+- ossl_init_engine_padlock))
++ && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
+ return 0;
+ # endif
+ # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ if ((opts & OPENSSL_INIT_ENGINE_CAPI)
+- && !CRYPTO_THREAD_run_once(&engine_capi, ossl_init_engine_capi))
++ && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
+ return 0;
+ # endif
+ if ((opts & OPENSSL_INIT_ENGINE_DASYNC)
+- && !CRYPTO_THREAD_run_once(&engine_dasync, ossl_init_engine_dasync))
++ && !RUN_ONCE(&engine_dasync, ossl_init_engine_dasync))
+ return 0;
+ # if !defined(OPENSSL_NO_AFALGENG)
+ if ((opts & OPENSSL_INIT_ENGINE_AFALG)
+- && !CRYPTO_THREAD_run_once(&engine_afalg, ossl_init_engine_afalg))
++ && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
+ return 0;
+ # endif
+ # endif
+@@ -623,7 +577,7 @@ int OPENSSL_init_crypto(uint64_t opts, c
+
+ #ifndef OPENSSL_NO_COMP
+ if ((opts & OPENSSL_INIT_ZLIB)
+- && !CRYPTO_THREAD_run_once(&zlib, ossl_init_zlib))
++ && !RUN_ONCE(&zlib, ossl_init_zlib))
+ return 0;
+ #endif
+
--- a/crypto/kdf/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -66390,8 +72413,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
-index bbe4334..00b95b5 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -1,49 +1,10 @@
@@ -66450,8 +72471,6 @@
*/
#include <stdlib.h>
-diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
-index b0321c5..6707a52 100644
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
@@ -1,61 +1,11 @@
@@ -66523,8 +72542,21 @@
*/
#include <stdio.h>
-diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
-index 4b40c88..fa13732 100644
+@@ -83,7 +33,7 @@ static ERR_STRING_DATA KDF_str_reasons[]
+
+ #endif
+
+-void ERR_load_KDF_strings(void)
++int ERR_load_KDF_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -92,4 +42,5 @@ void ERR_load_KDF_strings(void)
+ ERR_load_strings(0, KDF_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -1,59 +1,10 @@
@@ -66592,9 +72624,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/lhash/Makefile.in b/crypto/lhash/Makefile.in
-deleted file mode 100644
-index 9b9281f..0000000
--- a/crypto/lhash/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -66641,8 +72670,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
-index cad3a61..7337832 100644
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
@@ -1,58 +1,10 @@
@@ -66772,7 +72799,7 @@
{
BIO_printf(out, "num_items = %lu\n", lh->num_items);
BIO_printf(out, "num_nodes = %u\n", lh->num_nodes);
-@@ -130,9 +80,9 @@ void lh_stats_bio(const _LHASH *lh, BIO *out)
+@@ -130,9 +80,9 @@ void lh_stats_bio(const _LHASH *lh, BIO
BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
}
@@ -66784,7 +72811,7 @@
unsigned int i, num;
for (i = 0; i < lh->num_nodes; i++) {
-@@ -142,9 +92,9 @@ void lh_node_stats_bio(const _LHASH *lh, BIO *out)
+@@ -142,9 +92,9 @@ void lh_node_stats_bio(const _LHASH *lh,
}
}
@@ -66796,8 +72823,6 @@
unsigned long num;
unsigned int i;
unsigned long total = 0, n_used = 0;
-diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
-index 60e9223..19c6d2c 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -1,124 +1,39 @@
@@ -66940,7 +72965,7 @@
ret->num_nodes = MIN_NODES / 2;
ret->num_alloc_nodes = MIN_NODES;
ret->pmax = MIN_NODES / 2;
-@@ -132,10 +47,10 @@ _LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+@@ -132,10 +47,10 @@ static LHASH_NODE **getrn(_LHASH *lh, co
return (NULL);
}
@@ -66986,7 +73011,7 @@
void *ret;
lh->error = 0;
-@@ -213,10 +128,10 @@ void *lh_delete(_LHASH *lh, const void *data)
+@@ -213,10 +128,10 @@ void *lh_delete(_LHASH *lh, const void *
return (ret);
}
@@ -66999,7 +73024,7 @@
void *ret;
lh->error = 0;
-@@ -232,11 +147,12 @@ void *lh_retrieve(_LHASH *lh, const void *data)
+@@ -232,11 +147,12 @@ void *lh_retrieve(_LHASH *lh, const void
return (ret);
}
@@ -67015,7 +73040,7 @@
if (lh == NULL)
return;
-@@ -248,13 +164,6 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+@@ -248,13 +164,6 @@ static void doall_util_fn(_LHASH *lh, in
for (i = lh->num_nodes - 1; i >= 0; i--) {
a = lh->b[i];
while (a != NULL) {
@@ -67029,7 +73054,7 @@
n = a->next;
if (use_arg)
func_arg(a->data, arg);
-@@ -265,19 +174,19 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+@@ -265,19 +174,19 @@ static void doall_util_fn(_LHASH *lh, in
}
}
@@ -67117,7 +73142,7 @@
hash = (*(lh->hash)) (data);
lh->num_hash_calls++;
-@@ -389,7 +300,7 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
+@@ -389,7 +300,7 @@ static LHASH_NODE **getrn(_LHASH *lh, co
* collisions on /usr/dict/words and it distributes on %2^n quite well, not
* as good as MD5, but still good.
*/
@@ -67153,9 +73178,6 @@
{
return lh->error;
}
-diff --git a/crypto/lhash/lhash_lcl.h b/crypto/lhash/lhash_lcl.h
-new file mode 100644
-index 0000000..eb4a1a3
--- /dev/null
+++ b/crypto/lhash/lhash_lcl.h
@@ -0,0 +1,42 @@
@@ -67201,8 +73223,6 @@
+ unsigned long num_hash_comps;
+ int error;
+};
-diff --git a/crypto/lhash/num.pl b/crypto/lhash/num.pl
-index 4440a99..8a8c42c 100644
--- a/crypto/lhash/num.pl
+++ b/crypto/lhash/num.pl
@@ -1,4 +1,10 @@
@@ -67217,9 +73237,6 @@
#node 10 -> 4
-diff --git a/crypto/md2/Makefile.in b/crypto/md2/Makefile.in
-deleted file mode 100644
-index 16bfea7..0000000
--- a/crypto/md2/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -67266,8 +73283,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
-index 80dec23..ff062fd 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -1,58 +1,10 @@
@@ -67335,7 +73350,7 @@
*/
#include <stdio.h>
-@@ -216,6 +168,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
+@@ -216,6 +168,6 @@ int MD2_Final(unsigned char *md, MD2_CTX
for (i = 0; i < 16; i++)
md[i] = (UCHAR) (p1[i] & 0xff);
@@ -67343,14 +73358,14 @@
+ OPENSSL_cleanse(c, sizeof(*c));
return 1;
}
-diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
-index ad643ee..460f96e 100644
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -67398,9 +73413,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -67412,9 +73425,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/md4/Makefile.in b/crypto/md4/Makefile.in
-deleted file mode 100644
-index f63c611..0000000
--- a/crypto/md4/Makefile.in
+++ /dev/null
@@ -1,44 +0,0 @@
@@ -67462,14 +73472,14 @@
- rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c
-index ab1e55b..5319618 100644
--- a/crypto/md4/md4_dgst.c
+++ b/crypto/md4/md4_dgst.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -67517,9 +73527,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -67531,14 +73539,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h
-index 7e9701c..6aec556 100644
--- a/crypto/md4/md4_locl.h
+++ b/crypto/md4/md4_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -67586,9 +73594,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -67600,8 +73606,6 @@
*/
#include <stdlib.h>
-diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
-index efcf2c6..9f0989f 100644
--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
@@ -1,58 +1,10 @@
@@ -67669,9 +73673,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp
-deleted file mode 100644
-index c0ec97f..0000000
--- a/crypto/md4/md4s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
@@ -67753,9 +73754,6 @@
- }
- }
-
-diff --git a/crypto/md5/Makefile.in b/crypto/md5/Makefile.in
-deleted file mode 100644
-index 48ddab3..0000000
--- a/crypto/md5/Makefile.in
+++ /dev/null
@@ -1,61 +0,0 @@
@@ -67820,8 +73818,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl
-index b3b756c..24f68af 100644
--- a/crypto/md5/asm/md5-586.pl
+++ b/crypto/md5/asm/md5-586.pl
@@ -1,4 +1,11 @@
@@ -67837,8 +73833,6 @@
# Normal is the
# md5_block_x86(MD5_CTX *c, ULONG *X);
-diff --git a/crypto/md5/asm/md5-ia64.S b/crypto/md5/asm/md5-ia64.S
-index e7de08d..c20467b 100644
--- a/crypto/md5/asm/md5-ia64.S
+++ b/crypto/md5/asm/md5-ia64.S
@@ -1,3 +1,13 @@
@@ -67855,8 +73849,6 @@
/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
Permission is hereby granted, free of charge, to any person obtaining
-diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl
-index 1c4ae52..09e6d71 100644
--- a/crypto/md5/asm/md5-sparcv9.pl
+++ b/crypto/md5/asm/md5-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -67872,8 +73864,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl
-index 8d820e1..3f656dc 100755
--- a/crypto/md5/asm/md5-x86_64.pl
+++ b/crypto/md5/asm/md5-x86_64.pl
@@ -1,11 +1,13 @@
@@ -67896,7 +73886,7 @@
use strict;
-@@ -128,7 +130,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+@@ -128,7 +130,7 @@ my $win64=0; $win64=1 if ($flavour =~ /[
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -67905,14 +73895,14 @@
*STDOUT=*OUT;
$code .= <<EOF;
-diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
-index 37b0d31..fbede67 100644
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -67960,9 +73950,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -67974,14 +73962,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h
-index f2d80a0..9c7aade 100644
--- a/crypto/md5/md5_locl.h
+++ b/crypto/md5/md5_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -68029,9 +74017,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -68052,8 +74038,6 @@
defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
# define md5_block_data_order md5_block_asm_data_order
# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
-index 9771dcf..becd87e 100644
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -1,58 +1,10 @@
@@ -68121,9 +74105,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp
-deleted file mode 100644
-index dd343fd..0000000
--- a/crypto/md5/md5s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
@@ -68205,9 +74186,6 @@
- }
- }
-
-diff --git a/crypto/mdc2/Makefile.in b/crypto/mdc2/Makefile.in
-deleted file mode 100644
-index 2f2ccf9..0000000
--- a/crypto/mdc2/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -68254,8 +74232,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
-index ee94bbe..472a5ec 100644
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -1,58 +1,10 @@
@@ -68323,8 +74299,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
-index abfba5a..6397a47 100644
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -1,58 +1,10 @@
@@ -68392,8 +74366,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/mem.c b/crypto/mem.c
-index 16ef64c..02aa43a 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -1,58 +1,10 @@
@@ -68461,7 +74433,7 @@
*/
#include <stdio.h>
-@@ -196,14 +148,15 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
+@@ -196,14 +148,15 @@ void *CRYPTO_clear_realloc(void *str, si
/* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
if (num < old_len) {
@@ -68480,8 +74452,6 @@
return ret;
}
-diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
-index 3389919..a1a4f93 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -1,59 +1,10 @@
@@ -68549,11 +74519,9 @@
*/
#include <string.h>
-diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
-index 2b8cf73..0b48708 100644
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
-@@ -1,118 +1,16 @@
+@@ -1,118 +1,17 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
@@ -68675,11 +74643,97 @@
#include <time.h>
#include "internal/cryptlib.h"
-#include "internal/threads.h"
++#include "internal/thread_once.h"
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include "internal/bio.h"
-diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
-index 31c0525..4ccff34 100644
+@@ -189,11 +88,19 @@ static unsigned int num_disable = 0;
+ */
+ static CRYPTO_THREAD_ID disabling_threadid;
+
+-static void do_memdbg_init(void)
++DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
+ {
+ malloc_lock = CRYPTO_THREAD_lock_new();
+ long_malloc_lock = CRYPTO_THREAD_lock_new();
+- CRYPTO_THREAD_init_local(&appinfokey, NULL);
++ if (malloc_lock == NULL || long_malloc_lock == NULL
++ || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
++ CRYPTO_THREAD_lock_free(malloc_lock);
++ malloc_lock = NULL;
++ CRYPTO_THREAD_lock_free(long_malloc_lock);
++ long_malloc_lock = NULL;
++ return 0;
++ }
++ return 1;
+ }
+
+ static void app_info_free(APP_INFO *inf)
+@@ -214,7 +121,8 @@ int CRYPTO_mem_ctrl(int mode)
+ #else
+ int ret = mh_mode;
+
+- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
++ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
++ return -1;
+
+ CRYPTO_THREAD_write_lock(malloc_lock);
+ switch (mode) {
+@@ -287,7 +195,8 @@ static int mem_check_on(void)
+ CRYPTO_THREAD_ID cur;
+
+ if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
++ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
++ return 0;
+
+ cur = CRYPTO_THREAD_get_current_id();
+ CRYPTO_THREAD_read_lock(malloc_lock);
+@@ -330,7 +239,9 @@ static int pop_info(void)
+ {
+ APP_INFO *current = NULL;
+
+- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
++ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
++ return 0;
++
+ current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+ if (current != NULL) {
+ APP_INFO *next = current->next;
+@@ -360,9 +271,8 @@ int CRYPTO_mem_debug_push(const char *in
+ if (mem_check_on()) {
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
+-
+- if ((ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
++ if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
++ || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
+ goto err;
+
+ ami->threadid = CRYPTO_THREAD_get_current_id();
+@@ -415,9 +325,8 @@ void CRYPTO_mem_debug_malloc(void *addr,
+ if (mem_check_on()) {
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
+-
+- if ((m = OPENSSL_malloc(sizeof(*m))) == NULL) {
++ if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
++ || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
+ OPENSSL_free(addr);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+ return;
+@@ -645,7 +554,8 @@ int CRYPTO_mem_leaks(BIO *b)
+ /* Ensure all resources are released */
+ OPENSSL_cleanup();
+
+- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
++ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
++ return -1;
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -1,4 +1,13 @@
@@ -68712,7 +74766,7 @@
static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
-@@ -48,7 +55,7 @@ static int sh_init(size_t size, int minsize);
+@@ -48,7 +55,7 @@ static int sh_init(size_t size, int mins
static char *sh_malloc(size_t size);
static void sh_free(char *ptr);
static void sh_done(void);
@@ -68721,7 +74775,7 @@
static int sh_allocated(const char *ptr);
#endif
-@@ -57,10 +64,6 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize)
+@@ -57,10 +64,6 @@ int CRYPTO_secure_malloc_init(size_t siz
#ifdef IMPLEMENTED
int ret = 0;
@@ -68732,7 +74786,7 @@
if (!secure_mem_initialized) {
sec_malloc_lock = CRYPTO_THREAD_lock_new();
if (sec_malloc_lock == NULL)
-@@ -75,13 +78,17 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize)
+@@ -75,13 +78,17 @@ int CRYPTO_secure_malloc_init(size_t siz
#endif /* IMPLEMENTED */
}
@@ -68754,7 +74808,7 @@
}
int CRYPTO_secure_malloc_initialized()
-@@ -100,7 +107,6 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
+@@ -100,7 +107,6 @@ void *CRYPTO_secure_malloc(size_t num, c
size_t actual_size;
if (!secure_mem_initialized) {
@@ -68762,7 +74816,7 @@
return CRYPTO_malloc(num, file, line);
}
CRYPTO_THREAD_write_lock(sec_malloc_lock);
-@@ -130,7 +136,7 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line)
+@@ -130,7 +136,7 @@ void CRYPTO_secure_free(void *ptr, const
if (ptr == NULL)
return;
@@ -68771,7 +74825,7 @@
CRYPTO_free(ptr, file, line);
return;
}
-@@ -208,9 +214,11 @@ size_t CRYPTO_secure_actual_size(void *ptr)
+@@ -208,9 +214,11 @@ size_t CRYPTO_secure_actual_size(void *p
* place.
*/
@@ -68842,7 +74896,7 @@
OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
OPENSSL_assert(TESTBIT(table, bit));
CLEARBIT(table, bit);
-@@ -280,11 +288,11 @@ static void sh_clearbit(char *ptr, int list, unsigned char *table)
+@@ -280,11 +288,11 @@ static void sh_clearbit(char *ptr, int l
static void sh_setbit(char *ptr, int list, unsigned char *table)
{
@@ -68908,9 +74962,6 @@
+ return sh.arena_size / (ONE << list);
}
#endif /* IMPLEMENTED */
-diff --git a/crypto/modes/Makefile.in b/crypto/modes/Makefile.in
-deleted file mode 100644
-index 22ab8b9..0000000
--- a/crypto/modes/Makefile.in
+++ /dev/null
@@ -1,76 +0,0 @@
@@ -68990,8 +75041,6 @@
- rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl
-index 8f5026b..5ad62b3 100644
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -1,4 +1,11 @@
@@ -69007,7 +75056,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -61,7 +68,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -61,7 +68,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -69016,7 +75065,7 @@
*STDOUT=*OUT;
if ($avx>1) {{{
-@@ -109,6 +116,23 @@ _aesni_ctr32_ghash_6x:
+@@ -109,6 +116,23 @@ if ($avx>1) {{{
vpxor $rndkey,$inout3,$inout3
vmovups 0x10-0x80($key),$T2 # borrow $T2 for $rndkey
vpclmulqdq \$0x01,$Hkey,$Z3,$Z2
@@ -69040,7 +75089,7 @@
xor %r12,%r12
cmp $in0,$end0
-@@ -401,6 +425,9 @@ $code.=<<___;
+@@ -401,6 +425,9 @@ if ($avx>1) {{{
.align 32
aesni_gcm_decrypt:
xor $ret,$ret
@@ -69050,7 +75099,7 @@
cmp \$0x60,$len # minimal accepted length
jb .Lgcm_dec_abort
-@@ -455,7 +482,15 @@ $code.=<<___;
+@@ -455,7 +482,15 @@ if ($avx>1) {{{
vmovdqu 0x50($inp),$Z3 # I[5]
lea ($inp),$in0
vmovdqu 0x40($inp),$Z0
@@ -69066,7 +75115,7 @@
vmovdqu 0x30($inp),$Z1
shr \$4,$len
xor $ret,$ret
-@@ -611,6 +646,10 @@ _aesni_ctr32_6x:
+@@ -611,6 +646,10 @@ if ($avx>1) {{{
.align 32
aesni_gcm_encrypt:
xor $ret,$ret
@@ -69077,7 +75126,7 @@
cmp \$0x60*3,$len # minimal accepted length
jb .Lgcm_enc_abort
-@@ -660,7 +699,16 @@ $code.=<<___;
+@@ -660,7 +699,16 @@ if ($avx>1) {{{
.Lenc_no_key_aliasing:
lea ($out),$in0
@@ -69094,8 +75143,6 @@
shr \$4,$len
call _aesni_ctr32_6x
-diff --git a/crypto/modes/asm/ghash-alpha.pl b/crypto/modes/asm/ghash-alpha.pl
-index df6b3a3..ccf6b2b 100644
--- a/crypto/modes/asm/ghash-alpha.pl
+++ b/crypto/modes/asm/ghash-alpha.pl
@@ -1,4 +1,11 @@
@@ -69111,8 +75158,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
-index 6cc3653..db56c85 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -1,4 +1,11 @@
@@ -69128,8 +75173,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl
-index 93f6985..3cadda3 100644
--- a/crypto/modes/asm/ghash-c64xplus.pl
+++ b/crypto/modes/asm/ghash-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -69145,8 +75188,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/asm/ghash-ia64.pl b/crypto/modes/asm/ghash-ia64.pl
-index 9d49143..81e75f7 100755
--- a/crypto/modes/asm/ghash-ia64.pl
+++ b/crypto/modes/asm/ghash-ia64.pl
@@ -1,4 +1,11 @@
@@ -69162,8 +75203,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl
-index d5ad96b..1d62545 100644
--- a/crypto/modes/asm/ghash-parisc.pl
+++ b/crypto/modes/asm/ghash-parisc.pl
@@ -1,4 +1,11 @@
@@ -69179,8 +75218,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
-index a46f3eb..65ffaf9 100644
--- a/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/modes/asm/ghash-s390x.pl
@@ -1,4 +1,11 @@
@@ -69196,7 +75233,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -85,9 +92,7 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
+@@ -85,9 +92,7 @@ open STDOUT,">$output";
tmhl %r0,0x4000 # check for message-security-assist
jz .Lsoft_gmult
lghi %r0,0
@@ -69207,8 +75244,6 @@
tmhh %r1,0x4000 # check for function 65
jz .Lsoft_gmult
stg %r0,16($sp) # arrange 16 bytes of zero input
-diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl
-index badfcf7..c4eb3b1 100644
--- a/crypto/modes/asm/ghash-sparcv9.pl
+++ b/crypto/modes/asm/ghash-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -69224,7 +75259,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -446,6 +453,8 @@ gcm_gmult_vis3:
+@@ -446,6 +453,8 @@ undef $len;
.align 32
gcm_ghash_vis3:
save %sp,-$frame,%sp
@@ -69233,8 +75268,6 @@
ldx [$Xip+8],$C2 ! load Xi
ldx [$Xip+0],$C3
-diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
-index db6eeae..4eb0b2c 100644
--- a/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/modes/asm/ghash-x86.pl
@@ -1,4 +1,11 @@
@@ -69250,8 +75283,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl
-index 006215e..b4a8ddb 100644
--- a/crypto/modes/asm/ghash-x86_64.pl
+++ b/crypto/modes/asm/ghash-x86_64.pl
@@ -1,4 +1,11 @@
@@ -69267,7 +75298,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -110,7 +117,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -110,7 +117,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -69276,8 +75307,6 @@
*STDOUT=*OUT;
$do4xaggr=1;
-diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl
-index 71457cf..f0598cb 100755
--- a/crypto/modes/asm/ghashp8-ppc.pl
+++ b/crypto/modes/asm/ghashp8-ppc.pl
@@ -1,4 +1,11 @@
@@ -69328,7 +75357,7 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-@@ -46,6 +66,7 @@ my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6)); # argument block
+@@ -46,6 +66,7 @@ my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..
my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
@@ -69336,7 +75365,7 @@
my $vrsave="r12";
$code=<<___;
-@@ -56,7 +77,7 @@ $code=<<___;
+@@ -56,7 +77,7 @@ my $vrsave="r12";
.globl .gcm_init_p8
.align 5
.gcm_init_p8:
@@ -69345,7 +75374,7 @@
li r8,0x10
mfspr $vrsave,256
li r9,0x20
-@@ -78,17 +99,103 @@ $code=<<___;
+@@ -78,17 +99,103 @@ my $vrsave="r12";
vsl $H,$H,$t0 # H<<=1
vsrab $t1,$t1,$t2 # broadcast carry bit
vand $t1,$t1,$xC2
@@ -69451,7 +75480,7 @@
mtspr 256,$vrsave
blr
-@@ -96,7 +203,9 @@ $code=<<___;
+@@ -96,7 +203,9 @@ my $vrsave="r12";
.byte 0,12,0x14,0,0,0,2,0
.long 0
.size .gcm_init_p8,.-.gcm_init_p8
@@ -69462,7 +75491,7 @@
.globl .gcm_gmult_p8
.align 5
.gcm_gmult_p8:
-@@ -122,7 +231,7 @@ $code=<<___;
+@@ -122,7 +231,7 @@ my $vrsave="r12";
vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
@@ -69471,7 +75500,7 @@
vsldoi $t0,$Xm,$zero,8
vsldoi $t1,$zero,$Xm,8
-@@ -132,7 +241,7 @@ $code=<<___;
+@@ -132,7 +241,7 @@ my $vrsave="r12";
vsldoi $Xl,$Xl,$Xl,8
vxor $Xl,$Xl,$t2
@@ -69480,7 +75509,7 @@
vpmsumd $Xl,$Xl,$xC2
vxor $t1,$t1,$Xh
vxor $Xl,$Xl,$t1
-@@ -150,7 +259,7 @@ $code=<<___;
+@@ -150,7 +259,7 @@ my $vrsave="r12";
.globl .gcm_ghash_p8
.align 5
.gcm_ghash_p8:
@@ -69489,7 +75518,7 @@
li r8,0x10
mfspr $vrsave,256
li r9,0x20
-@@ -159,52 +268,99 @@ $code=<<___;
+@@ -159,52 +268,99 @@ my $vrsave="r12";
lvx_u $Xl,0,$Xip # load Xi
lvx_u $Hl,r8,$Htbl # load pre-computed table
@@ -69575,7 +75604,7 @@
- beq Loop # did $len-=16 borrow?
+ $UCMP r9,$inp
+ bgt Loop_2x # done yet?
-+
+
+ cmplwi $len,0
+ bne Leven
+
@@ -69597,12 +75626,12 @@
+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
+ vpmsumd $Xl,$Xl,$xC2
+ vxor $t1,$t1,$Xh
-
++
+Leven:
vxor $Xl,$Xl,$t1
le?vperm $Xl,$Xl,$Xl,$lemask
stvx_u $Xl,0,$Xip # write out Xi
-@@ -214,6 +370,284 @@ Loop:
+@@ -214,6 +370,284 @@ my $vrsave="r12";
.long 0
.byte 0,12,0x14,0,0,0,4,0
.long 0
@@ -69887,7 +75916,7 @@
.size .gcm_ghash_p8,.-.gcm_ghash_p8
.asciz "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
-@@ -221,6 +655,8 @@ Loop:
+@@ -221,6 +655,8 @@ my $vrsave="r12";
___
foreach (split("\n",$code)) {
@@ -69896,8 +75925,6 @@
if ($flavour =~ /le$/o) { # little-endian
s/le\?//o or
s/be\?/#be#/o;
-diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
-index fe3a34d..5fcd0b9 100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
@@ -1,4 +1,11 @@
@@ -69913,11 +75940,9 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/modes/build.info b/crypto/modes/build.info
-index 43282c4..38195c4 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
-@@ -12,7 +12,7 @@ GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl $(PERLASM_SCHEME)
+@@ -12,7 +12,7 @@ GENERATE[ghash-x86_64.s]=asm/ghash-x86_6
GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME)
GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl $(PERLASM_SCHEME)
INCLUDE[ghash-sparcv9.o]=..
@@ -69926,8 +75951,6 @@
GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl $(PERLASM_SCHEME)
GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl $(PERLASM_SCHEME)
GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME)
-diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
-index bf2210c..4c9bc85 100644
--- a/crypto/modes/cbc128.c
+++ b/crypto/modes/cbc128.c
@@ -1,51 +1,10 @@
@@ -69988,14 +76011,14 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c
-index ef99eb1..85ce84f 100644
--- a/crypto/modes/ccm128.c
+++ b/crypto/modes/ccm128.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -70026,9 +76049,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -70049,8 +76070,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c
-index 8d3af57..e439567 100644
--- a/crypto/modes/cfb128.c
+++ b/crypto/modes/cfb128.c
@@ -1,51 +1,10 @@
@@ -70111,8 +76130,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
-index 5bdbbcf..b7ffb73 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -1,51 +1,10 @@
@@ -70173,8 +76190,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c
-index ed233d5..77ec994 100644
--- a/crypto/modes/cts128.c
+++ b/crypto/modes/cts128.c
@@ -1,8 +1,10 @@
@@ -70192,14 +76207,14 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
-index 8a8b110..df9f654 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -70230,9 +76245,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -70253,8 +76266,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
-index 071b014..7a1603b 100644
--- a/crypto/modes/modes_lcl.h
+++ b/crypto/modes/modes_lcl.h
@@ -1,8 +1,10 @@
@@ -70272,8 +76283,6 @@
*/
#include <openssl/modes.h>
-diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c
-index c3daf7c..c3bd13b 100644
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
@@ -1,50 +1,10 @@
@@ -70333,7 +76342,7 @@
*/
#include <string.h>
-@@ -147,6 +107,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
+@@ -147,6 +107,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CO
/* We don't have it - so calculate it */
if (idx >= ctx->max_l_index) {
@@ -70341,7 +76350,7 @@
/*
* Each additional entry allows to process almost double as
* much data, so that in linear world the table will need to
-@@ -157,10 +118,11 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
+@@ -157,10 +118,11 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CO
* the index.
*/
ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
@@ -70355,7 +76364,7 @@
}
while (l_index < idx) {
ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
-@@ -268,7 +230,7 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+@@ -268,7 +230,7 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *
/*
* Spec says IV is 120 bits or fewer - it allows non byte aligned lengths.
@@ -70364,7 +76373,7 @@
*/
if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) {
return -1;
-@@ -415,7 +377,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
+@@ -415,7 +377,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
/* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
inblock =
@@ -70373,8 +76382,6 @@
ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1);
/* Checksum_i = Checksum_{i-1} xor P_i */
ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum);
-diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c
-index 0870f08..8309256 100644
--- a/crypto/modes/ofb128.c
+++ b/crypto/modes/ofb128.c
@@ -1,51 +1,10 @@
@@ -70435,8 +76442,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
-index b926844..46809a0 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -1,55 +1,10 @@
@@ -70500,8 +76505,6 @@
*/
/** Beware!
-diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c
-index 55fa654..81b1eac 100644
--- a/crypto/modes/xts128.c
+++ b/crypto/modes/xts128.c
@@ -1,50 +1,10 @@
@@ -70561,8 +76564,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/o_dir.c b/crypto/o_dir.c
-index b3fcb91..89c8c5c 100644
--- a/crypto/o_dir.c
+++ b/crypto/o_dir.c
@@ -1,59 +1,10 @@
@@ -70630,8 +76631,6 @@
*/
#include <errno.h>
-diff --git a/crypto/o_fips.c b/crypto/o_fips.c
-index 1139148..bf6db65 100644
--- a/crypto/o_fips.c
+++ b/crypto/o_fips.c
@@ -1,59 +1,10 @@
@@ -70699,9 +76698,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c
-new file mode 100644
-index 0000000..0bdb53f
--- /dev/null
+++ b/crypto/o_fopen.c
@@ -0,0 +1,103 @@
@@ -70776,7 +76772,7 @@
+ if (newname == NULL)
+ return NULL;
+
-+ for(iterator = newname, lastchar = '\0';
++ for (iterator = newname, lastchar = '\0';
+ *filename; filename++, iterator++) {
+ if (lastchar == '/' && filename[0] == '.'
+ && filename[1] != '.' && filename[1] != '/') {
@@ -70808,8 +76804,6 @@
+}
+
+#endif
-diff --git a/crypto/o_init.c b/crypto/o_init.c
-index 128f70b..2e0c126 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -1,55 +1,10 @@
@@ -70873,8 +76867,6 @@
*/
#include <e_os.h>
-diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 660226f..beabec0 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -1,59 +1,10 @@
@@ -70992,7 +76984,7 @@
int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
{
const unsigned char *c1 = v1, *c2 = v2;
-@@ -290,7 +198,12 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
+@@ -290,7 +198,12 @@ char *OPENSSL_buf2hexstr(const unsigned
const unsigned char *p;
int i;
@@ -71006,7 +76998,7 @@
CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
return NULL;
}
-@@ -307,3 +220,31 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
+@@ -307,3 +220,31 @@ char *OPENSSL_buf2hexstr(const unsigned
return tmp;
}
@@ -71038,8 +77030,6 @@
+ return 1;
+#endif
+}
-diff --git a/crypto/o_time.c b/crypto/o_time.c
-index 75aa2e5..b73fe1f 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -1,63 +1,10 @@
@@ -71111,9 +77101,6 @@
*/
#include <openssl/e_os2.h>
-diff --git a/crypto/objects/Makefile.in b/crypto/objects/Makefile.in
-deleted file mode 100644
-index f6c9f0a..0000000
--- a/crypto/objects/Makefile.in
+++ /dev/null
@@ -1,58 +0,0 @@
@@ -71175,9 +77162,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/objects/README b/crypto/objects/README
-new file mode 100644
-index 0000000..cb1d216
--- /dev/null
+++ b/crypto/objects/README
@@ -0,0 +1,44 @@
@@ -71225,8 +77209,6 @@
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
-diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
-index 5728806..c655a90 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -1,3 +1,12 @@
@@ -71251,7 +77233,17 @@
}
#else
#define obj_strcmp strcmp
-@@ -90,7 +99,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+@@ -67,8 +76,7 @@ int OBJ_NAME_new_index(unsigned long (*h
+ int (*cmp_func) (const char *, const char *),
+ void (*free_func) (const char *, int, const char *))
+ {
+- int ret;
+- int i;
++ int ret, i, push;
+ NAME_FUNCS *name_funcs;
+
+ if (name_funcs_stack == NULL) {
+@@ -90,11 +98,18 @@ int OBJ_NAME_new_index(unsigned long (*h
OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
return (0);
}
@@ -71259,8 +77251,20 @@
+ name_funcs->hash_func = OPENSSL_LH_strhash;
name_funcs->cmp_func = obj_strcmp;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
- sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
-@@ -132,7 +141,7 @@ static unsigned long obj_name_hash(const OBJ_NAME *a)
+- sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
++
++ push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
++
++ if (!push) {
++ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
++ OPENSSL_free(name_funcs);
++ return 0;
++ }
+ }
+ name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+ if (hash_func != NULL)
+@@ -132,7 +147,7 @@ static unsigned long obj_name_hash(const
sk_NAME_FUNCS_value(name_funcs_stack,
a->type)->hash_func(a->name);
} else {
@@ -71269,7 +77273,7 @@
}
ret ^= a->type;
return (ret);
-@@ -182,7 +191,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
+@@ -182,7 +197,7 @@ int OBJ_NAME_add(const char *name, int t
onp = OPENSSL_malloc(sizeof(*onp));
if (onp == NULL) {
/* ERROR */
@@ -71278,7 +77282,7 @@
}
onp->name = name;
-@@ -207,10 +216,11 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
+@@ -207,10 +222,11 @@ int OBJ_NAME_add(const char *name, int t
} else {
if (lh_OBJ_NAME_error(names_lh)) {
/* ERROR */
@@ -71292,8 +77296,6 @@
}
int OBJ_NAME_remove(const char *name, int type)
-diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
-index 6baf2f0..bb50f63 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -1,58 +1,10 @@
@@ -71361,7 +77363,7 @@
*/
#include <stdio.h>
-@@ -116,10 +68,10 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
+@@ -116,10 +68,10 @@ static unsigned long added_obj_hash(cons
ret ^= p[i] << ((i * 3) % 24);
break;
case ADDED_SNAME:
@@ -71374,7 +77376,7 @@
break;
case ADDED_NID:
ret = a->nid;
-@@ -247,7 +199,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
+@@ -247,7 +199,7 @@ int OBJ_add_object(const ASN1_OBJECT *ob
ao[i]->type = i;
ao[i]->obj = o;
aop = lh_ADDED_OBJ_insert(added, ao[i]);
@@ -71439,8 +77441,6 @@
}
size_t OBJ_length(const ASN1_OBJECT *obj)
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index d852a55..fc9def2 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1,5792 +1,5086 @@
@@ -82310,8 +88310,6 @@
+ 1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */
};
-
-diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl
-index 0bf1e48..1cb3d1c 100644
--- a/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
@@ -1,305 +1,227 @@
@@ -82561,7 +88559,6 @@
- $v =~ s/,/ /g;
- push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v));
- }
--
+# For every value in %obj, recursively expand OBJ_xxx values. That is:
+# #define OBJ_iso 1L
+# #define OBJ_identified_organization OBJ_iso,3L
@@ -82627,7 +88624,7 @@
+ $out .= "},\n";
+ push(@out, $out);
+}
-+
+
+# Finally ready to generate the output.
+open(OUT, ">$ARGV[1]") || die "Can't open output file $ARGV[1], $!";
print OUT <<'EOF';
@@ -82736,17 +88733,13 @@
- else
- { print OUT $_; }
- }
--print OUT "};\n\n";
--
--printf OUT "static const unsigned int sn_objs[NUM_SN]={\n";
--print OUT @sn;
+printf OUT "#define NUM_NID %d\n", $n;
+printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n";
+print OUT @out;
print OUT "};\n\n";
--printf OUT "static const unsigned int ln_objs[NUM_LN]={\n";
--print OUT @ln;
+-printf OUT "static const unsigned int sn_objs[NUM_SN]={\n";
+-print OUT @sn;
+{
+ no warnings "uninitialized";
+ @a = grep(defined $sn{$nid{$_}}, 0 .. $n);
@@ -82758,8 +88751,8 @@
+}
print OUT "};\n\n";
--printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n";
--print OUT @ob;
+-printf OUT "static const unsigned int ln_objs[NUM_LN]={\n";
+-print OUT @ln;
+{
+ no warnings "uninitialized";
+ @a = grep(defined $ln{$nid{$_}}, 0 .. $n);
@@ -82771,7 +88764,9 @@
+}
print OUT "};\n\n";
--close OUT;
+-printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n";
+-print OUT @ob;
+-print OUT "};\n\n";
+{
+ no warnings "uninitialized";
+ @a = grep(defined $obj{$nid{$_}}, 0 .. $n);
@@ -82779,10 +88774,7 @@
+printf OUT "#define NUM_OBJ %d\n", $#a + 1;
+printf OUT "static const unsigned int obj_objs[NUM_OBJ] = {\n";
--sub der_it
-- {
-- local($v)=@_;
-- local(@a,$i,$ret, at r);
+-close OUT;
+# Compare DER; prefer shorter; if some length, use the "smaller" encoding.
+sub obj_cmp
+{
@@ -82805,6 +88797,11 @@
+}
+print OUT "};\n";
+-sub der_it
+- {
+- local($v)=@_;
+- local(@a,$i,$ret, at r);
+-
- @a=split(/\s+/,$v);
- $ret.=pack("C*",$a[0]*40+$a[1]);
- shift @a;
@@ -82825,8 +88822,6 @@
- return($ret);
- }
+close OUT;
-diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
-index 396b6c2..2dd80be 100644
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
@@ -1,61 +1,11 @@
@@ -82898,7 +88893,7 @@
*/
#include <stdio.h>
-@@ -80,7 +30,7 @@ static ERR_STRING_DATA OBJ_str_functs[] = {
+@@ -80,14 +30,14 @@ static ERR_STRING_DATA OBJ_str_functs[]
};
static ERR_STRING_DATA OBJ_str_reasons[] = {
@@ -82907,8 +88902,20 @@
{ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
{0, NULL}
};
-diff --git a/crypto/objects/obj_lcl.h b/crypto/objects/obj_lcl.h
-index c451088..a417f7c 100644
+
+ #endif
+
+-void ERR_load_OBJ_strings(void)
++int ERR_load_OBJ_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -96,4 +46,5 @@ void ERR_load_OBJ_strings(void)
+ ERR_load_strings(0, OBJ_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/objects/obj_lcl.h
+++ b/crypto/objects/obj_lcl.h
@@ -1,4 +1,11 @@
@@ -82924,8 +88931,6 @@
typedef struct name_funcs_st NAME_FUNCS;
DEFINE_STACK_OF(NAME_FUNCS)
-diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
-index 3b1c558..33075e6 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -1,58 +1,10 @@
@@ -83074,8 +89079,6 @@
}
int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
-diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
-index 34d6448..627f5bc 100644
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -1,59 +1,10 @@
@@ -83143,8 +89146,6 @@
*/
#include <openssl/objects.h>
-diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
-index 7096ca5..d09aa71 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -1,4 +1,15 @@
@@ -83164,9 +89165,6 @@
typedef struct {
int sign_id;
-diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README
-deleted file mode 100644
-index cb1d216..0000000
--- a/crypto/objects/objects.README
+++ /dev/null
@@ -1,44 +0,0 @@
@@ -83214,8 +89212,6 @@
-Lines starting with # are treated as comments, as well as any line starting
-with ! and not matching the commands above.
-
-diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl
-index 107647a..3b40277 100644
--- a/crypto/objects/objects.pl
+++ b/crypto/objects/objects.pl
@@ -1,4 +1,10 @@
@@ -83303,8 +89299,6 @@
*/
#define SN_undef "UNDEF"
-diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
-index 7ebd74c..53f9bd6 100644
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -1,4 +1,11 @@
@@ -83340,9 +89334,6 @@
typedef struct {
int sign_id;
-diff --git a/crypto/ocsp/Makefile.in b/crypto/ocsp/Makefile.in
-deleted file mode 100644
-index 0f8ae43..0000000
--- a/crypto/ocsp/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -83392,8 +89383,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
-index 3ee6f94..1e0b827 100644
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@@ -1,60 +1,12 @@
@@ -83463,8 +89452,6 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/ocsp.h>
-diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
-index e8eaaff..195d87c 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -1,73 +1,16 @@
@@ -83546,8 +89533,52 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
-diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
-index 9043dd2..59bcf85 100644
+@@ -89,11 +32,13 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_R
+ OCSP_ONEREQ *one = NULL;
+
+ if ((one = OCSP_ONEREQ_new()) == NULL)
+- goto err;
++ return NULL;
+ OCSP_CERTID_free(one->reqCert);
+ one->reqCert = cid;
+- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
++ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
++ one->reqCert = NULL; /* do not free on error */
+ goto err;
++ }
+ return one;
+ err:
+ OCSP_ONEREQ_free(one);
+@@ -248,6 +193,29 @@ ASN1_GENERALIZEDTIME *OCSP_resp_get0_pro
+ return bs->tbsResponseData.producedAt;
+ }
+
++const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
++{
++ return bs->certs;
++}
++
++int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
++ const ASN1_OCTET_STRING **pid,
++ const X509_NAME **pname)
++
++{
++ const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
++ if (rid->type == V_OCSP_RESPID_NAME) {
++ *pname = rid->value.byName;
++ *pid = NULL;
++ } else if (rid->type == V_OCSP_RESPID_KEY) {
++ *pid = rid->value.byKey;
++ *pname = NULL;
++ } else {
++ return 0;
++ }
++ return 1;
++}
++
+ /* Look single response matching a given certificate ID */
+
+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
--- a/crypto/ocsp/ocsp_err.c
+++ b/crypto/ocsp/ocsp_err.c
@@ -1,61 +1,11 @@
@@ -83627,7 +89658,7 @@
{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"},
{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-@@ -84,15 +33,11 @@ static ERR_STRING_DATA OCSP_str_functs[] = {
+@@ -84,15 +33,11 @@ static ERR_STRING_DATA OCSP_str_functs[]
{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
@@ -83643,7 +89674,7 @@
{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
{ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
-@@ -106,8 +51,6 @@ static ERR_STRING_DATA OCSP_str_reasons[] = {
+@@ -106,8 +51,6 @@ static ERR_STRING_DATA OCSP_str_reasons[
"nextupdate before thisupdate"},
{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
@@ -83652,7 +89683,7 @@
{ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
{ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
{ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"},
-@@ -117,11 +60,9 @@ static ERR_STRING_DATA OCSP_str_reasons[] = {
+@@ -117,11 +60,9 @@ static ERR_STRING_DATA OCSP_str_reasons[
{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
"response contains no revocation data"},
{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
@@ -83664,8 +89695,21 @@
{ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
"signer certificate not found"},
-diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
-index 854da8e..a993899 100644
+@@ -137,7 +78,7 @@ static ERR_STRING_DATA OCSP_str_reasons[
+
+ #endif
+
+-void ERR_load_OCSP_strings(void)
++int ERR_load_OCSP_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -146,4 +87,5 @@ void ERR_load_OCSP_strings(void)
+ ERR_load_strings(0, OCSP_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -1,66 +1,10 @@
@@ -83740,7 +89784,7 @@
*/
#include <stdio.h>
-@@ -509,12 +453,16 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
+@@ -509,12 +453,16 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509
goto err;
ad->location->type = GEN_URI;
ad->location->d.ia5 = ia5;
@@ -83757,8 +89801,6 @@
OCSP_SERVICELOC_free(sloc);
return x;
}
-diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
-index f69d4df..680edfa 100644
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -1,59 +1,10 @@
@@ -83826,8 +89868,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h
-index df4ff40..f93a268 100644
--- a/crypto/ocsp/ocsp_lcl.h
+++ b/crypto/ocsp/ocsp_lcl.h
@@ -1,66 +1,10 @@
@@ -83902,8 +89942,6 @@
*/
/*- CertID ::= SEQUENCE {
-diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
-index 8814190..5ff2f31 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -1,72 +1,15 @@
@@ -83984,8 +90022,6 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
-diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
-index 8ac3d82..5605812 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -1,72 +1,17 @@
@@ -84090,7 +90126,7 @@
const char *OCSP_response_status_str(long s)
{
static const OCSP_TBLSTR rstat_tbl[] = {
-@@ -109,7 +56,7 @@ const char *OCSP_response_status_str(long s)
+@@ -109,7 +56,7 @@ const char *OCSP_response_status_str(lon
{OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
{OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
};
@@ -84117,8 +90153,6 @@
}
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
-diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
-index e98c649..443161c 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -1,65 +1,15 @@
@@ -84192,8 +90226,6 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
-diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
-index 2b55401..e2cfa6d 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -1,59 +1,10 @@
@@ -84261,7 +90293,7 @@
*/
#include <openssl/ocsp.h>
-@@ -176,7 +127,6 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+@@ -176,7 +127,6 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
if (bs->certs && certs)
sk_X509_free(untrusted);
return ret;
@@ -84269,8 +90301,6 @@
err:
ret = 0;
-diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
-index 142deac..2d425a8 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -1,59 +1,10 @@
@@ -84338,8 +90368,6 @@
*/
# include <stdio.h>
-diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl
-index bfc56fd..f82e27a 100644
--- a/crypto/pariscid.pl
+++ b/crypto/pariscid.pl
@@ -1,4 +1,11 @@
@@ -84355,10 +90383,14 @@
$flavour = shift;
$output = shift;
-@@ -131,6 +138,37 @@ L\$done
- ___
- }
- {
+@@ -127,6 +134,37 @@ L\$done
+ bv ($rp)
+ .EXIT
+ nop
++ .PROCEND
++___
++}
++{
+my ($in1,$in2,$len)=("%r26","%r25","%r24");
+
+$code.=<<___;
@@ -84386,16 +90418,9 @@
+ bv ($rp)
+ .EXIT
+ nop
-+ .PROCEND
-+___
-+}
-+{
- my ($out,$cnt,$max)=("%r26","%r25","%r24");
- my ($tick,$lasttick)=("%r23","%r22");
- my ($diff,$lastdiff)=("%r21","%r20");
-diff --git a/crypto/pem/Makefile.in b/crypto/pem/Makefile.in
-deleted file mode 100644
-index fab3663..0000000
+ .PROCEND
+ ___
+ }
--- a/crypto/pem/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -84445,9 +90470,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/pem/message b/crypto/pem/message
-deleted file mode 100644
-index e8bf9d7..0000000
--- a/crypto/pem/message
+++ /dev/null
@@ -1,16 +0,0 @@
@@ -84467,8 +90489,6 @@
-
------END PRIVACY-ENHANCED MESSAGE-----
-
-diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
-index 5967b6e..0e71813 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -1,111 +1,10 @@
@@ -84589,8 +90609,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
-index 793a0a3..7a42535 100644
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
@@ -1,61 +1,11 @@
@@ -84662,7 +90680,7 @@
*/
#include <stdio.h>
-@@ -92,10 +42,7 @@ static ERR_STRING_DATA PEM_str_functs[] = {
+@@ -92,10 +42,7 @@ static ERR_STRING_DATA PEM_str_functs[]
{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
@@ -84673,7 +90691,7 @@
{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
{ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"},
-@@ -129,21 +76,23 @@ static ERR_STRING_DATA PEM_str_reasons[] = {
+@@ -129,21 +76,23 @@ static ERR_STRING_DATA PEM_str_reasons[]
"expecting private key blob"},
{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
"expecting public key blob"},
@@ -84698,8 +90716,21 @@
{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
-diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
-index 1b1cde4..dd493c8 100644
+@@ -153,7 +102,7 @@ static ERR_STRING_DATA PEM_str_reasons[]
+
+ #endif
+
+-void ERR_load_PEM_strings(void)
++int ERR_load_PEM_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -162,4 +111,5 @@ void ERR_load_PEM_strings(void)
+ ERR_load_strings(0, PEM_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -1,58 +1,10 @@
@@ -84767,14 +90798,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
-index 5e7aa77..8965fda 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -1,62 +1,15 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -84822,9 +90853,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -84841,7 +90870,7 @@
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
-@@ -78,41 +31,49 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
+@@ -78,41 +31,49 @@ int pem_check_suffix(const char *pem_str
int PEM_def_callback(char *buf, int num, int w, void *key)
{
#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
@@ -84902,7 +90931,7 @@
#endif
}
-@@ -344,7 +305,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+@@ -344,7 +305,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d,
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
@@ -84911,7 +90940,7 @@
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
}
-@@ -431,115 +392,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+@@ -431,115 +392,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d,
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
pem_password_cb *callback, void *u)
{
@@ -85124,7 +91153,7 @@
}
static int load_iv(char **fromp, unsigned char *to, int num)
-@@ -552,13 +551,8 @@ static int load_iv(char **fromp, unsigned char *to, int num)
+@@ -552,13 +551,8 @@ static int load_iv(char **fromp, unsigne
to[i] = 0;
num *= 2;
for (i = 0; i < num; i++) {
@@ -85140,7 +91169,7 @@
PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
return (0);
}
-@@ -624,7 +618,8 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
+@@ -624,7 +618,8 @@ int PEM_write_bio(BIO *bp, const char *n
i = j = 0;
while (len > 0) {
n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
@@ -85150,8 +91179,6 @@
if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
i += outl;
-diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c
-index fbdff0a..cc7a8db 100644
--- a/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.c
@@ -1,58 +1,10 @@
@@ -85227,14 +91254,14 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
-diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
-index f6f0363..993c595 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -85282,9 +91309,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -85304,8 +91329,6 @@
#include <openssl/x509.h>
#include <openssl/pkcs12.h>
#include <openssl/pem.h>
-diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
-index ef0c0e4..6308622 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -1,58 +1,10 @@
@@ -85381,7 +91404,7 @@
#include <openssl/x509.h>
#include <openssl/pkcs12.h>
#include <openssl/pem.h>
-@@ -143,11 +94,18 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+@@ -143,11 +94,18 @@ int PEM_write_bio_PrivateKey(BIO *bp, EV
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
@@ -85402,8 +91425,6 @@
BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
pem_str, bp, x, enc, kstr, klen, cb, u);
-diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
-index fb8c9dd..12ad974 100644
--- a/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
@@ -1,63 +1,14 @@
@@ -85476,8 +91497,6 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c
-index 26117b5..3a99756 100644
--- a/crypto/pem/pem_x509.c
+++ b/crypto/pem/pem_x509.c
@@ -1,59 +1,10 @@
@@ -85545,8 +91564,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
-index eb66fb6..6d7e1db 100644
--- a/crypto/pem/pem_xaux.c
+++ b/crypto/pem/pem_xaux.c
@@ -1,59 +1,10 @@
@@ -85614,9 +91631,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis
-deleted file mode 100644
-index be90c5d..0000000
--- a/crypto/pem/pkcs7.lis
+++ /dev/null
@@ -1,22 +0,0 @@
@@ -85642,8 +91656,6 @@
- 00 2072:d=0 hl=2 l= 0 prim: univ: EOC
- 00 2074:d=0 hl=2 l= 0 prim: univ: EOC
-00 2076:d=0 hl=2 l= 0 prim: univ: EOC
-diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
-index 634cc59..bf512ec 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -1,59 +1,10 @@
@@ -85711,7 +91723,7 @@
*/
/*
-@@ -356,6 +307,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
+@@ -356,6 +307,7 @@ static EVP_PKEY *b2i_rsa(const unsigned
const unsigned char *pin = *in;
EVP_PKEY *ret = NULL;
BIGNUM *e = NULL, *n = NULL, *d = NULL;
@@ -85719,7 +91731,7 @@
RSA *rsa = NULL;
unsigned int nbyte, hnbyte;
nbyte = (bitlen + 7) >> 3;
-@@ -372,7 +324,6 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
+@@ -372,7 +324,6 @@ static EVP_PKEY *b2i_rsa(const unsigned
if (!read_lebn(&pin, nbyte, &n))
goto memerr;
if (!ispub) {
@@ -85727,7 +91739,7 @@
if (!read_lebn(&pin, hnbyte, &p))
goto memerr;
if (!read_lebn(&pin, hnbyte, &q))
-@@ -388,7 +339,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
+@@ -388,7 +339,7 @@ static EVP_PKEY *b2i_rsa(const unsigned
RSA_set0_factors(rsa, p, q);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
}
@@ -85736,7 +91748,7 @@
EVP_PKEY_set1_RSA(ret, rsa);
RSA_free(rsa);
-@@ -396,6 +347,14 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
+@@ -396,6 +347,14 @@ static EVP_PKEY *b2i_rsa(const unsigned
return ret;
memerr:
PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
@@ -85751,7 +91763,7 @@
RSA_free(rsa);
EVP_PKEY_free(ret);
return NULL;
-@@ -508,7 +467,8 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+@@ -508,7 +467,8 @@ static int do_i2b_bio(BIO *out, EVP_PKEY
static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
{
int bitlen;
@@ -85761,7 +91773,7 @@
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
-@@ -535,7 +495,7 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+@@ -535,7 +495,7 @@ static int check_bitlen_dsa(DSA *dsa, in
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
int nbyte, hnbyte, bitlen;
@@ -85770,7 +91782,7 @@
RSA_get0_key(rsa, &e, NULL, NULL);
if (BN_num_bits(e) > 32)
-@@ -547,7 +507,7 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+@@ -547,7 +507,7 @@ static int check_bitlen_rsa(RSA *rsa, in
*pmagic = MS_RSA1MAGIC;
return bitlen;
} else {
@@ -85779,7 +91791,7 @@
*pmagic = MS_RSA2MAGIC;
-@@ -575,7 +535,7 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+@@ -575,7 +535,7 @@ static int check_bitlen_rsa(RSA *rsa, in
static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
{
int nbyte, hnbyte;
@@ -85788,7 +91800,7 @@
nbyte = RSA_size(rsa);
hnbyte = (RSA_bits(rsa) + 15) >> 4;
-@@ -597,7 +557,8 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+@@ -597,7 +557,8 @@ static void write_rsa(unsigned char **ou
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
{
int nbyte;
@@ -85798,7 +91810,7 @@
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
-@@ -798,27 +759,30 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+@@ -798,27 +759,30 @@ static int i2b_PVK(unsigned char **out,
pem_password_cb *cb, void *u)
{
int outlen = 24, pklen;
@@ -85835,7 +91847,7 @@
write_ledword(&p, MS_PVKMAGIC);
write_ledword(&p, 0);
if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
-@@ -835,9 +799,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+@@ -835,9 +799,7 @@ static int i2b_PVK(unsigned char **out,
p += PVK_SALTLEN;
}
do_i2b(&p, pk, 0);
@@ -85846,7 +91858,7 @@
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
-@@ -863,11 +825,18 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+@@ -863,11 +825,18 @@ static int i2b_PVK(unsigned char **out,
if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
}
@@ -85865,9 +91877,6 @@
return -1;
}
-diff --git a/crypto/perlasm/README b/crypto/perlasm/README
-new file mode 100644
-index 0000000..2c8435c
--- /dev/null
+++ b/crypto/perlasm/README
@@ -0,0 +1,124 @@
@@ -85995,8 +92004,6 @@
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
-diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl
-index ecd3198..ca2f8b9 100755
--- a/crypto/perlasm/arm-xlate.pl
+++ b/crypto/perlasm/arm-xlate.pl
@@ -1,6 +1,12 @@
@@ -86023,8 +92030,6 @@
if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; }
-diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
-index 24561e7..ad79b24 100644
--- a/crypto/perlasm/cbc.pl
+++ b/crypto/perlasm/cbc.pl
@@ -1,4 +1,11 @@
@@ -86040,8 +92045,6 @@
# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
# des_cblock (*input);
-diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
-index bc79b46..2d46e24 100755
--- a/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/perlasm/ppc-xlate.pl
@@ -1,6 +1,10 @@
@@ -86058,9 +92061,6 @@
my $flavour = shift;
my $output = shift;
-diff --git a/crypto/perlasm/readme b/crypto/perlasm/readme
-deleted file mode 100644
-index 2c8435c..0000000
--- a/crypto/perlasm/readme
+++ /dev/null
@@ -1,124 +0,0 @@
@@ -86188,8 +92188,6 @@
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
-
-diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
-index 81e6026..bfdada8 100644
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
@@ -1,4 +1,11 @@
@@ -86205,7 +92203,7 @@
# Specific modes implementations for SPARC Architecture 2011. There
# is T4 dependency though, an ASI value that is not specified in the
-@@ -41,6 +48,7 @@ ${alg}${bits}_t4_cbc_encrypt:
+@@ -41,6 +48,7 @@ my ($alg,$bits) = @_;
save %sp, -$::frame, %sp
cmp $len, 0
be,pn $::size_t_cc, .L${bits}_cbc_enc_abort
@@ -86213,7 +92211,7 @@
sub $inp, $out, $blk_init ! $inp!=$out
___
$::code.=<<___ if (!$::evp);
-@@ -258,6 +266,7 @@ ${alg}${bits}_t4_cbc_decrypt:
+@@ -258,6 +266,7 @@ my ($alg,$bits) = @_;
save %sp, -$::frame, %sp
cmp $len, 0
be,pn $::size_t_cc, .L${bits}_cbc_dec_abort
@@ -86221,7 +92219,7 @@
sub $inp, $out, $blk_init ! $inp!=$out
___
$::code.=<<___ if (!$::evp);
-@@ -617,6 +626,7 @@ $::code.=<<___;
+@@ -617,6 +626,7 @@ my ($alg,$bits) = @_;
.align 32
${alg}${bits}_t4_ctr32_encrypt:
save %sp, -$::frame, %sp
@@ -86229,7 +92227,7 @@
prefetch [$inp], 20
prefetch [$inp + 63], 20
-@@ -920,6 +930,7 @@ $::code.=<<___;
+@@ -920,6 +930,7 @@ my $rem=$ivec;
.align 32
${alg}${bits}_t4_xts_${dir}crypt:
save %sp, -$::frame-16, %sp
@@ -86237,8 +92235,6 @@
mov $ivec, %o0
add %fp, $::bias-16, %o1
-diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
-index 80ab17f..60b98d7 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -1,4 +1,11 @@
@@ -86776,7 +92772,7 @@
my %regrm = ( "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7 );
-@@ -701,9 +728,9 @@ my $movq = sub { # elderly gas can't handle inter-register movq
+@@ -701,9 +728,9 @@ my $movq = sub { # elderly gas can't han
my $pextrd = sub {
if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
my @opcode=(0x66);
@@ -86802,6 +92798,24 @@
if ($src =~ /%r([0-9]+)/) { $src = $1; }
elsif ($src =~ /%e/) { $src = $regrm{$src}; }
rex(\@opcode,$dst,$src);
+@@ -778,7 +805,7 @@ my $rdrand = sub {
+ my @opcode=();
+ my $dst=$1;
+ if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+- rex(\@opcode,0,$1,8);
++ rex(\@opcode,0,$dst,8);
+ push @opcode,0x0f,0xc7,0xf0|($dst&7);
+ @opcode;
+ } else {
+@@ -791,7 +818,7 @@ my $rdseed = sub {
+ my @opcode=();
+ my $dst=$1;
+ if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+- rex(\@opcode,0,$1,8);
++ rex(\@opcode,0,$dst,8);
+ push @opcode,0x0f,0xc7,0xf8|($dst&7);
+ @opcode;
+ } else {
@@ -800,14 +827,14 @@ my $rdseed = sub {
};
@@ -86830,7 +92844,7 @@
if ($nasm) {
print <<___;
default rel
-@@ -850,7 +881,7 @@ ___
+@@ -850,7 +881,7 @@ default rel
OPTION DOTNAME
___
}
@@ -86848,11 +92862,12 @@
- undef @args;
-
- if ($label=label->re(\$line)) { print $label->out(); }
-+ if (my $label=label->re(\$line)) { print $label->out(); }
-
+-
- if (directive->re(\$line)) {
- printf "%s",directive->out();
- } elsif ($opcode=opcode->re(\$line)) {
++ if (my $label=label->re(\$line)) { print $label->out(); }
++
+ if (my $directive=directive->re(\$line)) {
+ printf "%s",$directive->out();
+ } elsif (my $opcode=opcode->re(\$line)) {
@@ -86898,8 +92913,6 @@
if ($gas) {
$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
-diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl
-index cae156a..1ff46c9 100644
--- a/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
@@ -1,4 +1,11 @@
@@ -86927,8 +92940,6 @@
# label management
$lbdecor="L"; # local label decoration, set by package
$label="000";
-diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
-index 9ee6fa3..2c8fce0 100644
--- a/crypto/perlasm/x86gas.pl
+++ b/crypto/perlasm/x86gas.pl
@@ -1,4 +1,11 @@
@@ -86944,8 +92955,6 @@
package x86gas;
-diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl
-index 917d0f8..a0a354c 100644
--- a/crypto/perlasm/x86masm.pl
+++ b/crypto/perlasm/x86masm.pl
@@ -1,4 +1,11 @@
@@ -86961,8 +92970,6 @@
package x86masm;
-diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl
-index 5d92f60..4b664a8 100644
--- a/crypto/perlasm/x86nasm.pl
+++ b/crypto/perlasm/x86nasm.pl
@@ -1,4 +1,11 @@
@@ -86978,9 +92985,6 @@
package x86nasm;
-diff --git a/crypto/pkcs12/Makefile.in b/crypto/pkcs12/Makefile.in
-deleted file mode 100644
-index abca0e7..0000000
--- a/crypto/pkcs12/Makefile.in
+++ /dev/null
@@ -1,49 +0,0 @@
@@ -87033,8 +93037,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
-index b7dffc4..8a5ad20 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -1,59 +1,10 @@
@@ -87102,8 +93104,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
-index 2f9481e..f2bfe32 100644
--- a/crypto/pkcs12/p12_asn.c
+++ b/crypto/pkcs12/p12_asn.c
@@ -1,59 +1,10 @@
@@ -87171,8 +93171,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
-index 994f386..bf44c0a 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -1,59 +1,10 @@
@@ -87240,8 +93238,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
-index 666b500..1fe140a 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -1,59 +1,10 @@
@@ -87309,8 +93305,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
-index 1fd22c0..10cf8dd 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -1,59 +1,10 @@
@@ -87378,7 +93372,7 @@
*/
#include <stdio.h>
-@@ -77,7 +28,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+@@ -77,7 +28,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG
return 1;
}
@@ -87387,7 +93381,7 @@
STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
int mac_iter, int keytype)
{
-@@ -219,7 +170,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+@@ -219,7 +170,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF
PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
EVP_PKEY *key, int key_usage, int iter,
@@ -87396,7 +93390,7 @@
{
PKCS12_SAFEBAG *bag = NULL;
-@@ -252,7 +203,7 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+@@ -252,7 +203,7 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(
}
int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -87405,8 +93399,6 @@
{
PKCS7 *p7 = NULL;
int free_safes = 0;
-diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
-index 2a89a48..9ad17d7 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -1,59 +1,10 @@
@@ -87474,8 +93466,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
-index 9c82969..a78e183 100644
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -1,59 +1,10 @@
@@ -87543,8 +93533,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
-index 6a9a325..4f1d29b 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -1,59 +1,10 @@
@@ -87612,7 +93600,7 @@
*/
#include <stdio.h>
-@@ -128,8 +79,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+@@ -128,8 +79,8 @@ int PKCS12_key_gen_uni(unsigned char *pa
#endif
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
@@ -87623,8 +93611,6 @@
D = OPENSSL_malloc(v);
Ai = OPENSSL_malloc(u);
B = OPENSSL_malloc(v + 1);
-diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
-index ec59d83..ea7e0c9 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -1,59 +1,10 @@
@@ -87692,8 +93678,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_lcl.h b/crypto/pkcs12/p12_lcl.h
-index 49dc90c..8930875 100644
--- a/crypto/pkcs12/p12_lcl.h
+++ b/crypto/pkcs12/p12_lcl.h
@@ -1,59 +1,10 @@
@@ -87761,8 +93745,6 @@
*/
struct PKCS12_MAC_DATA_st {
-diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
-index 0395358..9bd672a 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -1,59 +1,10 @@
@@ -87830,8 +93812,6 @@
*/
# include <stdio.h>
-diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
-index e23d035..21bd772 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -1,59 +1,10 @@
@@ -87923,7 +93903,7 @@
{
/* Check for NULL PKCS12 structure */
-@@ -103,20 +55,21 @@ int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
+@@ -103,20 +55,21 @@ int PKCS12_newpass(PKCS12 *p12, char *ol
/* Parse the outer PKCS#12 structure */
@@ -87950,7 +93930,7 @@
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
-@@ -125,63 +78,59 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
+@@ -125,63 +78,59 @@ static int newpass_p12(PKCS12 *p12, char
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
if (!alg_get(p7->d.encrypted->enc_data->algorithm,
@@ -88043,7 +94023,7 @@
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-@@ -193,7 +142,8 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+@@ -193,7 +142,8 @@ static int newpass_bags(STACK_OF(PKCS12_
/* Change password of safebag: only needs handle shrouded keybags */
@@ -88053,7 +94033,7 @@
{
PKCS8_PRIV_KEY_INFO *p8;
X509_SIG *p8new;
-@@ -208,8 +158,10 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
+@@ -208,8 +158,10 @@ static int newpass_bag(PKCS12_SAFEBAG *b
X509_SIG_get0(&shalg, NULL, bag->value.shkeybag);
if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
return 0;
@@ -88066,8 +94046,6 @@
return 0;
X509_SIG_free(bag->value.shkeybag);
bag->value.shkeybag = p8new;
-diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c
-index 8980abe..97577da 100644
--- a/crypto/pkcs12/p12_p8d.c
+++ b/crypto/pkcs12/p12_p8d.c
@@ -1,59 +1,10 @@
@@ -88135,8 +94113,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
-index b79ca64..86a07e1 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -1,59 +1,10 @@
@@ -88204,8 +94180,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
-index ffdf22d..c8564b4 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -1,60 +1,10 @@
@@ -88274,8 +94248,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
-index 817327f..408c495 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -1,59 +1,10 @@
@@ -88343,8 +94315,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
-index 0850da8..36053f1 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -1,61 +1,11 @@
@@ -88431,7 +94401,7 @@
{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
-@@ -102,7 +44,6 @@ static ERR_STRING_DATA PKCS12_str_functs[] = {
+@@ -102,7 +44,6 @@ static ERR_STRING_DATA PKCS12_str_functs
{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
@@ -88439,7 +94409,7 @@
{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
{ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"},
{0, NULL}
-@@ -125,7 +66,6 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = {
+@@ -125,7 +66,6 @@ static ERR_STRING_DATA PKCS12_str_reason
{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
@@ -88447,9 +94417,21 @@
{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
{ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
-diff --git a/crypto/pkcs7/Makefile.in b/crypto/pkcs7/Makefile.in
-deleted file mode 100644
-index b71d562..0000000
+@@ -141,7 +81,7 @@ static ERR_STRING_DATA PKCS12_str_reason
+
+ #endif
+
+-void ERR_load_PKCS12_strings(void)
++int ERR_load_PKCS12_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -150,4 +90,5 @@ void ERR_load_PKCS12_strings(void)
+ ERR_load_strings(0, PKCS12_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/pkcs7/Makefile.in
+++ /dev/null
@@ -1,50 +0,0 @@
@@ -88503,8 +94485,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/pkcs7/bio_pk7.c b/crypto/pkcs7/bio_pk7.c
-index 6014b12..29feaa3 100644
--- a/crypto/pkcs7/bio_pk7.c
+++ b/crypto/pkcs7/bio_pk7.c
@@ -1,55 +1,10 @@
@@ -88568,8 +94548,6 @@
*/
#include <openssl/asn1.h>
-diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
-index 485e676..315e1b8 100644
--- a/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
@@ -1,59 +1,10 @@
@@ -88637,8 +94615,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
-index 84c59aa..5f71670 100644
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -1,59 +1,10 @@
@@ -88706,8 +94682,51 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
-index 4b1376e..965fb37 100644
+@@ -98,6 +49,7 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap
+ /* Basic smime-capabilities OID and optional integer arg */
+ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+ {
++ ASN1_INTEGER *nbit = NULL;
+ X509_ALGOR *alg;
+
+ if ((alg = X509_ALGOR_new()) == NULL) {
+@@ -107,24 +59,28 @@ int PKCS7_simple_smimecap(STACK_OF(X509_
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = OBJ_nid2obj(nid);
+ if (arg > 0) {
+- ASN1_INTEGER *nbit;
+ if ((alg->parameter = ASN1_TYPE_new()) == NULL) {
+- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ if ((nbit = ASN1_INTEGER_new()) == NULL) {
+- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ if (!ASN1_INTEGER_set(nbit, arg)) {
+- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ alg->parameter->value.integer = nbit;
+ alg->parameter->type = V_ASN1_INTEGER;
++ nbit = NULL;
++ }
++ if (!sk_X509_ALGOR_push(sk, alg)) {
++ goto err;
+ }
+- sk_X509_ALGOR_push(sk, alg);
+ return 1;
++err:
++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
++ ASN1_INTEGER_free(nbit);
++ X509_ALGOR_free(alg);
++ return 0;
+ }
+
+ int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
--- a/crypto/pkcs7/pk7_dgst.c
+++ b/crypto/pkcs7/pk7_dgst.c
@@ -1,64 +1,15 @@
@@ -88781,8 +94800,6 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
-diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
-index 9d66fc4..bc6bd30 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1,58 +1,10 @@
@@ -88850,7 +94867,7 @@
*/
#include <stdio.h>
-@@ -630,7 +582,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+@@ -630,7 +582,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
BIO_free_all(btmp);
BIO_free_all(etmp);
BIO_free_all(bio);
@@ -88877,8 +94894,6 @@
}
if (!PKCS7_is_detached(p7)) {
-diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
-index cf47843..3c59f9c 100644
--- a/crypto/pkcs7/pk7_enc.c
+++ b/crypto/pkcs7/pk7_enc.c
@@ -1,64 +1,15 @@
@@ -88952,8 +94967,6 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
-diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
-index cdf7302..69c68cf 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,58 +1,10 @@
@@ -89021,8 +95034,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
-index 19130ee..97474cf 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -1,61 +1,15 @@
@@ -89092,8 +95103,6 @@
#include <openssl/x509.h>
#include <openssl/asn1.h>
-diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
-index 7c2d5c9..4418723 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -1,59 +1,10 @@
@@ -89161,8 +95170,6 @@
*/
/* Simple PKCS#7 processing functions */
-diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
-index d897cfb..bcb479d 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -1,61 +1,11 @@
@@ -89250,7 +95257,7 @@
{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
-@@ -88,7 +36,6 @@ static ERR_STRING_DATA PKCS7_str_functs[] = {
+@@ -88,7 +36,6 @@ static ERR_STRING_DATA PKCS7_str_functs[
{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
@@ -89258,7 +95265,7 @@
{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"},
-@@ -109,21 +56,18 @@ static ERR_STRING_DATA PKCS7_str_functs[] = {
+@@ -109,21 +56,18 @@ static ERR_STRING_DATA PKCS7_str_functs[
{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
@@ -89284,7 +95291,7 @@
{ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
{ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
-@@ -131,37 +75,23 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = {
+@@ -131,37 +75,23 @@ static ERR_STRING_DATA PKCS7_str_reasons
"encryption not supported for this key type"},
{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
@@ -89324,7 +95331,7 @@
{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
"private key does not match certificate"},
{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
-@@ -170,7 +100,6 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = {
+@@ -170,7 +100,6 @@ static ERR_STRING_DATA PKCS7_str_reasons
{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
"signing not supported for this key type"},
@@ -89332,7 +95339,7 @@
{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
"unable to find certificate"},
-@@ -180,7 +109,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = {
+@@ -180,7 +109,8 @@ static ERR_STRING_DATA PKCS7_str_reasons
{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
@@ -89342,9 +95349,21 @@
{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
{0, NULL}
-diff --git a/crypto/poly1305/Makefile.in b/crypto/poly1305/Makefile.in
-deleted file mode 100644
-index 0601bf7..0000000
+@@ -188,7 +118,7 @@ static ERR_STRING_DATA PKCS7_str_reasons
+
+ #endif
+
+-void ERR_load_PKCS7_strings(void)
++int ERR_load_PKCS7_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -197,4 +127,5 @@ void ERR_load_PKCS7_strings(void)
+ ERR_load_strings(0, PKCS7_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/poly1305/Makefile.in
+++ /dev/null
@@ -1,61 +0,0 @@
@@ -89409,8 +95428,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl
-index aa3f228..fc899ce 100755
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
@@ -1,4 +1,11 @@
@@ -89435,7 +95452,7 @@
# Cortex-A8 6.25/+115% 2.36
# Cortex-A9 5.10/+95% 2.55
# Cortex-A15 3.85/+85% 1.25(**)
-@@ -523,6 +530,51 @@ poly1305_init_neon:
+@@ -523,6 +530,51 @@ my ($in2,$zeros,$tbl0,$tbl1) = map("r$_"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
@ and P. Schwabe
@@ -89487,7 +95504,7 @@
vshr.u64 $T0,$D3,#26
vmovn.i64 $D3#lo,$D3
-@@ -887,7 +939,8 @@ poly1305_blocks_neon:
+@@ -887,7 +939,8 @@ my ($in2,$zeros,$tbl0,$tbl1) = map("r$_"
# endif
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ -89497,7 +95514,7 @@
vshr.u64 $T0,$D3,#26
vmovn.i64 $D3#lo,$D3
-@@ -915,19 +968,20 @@ poly1305_blocks_neon:
+@@ -915,19 +968,20 @@ my ($in2,$zeros,$tbl0,$tbl1) = map("r$_"
vbic.i32 $H3,#0xfc000000
vshrn.u64 $T1#lo,$D2,#26
vmovn.i64 $D2#lo,$D2
@@ -89521,8 +95538,6 @@
vadd.i32 $D1#lo,$D1#lo,$T0#lo @ h0 -> h1
vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4
vbic.i32 $H1,#0xfc000000
-diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl
-index 2e1dae3..98a96b7 100755
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
@@ -1,4 +1,11 @@
@@ -89547,7 +95562,7 @@
#
# (*) estimate based on resources availability is less than 1.0,
# i.e. measured result is worse than expected, presumably binary
-@@ -507,9 +514,11 @@ poly1305_blocks_neon:
+@@ -507,9 +514,11 @@ my $is_base2_26 = $zeros; # borrow
fmov $IN01_1,x6
add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32
add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32
@@ -89559,7 +95574,7 @@
b.ls .Lskip_loop
-@@ -660,41 +669,43 @@ poly1305_blocks_neon:
+@@ -660,41 +669,43 @@ my $is_base2_26 = $zeros; # borrow
fmov $IN01_2,x8
umlal $ACC2,$IN01_4,${S3}[0]
fmov $IN01_3,x10
@@ -89615,7 +95630,7 @@
add $H1,$H1,$T0.2s // h0 -> h1
add $H4,$H4,$T1.2s // h3 -> h4
-@@ -702,9 +713,7 @@ poly1305_blocks_neon:
+@@ -702,9 +713,7 @@ my $is_base2_26 = $zeros; # borrow
.Lskip_loop:
dup $IN23_2,${IN23_2}[0]
@@ -89625,8 +95640,6 @@
////////////////////////////////////////////////////////////////
// multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
-diff --git a/crypto/poly1305/asm/poly1305-c64xplus.pl b/crypto/poly1305/asm/poly1305-c64xplus.pl
-index a7cf47d..93fef37 100755
--- a/crypto/poly1305/asm/poly1305-c64xplus.pl
+++ b/crypto/poly1305/asm/poly1305-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -89642,9 +95655,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/poly1305/asm/poly1305-mips.pl b/crypto/poly1305/asm/poly1305-mips.pl
-new file mode 100755
-index 0000000..d2b3e90
--- /dev/null
+++ b/crypto/poly1305/asm/poly1305-mips.pl
@@ -0,0 +1,425 @@
@@ -90073,8 +96083,6 @@
+print $code;
+close STDOUT;
+
-diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl
-index 07da9d1..8a06c77 100755
--- a/crypto/poly1305/asm/poly1305-ppc.pl
+++ b/crypto/poly1305/asm/poly1305-ppc.pl
@@ -1,4 +1,11 @@
@@ -90090,8 +96098,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl
-index c8636a4..49f70a8 100755
--- a/crypto/poly1305/asm/poly1305-ppcfp.pl
+++ b/crypto/poly1305/asm/poly1305-ppcfp.pl
@@ -1,4 +1,11 @@
@@ -90107,8 +96113,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl
-index 141ba8d..82d757d 100755
--- a/crypto/poly1305/asm/poly1305-s390x.pl
+++ b/crypto/poly1305/asm/poly1305-s390x.pl
@@ -1,4 +1,11 @@
@@ -90124,8 +96128,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl
-index 497e270..0bdd048 100755
--- a/crypto/poly1305/asm/poly1305-sparcv9.pl
+++ b/crypto/poly1305/asm/poly1305-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -90141,7 +96143,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -74,8 +81,8 @@ poly1305_init:
+@@ -74,8 +81,8 @@ SPARC_PIC_THUNK(%g1)
SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1)
ld [%g1],%g1
@@ -90152,7 +96154,7 @@
be .Lpoly1305_init_fma
nop
-@@ -132,13 +139,14 @@ poly1305_init:
+@@ -132,13 +139,14 @@ SPARC_PIC_THUNK(%g1)
.Lno_key:
ret
restore %g0,%g0,%o0 ! return 0
@@ -90168,7 +96170,7 @@
brz,pn $len,.Lno_data
nop
-@@ -194,7 +202,7 @@ poly1305_blocks:
+@@ -194,7 +202,7 @@ SPARC_PIC_THUNK(%g1)
umul $r1,$h0,$d1
umul $r2,$h0,$d2
umul $r3,$h0,$d3
@@ -90177,7 +96179,7 @@
add $inp,16,$inp
umul $s3,$h1,$t0
-@@ -264,6 +272,7 @@ poly1305_blocks:
+@@ -264,6 +272,7 @@ SPARC_PIC_THUNK(%g1)
.Lno_data:
ret
restore
@@ -90185,7 +96187,7 @@
.size poly1305_blocks,.-poly1305_blocks
___
########################################################################
-@@ -276,7 +285,7 @@ $code.=<<___;
+@@ -276,7 +285,7 @@ my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)
.align 32
poly1305_blocks_vis3:
save %sp,-STACK_FRAME,%sp
@@ -90194,7 +96196,7 @@
brz,pn $len,.Lno_data
nop
-@@ -314,7 +323,7 @@ poly1305_blocks_vis3:
+@@ -314,7 +323,7 @@ my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)
.Linp_aligned_vis3:
addcc $D0,$H0,$H0 ! accumulate input
@@ -90203,7 +96205,7 @@
addxccc $D1,$H1,$H1
add $inp,16,$inp
-@@ -354,6 +363,7 @@ poly1305_blocks_vis3:
+@@ -354,6 +363,7 @@ my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)
ret
restore
@@ -90211,7 +96213,7 @@
.size poly1305_blocks_vis3,.-poly1305_blocks_vis3
___
}
-@@ -426,6 +436,7 @@ poly1305_emit:
+@@ -426,6 +436,7 @@ my ($mac,$nonce) = ($inp,$len);
ret
restore
@@ -90219,7 +96221,7 @@
.size poly1305_emit,.-poly1305_emit
___
-@@ -591,12 +602,13 @@ poly1305_init_fma:
+@@ -591,12 +602,13 @@ my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3h
.Lno_key_fma:
ret
restore %g0,%g0,%o0 ! return 0
@@ -90234,7 +96236,7 @@
brz,pn $len,.Labort
sub $len,1,$len
-@@ -898,6 +910,7 @@ poly1305_blocks_fma:
+@@ -898,6 +910,7 @@ my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3h
.Labort:
ret
restore
@@ -90242,7 +96244,7 @@
.size poly1305_blocks_fma,.-poly1305_blocks_fma
___
{
-@@ -1004,6 +1017,7 @@ poly1305_emit_fma:
+@@ -1004,6 +1017,7 @@ my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3
ret
restore
@@ -90250,8 +96252,6 @@
.size poly1305_emit_fma,.-poly1305_emit_fma
___
}
-diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl
-index 97d0a81..ecc0ee6 100755
--- a/crypto/poly1305/asm/poly1305-x86.pl
+++ b/crypto/poly1305/asm/poly1305-x86.pl
@@ -1,4 +1,11 @@
@@ -90267,7 +96267,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -541,11 +548,12 @@ my $base = shift; $base = "esp" if (!defined($base));
+@@ -541,11 +548,12 @@ my $base = shift; $base = "esp" if (!def
sub lazy_reduction {
my $extra = shift;
@@ -90281,7 +96281,7 @@
&movdqa ($T0,$D3);
&pand ($D3,$MASK);
-@@ -567,7 +575,7 @@ my $paddx = defined($extra) ? paddq : paddd;
+@@ -567,7 +575,7 @@ my $paddx = defined($extra) ? paddq : pa
# on Atom
&psllq ($T0,2);
&paddq ($T1,$D2); # h1 -> h2
@@ -90290,8 +96290,6 @@
&pand ($D1,$MASK);
&movdqa ($D2,$T1);
&psrlq ($T1,26);
-diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl
-index 7d67611..784ff4b 100755
--- a/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -1,4 +1,11 @@
@@ -90307,7 +96305,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -65,7 +72,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -65,7 +72,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -90316,7 +96314,7 @@
*STDOUT=*OUT;
my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx");
-@@ -130,8 +137,12 @@ $code.=<<___;
+@@ -130,8 +137,12 @@ sub poly1305_iteration {
.extern OPENSSL_ia32cap_P
.globl poly1305_init
@@ -90329,7 +96327,7 @@
.type poly1305_init,\@function,3
.align 32
poly1305_init:
-@@ -495,10 +506,10 @@ poly1305_blocks_avx:
+@@ -495,10 +506,10 @@ my ($H0,$H1,$H2,$H3,$H4, $T0,$T1,$T2,$T3
################################# base 2^26 -> base 2^64
mov $d1#d,$h0#d
@@ -90342,7 +96340,7 @@
shr \$6,$d1
shl \$52,$r1
-@@ -1383,10 +1394,10 @@ poly1305_blocks_avx2:
+@@ -1383,10 +1394,10 @@ my $S4=$MASK;
################################# base 2^26 -> base 2^64
mov $d1#d,$h0#d
@@ -90355,7 +96353,7 @@
shr \$6,$d1
shl \$52,$r1
-@@ -1991,7 +2002,7 @@ $code.=<<___;
+@@ -1991,7 +2002,7 @@ my $S4=$MASK;
.Lmask24:
.long 0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0
.L129:
@@ -90364,11 +96362,9 @@
.Lmask26:
.long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
.Lfive:
-diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info
-index 389c7f6..d575f5a 100644
--- a/crypto/poly1305/build.info
+++ b/crypto/poly1305/build.info
-@@ -12,6 +12,7 @@ GENERATE[poly1305-armv4.S]=asm/poly1305-armv4.pl $(PERLASM_SCHEME)
+@@ -12,6 +12,7 @@ GENERATE[poly1305-armv4.S]=asm/poly1305-
INCLUDE[poly1305-armv4.o]=..
GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
INCLUDE[poly1305-armv8.o]=..
@@ -90376,8 +96372,6 @@
BEGINRAW[Makefile(unix)]
{- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl
-diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
-index 6bec8b3..eec4d67 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -1,12 +1,15 @@
@@ -90409,7 +96403,7 @@
*
* (*) In the context "caller" is not application code, but higher
* level Poly1305_* from this very module, so that quirks are
-@@ -185,9 +188,9 @@ poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+@@ -185,9 +188,9 @@ poly1305_blocks(void *ctx, const unsigne
h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0));
h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8));
/*
@@ -90422,7 +96416,7 @@
h2 += (u64)(d1 >> 64) + padbit;
/* h *= r "%" p, where "%" stands for "partial remainder" */
-@@ -195,7 +198,7 @@ poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+@@ -195,7 +198,7 @@ poly1305_blocks(void *ctx, const unsigne
((u128)h1 * s1);
d1 = ((u128)h0 * r1) +
((u128)h1 * r0) +
@@ -90431,7 +96425,7 @@
h2 = (h2 * r0);
/* last reduction step: */
-@@ -543,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
+@@ -543,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsig
poly1305_emit(ctx->opaque, mac, ctx->nonce);
/* zero out the state */
@@ -90440,7 +96434,7 @@
}
#ifdef SELFTEST
-@@ -590,7 +593,8 @@ static const struct poly1305_test poly1305_tests[] = {
+@@ -590,7 +593,8 @@ static const struct poly1305_test poly13
"5154ad0d2cb26e01274fc51148491f1b"
},
/*
@@ -90450,7 +96444,7 @@
*/
{
"ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-@@ -672,6 +676,21 @@ static const struct poly1305_test poly1305_tests[] = {
+@@ -672,6 +676,21 @@ static const struct poly1305_test poly13
"12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
"b846d44e9bbd53cedffbfbb6b7fa4933"
},
@@ -90472,7 +96466,7 @@
{
/*
* poly1305_ieee754.c failed this in final stage
-@@ -855,14 +874,11 @@ static const struct poly1305_test poly1305_tests[] = {
+@@ -855,14 +874,11 @@ static const struct poly1305_test poly13
static unsigned char hex_digit(char h)
{
@@ -90511,8 +96505,6 @@
stopwatch = OPENSSL_rdtsc();
for (i=0;i<10000;i++) {
-diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c
-index 7c02c1d..08a5b58 100644
--- a/crypto/poly1305/poly1305_ieee754.c
+++ b/crypto/poly1305/poly1305_ieee754.c
@@ -1,8 +1,10 @@
@@ -90530,8 +96522,6 @@
*/
/*
-diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h
-index a27fb72..65cf96f 100644
--- a/crypto/ppc_arch.h
+++ b/crypto/ppc_arch.h
@@ -1,5 +1,14 @@
@@ -90551,8 +96541,6 @@
extern unsigned int OPENSSL_ppccap_P;
-diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index 2c98daf..712ee79 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -1,3 +1,12 @@
@@ -90568,7 +96556,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-@@ -79,6 +88,7 @@ void sha512_block_data_order(void *ctx, const void *inp, size_t len)
+@@ -79,6 +88,7 @@ void sha512_block_data_order(void *ctx,
sha512_block_ppc(ctx, inp, len);
}
@@ -90576,7 +96564,7 @@
void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
size_t len, const unsigned int key[8],
const unsigned int counter[4]);
-@@ -93,7 +103,9 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+@@ -93,7 +103,9 @@ void ChaCha20_ctr32(unsigned char *out,
? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
: ChaCha20_ctr32_int(out, inp, len, key, counter);
}
@@ -90586,7 +96574,7 @@
void poly1305_init_int(void *ctx, const unsigned char key[16]);
void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
unsigned int padbit);
-@@ -117,6 +129,7 @@ int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
+@@ -117,6 +129,7 @@ int poly1305_init(void *ctx, const unsig
}
return 1;
}
@@ -90611,8 +96599,6 @@
if (sizeof(size_t) == 4) {
/* In 32-bit case PPC_FPU64 is always fastest [if option] */
-diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl
-index 9de1355..9d1cada 100755
--- a/crypto/ppccpuid.pl
+++ b/crypto/ppccpuid.pl
@@ -1,4 +1,11 @@
@@ -90628,7 +96614,7 @@
$flavour = shift;
-@@ -170,6 +177,32 @@ Laligned:
+@@ -170,6 +177,32 @@ Lot: andi. r5,r3,3
.byte 0,12,0x14,0,0,0,2,0
.long 0
.size .OPENSSL_cleanse,.-.OPENSSL_cleanse
@@ -90661,9 +96647,6 @@
___
{
my ($out,$cnt,$max)=("r3","r4","r5");
-diff --git a/crypto/rand/Makefile.in b/crypto/rand/Makefile.in
-deleted file mode 100644
-index 5442402..0000000
--- a/crypto/rand/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -90712,8 +96695,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
-index e9574b0..137851f 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -1,111 +1,10 @@
@@ -90834,7 +96815,7 @@
*/
#include <stdio.h>
-@@ -125,7 +24,6 @@
+@@ -125,10 +24,11 @@
#include <openssl/rand.h>
#include <openssl/async.h>
#include "rand_lcl.h"
@@ -90842,7 +96823,12 @@
#include <openssl/err.h>
-@@ -140,7 +38,7 @@
++#include <internal/thread_once.h>
++
+ #ifdef OPENSSL_FIPS
+ # include <openssl/fips.h>
+ #endif
+@@ -140,7 +40,7 @@
/* #define PREDICT 1 */
#define STATE_SIZE 1023
@@ -90851,7 +96837,39 @@
static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2] = { 0, 0 };
-@@ -370,8 +268,8 @@ static int rand_seed(const void *buf, int num)
+@@ -162,7 +62,7 @@ static CRYPTO_THREAD_ID locking_threadid
+ int rand_predictable = 0;
+ #endif
+
+-static void rand_hw_seed(EVP_MD_CTX *ctx);
++static int rand_hw_seed(EVP_MD_CTX *ctx);
+
+ static void rand_cleanup(void);
+ static int rand_seed(const void *buf, int num);
+@@ -187,10 +87,11 @@ static RAND_METHOD rand_meth = {
+ rand_status
+ };
+
+-static void do_rand_lock_init(void)
++DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
+ {
+ rand_lock = CRYPTO_THREAD_lock_new();
+ rand_tmp_lock = CRYPTO_THREAD_lock_new();
++ return rand_lock != NULL && rand_tmp_lock != NULL;
+ }
+
+ RAND_METHOD *RAND_OpenSSL(void)
+@@ -243,7 +144,8 @@ static int rand_add(const void *buf, int
+ if (m == NULL)
+ goto err;
+
+- CRYPTO_THREAD_run_once(&rand_lock_init, do_rand_lock_init);
++ if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
++ goto err;
+
+ /* check if we already have the lock */
+ if (crypto_lock_rand) {
+@@ -370,8 +272,8 @@ static int rand_seed(const void *buf, in
static int rand_bytes(unsigned char *buf, int num, int pseudo)
{
static volatile int stirred_pool = 0;
@@ -90862,8 +96880,75 @@
int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
-diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
-index 47a5752..f4bfd86 100644
+@@ -441,7 +343,9 @@ static int rand_bytes(unsigned char *buf
+ * global 'md'.
+ */
+
+- CRYPTO_THREAD_run_once(&rand_lock_init, do_rand_lock_init);
++ if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
++ goto err_mem;
++
+ CRYPTO_THREAD_write_lock(rand_lock);
+ /*
+ * We could end up in an async engine while holding this lock so ensure
+@@ -548,7 +452,8 @@ static int rand_bytes(unsigned char *buf
+ if (!MD_Update(m, (unsigned char *)&tv, sizeof tv))
+ goto err;
+ curr_time = 0;
+- rand_hw_seed(m);
++ if (!rand_hw_seed(m))
++ goto err;
+ }
+ if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
+ goto err;
+@@ -635,7 +540,9 @@ static int rand_status(void)
+ int ret;
+ int do_not_lock;
+
+- CRYPTO_THREAD_run_once(&rand_lock_init, do_rand_lock_init);
++ if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
++ return 0;
++
+ cur = CRYPTO_THREAD_get_current_id();
+ /*
+ * check if we already have the lock (could happen if a RAND_poll()
+@@ -699,18 +606,20 @@ static int rand_status(void)
+ size_t OPENSSL_ia32_rdrand(void);
+ extern unsigned int OPENSSL_ia32cap_P[];
+
+-static void rand_hw_seed(EVP_MD_CTX *ctx)
++static int rand_hw_seed(EVP_MD_CTX *ctx)
+ {
+ int i;
+ if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
+- return;
++ return 1;
+ for (i = 0; i < RDRAND_CALLS; i++) {
+ size_t rnd;
+ rnd = OPENSSL_ia32_rdrand();
+ if (rnd == 0)
+- return;
+- MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t));
++ return 1;
++ if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t)))
++ return 0;
+ }
++ return 1;
+ }
+
+ /* XOR an existing buffer with random data */
+@@ -743,9 +652,9 @@ void rand_hw_xor(unsigned char *buf, siz
+
+ #else
+
+-static void rand_hw_seed(EVP_MD_CTX *ctx)
++static int rand_hw_seed(EVP_MD_CTX *ctx)
+ {
+- return;
++ return 1;
+ }
+
+ void rand_hw_xor(unsigned char *buf, size_t num)
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -1,56 +1,10 @@
@@ -90929,8 +97014,6 @@
*/
#include <openssl/opensslconf.h>
-diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
-index d01393a..c58e7ee 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -1,61 +1,11 @@
@@ -91002,7 +97085,7 @@
*/
#include <stdio.h>
-@@ -69,25 +19,12 @@
+@@ -69,31 +19,18 @@
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
static ERR_STRING_DATA RAND_str_functs[] = {
@@ -91028,8 +97111,19 @@
{0, NULL}
};
-diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
-index daa48dd..d98c90e 100644
+ #endif
+
+-void ERR_load_RAND_strings(void)
++int ERR_load_RAND_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -102,4 +39,5 @@ void ERR_load_RAND_strings(void)
+ ERR_load_strings(0, RAND_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -1,111 +1,10 @@
@@ -91150,8 +97244,6 @@
*/
#ifndef HEADER_RAND_LCL_H
-diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
-index 9871113..2387126 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -1,58 +1,10 @@
@@ -91219,8 +97311,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
-index 1aff444..ecba2dc 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -1,112 +1,12 @@
@@ -91352,8 +97442,6 @@
return 1;
}
-diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
-index 5919f48..ae6f17d 100644
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -1,59 +1,10 @@
@@ -91421,8 +97509,6 @@
*/
#include <openssl/rand.h>
-diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
-index bf85d37..1be0ed3 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -1,111 +1,10 @@
@@ -92171,8 +98257,6 @@
-}
-
#endif
-diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
-index 3ee6bf5..7aeb871 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -1,66 +1,13 @@
@@ -92331,7 +98415,7 @@
#endif
#define RFILE ".rnd"
-@@ -122,10 +121,17 @@ int RAND_load_file(const char *file, long bytes)
+@@ -122,10 +121,17 @@ int RAND_load_file(const char *file, lon
struct stat sb;
#endif
int i, ret = 0, n;
@@ -92351,7 +98435,7 @@
#ifndef OPENSSL_NO_POSIX_IO
/*
-@@ -135,30 +141,21 @@ int RAND_load_file(const char *file, long bytes)
+@@ -135,30 +141,21 @@ int RAND_load_file(const char *file, lon
* applications such as Valgrind.
*/
memset(&sb, 0, sizeof(sb));
@@ -92388,7 +98472,7 @@
#endif
for (;;) {
if (bytes > 0)
-@@ -177,10 +174,11 @@ int RAND_load_file(const char *file, long bytes)
+@@ -177,10 +174,11 @@ int RAND_load_file(const char *file, lon
break;
}
}
@@ -92533,7 +98617,7 @@
}
#ifdef __OpenBSD__
-@@ -318,12 +357,12 @@ const char *RAND_file_name(char *buf, size_t size)
+@@ -318,12 +357,12 @@ const char *RAND_file_name(char *buf, si
if (!buf[0])
if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
@@ -92549,9 +98633,6 @@
- return (buf);
+ return buf;
}
-diff --git a/crypto/rc2/Makefile.in b/crypto/rc2/Makefile.in
-deleted file mode 100644
-index 1a09360..0000000
--- a/crypto/rc2/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -92598,8 +98679,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
-index b574c96..2b59353 100644
--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
@@ -1,58 +1,10 @@
@@ -92667,8 +98746,6 @@
*/
#include <openssl/rc2.h>
-diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
-index 047c0fc..b87931f 100644
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -1,58 +1,10 @@
@@ -92736,8 +98813,6 @@
*/
#include <openssl/rc2.h>
-diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h
-index ba1880c..a9a57d6 100644
--- a/crypto/rc2/rc2_locl.h
+++ b/crypto/rc2/rc2_locl.h
@@ -1,58 +1,10 @@
@@ -92805,14 +98880,14 @@
*/
#undef c2l
-diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
-index 52a3710..55d8ba3 100644
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -92860,9 +98935,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -92874,14 +98947,14 @@
*/
#include <openssl/rc2.h>
-diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
-index bb3df00..e11093d 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -92929,9 +99002,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -92943,14 +99014,14 @@
*/
#include <openssl/rc2.h>
-diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
-index aec7ba3..d610278 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -92998,9 +99069,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -93012,9 +99081,6 @@
*/
#include <openssl/rc2.h>
-diff --git a/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc
-deleted file mode 100644
-index f93ee00..0000000
--- a/crypto/rc2/rrc2.doc
+++ /dev/null
@@ -1,219 +0,0 @@
@@ -93237,8 +99303,6 @@
-
-
-
-diff --git a/crypto/rc2/tab.c b/crypto/rc2/tab.c
-index 0534e37..bc95dc4 100644
--- a/crypto/rc2/tab.c
+++ b/crypto/rc2/tab.c
@@ -1,3 +1,12 @@
@@ -93254,9 +99318,6 @@
#include <stdio.h>
unsigned char ebits_to_num[256] = {
-diff --git a/crypto/rc2/version b/crypto/rc2/version
-deleted file mode 100644
-index 9db8954..0000000
--- a/crypto/rc2/version
+++ /dev/null
@@ -1,22 +0,0 @@
@@ -93282,9 +99343,6 @@
- it.
-
-
-diff --git a/crypto/rc4/Makefile.in b/crypto/rc4/Makefile.in
-deleted file mode 100644
-index 816ec2f..0000000
--- a/crypto/rc4/Makefile.in
+++ /dev/null
@@ -1,71 +0,0 @@
@@ -93359,8 +99417,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl
-index a517adb..9361777 100644
--- a/crypto/rc4/asm/rc4-586.pl
+++ b/crypto/rc4/asm/rc4-586.pl
@@ -1,4 +1,11 @@
@@ -93376,8 +99432,6 @@
# ====================================================================
# [Re]written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl
-index 6e5fe05..daed75c 100644
--- a/crypto/rc4/asm/rc4-c64xplus.pl
+++ b/crypto/rc4/asm/rc4-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -93393,8 +99447,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/rc4/asm/rc4-ia64.pl b/crypto/rc4/asm/rc4-ia64.pl
-index b83e53a..5e8f5f5 100644
--- a/crypto/rc4/asm/rc4-ia64.pl
+++ b/crypto/rc4/asm/rc4-ia64.pl
@@ -1,4 +1,11 @@
@@ -93410,8 +99462,6 @@
#
# ====================================================================
# Written by David Mosberger <David.Mosberger at acm.org> based on the
-diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl
-index a92fe92..890161b 100644
--- a/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -1,4 +1,11 @@
@@ -93427,7 +99477,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -57,7 +64,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+@@ -57,7 +64,7 @@ my $win64=0; $win64=1 if ($flavour =~ /[
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -93436,8 +99486,6 @@
*STDOUT=*OUT;
my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
-diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl
-index bc366ec..006b6b0 100644
--- a/crypto/rc4/asm/rc4-parisc.pl
+++ b/crypto/rc4/asm/rc4-parisc.pl
@@ -1,4 +1,11 @@
@@ -93453,8 +99501,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl
-index fa6a23e..5589503 100644
--- a/crypto/rc4/asm/rc4-s390x.pl
+++ b/crypto/rc4/asm/rc4-s390x.pl
@@ -1,4 +1,11 @@
@@ -93470,8 +99516,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
-index 4675106..5ae0c6d 100755
--- a/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/rc4/asm/rc4-x86_64.pl
@@ -1,4 +1,11 @@
@@ -93487,7 +99531,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -115,7 +122,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -115,7 +122,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -93496,8 +99540,6 @@
*STDOUT=*OUT;
$dat="%rdi"; # arg1
-diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c
-index e7397b4..be11bad 100644
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@@ -1,58 +1,10 @@
@@ -93565,8 +99607,6 @@
*/
#include <openssl/rc4.h>
-diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h
-index 3ab2570..4380add 100644
--- a/crypto/rc4/rc4_locl.h
+++ b/crypto/rc4/rc4_locl.h
@@ -1,3 +1,12 @@
@@ -93582,8 +99622,6 @@
#ifndef HEADER_RC4_LOCL_H
# define HEADER_RC4_LOCL_H
-diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
-index 9931a61..16f81a4 100644
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -1,58 +1,10 @@
@@ -93651,9 +99689,6 @@
*/
#include <openssl/rc4.h>
-diff --git a/crypto/rc5/Makefile.in b/crypto/rc5/Makefile.in
-deleted file mode 100644
-index 554d0ef..0000000
--- a/crypto/rc5/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -93708,8 +99743,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl
-index a0d85f2..e3e1c64 100644
--- a/crypto/rc5/asm/rc5-586.pl
+++ b/crypto/rc5/asm/rc5-586.pl
@@ -1,4 +1,11 @@
@@ -93725,8 +99758,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
-diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c
-index b762b1e..c32f38e 100644
--- a/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
@@ -1,58 +1,10 @@
@@ -93794,8 +99825,6 @@
*/
#include <openssl/rc5.h>
-diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c
-index 8bcbad9..58631de 100644
--- a/crypto/rc5/rc5_enc.c
+++ b/crypto/rc5/rc5_enc.c
@@ -1,58 +1,10 @@
@@ -93863,8 +99892,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h
-index 6b34f92..33a709b 100644
--- a/crypto/rc5/rc5_locl.h
+++ b/crypto/rc5/rc5_locl.h
@@ -1,58 +1,10 @@
@@ -93932,8 +99959,6 @@
*/
#include <stdlib.h>
-diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c
-index bfbb419..943a784 100644
--- a/crypto/rc5/rc5_skey.c
+++ b/crypto/rc5/rc5_skey.c
@@ -1,58 +1,10 @@
@@ -94001,14 +100026,14 @@
*/
#include <openssl/rc5.h>
-diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
-index 70d8d23..9a8aa6b 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -94056,9 +100081,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -94070,14 +100093,14 @@
*/
#include <openssl/rc5.h>
-diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
-index 81c2005..3a41d77 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -94125,9 +100148,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -94139,9 +100160,6 @@
*/
#include <openssl/rc5.h>
-diff --git a/crypto/rc5/rc5s.cpp b/crypto/rc5/rc5s.cpp
-deleted file mode 100644
-index 1c5518b..0000000
--- a/crypto/rc5/rc5s.cpp
+++ /dev/null
@@ -1,70 +0,0 @@
@@ -94215,9 +100233,6 @@
- }
- }
-
-diff --git a/crypto/ripemd/Makefile.in b/crypto/ripemd/Makefile.in
-deleted file mode 100644
-index 4a87049..0000000
--- a/crypto/ripemd/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -94272,8 +100287,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl
-index fd32a73..544c496 100644
--- a/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/ripemd/asm/rmd-586.pl
@@ -1,4 +1,11 @@
@@ -94289,8 +100302,6 @@
# Normal is the
# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
-diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c
-index fc50d5c..a1670c7 100644
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
@@ -1,58 +1,10 @@
@@ -94358,8 +100369,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h
-index c08178c..9c5ba15 100644
--- a/crypto/ripemd/rmd_locl.h
+++ b/crypto/ripemd/rmd_locl.h
@@ -1,58 +1,10 @@
@@ -94436,8 +100445,6 @@
# define ripemd160_block_data_order ripemd160_block_asm_data_order
# endif
#endif
-diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c
-index 31f052c..c3193bd 100644
--- a/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
@@ -1,58 +1,10 @@
@@ -94505,8 +100512,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ripemd/rmdconst.h b/crypto/ripemd/rmdconst.h
-index f8d8723..b810132 100644
--- a/crypto/ripemd/rmdconst.h
+++ b/crypto/ripemd/rmdconst.h
@@ -1,59 +1,12 @@
@@ -94576,9 +100581,6 @@
#define KL0 0x00000000L
#define KL1 0x5A827999L
#define KL2 0x6ED9EBA1L
-diff --git a/crypto/rsa/Makefile.in b/crypto/rsa/Makefile.in
-deleted file mode 100644
-index 199d887..0000000
--- a/crypto/rsa/Makefile.in
+++ /dev/null
@@ -1,49 +0,0 @@
@@ -94631,8 +100633,6 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index 4ff2665..d55cf33 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1,59 +1,10 @@
@@ -94700,7 +100700,7 @@
*/
#include <stdio.h>
-@@ -849,10 +800,11 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+@@ -849,10 +800,11 @@ static int rsa_cms_encrypt(CMS_Recipient
if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
@@ -94713,7 +100713,7 @@
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
-@@ -875,7 +827,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+@@ -875,7 +827,7 @@ static int rsa_cms_encrypt(CMS_Recipient
}
#endif
@@ -94722,8 +100722,6 @@
{
EVP_PKEY_RSA,
EVP_PKEY_RSA,
-diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
-index da8b240..20f8ebf 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -1,59 +1,10 @@
@@ -94791,8 +100789,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
-index f780508..0adf169 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -1,50 +1,10 @@
@@ -94852,8 +100848,6 @@
*/
#include <openssl/bn.h>
-diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c
-index 6cc3c70..9cd733b 100644
--- a/crypto/rsa/rsa_crpt.c
+++ b/crypto/rsa/rsa_crpt.c
@@ -1,58 +1,10 @@
@@ -94921,7 +100915,7 @@
*/
#include <stdio.h>
-@@ -195,23 +147,18 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+@@ -195,23 +147,18 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa
}
{
@@ -94953,8 +100947,6 @@
}
if (ret == NULL) {
RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
-diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
-index 18e4065..21e0562 100644
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -1,55 +1,10 @@
@@ -95019,8 +101011,6 @@
*/
/*
-diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
-index 811fcfe..0bde045 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,61 +1,11 @@
@@ -95105,7 +101095,7 @@
{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
-@@ -86,24 +31,24 @@ static ERR_STRING_DATA RSA_str_functs[] = {
+@@ -86,24 +31,24 @@ static ERR_STRING_DATA RSA_str_functs[]
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
{ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
@@ -95139,7 +101129,7 @@
{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1),
"RSA_padding_add_PKCS1_OAEP_mgf1"},
{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-@@ -128,13 +73,13 @@ static ERR_STRING_DATA RSA_str_functs[] = {
+@@ -128,13 +73,13 @@ static ERR_STRING_DATA RSA_str_functs[]
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
@@ -95155,7 +101145,7 @@
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
"RSA_verify_ASN1_OCTET_STRING"},
-@@ -150,7 +95,8 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
+@@ -150,7 +95,8 @@ static ERR_STRING_DATA RSA_str_reasons[]
{ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
@@ -95165,7 +101155,7 @@
{ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
"data too large for key size"},
-@@ -171,7 +117,6 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
+@@ -171,7 +117,6 @@ static ERR_STRING_DATA RSA_str_reasons[]
{ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
{ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
@@ -95173,7 +101163,7 @@
{ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"},
{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
{ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
-@@ -188,7 +133,8 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
+@@ -188,7 +133,8 @@ static ERR_STRING_DATA RSA_str_reasons[]
{ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
@@ -95183,7 +101173,7 @@
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-@@ -208,7 +154,6 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
+@@ -208,7 +154,6 @@ static ERR_STRING_DATA RSA_str_reasons[]
{ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"},
{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
@@ -95191,8 +101181,21 @@
{ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
"unsupported encryption type"},
{ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index c456258..5c6b619 100644
+@@ -225,7 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]
+
+ #endif
+
+-void ERR_load_RSA_strings(void)
++int ERR_load_RSA_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -234,4 +179,5 @@ void ERR_load_RSA_strings(void)
+ ERR_load_strings(0, RSA_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -1,58 +1,10 @@
@@ -95260,7 +101263,7 @@
*/
/*
-@@ -185,64 +137,51 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+@@ -185,64 +137,51 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!BN_mul(r0, r1, r2, ctx))
goto err; /* (p-1)(q-1) */
{
@@ -95349,8 +101352,6 @@
}
ok = 1;
-diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
-index 7ee575d..48e9100 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1,58 +1,10 @@
@@ -95426,7 +101427,7 @@
#include <openssl/engine.h>
#include "rsa_locl.h"
-@@ -118,21 +69,28 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+@@ -118,21 +69,28 @@ int RSA_set_method(RSA *rsa, const RSA_M
RSA *RSA_new_method(ENGINE *engine)
{
@@ -95507,7 +101508,7 @@
}
void RSA_free(RSA *r)
-@@ -235,50 +180,6 @@ void *RSA_get_ex_data(const RSA *r, int idx)
+@@ -235,50 +180,6 @@ void *RSA_get_ex_data(const RSA *r, int
return (CRYPTO_get_ex_data(&r->ex_data, idx));
}
@@ -95659,7 +101660,7 @@
{
if (n != NULL)
*n = r->n;
-@@ -338,7 +269,7 @@ void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d)
+@@ -338,7 +269,7 @@ void RSA_get0_key(const RSA *r, BIGNUM *
*d = r->d;
}
@@ -95668,7 +101669,7 @@
{
if (p != NULL)
*p = r->p;
-@@ -347,7 +278,8 @@ void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q)
+@@ -347,7 +278,8 @@ void RSA_get0_factors(const RSA *r, BIGN
}
void RSA_get0_crt_params(const RSA *r,
@@ -95687,8 +101688,6 @@
{
return r->engine;
}
-diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h
-index 598fcb7..5d16aa6 100644
--- a/crypto/rsa/rsa_locl.h
+++ b/crypto/rsa/rsa_locl.h
@@ -1,11 +1,10 @@
@@ -95706,8 +101705,6 @@
*/
#include <openssl/rsa.h>
-diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c
-index 6c7679d..ef0dc97 100644
--- a/crypto/rsa/rsa_meth.c
+++ b/crypto/rsa/rsa_meth.c
@@ -1,15 +1,15 @@
@@ -95730,7 +101727,7 @@
RSA_METHOD *RSA_meth_new(const char *name, int flags)
{
-@@ -17,6 +17,11 @@ RSA_METHOD *RSA_meth_new(const char *name, int flags)
+@@ -17,6 +17,11 @@ RSA_METHOD *RSA_meth_new(const char *nam
if (meth != NULL) {
meth->name = OPENSSL_strdup(name);
@@ -95742,7 +101739,7 @@
meth->flags = flags;
}
-@@ -26,8 +31,7 @@ RSA_METHOD *RSA_meth_new(const char *name, int flags)
+@@ -26,8 +31,7 @@ RSA_METHOD *RSA_meth_new(const char *nam
void RSA_meth_free(RSA_METHOD *meth)
{
if (meth != NULL) {
@@ -95752,7 +101749,7 @@
OPENSSL_free(meth);
}
}
-@@ -41,6 +45,11 @@ RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+@@ -41,6 +45,11 @@ RSA_METHOD *RSA_meth_dup(const RSA_METHO
if (ret != NULL) {
memcpy(ret, meth, sizeof(*meth));
ret->name = OPENSSL_strdup(meth->name);
@@ -95764,7 +101761,7 @@
}
return ret;
-@@ -53,10 +62,18 @@ const char *RSA_meth_get0_name(const RSA_METHOD *meth)
+@@ -53,10 +62,18 @@ const char *RSA_meth_get0_name(const RSA
int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
{
@@ -95785,8 +101782,6 @@
}
int RSA_meth_get_flags(RSA_METHOD *meth)
-diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
-index c426bd3..b78756d 100644
--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
@@ -1,64 +1,15 @@
@@ -95860,8 +101855,6 @@
int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *from, int flen)
-diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
-index 9f739f7..d339494 100644
--- a/crypto/rsa/rsa_null.c
+++ b/crypto/rsa/rsa_null.c
@@ -1,65 +1,15 @@
@@ -95935,8 +101928,6 @@
#include "rsa_locl.h"
/*
-diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
-index 27a6e78..c459b91 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -1,6 +1,10 @@
@@ -95952,8 +101943,6 @@
*/
/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
-diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
-index 5c3c0bf..7826066 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -1,116 +1,14 @@
@@ -96079,7 +102068,7 @@
#include "rsa_locl.h"
#ifndef RSA_NULL
-@@ -401,33 +299,27 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+@@ -401,33 +299,27 @@ static int rsa_ossl_private_encrypt(int
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
goto err;
} else {
@@ -96122,7 +102111,7 @@
}
if (blinding)
-@@ -535,32 +427,26 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+@@ -535,32 +427,26 @@ static int rsa_ossl_private_decrypt(int
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
goto err;
} else {
@@ -96164,7 +102153,7 @@
}
if (blinding)
-@@ -709,46 +595,35 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+@@ -709,46 +595,35 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
vrfy = BN_CTX_get(ctx);
{
@@ -96224,7 +102213,7 @@
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-@@ -758,72 +633,58 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+@@ -758,72 +633,58 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
/* compute I mod q */
{
@@ -96325,7 +102314,7 @@
}
if (!BN_sub(r0, r0, m1))
-@@ -840,22 +701,17 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+@@ -840,22 +701,17 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
goto err;
{
@@ -96356,7 +102345,7 @@
}
/*
-@@ -897,24 +753,18 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+@@ -897,24 +753,18 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
* return that instead.
*/
@@ -96388,8 +102377,6 @@
}
}
ret = 1;
-diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
-index 68d251b..efb16a0 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -1,58 +1,10 @@
@@ -96457,7 +102444,7 @@
*/
#include "internal/constant_time_locl.h"
-@@ -231,7 +183,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+@@ -231,7 +183,7 @@ int RSA_padding_check_PKCS1_type_2(unsig
/*
* Always do this zero-padding copy (even when num == flen) to avoid
* leaking that information. The copy still leaks some side-channel
@@ -96466,8 +102453,6 @@
* pattern since we can't read out of the bounds of |from|.
*
* TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
-diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
-index b128d73..767c4e7 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -1,59 +1,10 @@
@@ -96535,8 +102520,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c
-index f9e2572..5e6c599 100644
--- a/crypto/rsa/rsa_prn.c
+++ b/crypto/rsa/rsa_prn.c
@@ -1,59 +1,10 @@
@@ -96604,8 +102587,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
-index abd915d..0ec63b2 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,59 +1,10 @@
@@ -96673,8 +102654,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
-index 18bf6c9..9e5fff4 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -1,58 +1,10 @@
@@ -96742,14 +102721,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
-index 439d699..8946e19 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -96797,9 +102776,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -96811,8 +102788,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
-index 2762ad0..9ef6b80 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -1,58 +1,10 @@
@@ -96880,8 +102855,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c
-index d8837a1..b9301f3 100644
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@@ -1,66 +1,16 @@
@@ -96956,8 +102929,6 @@
#include <openssl/objects.h>
int RSA_padding_add_X931(unsigned char *to, int tlen,
-diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
-index 1e164e8..9dd993f 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -1,58 +1,10 @@
@@ -97025,8 +102996,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
-index 47d6b6f..675f2ec 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
@@ -1,3 +1,12 @@
@@ -97042,8 +103011,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-diff --git a/crypto/s390xcpuid.S b/crypto/s390xcpuid.S
-index 3402a24..8859e9e 100644
--- a/crypto/s390xcpuid.S
+++ b/crypto/s390xcpuid.S
@@ -1,18 +1,56 @@
@@ -97108,7 +103075,7 @@
br %r14
.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
-@@ -93,6 +131,33 @@ OPENSSL_cleanse:
+@@ -93,6 +131,33 @@
br %r14
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -97142,15 +103109,12 @@
.globl OPENSSL_instrument_bus
.type OPENSSL_instrument_bus, at function
.align 16
-@@ -112,4 +177,4 @@ OPENSSL_instrument_bus2:
+@@ -112,4 +177,4 @@
.section .init
brasl %r14,OPENSSL_cpuid_setup
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,80,8
-diff --git a/crypto/seed/Makefile.in b/crypto/seed/Makefile.in
-deleted file mode 100644
-index 2ae714d..0000000
--- a/crypto/seed/Makefile.in
+++ /dev/null
@@ -1,44 +0,0 @@
@@ -97198,8 +103162,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c
-index 47ec9bc..c1e9285 100644
--- a/crypto/seed/seed.c
+++ b/crypto/seed/seed.c
@@ -1,4 +1,13 @@
@@ -97216,8 +103178,6 @@
* Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c
-index 470116c..c9a4fe2 100644
--- a/crypto/seed/seed_cbc.c
+++ b/crypto/seed/seed_cbc.c
@@ -1,51 +1,10 @@
@@ -97278,8 +103238,6 @@
*/
#include <openssl/seed.h>
-diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c
-index 6c81a74..2aee1ff 100644
--- a/crypto/seed/seed_cfb.c
+++ b/crypto/seed/seed_cfb.c
@@ -1,107 +1,10 @@
@@ -97396,8 +103354,6 @@
*/
#include <openssl/seed.h>
-diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c
-index 51d8f84..b6e301c 100644
--- a/crypto/seed/seed_ecb.c
+++ b/crypto/seed/seed_ecb.c
@@ -1,51 +1,10 @@
@@ -97458,8 +103414,6 @@
*/
#include <openssl/seed.h>
-diff --git a/crypto/seed/seed_locl.h b/crypto/seed/seed_locl.h
-index 1c00d29..d4a03fc 100644
--- a/crypto/seed/seed_locl.h
+++ b/crypto/seed/seed_locl.h
@@ -1,4 +1,13 @@
@@ -97476,8 +103430,6 @@
* Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c
-index 873e667..b455540 100644
--- a/crypto/seed/seed_ofb.c
+++ b/crypto/seed/seed_ofb.c
@@ -1,107 +1,10 @@
@@ -97594,9 +103546,6 @@
*/
#include <openssl/seed.h>
-diff --git a/crypto/sha/Makefile.in b/crypto/sha/Makefile.in
-deleted file mode 100644
-index 8f24fea..0000000
--- a/crypto/sha/Makefile.in
+++ /dev/null
@@ -1,106 +0,0 @@
@@ -97706,15 +103655,10 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/sha/asm/README b/crypto/sha/asm/README
-deleted file mode 100644
-index b7e7557..0000000
--- a/crypto/sha/asm/README
+++ /dev/null
@@ -1 +0,0 @@
-C2.pl works
-diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl
-index cd71d1c..0efed70 100644
--- a/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
@@ -1,4 +1,11 @@
@@ -97730,8 +103674,6 @@
# ====================================================================
# [Re]written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-alpha.pl b/crypto/sha/asm/sha1-alpha.pl
-index 6c4b925..4124958 100644
--- a/crypto/sha/asm/sha1-alpha.pl
+++ b/crypto/sha/asm/sha1-alpha.pl
@@ -1,4 +1,11 @@
@@ -97747,7 +103689,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -317,6 +324,6 @@ $code.=<<___;
+@@ -317,6 +324,6 @@ for (;$i<80;$i++) { &BODY_20_39($i, at V);
.ascii "SHA1 block transform for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
___
@@ -97755,8 +103697,6 @@
+$output=pop and open STDOUT,">$output";
print $code;
close STDOUT;
-diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
-index 6fd2303..7ff5bfb 100644
--- a/crypto/sha/asm/sha1-armv4-large.pl
+++ b/crypto/sha/asm/sha1-armv4-large.pl
@@ -1,4 +1,11 @@
@@ -97772,8 +103712,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl
-index 5ef9dc2..39609a4 100644
--- a/crypto/sha/asm/sha1-armv8.pl
+++ b/crypto/sha/asm/sha1-armv8.pl
@@ -1,4 +1,11 @@
@@ -97789,8 +103727,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl
-index ad8b172..4db2bcb 100644
--- a/crypto/sha/asm/sha1-c64xplus.pl
+++ b/crypto/sha/asm/sha1-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -97806,8 +103742,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl
-index a9d2b7c..dec21f9 100644
--- a/crypto/sha/asm/sha1-ia64.pl
+++ b/crypto/sha/asm/sha1-ia64.pl
@@ -1,4 +1,11 @@
@@ -97823,8 +103757,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl
-index 9de3f15..51c73c0 100644
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -1,4 +1,11 @@
@@ -97840,7 +103772,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -63,7 +70,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -63,7 +70,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -97849,8 +103781,6 @@
*STDOUT=*OUT;
# void sha1_multi_block (
-diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl
-index 26db5cd..882f973 100644
--- a/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/sha/asm/sha1-mips.pl
@@ -1,4 +1,11 @@
@@ -97866,7 +103796,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -326,7 +333,7 @@ ___
+@@ -326,7 +333,7 @@ my $j=$i+1;
}
$FRAMESIZE=16; # large enough to accommodate NUBI saved registers
@@ -97875,8 +103805,6 @@
$code=<<___;
#ifdef OPENSSL_FIPSCANISTER
-diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl
-index 6e5a328..a85d126 100644
--- a/crypto/sha/asm/sha1-parisc.pl
+++ b/crypto/sha/asm/sha1-parisc.pl
@@ -1,4 +1,11 @@
@@ -97892,8 +103820,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-ppc.pl b/crypto/sha/asm/sha1-ppc.pl
-index ab65502..7a66e03 100755
--- a/crypto/sha/asm/sha1-ppc.pl
+++ b/crypto/sha/asm/sha1-ppc.pl
@@ -1,4 +1,11 @@
@@ -97909,8 +103835,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl
-index a62cc31..b19606c 100644
--- a/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/sha/asm/sha1-s390x.pl
@@ -1,4 +1,11 @@
@@ -97926,7 +103850,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -168,10 +175,7 @@ $code.=<<___ if ($kimdfunc);
+@@ -168,10 +175,7 @@ Ktable: .long 0x5a827999,0x6ed9eba1,0x8f
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lsoftware
@@ -97938,7 +103862,7 @@
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
-@@ -238,7 +242,7 @@ $code.=<<___;
+@@ -238,7 +242,7 @@ for (;$i<80;$i++) { &BODY_20_39($i, at V);
br %r14
.size sha1_block_data_order,.-sha1_block_data_order
.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
@@ -97947,8 +103871,6 @@
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
-diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl
-index 9f20725..7437ff4 100644
--- a/crypto/sha/asm/sha1-sparcv9.pl
+++ b/crypto/sha/asm/sha1-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -97964,8 +103886,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl
-index e81a4dc..f9ed563 100644
--- a/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/crypto/sha/asm/sha1-sparcv9a.pl
@@ -1,4 +1,11 @@
@@ -97981,8 +103901,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl
-index 7c9ea9b..661fd9f 100644
--- a/crypto/sha/asm/sha1-thumb.pl
+++ b/crypto/sha/asm/sha1-thumb.pl
@@ -1,4 +1,11 @@
@@ -97998,8 +103916,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl
-index 8827886..e8f61ab 100755
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
@@ -1,4 +1,11 @@
@@ -98015,7 +103931,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -115,7 +122,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -115,7 +122,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$shaext=1; ### set to zero if compiling for 1.0.1
$avx=1 if (!$shaext && $avx);
@@ -98024,8 +103940,6 @@
*STDOUT=*OUT;
$ctx="%rdi"; # 1st arg
-diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl
-index 55d833a..6af1d84 100644
--- a/crypto/sha/asm/sha256-586.pl
+++ b/crypto/sha/asm/sha256-586.pl
@@ -1,4 +1,11 @@
@@ -98041,8 +103955,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
-index 621bcdb..55d30cb 100644
--- a/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/sha/asm/sha256-armv4.pl
@@ -1,4 +1,11 @@
@@ -98058,8 +103970,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl
-index 2f775ac..3ab7d9b 100644
--- a/crypto/sha/asm/sha256-c64xplus.pl
+++ b/crypto/sha/asm/sha256-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -98075,8 +103985,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl
-index 65df8e6..fbcd29f 100644
--- a/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -1,4 +1,11 @@
@@ -98092,7 +104000,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -64,7 +71,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -64,7 +71,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$avx = ($2>=3.0) + ($2>3.0);
}
@@ -98101,8 +104009,6 @@
*STDOUT=*OUT;
# void sha256_multi_block (
-diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl
-index d0f9101..0887e06 100644
--- a/crypto/sha/asm/sha512-586.pl
+++ b/crypto/sha/asm/sha512-586.pl
@@ -1,4 +1,11 @@
@@ -98118,8 +104024,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl
-index 0840a8d..22b5a9d 100644
--- a/crypto/sha/asm/sha512-armv4.pl
+++ b/crypto/sha/asm/sha512-armv4.pl
@@ -1,4 +1,11 @@
@@ -98135,8 +104039,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl
-index 7d69f0f..ef517df 100644
--- a/crypto/sha/asm/sha512-armv8.pl
+++ b/crypto/sha/asm/sha512-armv8.pl
@@ -1,4 +1,11 @@
@@ -98152,8 +104054,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl
-index 71a1e80..9ebfc92 100644
--- a/crypto/sha/asm/sha512-c64xplus.pl
+++ b/crypto/sha/asm/sha512-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -98169,8 +104069,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-ia64.pl b/crypto/sha/asm/sha512-ia64.pl
-index 4f472d1..356a46a 100755
--- a/crypto/sha/asm/sha512-ia64.pl
+++ b/crypto/sha/asm/sha512-ia64.pl
@@ -1,4 +1,11 @@
@@ -98186,8 +104084,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl
-index 79429ab..5c2d23f 100644
--- a/crypto/sha/asm/sha512-mips.pl
+++ b/crypto/sha/asm/sha512-mips.pl
@@ -1,4 +1,11 @@
@@ -98219,7 +104115,7 @@
$PTR_ADD="add";
$PTR_SUB="sub";
$REG_S="sw";
-@@ -286,7 +295,7 @@ ___
+@@ -286,7 +295,7 @@ my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4], at X[5
}
$FRAMESIZE=16*$SZ+16*$SZREG;
@@ -98228,7 +104124,7 @@
$code.=<<___;
#ifdef OPENSSL_FIPSCANISTER
-@@ -343,7 +352,7 @@ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
+@@ -343,7 +352,7 @@ my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4], at X[5
___
$code.=<<___;
.set reorder
@@ -98237,8 +104133,6 @@
$LD $A,0*$SZ($ctx) # load context
$LD $B,1*$SZ($ctx)
-diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl
-index 6cad72e..fcb6157 100755
--- a/crypto/sha/asm/sha512-parisc.pl
+++ b/crypto/sha/asm/sha512-parisc.pl
@@ -1,4 +1,11 @@
@@ -98254,8 +104148,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-ppc.pl b/crypto/sha/asm/sha512-ppc.pl
-index 17fdc6e..fe95b01 100755
--- a/crypto/sha/asm/sha512-ppc.pl
+++ b/crypto/sha/asm/sha512-ppc.pl
@@ -1,4 +1,11 @@
@@ -98271,8 +104163,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl
-index 7780627..582d393 100644
--- a/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/sha/asm/sha512-s390x.pl
@@ -1,4 +1,11 @@
@@ -98288,7 +104178,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -240,10 +247,7 @@ $code.=<<___ if ($kimdfunc);
+@@ -240,10 +247,7 @@ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lsoftware
@@ -98300,7 +104190,7 @@
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
-@@ -311,7 +315,7 @@ $code.=<<___;
+@@ -311,7 +315,7 @@ for (;$i<32;$i++) { &BODY_16_XX($i, at V);
br %r14
.size $Func,.-$Func
.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
@@ -98309,8 +104199,6 @@
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
-diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl
-index 866a7b0..4a1ce5f 100644
--- a/crypto/sha/asm/sha512-sparcv9.pl
+++ b/crypto/sha/asm/sha512-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -98326,8 +104214,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl
-index a62acd2..3dbb23a 100755
--- a/crypto/sha/asm/sha512-x86_64.pl
+++ b/crypto/sha/asm/sha512-x86_64.pl
@@ -1,4 +1,11 @@
@@ -98343,7 +104229,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -132,7 +139,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+@@ -132,7 +139,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
$shaext=1; ### set to zero if compiling for 1.0.1
$avx=1 if (!$shaext && $avx);
@@ -98352,8 +104238,6 @@
*STDOUT=*OUT;
if ($output =~ /512/) {
-diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl
-index 4718950..4d3d3b2 100755
--- a/crypto/sha/asm/sha512p8-ppc.pl
+++ b/crypto/sha/asm/sha512p8-ppc.pl
@@ -1,4 +1,11 @@
@@ -98369,11 +104253,9 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/crypto/sha/build.info b/crypto/sha/build.info
-index 7aa3a91..5843e50 100644
--- a/crypto/sha/build.info
+++ b/crypto/sha/build.info
-@@ -13,7 +13,7 @@ GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
+@@ -13,7 +13,7 @@ GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $
GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
@@ -98382,8 +104264,6 @@
GENERATE[sha1-x86_64.s]=asm/sha1-x86_64.pl $(PERLASM_SCHEME)
GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME)
-diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
-index 32ec6f1..273ab08 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -1,58 +1,10 @@
@@ -98451,8 +104331,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
-index fb8e866..819370e 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -1,58 +1,10 @@
@@ -98520,8 +104398,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
-index 53b6054..5e7ba43 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -1,8 +1,12 @@
@@ -98541,8 +104417,6 @@
#include <openssl/opensslconf.h>
#include <stdlib.h>
-diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
-index 2c8954f..d24d103 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -1,8 +1,12 @@
@@ -98562,14 +104436,14 @@
#include <openssl/opensslconf.h>
/*-
* IMPLEMENTATION NOTES.
-diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
-index 649cded..918278a 100644
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -98617,9 +104491,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -98631,8 +104503,6 @@
*/
#include <stdlib.h>
-diff --git a/crypto/sparc_arch.h b/crypto/sparc_arch.h
-index e30d322..99eafb3 100644
--- a/crypto/sparc_arch.h
+++ b/crypto/sparc_arch.h
@@ -1,3 +1,12 @@
@@ -98676,8 +104546,6 @@
# if defined(OPENSSL_PIC) && !defined(__PIC__)
# define __PIC__
-diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S
-index 72c7adf..4c394fa 100644
--- a/crypto/sparccpuid.S
+++ b/crypto/sparccpuid.S
@@ -1,3 +1,10 @@
@@ -98691,7 +104559,7 @@
#ifdef OPENSSL_FIPSCANISTER
#include <openssl/fipssyms.h>
#endif
-@@ -349,6 +356,14 @@ _sparcv9_random:
+@@ -349,6 +356,14 @@
.type _sparcv9_random,#function
.size _sparcv9_random,.-_sparcv9_vis3_probe
@@ -98706,7 +104574,7 @@
.global OPENSSL_cleanse
.align 32
OPENSSL_cleanse:
-@@ -432,6 +447,40 @@ OPENSSL_cleanse:
+@@ -432,6 +447,40 @@
.type OPENSSL_cleanse,#function
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -98747,8 +104615,6 @@
.global _sparcv9_vis1_instrument_bus
.align 8
_sparcv9_vis1_instrument_bus:
-diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
-index 2058640..92841ce 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c
@@ -1,3 +1,12 @@
@@ -98764,7 +104630,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-@@ -60,9 +69,18 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+@@ -60,9 +69,18 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U
if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3))
return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
else if (num >= 8 &&
@@ -98828,9 +104694,6 @@
/*
* In wait for better solution _sparcv9_rdcfr is masked by
* VIS3 flag, because it goes to uninterruptable endless
-diff --git a/crypto/srp/Makefile.in b/crypto/srp/Makefile.in
-deleted file mode 100644
-index 78e9a4f..0000000
--- a/crypto/srp/Makefile.in
+++ /dev/null
@@ -1,39 +0,0 @@
@@ -98873,8 +104736,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
-index aefc490..0667174 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -1,61 +1,12 @@
@@ -98954,7 +104815,32 @@
{
/* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
-@@ -101,7 +52,7 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
+@@ -84,24 +35,27 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIG
+ goto err;
+ BN_bn2bin(N, tmp);
+
+- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+- EVP_DigestUpdate(ctxt, tmp, longN);
++ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
++ || !EVP_DigestUpdate(ctxt, tmp, longN))
++ goto err;
+
+ memset(tmp, 0, longN);
+ longg = BN_bn2bin(g, tmp);
+ /* use the zeros behind to pad on left */
+- EVP_DigestUpdate(ctxt, tmp + longg, longN - longg);
+- EVP_DigestUpdate(ctxt, tmp, longg);
++ if (!EVP_DigestUpdate(ctxt, tmp + longg, longN - longg)
++ || !EVP_DigestUpdate(ctxt, tmp, longg))
++ goto err;
+ OPENSSL_free(tmp);
+
+- EVP_DigestFinal_ex(ctxt, digest, NULL);
++ if (!EVP_DigestFinal_ex(ctxt, digest, NULL))
++ goto err;
+ res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
+ EVP_MD_CTX_free(ctxt);
return res;
}
@@ -98963,7 +104849,25 @@
{
/* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
-@@ -144,8 +95,8 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
+@@ -126,11 +80,13 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B,
+
+ memset(cAB, 0, longN);
+
+- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+- EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
+- EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
++ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
++ || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN)
++ || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN))
++ goto err;
+ OPENSSL_free(cAB);
+- EVP_DigestFinal_ex(ctxt, cu, NULL);
++ if (!EVP_DigestFinal_ex(ctxt, cu, NULL))
++ goto err;
+
+ if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
+ goto err;
+@@ -144,8 +100,8 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B,
return u;
}
@@ -98974,7 +104878,7 @@
{
BIGNUM *tmp = NULL, *S = NULL;
BN_CTX *bn_ctx;
-@@ -153,8 +104,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
+@@ -153,8 +109,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, B
if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
return NULL;
@@ -98984,7 +104888,7 @@
goto err;
/* S = (A*v**u) ** b */
-@@ -163,15 +113,20 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
+@@ -163,15 +118,20 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, B
goto err;
if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
goto err;
@@ -99008,7 +104912,7 @@
{
BIGNUM *kv = NULL, *gb = NULL;
BIGNUM *B = NULL, *k = NULL;
-@@ -202,7 +157,7 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
+@@ -202,7 +162,7 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N,
return B;
}
@@ -99017,7 +104921,38 @@
{
unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX *ctxt;
-@@ -237,7 +192,7 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
+@@ -218,18 +178,20 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char
+ if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+ goto err;
+
+- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+- EVP_DigestUpdate(ctxt, user, strlen(user));
+- EVP_DigestUpdate(ctxt, ":", 1);
+- EVP_DigestUpdate(ctxt, pass, strlen(pass));
+- EVP_DigestFinal_ex(ctxt, dig, NULL);
+-
+- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
++ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
++ || !EVP_DigestUpdate(ctxt, user, strlen(user))
++ || !EVP_DigestUpdate(ctxt, ":", 1)
++ || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
++ || !EVP_DigestFinal_ex(ctxt, dig, NULL)
++ || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
++ goto err;
+ BN_bn2bin(s, cs);
+- EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
++ if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
++ goto err;
+ OPENSSL_free(cs);
+- EVP_DigestUpdate(ctxt, dig, sizeof(dig));
+- EVP_DigestFinal_ex(ctxt, dig, NULL);
++ if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
++ || !EVP_DigestFinal_ex(ctxt, dig, NULL))
++ goto err;
+
+ res = BN_bin2bn(dig, sizeof(dig), NULL);
+ err:
+@@ -237,7 +199,7 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char
return res;
}
@@ -99026,7 +104961,7 @@
{
BN_CTX *bn_ctx;
BIGNUM *A = NULL;
-@@ -253,8 +208,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
+@@ -253,8 +215,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N,
return A;
}
@@ -99037,7 +104972,7 @@
{
BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
BN_CTX *bn_ctx;
-@@ -265,8 +220,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
+@@ -265,8 +227,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, B
if ((tmp = BN_new()) == NULL ||
(tmp2 = BN_new()) == NULL ||
@@ -99047,15 +104982,15 @@
goto err;
if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
-@@ -277,12 +231,15 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
+@@ -277,12 +238,15 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, B
goto err;
if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
goto err;
- if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
+- goto err;
+- if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
+ if (!BN_mul(tmp3, u, x, bn_ctx))
goto err;
-- if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
-- goto err;
- if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
+ if (!BN_add(tmp2, a, tmp3))
goto err;
@@ -99067,7 +105002,7 @@
err:
BN_CTX_free(bn_ctx);
-@@ -293,7 +250,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
+@@ -293,7 +257,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, B
return K;
}
@@ -99076,7 +105011,7 @@
{
BIGNUM *r;
BN_CTX *bn_ctx;
-@@ -314,20 +271,20 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
+@@ -314,20 +278,20 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM
return ret;
}
@@ -99105,7 +105040,7 @@
};
# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
-@@ -336,7 +293,7 @@ static SRP_gN knowngN[] = {
+@@ -336,7 +300,7 @@ static SRP_gN knowngN[] = {
* Check if G and N are known parameters. The values have been generated
* from the ietf-tls-srp draft version 8
*/
@@ -99114,8 +105049,6 @@
{
size_t i;
if ((g == NULL) || (N == NULL))
-diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
-index 78db608..f99fa1b 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -1,61 +1,12 @@
@@ -99186,7 +105119,7 @@
#ifndef OPENSSL_NO_SRP
# include "internal/cryptlib.h"
# include <openssl/sha.h>
-@@ -445,7 +396,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+@@ -445,7 +396,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *
if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
goto err;
@@ -99195,7 +105128,24 @@
}
}
}
-@@ -574,7 +525,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+@@ -549,10 +500,12 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP
+ if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+ goto err;
+ ctxt = EVP_MD_CTX_new();
+- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+- EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
+- EVP_DigestUpdate(ctxt, username, strlen(username));
+- EVP_DigestFinal_ex(ctxt, digs, NULL);
++ if (ctxt == NULL
++ || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
++ || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
++ || !EVP_DigestUpdate(ctxt, username, strlen(username))
++ || !EVP_DigestFinal_ex(ctxt, digs, NULL))
++ goto err;
+ EVP_MD_CTX_free(ctxt);
+ ctxt = NULL;
+ if (SRP_user_pwd_set_sv_BN(user,
+@@ -574,7 +527,8 @@ char *SRP_create_verifier(const char *us
{
int len;
char *result = NULL, *vf = NULL;
@@ -99205,7 +105155,7 @@
unsigned char tmp[MAX_LEN];
unsigned char tmp2[MAX_LEN];
char *defgNid = NULL;
-@@ -587,10 +539,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+@@ -587,10 +541,12 @@ char *SRP_create_verifier(const char *us
if (N) {
if ((len = t_fromb64(tmp, N)) == 0)
goto err;
@@ -99220,7 +105170,7 @@
defgNid = "*";
} else {
SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
-@@ -636,10 +590,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+@@ -636,10 +592,8 @@ char *SRP_create_verifier(const char *us
result = defgNid;
err:
@@ -99233,9 +105183,6 @@
OPENSSL_clear_free(vf, vfsize);
BN_clear_free(s);
BN_clear_free(v);
-diff --git a/crypto/stack/Makefile.in b/crypto/stack/Makefile.in
-deleted file mode 100644
-index e127585..0000000
--- a/crypto/stack/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -99282,8 +105229,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
-index d486f33..02be8af 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -1,59 +1,12 @@
@@ -99375,7 +105320,7 @@
if (sk->comp != c)
sk->sorted = 0;
-@@ -83,49 +36,44 @@ int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
+@@ -83,49 +36,44 @@ int (*sk_set_cmp_func(_STACK *sk, int (*
return old;
}
@@ -99448,7 +105393,7 @@
for (i = 0; i < ret->num; ++i) {
if (sk->data[i] == NULL)
-@@ -134,23 +82,23 @@ _STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *),
+@@ -134,23 +82,23 @@ int (*sk_set_cmp_func(_STACK *sk, int (*
while (--i >= 0)
if (ret->data[i] != NULL)
free_func(ret->data[i]);
@@ -99478,7 +105423,7 @@
goto err;
if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL)
goto err;
-@@ -163,7 +111,7 @@ _STACK *sk_new(int (*c) (const void *, const void *))
+@@ -163,7 +111,7 @@ int (*sk_set_cmp_func(_STACK *sk, int (*
return (NULL);
}
@@ -99487,7 +105432,7 @@
{
char **s;
-@@ -189,22 +137,22 @@ int sk_insert(_STACK *st, void *data, int loc)
+@@ -189,22 +137,22 @@ int sk_insert(_STACK *st, void *data, in
return (st->num);
}
@@ -99525,7 +105470,7 @@
{
const void *const *r;
int i;
-@@ -235,7 +184,7 @@ static int internal_find(_STACK *st, void *data, int ret_val_options)
+@@ -235,7 +184,7 @@ static int internal_find(_STACK *st, voi
return (i);
return (-1);
}
@@ -99534,7 +105479,7 @@
if (data == NULL)
return (-1);
r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
-@@ -245,45 +194,45 @@ static int internal_find(_STACK *st, void *data, int ret_val_options)
+@@ -245,45 +194,45 @@ static int internal_find(_STACK *st, voi
return (int)((char **)r - st->data);
}
@@ -99600,7 +105545,7 @@
{
int i;
-@@ -302,10 +251,10 @@ void sk_pop_free(_STACK *st, void (*func) (void *))
+@@ -302,10 +251,10 @@ void sk_pop_free(_STACK *st, void (*func
for (i = 0; i < st->num; i++)
if (st->data[i] != NULL)
func(st->data[i]);
@@ -99671,8 +105616,6 @@
return 1;
return st->sorted;
}
-diff --git a/crypto/threads_none.c b/crypto/threads_none.c
-index 4e3b7a5..72bf25b 100644
--- a/crypto/threads_none.c
+++ b/crypto/threads_none.c
@@ -1,54 +1,13 @@
@@ -99736,8 +105679,6 @@
#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c
-index edca77c..6f5e812 100644
--- a/crypto/threads_pthread.c
+++ b/crypto/threads_pthread.c
@@ -1,54 +1,13 @@
@@ -99801,11 +105742,9 @@
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
-diff --git a/crypto/threads_win.c b/crypto/threads_win.c
-index 63647a3..545b9be 100644
--- a/crypto/threads_win.c
+++ b/crypto/threads_win.c
-@@ -1,54 +1,13 @@
+@@ -1,54 +1,17 @@
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
+/*
@@ -99861,12 +105800,16 @@
+ * https://www.openssl.org/source/license.html
*/
++#if defined(_WIN32)
++# include <windows.h>
++#endif
++
#include <openssl/crypto.h>
-#include "internal/threads.h"
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS)
-@@ -96,12 +55,14 @@ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+@@ -96,12 +59,14 @@ void CRYPTO_THREAD_lock_free(CRYPTO_RWLO
return;
}
@@ -99883,7 +105826,7 @@
int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
{
LONG volatile *lock = (LONG *)once;
-@@ -122,27 +83,6 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+@@ -122,27 +87,6 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *
return (*lock == ONCE_DONE);
}
@@ -99911,9 +105854,6 @@
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
{
*key = TlsAlloc();
-diff --git a/crypto/ts/Makefile.in b/crypto/ts/Makefile.in
-deleted file mode 100644
-index 64156b5..0000000
--- a/crypto/ts/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -99970,8 +105910,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
-index 5d0c598..e60675a 100644
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -1,58 +1,10 @@
@@ -100038,8 +105976,6 @@
*/
#include <openssl/ts.h>
-diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
-index e610691..f5f3934 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -1,59 +1,10 @@
@@ -100107,8 +106043,6 @@
*/
#include <string.h>
-diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
-index b1dd8a1..08217f7 100644
--- a/crypto/ts/ts_err.c
+++ b/crypto/ts/ts_err.c
@@ -1,61 +1,11 @@
@@ -100188,7 +106122,7 @@
{ERR_FUNC(TS_F_DEF_SERIAL_CB), "def_serial_cb"},
{ERR_FUNC(TS_F_DEF_TIME_CB), "def_time_cb"},
{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_add_signing_cert"},
-@@ -118,7 +67,6 @@ static ERR_STRING_DATA TS_str_functs[] = {
+@@ -118,7 +67,6 @@ static ERR_STRING_DATA TS_str_functs[] =
{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"},
{ERR_FUNC(TS_F_TS_RESP_SIGN), "ts_RESP_sign"},
{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"},
@@ -100196,7 +106130,7 @@
{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"},
{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),
"TS_TST_INFO_set_msg_imprint"},
-@@ -141,7 +89,6 @@ static ERR_STRING_DATA TS_str_reasons[] = {
+@@ -141,7 +89,6 @@ static ERR_STRING_DATA TS_str_reasons[]
{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
{ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
{ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
@@ -100204,8 +106138,21 @@
{ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"},
{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),
"ess add signing cert error"},
-diff --git a/crypto/ts/ts_lcl.h b/crypto/ts/ts_lcl.h
-index e3f915c..d0c3cf8 100644
+@@ -184,7 +131,7 @@ static ERR_STRING_DATA TS_str_reasons[]
+
+ #endif
+
+-void ERR_load_TS_strings(void)
++int ERR_load_TS_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -193,4 +140,5 @@ void ERR_load_TS_strings(void)
+ ERR_load_strings(0, TS_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/ts/ts_lcl.h
+++ b/crypto/ts/ts_lcl.h
@@ -1,58 +1,12 @@
@@ -100282,8 +106229,6 @@
/*-
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
-diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
-index 087334b..bde1bd7 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -1,59 +1,10 @@
@@ -100351,8 +106296,18 @@
*/
#include <stdio.h>
-diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c
-index 791715c..0dedf47 100644
+@@ -89,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN
+ {
+ char obj_txt[128];
+
+- int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+- BIO_write(bio, obj_txt, len);
+- BIO_write(bio, "\n", 1);
++ OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
++ BIO_printf(bio, "%s\n", obj_txt);
+
+ return 1;
+ }
--- a/crypto/ts/ts_req_print.c
+++ b/crypto/ts/ts_req_print.c
@@ -1,59 +1,10 @@
@@ -100420,8 +106375,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c
-index 5e1114a..a37cf84 100644
--- a/crypto/ts/ts_req_utils.c
+++ b/crypto/ts/ts_req_utils.c
@@ -1,59 +1,10 @@
@@ -100489,8 +106442,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c
-index 643bf4a..6eb0ec8 100644
--- a/crypto/ts/ts_rsp_print.c
+++ b/crypto/ts/ts_rsp_print.c
@@ -1,59 +1,10 @@
@@ -100558,8 +106509,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
-index 0ad6f10..8619cb5 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -1,59 +1,10 @@
@@ -100627,7 +106576,7 @@
*/
#include "internal/cryptlib.h"
-@@ -272,7 +223,7 @@ int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
+@@ -272,7 +223,7 @@ int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx,
if (ctx->mds == NULL
&& (ctx->mds = sk_EVP_MD_new_null()) == NULL)
goto err;
@@ -100636,7 +106585,7 @@
goto err;
return 1;
-@@ -495,7 +446,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx)
+@@ -495,7 +446,7 @@ static int ts_RESP_check_request(TS_RESP
X509_ALGOR *md_alg;
int md_alg_id;
const ASN1_OCTET_STRING *digest;
@@ -100645,7 +106594,7 @@
int i;
if (TS_REQ_get_version(request) != 1) {
-@@ -509,7 +460,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx)
+@@ -509,7 +460,7 @@ static int ts_RESP_check_request(TS_RESP
md_alg = msg_imprint->hash_algo;
md_alg_id = OBJ_obj2nid(md_alg->algorithm);
for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
@@ -100654,8 +106603,6 @@
if (md_alg_id == EVP_MD_type(current_md))
md = current_md;
}
-diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c
-index 5d0c51a..3747b5c 100644
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@@ -1,59 +1,10 @@
@@ -100723,8 +106670,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
-index 89b86e1..0916636 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -1,59 +1,10 @@
@@ -100792,7 +106737,7 @@
*/
#include <stdio.h>
-@@ -396,36 +347,43 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+@@ -396,36 +347,43 @@ static int int_ts_RESP_verify_token(TS_V
unsigned char *imprint = NULL;
unsigned imprint_len = 0;
int ret = 0;
@@ -100844,7 +106789,7 @@
&& !ts_check_signer_name(ctx->tsa_name, signer)) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
goto err;
-@@ -505,7 +463,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+@@ -505,7 +463,7 @@ static char *ts_get_status_text(STACK_OF
TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -100853,8 +106798,6 @@
for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
length = ASN1_STRING_length(current);
-diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
-index b650a00..141385d 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -1,59 +1,10 @@
@@ -100922,9 +106865,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/txt_db/Makefile.in b/crypto/txt_db/Makefile.in
-deleted file mode 100644
-index 905ab41..0000000
--- a/crypto/txt_db/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -100971,8 +106911,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
-index 219031e..1432230 100644
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -1,58 +1,10 @@
@@ -101040,7 +106978,7 @@
*/
#include <stdio.h>
-@@ -193,7 +145,7 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+@@ -193,7 +145,7 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_
}
int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
@@ -101049,7 +106987,7 @@
{
LHASH_OF(OPENSSL_STRING) *idx;
OPENSSL_STRING *r;
-@@ -204,7 +156,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+@@ -204,7 +156,7 @@ int TXT_DB_create_index(TXT_DB *db, int
return (0);
}
/* FIXME: we lose type checking at this point */
@@ -101058,9 +106996,6 @@
db->error = DB_ERROR_MALLOC;
return (0);
}
-diff --git a/crypto/ui/Makefile.in b/crypto/ui/Makefile.in
-deleted file mode 100644
-index 665cd2e..0000000
--- a/crypto/ui/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -101107,8 +107042,6 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c
-index b43356e..03cd2bc 100644
--- a/crypto/ui/ui_err.c
+++ b/crypto/ui/ui_err.c
@@ -1,61 +1,11 @@
@@ -101189,8 +107122,21 @@
{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
-diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
-index 7b08107..2940b2f 100644
+@@ -98,7 +48,7 @@ static ERR_STRING_DATA UI_str_reasons[]
+
+ #endif
+
+-void ERR_load_UI_strings(void)
++int ERR_load_UI_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -107,4 +57,5 @@ void ERR_load_UI_strings(void)
+ ERR_load_strings(0, UI_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -1,59 +1,10 @@
@@ -101258,7 +107204,7 @@
*/
#include <string.h>
-@@ -92,7 +43,10 @@ UI *UI_new_method(const UI_METHOD *method)
+@@ -92,7 +43,10 @@ UI *UI_new_method(const UI_METHOD *metho
else
ret->meth = method;
@@ -101270,7 +107216,31 @@
return ret;
}
-@@ -578,12 +532,18 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+@@ -173,8 +127,10 @@ static int general_allocate_string(UI *u
+ s->_.string_data.test_buf = test_buf;
+ ret = sk_UI_STRING_push(ui->strings, s);
+ /* sk_push() returns 0 on error. Let's adapt that */
+- if (ret <= 0)
++ if (ret <= 0) {
+ ret--;
++ free_string(s);
++ }
+ } else
+ free_string(s);
+ }
+@@ -218,8 +174,10 @@ static int general_allocate_boolean(UI *
+ /*
+ * sk_push() returns 0 on error. Let's adapt that
+ */
+- if (ret <= 0)
++ if (ret <= 0) {
+ ret--;
++ free_string(s);
++ }
+ } else
+ free_string(s);
+ }
+@@ -578,12 +536,18 @@ const UI_METHOD *UI_set_method(UI *ui, c
return ui->meth;
}
@@ -101291,8 +107261,6 @@
return ui_method;
}
-diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h
-index abbdd1c..2953739 100644
--- a/crypto/ui/ui_locl.h
+++ b/crypto/ui/ui_locl.h
@@ -1,59 +1,10 @@
@@ -101360,8 +107328,6 @@
*/
#ifndef HEADER_UI_LOCL_H
-diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
-index 7fc3e17..929f7cb 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -1,118 +1,10 @@
@@ -101488,8 +107454,6 @@
*/
#include <openssl/e_os2.h>
-diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
-index f04ee7c..3b51db9 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -1,55 +1,10 @@
@@ -101554,8 +107518,6 @@
*/
#include <string.h>
-diff --git a/crypto/uid.c b/crypto/uid.c
-index 2093947..12df8a4 100644
--- a/crypto/uid.c
+++ b/crypto/uid.c
@@ -1,55 +1,10 @@
@@ -101620,8 +107582,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h
-index 09c280e..3b994a0 100644
--- a/crypto/vms_rms.h
+++ b/crypto/vms_rms.h
@@ -1,3 +1,11 @@
@@ -101636,9 +107596,6 @@
#ifdef NAML$C_MAXRSS
-diff --git a/crypto/whrlpool/Makefile.in b/crypto/whrlpool/Makefile.in
-deleted file mode 100644
-index e6c64b7..0000000
--- a/crypto/whrlpool/Makefile.in
+++ /dev/null
@@ -1,56 +0,0 @@
@@ -101698,8 +107655,6 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl
-index a71a29f..f63945c 100644
--- a/crypto/whrlpool/asm/wp-mmx.pl
+++ b/crypto/whrlpool/asm/wp-mmx.pl
@@ -1,4 +1,11 @@
@@ -101715,8 +107670,6 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl
-index 5a3bdbc..c0b21d1 100644
--- a/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/crypto/whrlpool/asm/wp-x86_64.pl
@@ -1,4 +1,11 @@
@@ -101732,7 +107685,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -41,7 +48,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+@@ -41,7 +48,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -101741,8 +107694,6 @@
*STDOUT=*OUT;
sub L() { $code.=".byte ".join(',', at _)."\n"; }
-diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c
-index dc652e8..b29f037 100644
--- a/crypto/whrlpool/wp_block.c
+++ b/crypto/whrlpool/wp_block.c
@@ -1,3 +1,12 @@
@@ -101758,8 +107709,6 @@
/**
* The Whirlpool hashing function.
*
-diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
-index eeb420c..ed06424 100644
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -1,3 +1,12 @@
@@ -101783,7 +107732,7 @@
#include "wp_locl.h"
#include <string.h>
-@@ -236,7 +246,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+@@ -236,7 +246,7 @@ int WHIRLPOOL_Final(unsigned char *md, W
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
@@ -101792,8 +107741,6 @@
return (1);
}
return (0);
-diff --git a/crypto/whrlpool/wp_locl.h b/crypto/whrlpool/wp_locl.h
-index 6e7b549..3a81cfd 100644
--- a/crypto/whrlpool/wp_locl.h
+++ b/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,12 @@
@@ -101809,9 +107756,6 @@
#include <openssl/whrlpool.h>
void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
-diff --git a/crypto/x509/Makefile.in b/crypto/x509/Makefile.in
-deleted file mode 100644
-index 8b11dc4..0000000
--- a/crypto/x509/Makefile.in
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -101872,8 +107816,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
-index 5524117..5473cb1 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -1,58 +1,10 @@
@@ -101949,8 +107891,17 @@
#include "internal/x509_int.h"
#include "x509_lcl.h"
-diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
-index eea7a7e..4376bed 100644
+@@ -97,8 +48,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
+ static int new_dir(X509_LOOKUP *lu);
+ static void free_dir(X509_LOOKUP *lu);
+ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
+-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+- X509_OBJECT *ret);
++static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
++ X509_NAME *name, X509_OBJECT *ret);
+ static X509_LOOKUP_METHOD x509_dir_lookup = {
+ "Load certs from files in a directory",
+ new_dir, /* new */
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -1,58 +1,10 @@
@@ -102018,8 +107969,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
-index d4d916e..9b6b5a5 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -1,59 +1,10 @@
@@ -102087,8 +108036,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
-index afe59c4..0d0447b 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -1,58 +1,10 @@
@@ -102156,7 +108103,22 @@
*/
#include <stdio.h>
-@@ -181,6 +133,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+@@ -134,13 +86,12 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+
+- pkey = X509_REQ_get_pubkey(x);
++ pkey = X509_REQ_get0_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+ ERR_print_errors(bp);
+ } else {
+ EVP_PKEY_print_public(bp, pkey, 16, NULL);
+- EVP_PKEY_free(pkey);
+ }
+ }
+
+@@ -181,6 +132,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
goto err;
if ((type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_T61STRING) ||
@@ -102164,8 +108126,6 @@
(type == V_ASN1_IA5STRING)) {
if (BIO_write(bp, (char *)bs->data, bs->length)
!= bs->length)
-diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
-index 996a755..5fbe767 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -1,58 +1,10 @@
@@ -102233,8 +108193,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
-index fb04cdc..1fda58e 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -1,58 +1,10 @@
@@ -102302,7 +108260,7 @@
*/
#include <stdio.h>
-@@ -288,13 +240,13 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+@@ -288,13 +240,13 @@ int X509_ATTRIBUTE_set1_object(X509_ATTR
return (0);
ASN1_OBJECT_free(attr->object);
attr->object = OBJ_dup(obj);
@@ -102318,7 +108276,7 @@
ASN1_STRING *stmp = NULL;
int atype = 0;
if (!attr)
-@@ -319,20 +271,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+@@ -319,24 +271,30 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB
* least one value but some types use and zero length SET and require
* this.
*/
@@ -102347,8 +108305,11 @@
return 0;
}
-diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
-index d3b2c19..63cef40 100644
+-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
++int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
+ {
+ if (attr == NULL)
+ return 0;
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -1,58 +1,10 @@
@@ -102416,7 +108377,7 @@
*/
#include <stdio.h>
-@@ -187,9 +139,10 @@ int X509_cmp(const X509 *a, const X509 *b)
+@@ -187,9 +139,10 @@ int X509_cmp(const X509 *a, const X509 *
return rv;
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
@@ -102430,8 +108391,27 @@
return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
a->cert_info.enc.len);
}
-diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
-index d833733..cb03dbf 100644
+@@ -304,7 +257,7 @@ X509 *X509_find_by_subject(STACK_OF(X509
+ return (NULL);
+ }
+
+-EVP_PKEY *X509_get0_pubkey(X509 *x)
++EVP_PKEY *X509_get0_pubkey(const X509 *x)
+ {
+ if (x == NULL)
+ return NULL;
+@@ -318,9 +271,9 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
+ return X509_PUBKEY_get(x->cert_info.key);
+ }
+
+-int X509_check_private_key(X509 *x, EVP_PKEY *k)
++int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
+ {
+- EVP_PKEY *xk;
++ const EVP_PKEY *xk;
+ int ret;
+
+ xk = X509_get0_pubkey(x);
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -1,58 +1,10 @@
@@ -102499,8 +108479,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
-index 0633cae..d11358e 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -1,58 +1,10 @@
@@ -102568,8 +108546,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
-index d140d52..13f5a24 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,61 +1,11 @@
@@ -102641,7 +108617,7 @@
*/
#include <stdio.h>
-@@ -72,6 +22,7 @@ static ERR_STRING_DATA X509_str_functs[] = {
+@@ -72,6 +22,7 @@ static ERR_STRING_DATA X509_str_functs[]
{ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"},
{ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"},
{ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"},
@@ -102649,7 +108625,7 @@
{ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"},
{ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"},
{ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"},
-@@ -109,6 +60,7 @@ static ERR_STRING_DATA X509_str_functs[] = {
+@@ -109,6 +60,7 @@ static ERR_STRING_DATA X509_str_functs[]
"X509_NAME_ENTRY_set_object"},
{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
@@ -102657,7 +108633,7 @@
{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
{ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"},
{ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"},
-@@ -126,8 +78,6 @@ static ERR_STRING_DATA X509_str_functs[] = {
+@@ -126,8 +78,6 @@ static ERR_STRING_DATA X509_str_functs[]
{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
"X509_STORE_CTX_purpose_inherit"},
@@ -102666,7 +108642,7 @@
{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-@@ -145,7 +95,6 @@ static ERR_STRING_DATA X509_str_reasons[] = {
+@@ -145,7 +95,6 @@ static ERR_STRING_DATA X509_str_reasons[
"cert already in hash table"},
{ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
{ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
@@ -102674,7 +108650,7 @@
{ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
{ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
{ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
-@@ -156,6 +105,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
+@@ -156,6 +105,7 @@ static ERR_STRING_DATA X509_str_reasons[
{ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
{ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
@@ -102682,8 +108658,21 @@
{ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
"no cert set for us to verify"},
-diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
-index 9691d2d..b01ad12 100644
+@@ -179,7 +129,7 @@ static ERR_STRING_DATA X509_str_reasons[
+
+ #endif
+
+-void ERR_load_X509_strings(void)
++int ERR_load_X509_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -188,4 +138,5 @@ void ERR_load_X509_strings(void)
+ ERR_load_strings(0, X509_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -1,58 +1,10 @@
@@ -102751,8 +108740,134 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
-index db98a10..340bb60 100644
+@@ -65,27 +17,27 @@
+ #include "internal/x509_int.h"
+ #include <openssl/x509v3.h>
+
+-int X509_CRL_get_ext_count(X509_CRL *x)
++int X509_CRL_get_ext_count(const X509_CRL *x)
+ {
+ return (X509v3_get_ext_count(x->crl.extensions));
+ }
+
+-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
++int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
+ {
+ return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos));
+ }
+
+-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
++int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
+ {
+ return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos));
+ }
+
+-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
++int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
+ {
+ return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos));
+ }
+
+-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
++X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
+ {
+ return (X509v3_get_ext(x->crl.extensions, loc));
+ }
+@@ -95,7 +47,7 @@ X509_EXTENSION *X509_CRL_delete_ext(X509
+ return (X509v3_delete_ext(x->crl.extensions, loc));
+ }
+
+-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
++void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
+ {
+ return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
+ }
+@@ -111,28 +63,28 @@ int X509_CRL_add_ext(X509_CRL *x, X509_E
+ return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
+ }
+
+-int X509_get_ext_count(X509 *x)
++int X509_get_ext_count(const X509 *x)
+ {
+ return (X509v3_get_ext_count(x->cert_info.extensions));
+ }
+
+-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
++int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
+ {
+ return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos));
+ }
+
+-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
++int X509_get_ext_by_OBJ(const X509 *x, ASN1_OBJECT *obj, int lastpos)
+ {
+ return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos));
+ }
+
+-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
++int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
+ {
+ return (X509v3_get_ext_by_critical
+ (x->cert_info.extensions, crit, lastpos));
+ }
+
+-X509_EXTENSION *X509_get_ext(X509 *x, int loc)
++X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
+ {
+ return (X509v3_get_ext(x->cert_info.extensions, loc));
+ }
+@@ -147,7 +99,7 @@ int X509_add_ext(X509 *x, X509_EXTENSION
+ return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
+ }
+
+-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
++void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
+ {
+ return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx);
+ }
+@@ -159,28 +111,28 @@ int X509_add1_ext_i2d(X509 *x, int nid,
+ flags);
+ }
+
+-int X509_REVOKED_get_ext_count(X509_REVOKED *x)
++int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
+ {
+ return (X509v3_get_ext_count(x->extensions));
+ }
+
+-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
++int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
+ {
+ return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+ }
+
+-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
++int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, ASN1_OBJECT *obj,
+ int lastpos)
+ {
+ return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+ }
+
+-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
++int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
+ {
+ return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+ }
+
+-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
++X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
+ {
+ return (X509v3_get_ext(x->extensions, loc));
+ }
+@@ -195,7 +147,7 @@ int X509_REVOKED_add_ext(X509_REVOKED *x
+ return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+ }
+
+-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
++void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx)
+ {
+ return X509V3_get_d2i(x->extensions, nid, crit, idx);
+ }
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -1,59 +1,10 @@
@@ -102820,8 +108935,39 @@
*/
/*
-diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
-index b822966..0b5b5b9 100644
+@@ -123,15 +74,16 @@ struct x509_lookup_method_st {
+ int (*shutdown) (X509_LOOKUP *ctx);
+ int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+ char **ret);
+- int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
+- X509_OBJECT *ret);
+- int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
+- ASN1_INTEGER *serial, X509_OBJECT *ret);
+- int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
++ int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ X509_NAME *name, X509_OBJECT *ret);
++ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ X509_NAME *name, ASN1_INTEGER *serial,
++ X509_OBJECT *ret);
++ int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+ unsigned char *bytes, int len,
+ X509_OBJECT *ret);
+- int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
+- X509_OBJECT *ret);
++ int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ char *str, int len, X509_OBJECT *ret);
+ };
+
+ /* This is the functions plus an instance of the local variables. */
+@@ -172,6 +124,8 @@ struct x509_store_st {
+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+ /* Check certificate against CRL */
+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
++ /* Check policy status of the chain */
++ int (*check_policy) (X509_STORE_CTX *ctx);
+ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+ int (*cleanup) (X509_STORE_CTX *ctx);
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -1,58 +1,10 @@
@@ -102889,13 +109035,82 @@
*/
#include <stdio.h>
-@@ -294,25 +246,22 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+@@ -88,6 +40,16 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
+ OPENSSL_free(ctx);
+ }
+
++int X509_STORE_lock(X509_STORE *s)
++{
++ return CRYPTO_THREAD_write_lock(s->lock);
++}
++
++int X509_STORE_unlock(X509_STORE *s)
++{
++ return CRYPTO_THREAD_unlock(s->lock);
++}
++
+ int X509_LOOKUP_init(X509_LOOKUP *ctx)
+ {
+ if (ctx->method == NULL)
+@@ -119,38 +81,39 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, i
+ return 1;
+ }
+
+-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+- X509_OBJECT *ret)
++int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ X509_NAME *name, X509_OBJECT *ret)
+ {
+ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+- return X509_LU_FAIL;
++ return 0;
+ if (ctx->skip)
+ return 0;
+ return ctx->method->get_by_subject(ctx, type, name, ret);
+ }
+
+-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+- ASN1_INTEGER *serial, X509_OBJECT *ret)
++int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ X509_NAME *name, ASN1_INTEGER *serial,
++ X509_OBJECT *ret)
+ {
+ if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+- return X509_LU_FAIL;
++ return 0;
+ return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+ }
+
+-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
++int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+ unsigned char *bytes, int len,
+ X509_OBJECT *ret)
+ {
+ if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+- return X509_LU_FAIL;
++ return 0;
+ return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+ }
+
+-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+- X509_OBJECT *ret)
++int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ char *str, int len, X509_OBJECT *ret)
+ {
+ if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+- return X509_LU_FAIL;
++ return 0;
+ return ctx->method->get_by_alias(ctx, type, str, len, ret);
+ }
+
+@@ -294,25 +257,23 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_
}
}
-X509_OBJECT *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, int type,
- X509_NAME *name)
-+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int type,
++X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
++ X509_LOOKUP_TYPE type,
+ X509_NAME *name)
{
- X509_OBJECT *ret;
@@ -102923,7 +109138,26 @@
{
X509_STORE *ctx = vs->ctx;
X509_LOOKUP *lu;
-@@ -341,9 +290,6 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+@@ -324,26 +285,18 @@ int X509_STORE_get_by_subject(X509_STORE
+ CRYPTO_THREAD_unlock(ctx->lock);
+
+ if (tmp == NULL || type == X509_LU_CRL) {
+- for (i = vs->current_method;
+- i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
++ for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+ lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
+ j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
+- if (j < 0) {
+- vs->current_method = j;
+- return j;
+- } else if (j) {
++ if (j) {
+ tmp = &stmp;
+ break;
+ }
+ }
+- vs->current_method = 0;
+ if (tmp == NULL)
return 0;
}
@@ -102933,7 +109167,12 @@
ret->type = tmp->type;
ret->data.ptr = tmp->data.ptr;
-@@ -359,11 +305,9 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+@@ -355,96 +308,118 @@ int X509_STORE_get_by_subject(X509_STORE
+ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+ {
+ X509_OBJECT *obj;
+- int ret = 1;
++ int ret = 1, added = 1;
if (x == NULL)
return 0;
@@ -102946,19 +109185,41 @@
- }
obj->type = X509_LU_X509;
obj->data.x509 = x;
++ X509_OBJECT_up_ref_count(obj);
-@@ -372,8 +316,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
- X509_OBJECT_up_ref_count(obj);
+ CRYPTO_THREAD_write_lock(ctx->lock);
+- X509_OBJECT_up_ref_count(obj);
+-
if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
- X509_OBJECT_free_contents(obj);
- OPENSSL_free(obj);
-+ X509_OBJECT_free(obj);
X509err(X509_F_X509_STORE_ADD_CERT,
X509_R_CERT_ALREADY_IN_HASH_TABLE);
ret = 0;
-@@ -392,11 +335,9 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+- } else
+- sk_X509_OBJECT_push(ctx->objs, obj);
++ } else {
++ added = sk_X509_OBJECT_push(ctx->objs, obj);
++ ret = added != 0;
++ }
+ CRYPTO_THREAD_unlock(ctx->lock);
+
++ if (!ret) /* obj not pushed */
++ X509_OBJECT_free(obj);
++ if (!added) /* on push failure */
++ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
++
+ return ret;
+ }
+
+ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+ {
+ X509_OBJECT *obj;
+- int ret = 1;
++ int ret = 1, added = 1;
+
if (x == NULL)
return 0;
- obj = OPENSSL_malloc(sizeof(*obj));
@@ -102970,18 +109231,31 @@
- }
obj->type = X509_LU_CRL;
obj->data.crl = x;
++ X509_OBJECT_up_ref_count(obj);
-@@ -405,8 +346,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
- X509_OBJECT_up_ref_count(obj);
+ CRYPTO_THREAD_write_lock(ctx->lock);
+- X509_OBJECT_up_ref_count(obj);
+-
if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
- X509_OBJECT_free_contents(obj);
- OPENSSL_free(obj);
-+ X509_OBJECT_free(obj);
X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
ret = 0;
- } else
-@@ -417,34 +357,52 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+- } else
+- sk_X509_OBJECT_push(ctx->objs, obj);
++ } else {
++ added = sk_X509_OBJECT_push(ctx->objs, obj);
++ ret = added != 0;
++ }
+
+ CRYPTO_THREAD_unlock(ctx->lock);
+
++ if (!ret) /* obj not pushed */
++ X509_OBJECT_free(obj);
++ if (!added) /* on push failure */
++ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
++
return ret;
}
@@ -103024,7 +109298,7 @@
}
-void X509_OBJECT_free_contents(X509_OBJECT *a)
-+int X509_OBJECT_get_type(const X509_OBJECT *a)
++X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+ return a->type;
+}
@@ -103037,7 +109311,7 @@
+ X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
-+ ret->type = X509_LU_FAIL;
++ ret->type = X509_LU_NONE;
+ return ret;
+}
+
@@ -103046,15 +109320,37 @@
{
if (a == NULL)
return;
-@@ -458,6 +416,7 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
+@@ -458,9 +433,10 @@ void X509_OBJECT_free_contents(X509_OBJE
X509_CRL_free(a->data.crl);
break;
}
+ OPENSSL_free(a);
}
- static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
-@@ -515,13 +474,18 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+-static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
++static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+ X509_NAME *name, int *pnmatch)
+ {
+ X509_OBJECT stmp;
+@@ -499,14 +475,15 @@ static int x509_object_idx_cnt(STACK_OF(
+ return idx;
+ }
+
+-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
++int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+ X509_NAME *name)
+ {
+ return x509_object_idx_cnt(h, type, name, NULL);
+ }
+
+ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+- int type, X509_NAME *name)
++ X509_LOOKUP_TYPE type,
++ X509_NAME *name)
+ {
+ int idx;
+ idx = X509_OBJECT_idx_by_subject(h, type, name);
+@@ -515,13 +492,18 @@ X509_OBJECT *X509_OBJECT_retrieve_by_sub
return sk_X509_OBJECT_value(h, idx);
}
@@ -103076,7 +109372,7 @@
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
-@@ -529,21 +493,25 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+@@ -529,21 +511,25 @@ STACK_OF(X509) *X509_STORE_get1_certs(X5
* Nothing found in cache: do lookup to possibly add new objects to
* cache
*/
@@ -103107,7 +109403,7 @@
for (i = 0; i < cnt; i++, idx++) {
obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
x = obj->data.x509;
-@@ -557,25 +525,23 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+@@ -557,25 +543,23 @@ STACK_OF(X509) *X509_STORE_get1_certs(X5
}
CRYPTO_THREAD_unlock(ctx->ctx->lock);
return sk;
@@ -103141,7 +109437,7 @@
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
if (idx < 0) {
-@@ -641,32 +607,36 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+@@ -641,32 +625,28 @@ X509_OBJECT *X509_OBJECT_retrieve_match(
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
X509_NAME *xn;
@@ -103154,20 +109450,19 @@
*issuer = NULL;
xn = X509_get_issuer_name(x);
- ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
-+ ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
- if (ok != X509_LU_X509) {
-+ X509_OBJECT_free(obj);
- if (ok == X509_LU_RETRY) {
+- if (ok != X509_LU_X509) {
+- if (ok == X509_LU_RETRY) {
- X509_OBJECT_free_contents(&obj);
- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
- return -1;
+- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
+- return -1;
- } else if (ok != X509_LU_FAIL) {
- X509_OBJECT_free_contents(&obj);
-+ }
-+ if (ok != X509_LU_FAIL) {
- /* not good :-(, break anyway */
- return -1;
- }
+- /* not good :-(, break anyway */
+- return -1;
+- }
++ ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
++ if (ok != 1) {
++ X509_OBJECT_free(obj);
return 0;
}
/* If certificate matches all OK */
@@ -103187,7 +109482,7 @@
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
-@@ -729,12 +699,22 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+@@ -729,18 +709,150 @@ int X509_STORE_set1_param(X509_STORE *ct
return X509_VERIFY_PARAM_set1(ctx->param, param);
}
@@ -103196,39 +109491,154 @@
+ return ctx->param;
+}
+
++void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
++{
++ ctx->verify = verify;
++}
++
++X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
++{
++ return ctx->verify;
++}
++
void X509_STORE_set_verify_cb(X509_STORE *ctx,
- int (*verify_cb) (int, X509_STORE_CTX *))
+- int (*verify_cb) (int, X509_STORE_CTX *))
++ X509_STORE_CTX_verify_cb verify_cb)
{
ctx->verify_cb = verify_cb;
}
-+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify)
+-void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+- STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
+- *ctx,
+- X509_NAME *nm))
++X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
+{
-+ ctx->verify = verify;
++ return ctx->verify_cb;
+}
+
- void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
- STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
- *ctx,
-@@ -743,6 +723,16 @@ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
- ctx->lookup_crls = cb;
- }
-
++void X509_STORE_set_get_issuer(X509_STORE *ctx,
++ X509_STORE_CTX_get_issuer_fn get_issuer)
++{
++ ctx->get_issuer = get_issuer;
++}
++
++X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
++{
++ return ctx->get_issuer;
++}
++
++void X509_STORE_set_check_issued(X509_STORE *ctx,
++ X509_STORE_CTX_check_issued_fn check_issued)
++{
++ ctx->check_issued = check_issued;
++}
++
++X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
++{
++ return ctx->check_issued;
++}
++
++void X509_STORE_set_check_revocation(X509_STORE *ctx,
++ X509_STORE_CTX_check_revocation_fn check_revocation)
++{
++ ctx->check_revocation = check_revocation;
++}
++
++X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
++{
++ return ctx->check_revocation;
++}
++
++void X509_STORE_set_get_crl(X509_STORE *ctx,
++ X509_STORE_CTX_get_crl_fn get_crl)
++{
++ ctx->get_crl = get_crl;
++}
++
++X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
++{
++ return ctx->get_crl;
++}
++
++void X509_STORE_set_check_crl(X509_STORE *ctx,
++ X509_STORE_CTX_check_crl_fn check_crl)
++{
++ ctx->check_crl = check_crl;
++}
++
++X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
++{
++ return ctx->check_crl;
++}
++
++void X509_STORE_set_cert_crl(X509_STORE *ctx,
++ X509_STORE_CTX_cert_crl_fn cert_crl)
++{
++ ctx->cert_crl = cert_crl;
++}
++
++X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
++{
++ return ctx->cert_crl;
++}
++
++void X509_STORE_set_check_policy(X509_STORE *ctx,
++ X509_STORE_CTX_check_policy_fn check_policy)
++{
++ ctx->check_policy = check_policy;
++}
++
++X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
++{
++ return ctx->check_policy;
++}
++
++void X509_STORE_set_lookup_certs(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_certs_fn lookup_certs)
++{
++ ctx->lookup_certs = lookup_certs;
++}
++
++X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
++{
++ return ctx->lookup_certs;
++}
++
++void X509_STORE_set_lookup_crls(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_crls_fn lookup_crls)
++{
++ ctx->lookup_crls = lookup_crls;
++}
++
++X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
++{
++ return ctx->lookup_crls;
++}
++
++void X509_STORE_set_cleanup(X509_STORE *ctx,
++ X509_STORE_CTX_cleanup_fn ctx_cleanup)
++{
++ ctx->cleanup = ctx_cleanup;
++}
++
++X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
++{
++ return ctx->cleanup;
++}
++
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+{
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
-+{
+ {
+- ctx->lookup_crls = cb;
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
-+}
-+
+ }
+
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
- {
- return ctx->ctx;
-diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
-index 8b4d436..76fb047 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -1,58 +1,10 @@
@@ -103310,7 +109720,7 @@
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
-@@ -76,7 +35,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+@@ -76,7 +35,7 @@ char *X509_NAME_oneline(X509_NAME *a, ch
int gs_doit[4];
char tmp_buf[80];
#ifdef CHARSET_EBCDIC
@@ -103319,7 +109729,7 @@
#endif
if (buf == NULL) {
-@@ -86,6 +45,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+@@ -86,6 +45,8 @@ char *X509_NAME_oneline(X509_NAME *a, ch
goto err;
b->data[0] = '\0';
len = 200;
@@ -103328,7 +109738,7 @@
}
if (a == NULL) {
if (b) {
-@@ -110,15 +71,20 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+@@ -110,15 +71,20 @@ char *X509_NAME_oneline(X509_NAME *a, ch
type = ne->value->type;
num = ne->value->length;
@@ -103352,7 +109762,7 @@
q = ebcdic_buf;
}
#endif
-@@ -154,6 +120,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+@@ -154,6 +120,10 @@ char *X509_NAME_oneline(X509_NAME *a, ch
lold = l;
l += 1 + l1 + 1 + l2;
@@ -103363,7 +109773,7 @@
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
-@@ -206,6 +176,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+@@ -206,6 +176,7 @@ char *X509_NAME_oneline(X509_NAME *a, ch
return (p);
err:
X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
@@ -103371,8 +109781,6 @@
BUF_MEM_free(b);
return (NULL);
}
-diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
-index d082636..3d72787 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -1,58 +1,10 @@
@@ -103440,14 +109848,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
-index 2b2cbce..3574322 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -103495,9 +109903,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -103509,8 +109915,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
-index 360ead8..6addfbe 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -1,58 +1,10 @@
@@ -103578,7 +109982,7 @@
*/
#include <stdio.h>
-@@ -146,10 +98,16 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+@@ -146,10 +98,16 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *p
return (X509_PUBKEY_set(&(x->cert_info.key), pkey));
}
@@ -103597,8 +110001,6 @@
}
long X509_get_version(X509 *x)
-diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
-index 4c5281a..a9bb88d 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -1,59 +1,10 @@
@@ -103675,7 +110077,7 @@
{
int idx;
X509_TRUST *trtmp;
-@@ -197,7 +148,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+@@ -197,7 +148,7 @@ int X509_TRUST_add(int id, int flags, in
/* dup supplied name */
if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
@@ -103684,7 +110086,7 @@
}
/* Keep the dynamic flag of existing entry */
trtmp->flags &= X509_TRUST_DYNAMIC;
-@@ -214,14 +165,20 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+@@ -214,14 +165,20 @@ int X509_TRUST_add(int id, int flags, in
if (trtable == NULL
&& (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
@@ -103735,8 +110137,6 @@
{
return xp->trust;
}
-diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
-index 8a9a7f0..66e5fcd 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -1,58 +1,10 @@
@@ -103804,7 +110204,7 @@
*/
#include <stdio.h>
-@@ -209,6 +161,14 @@ const char *X509_verify_cert_error_string(long n)
+@@ -209,6 +161,14 @@ const char *X509_verify_cert_error_strin
return ("CA certificate key too weak");
case X509_V_ERR_CA_MD_TOO_WEAK:
return ("CA signature digest algorithm too weak");
@@ -103819,8 +110219,6 @@
default:
/* Printing an error number into a static buffer is not thread-safe */
-diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
-index f3fe305..ce69d19 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -1,58 +1,10 @@
@@ -103888,7 +110286,7 @@
*/
#include <stdio.h>
-@@ -235,7 +187,7 @@ int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
+@@ -235,7 +187,7 @@ int X509_EXTENSION_set_object(X509_EXTEN
return (0);
ASN1_OBJECT_free(ex->object);
ex->object = OBJ_dup(obj);
@@ -103897,8 +110295,15 @@
}
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index efa6bca..c8ebc50 100644
+@@ -272,7 +224,7 @@ ASN1_OCTET_STRING *X509_EXTENSION_get_da
+ return &ex->value;
+ }
+
+-int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
++int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
+ {
+ if (ex == NULL)
+ return (0);
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,58 +1,10 @@
@@ -103966,7 +110371,7 @@
*/
#include <stdio.h>
-@@ -299,9 +251,11 @@ static int verify_chain(X509_STORE_CTX *ctx)
+@@ -299,9 +251,11 @@ static int verify_chain(X509_STORE_CTX *
int X509_verify_cert(X509_STORE_CTX *ctx)
{
SSL_DANE *dane = ctx->dane;
@@ -103978,7 +110383,7 @@
return -1;
}
-@@ -311,6 +265,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+@@ -311,6 +265,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
* cannot do another one.
*/
X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -103986,7 +110391,7 @@
return -1;
}
-@@ -321,6 +276,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+@@ -321,6 +276,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
if (((ctx->chain = sk_X509_new_null()) == NULL) ||
(!sk_X509_push(ctx->chain, ctx->cert))) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
@@ -103994,7 +110399,7 @@
return -1;
}
X509_up_ref(ctx->cert);
-@@ -331,15 +287,19 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+@@ -331,15 +287,19 @@ int X509_verify_cert(X509_STORE_CTX *ctx
!verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
return 0;
@@ -104021,7 +110426,7 @@
}
/*
-@@ -501,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
+@@ -501,12 +461,6 @@ static int check_chain_extensions(X509_S
} else {
allow_proxy_certs =
! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
@@ -104034,7 +110439,7 @@
purpose = ctx->param->purpose;
}
-@@ -573,10 +527,24 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
+@@ -573,10 +527,24 @@ static int check_chain_extensions(X509_S
* the next certificate must be a CA certificate.
*/
if (x->ex_flags & EXFLAG_PROXY) {
@@ -104063,7 +110468,7 @@
}
proxy_path_length++;
must_be_ca = 0;
-@@ -598,6 +566,79 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
+@@ -598,6 +566,79 @@ static int check_name_constraints(X509_S
/* Ignore self issued certs unless last in chain */
if (i && (x->ex_flags & EXFLAG_SI))
continue;
@@ -104143,11 +110548,15 @@
/*
* Check against constraints for all certificates higher in chain
* including trust anchor. Trust anchor not strictly speaking needed
-@@ -610,8 +651,16 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
+@@ -610,8 +651,20 @@ static int check_name_constraints(X509_S
if (nc) {
int rv = NAME_CONSTRAINTS_check(x, nc);
- if (rv != X509_V_OK && !verify_cb_cert(ctx, x, i, rv))
++ /* If EE certificate check commonName too */
++ if (rv == X509_V_OK && i == 0)
++ rv = NAME_CONSTRAINTS_check_CN(x, nc);
++
+ switch (rv) {
+ case X509_V_OK:
+ break;
@@ -104161,7 +110570,35 @@
}
}
}
-@@ -1505,6 +1554,7 @@ static int check_policy(X509_STORE_CTX *ctx)
+@@ -918,13 +971,21 @@ static int get_crl_sk(X509_STORE_CTX *ct
+ crl = sk_X509_CRL_value(crls, i);
+ reasons = *preasons;
+ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+-
+- if (crl_score > best_score) {
+- best_crl = crl;
+- best_crl_issuer = crl_issuer;
+- best_score = crl_score;
+- best_reasons = reasons;
++ if (crl_score < best_score)
++ continue;
++ /* If current CRL is equivalent use it if it is newer */
++ if (crl_score == best_score) {
++ int day, sec;
++ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
++ X509_CRL_get_lastUpdate(crl)) == 0)
++ continue;
++ if (day < 0 || sec <= 0)
++ continue;
+ }
++ best_crl = crl;
++ best_crl_issuer = crl_issuer;
++ best_score = crl_score;
++ best_reasons = reasons;
+ }
+
+ if (best_crl) {
+@@ -1505,6 +1566,7 @@ static int check_policy(X509_STORE_CTX *
*/
if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
@@ -104169,7 +110606,7 @@
return 0;
}
ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-@@ -1514,6 +1564,7 @@ static int check_policy(X509_STORE_CTX *ctx)
+@@ -1514,6 +1576,7 @@ static int check_policy(X509_STORE_CTX *
if (ret == X509_PCY_TREE_INTERNAL) {
X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
@@ -104177,7 +110614,7 @@
return 0;
}
/* Invalid or inconsistent extensions */
-@@ -1544,7 +1595,12 @@ static int check_policy(X509_STORE_CTX *ctx)
+@@ -1544,7 +1607,12 @@ static int check_policy(X509_STORE_CTX *
if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
ctx->current_cert = NULL;
@@ -104191,7 +110628,7 @@
if (!ctx->verify_cb(2, ctx))
return 0;
}
-@@ -1989,11 +2045,21 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+@@ -1989,11 +2057,21 @@ int X509_STORE_CTX_get_error_depth(X509_
return ctx->error_depth;
}
@@ -104213,7 +110650,15 @@
STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
{
return ctx->chain;
-@@ -2161,11 +2227,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+@@ -2138,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+ int ret = 1;
+
+ ctx->ctx = store;
+- ctx->current_method = 0;
+ ctx->cert = x509;
+ ctx->untrusted = chain;
+ ctx->crls = NULL;
+@@ -2161,11 +2238,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
/* Zero ex_data to make sure we're cleanup-safe */
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
@@ -104228,7 +110673,15 @@
ctx->cleanup = 0;
if (store && store->check_issued)
-@@ -2211,12 +2276,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+@@ -2208,17 +2284,20 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+ else
+ ctx->cert_crl = cert_crl;
+
++ if (store && store->check_policy)
++ ctx->check_policy = store->check_policy;
++ else
++ ctx->check_policy = check_policy;
++
if (store && store->lookup_certs)
ctx->lookup_certs = store->lookup_certs;
else
@@ -104239,12 +110692,116 @@
ctx->lookup_crls = store->lookup_crls;
else
- ctx->lookup_crls = X509_STORE_get1_crls;
+-
+- ctx->check_policy = check_policy;
+ ctx->lookup_crls = X509_STORE_CTX_get1_crls;
- ctx->check_policy = check_policy;
+ ctx->param = X509_VERIFY_PARAM_new();
+ if (ctx->param == NULL) {
+@@ -2322,6 +2401,27 @@ void X509_STORE_CTX_set_time(X509_STORE_
+ X509_VERIFY_PARAM_set_time(ctx->param, t);
+ }
-@@ -2467,7 +2532,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
++X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
++{
++ return ctx->cert;
++}
++
++STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
++{
++ return ctx->untrusted;
++}
++
++void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
++{
++ ctx->untrusted = sk;
++}
++
++void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
++{
++ sk_X509_pop_free(ctx->chain, X509_free);
++ ctx->chain = sk;
++}
++
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+ X509_STORE_CTX_verify_cb verify_cb)
+ {
+@@ -2333,36 +2433,59 @@ X509_STORE_CTX_verify_cb X509_STORE_CTX_
+ return ctx->verify_cb;
+ }
+-X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
++X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
+ {
+- return ctx->cert;
++ return ctx->verify;
+ }
+
+-STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
++X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx)
+ {
+- return ctx->untrusted;
++ return ctx->get_issuer;
+ }
+
+-void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
++X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+ {
+- ctx->untrusted = sk;
++ return ctx->check_issued;
+ }
+
+-void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
++X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx)
+ {
+- sk_X509_pop_free(ctx->chain, X509_free);
+- ctx->chain = sk;
++ return ctx->check_revocation;
+ }
+
+-void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+- X509_STORE_CTX_verify verify)
++X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx)
+ {
+- ctx->verify = verify;
++ return ctx->get_crl;
+ }
+
+-X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
++X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx)
+ {
+- return ctx->verify;
++ return ctx->check_crl;
++}
++
++X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx)
++{
++ return ctx->cert_crl;
++}
++
++X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx)
++{
++ return ctx->check_policy;
++}
++
++X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx)
++{
++ return ctx->lookup_certs;
++}
++
++X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx)
++{
++ return ctx->lookup_crls;
++}
++
++X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx)
++{
++ return ctx->cleanup;
+ }
+
+ X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
+@@ -2467,7 +2590,7 @@ static int dane_match(X509_STORE_CTX *ct
+
/*
* If we've previously matched a PKIX-?? record, no need to test any
- * further PKIX-?? records, it remains to just build the PKIX chain.
@@ -104252,7 +110809,7 @@
* Had the match been a DANE-?? record, we'd be done already.
*/
if (dane->mdpth >= 0)
-@@ -2549,9 +2614,9 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+@@ -2549,9 +2672,9 @@ static int dane_match(X509_STORE_CTX *ct
cmplen = i2dlen;
if (md != NULL) {
@@ -104265,7 +110822,18 @@
break;
}
}
-@@ -2781,15 +2846,31 @@ static int build_chain(X509_STORE_CTX *ctx)
+@@ -2696,6 +2819,10 @@ static int dane_verify(X509_STORE_CTX *c
+ /* Callback invoked as needed */
+ if (!check_leaf_suiteb(ctx, cert))
+ return 0;
++ /* Callback invoked as needed */
++ if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
++ !check_id(ctx))
++ return 0;
+ /* Bypass internal_verify(), issue depth 0 success callback */
+ ctx->error_depth = 0;
+ ctx->current_cert = cert;
+@@ -2781,15 +2908,31 @@ static int build_chain(X509_STORE_CTX *c
*/
if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
@@ -104298,7 +110866,7 @@
return 0;
}
}
-@@ -2853,6 +2934,7 @@ static int build_chain(X509_STORE_CTX *ctx)
+@@ -2853,6 +2996,7 @@ static int build_chain(X509_STORE_CTX *c
if (ok < 0) {
trust = X509_TRUST_REJECTED;
@@ -104306,7 +110874,7 @@
search = 0;
continue;
}
-@@ -2899,6 +2981,7 @@ static int build_chain(X509_STORE_CTX *ctx)
+@@ -2899,6 +3043,7 @@ static int build_chain(X509_STORE_CTX *c
X509_free(xtmp);
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
trust = X509_TRUST_REJECTED;
@@ -104314,7 +110882,7 @@
search = 0;
continue;
}
-@@ -2995,6 +3078,7 @@ static int build_chain(X509_STORE_CTX *ctx)
+@@ -2995,6 +3140,7 @@ static int build_chain(X509_STORE_CTX *c
if (!sk_X509_push(ctx->chain, xtmp)) {
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
trust = X509_TRUST_REJECTED;
@@ -104322,8 +110890,6 @@
search = 0;
continue;
}
-diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
-index 4a0bed0..05c7852 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -1,59 +1,10 @@
@@ -104399,7 +110965,7 @@
#include "x509_lcl.h"
-@@ -308,12 +260,11 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+@@ -308,12 +260,11 @@ static int int_x509_param_set1(char **pd
{
void *tmp;
if (src) {
@@ -104416,7 +110982,7 @@
return 0;
} else {
tmp = NULL;
-@@ -321,7 +272,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+@@ -321,7 +272,7 @@ static int int_x509_param_set1(char **pd
}
OPENSSL_free(*pdest);
*pdest = tmp;
@@ -104425,8 +110991,6 @@
*pdestlen = srclen;
return 1;
}
-diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
-index ab5f192..43ff668 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -1,59 +1,10 @@
@@ -104513,8 +111077,15 @@
}
long X509_CRL_get_version(X509_CRL *crl)
-diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
-index 2a5e1ce..6cd22b4 100644
+@@ -221,7 +178,7 @@ int X509_REVOKED_set_serialNumber(X509_R
+ return 1;
+ }
+
+-STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r)
++STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r)
+ {
+ return r->extensions;
+ }
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -1,58 +1,10 @@
@@ -104582,8 +111153,42 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
-index e8afcac..6dee297 100644
+@@ -92,7 +44,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME
+ return (i);
+ }
+
+-int X509_NAME_entry_count(X509_NAME *name)
++int X509_NAME_entry_count(const X509_NAME *name)
+ {
+ if (name == NULL)
+ return (0);
+@@ -178,7 +130,7 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(
+ return (ret);
+ }
+
+-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
++int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+ unsigned char *bytes, int len, int loc,
+ int set)
+ {
+@@ -318,7 +270,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_
+ }
+
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+- ASN1_OBJECT *obj, int type,
++ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes,
+ int len)
+ {
+@@ -344,7 +296,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_
+ return (NULL);
+ }
+
+-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
++int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
+ {
+ if ((ne == NULL) || (obj == NULL)) {
+ X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -1,58 +1,10 @@
@@ -104651,8 +111256,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
-index 6efcb96..b142485 100644
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@@ -1,59 +1,10 @@
@@ -104720,8 +111323,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
-index 870b47f..9acab04 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -1,58 +1,10 @@
@@ -104789,8 +111390,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
-index 0f28c58..d9f42ed 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -1,58 +1,10 @@
@@ -104858,8 +111457,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
-index 7ee99ca..35f4aee 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -1,58 +1,10 @@
@@ -104927,14 +111524,14 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
-index 0be8405..f4bcea5 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -104982,9 +111579,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -104996,8 +111591,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c
-index 3b4dd86..f10f4a4 100644
--- a/crypto/x509/x_exten.c
+++ b/crypto/x509/x_exten.c
@@ -1,59 +1,10 @@
@@ -105065,8 +111658,6 @@
*/
#include <stddef.h>
-diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
-index 5e6abeb..d5b12f1 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -1,58 +1,10 @@
@@ -105148,7 +111739,16 @@
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
-@@ -187,6 +146,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
+@@ -76,7 +35,7 @@ static void x509_name_ex_free(ASN1_VALUE
+
+ static int x509_name_encode(X509_NAME *a);
+ static int x509_name_canon(X509_NAME *a);
+-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
++static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
+ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
+ unsigned char **in);
+
+@@ -187,6 +146,8 @@ static int x509_name_ex_d2i(ASN1_VALUE *
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
@@ -105157,7 +111757,46 @@
q = p;
/* Get internal representation of Name */
-@@ -335,7 +296,7 @@ static int x509_name_canon(X509_NAME *a)
+@@ -212,12 +173,26 @@ static int x509_name_ex_d2i(ASN1_VALUE *
+ for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+ entry = sk_X509_NAME_ENTRY_value(entries, j);
+ entry->set = i;
+- if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
++ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) {
++ /*
++ * Free all in entries if sk_X509_NAME_ENTRY_push return failure.
++ * X509_NAME_ENTRY_free will check the null entry.
++ */
++ sk_X509_NAME_ENTRY_pop_free(entries, X509_NAME_ENTRY_free);
+ goto err;
++ }
++ /*
++ * If sk_X509_NAME_ENTRY_push return success, clean the entries[j].
++ * It's necessary when 'goto err;' happens.
++ */
++ sk_X509_NAME_ENTRY_set(entries, j, NULL);
+ }
+ sk_X509_NAME_ENTRY_free(entries);
++ sk_STACK_OF_X509_NAME_ENTRY_set(intname.s, i, NULL);
+ }
++
+ sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
++ intname.s = NULL;
+ ret = x509_name_canon(nm.x);
+ if (!ret)
+ goto err;
+@@ -225,8 +200,10 @@ static int x509_name_ex_d2i(ASN1_VALUE *
+ *val = nm.a;
+ *in = p;
+ return ret;
++
+ err:
+ X509_NAME_free(nm.x);
++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, sk_X509_NAME_ENTRY_free);
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+@@ -335,7 +312,7 @@ static int x509_name_canon(X509_NAME *a)
STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
STACK_OF(X509_NAME_ENTRY) *entries = NULL;
X509_NAME_ENTRY *entry, *tmpentry = NULL;
@@ -105166,7 +111805,7 @@
OPENSSL_free(a->canon_enc);
a->canon_enc = NULL;
-@@ -361,6 +322,8 @@ static int x509_name_canon(X509_NAME *a)
+@@ -361,6 +338,8 @@ static int x509_name_canon(X509_NAME *a)
if (tmpentry == NULL)
goto err;
tmpentry->object = OBJ_dup(entry->object);
@@ -105175,7 +111814,7 @@
if (!asn1_string_canon(tmpentry->value, entry->value))
goto err;
if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
-@@ -370,7 +333,10 @@ static int x509_name_canon(X509_NAME *a)
+@@ -370,7 +349,10 @@ static int x509_name_canon(X509_NAME *a)
/* Finally generate encoding */
@@ -105187,7 +111826,16 @@
p = OPENSSL_malloc(a->canon_enclen);
-@@ -432,10 +398,10 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+@@ -398,7 +380,7 @@ static int x509_name_canon(X509_NAME *a)
+ | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+ | B_ASN1_VISIBLESTRING)
+
+-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
++static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
+ {
+ unsigned char *to, *from;
+ int len, i;
+@@ -432,10 +414,10 @@ static int asn1_string_canon(ASN1_STRING
len--;
}
@@ -105200,14 +111848,14 @@
to--;
len--;
}
-diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
-index 485d768..cc69283 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -105255,9 +111903,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -105269,8 +111915,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
-index 2fdf015..c2da95a 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -1,58 +1,10 @@
@@ -105338,8 +111982,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
-index 3463955..9445430 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -1,58 +1,10 @@
@@ -105407,7 +112049,15 @@
*/
#include <stdio.h>
-@@ -99,7 +51,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+@@ -91,6 +43,7 @@ static int x509_cb(int operation, ASN1_V
+ case ASN1_OP_NEW_POST:
+ ret->ex_flags = 0;
+ ret->ex_pathlen = -1;
++ ret->ex_pcpathlen = -1;
+ ret->skid = NULL;
+ ret->akid = NULL;
+ #ifndef OPENSSL_NO_RFC3779
+@@ -99,7 +52,8 @@ static int x509_cb(int operation, ASN1_V
#endif
ret->aux = NULL;
ret->crldp = NULL;
@@ -105417,7 +112067,7 @@
break;
case ASN1_OP_FREE_POST:
-@@ -180,12 +133,72 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+@@ -180,12 +134,72 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
return NULL;
}
@@ -105493,8 +112143,6 @@
return length;
}
-diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
-index a274ec9..2efa214 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -1,59 +1,10 @@
@@ -105562,9 +112210,15 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/Makefile.in b/crypto/x509v3/Makefile.in
-deleted file mode 100644
-index 5598ddb..0000000
+@@ -125,7 +76,7 @@ int X509_keyid_set1(X509 *x, unsigned ch
+ }
+ if ((aux = aux_get(x)) == NULL)
+ return 0;
+- if (aux->keyid ==NULL
++ if (aux->keyid == NULL
+ && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
+ return 0;
+ return ASN1_STRING_set(aux->keyid, id, len);
--- a/crypto/x509v3/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -105621,8 +112275,6 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
-index 4e213f3..c9ede96 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -1,66 +1,17 @@
@@ -105698,15 +112350,13 @@
extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-@@ -69,5 +20,5 @@ extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+@@ -69,5 +20,5 @@ extern const X509V3_EXT_METHOD v3_crl_ho
extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
extern const X509V3_EXT_METHOD v3_addr, v3_asid;
-extern const X509V3_EXT_METHOD v3_ct_scts[];
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
extern const X509V3_EXT_METHOD v3_tls_feature;
-diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
-index bdce5a8..a9ee30a 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -1,59 +1,10 @@
@@ -105784,8 +112434,6 @@
cache = OPENSSL_malloc(sizeof(*cache));
if (cache == NULL)
return 0;
-diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
-index 03631d7..cf1d635 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -1,59 +1,10 @@
@@ -105853,7 +112501,7 @@
*/
#include "internal/cryptlib.h"
-@@ -77,9 +28,9 @@ void policy_data_free(X509_POLICY_DATA *data)
+@@ -77,9 +28,9 @@ void policy_data_free(X509_POLICY_DATA *
}
/*
@@ -105865,8 +112513,6 @@
* additional data with just the qualifiers of anyPolicy and ID from another
* source.
*/
-diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h
-index 809dc5e..5daf78d 100644
--- a/crypto/x509v3/pcy_int.h
+++ b/crypto/x509v3/pcy_int.h
@@ -1,59 +1,10 @@
@@ -105943,8 +112589,6 @@
STACK_OF(X509_POLICY_NODE) *auth_policies;
STACK_OF(X509_POLICY_NODE) *user_policies;
unsigned int flags;
-diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c
-index f3ec70d..67f7eaf 100644
--- a/crypto/x509v3/pcy_lib.c
+++ b/crypto/x509v3/pcy_lib.c
@@ -1,59 +1,10 @@
@@ -106012,8 +112656,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
-index 415e5dd..ab9dd21 100644
--- a/crypto/x509v3/pcy_map.c
+++ b/crypto/x509v3/pcy_map.c
@@ -1,59 +1,10 @@
@@ -106081,8 +112723,6 @@
*/
#include "internal/cryptlib.h"
-diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
-index 581c246..80443bf 100644
--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
@@ -1,59 +1,10 @@
@@ -106150,8 +112790,6 @@
*/
#include <openssl/asn1.h>
-diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
-index b3995d6..df50d80 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -1,59 +1,10 @@
@@ -106219,7 +112857,7 @@
*/
#include "internal/cryptlib.h"
-@@ -167,7 +118,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+@@ -167,7 +118,7 @@ static int tree_init(X509_POLICY_TREE **
X509_check_purpose(x, -1, 0);
/* If cache is NULL, likely ENOMEM: return immediately */
@@ -106228,8 +112866,6 @@
return X509_PCY_TREE_INTERNAL;
}
-diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c
-index 4a3d103..a33a63a 100644
--- a/crypto/x509v3/tabtest.c
+++ b/crypto/x509v3/tabtest.c
@@ -1,59 +1,10 @@
@@ -106297,8 +112933,6 @@
*/
/*
-diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
-index 49d0d4d..ef1d775 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -1,58 +1,10 @@
@@ -106365,7 +112999,7 @@
*/
/*
-@@ -734,7 +686,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr)
+@@ -734,7 +686,7 @@ int X509v3_addr_is_canonical(IPAddrBlock
int i, j, k;
/*
@@ -106374,7 +113008,7 @@
*/
if (addr == NULL)
return 1;
-@@ -897,7 +849,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+@@ -897,7 +849,8 @@ static int IPAddressOrRanges_canonize(IP
IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
if (a != NULL && a->type == IPAddressOrRange_addressRange) {
unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
@@ -106384,7 +113018,7 @@
if (memcmp(a_min, a_max, length) > 0)
return 0;
}
-@@ -1213,6 +1166,11 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+@@ -1213,6 +1166,11 @@ int X509v3_addr_subset(IPAddrBlocks *a,
/*
* Core code for RFC 3779 2.3 path validation.
@@ -106396,7 +113030,7 @@
*/
static int addr_validate_path_internal(X509_STORE_CTX *ctx,
STACK_OF(X509) *chain,
-@@ -1247,6 +1205,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
+@@ -1247,6 +1205,7 @@ static int addr_validate_path_internal(X
if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
ERR_R_MALLOC_FAILURE);
@@ -106404,8 +113038,6 @@
ret = 0;
goto done;
}
-diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
-index edf6396..d9f7704 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -1,59 +1,10 @@
@@ -106473,7 +113105,7 @@
*/
#include <stdio.h>
-@@ -192,12 +143,16 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+@@ -192,12 +143,16 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KE
}
akeyid->issuer = gens;
@@ -106490,8 +113122,6 @@
X509_NAME_free(isname);
ASN1_INTEGER_free(serial);
ASN1_OCTET_STRING_free(ikeyid);
-diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c
-index cc0c1ed..d6dd6bc 100644
--- a/crypto/x509v3/v3_akeya.c
+++ b/crypto/x509v3/v3_akeya.c
@@ -1,59 +1,10 @@
@@ -106559,8 +113189,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
-index 4b143f9..34b950e 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -1,59 +1,10 @@
@@ -106628,7 +113256,7 @@
*/
#include <stdio.h>
-@@ -70,10 +21,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+@@ -70,10 +21,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X50
STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
@@ -106642,7 +113270,7 @@
{NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0, 0, 0, 0,
0, 0,
-@@ -431,7 +382,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+@@ -431,7 +382,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X50
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
const X509V3_EXT_METHOD *method,
@@ -106651,7 +113279,7 @@
int is_nc)
{
char is_string = 0;
-@@ -560,7 +511,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+@@ -560,7 +511,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERA
}
@@ -106660,7 +113288,7 @@
{
char *objtmp = NULL, *p;
int objlen;
-@@ -587,7 +538,7 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+@@ -587,7 +538,7 @@ static int do_othername(GENERAL_NAME *ge
return 1;
}
@@ -106669,8 +113297,6 @@
{
int ret = 0;
STACK_OF(CONF_VALUE) *sk = NULL;
-diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
-index 73cbbd1..af4fcf4 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -1,58 +1,10 @@
@@ -106737,8 +113363,6 @@
*/
/*
-diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
-index 3c2f88a..3bbf155 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -1,59 +1,10 @@
@@ -106806,8 +113430,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
-index a0db610..4802116 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -1,59 +1,10 @@
@@ -106875,8 +113497,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
-index c7d2682..1bed5f3 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -1,60 +1,12 @@
@@ -106980,7 +113600,7 @@
{
int crit;
int ext_type;
-@@ -101,7 +53,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+@@ -101,7 +53,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *c
/* CONF *conf: Config file */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
@@ -106989,7 +113609,7 @@
{
int crit;
int ext_type;
-@@ -115,7 +67,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+@@ -115,7 +67,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CON
/* CONF *conf: Config file */
/* char *value: Value */
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
@@ -106998,7 +113618,7 @@
{
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
-@@ -136,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+@@ -136,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF
nval = NCONF_get_section(conf, value + 1);
else
nval = X509V3_parse_list(value);
@@ -107009,11 +113629,11 @@
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
value);
+ if (*value != '@')
-+ sk_CONF_VALUE_free(nval);
++ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
-@@ -232,9 +186,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+@@ -232,9 +186,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_n
}
/* Check the extension string for critical flag */
@@ -107025,7 +113645,7 @@
if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
return 0;
p += 9;
-@@ -245,10 +199,10 @@ static int v3_check_critical(char **value)
+@@ -245,10 +199,10 @@ static int v3_check_critical(char **valu
}
/* Check extension string for generic extension and return the type */
@@ -107038,7 +113658,7 @@
if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
p += 4;
gen_type = 1;
-@@ -265,7 +219,7 @@ static int v3_check_generic(char **value)
+@@ -265,7 +219,7 @@ static int v3_check_generic(char **value
}
/* Create a generic extension: for now just handle DER type */
@@ -107047,7 +113667,7 @@
int crit, int gen_type,
X509V3_CTX *ctx)
{
-@@ -313,7 +267,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+@@ -313,7 +267,7 @@ static X509_EXTENSION *v3_generic_extens
}
@@ -107056,7 +113676,7 @@
long *ext_len)
{
ASN1_TYPE *typ;
-@@ -343,7 +297,7 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
+@@ -343,7 +297,7 @@ static void delete_ext(STACK_OF(X509_EXT
* file section to an extension STACK.
*/
@@ -107065,7 +113685,7 @@
STACK_OF(X509_EXTENSION) **sk)
{
X509_EXTENSION *ext;
-@@ -370,7 +324,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+@@ -370,7 +324,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf,
* Convenience functions to add extensions to a certificate, CRL and request
*/
@@ -107074,7 +113694,7 @@
X509 *cert)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
-@@ -381,7 +335,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+@@ -381,7 +335,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X50
/* Same as above but for a CRL */
@@ -107083,7 +113703,7 @@
X509_CRL *crl)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
-@@ -392,7 +346,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+@@ -392,7 +346,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf,
/* Add extensions to certificate request */
@@ -107092,7 +113712,7 @@
X509_REQ *req)
{
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-@@ -409,7 +363,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+@@ -409,7 +363,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf,
/* Config database functions */
@@ -107101,7 +113721,7 @@
{
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
-@@ -420,7 +374,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+@@ -420,7 +374,7 @@ char *X509V3_get_string(X509V3_CTX *ctx,
return NULL;
}
@@ -107110,7 +113730,7 @@
{
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
X509V3err(X509V3_F_X509V3_GET_SECTION,
-@@ -448,12 +402,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+@@ -448,12 +402,12 @@ void X509V3_section_free(X509V3_CTX *ctx
ctx->db_meth->free_section(ctx->db, section);
}
@@ -107125,7 +113745,7 @@
{
return NCONF_get_section(db, section);
}
-@@ -484,7 +438,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+@@ -484,7 +438,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X50
/* Old conf compatibility functions */
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
@@ -107134,7 +113754,7 @@
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
-@@ -494,19 +448,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+@@ -494,19 +448,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF
/* LHASH *conf: Config file */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
@@ -107157,7 +113777,7 @@
{
return CONF_get_section(db, section);
}
-@@ -525,7 +479,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
+@@ -525,7 +479,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *c
}
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
@@ -107166,7 +113786,7 @@
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
-@@ -535,7 +489,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+@@ -535,7 +489,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VA
/* Same as above but for a CRL */
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
@@ -107175,7 +113795,7 @@
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
-@@ -545,7 +499,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+@@ -545,7 +499,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CON
/* Add extensions to certificate request */
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
@@ -107184,8 +113804,6 @@
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
-diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
-index b4dd3ad..a697338 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -1,59 +1,10 @@
@@ -107271,7 +113889,7 @@
{
STACK_OF(POLICYINFO) *pols = NULL;
char *pstr;
-@@ -188,6 +139,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+@@ -188,6 +139,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol
pol = POLICYINFO_new();
if (pol == NULL) {
X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
@@ -107279,7 +113897,7 @@
goto err;
}
pol->policyid = pobj;
-@@ -343,6 +295,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+@@ -343,6 +295,7 @@ static POLICYQUALINFO *notice_section(X5
if (!nos || !sk_CONF_VALUE_num(nos)) {
X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
X509V3_conf_err(cnf);
@@ -107287,8 +113905,6 @@
goto err;
}
ret = nref_nos(nref->noticenos, nos);
-diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
-index d9442a2..c4c77f1 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -1,59 +1,10 @@
@@ -107356,7 +113972,7 @@
*/
#include <stdio.h>
-@@ -199,10 +150,10 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value)
+@@ -199,10 +150,10 @@ static int set_reasons(ASN1_BIT_STRING *
const char *bnam;
int i, ret = 0;
rsk = X509V3_parse_list(value);
@@ -107370,8 +113986,6 @@
for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
bnam = sk_CONF_VALUE_value(rsk, i)->name;
if (*preas == NULL) {
-diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
-index 26ef657..03daef9 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -1,59 +1,10 @@
@@ -107439,8 +114053,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
-index 354b828..bae755e 100644
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -1,59 +1,10 @@
@@ -107508,8 +114120,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
-index d225d0d..8d11997 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -1,59 +1,10 @@
@@ -107577,8 +114187,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
-index 073a2bb..c1170d4 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -1,59 +1,10 @@
@@ -107655,7 +114263,7 @@
EXT_IA5STRING(NID_netscape_base_url),
EXT_IA5STRING(NID_netscape_revocation_url),
EXT_IA5STRING(NID_netscape_ca_revocation_url),
-@@ -90,7 +41,7 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
+@@ -90,7 +41,7 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METH
}
ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
@@ -107664,7 +114272,7 @@
{
ASN1_IA5STRING *ia5;
if (!str) {
-@@ -100,10 +51,9 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+@@ -100,10 +51,9 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V
}
if ((ia5 = ASN1_IA5STRING_new()) == NULL)
goto err;
@@ -107677,8 +114285,6 @@
}
#ifdef CHARSET_EBCDIC
ebcdic2ascii(ia5->data, ia5->data, ia5->length);
-diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
-index 16e25fa..bec8c42 100644
--- a/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
@@ -1,59 +1,10 @@
@@ -107746,8 +114352,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
-index fc4dd92..690c90e 100644
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -1,59 +1,10 @@
@@ -107824,8 +114428,6 @@
{
return s2i_ASN1_INTEGER(meth, value);
}
-diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
-index a82050f..20b7d96 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -1,60 +1,12 @@
@@ -107895,11 +114497,18 @@
/* X509 v3 extension utilities */
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
-index 31e37a0..413d9e9 100644
+@@ -274,7 +226,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext
+ * -2 extension occurs more than once.
+ */
+
+-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
++void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ int *idx)
+ {
+ int lastpos, i;
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
-@@ -1,59 +1,10 @@
+@@ -1,63 +1,15 @@
/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
@@ -107964,7 +114573,12 @@
*/
#include <stdio.h>
-@@ -72,7 +23,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+ #include "internal/cryptlib.h"
++#include "internal/asn1_int.h"
+ #include <openssl/asn1t.h>
+ #include <openssl/conf.h>
+ #include <openssl/x509v3.h>
+@@ -72,7 +24,7 @@ static int i2r_NAME_CONSTRAINTS(const X5
BIO *bp, int ind);
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
@@ -107973,7 +114587,7 @@
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
-@@ -171,7 +122,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+@@ -171,7 +123,7 @@ static int i2r_NAME_CONSTRAINTS(const X5
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
STACK_OF(GENERAL_SUBTREE) *trees,
@@ -107982,8 +114596,58 @@
{
GENERAL_SUBTREE *tree;
int i;
-diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
-index cadedef..2c05edb 100644
+@@ -275,6 +227,51 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME
+
+ }
+
++int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
++{
++ int r, i;
++ X509_NAME *nm;
++
++ ASN1_STRING stmp;
++ GENERAL_NAME gntmp;
++ stmp.flags = 0;
++ stmp.type = V_ASN1_IA5STRING;
++ gntmp.type = GEN_DNS;
++ gntmp.d.dNSName = &stmp;
++
++ nm = X509_get_subject_name(x);
++
++ /* Process any commonName attributes in subject name */
++
++ for (i = -1;;) {
++ X509_NAME_ENTRY *ne;
++ ASN1_STRING *hn;
++ i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
++ if (i == -1)
++ break;
++ ne = X509_NAME_get_entry(nm, i);
++ hn = X509_NAME_ENTRY_get_data(ne);
++ /* Only process attributes that look like host names */
++ if (asn1_valid_host(hn)) {
++ unsigned char *h;
++ int hlen = ASN1_STRING_to_UTF8(&h, hn);
++ if (hlen <= 0)
++ return X509_V_ERR_OUT_OF_MEM;
++
++ stmp.length = hlen;
++ stmp.data = h;
++
++ r = nc_match(&gntmp, nc);
++
++ OPENSSL_free(h);
++
++ if (r != X509_V_OK)
++ return r;
++ }
++ }
++ return X509_V_OK;
++}
++
+ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+ {
+ GENERAL_SUBTREE *sub;
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -1,7 +1,12 @@
@@ -108001,8 +114665,6 @@
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
-diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c
-index 99bf325..e6f7a91 100644
--- a/crypto/x509v3/v3_pcia.c
+++ b/crypto/x509v3/v3_pcia.c
@@ -1,7 +1,12 @@
@@ -108020,8 +114682,6 @@
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
-diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
-index 89960ca..24f7ff4 100644
--- a/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
@@ -1,59 +1,10 @@
@@ -108089,8 +114749,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
-index 9f0c5da..ed82bca 100644
--- a/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
@@ -1,59 +1,10 @@
@@ -108158,8 +114816,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
-index 1e7324b..73f4ec2 100644
--- a/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
@@ -1,59 +1,10 @@
@@ -108227,7 +114883,7 @@
*/
#include <stdio.h>
-@@ -113,9 +64,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+@@ -113,9 +64,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_
static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
@@ -108240,7 +114896,7 @@
CONF_VALUE *val;
int i;
-@@ -127,30 +78,33 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+@@ -127,30 +78,33 @@ static void *v2i_POLICY_MAPPINGS(const X
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if (!val->value || !val->name) {
@@ -108280,8 +114936,6 @@
+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ return NULL;
}
-diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
-index 457bd95..8666636 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -1,60 +1,12 @@
@@ -108351,8 +115005,15 @@
/* X509 v3 extension utilities */
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
-index ae82fd1..fff0994 100644
+@@ -236,7 +188,7 @@ static int unknown_ext_print(BIO *out, c
+ case X509V3_EXT_PARSE_UNKNOWN:
+ return ASN1_parse_dump(out, ext, extlen, indent, -1);
+ case X509V3_EXT_DUMP_UNKNOWN:
+- return BIO_dump_indent(out, (char *)ext, extlen, indent);
++ return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+
+ default:
+ return 1;
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -1,59 +1,10 @@
@@ -108438,7 +115099,7 @@
{
int idx;
X509_PURPOSE *ptmp;
-@@ -229,7 +180,7 @@ int X509_PURPOSE_add(int id, int trust, int flags,
+@@ -229,7 +180,7 @@ int X509_PURPOSE_add(int id, int trust,
ptmp->sname = OPENSSL_strdup(sname);
if (!ptmp->name || !ptmp->sname) {
X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
@@ -108447,7 +115108,7 @@
}
/* Keep the dynamic flag of existing entry */
ptmp->flags &= X509_PURPOSE_DYNAMIC;
-@@ -246,14 +197,21 @@ int X509_PURPOSE_add(int id, int trust, int flags,
+@@ -246,14 +197,21 @@ int X509_PURPOSE_add(int id, int trust,
if (xptable == NULL
&& (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
@@ -108471,7 +115132,7 @@
}
static void xptable_free(X509_PURPOSE *p)
-@@ -271,29 +229,26 @@ static void xptable_free(X509_PURPOSE *p)
+@@ -271,29 +229,26 @@ static void xptable_free(X509_PURPOSE *p
void X509_PURPOSE_cleanup(void)
{
@@ -108505,7 +115166,33 @@
{
return xp->trust;
}
-@@ -880,3 +835,12 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+@@ -573,6 +528,16 @@ static int check_ca(const X509 *x)
+ }
+ }
+
++void X509_set_proxy_flag(X509 *x)
++{
++ x->ex_flags |= EXFLAG_PROXY;
++}
++
++void X509_set_proxy_pathlen(X509 *x, long l)
++{
++ x->ex_pcpathlen = l;
++}
++
+ int X509_check_ca(X509 *x)
+ {
+ if (!(x->ex_flags & EXFLAG_SET)) {
+@@ -760,7 +725,7 @@ static int check_purpose_timestamp_sign(
+ return 0;
+
+ /* Extended Key Usage MUST be critical */
+- i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
++ i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
+ if (i_ext >= 0) {
+ X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
+ if (!X509_EXTENSION_get_critical(ext))
+@@ -880,3 +845,21 @@ const ASN1_OCTET_STRING *X509_get0_subje
X509_check_purpose(x, -1, -1);
return x->skid;
}
@@ -108518,8 +115205,15 @@
+ return -1;
+ return x->ex_pathlen;
+}
-diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
-index e633cd8..4838b9b 100644
++
++long X509_get_proxy_pathlen(X509 *x)
++{
++ /* Called for side effect of caching extensions */
++ if (X509_check_purpose(x, -1, -1) != 1
++ || (x->ex_flags & EXFLAG_PROXY) == 0)
++ return -1;
++ return x->ex_pcpathlen;
++}
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -1,59 +1,10 @@
@@ -108587,8 +115281,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
-index 0f8ac5e..5338466 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -1,59 +1,10 @@
@@ -108656,8 +115348,51 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c
-index 286db1d..fec6724 100644
+@@ -150,7 +101,7 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHO
+
+ /* Add an id given the zone as an ASCII number */
+
+-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
++int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
+ {
+ ASN1_INTEGER *izone;
+
+@@ -163,7 +114,7 @@ int SXNET_add_id_asc(SXNET **psx, char *
+
+ /* Add an id given the zone as an unsigned long */
+
+-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
++int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+ int userlen)
+ {
+ ASN1_INTEGER *izone;
+@@ -183,7 +134,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsi
+ * passed integer and doesn't make a copy so don't free it up afterwards.
+ */
+
+-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
++int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
+ int userlen)
+ {
+ SXNET *sx = NULL;
+@@ -217,7 +168,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, AS
+ if (userlen == -1)
+ userlen = strlen(user);
+
+- if (!ASN1_OCTET_STRING_set(id->user, (unsigned char *)user, userlen))
++ if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
+ goto err;
+ if (!sk_SXNETID_push(sx->ids, id))
+ goto err;
+@@ -232,7 +183,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, AS
+ return 0;
+ }
+
+-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
++ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
+ {
+ ASN1_INTEGER *izone;
+ ASN1_OCTET_STRING *oct;
--- a/crypto/x509v3/v3_tlsf.c
+++ b/crypto/x509v3/v3_tlsf.c
@@ -1,58 +1,10 @@
@@ -108724,7 +115459,7 @@
*/
#include <stdio.h>
-@@ -155,7 +107,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+@@ -155,7 +107,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(cons
extval = val->name;
for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
@@ -108733,8 +115468,6 @@
break;
if (j < OSSL_NELEM(tls_feature_tbl))
tlsextid = tls_feature_tbl[j].num;
-diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
-index ae9645d..f3c288f 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1,60 +1,12 @@
@@ -108804,7 +115537,7 @@
/* X509 v3 extension utilities */
#include <stdio.h>
-@@ -134,7 +86,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool,
+@@ -134,7 +86,7 @@ int X509V3_add_value_bool(const char *na
return X509V3_add_value(name, "FALSE", extlist);
}
@@ -108813,16 +115546,25 @@
STACK_OF(CONF_VALUE) **extlist)
{
if (asn1_bool)
-@@ -170,7 +122,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+@@ -156,7 +108,7 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_MET
return strtmp;
}
+-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
++char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
+ {
+ BIGNUM *bntmp = NULL;
+ char *strtmp = NULL;
+@@ -170,7 +122,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD
+ return strtmp;
+ }
+
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
{
BIGNUM *bn = NULL;
ASN1_INTEGER *aint;
-@@ -1177,19 +1129,17 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
+@@ -1177,19 +1129,17 @@ static int ipv6_hex(unsigned char *out,
{
unsigned char c;
unsigned int num = 0;
@@ -108847,8 +115589,6 @@
}
out[0] = num >> 8;
out[1] = num & 0xff;
-diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
-index 95a24a5..966ab90 100644
--- a/crypto/x509v3/v3conf.c
+++ b/crypto/x509v3/v3conf.c
@@ -1,59 +1,10 @@
@@ -108916,8 +115656,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
-index e399b29..1f838bc 100644
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -1,61 +1,11 @@
@@ -108998,7 +115736,7 @@
{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
"ASIdentifierChoice_canonize"},
{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
-@@ -77,10 +29,8 @@ static ERR_STRING_DATA X509V3_str_functs[] = {
+@@ -77,10 +29,8 @@ static ERR_STRING_DATA X509V3_str_functs
{ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"},
{ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"},
{ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"},
@@ -109009,7 +115747,7 @@
{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"},
{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"},
-@@ -96,7 +46,6 @@ static ERR_STRING_DATA X509V3_str_functs[] = {
+@@ -96,7 +46,6 @@ static ERR_STRING_DATA X509V3_str_functs
{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"},
{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
@@ -109017,7 +115755,7 @@
{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"},
{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"},
{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
-@@ -122,14 +71,11 @@ static ERR_STRING_DATA X509V3_str_functs[] = {
+@@ -122,14 +71,11 @@ static ERR_STRING_DATA X509V3_str_functs
{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"},
{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"},
{ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"},
@@ -109032,7 +115770,7 @@
{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
-@@ -201,7 +147,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = {
+@@ -201,7 +147,6 @@ static ERR_STRING_DATA X509V3_str_reason
"no proxy cert policy language defined"},
{ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
@@ -109040,7 +115778,7 @@
{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
{ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
-@@ -209,8 +154,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = {
+@@ -209,8 +154,6 @@ static ERR_STRING_DATA X509V3_str_reason
{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
"policy path length already defined"},
@@ -109049,8 +115787,21 @@
{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
"policy when proxy language requires no policy"},
{ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
-diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
-index 2c8902e..7431a4e 100644
+@@ -231,7 +174,7 @@ static ERR_STRING_DATA X509V3_str_reason
+
+ #endif
+
+-void ERR_load_X509V3_strings(void)
++int ERR_load_X509V3_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -240,4 +183,5 @@ void ERR_load_X509V3_strings(void)
+ ERR_load_strings(0, X509V3_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/crypto/x509v3/v3prin.c
+++ b/crypto/x509v3/v3prin.c
@@ -1,59 +1,10 @@
@@ -109118,8 +115869,6 @@
*/
#include <stdio.h>
-diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl
-index db5aa4a..285ad1b 100644
--- a/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
@@ -1,4 +1,11 @@
@@ -109135,7 +115884,7 @@
$flavour = shift;
$output = shift;
-@@ -11,7 +18,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -11,7 +18,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -109144,7 +115893,7 @@
*STDOUT=*OUT;
($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
-@@ -217,6 +224,28 @@ OPENSSL_cleanse:
+@@ -217,6 +224,28 @@ print<<___;
jne .Little
ret
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -109173,8 +115922,95 @@
___
print<<___ if (!$win64);
-diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index 48c4cf2..99ffa1d 100644
+@@ -364,36 +393,67 @@ print<<___;
+ ___
+ }
+
++sub gen_random {
++my $rdop = shift;
+ print<<___;
+-.globl OPENSSL_ia32_rdrand
+-.type OPENSSL_ia32_rdrand,\@abi-omnipotent
++.globl OPENSSL_ia32_${rdop}
++.type OPENSSL_ia32_${rdop},\@abi-omnipotent
+ .align 16
+-OPENSSL_ia32_rdrand:
++OPENSSL_ia32_${rdop}:
+ mov \$8,%ecx
+-.Loop_rdrand:
+- rdrand %rax
+- jc .Lbreak_rdrand
+- loop .Loop_rdrand
+-.Lbreak_rdrand:
++.Loop_${rdop}:
++ ${rdop} %rax
++ jc .Lbreak_${rdop}
++ loop .Loop_${rdop}
++.Lbreak_${rdop}:
+ cmp \$0,%rax
+ cmove %rcx,%rax
+ ret
+-.size OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand
++.size OPENSSL_ia32_${rdop},.-OPENSSL_ia32_${rdop}
+
+-.globl OPENSSL_ia32_rdseed
+-.type OPENSSL_ia32_rdseed,\@abi-omnipotent
++.globl OPENSSL_ia32_${rdop}_bytes
++.type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
+ .align 16
+-OPENSSL_ia32_rdseed:
+- mov \$8,%ecx
+-.Loop_rdseed:
+- rdseed %rax
+- jc .Lbreak_rdseed
+- loop .Loop_rdseed
+-.Lbreak_rdseed:
+- cmp \$0,%rax
+- cmove %rcx,%rax
++OPENSSL_ia32_${rdop}_bytes:
++ xor %rax, %rax # return value
++ cmp \$0,$arg2
++ je .Ldone_${rdop}_bytes
++
++ mov \$8,%r11
++.Loop_${rdop}_bytes:
++ ${rdop} %r10
++ jc .Lbreak_${rdop}_bytes
++ dec %r11
++ jnz .Loop_${rdop}_bytes
++ jmp .Ldone_${rdop}_bytes
++
++.align 16
++.Lbreak_${rdop}_bytes:
++ cmp \$8,$arg2
++ jb .Ltail_${rdop}_bytes
++ mov %r10,($arg1)
++ lea 8($arg1),$arg1
++ add \$8,%rax
++ sub \$8,$arg2
++ jz .Ldone_${rdop}_bytes
++ mov \$8,%r11
++ jmp .Loop_${rdop}_bytes
++
++.align 16
++.Ltail_${rdop}_bytes:
++ mov %r10b,($arg1)
++ lea 1($arg1),$arg1
++ inc %rax
++ shr \$8,%r8
++ dec $arg2
++ jnz .Ltail_${rdop}_bytes
++
++.Ldone_${rdop}_bytes:
+ ret
+-.size OPENSSL_ia32_rdseed,.-OPENSSL_ia32_rdseed
++.size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
+ ___
++}
++gen_random("rdrand");
++gen_random("rdseed");
+
+ close STDOUT; # flush
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -1,4 +1,10 @@
@@ -109189,7 +116025,7 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC, "${dir}perlasm", "perlasm");
-@@ -359,6 +365,31 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+@@ -359,6 +365,31 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
&ret ();
&function_end_B("OPENSSL_cleanse");
@@ -109221,9 +116057,80 @@
{
my $lasttick = "esi";
my $lastdiff = "ebx";
-diff --git a/demos/bio/Makefile.in b/demos/bio/Makefile.in
-deleted file mode 100644
-index 04c5dc7..0000000
+@@ -461,29 +492,64 @@ my $max = "ebp";
+ &function_end("OPENSSL_instrument_bus2");
+ }
+
+-&function_begin_B("OPENSSL_ia32_rdrand");
++sub gen_random {
++my $rdop = shift;
++&function_begin_B("OPENSSL_ia32_${rdop}");
+ &mov ("ecx",8);
+ &set_label("loop");
+- &rdrand ("eax");
++ &${rdop}("eax");
+ &jc (&label("break"));
+ &loop (&label("loop"));
+ &set_label("break");
+ &cmp ("eax",0);
+ &cmove ("eax","ecx");
+ &ret ();
+-&function_end_B("OPENSSL_ia32_rdrand");
++&function_end_B("OPENSSL_ia32_${rdop}");
++
++&function_begin_B("OPENSSL_ia32_${rdop}_bytes");
++ &push ("edi");
++ &push ("ebx");
++ &xor ("eax","eax"); # return value
++ &mov ("edi",&wparam(0));
++ &mov ("ebx",&wparam(1));
++
++ &cmp ("ebx",0);
++ &je (&label("done"));
+
+-&function_begin_B("OPENSSL_ia32_rdseed");
+ &mov ("ecx",8);
+ &set_label("loop");
+- &rdseed ("eax");
++ &${rdop}("edx");
+ &jc (&label("break"));
+ &loop (&label("loop"));
+-&set_label("break");
+- &cmp ("eax",0);
+- &cmove ("eax","ecx");
++ &jmp (&label("done"));
++
++&set_label("break",16);
++ &cmp ("ebx",4);
++ &jb (&label("tail"));
++ &mov (&DWP(0,"edi"),"edx");
++ &lea ("edi",&DWP(4,"edi"));
++ &add ("eax",4);
++ &sub ("ebx",4);
++ &jz (&label("done"));
++ &mov ("ecx",8);
++ &jmp (&label("loop"));
++
++&set_label("tail",16);
++ &mov (&BP(0,"edi"),"dl");
++ &lea ("edi",&DWP(1,"edi"));
++ &inc ("eax");
++ &shr ("edx",8);
++ &dec ("ebx");
++ &jnz (&label("tail"));
++
++&set_label("done");
++ &pop ("ebx");
++ &pop ("edi");
+ &ret ();
+-&function_end_B("OPENSSL_ia32_rdseed");
++&function_end_B("OPENSSL_ia32_${rdop}_bytes");
++}
++&gen_random("rdrand");
++&gen_random("rdseed");
+
+ &initseg("OPENSSL_cpuid_setup");
+
--- a/demos/bio/Makefile.in
+++ /dev/null
@@ -1,23 +0,0 @@
@@ -109250,8 +116157,6 @@
- rm -f $(EXAMPLES) *.o
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c
-index 630b166..9e136e5 100644
--- a/demos/bio/client-arg.c
+++ b/demos/bio/client-arg.c
@@ -1,3 +1,12 @@
@@ -109267,8 +116172,6 @@
#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
-diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c
-index 4e4d4bc..66b5cac 100644
--- a/demos/bio/client-conf.c
+++ b/demos/bio/client-conf.c
@@ -1,3 +1,12 @@
@@ -109284,8 +116187,6 @@
#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
-diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
-index 240132c..106a089 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -1,3 +1,12 @@
@@ -109301,8 +116202,6 @@
/*-
* A minimal program to serve an SSL connection.
* It uses blocking.
-diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
-index 16dba40..284bc30 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -1,3 +1,12 @@
@@ -109318,8 +116217,6 @@
/*-
* A minimal program to do SSL to a passed host and port.
* It is actually using non-blocking IO but in a very simple manner
-diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
-index b2a43a9..4e9b7bd 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -1,4 +1,13 @@
@@ -109336,8 +116233,6 @@
* A minimal program to serve an SSL connection. It uses blocking. It use the
* SSL_CONF API with the command line. cc -I../../include server-arg.c
* -L../.. -lssl -lcrypto -ldl
-diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c
-index 51291da..77b456a 100644
--- a/demos/bio/server-cmod.c
+++ b/demos/bio/server-cmod.c
@@ -1,4 +1,13 @@
@@ -109354,8 +116249,6 @@
* A minimal TLS server it ses SSL_CTX_config and a configuration file to
* set most server parameters.
*/
-diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c
-index db624ba..32abefd 100644
--- a/demos/bio/server-conf.c
+++ b/demos/bio/server-conf.c
@@ -1,4 +1,13 @@
@@ -109372,8 +116265,6 @@
* A minimal program to serve an SSL connection. It uses blocking. It uses
* the SSL_CONF API with a configuration file. cc -I../../include saccept.c
* -L../.. -lssl -lcrypto -ldl
-diff --git a/demos/cms/cms_comp.c b/demos/cms/cms_comp.c
-index f902d20..0d548f9 100644
--- a/demos/cms/cms_comp.c
+++ b/demos/cms/cms_comp.c
@@ -1,3 +1,12 @@
@@ -109389,8 +116280,6 @@
/* Simple S/MIME compress example */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c
-index 3b23e8d..8f2e9ae 100644
--- a/demos/cms/cms_ddec.c
+++ b/demos/cms/cms_ddec.c
@@ -1,4 +1,13 @@
@@ -109407,8 +116296,6 @@
* S/MIME detached data decrypt example: rarely done but should the need
* arise this is an example....
*/
-diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
-index 22181c2..4f9428b 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -1,3 +1,12 @@
@@ -109424,8 +116311,6 @@
/* Simple S/MIME decryption example */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c
-index 8aa82aa..adba69b 100644
--- a/demos/cms/cms_denc.c
+++ b/demos/cms/cms_denc.c
@@ -1,4 +1,13 @@
@@ -109442,8 +116327,6 @@
* S/MIME detached data encrypt example: rarely done but should the need
* arise this is an example....
*/
-diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
-index f4ba542..4d17d72 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -1,3 +1,12 @@
@@ -109459,8 +116342,6 @@
/* Simple S/MIME encrypt example */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c
-index 8b5a64d..15bd5b8 100644
--- a/demos/cms/cms_sign.c
+++ b/demos/cms/cms_sign.c
@@ -1,3 +1,12 @@
@@ -109476,8 +116357,6 @@
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
-index 9fdd035..14ebf27 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -1,3 +1,12 @@
@@ -109493,8 +116372,6 @@
/* S/MIME signing example: 2 signers */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/cms/cms_uncomp.c b/demos/cms/cms_uncomp.c
-index 2c10b81..3e3b4c4 100644
--- a/demos/cms/cms_uncomp.c
+++ b/demos/cms/cms_uncomp.c
@@ -1,3 +1,12 @@
@@ -109510,8 +116387,6 @@
/* Simple S/MIME uncompression example */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c
-index c6e83c0..43c10e2 100644
--- a/demos/cms/cms_ver.c
+++ b/demos/cms/cms_ver.c
@@ -1,3 +1,12 @@
@@ -109527,8 +116402,6 @@
/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/cms.h>
-diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c
-index e0240e5..cc4d0b5 100644
--- a/demos/evp/aesccm.c
+++ b/demos/evp/aesccm.c
@@ -1,4 +1,13 @@
@@ -109545,8 +116418,6 @@
* Simple AES CCM test program, uses the same NIST data used for the FIPS
* self test but uses the application level EVP APIs.
*/
-diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c
-index 72028a0..17b0ef4 100644
--- a/demos/evp/aesgcm.c
+++ b/demos/evp/aesgcm.c
@@ -1,4 +1,13 @@
@@ -109563,8 +116434,6 @@
* Simple AES GCM test program, uses the same NIST data used for the FIPS
* self test but uses the application level EVP APIs.
*/
-diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c
-index 3739814..3b87d7a 100644
--- a/demos/pkcs12/pkread.c
+++ b/demos/pkcs12/pkread.c
@@ -1,3 +1,11 @@
@@ -109579,8 +116448,6 @@
#include <stdio.h>
#include <stdlib.h>
-diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c
-index d04a22b..e14cf83 100644
--- a/demos/pkcs12/pkwrite.c
+++ b/demos/pkcs12/pkwrite.c
@@ -1,3 +1,11 @@
@@ -109595,8 +116462,6 @@
#include <stdio.h>
#include <stdlib.h>
-diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c
-index f1a987a..c4d1b09 100644
--- a/demos/smime/smdec.c
+++ b/demos/smime/smdec.c
@@ -1,3 +1,12 @@
@@ -109612,8 +116477,6 @@
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
-diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c
-index 79fe2d0..5d36e9a 100644
--- a/demos/smime/smenc.c
+++ b/demos/smime/smenc.c
@@ -1,3 +1,12 @@
@@ -109629,8 +116492,6 @@
/* Simple S/MIME encrypt example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
-diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c
-index 8505e71..ba0adb3 100644
--- a/demos/smime/smsign.c
+++ b/demos/smime/smsign.c
@@ -1,3 +1,12 @@
@@ -109646,8 +116507,6 @@
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
-diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c
-index 415ecf3..2b7f45b 100644
--- a/demos/smime/smsign2.c
+++ b/demos/smime/smsign2.c
@@ -1,3 +1,12 @@
@@ -109663,8 +116522,6 @@
/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
-diff --git a/demos/smime/smver.c b/demos/smime/smver.c
-index 13ba18b..75411c4 100644
--- a/demos/smime/smver.c
+++ b/demos/smime/smver.c
@@ -1,3 +1,12 @@
@@ -109680,8 +116537,264 @@
/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
-diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
-index 35a40aa..ed30d6a 100644
+--- a/doc/HOWTO/proxy_certificates.txt
++++ b/doc/HOWTO/proxy_certificates.txt
+@@ -164,138 +164,151 @@ application and the certificate validati
+
+ Here is some skeleton code you can fill in:
+
+- /* In this example, I will use a view of granted rights as a bit
+- array, one bit for each possible right. */
++ #include <string.h>
++ #include <netdb.h>
++ #include <openssl/x509.h>
++ #include <openssl/x509v3.h>
++
++ #define total_rights 25
++
++ /*
++ * In this example, I will use a view of granted rights as a bit
++ * array, one bit for each possible right.
++ */
+ typedef struct your_rights {
+- unsigned char rights[total_rights / 8];
++ unsigned char rights[(total_rights + 7) / 8];
+ } YOUR_RIGHTS;
+
+- /* The following procedure will create an index for the ex_data
+- store in the X509 validation context the first time it's called.
+- Subsequent calls will return the same index. */
+- static int get_proxy_auth_ex_data_idx(void)
++ /*
++ * The following procedure will create an index for the ex_data
++ * store in the X509 validation context the first time it's called.
++ * Subsequent calls will return the same index. */
++ static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+ {
+- static volatile int idx = -1;
+- if (idx < 0)
+- {
+- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+- if (idx < 0)
+- {
+- idx = X509_STORE_CTX_get_ex_new_index(0,
+- "for verify callback",
+- NULL,NULL,NULL);
++ static volatile int idx = -1;
++ if (idx < 0) {
++ X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
++ if (idx < 0) {
++ idx = X509_STORE_CTX_get_ex_new_index(0,
++ "for verify callback",
++ NULL,NULL,NULL);
+ }
+- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
++ X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+ }
+- return idx;
++ return idx;
+ }
+
+ /* Callback to be given to the X509 validation procedure. */
+ static int verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
+- if (ok == 1) /* It's REALLY important you keep the proxy policy
+- check within this section. It's important to know
+- that when ok is 1, the certificates are checked
+- from top to bottom. You get the CA root first,
+- followed by the possible chain of intermediate
+- CAs, followed by the EE certificate, followed by
+- the possible proxy certificates. */
+- {
+- X509 *xs = ctx->current_cert;
+-
+- if (xs->ex_flags & EXFLAG_PROXY)
+- {
+- YOUR_RIGHTS *rights =
+- (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+- get_proxy_auth_ex_data_idx());
+- PROXY_CERT_INFO_EXTENSION *pci =
+- X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
++ if (ok == 1) {
++ /*
++ * It's REALLY important you keep the proxy policy
++ * check within this section. It's important to know
++ * that when ok is 1, the certificates are checked
++ * from top to bottom. You get the CA root first,
++ * followed by the possible chain of intermediate
++ * CAs, followed by the EE certificate, followed by
++ * the possible proxy certificates.
++ */
++ X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
++
++ if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
++ YOUR_RIGHTS *rights =
++ (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
++ get_proxy_auth_ex_data_idx(ctx));
++ PROXY_CERT_INFO_EXTENSION *pci =
++ X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
+
+- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
+- {
++ switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+ case NID_Independent:
+- /* Do whatever you need to grant explicit rights to
+- this particular proxy certificate, usually by
+- pulling them from some database. If there are none
+- to be found, clear all rights (making this and any
+- subsequent proxy certificate void of any rights).
+- */
+- memset(rights->rights, 0, sizeof(rights->rights));
+- break;
++ /*
++ * Do whatever you need to grant explicit rights to
++ * this particular proxy certificate, usually by
++ * pulling them from some database. If there are none
++ * to be found, clear all rights (making this and any
++ * subsequent proxy certificate void of any rights).
++ */
++ memset(rights->rights, 0, sizeof(rights->rights));
++ break;
+ case NID_id_ppl_inheritAll:
+- /* This is basically a NOP, we simply let the current
+- rights stand as they are. */
+- break;
++ /*
++ * This is basically a NOP, we simply let the current
++ * rights stand as they are.
++ */
++ break;
+ default:
+- /* This is usually the most complex section of code.
+- You really do whatever you want as long as you
+- follow RFC 3820. In the example we use here, the
+- simplest thing to do is to build another, temporary
+- bit array and fill it with the rights granted by
+- the current proxy certificate, then use it as a
+- mask on the accumulated rights bit array, and
+- voilà , you now have a new accumulated rights bit
+- array. */
+- {
+- int i;
+- YOUR_RIGHTS tmp_rights;
+- memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
+-
+- /* process_rights() is supposed to be a procedure
+- that takes a string and it's length, interprets
+- it and sets the bits in the YOUR_RIGHTS pointed
+- at by the third argument. */
+- process_rights((char *) pci->proxyPolicy->policy->data,
+- pci->proxyPolicy->policy->length,
+- &tmp_rights);
+-
+- for(i = 0; i < total_rights / 8; i++)
+- rights->rights[i] &= tmp_rights.rights[i];
+- }
+- break;
++ /* This is usually the most complex section of code.
++ * You really do whatever you want as long as you
++ * follow RFC 3820. In the example we use here, the
++ * simplest thing to do is to build another, temporary
++ * bit array and fill it with the rights granted by
++ * the current proxy certificate, then use it as a
++ * mask on the accumulated rights bit array, and
++ * voilà , you now have a new accumulated rights bit
++ * array.
++ */
++ {
++ int i;
++ YOUR_RIGHTS tmp_rights;
++ memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
++
++ /*
++ * process_rights() is supposed to be a procedure
++ * that takes a string and it's length, interprets
++ * it and sets the bits in the YOUR_RIGHTS pointed
++ * at by the third argument.
++ */
++ process_rights((char *) pci->proxyPolicy->policy->data,
++ pci->proxyPolicy->policy->length,
++ &tmp_rights);
++
++ for(i = 0; i < total_rights / 8; i++)
++ rights->rights[i] &= tmp_rights.rights[i];
++ }
++ break;
+ }
+- PROXY_CERT_INFO_EXTENSION_free(pci);
+- }
+- else if (!(xs->ex_flags & EXFLAG_CA))
+- {
+- /* We have an EE certificate, let's use it to set default!
+- */
+- YOUR_RIGHTS *rights =
+- (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+- get_proxy_auth_ex_data_idx());
+-
+- /* The following procedure finds out what rights the owner
+- of the current certificate has, and sets them in the
+- YOUR_RIGHTS structure pointed at by the second
+- argument. */
+- set_default_rights(xs, rights);
++ PROXY_CERT_INFO_EXTENSION_free(pci);
++ } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
++ /* We have an EE certificate, let's use it to set default! */
++ YOUR_RIGHTS *rights =
++ (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
++ get_proxy_auth_ex_data_idx(ctx));
++
++ /* The following procedure finds out what rights the owner
++ * of the current certificate has, and sets them in the
++ * YOUR_RIGHTS structure pointed at by the second
++ * argument.
++ */
++ set_default_rights(xs, rights);
+ }
+ }
+- return ok;
++ return ok;
+ }
+
+ static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+ YOUR_RIGHTS *needed_rights)
+ {
+- int i;
+- int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = ctx->verify_cb;
+- YOUR_RIGHTS rights;
+-
+- X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+- X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(), &rights);
+- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+- ok = X509_verify_cert(ctx);
+-
+- if (ok == 1)
+- {
+- ok = check_needed_rights(rights, needed_rights);
++ int ok;
++ int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
++ X509_STORE_CTX_get_verify_cb(ctx);
++ YOUR_RIGHTS rights;
++
++ X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
++ X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), &rights);
++ X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
++ ok = X509_verify_cert(ctx);
++
++ if (ok == 1) {
++ ok = check_needed_rights(rights, needed_rights);
+ }
+
+- X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
++ X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
+
+- return ok;
++ return ok;
+ }
+
++
+ If you use SSL or TLS, you can easily set up a callback to have the
+ certificates checked properly, using the code above:
+
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -1,4 +1,3 @@
@@ -109689,7 +116802,7 @@
=pod
=head1 NAME
-@@ -103,7 +102,7 @@ B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
+@@ -103,7 +102,7 @@ B<cessationOfOperation>, B<certificateHo
=item B<-verify>
verifies certificates against the CA certificate for "demoCA". If no certificates
@@ -109698,7 +116811,7 @@
=item B<files>
-@@ -148,7 +147,7 @@ enter cacert.pem when prompted for the CA file name.
+@@ -148,7 +147,7 @@ enter cacert.pem when prompted for the C
Create a DSA certificate request and private key (a different set of parameters
can optionally be created first):
@@ -109707,7 +116820,7 @@
Sign the request:
-@@ -169,7 +168,7 @@ be wrong. In this case the command:
+@@ -169,7 +168,7 @@ directly (for example Win32) and the def
perl -S CA.pl
@@ -109716,7 +116829,7 @@
the correct path of the configuration file "openssl.cnf".
The script is intended as a simple front end for the B<openssl> program for use
-@@ -187,4 +186,13 @@ configuration file, not just its directory.
+@@ -187,4 +186,13 @@ configuration file, not just its directo
L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
L<config(5)>
@@ -109730,11 +116843,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod
-index fdaae40..10a5aba 100644
--- a/doc/apps/asn1parse.pod
+++ b/doc/apps/asn1parse.pod
-@@ -92,7 +92,7 @@ L<ASN1_generate_nconf(3)> format. If B<file> only is
+@@ -92,7 +92,7 @@ L<ASN1_generate_nconf(3)> format. If B<f
present then the string is obtained from the default section using the name
B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
though it came from a file, the contents can thus be examined and written to a
@@ -109814,7 +116925,7 @@
=head1 EXAMPLES
-@@ -196,4 +196,13 @@ ASN.1 types is not well handled (if at all).
+@@ -196,4 +196,13 @@ ASN.1 types is not well handled (if at a
L<ASN1_generate_nconf(3)>
@@ -109828,8 +116939,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
-index cd7cad7..9bf1239 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -1,4 +1,3 @@
@@ -109855,7 +116964,7 @@
=item B<-spkac filename>
-@@ -101,7 +100,7 @@ section for information on the required input and output format.
+@@ -101,7 +100,7 @@ section for information on the required
=item B<-infiles>
if present this should be the last option, all subsequent arguments
@@ -109873,7 +116982,7 @@
is the same as the request. This is largely for compatibility with the
older IE enrollment control which would only accept certificates if their
DNs match the order of the request. This is not needed for Xenroll.
-@@ -245,7 +244,7 @@ characters may be escaped by \ (backslash), no spaces are skipped.
+@@ -245,7 +244,7 @@ characters may be escaped by \ (backslas
=item B<-utf8>
@@ -109900,7 +117009,7 @@
=item B<default_startdate>
-@@ -521,7 +520,7 @@ this can be regarded more of a quirk than intended behaviour.
+@@ -521,7 +520,7 @@ this can be regarded more of a quirk tha
The input to the B<-spkac> command line option is a Netscape
signed public key and challenge. This will usually come from
@@ -109909,7 +117018,7 @@
It is however possible to create SPKACs using the B<spkac> utility.
The file should contain the variable SPKAC set to the value of
-@@ -581,18 +580,18 @@ A sample configuration file with the relevant sections for B<ca>:
+@@ -581,18 +580,18 @@ Generate a CRL
[ ca ]
default_ca = CA_default # The default ca section
@@ -109932,7 +117041,7 @@
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
-@@ -600,9 +599,9 @@ A sample configuration file with the relevant sections for B<ca>:
+@@ -600,9 +599,9 @@ Generate a CRL
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
@@ -109945,7 +117054,7 @@
[ policy_any ]
countryName = supplied
-@@ -636,7 +635,7 @@ be overridden by the B<-config> command line option.
+@@ -636,7 +635,7 @@ be overridden by the B<-config> command
=head1 RESTRICTIONS
@@ -109954,7 +117063,7 @@
if corrupted it can be difficult to fix. It is theoretically possible
to rebuild the index file from all the issued certificates and a current
CRL: however there is no option to do this.
-@@ -644,11 +643,11 @@ CRL: however there is no option to do this.
+@@ -644,11 +643,11 @@ CRL: however there is no option to do th
V2 CRL features like delta CRLs are not currently supported.
Although several requests can be input and handled at once it is only
@@ -109968,7 +117077,7 @@
numbers of certificates are present because, as the name implies
the database has to be kept in memory.
-@@ -704,6 +703,15 @@ then even if a certificate is issued with CA:TRUE it will not be valid.
+@@ -704,6 +703,15 @@ then even if a certificate is issued wit
=head1 SEE ALSO
L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
@@ -109985,8 +117094,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
-index 9788fa3..c392077 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -2,7 +2,7 @@
@@ -110036,7 +117143,7 @@
=item B<-v>
Verbose output: For each ciphersuite, list details as provided by
-@@ -242,7 +246,7 @@ Cipher suites using authenticated ephemeral ECDH key agreement.
+@@ -242,7 +246,7 @@ Cipher suites using authenticated epheme
=item B<AECDH>
@@ -110045,7 +117152,7 @@
=item B<aDSS>, B<DSS>
-@@ -390,7 +394,7 @@ relevant specification and their OpenSSL equivalents. It should be noted,
+@@ -390,7 +394,7 @@ relevant specification and their OpenSSL
that several cipher suite names do not include the authentication used,
e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
@@ -110054,7 +117161,7 @@
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL-SHA
-@@ -411,7 +415,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
+@@ -411,7 +415,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA a
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
@@ -110063,7 +117170,7 @@
TLS_RSA_WITH_NULL_MD5 NULL-MD5
TLS_RSA_WITH_NULL_SHA NULL-SHA
-@@ -576,7 +580,7 @@ Note: these ciphers can also be used in SSL v3.
+@@ -576,7 +580,7 @@ Note: these ciphers can also be used in
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
@@ -110072,7 +117179,7 @@
PSK_WITH_NULL_SHA PSK-NULL-SHA
DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA
-@@ -650,7 +654,7 @@ Note: these ciphers can also be used in SSL v3.
+@@ -650,7 +654,7 @@ Note: these ciphers can also be used in
DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
@@ -110081,7 +117188,7 @@
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
-@@ -660,6 +664,13 @@ Note: these ciphers can also be used in SSL v3.
+@@ -660,6 +664,13 @@ Note: these ciphers can also be used in
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
@@ -110095,7 +117202,7 @@
=head1 NOTES
Some compiled versions of OpenSSL may not include all the ciphers
-@@ -706,4 +717,13 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(3)>
+@@ -706,4 +717,13 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(3)
The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
@@ -110109,8 +117216,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
-index 42c3514..4a2b604 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -47,6 +47,7 @@ B<openssl> B<cms>
@@ -110129,7 +117234,7 @@
[B<-asciicrlf>]
[B<-nodetach>]
[B<-certfile file>]
-@@ -184,13 +186,13 @@ B<EncrytedData> type and output the content.
+@@ -184,13 +186,13 @@ B<EncrytedData> type and output the cont
=item B<-sign_receipt>
@@ -110145,7 +117250,7 @@
contain the original receipt request. Functionality is otherwise similar
to the B<-verify> operation.
-@@ -254,7 +256,7 @@ is S/MIME and it uses the multipart/signed MIME content type.
+@@ -254,7 +256,7 @@ is S/MIME and it uses the multipart/sign
this option adds plain text (text/plain) MIME headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
@@ -110154,7 +117259,7 @@
type text/plain then an error occurs.
=item B<-noout>
-@@ -296,11 +298,11 @@ default digest algorithm for the signing key will be used (usually SHA1).
+@@ -296,11 +298,11 @@ default digest algorithm for the signing
the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
@@ -110168,7 +117273,7 @@
B<-EncryptedData_create> commands.
=item B<-nointern>
-@@ -339,6 +341,11 @@ effectively using CR and LF as end of line: as required by the S/MIME
+@@ -339,6 +341,11 @@ effectively using CR and LF as end of li
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
@@ -110180,7 +117285,7 @@
=item B<-asciicrlf>
when signing use ASCII CRLF format canonicalisation. This strips trailing
-@@ -401,7 +408,7 @@ address where receipts should be supplied.
+@@ -401,7 +408,7 @@ address where receipts should be supplie
=item B<-receipt_request_to emailaddress>
@@ -110207,7 +117312,7 @@
=item B<-to, -from, -subject>
-@@ -473,7 +480,7 @@ address matches that specified in the From: address.
+@@ -473,7 +480,7 @@ address matches that specified in the Fr
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
@@ -110216,7 +117321,7 @@
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -527,7 +534,7 @@ attempt is made to locate the recipient by trying each potential recipient
+@@ -527,7 +534,7 @@ attempt is made to locate the recipient
in turn using the supplied private key. To thwart the MMA attack
(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
tried whether they succeed or not and if no recipients match the message
@@ -110225,7 +117330,7 @@
The B<-debug_decrypt> option can be used to disable the MMA attack protection
and return an error if no recipient can be found: this option should be used
with caution. For a fuller description see L<CMS_decrypt(3)>).
-@@ -591,29 +598,29 @@ be processed by the older B<smime> command.
+@@ -591,29 +598,29 @@ be processed by the older B<smime> comma
Create a cleartext signed message:
openssl cms -sign -in message.txt -text -out mail.msg \
@@ -110261,7 +117366,7 @@
Verify a message and extract the signer's certificate if successful:
-@@ -622,15 +629,15 @@ Verify a message and extract the signer's certificate if successful:
+@@ -622,15 +629,15 @@ Create a signed message, include some ad
Send encrypted mail using triple DES:
openssl cms -encrypt -in in.txt -from steve at openssl.org \
@@ -110282,7 +117387,7 @@
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
-@@ -647,7 +654,7 @@ it with:
+@@ -647,7 +654,7 @@ signature by line wrapping the base64 en
-----BEGIN PKCS7-----
-----END PKCS7-----
@@ -110291,7 +117396,7 @@
openssl cms -verify -inform PEM -in signature.pem -content content.txt
-@@ -666,17 +673,17 @@ Add a signer to an existing message:
+@@ -666,17 +673,17 @@ alternatively you can base64 decode the
Sign mail using RSA-PSS:
openssl cms -sign -in message.txt -text -out mail.msg \
@@ -110312,7 +117417,7 @@
=head1 BUGS
-@@ -708,11 +715,20 @@ The B<keyopt> option was first added in OpenSSL 1.1.0
+@@ -708,11 +715,20 @@ The B<keyopt> option was first added in
The use of B<-recip> to specify the recipient when encrypting mail was first
added to OpenSSL 1.1.0
@@ -110334,8 +117439,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/config.pod b/doc/apps/config.pod
-index 665a1bb..a9cde89 100644
--- a/doc/apps/config.pod
+++ b/doc/apps/config.pod
@@ -1,4 +1,3 @@
@@ -110343,7 +117446,7 @@
=pod
=for comment openssl_manual_section:5
-@@ -63,14 +62,14 @@ functionality: any sub command uses the master OpenSSL configuration file
+@@ -63,14 +62,14 @@ functionality: any sub command uses the
unless an option is used in the sub command to use an alternative configuration
file.
@@ -110360,7 +117463,7 @@
module specific: it may, for example, represent a further configuration
section containing configuration module specific information. E.g.
-@@ -91,7 +90,7 @@ section containing configuration module specific information. E.g.
+@@ -91,7 +90,7 @@ section containing configuration module
The features of each configuration module are described below.
@@ -110369,7 +117472,7 @@
This module has the name B<oid_section>. The value of this variable points
to a section containing name value pairs of OIDs: the name is the OID short
-@@ -102,7 +101,7 @@ B<all> the B<openssl> utility sub commands can see the new objects as well
+@@ -102,7 +101,7 @@ B<all> the B<openssl> utility sub comman
as any compliant applications. For example:
[new_oids]
@@ -110378,7 +117481,7 @@
some_new_oid = 1.2.3.4
some_other_oid = 1.2.3.5
-@@ -111,7 +110,7 @@ by a comma and the numerical OID form. For example:
+@@ -111,7 +110,7 @@ It is also possible to set the value to
shortName = some object long name, 1.2.3.4
@@ -110387,7 +117490,7 @@
This ENGINE configuration module has the name B<engines>. The value of this
variable points to a section containing further ENGINE configuration
-@@ -141,7 +140,7 @@ For example:
+@@ -141,7 +140,7 @@ currently supported commands are listed
[bar_section]
... "bar" ENGINE specific commands ...
@@ -110396,7 +117499,7 @@
command must be first. For example:
[engine_section]
-@@ -168,7 +167,7 @@ The command B<default_algorithms> sets the default algorithms an ENGINE will
+@@ -168,7 +167,7 @@ The command B<default_algorithms> sets t
supply using the functions ENGINE_set_default_string().
If the name matches none of the above command names it is assumed to be a
@@ -110405,7 +117508,7 @@
argument to the ctrl command. If the value is the string B<EMPTY> then no
value is sent to the command.
-@@ -190,7 +189,7 @@ For example:
+@@ -190,7 +189,7 @@ value is sent to the command.
# Supply all default algorithms
default_algorithms = ALL
@@ -110414,7 +117517,7 @@
This modules has the name B<alg_section> which points to a section containing
algorithm commands.
-@@ -208,7 +207,7 @@ For example:
+@@ -208,7 +207,7 @@ not FIPS capable then an error occurs.
fips_mode = on
@@ -110423,7 +117526,7 @@
This module has the name B<ssl_conf> which points to a section containing
SSL configurations.
-@@ -266,7 +265,7 @@ Here is a sample configuration file using some of the features
+@@ -266,7 +265,7 @@ Here is a sample configuration file usin
mentioned above.
# This is the default section.
@@ -110432,7 +117535,7 @@
HOME=/temp
RANDFILE= ${ENV::HOME}/.rnd
configdir=$ENV::HOME/config
-@@ -296,7 +295,7 @@ the B<TEMP> or B<TMP> environment variables but they may not be
+@@ -296,7 +295,7 @@ the B<TEMP> or B<TMP> environment variab
set to any value at all. If you just include the environment variable
names and the variable doesn't exist then this will cause an error when
an attempt is made to load the configuration file. By making use of the
@@ -110455,11 +117558,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod
-index 2deecfe..0edff8d 100644
--- a/doc/apps/crl.pod
+++ b/doc/apps/crl.pod
-@@ -42,7 +42,7 @@ the DER form with header and footer lines.
+@@ -42,7 +42,7 @@ the DER form with header and footer line
=item B<-outform DER|PEM>
@@ -110482,8 +117583,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/crl2pkcs7.pod b/doc/apps/crl2pkcs7.pod
-index bc64412..4056543 100644
--- a/doc/apps/crl2pkcs7.pod
+++ b/doc/apps/crl2pkcs7.pod
@@ -2,7 +2,7 @@
@@ -110495,7 +117594,7 @@
=head1 SYNOPSIS
-@@ -74,8 +74,8 @@ Create a PKCS#7 structure from a certificate and CRL:
+@@ -74,8 +74,8 @@ included in the output file and a CRL is
Creates a PKCS#7 structure in DER format with no CRL from several
different certificates:
@@ -110506,7 +117605,7 @@
=head1 NOTES
-@@ -93,4 +93,13 @@ install user certificates and CAs in MSIE using the Xenroll control.
+@@ -93,4 +93,13 @@ install user certificates and CAs in MSI
L<pkcs7(1)>
@@ -110520,11 +117619,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
-index fc256b2..3f1b02c 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
-@@ -156,7 +156,7 @@ a file or files containing random data used to seed the random number
+@@ -156,7 +156,7 @@ a file or files containing random data u
generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
@@ -110552,8 +117649,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
-index 3557dee..addd88a 100644
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -44,7 +44,7 @@ additional header and footer lines.
@@ -110565,7 +117660,7 @@
B<-inform> option.
=item B<-in> I<filename>
-@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise.
+@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be
=item B<-check>
@@ -110584,7 +117679,7 @@
versions of OpenSSL.
=head1 NOTES
-@@ -146,4 +147,13 @@ There should be a way to generate and manipulate DH keys.
+@@ -146,4 +147,13 @@ There should be a way to generate and ma
L<dsaparam(1)>
@@ -110598,8 +117693,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod
-index 2d370ec..caa0696 100644
--- a/doc/apps/dsa.pod
+++ b/doc/apps/dsa.pod
@@ -59,7 +59,7 @@ PKCS#8 format is also accepted.
@@ -110611,7 +117704,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -149,7 +149,7 @@ To encrypt a private key using triple DES:
+@@ -149,7 +149,7 @@ for all available algorithms.
openssl dsa -in key.pem -des3 -out keyout.pem
@@ -110620,7 +117713,7 @@
openssl dsa -in key.pem -outform DER -out keyout.der
-@@ -166,4 +166,13 @@ To just output the public part of a private key:
+@@ -166,4 +166,13 @@ To convert a private key from PEM to DER
L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
L<genrsa(1)>
@@ -110634,11 +117727,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod
-index f8eff94..08ad47f 100644
--- a/doc/apps/dsaparam.pod
+++ b/doc/apps/dsaparam.pod
-@@ -41,7 +41,7 @@ of the B<DER> format base64 encoded with additional header and footer lines.
+@@ -41,7 +41,7 @@ of the B<DER> format base64 encoded with
=item B<-outform DER|PEM>
@@ -110647,7 +117738,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -112,4 +112,13 @@ DSA parameters is often used to generate several distinct keys.
+@@ -112,4 +112,13 @@ DSA parameters is often used to generate
L<gendsa(1)>, L<dsa(1)>, L<genrsa(1)>,
L<rsa(1)>
@@ -110661,8 +117752,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod
-index befb93c..10c5e85 100644
--- a/doc/apps/ec.pod
+++ b/doc/apps/ec.pod
@@ -31,7 +31,7 @@ B<openssl> B<ec>
@@ -110683,7 +117772,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -83,7 +83,7 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+@@ -83,7 +83,7 @@ see the B<PASS PHRASE ARGUMENTS> section
=item B<-des|-des3|-idea>
@@ -110692,17 +117781,20 @@
any other cipher supported by OpenSSL before outputting it. A pass phrase is
prompted for.
If none of these options is specified the key is written in plain text. This
-@@ -130,7 +130,7 @@ the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
+@@ -130,9 +130,9 @@ the preprocessor macro B<OPENSSL_EC_BIN_
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
-explicitly given (see RFC 3279 for the definition of the
+explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
- B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
+-B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
++B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.
-@@ -170,7 +170,7 @@ To encrypt a private key using triple DES:
+ =item B<-no_public>
+@@ -170,7 +170,7 @@ for all available algorithms.
+
openssl ec -in key.pem -des3 -out keyout.pem
-To convert a private key from PEM to DER format:
@@ -110710,7 +117802,7 @@
openssl ec -in key.pem -outform DER -out keyout.der
-@@ -194,4 +194,13 @@ To change the point conversion form to B<compressed>:
+@@ -194,4 +194,13 @@ To convert a private key from PEM to DER
L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
@@ -110724,8 +117816,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod
-index c5500b2..e55322c 100644
--- a/doc/apps/ecparam.pod
+++ b/doc/apps/ecparam.pod
@@ -41,12 +41,12 @@ Print out a usage message.
@@ -110743,16 +117833,19 @@
B<-inform> option.
=item B<-in filename>
-@@ -102,7 +102,7 @@ the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
+@@ -102,9 +102,9 @@ the preprocessor macro B<OPENSSL_EC_BIN_
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
-explicitly given (see RFC 3279 for the definition of the
+explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
- B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
+-B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
++B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.
-@@ -141,7 +141,7 @@ PEM format EC parameters use the header and footer lines:
+
+ =item B<-no_seed>
+@@ -141,7 +141,7 @@ for all available algorithms.
-----END EC PARAMETERS-----
OpenSSL is currently not able to generate new groups and therefore
@@ -110761,7 +117854,7 @@
=head1 EXAMPLES
-@@ -173,4 +173,13 @@ To print out the EC parameters to standard output:
+@@ -173,4 +173,13 @@ B<ecparam> can only create EC parameters
L<ec(1)>, L<dsaparam(1)>
@@ -110775,8 +117868,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
-index 62e1383..b3bf82a 100644
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -8,6 +8,7 @@ enc - symmetric cipher routines
@@ -110787,7 +117878,7 @@
[B<-in filename>]
[B<-out filename>]
[B<-pass arg>]
-@@ -47,6 +48,10 @@ either by itself or in addition to the encryption or decryption.
+@@ -47,6 +48,10 @@ either by itself or in addition to the e
Print out a usage message.
@@ -110828,7 +117919,7 @@
=head1 EXAMPLES
-@@ -299,11 +304,11 @@ Just base64 encode a binary file:
+@@ -299,11 +304,11 @@ authentication tag.
Decode the same file
@@ -110842,7 +117933,7 @@
Decrypt a file using a supplied password:
-@@ -336,4 +341,13 @@ certain parameters. So if, for example, you want to use RC2 with a
+@@ -336,4 +341,13 @@ certain parameters. So if, for example,
The default digest was changed from MD5 to SHA256 in Openssl 1.1.
@@ -110856,8 +117947,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/engine.pod b/doc/apps/engine.pod
-index 467d195..674ab56 100644
--- a/doc/apps/engine.pod
+++ b/doc/apps/engine.pod
@@ -1,4 +1,3 @@
@@ -110874,7 +117963,7 @@
Only those specified are queried.
=head1 OPTIONS
-@@ -52,6 +51,7 @@ Tests if each specified engine is available, and displays the answer.
+@@ -52,6 +51,7 @@ Tests if each specified engine is availa
Displays an error trace for any unavailable engine.
=item B<-pre> I<command>
@@ -110882,7 +117971,7 @@
=item B<-post> I<command>
Command-line configuration of engines.
-@@ -92,4 +92,13 @@ To list the capabilities of the I<rsax> engine:
+@@ -92,4 +92,13 @@ See the example below.
[RSA]
(dynamic) Dynamic engine loading support
@@ -110896,8 +117985,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod
-index 7d1fee4..5ec7b2e 100644
--- a/doc/apps/errstr.pod
+++ b/doc/apps/errstr.pod
@@ -11,10 +11,14 @@ B<openssl errstr error_code>
@@ -110916,7 +118003,7 @@
=head1 EXAMPLE
The error code:
-@@ -22,7 +26,7 @@ The error code:
+@@ -22,7 +26,7 @@ second colon.
27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
can be displayed with:
@@ -110925,7 +118012,7 @@
openssl errstr 2006D080
to produce the error message:
-@@ -33,4 +37,13 @@ to produce the error message:
+@@ -33,4 +37,13 @@ second colon.
L<err(3)>
@@ -110939,11 +118026,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod
-index f4fef8d..4fd1714 100644
--- a/doc/apps/gendsa.pod
+++ b/doc/apps/gendsa.pod
-@@ -79,4 +79,13 @@ much quicker that RSA key generation for example.
+@@ -79,4 +79,13 @@ much quicker that RSA key generation for
L<dsaparam(1)>, L<dsa(1)>, L<genrsa(1)>,
L<rsa(1)>
@@ -110957,11 +118042,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod
-index 1bb8c60..8a78946 100644
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
-@@ -73,14 +73,14 @@ implementation. See B<KEY GENERATION OPTIONS> below for more details.
+@@ -73,14 +73,14 @@ implementation. See B<KEY GENERATION OPT
=item B<-genparam>
generate a set of parameters instead of a private key. If used this option must
@@ -110978,7 +118061,7 @@
are mutually exclusive.
=item B<-text>
-@@ -213,12 +213,12 @@ Encrypt output private key using 128 bit AES and the passphrase "hello":
+@@ -213,12 +213,12 @@ can be used.
Generate a 2048 bit RSA key using 3 as the public exponent:
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
@@ -110993,7 +118076,7 @@
Generate DSA key from parameters:
-@@ -227,7 +227,7 @@ Generate DSA key from parameters:
+@@ -227,7 +227,7 @@ can be used.
Generate 1024 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
@@ -111002,7 +118085,7 @@
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
-@@ -240,8 +240,8 @@ Generate DH key from parameters:
+@@ -240,8 +240,8 @@ can be used.
Generate EC parameters:
openssl genpkey -genparam -algorithm EC -out ecp.pem \
@@ -111013,7 +118096,7 @@
Generate EC key from parameters:
-@@ -250,13 +250,21 @@ Generate EC key from parameters:
+@@ -250,13 +250,21 @@ can be used.
Generate EC key directly:
openssl genpkey -algorithm EC -out eckey.pem \
@@ -111038,8 +118121,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod
-index 37ced0d..38e83f7 100644
--- a/doc/apps/genrsa.pod
+++ b/doc/apps/genrsa.pod
@@ -103,5 +103,13 @@ be much larger (typically 1024 bits).
@@ -111057,8 +118138,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/nseq.pod b/doc/apps/nseq.pod
-index 198e7f4..4765aec 100644
--- a/doc/apps/nseq.pod
+++ b/doc/apps/nseq.pod
@@ -2,7 +2,7 @@
@@ -111070,7 +118149,7 @@
=head1 SYNOPSIS
-@@ -72,4 +72,13 @@ It is used by Netscape certificate server for example.
+@@ -72,4 +72,13 @@ It is used by Netscape certificate serve
This program needs a few more options: like allowing DER or PEM input and
output files and allowing multiple certificate files to be used.
@@ -111084,8 +118163,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
-index c796fd5..75273a9 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -42,6 +42,7 @@ B<openssl> B<ocsp>
@@ -111096,7 +118173,7 @@
[B<-partial_chain>]
[B<-policy arg>]
[B<-policy_check>]
-@@ -94,7 +95,12 @@ The B<ocsp> command performs many common OCSP tasks. It can be used
+@@ -94,7 +95,12 @@ The B<ocsp> command performs many common
to print out requests and responses, create requests and send queries
to an OCSP responder and behave like a mini OCSP server itself.
@@ -111110,7 +118187,7 @@
=over 4
-@@ -195,7 +201,7 @@ Do not load the trusted CA certificates from the default directory location
+@@ -195,7 +201,7 @@ Do not load the trusted CA certificates
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
@@ -111182,7 +118259,7 @@
=back
-@@ -411,7 +418,7 @@ Create an OCSP request and write it to a file:
+@@ -411,7 +418,7 @@ script using the B<reqin> and B<respout>
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
@@ -111191,7 +118268,7 @@
response to a file, print it out in text form, and verify the response:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
-@@ -425,7 +432,7 @@ OCSP server on port 8888 using a standard B<ca> configuration, and a separate
+@@ -425,7 +432,7 @@ OCSP server on port 8888 using a standar
responder certificate. All requests and responses are printed to a file.
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
@@ -111214,8 +118291,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
-index 717550d..3014bb3 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -1,4 +1,3 @@
@@ -111223,7 +118298,7 @@
=pod
=head1 NAME
-@@ -65,7 +64,7 @@ availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
+@@ -65,7 +64,7 @@ availability of ciphers in the B<openssl
not able to detect pseudo-commands such as B<quit>,
B<list>, or B<no->I<XXX> itself.)
@@ -111232,7 +118307,7 @@
=over 10
-@@ -157,7 +156,7 @@ Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
+@@ -157,7 +156,7 @@ Generation of RSA Private Key. Supersede
=item L<B<nseq>|nseq(1)>
@@ -111283,7 +118358,7 @@
Several commands accept password arguments, typically using B<-passin>
and B<-passout> for input and output passwords respectively. These allow
-@@ -416,4 +430,13 @@ The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
+@@ -416,4 +430,13 @@ The B<list->I<XXX>B<-algorithms> pseudo-
For notes on the availability of other commands, see their individual
manual pages.
@@ -111297,11 +118372,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod
-index b784f6c..87dd8d8 100644
--- a/doc/apps/passwd.pod
+++ b/doc/apps/passwd.pod
-@@ -84,4 +84,13 @@ B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXj
+@@ -84,4 +84,13 @@ B<openssl passwd -1 -salt xxxxxxxx passw
B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
@@ -111315,8 +118388,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
-index d38484b..2f2c4d1 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -1,4 +1,3 @@
@@ -111324,7 +118395,7 @@
=pod
=head1 NAME
-@@ -337,7 +336,7 @@ Output only client certificates to a file:
+@@ -337,7 +336,7 @@ description of all algorithms is contain
openssl pkcs12 -in file.p12 -clcerts -out file.pem
Don't encrypt the private key:
@@ -111333,7 +118404,7 @@
openssl pkcs12 -in file.p12 -out file.pem -nodes
Print some info about a PKCS#12 file:
-@@ -357,3 +356,13 @@ Include some extra certificates:
+@@ -357,3 +356,13 @@ description of all algorithms is contain
L<pkcs8(1)>
@@ -111347,11 +118418,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod
-index 6cb015c..8c3c11f 100644
--- a/doc/apps/pkcs7.pod
+++ b/doc/apps/pkcs7.pod
-@@ -37,7 +37,7 @@ the DER form with header and footer lines.
+@@ -37,7 +37,7 @@ the DER form with header and footer line
=item B<-outform DER|PEM>
@@ -111360,7 +118429,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -100,11 +100,20 @@ For compatibility with some CAs it will also accept:
+@@ -100,11 +100,20 @@ for all available algorithms.
There is no option to print out all the fields of a PKCS#7 file.
@@ -111382,8 +118451,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
-index 8d28a12..cd6db02 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -18,6 +18,7 @@ B<openssl> B<pkcs8>
@@ -111427,7 +118494,7 @@
=item B<-in filename>
-@@ -100,28 +101,26 @@ code signing software used unencrypted private keys.
+@@ -100,28 +101,26 @@ code signing software used unencrypted p
=item B<-v2 alg>
@@ -111467,7 +118534,7 @@
=item B<-engine id>
-@@ -143,8 +142,36 @@ sets the scrypt B<N>, B<r> or B<p> parameters.
+@@ -143,8 +142,36 @@ sets the scrypt B<N>, B<r> or B<p> param
=back
@@ -111504,7 +118571,7 @@
The encrypted form of a PEM encode PKCS#8 files uses the following
headers and footers:
-@@ -161,13 +188,6 @@ counts are more secure that those encrypted using the traditional
+@@ -161,13 +188,6 @@ counts are more secure that those encryp
SSLeay compatible formats. So if additional security is considered
important the keys should be converted.
@@ -111518,7 +118585,7 @@
It is possible to write out DER encoded encrypted private keys in
PKCS#8 format because the encryption details are included at an ASN1
level whereas the traditional format includes them at a PEM level.
-@@ -201,20 +221,28 @@ allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
+@@ -201,20 +221,28 @@ allow strong encryption algorithms like
=head1 EXAMPLES
@@ -111553,18 +118620,18 @@
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
(3DES):
-@@ -225,14 +253,14 @@ Read a DER unencrypted PKCS#8 format private key:
+@@ -225,14 +253,14 @@ Convert a private key to PKCS#8 using a
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
-Convert a private key from any PKCS#8 format to traditional format:
+Convert a private key from any PKCS#8 encrypted format to traditional format:
-+
-+ openssl pkcs8 -in pk8.pem -traditional -out key.pem
- openssl pkcs8 -in pk8.pem -out key.pem
-
-Convert a private key to PKCS#8 format, encrypting with AES-256 and with
++ openssl pkcs8 -in pk8.pem -traditional -out key.pem
++
+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
one million iterations of the password:
@@ -111573,7 +118640,7 @@
=head1 STANDARDS
-@@ -252,17 +280,22 @@ PKCS#8 private key format complies with this standard.
+@@ -252,17 +280,22 @@ PKCS#8 private key format complies with
There should be an option that prints out the encryption algorithm
in use and other details such as the iteration count.
@@ -111601,8 +118668,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/pkey.pod b/doc/apps/pkey.pod
-index 5808390..dc736a3 100644
--- a/doc/apps/pkey.pod
+++ b/doc/apps/pkey.pod
@@ -1,4 +1,3 @@
@@ -111618,7 +118683,7 @@
[B<-cipher>]
[B<-text>]
[B<-text_pub>]
-@@ -42,7 +42,7 @@ This specifies the input format DER or PEM.
+@@ -42,7 +42,7 @@ This specifies the input format DER or P
=item B<-outform DER|PEM>
@@ -111640,7 +118705,7 @@
=item B<-cipher>
These options encrypt the private key with the supplied cipher. Any algorithm
-@@ -76,7 +82,7 @@ name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
+@@ -76,7 +82,7 @@ name accepted by EVP_get_cipherbyname()
=item B<-text>
prints out the various public or private key components in
@@ -111649,7 +118714,7 @@
=item B<-text_pub>
-@@ -116,7 +122,7 @@ To encrypt a private key using triple DES:
+@@ -116,7 +122,7 @@ for all available algorithms.
openssl pkey -in key.pem -des3 -out keyout.pem
@@ -111658,7 +118723,7 @@
openssl pkey -in key.pem -outform DER -out keyout.der
-@@ -135,6 +141,15 @@ To just output the public part of a private key:
+@@ -135,6 +141,15 @@ To convert a private key from PEM to DER
=head1 SEE ALSO
L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
@@ -111675,8 +118740,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/pkeyparam.pod b/doc/apps/pkeyparam.pod
-index c3c6dbb..6a8c4a8 100644
--- a/doc/apps/pkeyparam.pod
+++ b/doc/apps/pkeyparam.pod
@@ -1,4 +1,3 @@
@@ -111693,7 +118756,7 @@
=item B<-noout>
-@@ -69,6 +68,15 @@ PEM format is supported because the key type is determined by the PEM headers.
+@@ -69,6 +68,15 @@ PEM format is supported because the key
=head1 SEE ALSO
L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
@@ -111710,11 +118773,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod
-index fed683f..91eeda5 100644
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
-@@ -84,11 +84,11 @@ the peer key format PEM, DER or ENGINE. Default is PEM.
+@@ -84,11 +84,11 @@ the peer key format PEM, DER or ENGINE.
=item B<-pubin>
@@ -111728,7 +118789,7 @@
=item B<-rev>
-@@ -125,7 +125,7 @@ derive a shared secret using the peer key.
+@@ -125,7 +125,7 @@ derive a shared secret using the peer ke
Use key derivation function B<algorithm>. The supported algorithms are
at present B<TLS1-PRF> and B<HKDF>.
@@ -111737,7 +118798,7 @@
set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
for the supported string parameters of each algorithm.
-@@ -198,7 +198,7 @@ This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for
+@@ -198,7 +198,7 @@ This sets the RSA padding mode. Acceptab
PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
@@ -111746,7 +118807,7 @@
signed or verified directly instead of using a B<DigestInfo> structure. If a
digest is set then the a B<DigestInfo> structure is used and its the length
must correspond to the digest type.
-@@ -273,3 +273,14 @@ seed consisting of the single byte 0xFF:
+@@ -273,3 +273,14 @@ Hexdump 48 bytes of TLS1 PRF using diges
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
@@ -111761,8 +118822,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/rand.pod b/doc/apps/rand.pod
-index 444dcbb..0faf687 100644
--- a/doc/apps/rand.pod
+++ b/doc/apps/rand.pod
@@ -57,4 +57,13 @@ Show the output as a hex string.
@@ -111779,11 +118838,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/rehash.pod b/doc/apps/rehash.pod
-index 7ec6511..62e39cf 100644
--- a/doc/apps/rehash.pod
+++ b/doc/apps/rehash.pod
-@@ -125,3 +125,14 @@ Ignored if directories are listed on the command line.
+@@ -125,3 +125,14 @@ Ignored if directories are listed on the
L<openssl(1)>,
L<crl(1)>.
L<x509(1)>.
@@ -111798,8 +118855,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/req.pod b/doc/apps/req.pod
-index 8353e9a..299d092 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -1,9 +1,8 @@
@@ -111831,7 +118886,7 @@
default they are interpreted as ASCII. This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid UTF8 strings.
-@@ -272,7 +271,7 @@ set multiple options. See the L<x509(1)> manual page for details.
+@@ -272,7 +271,7 @@ set multiple options. See the L<x509(1)>
=item B<-reqopt>
customise the output format used with B<-text>. The B<option> argument can be
@@ -111849,7 +118904,7 @@
=item B<oid_section>
-@@ -376,7 +375,7 @@ This option masks out the use of certain string types in certain
+@@ -376,7 +375,7 @@ This option masks out the use of certain
fields. Most users will not need to change this option.
It can be set to several values B<default> which is also the default
@@ -111858,7 +118913,7 @@
B<pkix> value is used then only PrintableStrings and BMPStrings will
be used. This follows the PKIX recommendation in RFC2459. If the
B<utf8only> option is used then only UTF8Strings will be used: this
-@@ -388,7 +387,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape.
+@@ -388,7 +387,7 @@ problems with BMPStrings and UTF8Strings
this specifies the configuration file section containing a list of
extensions to add to the certificate request. It can be overridden
@@ -111867,7 +118922,7 @@
L<x509v3_config(5)> manual page for details of the
extension section format.
-@@ -499,8 +498,8 @@ Generate a self signed root certificate:
+@@ -499,8 +498,8 @@ will be treated as though they were a Di
Example of a file pointed to by the B<oid_file> option:
@@ -111878,7 +118933,7 @@
Example of a section pointed to by B<oid_section> making use of variable
expansion:
-@@ -511,65 +510,65 @@ expansion:
+@@ -511,65 +510,65 @@ Example of a section pointed to by B<oid
Sample configuration file prompting for field values:
[ req ]
@@ -111978,7 +119033,7 @@
=head1 NOTES
-@@ -596,13 +595,13 @@ by the script in an extendedKeyUsage extension.
+@@ -596,13 +595,13 @@ by the script in an extendedKeyUsage ext
The following messages are frequently asked about:
@@ -111996,7 +119051,7 @@
The first error message is the clue: it can't find the configuration
file! Certain operations (like examining a certificate request) don't
-@@ -652,6 +651,15 @@ address in subjectAltName should be input by the user.
+@@ -652,6 +651,15 @@ address in subjectAltName should be inpu
L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
L<gendsa(1)>, L<config(5)>,
@@ -112013,8 +119068,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod
-index dbb3df5..c3178ab 100644
--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@@ -1,4 +1,3 @@
@@ -112031,7 +119084,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -100,7 +99,7 @@ These options can only be used with PEM format output files.
+@@ -100,7 +99,7 @@ These options can only be used with PEM
=item B<-text>
prints out the various public or private key components in
@@ -112040,7 +119093,7 @@
=item B<-noout>
-@@ -176,7 +175,7 @@ To encrypt a private key using triple DES:
+@@ -176,7 +175,7 @@ to the B<rsa> utility with the B<-inform
openssl rsa -in key.pem -des3 -out keyout.pem
@@ -112066,8 +119119,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod
-index 357b722..325c691 100644
--- a/doc/apps/rsautl.pod
+++ b/doc/apps/rsautl.pod
@@ -61,7 +61,7 @@ the input file is an RSA public key.
@@ -112079,7 +119130,7 @@
=item B<-sign>
-@@ -136,24 +136,24 @@ example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
+@@ -136,24 +136,24 @@ utility in conjunction with B<asn1parse>
openssl asn1parse -in pca-cert.pem
@@ -112115,7 +119166,7 @@
The final BIT STRING contains the actual signature. It can be extracted with:
-@@ -161,18 +161,18 @@ The final BIT STRING contains the actual signature. It can be extracted with:
+@@ -161,18 +161,18 @@ utility in conjunction with B<asn1parse>
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
The certificate public key can be extracted with:
@@ -112139,7 +119190,7 @@
0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
-@@ -191,3 +191,14 @@ which it can be seen agrees with the recovered value above.
+@@ -191,3 +191,14 @@ which it can be seen agrees with the rec
=head1 SEE ALSO
L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
@@ -112154,8 +119205,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
-index e06af14..77668ea 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -1,4 +1,3 @@
@@ -112171,7 +119220,7 @@
[B<-partial_chain>]
[B<-policy arg>]
[B<-policy_check>]
-@@ -227,7 +227,7 @@ whitespace is ignored in the associated data field. For example:
+@@ -227,7 +227,7 @@ data, with the last of these encoded in
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
@@ -112180,7 +119229,7 @@
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -355,7 +355,7 @@ L<SSL_CTX_set_split_send_fragment(3)> for further information.
+@@ -355,7 +355,7 @@ L<SSL_CTX_set_split_send_fragment(3)> fo
The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
@@ -112189,7 +119238,7 @@
See L<SSL_CTX_set_max_pipelines(3)> for further information.
=item B<-read_buf int>
-@@ -415,7 +415,7 @@ print out a hex dump of any TLS extensions received from the server.
+@@ -415,7 +415,7 @@ print out a hex dump of any TLS extensio
=item B<-no_ticket>
@@ -112207,7 +119256,7 @@
65535). Each type will be sent as an empty ClientHello TLS Extension.
The server's response (if any) will be encoded and displayed as a PEM
file.
-@@ -549,4 +549,13 @@ L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)>
+@@ -549,4 +549,13 @@ L<sess_id(1)>, L<s_server(1)>, L<ciphers
The -no_alt_chains options was first added to OpenSSL 1.1.0.
@@ -112221,8 +119270,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
-index 08554f4..8e0ff78 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -1,4 +1,3 @@
@@ -112238,7 +119285,7 @@
[B<-partial_chain>]
[B<-policy arg>]
[B<-policy_check>]
-@@ -232,7 +232,7 @@ anonymous ciphersuite or PSK) this option has no effect.
+@@ -232,7 +232,7 @@ anonymous ciphersuite or PSK) this optio
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
@@ -112256,7 +119303,7 @@
whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
respectively.
-@@ -339,7 +339,7 @@ L<SSL_CTX_set_split_send_fragment(3)> for further information.
+@@ -339,7 +339,7 @@ L<SSL_CTX_set_split_send_fragment(3)> fo
The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
@@ -112265,7 +119312,7 @@
See L<SSL_CTX_set_max_pipelines(3)> for further information.
=item B<-read_buf int>
-@@ -559,4 +559,13 @@ L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
+@@ -559,4 +559,13 @@ L<sess_id(1)>, L<s_client(1)>, L<ciphers
The -no_alt_chains options was first added to OpenSSL 1.1.0.
@@ -112279,8 +119326,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod
-index b9a7dd9..acadd30 100644
--- a/doc/apps/s_time.pod
+++ b/doc/apps/s_time.pod
@@ -1,4 +1,3 @@
@@ -112302,8 +119347,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod
-index 1407dfa..b098528 100644
--- a/doc/apps/sess_id.pod
+++ b/doc/apps/sess_id.pod
@@ -1,4 +1,3 @@
@@ -112311,7 +119354,7 @@
=pod
=head1 NAME
-@@ -25,6 +24,8 @@ master key) in human readable format. Since this is a diagnostic tool that
+@@ -25,6 +24,8 @@ master key) in human readable format. Si
needs some knowledge of the SSL protocol to use properly, most users will
not need to use it.
@@ -112329,7 +119372,7 @@
=item B<-cert>
-@@ -150,4 +151,13 @@ The cipher and start time should be printed out in human readable form.
+@@ -150,4 +151,13 @@ The cipher and start time should be prin
L<ciphers(1)>, L<s_server(1)>
@@ -112343,8 +119386,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
-index e6323ad..05cefea 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -14,6 +14,8 @@ B<openssl> B<smime>
@@ -112356,7 +119397,7 @@
[B<-[cipher]>]
[B<-in file>]
[B<-CAfile file>]
-@@ -168,7 +170,7 @@ is S/MIME and it uses the multipart/signed MIME content type.
+@@ -168,7 +170,7 @@ is S/MIME and it uses the multipart/sign
this option adds plain text (text/plain) MIME headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
@@ -112365,7 +119406,7 @@
type text/plain then an error occurs.
=item B<-CAfile file>
-@@ -199,7 +201,7 @@ default digest algorithm for the signing key will be used (usually SHA1).
+@@ -199,7 +201,7 @@ default digest algorithm for the signing
the encryption algorithm to use. For example DES (56 bits) - B<-des>,
triple DES (168 bits) - B<-des3>,
@@ -112374,7 +119415,7 @@
example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for list of ciphers
supported by your version of OpenSSL.
-@@ -245,6 +247,11 @@ effectively using CR and LF as end of line: as required by the S/MIME
+@@ -245,6 +247,11 @@ effectively using CR and LF as end of li
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
@@ -112431,7 +119472,7 @@
Verify a message and extract the signer's certificate if successful:
-@@ -422,15 +429,15 @@ Verify a message and extract the signer's certificate if successful:
+@@ -422,15 +429,15 @@ Create a signed message, include some ad
Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -from steve at openssl.org \
@@ -112452,7 +119493,7 @@
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
-@@ -447,7 +454,7 @@ it with:
+@@ -447,7 +454,7 @@ signature by line wrapping the base64 en
-----BEGIN PKCS7-----
-----END PKCS7-----
@@ -112475,8 +119516,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod
-index 7f28382..ab2c7d7 100644
--- a/doc/apps/speed.pod
+++ b/doc/apps/speed.pod
@@ -77,4 +77,13 @@ the above are tested.
@@ -112493,8 +119532,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod
-index f5ce8a6..35c6a12 100644
--- a/doc/apps/spkac.pod
+++ b/doc/apps/spkac.pod
@@ -135,4 +135,13 @@ to be used in a "replay attack".
@@ -112511,11 +119548,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
-index e64e5fc..02b2ada 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
-@@ -522,13 +522,13 @@ To create a time stamp request for design1.txt with SHA-1
+@@ -522,13 +522,13 @@ To create a time stamp request for desig
without nonce and policy and no certificate is required in the response:
openssl ts -query -data design1.txt -no_nonce \
@@ -112531,7 +119566,7 @@
To print the content of the previous request in human readable format:
-@@ -540,7 +540,7 @@ specifies a policy id (assuming the tsa_policy1 name is defined in the
+@@ -540,7 +540,7 @@ specifies a policy id (assuming the tsa_
OID section of the config file):
openssl ts -query -data design2.txt -md5 \
@@ -112540,7 +119575,7 @@
=head2 Time Stamp Response
-@@ -557,7 +557,7 @@ tsakey.pem is the private key of the TSA.
+@@ -557,7 +557,7 @@ tsakey.pem is the private key of the TSA
To create a time stamp response for a request:
openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
@@ -112549,7 +119584,7 @@
If you want to use the settings in the config file you could just write:
-@@ -589,20 +589,20 @@ valid response:
+@@ -589,20 +589,20 @@ To add 'granted' status info to a time s
To verify a time stamp reply against a request:
openssl ts -verify -queryfile design1.tsq -in design1.tsr \
@@ -112596,8 +119631,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/tsget.pod b/doc/apps/tsget.pod
-index 34187eb..cf7817a 100644
--- a/doc/apps/tsget.pod
+++ b/doc/apps/tsget.pod
@@ -33,15 +33,15 @@ line.
@@ -112624,7 +119657,7 @@
B<tsget> expects a response of type application/timestamp-reply, which is
written to a file without any interpretation.
-@@ -142,7 +142,7 @@ time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
+@@ -142,7 +142,7 @@ time stamp requests, tsa.opentsa.org lis
and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
absolute path.
@@ -112633,7 +119666,7 @@
file1.tsr:
tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
-@@ -151,40 +151,49 @@ Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
+@@ -151,40 +151,49 @@ Get a time stamp response for file1.tsq
progress, output is written to file1.reply and file2.reply respectively:
tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
@@ -112690,8 +119723,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
-index 96d6be4..0fd1799 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -2,7 +2,7 @@
@@ -112719,7 +119750,7 @@
[B<-partial_chain>]
[B<-policy arg>]
[B<-policy_check>]
-@@ -82,6 +84,10 @@ Do not load the trusted CA certificates from the default file location
+@@ -82,6 +84,10 @@ Do not load the trusted CA certificates
Do not load the trusted CA certificates from the default directory location
@@ -112730,7 +119761,7 @@
=item B<-attime timestamp>
Perform validation checks using time specified by B<timestamp> and not
-@@ -145,6 +151,12 @@ Set policy variable inhibit-any-policy (see RFC5280).
+@@ -145,6 +151,12 @@ Set policy variable inhibit-any-policy (
Set policy variable inhibit-policy-mapping (see RFC5280).
@@ -112769,7 +119800,7 @@
certificate are subject to further tests.
The relevant authority key identifier components of the current certificate (if
present) must match the subject key identifier (if present) and issuer and
-@@ -381,287 +393,292 @@ problem was detected starting with zero for the certificate being verified itsel
+@@ -381,287 +393,292 @@ problem was detected starting with zero
then 1 for the CA that signed the certificate and so on. Finally a text version
of the error number is presented.
@@ -113199,7 +120230,7 @@
=head1 SEE ALSO
-@@ -695,5 +712,13 @@ The B<-show_chain> option was first added to OpenSSL 1.1.0.
+@@ -695,5 +712,13 @@ The B<-show_chain> option was first adde
The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
is silently ignored.
@@ -113214,8 +120245,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/apps/version.pod b/doc/apps/version.pod
-index 01f6d2a..a97ed20 100644
--- a/doc/apps/version.pod
+++ b/doc/apps/version.pod
@@ -68,4 +68,13 @@ ENGINESDIR setting.
@@ -113232,8 +120261,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
-index 2dc225b..cddfc8c 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -1,4 +1,3 @@
@@ -113280,7 +120307,7 @@
Note: the B<-alias> and B<-purpose> options are also display options
but are described in the B<TRUST SETTINGS> section.
-@@ -241,7 +239,7 @@ this outputs the certificate in the form of a C source file.
+@@ -241,7 +239,7 @@ this outputs the certificate in the form
=back
@@ -113307,7 +120334,7 @@
If the input file is a certificate it sets the issuer name to the
subject name (i.e. makes it self signed) changes the public key to the
-@@ -404,7 +402,7 @@ an even number of hex digits with the serial number to use. After each
+@@ -404,7 +402,7 @@ an even number of hex digits with the se
use the serial number is incremented and written out to the file again.
The default filename consists of the CA certificate file base name with
@@ -113316,7 +120343,7 @@
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
=item B<-CAcreateserial>
-@@ -440,7 +438,7 @@ The format or B<key> can be specified using the B<-keyform> option.
+@@ -440,7 +438,7 @@ The format or B<key> can be specified us
=back
@@ -113362,7 +120389,7 @@
=back
-@@ -703,20 +706,20 @@ Convert a certificate request into a self signed certificate using
+@@ -703,20 +706,20 @@ Convert a certificate request into a sel
extensions for a CA:
openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
@@ -113386,7 +120413,7 @@
=head1 NOTES
-@@ -831,7 +834,7 @@ Otherwise it is the same as a normal SSL server.
+@@ -831,7 +834,7 @@ Otherwise it is the same as a normal SSL
The extended key usage extension must be absent or include the "email
protection" OID. Netscape certificate type must be absent or should have the
@@ -113404,7 +120431,7 @@
=item B<CRL Signing>
-@@ -880,7 +883,7 @@ dates rather than an offset from the current time.
+@@ -880,7 +883,7 @@ dates rather than an offset from the cur
L<req(1)>, L<ca(1)>, L<genrsa(1)>,
L<gendsa(1)>, L<verify(1)>,
@@ -113413,7 +120440,7 @@
=head1 HISTORY
-@@ -888,6 +891,15 @@ The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
+@@ -888,6 +891,15 @@ The hash algorithm used in the B<-subjec
before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
canonical version of the DN using SHA1. This means that any directories using
@@ -113430,11 +120457,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
-index 72eec51..edfd76e 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
-@@ -104,23 +104,23 @@ Examples:
+@@ -104,23 +104,23 @@ and decipherOnly.
This extensions consists of a list of usages indicating purposes for which
the certificate public key can be used for,
@@ -113472,7 +120497,7 @@
Examples:
-@@ -224,7 +224,7 @@ Example:
+@@ -224,7 +224,7 @@ certain values are meaningful, for examp
authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
@@ -113481,7 +120506,7 @@
This is a multi-valued extension whose options can be either in name:value pair
using the same form as subject alternative name or a single value representing
-@@ -529,5 +529,13 @@ will only recognize the last value. This can be worked around by using the form:
+@@ -529,5 +529,13 @@ Due to the behaviour of the OpenSSL B<co
L<req(1)>, L<ca(1)>, L<x509(1)>,
L<ASN1_generate_nconf(3)>
@@ -113495,8 +120520,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod
-index fb10766..24e0f38 100644
--- a/doc/crypto/ASN1_INTEGER_get_int64.pod
+++ b/doc/crypto/ASN1_INTEGER_get_int64.pod
@@ -2,6 +2,7 @@
@@ -113507,7 +120530,7 @@
ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN, - ASN.1 INTEGER and ENUMERATED utilities
=head1 SYNOPSIS
-@@ -119,4 +120,13 @@ ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
+@@ -119,4 +120,13 @@ ASN1_INTEGER_set_int64(), ASN1_INTEGER_g
ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
were added to OpenSSL 1.1.0.
@@ -113521,8 +120544,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ASN1_OBJECT_new.pod b/doc/crypto/ASN1_OBJECT_new.pod
-index cc9cf43..4c018ef 100644
--- a/doc/crypto/ASN1_OBJECT_new.pod
+++ b/doc/crypto/ASN1_OBJECT_new.pod
@@ -39,4 +39,13 @@ ASN1_OBJECT_free() returns no value.
@@ -113539,8 +120560,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod
-index 4c9ad0a..a51d984 100644
--- a/doc/crypto/ASN1_STRING_length.pod
+++ b/doc/crypto/ASN1_STRING_length.pod
@@ -3,7 +3,7 @@
@@ -113552,6 +120571,18 @@
ASN1_STRING utility functions
=head1 SYNOPSIS
+@@ -19,9 +19,9 @@ ASN1_STRING utility functions
+
+ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+- int ASN1_STRING_type(ASN1_STRING *x);
++ int ASN1_STRING_type(const ASN1_STRING *x);
+
+- int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
++ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+ =head1 DESCRIPTION
+
@@ -53,7 +53,7 @@ should be freed using OPENSSL_free().
=head1 NOTES
@@ -113561,7 +120592,7 @@
to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
B<ASN1_STRING> is also used for some B<CHOICE> types which consist
entirely of primitive string types such as B<DirectoryString> and
-@@ -72,12 +72,17 @@ character in big endian format, UTF8String will be in UTF8 format.
+@@ -72,12 +72,17 @@ character in big endian format, UTF8Stri
Similar care should be take to ensure the data is in the correct format
when calling ASN1_STRING_set().
@@ -113582,11 +120613,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/ASN1_STRING_new.pod b/doc/crypto/ASN1_STRING_new.pod
-index 76e983a..7bd2fc1 100644
--- a/doc/crypto/ASN1_STRING_new.pod
+++ b/doc/crypto/ASN1_STRING_new.pod
-@@ -40,8 +40,13 @@ ASN1_STRING_free() does not return a value.
+@@ -40,8 +40,13 @@ ASN1_STRING_free() does not return a val
L<ERR_get_error(3)>
@@ -113602,8 +120631,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod
-index 2be7f7c..1d5b4fc 100644
--- a/doc/crypto/ASN1_STRING_print_ex.pod
+++ b/doc/crypto/ASN1_STRING_print_ex.pod
@@ -2,7 +2,7 @@
@@ -113624,7 +120651,7 @@
suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
The complete set of supported options for B<flags> is listed below.
-@@ -75,7 +75,7 @@ Normally non character string types (such as OCTET STRING) are assumed to be
+@@ -75,7 +75,7 @@ Normally non character string types (suc
one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
be dumped instead.
@@ -113633,7 +120660,7 @@
B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
instead (including tag and length octets).
-@@ -89,8 +89,13 @@ equivalent to:
+@@ -89,8 +89,13 @@ B<ASN1_STRFLGS_RFC2253> includes all the
L<X509_NAME_print_ex(3)>,
L<ASN1_tag2str(3)>
@@ -113649,8 +120676,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/ASN1_TIME_set.pod b/doc/crypto/ASN1_TIME_set.pod
-index d633265..457b721 100644
--- a/doc/crypto/ASN1_TIME_set.pod
+++ b/doc/crypto/ASN1_TIME_set.pod
@@ -3,7 +3,7 @@
@@ -113662,7 +120687,7 @@
=head1 SYNOPSIS
-@@ -100,7 +100,7 @@ Determine if one time is later or sooner than the current time:
+@@ -100,7 +100,7 @@ anyway.
int day, sec;
if (!ASN1_TIME_diff(&day, &sec, NULL, to))
@@ -113671,7 +120696,7 @@
if (day > 0 || sec > 0)
printf("Later\n");
-@@ -126,4 +126,13 @@ an error occurred (I/O error or invalid time format).
+@@ -126,4 +126,13 @@ an error occurred (I/O error or invalid
ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the
pass ASN1_TIME structure has invalid syntax for example.
@@ -113685,10 +120710,17 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ASN1_TYPE_get.pod b/doc/crypto/ASN1_TYPE_get.pod
-index 3fc9d2a..d423303 100644
--- a/doc/crypto/ASN1_TYPE_get.pod
+++ b/doc/crypto/ASN1_TYPE_get.pod
+@@ -9,7 +9,7 @@ functions
+
+ #include <openssl/asn1.h>
+
+- int ASN1_TYPE_get(ASN1_TYPE *a);
++ int ASN1_TYPE_get(const ASN1_TYPE *a);
+ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
@@ -88,4 +88,13 @@ NULL on failure.
ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or
NULL on failure.
@@ -113703,11 +120735,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod
-index a95b2c8..92f624f 100644
--- a/doc/crypto/ASN1_generate_nconf.pod
+++ b/doc/crypto/ASN1_generate_nconf.pod
-@@ -8,8 +8,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
+@@ -8,8 +8,8 @@ ASN1_generate_nconf, ASN1_generate_v3 -
#include <openssl/asn1.h>
@@ -113718,7 +120748,7 @@
=head1 DESCRIPTION
-@@ -40,7 +40,7 @@ That is zero or more comma separated modifiers followed by a type
+@@ -40,7 +40,7 @@ That is zero or more comma separated mod
followed by an optional colon and a value. The formats of B<type>,
B<value> and B<modifier> are explained below.
@@ -113736,7 +120766,7 @@
=item B<NULL>
-@@ -78,12 +78,12 @@ a short name, a long name or numerical format.
+@@ -78,12 +78,12 @@ a short name, a long name or numerical f
=item B<UTCTIME>, B<UTC>
Encodes an ASN1 B<UTCTime> structure, the value should be in
@@ -113760,7 +120790,7 @@
Modifiers affect the following structure, they can be used to
add EXPLICIT or IMPLICIT tagging, add wrappers or to change
-@@ -258,4 +258,13 @@ The error codes that can be obtained by L<ERR_get_error(3)>.
+@@ -258,4 +258,13 @@ The error codes that can be obtained by
L<ERR_get_error(3)>
@@ -113774,11 +120804,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ASYNC_WAIT_CTX_new.pod b/doc/crypto/ASYNC_WAIT_CTX_new.pod
-index c4e4d0e..364cbb4 100644
--- a/doc/crypto/ASYNC_WAIT_CTX_new.pod
+++ b/doc/crypto/ASYNC_WAIT_CTX_new.pod
-@@ -53,7 +53,7 @@ ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file
+@@ -53,7 +53,7 @@ ASYNC_WAIT_CTX_get_all_fds() with a NULL
descriptors but will still populate B<*numfds>. Therefore application code is
typically expected to call this function twice: once to get the number of fds,
and then again when sufficient memory has been allocated. If only one
@@ -113787,7 +120815,23 @@
one fd. If multiple asynchronous engines are being used then more could be
returned.
-@@ -123,4 +123,13 @@ ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
+@@ -112,6 +112,15 @@ ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_C
+ ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on
+ success or 0 on error.
+
++=head1 NOTES
++
++On Windows platforms the openssl/async.h header is dependent on some
++of the types customarily made available by including windows.h. The
++application developer is likely to require control over when the latter
++is included, commonly as one of the first included headers. Therefore
++it is defined as an application developer's responsibility to include
++windows.h prior to async.h.
++
+ =head1 SEE ALSO
+
+ L<crypto(3)>, L<ASYNC_start_job(3)>
+@@ -123,4 +132,13 @@ ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_ge
ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to
OpenSSL 1.1.0.
@@ -113801,8 +120845,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ASYNC_start_job.pod b/doc/crypto/ASYNC_start_job.pod
-index 0e6507b..20bc1ad 100644
--- a/doc/crypto/ASYNC_start_job.pod
+++ b/doc/crypto/ASYNC_start_job.pod
@@ -2,8 +2,8 @@
@@ -113815,7 +120857,7 @@
ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable
- asynchronous job management functions
-@@ -111,7 +111,7 @@ for the B<job>. ASYNC_WAIT_CTXs can have a "wait" file descriptor associated
+@@ -111,7 +111,7 @@ for the B<job>. ASYNC_WAIT_CTXs can have
with them. Applications can wait for the file descriptor to be ready for "read"
using a system function call such as select or poll (being ready for "read"
indicates that the job should be resumed). If no file descriptor is made
@@ -113824,8 +120866,47 @@
attempting to restart it to see if it is ready to continue.
An example of typical usage might be an async capable engine. User code would
-@@ -267,7 +267,7 @@ The following example demonstrates how to use most of the core async APIs:
+@@ -161,17 +161,27 @@ ASYNC_get_wait_ctx() returns a pointer t
+ ASYNC_is_capable() returns 1 if the current platform is async capable or 0
+ otherwise.
++=head1 NOTES
++
++On Windows platforms the openssl/async.h header is dependent on some
++of the types customarily made available by including windows.h. The
++application developer is likely to require control over when the latter
++is included, commonly as one of the first included headers. Therefore
++it is defined as an application developer's responsibility to include
++windows.h prior to async.h.
++
+ =head1 EXAMPLE
+
+ The following example demonstrates how to use most of the core async APIs:
+
++ #ifdef _WIN32
++ # include <windows.h>
++ #endif
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <openssl/async.h>
+ #include <openssl/crypto.h>
+
+- #define WAIT_SIGNAL_CHAR 'X'
+-
+ int unique = 0;
+
+ void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
+@@ -188,7 +198,7 @@ otherwise.
+ unsigned char *msg;
+ int pipefds[2] = {0, 0};
+ OSSL_ASYNC_FD *wptr;
+- char buf = WAIT_SIGNAL_CHAR;
++ char buf = 'X';
+
+ currjob = ASYNC_get_current_job();
+ if (currjob != NULL) {
+@@ -267,7 +277,7 @@ otherwise.
+
/* Wait for the job to be woken */
printf("Waiting for the job to be woken up\n");
-
@@ -113833,7 +120914,7 @@
if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
|| numfds > 1) {
printf("Unexpected number of fds\n");
-@@ -308,4 +308,13 @@ ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(),
+@@ -308,4 +318,13 @@ ASYNC_start_job, ASYNC_pause_job, ASYNC_
ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first
added to OpenSSL 1.1.0.
@@ -113847,9 +120928,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BF_encrypt.pod b/doc/crypto/BF_encrypt.pod
-new file mode 100644
-index 0000000..6d8cf1f
--- /dev/null
+++ b/doc/crypto/BF_encrypt.pod
@@ -0,0 +1,117 @@
@@ -113877,8 +120955,8 @@
+ long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+ const char *BF_options(void);
+
-+ void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-+ void BF_decrypt(BF_LONG *data,const BF_KEY *key);
++ void BF_encrypt(BF_LONG *data, const BF_KEY *key);
++ void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+=head1 DESCRIPTION
+
@@ -113970,11 +121048,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_ADDR.pod b/doc/crypto/BIO_ADDR.pod
-index a3c9b5c..4b169e8 100644
--- a/doc/crypto/BIO_ADDR.pod
+++ b/doc/crypto/BIO_ADDR.pod
-@@ -112,3 +112,14 @@ information they should return isn't available.
+@@ -112,3 +112,14 @@ information they should return isn't ava
=head1 SEE ALSO
L<BIO_connect(3)>, L<BIO_s_connect(3)>
@@ -113989,8 +121065,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_ADDRINFO.pod b/doc/crypto/BIO_ADDRINFO.pod
-index 42a26e1..9ebf99a 100644
--- a/doc/crypto/BIO_ADDRINFO.pod
+++ b/doc/crypto/BIO_ADDRINFO.pod
@@ -2,9 +2,10 @@
@@ -114028,11 +121102,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_connect.pod b/doc/crypto/BIO_connect.pod
-index 4c908fb..5194033 100644
--- a/doc/crypto/BIO_connect.pod
+++ b/doc/crypto/BIO_connect.pod
-@@ -99,3 +99,14 @@ BIO_get_accept_socket() and BIO_accept() are deprecated since OpenSSL
+@@ -99,3 +99,14 @@ BIO_get_accept_socket() and BIO_accept()
=head1 SEE ALSO
L<BIO_ADDR(3)>
@@ -114047,19 +121119,45 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_ctrl.pod b/doc/crypto/BIO_ctrl.pod
-index 722e8b8..d6d0df1 100644
--- a/doc/crypto/BIO_ctrl.pod
+++ b/doc/crypto/BIO_ctrl.pod
-@@ -13,7 +13,7 @@ BIO_get_info_callback, BIO_set_info_callback - BIO control operations
+@@ -11,27 +11,27 @@ BIO_get_info_callback, BIO_set_info_call
- long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
- long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+ #include <openssl/bio.h>
+
+- long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+- long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
- char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
-+ char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
- long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+- long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
++ typedef void (*bio_info_cb)(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
++
++ long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
++ long BIO_callback_ctrl(BIO *b, int cmd, bio_info_cb cb);
++ char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
++ long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
int BIO_reset(BIO *b);
+ int BIO_seek(BIO *b, int ofs);
+ int BIO_tell(BIO *b);
+ int BIO_flush(BIO *b);
+ int BIO_eof(BIO *b);
+- int BIO_set_close(BIO *b,long flag);
++ int BIO_set_close(BIO *b, long flag);
+ int BIO_get_close(BIO *b);
+ int BIO_pending(BIO *b);
+ int BIO_wpending(BIO *b);
+ size_t BIO_ctrl_pending(BIO *b);
+ size_t BIO_ctrl_wpending(BIO *b);
+
+- int BIO_get_info_callback(BIO *b,bio_info_cb **cbp);
+- int BIO_set_info_callback(BIO *b,bio_info_cb *cb);
+-
+- typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
++ int BIO_get_info_callback(BIO *b, bio_info_cb **cbp);
++ int BIO_set_info_callback(BIO *b, bio_info_cb *cb);
+
+ =head1 DESCRIPTION
+
@@ -94,7 +94,7 @@ return the amount of pending data.
=head1 NOTES
@@ -114075,21 +121173,19 @@
supported, if an error occurred, if EOF has not been reached and in
-the case of BIO_seek() on a file BIO for a successful operation.
+the case of BIO_seek() on a file BIO for a successful operation.
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
+-TBA
+=cut
-diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod
-index c25ac51..19df1dd 100644
--- a/doc/crypto/BIO_f_base64.pod
+++ b/doc/crypto/BIO_f_base64.pod
@@ -4,12 +4,14 @@
@@ -114108,7 +121204,7 @@
=head1 DESCRIPTION
-@@ -17,7 +19,7 @@ BIO_f_base64() returns the base64 BIO method. This is a filter
+@@ -17,7 +19,7 @@ BIO_f_base64() returns the base64 BIO me
BIO that base64 encodes any data written through it and decodes
any data read through it.
@@ -114117,7 +121213,7 @@
BIO_flush() on a base64 BIO that is being written through is
used to signal that no more data is to be encoded: this is used
-@@ -63,8 +65,8 @@ data to standard output:
+@@ -63,8 +65,8 @@ Read Base64 encoded data from standard i
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
@@ -114128,7 +121224,7 @@
BIO_flush(bio_out);
BIO_free_all(b64);
-@@ -77,6 +79,13 @@ data following the base64 encoded block to be misinterpreted.
+@@ -77,6 +79,13 @@ data following the base64 encoded block
There should be some way of specifying a test that the BIO can perform
to reliably determine EOF (for example a MIME boundary).
@@ -114144,23 +121240,51 @@
-TBA
+=cut
-diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod
-index edaa351..286a39c 100644
--- a/doc/crypto/BIO_f_buffer.pod
+++ b/doc/crypto/BIO_f_buffer.pod
-@@ -2,6 +2,11 @@
+@@ -2,19 +2,25 @@
=head1 NAME
+-BIO_f_buffer - buffering BIO
+BIO_get_buffer_num_lines,
+BIO_set_read_buffer_size,
+BIO_set_write_buffer_size,
+BIO_set_buffer_size,
+BIO_set_buffer_read_data,
- BIO_f_buffer - buffering BIO
++BIO_f_buffer
++- buffering BIO
=head1 SYNOPSIS
-@@ -71,3 +76,14 @@ L<BIO_reset(3)>,
+
+ #include <openssl/bio.h>
+
+- const BIO_METHOD * BIO_f_buffer(void);
++ const BIO_METHOD *BIO_f_buffer(void);
+
+- #define BIO_get_buffer_num_lines(b)
+- #define BIO_set_read_buffer_size(b,size)
+- #define BIO_set_write_buffer_size(b,size)
+- #define BIO_set_buffer_size(b,size)
+- #define BIO_set_buffer_read_data(b,buf,num)
++ long BIO_get_buffer_num_lines(BIO *b);
++ long BIO_set_read_buffer_size(BIO *b, long size);
++ long BIO_set_write_buffer_size(BIO *b, long size);
++ long BIO_set_buffer_size(BIO *b, long size);
++ long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
+
+ =head1 DESCRIPTION
+
+@@ -41,6 +47,8 @@ is expanded.
+
+ =head1 NOTES
+
++These functions, other than BIO_f_buffer(), are implemented as macros.
++
+ Buffering BIOs implement BIO_gets() by using BIO_read() operations on the
+ next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
+ possible to provide BIO_gets() functionality if the following BIOs do not
+@@ -71,3 +79,14 @@ L<BIO_reset(3)>,
L<BIO_flush(3)>,
L<BIO_pop(3)>,
L<BIO_ctrl(3)>.
@@ -114175,8 +121299,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_f_cipher.pod b/doc/crypto/BIO_f_cipher.pod
-index 947d152..87ab3cc 100644
--- a/doc/crypto/BIO_f_cipher.pod
+++ b/doc/crypto/BIO_f_cipher.pod
@@ -4,14 +4,16 @@
@@ -114199,7 +121321,7 @@
int BIO_get_cipher_status(BIO *b)
int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
-@@ -22,7 +24,7 @@ BIO that encrypts any data written through it, and decrypts any data
+@@ -22,7 +24,7 @@ BIO that encrypts any data written throu
read from it. It is a BIO wrapper for the cipher routines
EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
@@ -114226,8 +121348,6 @@
-TBA
+=cut
-diff --git a/doc/crypto/BIO_f_md.pod b/doc/crypto/BIO_f_md.pod
-index b0fe014..b2c1433 100644
--- a/doc/crypto/BIO_f_md.pod
+++ b/doc/crypto/BIO_f_md.pod
@@ -4,15 +4,17 @@
@@ -114252,16 +121372,19 @@
=head1 DESCRIPTION
-@@ -103,7 +105,7 @@ The next example digests data by reading through a chain instead:
+@@ -103,9 +105,9 @@ checking has been omitted for clarity.
BIO_set_md(mdtmp, EVP_md5());
bio = BIO_push(mdtmp, bio);
do {
- rdlen = BIO_read(bio, buf, sizeof(buf));
+ rdlen = BIO_read(bio, buf, sizeof(buf));
/* Might want to do something with the data here */
- } while(rdlen > 0);
+- } while(rdlen > 0);
++ } while (rdlen > 0);
-@@ -114,17 +116,17 @@ outputs them. This could be used with the examples above.
+ This next example retrieves the message digests from a BIO chain and
+ outputs them. This could be used with the examples above.
+@@ -114,18 +116,18 @@ outputs them. This could be used with th
unsigned char mdbuf[EVP_MAX_MD_SIZE];
int mdlen;
int i;
@@ -114270,23 +121393,26 @@
do {
- EVP_MD *md;
- mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+- if(!mdtmp) break;
+- BIO_get_md(mdtmp, &md);
+ EVP_MD *md;
+ mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
- if(!mdtmp) break;
-- BIO_get_md(mdtmp, &md);
++ if (!mdtmp) break;
+ BIO_get_md(mdtmp, &md);
printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
- mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
- for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
- printf("\n");
- mdtmp = BIO_next(mdtmp);
+- } while(mdtmp);
+ mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
-+ for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
++ for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+ printf("\n");
+ mdtmp = BIO_next(mdtmp);
- } while(mdtmp);
++ } while (mdtmp);
BIO_free_all(bio);
+
@@ -142,8 +144,13 @@ separate BIO_ctrl() call.
Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the
BIO was initialized first.
@@ -114303,8 +121429,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/BIO_f_null.pod b/doc/crypto/BIO_f_null.pod
-index 6ee8491..c4e4c66 100644
--- a/doc/crypto/BIO_f_null.pod
+++ b/doc/crypto/BIO_f_null.pod
@@ -8,7 +8,7 @@ BIO_f_null - null filter
@@ -114316,7 +121440,7 @@
=head1 DESCRIPTION
-@@ -27,6 +27,13 @@ As may be apparent a null filter BIO is not particularly useful.
+@@ -27,6 +27,13 @@ As may be apparent a null filter BIO is
BIO_f_null() returns the null filter BIO method.
@@ -114332,8 +121456,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod
-index 46eecd1..4007130 100644
--- a/doc/crypto/BIO_f_ssl.pod
+++ b/doc/crypto/BIO_f_ssl.pod
@@ -2,11 +2,15 @@
@@ -114353,34 +121475,36 @@
=head1 SYNOPSIS
#include <openssl/bio.h>
-@@ -14,15 +18,15 @@ BIO_ssl_shutdown - SSL BIO
+@@ -14,29 +18,26 @@ BIO_ssl_shutdown - SSL BIO
const BIO_METHOD *BIO_f_ssl(void);
- #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
- #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
- #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-+ #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-+ #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-+ #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
- #define BIO_set_ssl_renegotiate_bytes(b,num) \
+- #define BIO_set_ssl_renegotiate_bytes(b,num) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
- #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+- #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
- #define BIO_get_num_renegotiates(b) \
+- #define BIO_get_num_renegotiates(b) \
- BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
-+ BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
++ long BIO_set_ssl(BIO *b, SSL *ssl, long c);
++ long BIO_get_ssl(BIO *b, SSL **sslp);
++ long BIO_set_ssl_mode(BIO *b, long client);
++ long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
++ long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
++ long BIO_get_num_renegotiates(BIO *b);
- BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+- BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
++ BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-@@ -30,13 +34,13 @@ BIO_ssl_shutdown - SSL BIO
- int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+- int BIO_ssl_copy_session_id(BIO *to,BIO *from);
++ int BIO_ssl_copy_session_id(BIO *to, BIO *from);
void BIO_ssl_shutdown(BIO *bio);
- #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-+ #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
++ long BIO_do_handshake(BIO *b);
=head1 DESCRIPTION
@@ -114391,7 +121515,7 @@
I/O performed on an SSL BIO communicates using the SSL protocol with
the SSLs read and write BIOs. If an SSL connection is not established
-@@ -63,7 +67,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
+@@ -63,7 +64,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode
is 1 client mode is set. If B<client> is 0 server mode is set.
BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
@@ -114400,7 +121524,7 @@
the SSL session is automatically renegotiated. B<num> must be at
least 512 bytes.
-@@ -84,7 +88,7 @@ BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
+@@ -84,7 +85,7 @@ BIO_new_buffer_ssl_connect() creates a n
of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
BIO.
@@ -114409,18 +121533,20 @@
BIO chains B<from> and B<to>. It does this by locating the
SSL BIOs in each chain and calling SSL_copy_session_id() on
the internal SSL pointer.
-@@ -124,10 +128,6 @@ Applications do not have to call BIO_do_handshake() but may wish
+@@ -124,9 +125,9 @@ Applications do not have to call BIO_do_
to do so to separate the handshake process from other I/O
processing.
-=head1 RETURN VALUES
-
-TBA
--
++BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(),
++BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(),
++BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.
+
=head1 EXAMPLE
- This SSL/TLS client example, attempts to retrieve a page from an
-@@ -140,54 +140,48 @@ unencrypted example in L<BIO_s_connect(3)>.
+@@ -140,54 +141,48 @@ unencrypted example in L<BIO_s_connect(3
SSL_CTX *ctx;
SSL *ssl;
@@ -114490,13 +121616,13 @@
- BIO_write(out, tmpbuf, len);
+ for ( ; ; ) {
+ len = BIO_read(sbio, tmpbuf, 1024);
-+ if(len <= 0)
++ if (len <= 0)
+ break;
+ BIO_write(out, tmpbuf, len);
}
BIO_free_all(sbio);
BIO_free(out);
-@@ -203,102 +197,83 @@ a client and also echoes the request to standard output.
+@@ -203,102 +198,83 @@ a client and also echoes the request to
SSL_CTX *ctx;
SSL *ssl;
@@ -114528,7 +121654,7 @@
/* New SSL BIO setup as server */
- sbio=BIO_new_ssl(ctx,0);
-
-+ sbio = BIO_new_ssl(ctx,0);
++ sbio = BIO_new_ssl(ctx, 0);
BIO_get_ssl(sbio, &ssl);
-
- if(!ssl) {
@@ -114639,7 +121765,7 @@
BIO_free_all(sbio);
=head1 BUGS
-@@ -310,6 +285,13 @@ explicitly being popped (e.g. a pop higher up the chain). Applications which
+@@ -310,6 +286,13 @@ explicitly being popped (e.g. a pop high
included workarounds for this bug (e.g. freeing BIOs more than once) should
be modified to handle this fix or they may free up an already freed BIO.
@@ -114655,24 +121781,10 @@
-TBA
+=cut
-diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod
-index 6e65668..f03071a 100644
--- a/doc/crypto/BIO_find_type.pod
+++ b/doc/crypto/BIO_find_type.pod
-@@ -2,41 +2,47 @@
+@@ -8,46 +8,23 @@ BIO_find_type, BIO_next, BIO_method_type
- =head1 NAME
-
-+BIO_TYPE_NONE, BIO_TYPE_MEM, BIO_TYPE_FILE, BIO_TYPE_FD, BIO_TYPE_SOCKET,
-+BIO_TYPE_NULL, BIO_TYPE_SSL, BIO_TYPE_MD, BIO_TYPE_BUFFER, BIO_TYPE_CIPHER,
-+BIO_TYPE_BASE64, BIO_TYPE_CONNECT, BIO_TYPE_ACCEPT, BIO_TYPE_PROXY_CLIENT,
-+BIO_TYPE_PROXY_SERVER, BIO_TYPE_NBIO_TEST, BIO_TYPE_NULL_FILTER,
-+BIO_TYPE_BER, BIO_TYPE_BIO, BIO_TYPE_DESCRIPTOR, BIO_TYPE_FILTER,
-+BIO_TYPE_SOURCE_SINK,
- BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
-
- =head1 SYNOPSIS
-
#include <openssl/bio.h>
- BIO * BIO_find_type(BIO *b,int bio_type);
@@ -114704,39 +121816,29 @@
- #define BIO_TYPE_DESCRIPTOR 0x0100
- #define BIO_TYPE_FILTER 0x0200
- #define BIO_TYPE_SOURCE_SINK 0x0400
-+ BIO * BIO_find_type(BIO *b,int bio_type);
-+ BIO * BIO_next(BIO *b);
-+
-+ #define BIO_method_type(b) ((b)->method->type)
-+
-+ #define BIO_TYPE_NONE 0
-+ #define BIO_TYPE_MEM (1|0x0400)
-+ #define BIO_TYPE_FILE (2|0x0400)
-+
-+ #define BIO_TYPE_FD (4|0x0400|0x0100)
-+ #define BIO_TYPE_SOCKET (5|0x0400|0x0100)
-+ #define BIO_TYPE_NULL (6|0x0400)
-+ #define BIO_TYPE_SSL (7|0x0200)
-+ #define BIO_TYPE_MD (8|0x0200)
-+ #define BIO_TYPE_BUFFER (9|0x0200)
-+ #define BIO_TYPE_CIPHER (10|0x0200)
-+ #define BIO_TYPE_BASE64 (11|0x0200)
-+ #define BIO_TYPE_CONNECT (12|0x0400|0x0100)
-+ #define BIO_TYPE_ACCEPT (13|0x0400|0x0100)
-+ #define BIO_TYPE_PROXY_CLIENT (14|0x0200)
-+ #define BIO_TYPE_PROXY_SERVER (15|0x0200)
-+ #define BIO_TYPE_NBIO_TEST (16|0x0200)
-+ #define BIO_TYPE_NULL_FILTER (17|0x0200)
-+ #define BIO_TYPE_BER (18|0x0200)
-+ #define BIO_TYPE_BIO (19|0x0400)
-+
-+ #define BIO_TYPE_DESCRIPTOR 0x0100
-+ #define BIO_TYPE_FILTER 0x0200
-+ #define BIO_TYPE_SOURCE_SINK 0x0400
++ BIO *BIO_find_type(BIO *b, int bio_type);
++ BIO *BIO_next(BIO *b);
++ int BIO_method_type(const BIO *b);
=head1 DESCRIPTION
-@@ -68,18 +74,25 @@ BIO_method_type() returns the type of the BIO B<b>.
+ The BIO_find_type() searches for a BIO of a given type in a chain, starting
+-at BIO B<b>. If B<type> is a specific type (such as BIO_TYPE_MEM) then a search
++at BIO B<b>. If B<type> is a specific type (such as B<BIO_TYPE_MEM>) then a search
+ is made for a BIO of that type. If B<type> is a general type (such as
+ B<BIO_TYPE_SOURCE_SINK>) then the next matching BIO of the given general type is
+ searched for. BIO_find_type() returns the next matching BIO or NULL if none is
+ found.
+
+-Note: not all the B<BIO_TYPE_*> types above have corresponding BIO implementations.
++The following general types are defined:
++B<BIO_TYPE_DESCRIPTOR>, B<BIO_TYPE_FILTER>, and B<BIO_TYPE_SOURCE_SINK>.
++
++For a list of the specific types, see the B<openssl/bio.h> header file.
+
+ BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
+ in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
+@@ -68,18 +45,25 @@ BIO_method_type() returns the type of th
Traverse a chain looking for digest BIOs:
BIO *btmp;
@@ -114749,29 +121851,28 @@
- /* btmp is a digest BIO, do something with it ...*/
- ...
+ btmp = BIO_find_type(btmp, BIO_TYPE_MD);
-+ if(btmp == NULL) break; /* Not found */
++ if (btmp == NULL) break; /* Not found */
+ /* btmp is a digest BIO, do something with it ...*/
+ ...
++
++ btmp = BIO_next(btmp);
++ } while (btmp);
++
- btmp = BIO_next(btmp);
-+ btmp = BIO_next(btmp);
- } while(btmp);
+- } while(btmp);
++=head1 COPYRIGHT
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
+-TBA
+=cut
-diff --git a/doc/crypto/BIO_get_data.pod b/doc/crypto/BIO_get_data.pod
-index 73f8ea5..14f21fa 100644
--- a/doc/crypto/BIO_get_data.pod
+++ b/doc/crypto/BIO_get_data.pod
@@ -53,4 +53,13 @@ L<bio>, L<BIO_meth_new>
@@ -114788,11 +121889,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BIO_get_ex_new_index.pod b/doc/crypto/BIO_get_ex_new_index.pod
-index 4824b5d..3e24f10 100644
--- a/doc/crypto/BIO_get_ex_new_index.pod
+++ b/doc/crypto/BIO_get_ex_new_index.pod
-@@ -15,31 +15,50 @@ ECDSA_get_ex_new_index, ECDSA_set_ex_data, ECDSA_get_ex_data,
+@@ -15,31 +15,50 @@ ECDSA_get_ex_new_index, ECDSA_set_ex_dat
RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data
- application-specific data
@@ -114854,11 +121953,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BIO_meth_new.pod b/doc/crypto/BIO_meth_new.pod
-index de6ce66..2c2db6f 100644
--- a/doc/crypto/BIO_meth_new.pod
+++ b/doc/crypto/BIO_meth_new.pod
-@@ -75,7 +75,7 @@ called in response to the application calling BIO_puts(). The parameters for
+@@ -75,7 +75,7 @@ called in response to the application ca
the function have the same meaning as for BIO_puts().
BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically
@@ -114867,6 +121964,15 @@
page for more information). This function will be called in response to the
application calling BIO_gets(). The parameters for the function have the same
meaning as for BIO_gets().
+@@ -88,7 +88,7 @@ BIO_ctrl().
+
+ BIO_meth_get_create() and BIO_meth_set_create() get and set the function used
+ for creating a new instance of the BIO respectively. This function will be
+-called in response to the application calling BIO_new() or BIO_set() and passing
++called in response to the application calling BIO_new() and passing
+ in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the
+ memory for the new BIO, and a pointer to this newly allocated structure will
+ be passed as a parameter to the function.
@@ -102,7 +102,7 @@ this function.
BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the
@@ -114876,7 +121982,7 @@
in response to the application calling BIO_callback_ctrl(). The parameters for
the function have the same meaning as for BIO_callback_ctrl().
-@@ -114,4 +114,13 @@ L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L<BIO_read>, L<BIO_new>
+@@ -114,4 +114,13 @@ L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L
The functions described here were added in OpenSSL version 1.1.0.
@@ -114890,12 +121996,18 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BIO_new.pod b/doc/crypto/BIO_new.pod
-index 4c9299b..8e42e65 100644
--- a/doc/crypto/BIO_new.pod
+++ b/doc/crypto/BIO_new.pod
-@@ -8,12 +8,12 @@ BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation
+@@ -2,25 +2,24 @@
+ =head1 NAME
+
+-BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
++BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all,
++BIO_set - BIO allocation and freeing functions
+
+ =head1 SYNOPSIS
+
#include <openssl/bio.h>
- BIO * BIO_new(const BIO_METHOD *type);
@@ -114905,7 +122017,7 @@
- void BIO_vfree(BIO *a);
- void BIO_free_all(BIO *a);
+ BIO * BIO_new(const BIO_METHOD *type);
-+ int BIO_set(BIO *a,const BIO_METHOD *type);
++ int BIO_set(BIO *a, const BIO_METHOD *type);
+ int BIO_up_ref(BIO *a);
+ int BIO_free(BIO *a);
+ void BIO_vfree(BIO *a);
@@ -114913,8 +122025,15 @@
=head1 DESCRIPTION
-@@ -45,27 +45,25 @@ BIO_free_all() and BIO_vfree() do not return values.
+ The BIO_new() function returns a new BIO using method B<type>.
+-BIO_set() sets the method of an already existing BIO.
+-
+ BIO_up_ref() increments the reference count associated with the BIO object.
+
+ BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
+@@ -45,20 +44,15 @@ BIO_free_all() and BIO_vfree() do not re
+
=head1 NOTES
-Some BIOs (such as memory BIOs) can be used immediately after calling
@@ -114932,10 +122051,13 @@
-pointer to a BIO_METHOD. There is a naming convention for such functions:
-a source/sink BIO is normally called BIO_s_*() and a filter BIO
-BIO_f_*();
--
++=head1 HISTORY
++
++BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.
+
=head1 EXAMPLE
- Create a memory BIO:
+@@ -66,6 +60,13 @@ BIO_f_*();
BIO *mem = BIO_new(BIO_s_mem());
@@ -114951,8 +122073,6 @@
-TBA
+=cut
-diff --git a/doc/crypto/BIO_new_CMS.pod b/doc/crypto/BIO_new_CMS.pod
-index 0069b8d..b06c224 100644
--- a/doc/crypto/BIO_new_CMS.pod
+++ b/doc/crypto/BIO_new_CMS.pod
@@ -2,7 +2,7 @@
@@ -114978,11 +122098,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BIO_parse_hostserv.pod b/doc/crypto/BIO_parse_hostserv.pod
-index df73ea7..4ee4f46 100644
--- a/doc/crypto/BIO_parse_hostserv.pod
+++ b/doc/crypto/BIO_parse_hostserv.pod
-@@ -42,26 +42,32 @@ The service part can be a service name or its port number.
+@@ -42,26 +42,32 @@ The service part can be a service name
The returned values will depend on the given B<hostserv> string
and B<hostserv_prio>, as follows:
@@ -115023,11 +122141,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_push.pod b/doc/crypto/BIO_push.pod
-index 1523e5b..cb19c0b 100644
--- a/doc/crypto/BIO_push.pod
+++ b/doc/crypto/BIO_push.pod
-@@ -2,7 +2,7 @@
+@@ -2,13 +2,13 @@
=head1 NAME
@@ -115036,6 +122152,13 @@
=head1 SYNOPSIS
+ #include <openssl/bio.h>
+
+- BIO *BIO_push(BIO *b,BIO *append);
++ BIO *BIO_push(BIO *b, BIO *append);
+ BIO *BIO_pop(BIO *b);
+ void BIO_set_next(BIO *b, BIO *next);
+
@@ -77,4 +77,13 @@ L<bio>
The BIO_set_next() function was added in OpenSSL version 1.1.0.
@@ -115050,11 +122173,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod
-index 90b1c75..45871c1 100644
--- a/doc/crypto/BIO_read.pod
+++ b/doc/crypto/BIO_read.pod
-@@ -8,10 +8,10 @@ BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
+@@ -8,10 +8,10 @@ BIO_read, BIO_write, BIO_gets, BIO_puts
#include <openssl/bio.h>
@@ -115084,32 +122205,20 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod
-index 88877e4..a9259ab 100644
--- a/doc/crypto/BIO_s_accept.pod
+++ b/doc/crypto/BIO_s_accept.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+BIO_BIND_NORMAL, BIO_BIND_REUSEADDR_IF_UNUSED, BIO_BIND_REUSEADDR,
- BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_new_accept,
- BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
- BIO_get_bind_mode, BIO_do_accept - accept BIO
-@@ -23,9 +24,9 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO
+@@ -23,10 +23,6 @@ BIO_get_bind_mode, BIO_do_accept - accep
long BIO_set_bind_mode(BIO *b, long mode);
long BIO_get_bind_mode(BIO *b);
- #define BIO_BIND_NORMAL 0
- #define BIO_BIND_REUSEADDR_IF_UNUSED 1
- #define BIO_BIND_REUSEADDR 2
-+ #define BIO_BIND_NORMAL 0
-+ #define BIO_BIND_REUSEADDR_IF_UNUSED 1
-+ #define BIO_BIND_REUSEADDR 2
-
+-
int BIO_do_accept(BIO *b);
-@@ -75,7 +76,7 @@ BIO_set_nbio_accept() sets the accept socket to blocking mode
+ =head1 DESCRIPTION
+@@ -75,19 +71,19 @@ BIO_set_nbio_accept() sets the accept so
BIO_set_accept_bios() can be used to set a chain of BIOs which
will be duplicated and prepended to the chain when an incoming
@@ -115118,8 +122227,24 @@
buffering or SSL BIO is required for each connection. The
chain of BIOs must not be freed after this call, they will
be automatically freed when the accept BIO is freed.
-@@ -161,33 +162,35 @@ down each and finally closes both down.
+ BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
+-the current bind mode. If BIO_BIND_NORMAL (the default) is set
++the current bind mode. If B<BIO_BIND_NORMAL> (the default) is set
+ then another socket cannot be bound to the same port. If
+-BIO_BIND_REUSEADDR is set then other sockets can bind to the
+-same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and
++B<BIO_BIND_REUSEADDR> is set then other sockets can bind to the
++same port. If B<BIO_BIND_REUSEADDR_IF_UNUSED> is set then and
+ attempt is first made to use BIO_BIN_NORMAL, if this fails
+ and the port is not in use then a second attempt is made
+-using BIO_BIND_REUSEADDR.
++using B<BIO_BIND_REUSEADDR>.
+
+ BIO_do_accept() serves two functions. When it is first
+ called, after the accept BIO has been setup, it will attempt
+@@ -161,33 +157,35 @@ down each and finally closes both down.
+
BIO *abio, *cbio, *cbio2;
- abio = BIO_new_accept("4444");
@@ -115168,7 +122293,7 @@
/* Close accept BIO to refuse further connections */
cbio2 = BIO_pop(abio);
BIO_free(abio);
-@@ -195,10 +198,18 @@ down each and finally closes both down.
+@@ -195,10 +193,18 @@ down each and finally closes both down.
fprintf(stderr, "Sent out data on connection 2\n");
BIO_puts(cbio, "Connection 1: Second connection established\n");
@@ -115189,8 +122314,6 @@
-TBA
+=cut
-diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod
-index 438b5dd..fb66197 100644
--- a/doc/crypto/BIO_s_bio.pod
+++ b/doc/crypto/BIO_s_bio.pod
@@ -2,7 +2,7 @@
@@ -115202,7 +122325,37 @@
BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
-@@ -65,7 +65,7 @@ up any half of the pair will automatically destroy the association.
+@@ -13,22 +13,20 @@ BIO_ctrl_get_read_request, BIO_ctrl_rese
+
+ const BIO_METHOD *BIO_s_bio(void);
+
+- #define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+- #define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
++ int BIO_make_bio_pair(BIO *b1, BIO *b2);
++ int BIO_destroy_bio_pair(BIO *b);
++ int BIO_shutdown_wr(BIO *b);
+
+- #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+
+- #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+- #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
++ int BIO_set_write_buf_size(BIO *b, long size);
++ size_t BIO_get_write_buf_size(BIO *b, long size);
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+- #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
++ int BIO_get_write_guarantee(BIO *b);
+ size_t BIO_ctrl_get_write_guarantee(BIO *b);
+-
+- #define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
++ int BIO_get_read_request(BIO *b);
+ size_t BIO_ctrl_get_read_request(BIO *b);
+-
+ int BIO_ctrl_reset_read_request(BIO *b);
+
+ =head1 DESCRIPTION
+@@ -65,7 +63,7 @@ up any half of the pair will automatical
BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
writes on BIO B<b> are allowed (they will return an error). Reads on the other
half of the pair will return any pending data or EOF when all pending data has
@@ -115211,17 +122364,22 @@
BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
If the size is not initialized a default value is used. This is currently
-@@ -120,6 +120,9 @@ the application then waits for data to be available on the underlying transport
+@@ -120,6 +118,14 @@ the application then waits for data to b
before flushing the write buffer it will never succeed because the request was
never sent!
+BIO_eof() is true if no data is in the peer BIO and the peer BIO has been
+shutdown.
+
++BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(),
++BIO_set_write_buf_size(), BIO_get_write_buf_size(),
++BIO_get_write_guarantee(), and BIO_get_read_request() are implemented
++as macros.
++
=head1 RETURN VALUES
BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
-@@ -156,7 +159,7 @@ without having to go through the SSL-interface.
+@@ -156,7 +162,7 @@ without having to go through the SSL-int
socket
...
@@ -115230,7 +122388,7 @@
BIO_free(network_bio);
...
-@@ -183,4 +186,13 @@ the peer might be waiting for the data before being able to continue.
+@@ -183,4 +189,13 @@ the peer might be waiting for the data b
L<SSL_set_bio(3)>, L<ssl(3)>, L<bio(3)>,
L<BIO_should_retry(3)>, L<BIO_read(3)>
@@ -115244,8 +122402,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod
-index 4c246e0..29192a6 100644
--- a/doc/crypto/BIO_s_connect.pod
+++ b/doc/crypto/BIO_s_connect.pod
@@ -2,9 +2,10 @@
@@ -115261,7 +122417,7 @@
BIO_set_nbio, BIO_do_connect - connect BIO
=head1 SYNOPSIS
-@@ -81,7 +82,7 @@ This return value is an internal pointer which should not be modified.
+@@ -81,7 +82,7 @@ This return value is an internal pointer
BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
is set. Blocking I/O is the default. The call to BIO_set_nbio()
@@ -115270,7 +122426,7 @@
non blocking I/O is set during the connect process.
BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
-@@ -167,16 +168,17 @@ to retrieve a page and copy the result to standard output.
+@@ -167,16 +168,17 @@ to retrieve a page and copy the result t
cbio = BIO_new_connect("localhost:http");
out = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -115291,13 +122447,13 @@
- BIO_write(out, tmpbuf, len);
+ for ( ; ; ) {
+ len = BIO_read(cbio, tmpbuf, 1024);
-+ if(len <= 0)
++ if (len <= 0)
+ break;
+ BIO_write(out, tmpbuf, len);
}
BIO_free(cbio);
BIO_free(out);
-@@ -185,3 +187,14 @@ to retrieve a page and copy the result to standard output.
+@@ -185,3 +187,14 @@ to retrieve a page and copy the result t
=head1 SEE ALSO
L<BIO_ADDR(3)>
@@ -115312,25 +122468,47 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod
-index e9ebdbf..8002ad7 100644
--- a/doc/crypto/BIO_s_fd.pod
+++ b/doc/crypto/BIO_s_fd.pod
-@@ -8,10 +8,10 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
+@@ -8,10 +8,10 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_ne
#include <openssl/bio.h>
- const BIO_METHOD * BIO_s_fd(void);
-+ const BIO_METHOD * BIO_s_fd(void);
++ const BIO_METHOD *BIO_s_fd(void);
- #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
- #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-+ #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-+ #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
++ int BIO_set_fd(BIO *b, int fd, int c);
++ int BIO_get_fd(BIO *b, int *c);
BIO *BIO_new_fd(int fd, int close_flag);
-@@ -46,7 +46,7 @@ BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
+@@ -27,26 +27,26 @@ If the close flag is set then close() is
+ file descriptor when the BIO is freed.
+
+ BIO_reset() attempts to change the file pointer to the start of file
+-using lseek(fd, 0, 0).
++such as by using B<lseek(fd, 0, 0)>.
+
+ BIO_seek() sets the file pointer to position B<ofs> from start of file
+-using lseek(fd, ofs, 0).
++such as by using B<lseek(fd, ofs, 0)>.
+
+-BIO_tell() returns the current file position by calling lseek(fd, 0, 1).
++BIO_tell() returns the current file position such as by calling
++B<lseek(fd, 0, 1)>.
+
+ BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
+ flag to B<c>.
+
+ BIO_get_fd() places the file descriptor in B<c> if it is not NULL, it also
+-returns the file descriptor. If B<c> is not NULL it should be of type
+-(int *).
++returns the file descriptor.
+
+ BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
+
=head1 NOTES
The behaviour of BIO_read() and BIO_write() depends on the behavior of the
@@ -115339,7 +122517,33 @@
file descriptor is in a non blocking mode then the BIO will behave in the
manner described in the L<BIO_read(3)> and L<BIO_should_retry(3)>
manual pages.
-@@ -87,3 +87,14 @@ L<BIO_reset(3)>, L<BIO_read(3)>,
+@@ -54,15 +54,12 @@ manual pages.
+ File descriptor BIOs should not be used for socket I/O. Use socket BIOs
+ instead.
+
++BIO_set_fd() and BIO_get_fd() are implemented as macros.
++
+ =head1 RETURN VALUES
+
+ BIO_s_fd() returns the file descriptor BIO method.
+
+-BIO_reset() returns zero for success and -1 if an error occurred.
+-BIO_seek() and BIO_tell() return the current file position or -1
+-is an error occurred. These values reflect the underlying lseek()
+-behaviour.
+-
+ BIO_set_fd() always returns 1.
+
+ BIO_get_fd() returns the file descriptor or -1 if the BIO has not
+@@ -76,6 +73,7 @@ occurred.
+ This is a file descriptor BIO version of "Hello World":
+
+ BIO *out;
++
+ out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+@@ -87,3 +85,14 @@ L<BIO_reset(3)>, L<BIO_read(3)>,
L<BIO_write(3)>, L<BIO_puts(3)>,
L<BIO_gets(3)>, L<BIO_printf(3)>,
L<BIO_set_close(3)>, L<BIO_get_close(3)>
@@ -115354,11 +122558,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_s_file.pod b/doc/crypto/BIO_s_file.pod
-index 5ba0d34..ff23269 100644
--- a/doc/crypto/BIO_s_file.pod
+++ b/doc/crypto/BIO_s_file.pod
-@@ -10,7 +10,7 @@ BIO_rw_filename - FILE bio
+@@ -10,12 +10,12 @@ BIO_rw_filename - FILE bio
#include <openssl/bio.h>
@@ -115367,8 +122569,45 @@
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int flags);
-@@ -128,7 +128,7 @@ BIO_seek() returns the same value as the underlying fseek() function:
+- BIO_set_fp(BIO *b,FILE *fp, int flags);
+- BIO_get_fp(BIO *b,FILE **fpp);
++ BIO_set_fp(BIO *b, FILE *fp, int flags);
++ BIO_get_fp(BIO *b, FILE **fpp);
+ int BIO_read_filename(BIO *b, char *name)
+ int BIO_write_filename(BIO *b, char *name)
+@@ -92,15 +92,15 @@ lingual environment, encode file names i
+
+ BIO *bio_out;
+ bio_out = BIO_new(BIO_s_file());
+- if(bio_out == NULL) /* Error ... */
+- if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
++ if (bio_out == NULL) /* Error ... */
++ if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
+ BIO_printf(bio_out, "Hello World\n");
+
+ Write to a file:
+
+ BIO *out;
+ out = BIO_new_file("filename.txt", "w");
+- if(!out) /* Error occurred */
++ if (!out) /* Error occurred */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+@@ -108,8 +108,8 @@ lingual environment, encode file names i
+
+ BIO *out;
+ out = BIO_new(BIO_s_file());
+- if(out == NULL) /* Error ... */
+- if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
++ if (out == NULL) /* Error ... */
++ if (!BIO_write_filename(out, "filename.txt")) /* Error ... */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+@@ -128,7 +128,7 @@ BIO_set_fp() and BIO_get_fp() return 1 f
+
BIO_tell() returns the current file position.
-BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
@@ -115391,8 +122630,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod
-index 84abb29..afde930 100644
--- a/doc/crypto/BIO_s_mem.pod
+++ b/doc/crypto/BIO_s_mem.pod
@@ -2,6 +2,7 @@
@@ -115403,7 +122640,7 @@
BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
-@@ -9,8 +10,8 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
+@@ -9,19 +10,19 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memor
#include <openssl/bio.h>
@@ -115412,10 +122649,16 @@
+ const BIO_METHOD * BIO_s_mem(void);
+ const BIO_METHOD * BIO_s_secmem(void);
- BIO_set_mem_eof_return(BIO *b,int v)
+- BIO_set_mem_eof_return(BIO *b,int v)
++ BIO_set_mem_eof_return(BIO *b, int v)
long BIO_get_mem_data(BIO *b, char **pp)
-@@ -21,7 +22,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
+- BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c)
+- BIO_get_mem_ptr(BIO *b,BUF_MEM **pp)
++ BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
++ BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
+ BIO *BIO_new_mem_buf(const void *buf, int len);
+
=head1 DESCRIPTION
-BIO_s_mem() return the memory BIO method function.
@@ -115432,7 +122675,7 @@
the data can be read again.
BIO_eof() is true if no data is in the BIO.
-@@ -96,7 +97,7 @@ There should be an option to set the maximum size of a memory BIO.
+@@ -96,7 +97,7 @@ There should be an option to set the max
Create a memory BIO and write some data to it:
BIO *mem = BIO_new(BIO_s_mem());
@@ -115441,7 +122684,7 @@
Create a read only memory BIO:
-@@ -110,8 +111,14 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
+@@ -110,8 +111,14 @@ There should be an option to set the max
BIO_get_mem_ptr(mem, &bptr);
BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
BIO_free(mem);
@@ -115459,8 +122702,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_s_null.pod b/doc/crypto/BIO_s_null.pod
-index 00905ec..5a1d84d 100644
--- a/doc/crypto/BIO_s_null.pod
+++ b/doc/crypto/BIO_s_null.pod
@@ -8,7 +8,7 @@ BIO_s_null - null data sink
@@ -115472,7 +122713,7 @@
=head1 DESCRIPTION
-@@ -32,6 +32,13 @@ by adding a null sink BIO to the end of the chain
+@@ -32,6 +32,13 @@ by adding a null sink BIO to the end of
BIO_s_null() returns the null sink BIO method.
@@ -115488,11 +122729,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/BIO_s_socket.pod b/doc/crypto/BIO_s_socket.pod
-index 13efb50..ad0574a 100644
--- a/doc/crypto/BIO_s_socket.pod
+++ b/doc/crypto/BIO_s_socket.pod
-@@ -10,9 +10,6 @@ BIO_s_socket, BIO_new_socket - socket BIO
+@@ -10,9 +10,6 @@ BIO_s_socket, BIO_new_socket - socket BI
const BIO_METHOD *BIO_s_socket(void);
@@ -115502,7 +122741,7 @@
BIO *BIO_new_socket(int sock, int close_flag);
=head1 DESCRIPTION
-@@ -26,12 +23,6 @@ BIO_puts() is supported but BIO_gets() is not.
+@@ -26,12 +23,6 @@ BIO_puts() is supported but BIO_gets() i
If the close flag is set then the socket is shut down and closed
when the BIO is freed.
@@ -115515,7 +122754,7 @@
BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
=head1 NOTES
-@@ -44,20 +35,20 @@ platforms sockets are not file descriptors and use distinct I/O routines,
+@@ -44,20 +35,20 @@ platforms sockets are not file descripto
Windows is one such platform. Any code mixing the two will not work on
all platforms.
@@ -115545,11 +122784,9 @@
-TBA
+=cut
-diff --git a/doc/crypto/BIO_set_callback.pod b/doc/crypto/BIO_set_callback.pod
-index 4759556..219a6dd 100644
--- a/doc/crypto/BIO_set_callback.pod
+++ b/doc/crypto/BIO_set_callback.pod
-@@ -9,16 +9,16 @@ BIO_debug_callback - BIO callback functions
+@@ -9,16 +9,17 @@ BIO_debug_callback - BIO callback functi
#include <openssl/bio.h>
@@ -115557,53 +122794,120 @@
- #define BIO_get_callback(b) ((b)->callback)
- #define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg))
- #define BIO_get_callback_arg(b) ((b)->cb_arg)
-+ #define BIO_set_callback(b,cb) ((b)->callback=(cb))
-+ #define BIO_get_callback(b) ((b)->callback)
-+ #define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg))
-+ #define BIO_get_callback_arg(b) ((b)->cb_arg)
- long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+- long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
- long argl,long ret);
-+ long argl,long ret);
++ typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
++ long argl, long ret);
- typedef long (*callback)(BIO *b, int oper, const char *argp,
+- typedef long (*callback)(BIO *b, int oper, const char *argp,
- int argi, long argl, long retvalue);
-+ int argi, long argl, long retvalue);
++ void BIO_set_callback(BIO *b, BIO_callack_fn cb);
++ BIO_callack_fn BIO_get_callback(BIO *b);
++ void BIO_set_callback_arg(BIO *b, char *arg);
++ char *BIO_get_callback_arg(const BIO *b);
++
++ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
++ long argl, long ret);
=head1 DESCRIPTION
-@@ -103,6 +103,13 @@ callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
+@@ -32,34 +33,49 @@ used to set and retrieve an argument for
+
+ BIO_debug_callback() is a standard debugging callback which prints
+ out information relating to each BIO operation. If the callback
+-argument is set if is interpreted as a BIO to send the information
++argument is set it is interpreted as a BIO to send the information
+ to, otherwise stderr is used.
+
+-callback() is the callback function itself. The meaning of each
+-argument is described below.
++BIO_callback_fn() is the type of the callback function. The meaning of each
++argument is described below:
++
++=over
++
++=item B<b>
+
+ The BIO the callback is attached to is passed in B<b>.
+
++=item B<oper>
++
+ B<oper> is set to the operation being performed. For some operations
+ the callback is called twice, once before and once after the actual
+ operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
+
++=item B<argp> B<argi> B<argl>
++
+ The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
+ the value of B<oper>, that is the operation being performed.
+
+-B<retvalue> is the return value that would be returned to the
++=item B<ret>
++
++B<ret> is the return value that would be returned to the
+ application if no callback were present. The actual value returned
+ is the return value of the callback itself. In the case of callbacks
+-called before the actual BIO operation 1 is placed in retvalue, if
++called before the actual BIO operation 1 is placed in B<ret>, if
+ the return value is not positive it will be immediately returned to
+ the application and the BIO operation will not be performed.
+
+-The callback should normally simply return B<retvalue> when it has
+-finished processing, unless if specifically wishes to modify the
++=back
++
++The callback should normally simply return B<ret> when it has
++finished processing, unless it specifically wishes to modify the
+ value returned to the application.
+
+ =head1 CALLBACK OPERATIONS
+
++In the notes below, B<callback> defers to the actual callback
++function that is called.
++
+ =over 4
+
+ =item B<BIO_free(b)>
+@@ -93,8 +109,8 @@ after.
+
+ =item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
+
+-callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
+-callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
++callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) is called before the call and
++callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) after.
+
+ =back
+
+@@ -103,6 +119,13 @@ callback(b,BIO_CB_CTRL|BIO_CB_RETURN,par
The BIO_debug_callback() function is a good example, its source is
in crypto/bio/bio_cb.c
-=head1 SEE ALSO
+=head1 COPYRIGHT
-
--TBA
++
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
+-TBA
+=cut
-diff --git a/doc/crypto/BIO_should_retry.pod b/doc/crypto/BIO_should_retry.pod
-index f5b47b3..2a6485a 100644
--- a/doc/crypto/BIO_should_retry.pod
+++ b/doc/crypto/BIO_should_retry.pod
-@@ -2,7 +2,9 @@
+@@ -2,7 +2,7 @@
=head1 NAME
-BIO_should_retry, BIO_should_read, BIO_should_write,
-+BIO_FLAGS_READ, BIO_FLAGS_WRITE, BIO_FLAGS_IO_SPECIAL, BIO_FLAGS_RWS,
-+BIO_FLAGS_SHOULD_RETRY,
+BIO_should_read, BIO_should_write,
BIO_should_io_special, BIO_retry_type, BIO_should_retry,
BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry
functions
-@@ -11,17 +13,17 @@ functions
+@@ -11,17 +11,11 @@ functions
#include <openssl/bio.h>
@@ -115612,25 +122916,21 @@
- #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
- #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
- #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
-+ #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
-+ #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
-+ #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
-+ #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
-+ #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
-
+-
- #define BIO_FLAGS_READ 0x01
- #define BIO_FLAGS_WRITE 0x02
- #define BIO_FLAGS_IO_SPECIAL 0x04
-+ #define BIO_FLAGS_READ 0x01
-+ #define BIO_FLAGS_WRITE 0x02
-+ #define BIO_FLAGS_IO_SPECIAL 0x04
- #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+- #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
- #define BIO_FLAGS_SHOULD_RETRY 0x08
-+ #define BIO_FLAGS_SHOULD_RETRY 0x08
++ int BIO_should_read(BIO *b);
++ int BIO_should_write(BIO *b);
++ int BIO_should_io_special(iBIO *b);
++ int BIO_retry_type(BIO *b);
++ int BIO_should_retry(BIO *b);
BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
int BIO_get_retry_reason(BIO *bio);
-@@ -53,7 +55,7 @@ B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
+@@ -53,7 +47,7 @@ B<BIO_FLAGS_IO_SPECIAL> though current B
these.
BIO_get_retry_BIO() determines the precise reason for the special
@@ -115639,7 +122939,17 @@
B<reason> is not NULL it contains the reason code. The meaning of
the reason code and the action that should be taken depends on
the type of BIO that resulted in this condition.
-@@ -99,7 +101,7 @@ available and then retry the BIO operation. By combining the retry
+@@ -66,6 +60,9 @@ BIO. This would usually only be called b
+
+ =head1 NOTES
+
++BIO_should_read(), BIO_should_write(), BIO_should_io_special(),
++BIO_retry_type(), and BIO_should_retry(), are implemented as macros.
++
+ If BIO_should_retry() returns false then the precise "error condition"
+ depends on the BIO type that caused it and the return code of the BIO
+ operation. For example if a call to BIO_read() on a socket BIO returns
+@@ -99,7 +96,7 @@ available and then retry the BIO operati
conditions of several non blocking BIOs in a single select() call
it is possible to service several BIOs in a single thread, though
the performance may be poor if SSL BIOs are present because long delays
@@ -115648,7 +122958,7 @@
It is possible for a BIO to block indefinitely if the underlying I/O
structure cannot process or return any data. This depends on the behaviour of
-@@ -123,4 +125,13 @@ L<bio>
+@@ -123,4 +120,13 @@ L<bio>
The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in
OpenSSL version 1.1.0.
@@ -115662,8 +122972,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod
-index f539ae6..754bcf3 100644
--- a/doc/crypto/BN_BLINDING_new.pod
+++ b/doc/crypto/BN_BLINDING_new.pod
@@ -2,26 +2,26 @@
@@ -115687,7 +122995,8 @@
- BIGNUM *mod);
+ BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
++ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
@@ -115699,7 +123008,7 @@
int BN_BLINDING_is_current_thread(BN_BLINDING *b);
void BN_BLINDING_set_current_thread(BN_BLINDING *b);
int BN_BLINDING_lock(BN_BLINDING *b);
-@@ -29,10 +29,10 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
+@@ -29,10 +29,10 @@ BN_BLINDING_set_flags, BN_BLINDING_creat
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
@@ -115737,8 +123046,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod
-index df432c7..ca54590 100644
--- a/doc/crypto/BN_CTX_new.pod
+++ b/doc/crypto/BN_CTX_new.pod
@@ -2,7 +2,7 @@
@@ -115764,8 +123071,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_CTX_start.pod b/doc/crypto/BN_CTX_start.pod
-index 2e23be2..372da50 100644
--- a/doc/crypto/BN_CTX_start.pod
+++ b/doc/crypto/BN_CTX_start.pod
@@ -45,4 +45,13 @@ can be obtained by L<ERR_get_error(3)>.
@@ -115782,11 +123087,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod
-index 3ad2274..72cc09f 100644
--- a/doc/crypto/BN_add.pod
+++ b/doc/crypto/BN_add.pod
-@@ -115,4 +115,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
+@@ -115,4 +115,13 @@ The error codes can be obtained by L<ERR
L<bn(3)>, L<ERR_get_error(3)>, L<BN_CTX_new(3)>,
L<BN_add_word(3)>, L<BN_set_bit(3)>
@@ -115800,8 +123103,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod
-index 1bbe31b..35bdcf4 100644
--- a/doc/crypto/BN_add_word.pod
+++ b/doc/crypto/BN_add_word.pod
@@ -49,4 +49,13 @@ B<(BN_ULONG)-1> if an error occurred.
@@ -115818,8 +123119,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
-index cbd5d34..14b152e 100644
--- a/doc/crypto/BN_bn2bin.pod
+++ b/doc/crypto/BN_bn2bin.pod
@@ -2,6 +2,7 @@
@@ -115830,7 +123129,7 @@
BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec,
BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi,
BN_mpi2bn - format conversions
-@@ -51,11 +52,12 @@ hexadecimal and decimal encoding of B<a> respectively. For negative
+@@ -51,11 +52,12 @@ hexadecimal and decimal encoding of B<a>
numbers, the string is prefaced with a leading '-'. The string must be
freed later using OPENSSL_free().
@@ -115848,7 +123147,7 @@
BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
-@@ -84,8 +86,9 @@ BN_bn2binpad() returns the number of bytes written or -1 if the supplied
+@@ -84,8 +86,9 @@ BN_bn2binpad() returns the number of byt
buffer is too small.
BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
@@ -115860,7 +123159,7 @@
BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
-@@ -100,4 +103,13 @@ L<bn(3)>, L<ERR_get_error(3)>, L<BN_zero(3)>,
+@@ -100,4 +103,13 @@ L<bn(3)>, L<ERR_get_error(3)>, L<BN_zero
L<ASN1_INTEGER_to_BN(3)>,
L<BN_num_bytes(3)>
@@ -115874,8 +123173,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_cmp.pod b/doc/crypto/BN_cmp.pod
-index 6c33314..ec00571 100644
--- a/doc/crypto/BN_cmp.pod
+++ b/doc/crypto/BN_cmp.pod
@@ -39,4 +39,13 @@ the condition is true, 0 otherwise.
@@ -115892,8 +123189,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod
-index 0a00884..b044b98 100644
--- a/doc/crypto/BN_copy.pod
+++ b/doc/crypto/BN_copy.pod
@@ -57,4 +57,13 @@ by L<ERR_get_error(3)>.
@@ -115910,11 +123205,25 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod
-index 8ea3d0b..2757448 100644
--- a/doc/crypto/BN_generate_prime.pod
+++ b/doc/crypto/BN_generate_prime.pod
-@@ -39,7 +39,7 @@ Deprecated:
+@@ -11,12 +11,12 @@ for primality
+
+ #include <openssl/bn.h>
+
+- int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
++ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+
+- int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
++ int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+
+- int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
++ int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
+
+ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+@@ -39,7 +39,7 @@ for primality
BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
@@ -115923,7 +123232,7 @@
void *), BN_CTX *ctx, void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-@@ -182,4 +182,13 @@ L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>
+@@ -182,4 +182,13 @@ L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)
BN_GENCB_new(), BN_GENCB_free(),
and BN_GENCB_get_arg() were added in OpenSSL 1.1.0
@@ -115937,11 +123246,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_mod_inverse.pod b/doc/crypto/BN_mod_inverse.pod
-index e54bccf..b4792ad 100644
--- a/doc/crypto/BN_mod_inverse.pod
+++ b/doc/crypto/BN_mod_inverse.pod
-@@ -29,4 +29,13 @@ NULL on error. The error codes can be obtained by L<ERR_get_error(3)>.
+@@ -29,4 +29,13 @@ NULL on error. The error codes can be ob
L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>
@@ -115955,8 +123262,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod
-index b4a09a2..bf1ef34 100644
--- a/doc/crypto/BN_mod_mul_montgomery.pod
+++ b/doc/crypto/BN_mod_mul_montgomery.pod
@@ -2,7 +2,7 @@
@@ -115968,7 +123273,7 @@
BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
-@@ -69,26 +69,6 @@ The error codes can be obtained by L<ERR_get_error(3)>.
+@@ -69,26 +69,6 @@ The error codes can be obtained by L<ERR
The inputs must be reduced modulo B<m>, otherwise the result will be
outside the expected range.
@@ -116009,8 +123314,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod
-index f03feb2..d0536cd 100644
--- a/doc/crypto/BN_mod_mul_reciprocal.pod
+++ b/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -2,7 +2,7 @@
@@ -116022,7 +123325,7 @@
BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
reciprocal
-@@ -30,7 +30,6 @@ using B<recp>=1/B<m>, which is set as described below. B<ctx> is a
+@@ -30,7 +30,6 @@ using B<recp>=1/B<m>, which is set as de
previously allocated B<BN_CTX> used for temporary variables.
BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
@@ -116030,7 +123333,7 @@
BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
was created by BN_RECP_CTX_new(), also the structure itself.
-@@ -51,31 +50,11 @@ The B<BN_RECP_CTX> structure cannot be shared between threads.
+@@ -51,31 +50,11 @@ The B<BN_RECP_CTX> structure cannot be s
BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
on error.
@@ -116080,12 +123383,49 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod
-index 22596dc..ab7c4e5 100644
--- a/doc/crypto/BN_new.pod
+++ b/doc/crypto/BN_new.pod
-@@ -45,4 +45,13 @@ L<bn(3)>, L<ERR_get_error(3)>
+@@ -2,7 +2,7 @@
+ =head1 NAME
+
+-BN_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
++BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
+
+ =head1 SYNOPSIS
+
+@@ -10,6 +10,8 @@ BN_new, BN_clear, BN_free, BN_clear_free
+
+ BIGNUM *BN_new(void);
+
++ BIGNUM *BN_secure_new(void);
++
+ void BN_clear(BIGNUM *a);
+
+ void BN_free(BIGNUM *a);
+@@ -19,6 +21,8 @@ BN_new, BN_clear, BN_free, BN_clear_free
+ =head1 DESCRIPTION
+
+ BN_new() allocates and initializes a B<BIGNUM> structure.
++BN_secure_new() does the same except that the secure heap
++OPENSSL_secure_malloc(3) is used to store the value.
+
+ BN_clear() is used to destroy sensitive data such as keys when they
+ are no longer needed. It erases the memory used by B<a> and sets it
+@@ -31,8 +35,9 @@ If B<a> is NULL, nothing is done.
+
+ =head1 RETURN VALUES
+
+-BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
+-it returns B<NULL> and sets an error code that can be obtained
++BN_new() and BN_secure_new()
++return a pointer to the B<BIGNUM>. If the allocation fails,
++they return B<NULL> and set an error code that can be obtained
+ by L<ERR_get_error(3)>.
+
+ BN_clear(), BN_free() and BN_clear_free() have no return values.
+@@ -45,4 +50,13 @@ L<bn(3)>, L<ERR_get_error(3)>
+
BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.
+=head1 COPYRIGHT
@@ -116098,8 +123438,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_num_bytes.pod b/doc/crypto/BN_num_bytes.pod
-index 30ee3e5..4680cf7 100644
--- a/doc/crypto/BN_num_bytes.pod
+++ b/doc/crypto/BN_num_bytes.pod
@@ -49,4 +49,13 @@ more probability).
@@ -116116,11 +123454,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod
-index c4f98b6..c612c50 100644
--- a/doc/crypto/BN_rand.pod
+++ b/doc/crypto/BN_rand.pod
-@@ -49,4 +49,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
+@@ -49,4 +49,13 @@ The error codes can be obtained by L<ERR
L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>,
L<RAND_add(3)>, L<RAND_bytes(3)>
@@ -116134,8 +123470,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod
-index 13bf231..363227a 100644
--- a/doc/crypto/BN_set_bit.pod
+++ b/doc/crypto/BN_set_bit.pod
@@ -57,4 +57,13 @@ can be obtained by L<ERR_get_error(3)>.
@@ -116152,11 +123486,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_swap.pod b/doc/crypto/BN_swap.pod
-index 04582e9..fe7cc84 100644
--- a/doc/crypto/BN_swap.pod
+++ b/doc/crypto/BN_swap.pod
-@@ -16,4 +16,13 @@ BN_swap() exchanges the values of I<a> and I<b>.
+@@ -16,4 +16,13 @@ BN_swap() exchanges the values of I<a> a
L<bn(3)>
@@ -116170,11 +123502,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod
-index 5334aaa..17e63cf 100644
--- a/doc/crypto/BN_zero.pod
+++ b/doc/crypto/BN_zero.pod
-@@ -55,4 +55,13 @@ unsigned long but this value is also returned on error.
+@@ -55,4 +55,13 @@ unsigned long but this value is also ret
L<bn(3)>, L<BN_bn2bin(3)>
@@ -116188,17 +123518,13 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/BUF_MEM_new.pod b/doc/crypto/BUF_MEM_new.pod
-new file mode 100644
-index 0000000..1a97577
--- /dev/null
+++ b/doc/crypto/BUF_MEM_new.pod
-@@ -0,0 +1,80 @@
+@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
-+BUF_MEM_FLAG_SECURE,
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow
+BUF_MEM_grow_clean, BUF_reverse
+- simple character array structure
@@ -116211,8 +123537,6 @@
+
+ BUF_MEM *BUF_MEM_new(void);
+
-+ #define BUF_MEM_FLAG_SECURE
-+
+ BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+
+ void BUF_MEM_free(BUF_MEM *a);
@@ -116274,11 +123598,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/CMS_add0_cert.pod b/doc/crypto/CMS_add0_cert.pod
-index dc2cf46..5b0cc2a 100644
--- a/doc/crypto/CMS_add0_cert.pod
+++ b/doc/crypto/CMS_add0_cert.pod
-@@ -20,7 +20,7 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
+@@ -20,7 +20,7 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_c
=head1 DESCRIPTION
CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
@@ -116310,8 +123632,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_add1_recipient_cert.pod b/doc/crypto/CMS_add1_recipient_cert.pod
-index 4efe086..0dae5cf 100644
--- a/doc/crypto/CMS_add1_recipient_cert.pod
+++ b/doc/crypto/CMS_add1_recipient_cert.pod
@@ -2,7 +2,7 @@
@@ -116337,8 +123657,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_add1_signer.pod b/doc/crypto/CMS_add1_signer.pod
-index 0f43ea7..f4738e0 100644
--- a/doc/crypto/CMS_add1_signer.pod
+++ b/doc/crypto/CMS_add1_signer.pod
@@ -2,7 +2,7 @@
@@ -116350,7 +123668,7 @@
=head1 SYNOPSIS
-@@ -52,7 +52,7 @@ structure. An error occurs if a matching digest value cannot be found to copy.
+@@ -52,7 +52,7 @@ structure. An error occurs if a matchin
The returned CMS_ContentInfo structure will be valid and finalized when this
flag is set.
@@ -116359,7 +123677,7 @@
CMS_SignerInfo structure will not be finalized so additional attributes
can be added. In this case an explicit call to CMS_SignerInfo_sign() is
needed to finalize it.
-@@ -81,7 +81,7 @@ If any of these algorithms is not available then it will not be included: for ex
+@@ -81,7 +81,7 @@ If any of these algorithms is not availa
not loaded.
CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
@@ -116368,7 +123686,7 @@
before it is finalized.
=head1 RETURN VALUES
-@@ -94,4 +94,13 @@ structure just added or NULL if an error occurs.
+@@ -94,4 +94,13 @@ structure just added or NULL if an error
L<ERR_get_error(3)>, L<CMS_sign(3)>,
L<CMS_final(3)>,
@@ -116382,11 +123700,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_compress.pod b/doc/crypto/CMS_compress.pod
-index e2ead0e..e405108 100644
--- a/doc/crypto/CMS_compress.pod
+++ b/doc/crypto/CMS_compress.pod
-@@ -69,4 +69,13 @@ L<ERR_get_error(3)>, L<CMS_uncompress(3)>
+@@ -69,4 +69,13 @@ L<ERR_get_error(3)>, L<CMS_uncompress(3)
The B<CMS_STREAM> flag was added in OpenSSL 1.0.0.
@@ -116400,8 +123716,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_decrypt.pod b/doc/crypto/CMS_decrypt.pod
-index 4b1e97e..b3b196c 100644
--- a/doc/crypto/CMS_decrypt.pod
+++ b/doc/crypto/CMS_decrypt.pod
@@ -2,7 +2,7 @@
@@ -116413,7 +123727,7 @@
=head1 SYNOPSIS
-@@ -69,4 +69,13 @@ mentioned in CMS_verify() also applies to CMS_decrypt().
+@@ -69,4 +69,13 @@ mentioned in CMS_verify() also applies t
L<ERR_get_error(3)>, L<CMS_encrypt(3)>
@@ -116427,8 +123741,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod
-index b58b0fc..0ed4262 100644
--- a/doc/crypto/CMS_encrypt.pod
+++ b/doc/crypto/CMS_encrypt.pod
@@ -2,7 +2,7 @@
@@ -116440,7 +123752,7 @@
=head1 SYNOPSIS
-@@ -26,7 +26,7 @@ EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
+@@ -26,7 +26,7 @@ EVP_des_ede3_cbc() (triple DES) is the a
because most clients will support it.
The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
@@ -116463,8 +123775,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_final.pod b/doc/crypto/CMS_final.pod
-index c0f4ef9..264fe7b 100644
--- a/doc/crypto/CMS_final.pod
+++ b/doc/crypto/CMS_final.pod
@@ -2,7 +2,7 @@
@@ -116485,7 +123795,7 @@
processed. The B<dcont> parameter contains a BIO to write content to after
processing: this is only used with detached data and will usually be set to
NULL.
-@@ -34,4 +34,13 @@ CMS_final() returns 1 for success or 0 for failure.
+@@ -34,4 +34,13 @@ CMS_final() returns 1 for success or 0 f
L<ERR_get_error(3)>, L<CMS_sign(3)>,
L<CMS_encrypt(3)>
@@ -116499,8 +123809,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_get0_RecipientInfos.pod b/doc/crypto/CMS_get0_RecipientInfos.pod
-index 93bebb7..6c33c22 100644
--- a/doc/crypto/CMS_get0_RecipientInfos.pod
+++ b/doc/crypto/CMS_get0_RecipientInfos.pod
@@ -2,7 +2,12 @@
@@ -116517,7 +123825,7 @@
=head1 SYNOPSIS
-@@ -34,7 +39,7 @@ CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
+@@ -34,7 +39,7 @@ CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, o
CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
identifier associated with a specific CMS_RecipientInfo structure B<ri>, which
must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
@@ -116526,7 +123834,7 @@
CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
-@@ -113,4 +118,13 @@ Any error can be obtained from L<ERR_get_error(3)>.
+@@ -113,4 +118,13 @@ Any error can be obtained from L<ERR_get
L<ERR_get_error(3)>, L<CMS_decrypt(3)>
@@ -116540,8 +123848,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod
-index e636532..c807159 100644
--- a/doc/crypto/CMS_get0_SignerInfos.pod
+++ b/doc/crypto/CMS_get0_SignerInfos.pod
@@ -2,7 +2,10 @@
@@ -116556,7 +123862,7 @@
=head1 SYNOPSIS
-@@ -25,7 +28,7 @@ associated with a specific CMS_SignerInfo structure B<si>. Either the
+@@ -25,7 +28,7 @@ associated with a specific CMS_SignerInf
keyidentifier will be set in B<keyid> or B<both> issuer name and serial number
in B<issuer> and B<sno>.
@@ -116565,7 +123871,7 @@
B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned
corresponds to the internal signature value if B<si> so it may be read or
modified.
-@@ -74,4 +77,13 @@ Any error can be obtained from L<ERR_get_error(3)>
+@@ -74,4 +77,13 @@ Any error can be obtained from L<ERR_get
L<ERR_get_error(3)>, L<CMS_verify(3)>
@@ -116579,8 +123885,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod
-index 80fc303..cad8d3f 100644
--- a/doc/crypto/CMS_get0_type.pod
+++ b/doc/crypto/CMS_get0_type.pod
@@ -2,13 +2,13 @@
@@ -116599,7 +123903,7 @@
int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-@@ -69,4 +69,13 @@ error can be obtained from ERR_get_error(3).
+@@ -69,4 +69,13 @@ error can be obtained from ERR_get_error
L<ERR_get_error(3)>
@@ -116613,8 +123917,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod
-index 81206eb..79f5f42 100644
--- a/doc/crypto/CMS_get1_ReceiptRequest.pod
+++ b/doc/crypto/CMS_get1_ReceiptRequest.pod
@@ -2,7 +2,7 @@
@@ -116649,8 +123951,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod
-index 39229fd..396deef 100644
--- a/doc/crypto/CMS_sign.pod
+++ b/doc/crypto/CMS_sign.pod
@@ -2,7 +2,7 @@
@@ -116662,7 +123962,7 @@
=head1 SYNOPSIS
-@@ -96,7 +96,7 @@ B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
+@@ -96,7 +96,7 @@ B<certs>, B<signcert> and B<pkey> parame
B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
function CMS_sign_add1_signer(), non default digests can be used and custom
attributes added. CMS_final() must then be called to finalize the
@@ -116685,8 +123985,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_sign_receipt.pod b/doc/crypto/CMS_sign_receipt.pod
-index 99a0b14..8ea6df1 100644
--- a/doc/crypto/CMS_sign_receipt.pod
+++ b/doc/crypto/CMS_sign_receipt.pod
@@ -2,7 +2,7 @@
@@ -116712,8 +124010,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_uncompress.pod b/doc/crypto/CMS_uncompress.pod
-index 44512a4..80f9c0d 100644
--- a/doc/crypto/CMS_uncompress.pod
+++ b/doc/crypto/CMS_uncompress.pod
@@ -2,7 +2,7 @@
@@ -116725,7 +124021,7 @@
=head1 SYNOPSIS
-@@ -47,4 +47,13 @@ mentioned in CMS_verify() also applies to CMS_decompress().
+@@ -47,4 +47,13 @@ mentioned in CMS_verify() also applies t
L<ERR_get_error(3)>, L<CMS_compress(3)>
@@ -116739,8 +124035,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_verify.pod b/doc/crypto/CMS_verify.pod
-index d4baffe..c2ff57b 100644
--- a/doc/crypto/CMS_verify.pod
+++ b/doc/crypto/CMS_verify.pod
@@ -67,7 +67,7 @@ returned.
@@ -116752,7 +124046,7 @@
verified.
If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
-@@ -81,13 +81,13 @@ certificates supplied in B<certs> then the verify will fail because the
+@@ -81,13 +81,13 @@ certificates supplied in B<certs> then t
signer cannot be found.
In some cases the standard techniques for looking up and validating
@@ -116783,8 +124077,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CMS_verify_receipt.pod b/doc/crypto/CMS_verify_receipt.pod
-index 15ec54c..193241c 100644
--- a/doc/crypto/CMS_verify_receipt.pod
+++ b/doc/crypto/CMS_verify_receipt.pod
@@ -2,7 +2,7 @@
@@ -116796,7 +124088,7 @@
=head1 SYNOPSIS
-@@ -16,7 +16,7 @@ CMS_verify_receipt() verifies a CMS signed receipt. B<rcms> is the signed
+@@ -16,7 +16,7 @@ CMS_verify_receipt() verifies a CMS sign
receipt to verify. B<ocms> is the original SignedData structure containing the
receipt request. B<certs> is a set of certificates in which to search for the
signing certificate. B<store> is a trusted certificate store (used for chain
@@ -116819,8 +124111,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CONF_modules_free.pod b/doc/crypto/CONF_modules_free.pod
-index 4a8580c..ac59f37 100644
--- a/doc/crypto/CONF_modules_free.pod
+++ b/doc/crypto/CONF_modules_free.pod
@@ -2,8 +2,8 @@
@@ -116848,8 +124138,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod
-index 84f7184..9e4071f 100644
--- a/doc/crypto/CONF_modules_load_file.pod
+++ b/doc/crypto/CONF_modules_load_file.pod
@@ -2,16 +2,16 @@
@@ -116872,7 +124160,7 @@
=head1 DESCRIPTION
-@@ -124,4 +124,13 @@ return value of the failing module (this will always be zero or negative).
+@@ -124,4 +124,13 @@ return value of the failing module (this
L<conf(5)>, L<OPENSSL_config(3)>,
L<CONF_free(3)>, L<err(3)>
@@ -116886,12 +124174,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/CRYPTO_THREAD_run_once.pod b/doc/crypto/CRYPTO_THREAD_run_once.pod
-new file mode 100644
-index 0000000..37671b9
--- /dev/null
+++ b/doc/crypto/CRYPTO_THREAD_run_once.pod
-@@ -0,0 +1,150 @@
+@@ -0,0 +1,163 @@
+=pod
+
+=head1 NAME
@@ -116973,10 +124258,23 @@
+
+The other functions return 1 on success or 0 on error.
+
++=head1 NOTES
++
++On Windows platforms the CRYPTO_THREAD_* types and functions in the
++openssl/crypto.h header are dependent on some of the types customarily
++made available by including windows.h. The application developer is
++likely to require control over when the latter is included, commonly as
++one of the first included headers. Therefore it is defined as an
++application developer's responsibility to include windows.h prior to
++crypto.h where use of CRYPTO_THREAD_* types and functions is required.
++
+=head1 EXAMPLE
+
+This example safely initializes and uses a lock.
+
++ #ifdef _WIN32
++ # include <windows.h>
++ #endif
+ #include <openssl/crypto.h>
+
+ static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
@@ -117042,8 +124340,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/CRYPTO_get_ex_new_index.pod b/doc/crypto/CRYPTO_get_ex_new_index.pod
-index e87d1a3..17110f7 100644
--- a/doc/crypto/CRYPTO_get_ex_new_index.pod
+++ b/doc/crypto/CRYPTO_get_ex_new_index.pod
@@ -2,8 +2,9 @@
@@ -117079,7 +124375,7 @@
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
-@@ -59,6 +62,10 @@ The API described here is used by OpenSSL to manipulate exdata for specific
+@@ -59,6 +62,10 @@ The API described here is used by OpenSS
structures. Since the application data can be anything at all it is passed
and retrieved as a B<void *> type.
@@ -117104,17 +124400,15 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DEFINE_STACK_OF.pod b/doc/crypto/DEFINE_STACK_OF.pod
-new file mode 100644
-index 0000000..94e483f
--- /dev/null
+++ b/doc/crypto/DEFINE_STACK_OF.pod
-@@ -0,0 +1,222 @@
+@@ -0,0 +1,233 @@
+=pod
+
+=head1 NAME
+
+DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF,
++DEFINE_SPECIAL_STACK_OF_CONST,
+OPENSSL_sk_deep_copy, OPENSSL_sk_delete, OPENSSL_sk_delete_ptr,
+OPENSSL_sk_dup, OPENSSL_sk_find, OPENSSL_sk_find_ex, OPENSSL_sk_free,
+OPENSSL_sk_insert, OPENSSL_sk_is_sorted, OPENSSL_sk_new, OPENSSL_sk_new_null,
@@ -117134,10 +124428,11 @@
+
+ #include <openssl/safestack.h>
+
-+ #define STACK_OF(TYPE)
-+ #define DEFINE_STACK_OF
-+ #define DEFINE_STACK_OF_CONST
-+ #define DEFINE_SPECIAL_STACK_OF
++ STACK_OF(TYPE)
++ DEFINE_STACK_OF(TYPE)
++ DEFINE_STACK_OF_CONST(TYPE)
++ DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
++ DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
+
+ typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
+ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
@@ -117176,22 +124471,28 @@
+In the description here, I<TYPE> is used
+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
+
-+DEFINE_STACK_OF(TYPE) creates set of functions for a stack of B<TYPE>. This
++STACK_OF() returns the name for a stack of the specified B<TYPE>.
++DEFINE_STACK_OF() creates set of functions for a stack of B<TYPE>. This
+will mean that type B<TYPE> is stored in each stack, the type is referenced by
+STACK_OF(TYPE) and each function name begins with I<sk_TYPE_>. For example:
+
+ TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+
-+DEFINE_STACK_OF_CONST(TYPE) is identical to DEFINE_STACK_OF(TYPE) except
++DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except
+each element is constant. For example:
+
+ const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+
-+DEFINE_SPECIAL_STACK_OF(FUNCNAME, TYPE) defines a stack of B<TYPE> but
++DEFINE_SPECIAL_STACK_OF() defines a stack of B<TYPE> but
+each function uses B<FUNCNAME> in the function name. For example:
+
+ TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+
++DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is
++constant:
++
++ const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
++
+sk_TYPE_num() returns the number of elements in B<sk> or -1 if B<sk> is
+B<NULL>.
+
@@ -117282,6 +124583,9 @@
+matching element. In particular B<0> indicates a matching first element.
+A failed search is indicated by a B<-1> return value.
+
++STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and
++DEFINE_SPECIAL_STACK_OF() are implemented as macros.
++
+=head1 RETURN VALUES
+
+sk_TYPE_num() returns the number of elements in the stack or B<-1> if the
@@ -117332,9 +124636,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/DES_random_key.pod b/doc/crypto/DES_random_key.pod
-new file mode 100644
-index 0000000..0131093
--- /dev/null
+++ b/doc/crypto/DES_random_key.pod
@@ -0,0 +1,310 @@
@@ -117648,11 +124949,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod
-index b37decc..de0847a 100644
--- a/doc/crypto/DH_generate_key.pod
+++ b/doc/crypto/DH_generate_key.pod
-@@ -42,4 +42,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
+@@ -42,4 +42,13 @@ The error codes can be obtained by L<ERR
L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>, L<DH_size(3)>
@@ -117666,8 +124965,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
-index 93d7b9c..8970aae 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -2,7 +2,6 @@
@@ -117678,7 +124975,16 @@
DH_generate_parameters_ex, DH_generate_parameters,
DH_check - generate and check Diffie-Hellman parameters
-@@ -29,7 +28,7 @@ structure. The pseudo-random number generator must be
+@@ -10,7 +9,7 @@ DH_check - generate and check Diffie-Hel
+
+ #include <openssl/dh.h>
+
+- int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
++ int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
+
+ int DH_check(DH *dh, int *codes);
+
+@@ -29,7 +28,7 @@ structure. The pseudo-random number gene
seeded prior to calling DH_generate_parameters().
B<prime_len> is the length in bits of the safe prime to be generated.
@@ -117687,7 +124993,7 @@
A callback function may be used to provide feedback about the progress
of the key generation. If B<cb> is not B<NULL>, it will be
-@@ -38,12 +37,41 @@ number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)>
+@@ -38,12 +37,41 @@ number is generated, and when a prime ha
is called. See L<BN_generate_prime(3)> for information on
the BN_GENCB_call() function.
@@ -117759,11 +125065,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DH_get0_pqg.pod b/doc/crypto/DH_get0_pqg.pod
-index bcbecf3..79647bf 100644
--- a/doc/crypto/DH_get0_pqg.pod
+++ b/doc/crypto/DH_get0_pqg.pod
-@@ -10,9 +10,11 @@ DH_set_length - Routines for getting and setting data in a DH object
+@@ -10,9 +10,11 @@ DH_set_length - Routines for getting and
#include <openssl/dh.h>
@@ -117777,7 +125081,7 @@
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
-@@ -47,7 +49,9 @@ be. The values point to the internal representation of the public key and
+@@ -47,7 +49,9 @@ be. The values point to the internal rep
private key values. This memory should not be freed directly.
The public and private key values can be set using DH_set0_key(). The public
@@ -117788,7 +125092,7 @@
this function transfers the memory management of the key values to the DH
object, and therefore they should not be freed directly after this function has
been called.
-@@ -68,6 +72,13 @@ length parameter associated with this DH object. If the length is non-zero then
+@@ -68,6 +72,13 @@ length parameter associated with this DH
it is used, otherwise it is ignored. The B<length> parameter indicates the
length of the secret exponent (private key) in bits.
@@ -117802,7 +125106,7 @@
=head1 RETURN VALUES
DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.
-@@ -89,4 +100,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)>
+@@ -89,4 +100,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH
The functions described here were added in OpenSSL version 1.1.0.
@@ -117816,9 +125120,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DH_get_1024_160.pod b/doc/crypto/DH_get_1024_160.pod
-new file mode 100644
-index 0000000..4044f10
--- /dev/null
+++ b/doc/crypto/DH_get_1024_160.pod
@@ -0,0 +1,74 @@
@@ -117896,11 +125197,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/DH_meth_new.pod b/doc/crypto/DH_meth_new.pod
-index 73222be..bcf5592 100644
--- a/doc/crypto/DH_meth_new.pod
+++ b/doc/crypto/DH_meth_new.pod
-@@ -49,8 +49,7 @@ DH_meth_set_generate_params - Routines to build up DH methods
+@@ -49,8 +49,7 @@ DH_meth_set_generate_params - Routines t
The B<DH_METHOD> type is a structure used for the provision of custom DH
implementations. It provides a set of of functions used by OpenSSL for the
@@ -117910,7 +125209,7 @@
DH_meth_new() creates a new B<DH_METHOD> structure. It should be given a
unique B<name> and a set of B<flags>. The B<name> should be a NULL terminated
-@@ -145,4 +144,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
+@@ -145,4 +144,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH
The functions described here were added in OpenSSL version 1.1.0.
@@ -117924,8 +125223,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod
-index 450039c..959a470 100644
--- a/doc/crypto/DH_new.pod
+++ b/doc/crypto/DH_new.pod
@@ -34,4 +34,13 @@ L<dh(3)>, L<ERR_get_error(3)>,
@@ -117942,11 +125239,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod
-index fe26b01..cd75a9b 100644
--- a/doc/crypto/DH_set_method.pod
+++ b/doc/crypto/DH_set_method.pod
-@@ -8,7 +8,6 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
+@@ -8,7 +8,6 @@ DH_set_method, DH_new_method, DH_OpenSSL
=head1 SYNOPSIS
#include <openssl/dh.h>
@@ -117954,7 +125249,7 @@
void DH_set_default_method(const DH_METHOD *meth);
-@@ -74,4 +73,13 @@ returns a pointer to the newly allocated structure.
+@@ -74,4 +73,13 @@ returns a pointer to the newly allocated
L<dh(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
@@ -117968,8 +125263,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DH_size.pod b/doc/crypto/DH_size.pod
-index f961eaa..8c1d151 100644
--- a/doc/crypto/DH_size.pod
+++ b/doc/crypto/DH_size.pod
@@ -35,4 +35,13 @@ L<BN_num_bits(3)>
@@ -117986,8 +125279,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod
-index 82cff7d..7f6a5a1 100644
--- a/doc/crypto/DSA_SIG_new.pod
+++ b/doc/crypto/DSA_SIG_new.pod
@@ -2,6 +2,7 @@
@@ -117998,7 +125289,7 @@
DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
=head1 SYNOPSIS
-@@ -10,7 +11,8 @@ DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+@@ -10,7 +11,8 @@ DSA_SIG_new, DSA_SIG_free - allocate and
DSA_SIG *DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
@@ -118008,7 +125299,7 @@
=head1 DESCRIPTION
-@@ -19,8 +21,14 @@ DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
+@@ -19,8 +21,14 @@ DSA_SIG_new() allocates and initializes
DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
values are erased before the memory is returned to the system.
@@ -118046,11 +125337,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod
-index 6c7cb3c..5e56d20 100644
--- a/doc/crypto/DSA_do_sign.pod
+++ b/doc/crypto/DSA_do_sign.pod
-@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA signature operations
+@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA sig
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
@@ -118059,7 +125348,7 @@
=head1 DESCRIPTION
-@@ -40,4 +40,13 @@ L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
+@@ -40,4 +40,13 @@ L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3
L<DSA_SIG_new(3)>,
L<DSA_sign(3)>
@@ -118073,11 +125362,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_dup_DH.pod b/doc/crypto/DSA_dup_DH.pod
-index 350e8aa..6967ef3 100644
--- a/doc/crypto/DSA_dup_DH.pod
+++ b/doc/crypto/DSA_dup_DH.pod
-@@ -29,4 +29,13 @@ Be careful to avoid small subgroup attacks when using this.
+@@ -29,4 +29,13 @@ Be careful to avoid small subgroup attac
L<dh(3)>, L<dsa(3)>, L<ERR_get_error(3)>
@@ -118091,11 +125378,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod
-index bf396ed..4781abe 100644
--- a/doc/crypto/DSA_generate_key.pod
+++ b/doc/crypto/DSA_generate_key.pod
-@@ -27,4 +27,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
+@@ -27,4 +27,13 @@ The error codes can be obtained by L<ERR
L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
L<DSA_generate_parameters(3)>
@@ -118109,17 +125394,15 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
-index b639db6..87e4eff 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
-@@ -9,15 +9,15 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
+@@ -9,15 +9,15 @@ DSA_generate_parameters_ex, DSA_generate
#include <openssl/dsa.h>
int DSA_generate_parameters_ex(DSA *dsa, int bits,
- const unsigned char *seed,int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-+ const unsigned char *seed,int seed_len,
++ const unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
Deprecated:
@@ -118146,8 +125429,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_get0_pqg.pod b/doc/crypto/DSA_get0_pqg.pod
-index 1c835f0..e87e42a 100644
--- a/doc/crypto/DSA_get0_pqg.pod
+++ b/doc/crypto/DSA_get0_pqg.pod
@@ -10,9 +10,11 @@ setting data in a DSA object
@@ -118164,7 +125445,7 @@
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
-@@ -44,7 +46,9 @@ be. The values point to the internal representation of the public key and
+@@ -44,7 +46,9 @@ be. The values point to the internal rep
private key values. This memory should not be freed directly.
The public and private key values can be set using DSA_set0_key(). The public
@@ -118189,7 +125470,7 @@
=head1 RETURN VALUES
DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.
-@@ -79,4 +90,13 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_meth_new(3)>
+@@ -79,4 +90,13 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_me
The functions described here were added in OpenSSL version 1.1.0.
@@ -118203,11 +125484,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_meth_new.pod b/doc/crypto/DSA_meth_new.pod
-index 84584f1..68f744a 100644
--- a/doc/crypto/DSA_meth_new.pod
+++ b/doc/crypto/DSA_meth_new.pod
-@@ -174,11 +174,20 @@ DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or
+@@ -174,11 +174,20 @@ DSA_meth_set1_name() and all DSA_meth_se
=head1 SEE ALSO
L<dsa(3)>, L<DSA_new(3)>, L<DSA_generate_parameters(3)>, L<DSA_generate_key(3)>,
@@ -118229,8 +125508,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod
-index 320839c..a967ab5 100644
--- a/doc/crypto/DSA_new.pod
+++ b/doc/crypto/DSA_new.pod
@@ -36,4 +36,13 @@ L<dsa(3)>, L<ERR_get_error(3)>,
@@ -118247,11 +125524,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod
-index 1d56cca..a64725f 100644
--- a/doc/crypto/DSA_set_method.pod
+++ b/doc/crypto/DSA_set_method.pod
-@@ -8,7 +8,6 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
+@@ -8,7 +8,6 @@ DSA_set_method, DSA_new_method, DSA_Open
=head1 SYNOPSIS
#include <openssl/dsa.h>
@@ -118259,7 +125534,7 @@
void DSA_set_default_method(const DSA_METHOD *meth);
-@@ -37,7 +36,7 @@ been set as a default for DSA, so this function is no longer recommended.
+@@ -37,7 +36,7 @@ been set as a default for DSA, so this f
DSA_get_default_method() returns a pointer to the current default
DSA_METHOD. However, the meaningfulness of this result is dependent on
@@ -118268,7 +125543,7 @@
recommended.
DSA_set_method() selects B<meth> to perform all operations using the key
-@@ -74,4 +73,13 @@ fails. Otherwise it returns a pointer to the newly allocated structure.
+@@ -74,4 +73,13 @@ fails. Otherwise it returns a pointer to
L<dsa(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)>
@@ -118282,11 +125557,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod
-index 1071cca..ba0f6b8 100644
--- a/doc/crypto/DSA_sign.pod
+++ b/doc/crypto/DSA_sign.pod
-@@ -8,14 +8,14 @@ DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+@@ -8,14 +8,14 @@ DSA_sign, DSA_sign_setup, DSA_verify - D
#include <openssl/dsa.h>
@@ -118320,8 +125593,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/DSA_size.pod b/doc/crypto/DSA_size.pod
-index 4333d6d..7c12146 100644
--- a/doc/crypto/DSA_size.pod
+++ b/doc/crypto/DSA_size.pod
@@ -26,4 +26,13 @@ The size in bytes.
@@ -118338,9 +125609,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ECDSA_SIG_new.pod b/doc/crypto/ECDSA_SIG_new.pod
-new file mode 100644
-index 0000000..b6545c9
--- /dev/null
+++ b/doc/crypto/ECDSA_SIG_new.pod
@@ -0,0 +1,207 @@
@@ -118551,9 +125819,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/ECPKParameters_print.pod b/doc/crypto/ECPKParameters_print.pod
-new file mode 100644
-index 0000000..c9c3628
--- /dev/null
+++ b/doc/crypto/ECPKParameters_print.pod
@@ -0,0 +1,44 @@
@@ -118601,8 +125866,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/EC_GFp_simple_method.pod b/doc/crypto/EC_GFp_simple_method.pod
-index 2a21c93..89c590e 100644
--- a/doc/crypto/EC_GFp_simple_method.pod
+++ b/doc/crypto/EC_GFp_simple_method.pod
@@ -2,7 +2,7 @@
@@ -118614,7 +125877,7 @@
=head1 SYNOPSIS
-@@ -57,4 +57,13 @@ L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+@@ -57,4 +57,13 @@ L<EC_POINT_new(3)>, L<EC_POINT_add(3)>,
L<d2i_ECPKParameters(3)>,
L<BN_mod_mul_montgomery(3)>
@@ -118628,8 +125891,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod
-index 3af5bbf..6b398df 100644
--- a/doc/crypto/EC_GROUP_copy.pod
+++ b/doc/crypto/EC_GROUP_copy.pod
@@ -2,12 +2,21 @@
@@ -118656,7 +125917,7 @@
int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
-@@ -19,7 +28,7 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROU
+@@ -19,7 +28,7 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_me
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
@@ -118665,7 +125926,7 @@
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
-@@ -46,8 +55,8 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROU
+@@ -46,8 +55,8 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_me
int EC_GROUP_get_basis_type(const EC_GROUP *);
int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
@@ -118676,7 +125937,7 @@
=head1 DESCRIPTION
-@@ -86,26 +95,25 @@ applications would have to explicitly set the named curve form) in OpenSSL
+@@ -86,26 +95,25 @@ applications would have to explicitly se
1.1.0 and later the named curve form is the default.
The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA).
@@ -118712,7 +125973,7 @@
For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two
possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
-@@ -186,4 +194,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
+@@ -186,4 +194,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3
L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -118726,8 +125987,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EC_GROUP_new.pod b/doc/crypto/EC_GROUP_new.pod
-index bbd3dfb..2512910 100644
--- a/doc/crypto/EC_GROUP_new.pod
+++ b/doc/crypto/EC_GROUP_new.pod
@@ -2,18 +2,18 @@
@@ -118752,7 +126011,7 @@
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
-@@ -78,10 +78,10 @@ provided. The return value is the total number of curves available (whether that
+@@ -78,10 +78,10 @@ provided. The return value is the total
not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available.
The EC_builtin_curve structure is defined as follows:
@@ -118767,7 +126026,7 @@
Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
-@@ -108,4 +108,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_copy(3)>,
+@@ -108,4 +108,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_copy(
L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -118781,9 +126040,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EC_KEY_get_enc_flags.pod b/doc/crypto/EC_KEY_get_enc_flags.pod
-new file mode 100644
-index 0000000..abc55c1
--- /dev/null
+++ b/doc/crypto/EC_KEY_get_enc_flags.pod
@@ -0,0 +1,59 @@
@@ -118846,8 +126102,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod
-index 6bfd180..b6bd432 100644
--- a/doc/crypto/EC_KEY_new.pod
+++ b/doc/crypto/EC_KEY_new.pod
@@ -2,21 +2,21 @@
@@ -118875,6 +126129,15 @@
EC_KEY *EC_KEY_new(void);
int EC_KEY_get_flags(const EC_KEY *key);
+@@ -49,7 +49,7 @@ EC_KEY objects.
+ size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
+ unsigned char **pbuf, BN_CTX *ctx);
+
+- int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len);
++ int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+ size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
+
+ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
@@ -171,4 +171,13 @@ L<EC_POINT_add(3)>,
L<EC_GFp_simple_method(3)>,
L<d2i_ECPKParameters(3)>
@@ -118889,8 +126152,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EC_POINT_add.pod b/doc/crypto/EC_POINT_add.pod
-index eaa7f52..c029de4 100644
--- a/doc/crypto/EC_POINT_add.pod
+++ b/doc/crypto/EC_POINT_add.pod
@@ -2,12 +2,11 @@
@@ -118907,7 +126168,7 @@
int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
-@@ -69,4 +68,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+@@ -69,4 +68,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3
L<EC_POINT_new(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -118921,8 +126182,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod
-index 8e11f0b..206648c 100644
--- a/doc/crypto/EC_POINT_new.pod
+++ b/doc/crypto/EC_POINT_new.pod
@@ -2,20 +2,22 @@
@@ -118958,7 +126217,7 @@
EC_POINT *EC_POINT_new(const EC_GROUP *group);
void EC_POINT_free(EC_POINT *point);
-@@ -106,7 +108,7 @@ this co-ordinate system provides more efficient point multiplication
+@@ -106,7 +108,7 @@ this co-ordinate system provides more ef
operations. A mapping exists between Jacobian projective co-ordinates and
affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written
as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
@@ -118967,7 +126226,7 @@
to (x, y, 1). To set or get the projective co-ordinates use
EC_POINT_set_Jprojective_coordinates_GFp() and
EC_POINT_get_Jprojective_coordinates_GFp() respectively.
-@@ -182,4 +184,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+@@ -182,4 +184,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3
L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -118981,9 +126240,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ENGINE_add.pod b/doc/crypto/ENGINE_add.pod
-new file mode 100644
-index 0000000..4e082bc
--- /dev/null
+++ b/doc/crypto/ENGINE_add.pod
@@ -0,0 +1,611 @@
@@ -119002,7 +126258,7 @@
+ENGINE_get_init_function, ENGINE_get_load_privkey_function,
+ENGINE_get_load_pubkey_function, ENGINE_load_private_key,
+ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id,
-+ENGINE_get_name, ENGINE_get_cmd_defns, EVP_CIPHER ENGINE_get_cipher,
++ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher,
+ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable,
+ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string,
+ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init,
@@ -119461,8 +126717,8 @@
+ const char **post_cmds, int post_num)
+ {
+ ENGINE *e = ENGINE_by_id(engine_id);
-+ if(!e) return 0;
-+ while(pre_num--) {
++ if (!e) return 0;
++ while (pre_num--) {
+ if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+ fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+ pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
@@ -119471,7 +126727,7 @@
+ }
+ pre_cmds += 2;
+ }
-+ if(!ENGINE_init(e)) {
++ if (!ENGINE_init(e)) {
+ fprintf(stderr, "Failed initialisation\n");
+ ENGINE_free(e);
+ return 0;
@@ -119514,17 +126770,17 @@
+OpenSSL core routines.
+
+It is using these "core" control commands that one can discover the control
-+commands implemented by a given ENGINE, specifically the commands;
++commands implemented by a given ENGINE, specifically the commands:
+
-+ #define ENGINE_HAS_CTRL_FUNCTION 10
-+ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
-+ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
-+ #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
-+ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
-+ #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
-+ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
-+ #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
-+ #define ENGINE_CTRL_GET_CMD_FLAGS 18
++ ENGINE_HAS_CTRL_FUNCTION
++ ENGINE_CTRL_GET_FIRST_CMD_TYPE
++ ENGINE_CTRL_GET_NEXT_CMD_TYPE
++ ENGINE_CTRL_GET_CMD_FROM_NAME
++ ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
++ ENGINE_CTRL_GET_NAME_FROM_CMD
++ ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
++ ENGINE_CTRL_GET_DESC_FROM_CMD
++ ENGINE_CTRL_GET_CMD_FLAGS
+
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each ENGINE to process these
@@ -119558,12 +126814,12 @@
+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
-+possible values;
++possible values:
+
-+ #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
-+ #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
-+ #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
-+ #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
++ ENGINE_CMD_FLAG_NUMERIC
++ ENGINE_CMD_FLAG_STRING
++ ENGINE_CMD_FLAG_NO_INPUT
++ ENGINE_CMD_FLAG_INTERNAL
+
+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+informational to the caller - this flag will prevent the command being usable
@@ -119598,8 +126854,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod
-index 3f0e36a..10e250f 100644
--- a/doc/crypto/ERR_GET_LIB.pod
+++ b/doc/crypto/ERR_GET_LIB.pod
@@ -48,4 +48,13 @@ L<err(3)>, L<ERR_get_error(3)>
@@ -119616,8 +126870,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod
-index e54e34c..892c67f 100644
--- a/doc/crypto/ERR_clear_error.pod
+++ b/doc/crypto/ERR_clear_error.pod
@@ -22,4 +22,13 @@ ERR_clear_error() has no return value.
@@ -119634,8 +126886,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod
-index 81ca61c..12f4f72 100644
--- a/doc/crypto/ERR_error_string.pod
+++ b/doc/crypto/ERR_error_string.pod
@@ -62,4 +62,13 @@ none is registered for the error code.
@@ -119652,11 +126902,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod
-index aa5047e..a7efc74 100644
--- a/doc/crypto/ERR_get_error.pod
+++ b/doc/crypto/ERR_get_error.pod
-@@ -67,4 +67,13 @@ The error code, or 0 if there is no error in the queue.
+@@ -67,4 +67,13 @@ The error code, or 0 if there is no erro
L<err(3)>, L<ERR_error_string(3)>,
L<ERR_GET_LIB(3)>
@@ -119670,11 +126918,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod
-index 68c006f..15f8000 100644
--- a/doc/crypto/ERR_load_crypto_strings.pod
+++ b/doc/crypto/ERR_load_crypto_strings.pod
-@@ -21,7 +21,7 @@ Deprecated:
+@@ -21,7 +21,7 @@ load and free error strings
#if OPENSSL_API_COMPAT < 0x10100000L
void SSL_load_error_strings(void);
#endif
@@ -119683,7 +126929,7 @@
=head1 DESCRIPTION
All of the following functions are deprecated from OpenSSL 1.1.0. No explicit
-@@ -50,4 +50,13 @@ The ERR_load_crypto_strings(), SSL_load_error_strings(), and
+@@ -50,4 +50,13 @@ The ERR_load_crypto_strings(), SSL_load_
ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by
OPENSSL_init_crypto() and OPENSSL_init_ssl().
@@ -119697,12 +126943,18 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod
-index 0e212a0..8071d96 100644
--- a/doc/crypto/ERR_load_strings.pod
+++ b/doc/crypto/ERR_load_strings.pod
-@@ -45,4 +45,13 @@ ERR_get_next_error_library() returns a new library number.
+@@ -39,10 +39,20 @@ to user libraries at runtime.
+ =head1 RETURN VALUE
+ ERR_load_strings() returns no value. ERR_PACK() return the error code.
+-ERR_get_next_error_library() returns a new library number.
++ERR_get_next_error_library() returns zero on failure, otherwise a new
++library number.
+
+ =head1 SEE ALSO
+
L<err(3)>, L<ERR_load_strings(3)>
+=head1 COPYRIGHT
@@ -119715,8 +126967,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod
-index aec8a10..17229af 100644
--- a/doc/crypto/ERR_print_errors.pod
+++ b/doc/crypto/ERR_print_errors.pod
@@ -2,7 +2,8 @@
@@ -119729,7 +126979,7 @@
=head1 SYNOPSIS
-@@ -10,6 +11,9 @@ ERR_print_errors, ERR_print_errors_fp - print error messages
+@@ -10,6 +11,9 @@ ERR_print_errors, ERR_print_errors_fp -
void ERR_print_errors(BIO *bp);
void ERR_print_errors_fp(FILE *fp);
@@ -119749,7 +126999,7 @@
The error strings will have the following format:
-@@ -41,4 +48,13 @@ ERR_print_errors() and ERR_print_errors_fp() return no values.
+@@ -41,4 +48,13 @@ ERR_print_errors() and ERR_print_errors_
L<err(3)>, L<ERR_error_string(3)>,
L<ERR_get_error(3)>.
@@ -119763,11 +127013,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod
-index f0a82f6..1ec3575 100644
--- a/doc/crypto/ERR_put_error.pod
+++ b/doc/crypto/ERR_put_error.pod
-@@ -12,6 +12,7 @@ ERR_put_error, ERR_add_error_data - record an error
+@@ -12,6 +12,7 @@ ERR_put_error, ERR_add_error_data - reco
int line);
void ERR_add_error_data(int num, ...);
@@ -119775,7 +127023,7 @@
=head1 DESCRIPTION
-@@ -22,11 +23,42 @@ This function is usually called by a macro.
+@@ -22,11 +23,38 @@ This function is usually called by a mac
ERR_add_error_data() associates the concatenation of its B<num> string
arguments with the error code added last.
@@ -119805,10 +127053,6 @@
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and underscores changed to spaces.
+
-+When you are using new function or reason codes, run B<make errors>.
-+The necessary B<#define>s will then automatically be added to the
-+sub-library's header file.
-+
+Although a library will normally report errors using its own specific
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
@@ -119818,7 +127062,7 @@
=head1 RETURN VALUES
ERR_put_error() and ERR_add_error_data() return
-@@ -36,4 +68,13 @@ no values.
+@@ -36,4 +64,13 @@ no values.
L<err(3)>, L<ERR_load_strings(3)>
@@ -119832,8 +127076,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod
-index b011182..f2e71e3 100644
--- a/doc/crypto/ERR_remove_state.pod
+++ b/doc/crypto/ERR_remove_state.pod
@@ -2,44 +2,52 @@
@@ -119855,21 +127097,21 @@
void ERR_remove_state(unsigned long pid);
#endif
--=head1 DESCRIPTION
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void ERR_remove_thread_state(void *);
+ #endif
++
+ =head1 DESCRIPTION
-ERR_remove_thread_state() frees the error queue associated with the current
-thread.
-+=head1 DESCRIPTION
++The functions described here were used to free the error queue
++associated with the current or specified thread.
-Since error queue data structures are allocated automatically for new
-threads, they must be freed when threads are terminated in order to
-avoid memory leaks.
-+The functions described here were used to free the error queue
-+associated with the current or specified thread.
-
+-
-ERR_remove_state is deprecated and has been replaced by
-ERR_remove_thread_state. Any argument to this function is ignored and
-calling ERR_remove_state is equivalent to B<ERR_remove_thread_state()>.
@@ -119907,11 +127149,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/ERR_set_mark.pod b/doc/crypto/ERR_set_mark.pod
-index d30f1c0..9c55f5a 100644
--- a/doc/crypto/ERR_set_mark.pod
+++ b/doc/crypto/ERR_set_mark.pod
-@@ -31,4 +31,13 @@ implies that the stack became empty, otherwise 1.
+@@ -31,4 +31,13 @@ implies that the stack became empty, oth
L<err(3)>
@@ -119925,11 +127165,24 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
-index c2470df..003afb2 100644
--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
-@@ -44,7 +44,7 @@ defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
+@@ -8,10 +8,10 @@ EVP_BytesToKey - password based encrypti
+
+ #include <openssl/evp.h>
+
+- int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+- const unsigned char *salt,
+- const unsigned char *data, int datal, int count,
+- unsigned char *key,unsigned char *iv);
++ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
++ const unsigned char *salt,
++ const unsigned char *data, int datal, int count,
++ unsigned char *key, unsigned char *iv);
+
+ =head1 DESCRIPTION
+
+@@ -44,7 +44,7 @@ defined in PKCS#5v2.1 and provided by PK
The key and IV is derived by concatenating D_1, D_2, etc until
enough data is available for the key and IV. D_i is defined as:
@@ -119953,8 +127206,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod b/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
-index fc1d914..3a57fcd 100644
--- a/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
+++ b/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
@@ -39,4 +39,13 @@ cipher data for the EVP_CIPHER_CTX.
@@ -119971,11 +127222,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_CIPHER_meth_new.pod b/doc/crypto/EVP_CIPHER_meth_new.pod
-index 499133f..6e18ed5 100644
--- a/doc/crypto/EVP_CIPHER_meth_new.pod
+++ b/doc/crypto/EVP_CIPHER_meth_new.pod
-@@ -19,7 +19,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
+@@ -19,7 +19,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
@@ -119984,7 +127233,7 @@
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
-@@ -44,7 +44,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
+@@ -44,7 +44,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to
int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
int (*ctrl) (EVP_CIPHER_CTX *, int type,
int arg, void *ptr));
@@ -119993,7 +127242,7 @@
int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv,
-@@ -82,37 +82,14 @@ With the exception of cipher modes, of which only one may be present,
+@@ -82,37 +82,14 @@ With the exception of cipher modes, of w
several flags can be or'd together.
The available flags are:
@@ -120037,7 +127286,7 @@
=item EVP_CIPH_VARIABLE_LENGTH
-@@ -197,13 +174,8 @@ This indicates that this is an AEAD cipher implementation.
+@@ -197,13 +174,8 @@ This indicates that this is an AEAD ciph
=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
@@ -120053,7 +127302,7 @@
=back
-@@ -224,7 +196,7 @@ EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and
+@@ -224,7 +196,7 @@ EVP_EncryptFinal(), EVP_EncryptFinal_ex(
EVP_DecryptFinal_ex().
EVP_CIPHER_meth_set_cleanup() sets the function for B<cipher> to do
@@ -120070,7 +127319,7 @@
EVP_CIPHER_meth_get_input_blocksize(), EVP_CIPHER_meth_get_result_size(),
EVP_CIPHER_meth_get_app_datasize(), EVP_CIPHER_meth_get_flags(),
-@@ -253,4 +226,13 @@ The B<EVP_CIPHER> structure was openly available in OpenSSL before version
+@@ -253,4 +226,13 @@ The B<EVP_CIPHER> structure was openly a
1.1.
The functions described here were added in OpenSSL version 1.1.
@@ -120084,16 +127333,32 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
-index 7ce5695..405810e 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
-@@ -32,24 +32,17 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
+@@ -3,7 +3,7 @@
+ =head1 NAME
- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
+ EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex,
+-EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MAX_MD_SIZE,
++EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex,
+ EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
+ EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
+ EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
+@@ -24,32 +24,23 @@ EVP_get_digestbynid, EVP_get_digestbyobj
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+- int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
++ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+
+- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
+-
- #define EVP_MAX_MD_SIZE 64 /* SHA512 */
-+ #define EVP_MAX_MD_SIZE 64 /* SHA512 */
++ int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
int EVP_MD_type(const EVP_MD *md);
- int EVP_MD_pkey_type(const EVP_MD *md);
@@ -120115,7 +127380,7 @@
const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void);
-@@ -213,15 +206,15 @@ digest name passed on the command line.
+@@ -213,15 +204,15 @@ digest name passed on the command line.
int md_len, i;
if(!argv[1]) {
@@ -120135,16 +127400,18 @@
}
mdctx = EVP_MD_CTX_new();
-@@ -233,7 +226,7 @@ digest name passed on the command line.
+@@ -232,8 +223,8 @@ digest name passed on the command line.
+ EVP_MD_CTX_free(mdctx);
printf("Digest is: ");
- for(i = 0; i < md_len; i++)
+- for(i = 0; i < md_len; i++)
- printf("%02x", md_value[i]);
++ for (i = 0; i < md_len; i++)
+ printf("%02x", md_value[i]);
printf("\n");
exit(0);
-@@ -256,4 +249,13 @@ The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
+@@ -256,4 +247,13 @@ The link between digests and signing alg
later, so now EVP_sha1() can be used with RSA and DSA. The legacy EVP_dss1()
was removed in OpenSSL 1.1.0
@@ -120158,11 +127425,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod
-index 4b9eb21..c97a732 100644
--- a/doc/crypto/EVP_DigestSignInit.pod
+++ b/doc/crypto/EVP_DigestSignInit.pod
-@@ -9,7 +9,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func
+@@ -9,7 +9,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate
#include <openssl/evp.h>
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
@@ -120171,7 +127436,7 @@
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
-@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and
the use of clone digest is now discouraged.
For some key types and parameters the random number generator must be seeded
@@ -120198,11 +127463,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod
-index cc740b7..15db70e 100644
--- a/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/doc/crypto/EVP_DigestVerifyInit.pod
-@@ -9,7 +9,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat
+@@ -9,7 +9,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUp
#include <openssl/evp.h>
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
@@ -120211,7 +127474,7 @@
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
-@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and
the use of clone digest is now discouraged.
For some key types and parameters the random number generator must be seeded
@@ -120238,20 +127501,17 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
-new file mode 100644
-index 0000000..52c97d5
--- /dev/null
+++ b/doc/crypto/EVP_EncodeInit.pod
-@@ -0,0 +1,158 @@
+@@ -0,0 +1,162 @@
+=pod
+
+=head1 NAME
+
-+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
-+EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
-+EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
-+routines
++EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy,
++EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal,
++EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal,
++EVP_DecodeBlock - EVP base 64 encode/decode routines
+
+=head1 SYNOPSIS
+
@@ -120259,6 +127519,7 @@
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
++ int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
@@ -120322,6 +127583,9 @@
+sufficiently large to accommodate the output data which will never be more than
+65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
+
++EVP_ENCODE_CTX_copy() can be used to copy a context B<sctx> to a context
++B<dctx>. B<dctx> must be initialized before calling this function.
++
+EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to
+be encoded or decoded that are pending in the B<ctx> object.
+
@@ -120402,11 +127666,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
-index b42b64c..093618d 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
-@@ -16,7 +16,7 @@ EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+@@ -16,7 +16,7 @@ EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block
EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
@@ -120415,7 +127677,7 @@
EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb,
EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb,
EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc,
-@@ -31,6 +31,8 @@ EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_aes_256_cfb, EVP_aes_256_ofb,
+@@ -31,6 +31,8 @@ EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_ae
EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm,
EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
@@ -120424,7 +127686,7 @@
=head1 SYNOPSIS
#include <openssl/evp.h>
-@@ -40,14 +42,14 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
+@@ -40,14 +42,14 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
@@ -120441,26 +127703,32 @@
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-@@ -83,12 +85,12 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
- #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
- #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+@@ -80,15 +82,16 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+- #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+- #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
++ const EVP_CIPHER *EVP_get_cipherbynid(int nid);
++ const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
+
- #define EVP_CIPHER_nid(e) ((e)->nid)
- #define EVP_CIPHER_block_size(e) ((e)->block_size)
- #define EVP_CIPHER_key_length(e) ((e)->key_len)
- #define EVP_CIPHER_iv_length(e) ((e)->iv_len)
- #define EVP_CIPHER_flags(e) ((e)->flags)
- #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE)
-+ #define EVP_CIPHER_nid(e) ((e)->nid)
-+ #define EVP_CIPHER_block_size(e) ((e)->block_size)
-+ #define EVP_CIPHER_key_length(e) ((e)->key_len)
-+ #define EVP_CIPHER_iv_length(e) ((e)->iv_len)
-+ #define EVP_CIPHER_flags(e) ((e)->flags)
-+ #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE)
++ int EVP_CIPHER_nid(const EVP_CIPHER *e);
++ int EVP_CIPHER_block_size(const EVP_CIPHER *e);
++ int EVP_CIPHER_key_length(const EVP_CIPHER *e)
++ int EVP_CIPHER_key_length(const EVP_CIPHER *e);
++ int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
++ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
++ unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
int EVP_CIPHER_type(const EVP_CIPHER *ctx);
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
-@@ -99,9 +101,6 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
+@@ -99,9 +102,6 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
@@ -120470,7 +127738,7 @@
int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-@@ -138,7 +137,9 @@ multiple times to encrypt successive blocks of data. The amount
+@@ -138,7 +138,9 @@ multiple times to encrypt successive blo
of data written depends on the block alignment of the encrypted data:
as a result the amount of data written may be anything from zero bytes
to (inl + cipher_block_size - 1) so B<out> should contain sufficient
@@ -120481,7 +127749,7 @@
If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
the "final" data, that is any data that remains in a partial block.
-@@ -221,7 +222,7 @@ B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+@@ -221,7 +223,7 @@ B<EVP_MAX_IV_LENGTH> is the maximum IV l
EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
@@ -120490,7 +127758,7 @@
length for all ciphers.
EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
-@@ -326,11 +327,11 @@ AES with a 256-bit key in CBC, ECB, CFB and OFB modes respectively.
+@@ -326,11 +328,11 @@ AES with a 256-bit key in CBC, ECB, CFB
DES in CBC, ECB, CFB and OFB modes respectively.
@@ -120504,7 +127772,7 @@
Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
-@@ -384,13 +385,13 @@ bits and 12 rounds.
+@@ -384,13 +386,13 @@ bits and 12 rounds.
AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
These ciphers require additional control operations to function correctly: see
@@ -120521,7 +127789,25 @@
=item EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm()
-@@ -526,46 +527,46 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
+@@ -474,8 +476,6 @@ Sets the CCM nonce (IV) length: this cal
+ an nonce value. The nonce length is given by B<15 - L> so it is 7 by default
+ for AES.
+
+-
+-
+ =head1 NOTES
+
+ Where possible the B<EVP> interface to symmetric ciphers should be used in
+@@ -508,6 +508,8 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_e
+ EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
+ existing context without allocating and freeing it up on each call.
+
++EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
++
+ =head1 BUGS
+
+ For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
+@@ -526,46 +528,46 @@ for certain common S/MIME ciphers (RC2,
Encrypt a string using IDEA:
int do_crypt(char *outfile)
@@ -120607,7 +127893,7 @@
The ciphertext from the above example can be decrypted using the B<openssl>
utility with the command line (shown on two lines for clarity):
-@@ -577,50 +578,50 @@ General encryption and decryption function example using FILE I/O and AES128
+@@ -577,50 +579,50 @@ General encryption and decryption functi
with a 128-bit key:
int do_crypt(FILE *in, FILE *out, int do_encrypt)
@@ -120679,7 +127965,7 @@
+ for(;;)
+ {
+ inlen = fread(inbuf, 1, 1024, in);
-+ if(inlen <= 0) break;
++ if (inlen <= 0) break;
+ if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
+ {
+ /* Error */
@@ -120702,7 +127988,7 @@
=head1 SEE ALSO
-@@ -636,4 +637,13 @@ EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup()
+@@ -636,4 +638,13 @@ EVP_CIPHER_CTX_reset() appeared and EVP_
disappeared. EVP_CIPHER_CTX_init() remains as an alias for
EVP_CIPHER_CTX_reset().
@@ -120716,8 +128002,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_MD_meth_new.pod b/doc/crypto/EVP_MD_meth_new.pod
-index 0bab127..c15a31e 100644
--- a/doc/crypto/EVP_MD_meth_new.pod
+++ b/doc/crypto/EVP_MD_meth_new.pod
@@ -2,6 +2,7 @@
@@ -120728,7 +128012,7 @@
EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize,
EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
-@@ -10,17 +11,16 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize,
+@@ -10,17 +11,16 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_in
EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
@@ -120758,7 +128042,7 @@
int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
int p1, void *p2));
-@@ -130,7 +131,7 @@ This copy function is called by EVP_MD_CTX_copy() and
+@@ -130,7 +131,7 @@ This copy function is called by EVP_MD_C
EVP_MD_CTX_copy_ex().
EVP_MD_meth_set_cleanup() sets the function for B<md> to do extra
@@ -120767,7 +128051,7 @@
freed.
Note that the cleanup function is passed a B<EVP_MD_CTX *>, the
private data structure is then available with EVP_MD_CTX_md_data().
-@@ -157,4 +158,13 @@ L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
+@@ -157,4 +158,13 @@ L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>
The B<EVP_MD> structure was openly available in OpenSSL before version
1.1. The functions described here were added in OpenSSL version 1.1.
@@ -120781,20 +128065,20 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod
-index e207b01..293b4eb 100644
--- a/doc/crypto/EVP_OpenInit.pod
+++ b/doc/crypto/EVP_OpenInit.pod
-@@ -9,7 +9,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+@@ -8,8 +8,8 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFi
+
#include <openssl/evp.h>
- int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+- int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
- int ekl,unsigned char *iv,EVP_PKEY *priv);
-+ int ekl,unsigned char *iv,EVP_PKEY *priv);
++ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
++ int ekl, unsigned char *iv, EVP_PKEY *priv);
int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-@@ -27,7 +27,7 @@ B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+@@ -27,7 +27,7 @@ B<ekl> bytes passed in the B<ek> paramet
The IV is supplied in the B<iv> parameter.
EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
@@ -120818,11 +128102,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
-index cc27e54..a30450b 100644
--- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
-@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
+@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorith
#include <openssl/evp.h>
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
@@ -120834,7 +128116,7 @@
#include <openssl/rsa.h>
-@@ -78,7 +78,8 @@ to PKCS#1 when signing and this structure is expected (and stripped off) when
+@@ -78,7 +78,8 @@ to PKCS#1 when signing and this structur
verifying. If this control is not used with RSA and PKCS#1 padding then the
supplied data is used directly and not encapsulated. In the case of X9.31
padding for RSA the algorithm identifier byte is added or checked and removed
@@ -120858,8 +128140,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_CTX_new.pod b/doc/crypto/EVP_PKEY_CTX_new.pod
-index 5fb5d58..eff94cd 100644
--- a/doc/crypto/EVP_PKEY_CTX_new.pod
+++ b/doc/crypto/EVP_PKEY_CTX_new.pod
@@ -2,7 +2,7 @@
@@ -120885,23 +128165,127 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod
-index 8a5ef98..61e0eec 100644
---- a/doc/crypto/EVP_PKEY_HKDF.pod
-+++ b/doc/crypto/EVP_PKEY_HKDF.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--EVP_PKEY_HKDF, EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
+--- /dev/null
++++ b/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod
+@@ -0,0 +1,128 @@
++=pod
++
++=head1 NAME
++
+EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
- EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
- HMAC-based Extract-and-Expand key derivation algorithm
-
-@@ -116,4 +116,13 @@ L<EVP_PKEY_CTX_new(3)>,
- L<EVP_PKEY_CTX_ctrl_str(3)>,
- L<EVP_PKEY_derive(3)>
-
++EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
++HMAC-based Extract-and-Expand key derivation algorithm
++
++=head1 SYNOPSIS
++
++ #include <openssl/kdf.h>
++
++ int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
++
++ int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
++ int saltlen);
++
++ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
++ int keylen);
++
++ int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
++ int infolen);
++
++=head1 DESCRIPTION
++
++The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
++HKDF follows the "extract-then-expand" paradigm, where the KDF logically
++consists of two modules. The first stage takes the input keying material
++and "extracts" from it a fixed-length pseudorandom key K. The second stage
++"expands" the key K into several additional pseudorandom keys (the output
++of the KDF).
++
++EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
++
++EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
++buffer B<salt>. Any existing value is replaced.
++
++EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
++B<key>. Any existing value is replaced.
++
++EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
++buffer B<info>. If a value is already set, it is appended to the existing
++value.
++
++=head1 STRING CTRLS
++
++HKDF also supports string based control operations via
++L<EVP_PKEY_CTX_ctrl_str(3)>.
++The B<type> parameter "md" uses the supplied B<value> as the name of the digest
++algorithm to use.
++The B<type> parameters "salt", "key" and "info" use the supplied B<value>
++parameter as a B<seed>, B<key> or B<info> value.
++The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
++string which is converted to binary.
++
++=head1 NOTES
++
++All these functions are implemented as macros.
++
++A context for HKDF can be obtained by calling:
++
++ EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL);
++
++The digest, key, salt and info values must be set before a key is derived or
++an error occurs.
++
++The total length of the info buffer cannot exceed 1024 bytes in length: this
++should be more than enough for any normal use of HKDF.
++
++The output length of the KDF is specified via the length parameter to the
++L<EVP_PKEY_derive(3)> function.
++Since the HKDF output length is variable, passing a B<NULL> buffer as a means
++to obtain the requisite length is not meaningful with HKDF.
++Instead, the caller must allocate a buffer of the desired length, and pass that
++buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
++desired length.
++
++Optimised versions of HKDF can be implemented in an ENGINE.
++
++=head1 RETURN VALUES
++
++All these functions return 1 for success and 0 or a negative value for failure.
++In particular a return value of -2 indicates the operation is not supported by
++the public key algorithm.
++
++=head1 EXAMPLE
++
++This example derives 10 bytes using SHA-256 with the secret key "secret",
++salt value "salt" and info value "label":
++
++ EVP_PKEY_CTX *pctx;
++ unsigned char out[10];
++ size_t outlen = sizeof(out);
++ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
++
++ if (EVP_PKEY_derive_init(pctx) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
++ /* Error */
++ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
++ /* Error */
++
++=head1 CONFORMING TO
++
++RFC 5869
++
++=head1 SEE ALSO
++
++L<EVP_PKEY_CTX_new(3)>,
++L<EVP_PKEY_CTX_ctrl_str(3)>,
++L<EVP_PKEY_derive(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -120911,15 +128295,108 @@
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
- =cut
-diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
-index e2264fc..5c8dd9d 100644
---- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
-+++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
-@@ -96,4 +96,13 @@ L<EVP_PKEY_CTX_new(3)>,
- L<EVP_PKEY_CTX_ctrl_str(3)>,
- L<EVP_PKEY_derive(3)>
-
++=cut
+--- /dev/null
++++ b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md
+@@ -0,0 +1,108 @@
++=pod
++
++=head1 NAME
++
++EVP_PKEY_CTX_set_tls1_prf_md,
++EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed -
++TLS PRF key derivation algorithm
++
++=head1 SYNOPSIS
++
++ #include <openssl/kdf.h>
++
++ int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
++ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
++ unsigned char *sec, int seclen);
++ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, seed, seedlen)
++ unsigned char *seed, int seedlen);
++
++=head1 DESCRIPTION
++
++The B<EVP_PKEY_TLS1_PRF> algorithm implements the PRF key derivation function for
++TLS. It has no associated private key and only implements key derivation
++using EVP_PKEY_derive().
++
++EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
++TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
++algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
++
++EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF
++to B<seclen> bytes of the buffer B<sec>. Any existing secret value is replaced
++and any seed is reset.
++
++EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
++If a seed is already set it is appended to the existing value.
++
++=head1 STRING CTRLS
++
++The TLS PRF also supports string based control operations using
++L<EVP_PKEY_CTX_ctrl_str(3)>.
++The B<type> parameter "md" uses the supplied B<value> as the name of the digest
++algorithm to use.
++The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
++as a secret or seed value.
++The names "hexsecret" and "hexseed" are similar except they take a hex string
++which is converted to binary.
++
++=head1 NOTES
++
++All these functions are implemented as macros.
++
++A context for the TLS PRF can be obtained by calling:
++
++ EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL);
++
++The digest, secret value and seed must be set before a key is derived or an
++error occurs.
++
++The total length of all seeds cannot exceed 1024 bytes in length: this should
++be more than enough for any normal use of the TLS PRF.
++
++The output length of the PRF is specified by the length parameter in the
++EVP_PKEY_derive() function. Since the output length is variable, setting
++the buffer to B<NULL> is not meaningful for the TLS PRF.
++
++Optimised versions of the TLS PRF can be implemented in an ENGINE.
++
++=head1 RETURN VALUES
++
++All these functions return 1 for success and 0 or a negative value for failure.
++In particular a return value of -2 indicates the operation is not supported by
++the public key algorithm.
++
++=head1 EXAMPLE
++
++This example derives 10 bytes using SHA-256 with the secret key "secret"
++and seed value "seed":
++
++ EVP_PKEY_CTX *pctx;
++ unsigned char out[10];
++ size_t outlen = sizeof(out);
++ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
++ if (EVP_PKEY_derive_init(pctx) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
++ /* Error */
++ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
++ /* Error */
++ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
++ /* Error */
++
++=head1 SEE ALSO
++
++L<EVP_PKEY_CTX_new(3)>,
++L<EVP_PKEY_CTX_ctrl_str(3)>,
++L<EVP_PKEY_derive(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -120929,9 +128406,231 @@
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
- =cut
-diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod
-index 9e0107f..270d635 100644
++=cut
+--- a/doc/crypto/EVP_PKEY_HKDF.pod
++++ /dev/null
+@@ -1,119 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-EVP_PKEY_HKDF, EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
+-EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
+-HMAC-based Extract-and-Expand key derivation algorithm
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/kdf.h>
+-
+- int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+-
+- int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+- int saltlen);
+-
+- int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
+- int keylen);
+-
+- int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
+- int infolen);
+-
+-=head1 DESCRIPTION
+-
+-The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
+-HKDF follows the "extract-then-expand" paradigm, where the KDF logically
+-consists of two modules. The first stage takes the input keying material
+-and "extracts" from it a fixed-length pseudorandom key K. The second stage
+-"expands" the key K into several additional pseudorandom keys (the output
+-of the KDF).
+-
+-EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
+-
+-EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
+-buffer B<salt>. Any existing value is replaced.
+-
+-EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
+-B<key>. Any existing value is replaced.
+-
+-EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
+-buffer B<info>. If a value is already set, it is appended to the existing
+-value.
+-
+-=head1 STRING CTRLS
+-
+-HKDF also supports string based control operations via
+-L<EVP_PKEY_CTX_ctrl_str(3)>.
+-The B<type> parameter "md" uses the supplied B<value> as the name of the digest
+-algorithm to use.
+-The B<type> parameters "salt", "key" and "info" use the supplied B<value>
+-parameter as a B<seed>, B<key> or B<info> value.
+-The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
+-string which is converted to binary.
+-
+-=head1 NOTES
+-
+-All these functions are implemented as macros.
+-
+-A context for HKDF can be obtained by calling:
+-
+- EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL);
+-
+-The digest, key, salt and info values must be set before a key is derived or
+-an error occurs.
+-
+-The total length of the info buffer cannot exceed 1024 bytes in length: this
+-should be more than enough for any normal use of HKDF.
+-
+-The output length of the KDF is specified via the length parameter to the
+-L<EVP_PKEY_derive(3)> function.
+-Since the HKDF output length is variable, passing a B<NULL> buffer as a means
+-to obtain the requisite length is not meaningful with HKDF.
+-Instead, the caller must allocate a buffer of the desired length, and pass that
+-buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
+-desired length.
+-
+-Optimised versions of HKDF can be implemented in an ENGINE.
+-
+-=head1 RETURN VALUES
+-
+-All these functions return 1 for success and 0 or a negative value for failure.
+-In particular a return value of -2 indicates the operation is not supported by
+-the public key algorithm.
+-
+-=head1 EXAMPLE
+-
+-This example derives 10 bytes using SHA-256 with the secret key "secret",
+-salt value "salt" and info value "label":
+-
+- EVP_PKEY_CTX *pctx;
+- unsigned char out[10];
+- size_t outlen = sizeof(out);
+- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+-
+- if (EVP_PKEY_derive_init(pctx) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
+- /* Error */
+- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+- /* Error */
+-
+-=head1 CONFORMING TO
+-
+-RFC 5869
+-
+-=head1 SEE ALSO
+-
+-L<EVP_PKEY_CTX_new(3)>,
+-L<EVP_PKEY_CTX_ctrl_str(3)>,
+-L<EVP_PKEY_derive(3)>
+-
+-=cut
+--- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
++++ /dev/null
+@@ -1,99 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-EVP_PKEY_TLS1_PRF, EVP_PKEY_CTX_set_tls1_prf_md,
+-EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed -
+-TLS PRF key derivation algorithm
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/kdf.h>
+-
+- int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+- int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+- unsigned char *sec, int seclen);
+- int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, seed, seedlen)
+- unsigned char *seed, int seedlen);
+-
+-=head1 DESCRIPTION
+-
+-The EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for
+-TLS. It has no associated private key and only implements key derivation
+-using EVP_PKEY_derive().
+-
+-EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
+-TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
+-algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
+-
+-EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF
+-to B<seclen> bytes of the buffer B<sec>. Any existing secret value is replaced
+-and any seed is reset.
+-
+-EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
+-If a seed is already set it is appended to the existing value.
+-
+-=head1 STRING CTRLS
+-
+-The TLS PRF also supports string based control operations using
+-L<EVP_PKEY_CTX_ctrl_str(3)>.
+-The B<type> parameter "md" uses the supplied B<value> as the name of the digest
+-algorithm to use.
+-The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
+-as a secret or seed value.
+-The names "hexsecret" and "hexseed" are similar except they take a hex string
+-which is converted to binary.
+-
+-=head1 NOTES
+-
+-All these functions are implemented as macros.
+-
+-A context for the TLS PRF can be obtained by calling:
+-
+- EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL);
+-
+-The digest, secret value and seed must be set before a key is derived or an
+-error occurs.
+-
+-The total length of all seeds cannot exceed 1024 bytes in length: this should
+-be more than enough for any normal use of the TLS PRF.
+-
+-The output length of the PRF is specified by the length parameter in the
+-EVP_PKEY_derive() function. Since the output length is variable, setting
+-the buffer to B<NULL> is not meaningful for the TLS PRF.
+-
+-Optimised versions of the TLS PRF can be implemented in an ENGINE.
+-
+-=head1 RETURN VALUES
+-
+-All these functions return 1 for success and 0 or a negative value for failure.
+-In particular a return value of -2 indicates the operation is not supported by
+-the public key algorithm.
+-
+-=head1 EXAMPLE
+-
+-This example derives 10 bytes using SHA-256 with the secret key "secret"
+-and seed value "seed":
+-
+- EVP_PKEY_CTX *pctx;
+- unsigned char out[10];
+- size_t outlen = sizeof(out);
+- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+- if (EVP_PKEY_derive_init(pctx) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
+- /* Error */
+- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
+- /* Error */
+- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+- /* Error */
+-
+-=head1 SEE ALSO
+-
+-L<EVP_PKEY_CTX_new(3)>,
+-L<EVP_PKEY_CTX_ctrl_str(3)>,
+-L<EVP_PKEY_derive(3)>
+-
+-=cut
--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
@@ -2,7 +2,8 @@
@@ -120944,7 +128643,7 @@
=head1 SYNOPSIS
-@@ -21,7 +22,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
+@@ -21,7 +22,9 @@ parameters of B<pkey> are missing and 0
doesn't use parameters.
The function EVP_PKEY_copy_parameters() copies the parameters from key
@@ -120955,7 +128654,7 @@
The function EVP_PKEY_cmp_parameters() compares the parameters of keys
B<a> and B<b>.
-@@ -56,6 +59,15 @@ keys match, 0 if they don't match, -1 if the key types are different and
+@@ -56,6 +59,15 @@ keys match, 0 if they don't match, -1 if
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
@@ -120972,11 +128671,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/EVP_PKEY_decrypt.pod b/doc/crypto/EVP_PKEY_decrypt.pod
-index e94f3a8..ca732ed 100644
--- a/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/doc/crypto/EVP_PKEY_decrypt.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
+@@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt
int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
@@ -120987,7 +128684,7 @@
=head1 DESCRIPTION
-@@ -50,30 +50,30 @@ Decrypt data using OAEP (for RSA keys):
+@@ -50,30 +50,30 @@ indicates the operation is not supported
EVP_PKEY_CTX *ctx;
unsigned char *out, *in;
@@ -121047,8 +128744,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_derive.pod b/doc/crypto/EVP_PKEY_derive.pod
-index f6f3ac7..f70a0b8 100644
--- a/doc/crypto/EVP_PKEY_derive.pod
+++ b/doc/crypto/EVP_PKEY_derive.pod
@@ -2,7 +2,7 @@
@@ -121060,7 +128755,7 @@
=head1 SYNOPSIS
-@@ -57,23 +57,23 @@ Derive shared secret (for example DH or EC keys):
+@@ -57,23 +57,23 @@ indicates the operation is not supported
ctx = EVP_PKEY_CTX_new(pkey);
if (!ctx)
@@ -121105,11 +128800,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_encrypt.pod b/doc/crypto/EVP_PKEY_encrypt.pod
-index 819d864..d75f3f2 100644
--- a/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/doc/crypto/EVP_PKEY_encrypt.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
+@@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt
int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
@@ -121120,7 +128813,7 @@
=head1 DESCRIPTION
-@@ -43,7 +43,7 @@ indicates the operation is not supported by the public key algorithm.
+@@ -43,7 +43,7 @@ indicates the operation is not supported
=head1 EXAMPLE
@@ -121129,7 +128822,7 @@
L<d2i_X509(3)> for means to load a public key. You may also simply
set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
-@@ -54,30 +54,30 @@ set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
+@@ -54,30 +54,30 @@ L<d2i_X509(3)> for means to load a publi
EVP_PKEY_CTX *ctx;
ENGINE *eng;
unsigned char *out, *in;
@@ -121139,7 +128832,8 @@
/* NB: assumes eng, key, in, inlen are already set up,
* and that key is an RSA public key
*/
- ctx = EVP_PKEY_CTX_new(key,eng);
+- ctx = EVP_PKEY_CTX_new(key,eng);
++ ctx = EVP_PKEY_CTX_new(key, eng);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
@@ -121189,9 +128883,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_get_default_digest.pod b/doc/crypto/EVP_PKEY_get_default_digest.pod
-deleted file mode 100644
-index 8ac104e..0000000
--- a/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ /dev/null
@@ -1,41 +0,0 @@
@@ -121236,9 +128927,6 @@
-This function was first added to OpenSSL 1.0.0.
-
-=cut
-diff --git a/doc/crypto/EVP_PKEY_get_default_digest_nid.pod b/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
-new file mode 100644
-index 0000000..3dce5c5
--- /dev/null
+++ b/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
@@ -0,0 +1,50 @@
@@ -121292,8 +128980,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod
-index c86e013..cebd95b 100644
--- a/doc/crypto/EVP_PKEY_keygen.pod
+++ b/doc/crypto/EVP_PKEY_keygen.pod
@@ -2,7 +2,10 @@
@@ -121308,7 +128994,7 @@
=head1 SYNOPSIS
-@@ -28,7 +31,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen
+@@ -28,7 +31,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, E
The EVP_PKEY_keygen_init() function initializes a public key algorithm
context using key B<pkey> for a key generation operation.
@@ -121317,7 +129003,7 @@
generated key is written to B<ppkey>.
The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
-@@ -95,15 +98,15 @@ Generate a 2048 bit RSA key:
+@@ -95,15 +98,15 @@ the public key algorithm.
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
@@ -121337,7 +129023,7 @@
Generate a key from a set of parameters:
-@@ -115,13 +118,13 @@ Generate a key from a set of parameters:
+@@ -115,13 +118,13 @@ the public key algorithm.
/* Assumed param is set up already */
ctx = EVP_PKEY_CTX_new(param);
if (!ctx)
@@ -121354,7 +129040,7 @@
Example of generation callback for OpenSSL public key implementations:
-@@ -130,19 +133,19 @@ Example of generation callback for OpenSSL public key implementations:
+@@ -130,19 +133,19 @@ the public key algorithm.
EVP_PKEY_CTX_set_app_data(ctx, status_bio);
static int genpkey_cb(EVP_PKEY_CTX *ctx)
@@ -121372,15 +129058,15 @@
- return 1;
- }
+ {
-+ char c='*';
++ char c = '*';
+ BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+ int p;
+ p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-+ if (p == 0) c='.';
-+ if (p == 1) c='+';
-+ if (p == 2) c='*';
-+ if (p == 3) c='\n';
-+ BIO_write(b,&c,1);
++ if (p == 0) c = '.';
++ if (p == 1) c = '+';
++ if (p == 2) c = '*';
++ if (p == 3) c = '\n';
++ BIO_write(b, &c, 1);
+ (void)BIO_flush(b);
+ return 1;
+ }
@@ -121408,8 +129094,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_new.pod b/doc/crypto/EVP_PKEY_new.pod
-index 05ac087..956d699 100644
--- a/doc/crypto/EVP_PKEY_new.pod
+++ b/doc/crypto/EVP_PKEY_new.pod
@@ -2,14 +2,14 @@
@@ -121438,7 +129122,7 @@
=head1 SEE ALSO
-@@ -49,4 +49,13 @@ EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL.
+@@ -49,4 +49,13 @@ EVP_PKEY_new() and EVP_PKEY_free() exist
EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
@@ -121452,8 +129136,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_print_private.pod b/doc/crypto/EVP_PKEY_print_private.pod
-index 8664c49..9f1d324 100644
--- a/doc/crypto/EVP_PKEY_print_private.pod
+++ b/doc/crypto/EVP_PKEY_print_private.pod
@@ -2,18 +2,18 @@
@@ -121509,11 +129191,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
-index c7fd8e9..1498df7 100644
--- a/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
-@@ -6,7 +6,9 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+@@ -6,31 +6,34 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EV
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
@@ -121524,7 +129204,19 @@
=head1 SYNOPSIS
-@@ -22,6 +24,7 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions.
+ #include <openssl/evp.h>
+
+- int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+- int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+- int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+- int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
++ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
++ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
++ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
++ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+
+ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
@@ -121532,7 +129224,20 @@
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
-@@ -45,11 +48,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+ EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+
+- int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
+- int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
+- int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
+- int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
++ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
++ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
++ int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
++ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+
+ int EVP_PKEY_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+@@ -45,11 +48,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA()
EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
B<NULL> if the key is not of the correct type.
@@ -121549,7 +129254,7 @@
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
-@@ -105,4 +108,13 @@ type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
+@@ -105,4 +108,13 @@ type or B<NID_undef> (equivalently B<EVP
L<EVP_PKEY_new(3)>
@@ -121563,11 +129268,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod
-index f189206..9b3c8d4 100644
--- a/doc/crypto/EVP_PKEY_sign.pod
+++ b/doc/crypto/EVP_PKEY_sign.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
+@@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
@@ -121578,7 +129281,7 @@
=head1 DESCRIPTION
-@@ -66,25 +66,25 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
+@@ -66,25 +66,25 @@ indicates the operation is not supported
*/
ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
if (!ctx)
@@ -121633,11 +129336,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_verify.pod b/doc/crypto/EVP_PKEY_verify.pod
-index 4952b7f..e84f880 100644
--- a/doc/crypto/EVP_PKEY_verify.pod
+++ b/doc/crypto/EVP_PKEY_verify.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke
+@@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify -
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
@@ -121648,7 +129349,7 @@
=head1 DESCRIPTION
-@@ -53,20 +53,20 @@ Verify signature using PKCS#1 and SHA256 digest:
+@@ -53,20 +53,20 @@ the public key algorithm.
EVP_PKEY_CTX *ctx;
unsigned char *md, *sig;
@@ -121695,11 +129396,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_PKEY_verify_recover.pod b/doc/crypto/EVP_PKEY_verify_recover.pod
-index 6c2287b..837bc64 100644
--- a/doc/crypto/EVP_PKEY_verify_recover.pod
+++ b/doc/crypto/EVP_PKEY_verify_recover.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using
+@@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_v
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
@@ -121710,7 +129409,7 @@
=head1 DESCRIPTION
-@@ -29,7 +29,7 @@ B<rout> and the amount of data written to B<routlen>.
+@@ -29,7 +29,7 @@ B<rout> and the amount of data written t
=head1 NOTES
Normally an application is only interested in whether a signature verification
@@ -121719,7 +129418,7 @@
used.
Sometimes however it is useful to obtain the data originally signed using a
-@@ -58,32 +58,32 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
+@@ -58,32 +58,32 @@ indicates the operation is not supported
EVP_PKEY_CTX *ctx;
unsigned char *rout, *sig;
@@ -121782,11 +129481,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod
-index e920e3e..30bd680 100644
--- a/doc/crypto/EVP_SealInit.pod
+++ b/doc/crypto/EVP_SealInit.pod
-@@ -42,9 +42,9 @@ If the cipher does not require an IV then the B<iv> parameter is ignored
+@@ -42,9 +42,9 @@ If the cipher does not require an IV the
and can be B<NULL>.
EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
@@ -121812,8 +129509,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
-index 185b113..ea4e71e 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -2,6 +2,7 @@
@@ -121824,8 +129519,17 @@
EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing
functions
-@@ -60,7 +61,7 @@ transparent to the algorithm used and much more flexible.
+@@ -11,7 +12,7 @@ functions
+ int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+- int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
++ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
+
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+@@ -60,7 +61,7 @@ transparent to the algorithm used and mu
+
Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in
@@ -121856,8 +129560,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod
-index 7fb6e63..355dc9f 100644
--- a/doc/crypto/EVP_VerifyInit.pod
+++ b/doc/crypto/EVP_VerifyInit.pod
@@ -2,7 +2,9 @@
@@ -121871,8 +129573,17 @@
=head1 SYNOPSIS
-@@ -51,7 +53,7 @@ transparent to the algorithm used and much more flexible.
+@@ -10,7 +12,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_Ve
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+- int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
++ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey);
+
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+@@ -51,7 +53,7 @@ transparent to the algorithm used and mu
+
Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in
@@ -121903,12 +129614,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/HMAC.pod b/doc/crypto/HMAC.pod
-new file mode 100644
-index 0000000..fdafec8
--- /dev/null
+++ b/doc/crypto/HMAC.pod
-@@ -0,0 +1,147 @@
+@@ -0,0 +1,151 @@
+=pod
+
+=head1 NAME
@@ -121990,14 +129698,18 @@
+long. It is deprecated and only included for backward compatibility
+with OpenSSL 0.9.6b.
+
-+HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
-+the function B<evp_md> and key B<key>. Either can be NULL, in which
-+case the existing one will be reused. B<ctx> must have been created
-+with HMAC_CTX_new() before the first use of an B<HMAC_CTX> in this
-+function. B<N.B. HMAC_Init() had this undocumented behaviour in
-+previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
-+programs that expect it will cause them to stop working>.
++HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
++function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
++as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
++reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
++of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
++behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
++in programs that expect it will cause them to stop working>.
+
++B<NB: if HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
++same as the previous digest used by B<ctx> then an error is returned
++because reuse of an existing key with a different digest is not supported.>
++
+HMAC_Update() can be called repeatedly with chunks of the message to
+be authenticated (B<len> bytes at B<data>).
+
@@ -122056,9 +129768,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/MD5.pod b/doc/crypto/MD5.pod
-new file mode 100644
-index 0000000..78da750
--- /dev/null
+++ b/doc/crypto/MD5.pod
@@ -0,0 +1,101 @@
@@ -122163,9 +129872,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/MDC2_Init.pod b/doc/crypto/MDC2_Init.pod
-new file mode 100644
-index 0000000..f7db71b
--- /dev/null
+++ b/doc/crypto/MDC2_Init.pod
@@ -0,0 +1,68 @@
@@ -122237,8 +129943,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
-index d777d7c..02e81ba 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -2,17 +2,19 @@
@@ -122277,7 +129981,7 @@
- int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
- ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
-+ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
++ int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
- int OBJ_create(const char *oid,const char *sn,const char *ln);
+ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
@@ -122287,24 +129991,23 @@
size_t OBJ_length(const ASN1_OBJECT *obj);
const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
-@@ -41,8 +45,14 @@ Deprecated:
+@@ -41,8 +45,14 @@ functions
The ASN1 object utility functions process ASN1_OBJECT structures which are
a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
--
--OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
+For convenience, OIDs are usually represented in source code as numeric
+identifiers, or B<NID>s. OpenSSL has an internal table of OIDs that
+are generated when the library is built, and their corresponding NIDs
+are available as defined constants. For the functions below, application
+code should treat all returned values -- OIDs, NIDs, or names -- as
+constants.
-+
+
+-OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
an ASN1_OBJECT structure, its long name and its short name respectively,
or B<NULL> is an error occurred.
-@@ -66,11 +76,13 @@ if the object has a long or short name then that will be used, otherwise
+@@ -66,11 +76,13 @@ if the object has a long or short name t
the numerical form will be used. If B<no_name> is 1 then the numerical
form will always be used.
@@ -122319,7 +130022,7 @@
numerical form of the object, B<sn> the short name and B<ln> the
long name. A new NID is returned for the created object.
-@@ -117,6 +129,10 @@ exists for a particular algorithm). As a result they B<cannot> be encoded or
+@@ -117,6 +129,10 @@ exists for a particular algorithm). As a
decoded as part of ASN.1 structures. Applications can determine if there
is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
@@ -122330,7 +130033,7 @@
=head1 EXAMPLES
Create an object for B<commonName>:
-@@ -127,23 +143,24 @@ Create an object for B<commonName>:
+@@ -127,23 +143,24 @@ is a corresponding OBJECT IDENTIFIER by
Check if an object is B<commonName>
if (OBJ_obj2nid(obj) == NID_commonName)
@@ -122372,8 +130075,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OCSP_REQUEST_new.pod b/doc/crypto/OCSP_REQUEST_new.pod
-index b74f56a..97c2337 100644
--- a/doc/crypto/OCSP_REQUEST_new.pod
+++ b/doc/crypto/OCSP_REQUEST_new.pod
@@ -1,8 +1,10 @@
@@ -122402,8 +130103,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OCSP_cert_to_id.pod b/doc/crypto/OCSP_cert_to_id.pod
-index ac11ba7..0e37937 100644
--- a/doc/crypto/OCSP_cert_to_id.pod
+++ b/doc/crypto/OCSP_cert_to_id.pod
@@ -1,7 +1,9 @@
@@ -122431,8 +130130,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OCSP_request_add1_nonce.pod b/doc/crypto/OCSP_request_add1_nonce.pod
-index a95000e..dab42c6 100644
--- a/doc/crypto/OCSP_request_add1_nonce.pod
+++ b/doc/crypto/OCSP_request_add1_nonce.pod
@@ -1,6 +1,8 @@
@@ -122459,12 +130156,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OCSP_resp_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod
-new file mode 100644
-index 0000000..a852eaa
--- /dev/null
+++ b/doc/crypto/OCSP_resp_find_status.pod
-@@ -0,0 +1,123 @@
+@@ -0,0 +1,136 @@
+=pod
+
+=head1 NAME
@@ -122494,6 +130188,12 @@
+
+ ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* single);
+
++ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
++
++ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
++ const ASN1_OCTET_STRING **pid,
++ const X509_NAME **pname);
++
+ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+ ASN1_GENERALIZEDTIME *nextupd,
+ long sec, long maxsec);
@@ -122528,6 +130228,13 @@
+OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
+single response B<bs>.
+
++OCSP_resp_get0_certs() returns any certificates included in B<bs>.
++
++OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
++a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
++responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
++is set to NULL.
++
+OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
+which will be typically obtained from OCSP_resp_find_status() or
+OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
@@ -122588,9 +130295,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod
-deleted file mode 100644
-index 2a14189..0000000
--- a/doc/crypto/OCSP_response_find_status.pod
+++ /dev/null
@@ -1,109 +0,0 @@
@@ -122703,8 +130407,6 @@
-L<OCSP_sendreq_new(3)>
-
-=cut
-diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod
-index 5195b2a..08738d2 100644
--- a/doc/crypto/OCSP_response_status.pod
+++ b/doc/crypto/OCSP_response_status.pod
@@ -1,7 +1,9 @@
@@ -122718,7 +130420,7 @@
=head1 SYNOPSIS
-@@ -21,7 +23,7 @@ B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B<OCSP_RESPONSE_STATUS_TRYLATER>
+@@ -21,7 +23,7 @@ B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B
B<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or B<OCSP_RESPONSE_STATUS_UNAUTHORIZED>.
OCSP_response_get1_basic() decodes and returns the B<OCSP_BASICRESP> structure
@@ -122741,8 +130443,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OCSP_sendreq_new.pod b/doc/crypto/OCSP_sendreq_new.pod
-index 1d5599a..c7fdc9b 100644
--- a/doc/crypto/OCSP_sendreq_new.pod
+++ b/doc/crypto/OCSP_sendreq_new.pod
@@ -110,4 +110,13 @@ L<OCSP_REQUEST_new(3)>,
@@ -122759,14 +130459,16 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OPENSSL_Applink.pod b/doc/crypto/OPENSSL_Applink.pod
-index e54de12..59f46eb 100644
--- a/doc/crypto/OPENSSL_Applink.pod
+++ b/doc/crypto/OPENSSL_Applink.pod
-@@ -18,4 +18,13 @@ expected to implement it, but to compile provided module with
+@@ -16,6 +16,16 @@ Even though it appears at application si
+ private interface. For this reason application developers are not
+ expected to implement it, but to compile provided module with
compiler of their choice and link it into the target application.
- The referred module is available as <openssl>/ms/applink.c.
-
+-The referred module is available as <openssl>/ms/applink.c.
++The referred module is available as F<applink.c>, located alongside
++the public header files (only on the platforms where applicable).
++
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -122775,14 +130477,11 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
-diff --git a/doc/crypto/OPENSSL_LH_COMPFUNC.pod b/doc/crypto/OPENSSL_LH_COMPFUNC.pod
-new file mode 100644
-index 0000000..372f0d9
--- /dev/null
+++ b/doc/crypto/OPENSSL_LH_COMPFUNC.pod
-@@ -0,0 +1,264 @@
+@@ -0,0 +1,239 @@
+=pod
+
+=head1 NAME
@@ -122790,6 +130489,7 @@
+DECLARE_LHASH_OF,
+OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC,
+LHASH_DOALL_ARG_FN_TYPE,
++IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN,
+lh_TYPE_new, lh_TYPE_free,
+lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,
+lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table
@@ -122828,75 +130528,52 @@
+for any of the OpenSSL datatypes, such as I<SSL_SESSION>.
+
+lh_TYPE_new() creates a new B<LHASH_OF(TYPE)> structure to store
-+arbitrary data entries, and provides the 'hash' and 'compare'
++arbitrary data entries, and specifies the 'hash' and 'compare'
+callbacks to be used in organising the table's entries. The B<hash>
+callback takes a pointer to a table entry as its argument and returns
+an unsigned long hash value for its key field. The hash value is
+normally truncated to a power of 2, so make sure that your hash
+function returns well mixed low order bits. The B<compare> callback
+takes two arguments (pointers to two hash table entries), and returns
-+0 if their keys are equal, non-zero otherwise. If your hash table
++0 if their keys are equal, non-zero otherwise.
++
++If your hash table
+will contain items of some particular type and the B<hash> and
+B<compare> callbacks hash/compare these types, then the
-+B<DECLARE_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
++B<IMPLEMENT_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
+used to create callback wrappers of the prototypes required by
-+lh_TYPE_new(). These provide per-variable casts before calling the
-+type-specific callbacks written by the application author. These
-+macros, as well as those used for the "doall" callbacks, are defined
-+as;
++lh_TYPE_new() as shown in this example:
+
-+ #define DECLARE_LHASH_HASH_FN(name, o_type) \
-+ unsigned long name##_LHASH_HASH(const void *);
-+ #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-+ unsigned long name##_LHASH_HASH(const void *arg) { \
-+ const o_type *a = arg; \
-+ return name##_hash(a); }
-+ #define LHASH_HASH_FN(name) name##_LHASH_HASH
++ /*
++ * Implement the hash and compare functions; "stuff" can be any word.
++ */
++ static unsigned long stuff_hash(const TYPE *a)
++ {
++ ...
++ }
++ static int stuff_cmp(const TYPE *a, const TYPE *b)
++ {
++ ...
++ }
+
-+ #define DECLARE_LHASH_COMP_FN(name, o_type) \
-+ int name##_LHASH_COMP(const void *, const void *);
-+ #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-+ int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-+ const o_type *a = arg1; \
-+ const o_type *b = arg2; \
-+ return name##_cmp(a,b); }
-+ #define LHASH_COMP_FN(name) name##_LHASH_COMP
++ /*
++ * Implement the wrapper functions.
++ */
++ static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
++ static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
+
-+ #define DECLARE_LHASH_DOALL_FN(name, o_type) \
-+ void name##_LHASH_DOALL(void *);
-+ #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-+ void name##_LHASH_DOALL(void *arg) { \
-+ o_type *a = arg; \
-+ name##_doall(a); }
-+ #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
++If the type is going to be used in several places, the following macros
++can be used in a common header file to declare the function wrappers:
+
-+ #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-+ void name##_LHASH_DOALL_ARG(void *, void *);
-+ #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-+ void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-+ o_type *a = arg1; \
-+ a_type *b = arg2; \
-+ name##_doall_arg(a, b); }
-+ #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
++ DECLARE_LHASH_HASH_FN(stuff, TYPE)
++ DECLARE_LHASH_COMP_FN(stuff, TYPE)
+
-+ An example of a hash table storing (pointers to) structures of type 'STUFF'
-+ could be defined as follows;
++Then a hash table of TYPE objects can be created using this:
+
-+ /* Calculates the hash value of 'tohash' (implemented elsewhere) */
-+ unsigned long STUFF_hash(const STUFF *tohash);
-+ /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
-+ int stuff_cmp(const STUFF *arg1, const STUFF *arg2);
-+ /* Create the type-safe wrapper functions for use in the LHASH internals */
-+ static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF);
-+ static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF);
-+ /* ... */
-+ int main(int argc, char *argv[]) {
-+ /* Create the new hash table using the hash/compare wrappers */
-+ LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
-+ LHASH_COMP_FN(STUFF_cmp));
-+ /* ... */
-+ }
++ LHASH_OF(TYPE) *htable;
+
++ htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
++
+lh_TYPE_free() frees the B<LHASH_OF(TYPE)> structure
+B<table>. Allocated hash table entries will not be freed; consider
+using lh_TYPE_doall() to deallocate any remaining entries in the
@@ -122914,24 +130591,20 @@
+pointer to a fully populated structure.
+
+lh_TYPE_doall() will, for every entry in the hash table, call
-+B<func> with the data item as its parameter. For lh_TYPE_doall()
-+and lh_TYPE_doall_arg(), function pointer casting should be avoided
-+in the callbacks (see B<NOTE>) - instead use the declare/implement
-+macros to create type-checked wrappers that cast variables prior to
-+calling your type-specific callbacks. An example of this is
-+illustrated here where the callback is used to cleanup resources for
-+items in the hash table prior to the hashtable itself being
-+deallocated:
++B<func> with the data item as its parameter.
++For example:
+
+ /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
-+ void STUFF_cleanup_doall(STUFF *a);
-+ /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
-+ IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF)
-+ /* ... then later in the code ... */
-+ /* So to run "STUFF_cleanup" against all items in a hash table ... */
-+ lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
++ void TYPE_cleanup_doall(TYPE *a);
++
++ /* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
++ IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
++
++ /* Call "TYPE_cleanup" against all items in a hash table. */
++ lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
++
+ /* Then the hash table itself can be deallocated */
-+ lh_STUFF_free(hashtable);
++ lh_TYPE_free(hashtable);
+
+When doing this, be careful if you delete entries from the hash table
+in your callbacks: the table may decrease in size, moving the item
@@ -122954,13 +130627,14 @@
+that is provided by the caller):
+
+ /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
-+ void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio);
-+ /* Implement a prototype-compatible wrapper for "STUFF_print" */
-+ static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO)
-+ /* ... then later in the code ... */
++ void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
++
++ /* Implement a prototype-compatible wrapper for "TYPE_print" */
++ static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
++
+ /* Print out the entire hashtable to a particular BIO */
-+ lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
-+ logging_bio);
++ lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
++ logging_bio);
+
+
+lh_TYPE_error() can be used to determine if an error occurred in the last
@@ -123011,7 +130685,7 @@
+appropriate as-is. Conversely, if the caller is responsible for the
+life-time of the data in question, then they may well wish to make
+modifications to table item passed back in the lh_doall() or
-+lh_doall_arg() callbacks (see the "STUFF_cleanup" example above). If
++lh_doall_arg() callbacks (see the "TYPE_cleanup" example above). If
+so, the caller can either cast the "const" away (if they're providing
+the raw callbacks themselves) or use the macros to declare/implement
+the wrapper functions without "const" types.
@@ -123047,9 +130721,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/OPENSSL_LH_stats.pod b/doc/crypto/OPENSSL_LH_stats.pod
-new file mode 100644
-index 0000000..c454a47
--- /dev/null
+++ b/doc/crypto/OPENSSL_LH_stats.pod
@@ -0,0 +1,64 @@
@@ -123117,8 +130788,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
-index d87d719..9cc1ed1 100644
--- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -94,4 +94,13 @@ The version number.
@@ -123135,11 +130804,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
-index 77061a0..eae634a 100644
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
-@@ -8,15 +8,16 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
+@@ -8,15 +8,16 @@ OPENSSL_config, OPENSSL_no_config - simp
#include <openssl/conf.h>
@@ -123175,8 +130842,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod
-index 90156d2..7b8629d 100644
--- a/doc/crypto/OPENSSL_ia32cap.pod
+++ b/doc/crypto/OPENSSL_ia32cap.pod
@@ -2,23 +2,22 @@
@@ -123250,9 +130915,6 @@
-affects the decision on whether or not expensive countermeasures
-against cache-timing attacks are applied, most notably in AES assembler
-module.
--
--The vector is further extended with EBX value returned by CPUID with
--EAX=7 and ECX=0 as input. Following bits are significant:
+For example, in 32-bit application context clearing bit #26 at run-time
+disables high-performance SSE2 code present in the crypto library, while
+clearing bit #24 disables SSE2 code operating on 128-bit XMM register
@@ -123274,13 +130936,15 @@
+actually shared between logical cores. This in turn affects the decision
+on whether or not expensive countermeasures against cache-timing attacks
+are applied, most notably in AES assembler module.
-+
+
+-The vector is further extended with EBX value returned by CPUID with
+-EAX=7 and ECX=0 as input. Following bits are significant:
+The capability vector is further extended with EBX value returned by
+CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
=over
-@@ -86,11 +92,47 @@ EAX=7 and ECX=0 as input. Following bits are significant:
+@@ -86,11 +92,49 @@ The vector is further extended with EBX
=item bit #64+5 denoting availability of AVX2 instructions;
@@ -123319,6 +130983,8 @@
+ AVX2 | 2.22 | 2.10 | 3.1
+ AVX512 | 2.25 | 2.11.8 | 3.6
+
++B<OPENSSL_ia32cap> is a macro returning the first word of the vector.
++
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -123329,8 +130995,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod
-index e701b1d..1989880 100644
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -2,6 +2,7 @@
@@ -123341,7 +131005,7 @@
OPENSSL_init_crypto, OPENSSL_cleanup,
OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
initialisation and deinitialisation functions
-@@ -16,8 +17,9 @@ initialisation and deinitialisation functions
+@@ -16,8 +17,9 @@ initialisation and deinitialisation func
void OPENSSL_thread_stop(void);
OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
@@ -123364,7 +131028,7 @@
object can be released with OPENSSL_INIT_free() when done.
=head1 NOTES
-@@ -202,14 +204,24 @@ platforms this is done in response to a DLL_THREAD_DETACH message being sent to
+@@ -202,14 +204,24 @@ platforms this is done in response to a
the libcrypto32.dll entry point. Some windows functions may cause threads to exit
without sending this message (for example ExitProcess()). If the application
uses such functions, then the application must free up OpenSSL resources
@@ -123412,11 +131076,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/OPENSSL_instrument_bus.pod b/doc/crypto/OPENSSL_instrument_bus.pod
-index 4ed83e4..1407261 100644
--- a/doc/crypto/OPENSSL_instrument_bus.pod
+++ b/doc/crypto/OPENSSL_instrument_bus.pod
-@@ -7,8 +7,8 @@ OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memor
+@@ -7,8 +7,8 @@ OPENSSL_instrument_bus, OPENSSL_instrume
=head1 SYNOPSIS
#ifdef OPENSSL_CPUID_OBJ
@@ -123427,7 +131089,7 @@
#endif
=head1 DESCRIPTION
-@@ -23,10 +23,10 @@ interlocked manner, which should contribute additional noise on
+@@ -23,10 +23,10 @@ interlocked manner, which should contrib
multi-processor systems. This also means that B<vector[num]> should be
zeroed upon invocation (if you want to retrieve actual probe values).
@@ -123440,7 +131102,7 @@
probes with the same value, i.e. in a way it records duration of
periods when probe values appeared deterministic. The subroutine
performs at most B<max> probes in attempt to fill the B<vector[num]>,
-@@ -40,3 +40,14 @@ not available on current platform. For reference, on x86 'flush cache
+@@ -40,3 +40,14 @@ not available on current platform. For r
line' was introduced with the SSE2 extensions.
Otherwise number of recorded values is returned.
@@ -123455,11 +131117,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/OPENSSL_load_builtin_modules.pod b/doc/crypto/OPENSSL_load_builtin_modules.pod
-index 20ca44c..112718a 100644
--- a/doc/crypto/OPENSSL_load_builtin_modules.pod
+++ b/doc/crypto/OPENSSL_load_builtin_modules.pod
-@@ -24,15 +24,15 @@ ENGINE_add_conf_module() adds just the ENGINE configuration module.
+@@ -24,15 +24,15 @@ ENGINE_add_conf_module() adds just the E
=head1 NOTES
@@ -123492,16 +131152,10 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OPENSSL_malloc.pod b/doc/crypto/OPENSSL_malloc.pod
-index 7ce00b2..9760135 100644
--- a/doc/crypto/OPENSSL_malloc.pod
+++ b/doc/crypto/OPENSSL_malloc.pod
-@@ -2,18 +2,21 @@
+@@ -4,16 +4,17 @@
- =head1 NAME
-
-+CRYPTO_MEM_CHECK_OFF, CRYPTO_MEM_CHECK_ON,
-+CRYPTO_MEM_CHECK_DISABLE, CRYPTO_MEM_CHECK_ENABLE,
OPENSSL_malloc_init,
OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free,
-OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse
@@ -123521,7 +131175,7 @@
CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
=head1 SYNOPSIS
-@@ -28,6 +31,9 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
+@@ -28,6 +29,9 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp -
void OPENSSL_free(void *addr)
char *OPENSSL_strdup(const char *str)
char *OPENSSL_strndup(const char *str, size_t s)
@@ -123531,7 +131185,15 @@
void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num)
void OPENSSL_clear_free(void *str, size_t num)
void OPENSSL_cleanse(void *ptr, size_t len);
-@@ -64,12 +70,13 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
+@@ -56,20 +60,16 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp -
+
+ int CRYPTO_set_mem_debug(int onoff)
+
+- #define CRYPTO_MEM_CHECK_OFF
+- #define CRYPTO_MEM_CHECK_ON
+- #define CRYPTO_MEM_CHECK_DISABLE
+- #define CRYPTO_MEM_CHECK_ENABLE
+-
int CRYPTO_mem_ctrl(int mode);
int OPENSSL_mem_debug_push(const char *info)
@@ -123547,7 +131209,7 @@
=head1 DESCRIPTION
-@@ -94,15 +101,15 @@ before ultimately calling OPENSSL_free().
+@@ -94,15 +94,15 @@ before ultimately calling OPENSSL_free()
OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
@@ -123568,7 +131230,7 @@
OPENSSL_strlcpy(),
OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C
-@@ -117,7 +124,7 @@ An odd number of hex digits is an error.
+@@ -117,7 +117,7 @@ An odd number of hex digits is an error.
OPENSSL_buf2hexstr() takes the specified buffer and length, and returns
a hex string for value, or NULL on error.
@@ -123577,7 +131239,27 @@
OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent,
or returns -1 on error.
-@@ -195,4 +202,13 @@ at once. I<This applies specially if OpenSSL was built with the
+@@ -143,9 +143,6 @@ To enable tracking call CRYPTO_mem_ctrl(
+ the B<CRYPTO_MEM_CHECK_ON>.
+ To disable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
+ the B<CRYPTO_MEM_CHECK_OFF>.
+-The B<CRYPTO_MEM_CHECK_DISABLE> and B<CRYPTO_MEM_CHECK_ENABLE> modes
+-are used internally within OpenSSL to temporarily suspend and resume
+-tracking.
+
+ While checking memory, it can be useful to store additional context
+ about what is being done.
+@@ -182,7 +179,8 @@ CRYPTO_set_mem_functions() and CRYPTO_se
+ return 1 on success or 0 on failure (almost
+ always because allocations have already happened).
+
+-CRYPTO_mem_ctrl() returns the previous value of the mode.
++CRYPTO_mem_ctrl() returns -1 if an error occured, otherwise the
++previous value of the mode.
+
+ OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop()
+ return 1 on success or 0 on failure.
+@@ -195,4 +193,13 @@ at once. I<This applies specially if Op
configuration option> C<crypto-mdebug> I<enabled. In case, swapping out
only, say, the malloc() implementation is outright dangerous.>
@@ -123591,11 +131273,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OPENSSL_secure_malloc.pod b/doc/crypto/OPENSSL_secure_malloc.pod
-index 2a04931..517bfbc 100644
--- a/doc/crypto/OPENSSL_secure_malloc.pod
+++ b/doc/crypto/OPENSSL_secure_malloc.pod
-@@ -6,7 +6,7 @@ CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized,
+@@ -6,7 +6,7 @@ CRYPTO_secure_malloc_init, CRYPTO_secure
CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated,
@@ -123604,7 +131284,7 @@
=head1 SYNOPSIS
-@@ -16,13 +16,13 @@ CYRPTO_secure_malloc_used - secure heap storage
+@@ -16,13 +16,13 @@ CYRPTO_secure_malloc_used - secure heap
int CRYPTO_secure_malloc_initialized();
@@ -123623,7 +131303,7 @@
void OPENSSL_secure_free(void* ptr);
void CRYPTO_secure_free(void *ptr, const char *, int);
-@@ -30,7 +30,7 @@ CYRPTO_secure_malloc_used - secure heap storage
+@@ -30,7 +30,7 @@ CYRPTO_secure_malloc_used - secure heap
size_t OPENSSL_secure_actual_size(const void *ptr);
int OPENSSL_secure_allocated(const void *ptr);
@@ -123632,7 +131312,7 @@
=head1 DESCRIPTION
-@@ -49,14 +49,14 @@ put all intermediate values and computations there.
+@@ -49,14 +49,14 @@ put all intermediate values and computat
CRYPTO_secure_malloc_init() creates the secure heap, with the specified
C<size> in bytes. The C<minsize> parameter is the minimum size to
allocate from the heap. Both C<size> and C<minsize> must be a power
@@ -123650,7 +131330,7 @@
OPENSSL_secure_malloc() allocates C<num> bytes from the heap.
If CRYPTO_secure_malloc_init() is not called, this is equivalent to
-@@ -83,7 +83,7 @@ OPENSSL_secure_actual_size() tells the actual size allocated to the
+@@ -83,7 +83,7 @@ OPENSSL_secure_actual_size() tells the a
pointer; implementations may allocate more space than initially
requested, in order to "round up" and reduce secure heap fragmentation.
@@ -123698,11 +131378,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod
-index 10f3b8f..aaa28dd 100644
--- a/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ b/doc/crypto/OpenSSL_add_all_algorithms.pod
-@@ -78,4 +78,13 @@ The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(),
+@@ -78,4 +78,13 @@ The OpenSSL_add_all_algorithms(), OpenSS
OpenSSL_add_all_digests(), and EVP_cleanup(), functions
were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
@@ -123716,19 +131394,15 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PEM_read.pod b/doc/crypto/PEM_read.pod
-new file mode 100644
-index 0000000..167693d
--- /dev/null
+++ b/doc/crypto/PEM_read.pod
-@@ -0,0 +1,130 @@
+@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+PEM_write, PEM_write_bio,
-+PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO,
-+pem_password_cb
++PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO
+- PEM encoding routines
+
+=head1 SYNOPSIS
@@ -123749,8 +131423,6 @@
+ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
+ pem_password_cb *cb, void *u);
+
-+ typedef int (*pem_password_cb)(char *buf, int size, int rwflag, void *u);
-+
+=head1 DESCRIPTION
+
+These functions read and write PEM-encoded objects, using the PEM
@@ -123852,16 +131524,14 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/PEM_read_CMS.pod b/doc/crypto/PEM_read_CMS.pod
-new file mode 100644
-index 0000000..5a799f9
--- /dev/null
+++ b/doc/crypto/PEM_read_CMS.pod
-@@ -0,0 +1,94 @@
+@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
++DECLARE_PEM_rw,
+PEM_read_CMS,
+PEM_read_bio_CMS,
+PEM_write_CMS,
@@ -123903,7 +131573,7 @@
+
+ #include <openssl/pem.h>
+
-+ #define DECLARE_PEM_rw(name, TYPE) ...
++ DECLARE_PEM_rw(name, TYPE)
+
+ TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
+ TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
@@ -123914,6 +131584,8 @@
+
+In the description below, I<TYPE> is used
+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
++The macro B<DECLARE_PEM_rw> expands to the set of declarations shown in
++the next four lines of the synopsis.
+
+These routines convert between local instances of ASN1 datatypes and
+the PEM encoding. For more information on the templates, see
@@ -123952,16 +131624,14 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/PEM_read_bio_PrivateKey.pod b/doc/crypto/PEM_read_bio_PrivateKey.pod
-new file mode 100644
-index 0000000..dd5a230
--- /dev/null
+++ b/doc/crypto/PEM_read_bio_PrivateKey.pod
-@@ -0,0 +1,478 @@
+@@ -0,0 +1,481 @@
+=pod
+
+=head1 NAME
+
++pem_password_cb,
+PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
+PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
+PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
@@ -123989,6 +131659,8 @@
+
+ #include <openssl/pem.h>
+
++ typedef int (*pem_password_cb)(char *buf, int size, int rwflag, void *u);
++
+ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
@@ -124436,8 +132108,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/PEM_write_bio_CMS_stream.pod b/doc/crypto/PEM_write_bio_CMS_stream.pod
-index 35260c1..c73fafd 100644
--- a/doc/crypto/PEM_write_bio_CMS_stream.pod
+++ b/doc/crypto/PEM_write_bio_CMS_stream.pod
@@ -2,12 +2,11 @@
@@ -124454,7 +132124,7 @@
int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
-@@ -31,6 +30,7 @@ PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.
+@@ -31,6 +30,7 @@ PEM_write_bio_CMS_stream() returns 1 for
L<ERR_get_error(3)>, L<CMS_sign(3)>,
L<CMS_verify(3)>, L<CMS_encrypt(3)>
L<CMS_decrypt(3)>,
@@ -124476,8 +132146,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PEM_write_bio_PKCS7_stream.pod b/doc/crypto/PEM_write_bio_PKCS7_stream.pod
-index 121d418..77f97aa 100644
--- a/doc/crypto/PEM_write_bio_PKCS7_stream.pod
+++ b/doc/crypto/PEM_write_bio_PKCS7_stream.pod
@@ -2,12 +2,11 @@
@@ -124508,11 +132176,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod
-index 46b24c5..0a43b96 100644
--- a/doc/crypto/PKCS12_create.pod
+++ b/doc/crypto/PKCS12_create.pod
-@@ -8,8 +8,9 @@ PKCS12_create - create a PKCS#12 structure
+@@ -8,8 +8,9 @@ PKCS12_create - create a PKCS#12 structu
#include <openssl/pkcs12.h>
@@ -124524,7 +132190,7 @@
=head1 DESCRIPTION
-@@ -55,7 +56,7 @@ certificate is required. In previous versions both had to be present or
+@@ -55,7 +56,7 @@ certificate is required. In previous ver
a fatal error is returned.
B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
@@ -124533,7 +132199,7 @@
B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
-@@ -63,4 +64,13 @@ B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
+@@ -63,4 +64,13 @@ B<mac_iter> can be set to -1 and the MAC
L<d2i_PKCS12(3)>
@@ -124547,9 +132213,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS12_newpass.pod b/doc/crypto/PKCS12_newpass.pod
-new file mode 100644
-index 0000000..b910511
--- /dev/null
+++ b/doc/crypto/PKCS12_newpass.pod
@@ -0,0 +1,103 @@
@@ -124656,11 +132319,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod
-index f02220e..2dfa7e2 100644
--- a/doc/crypto/PKCS12_parse.pod
+++ b/doc/crypto/PKCS12_parse.pod
-@@ -50,4 +50,13 @@ Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
+@@ -50,4 +50,13 @@ Attributes currently cannot be stored in
L<d2i_PKCS12(3)>
@@ -124674,11 +132335,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/doc/crypto/PKCS5_PBKDF2_HMAC.pod
-index b04e476..5cc2caa 100644
--- a/doc/crypto/PKCS5_PBKDF2_HMAC.pod
+++ b/doc/crypto/PKCS5_PBKDF2_HMAC.pod
-@@ -14,8 +14,8 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines w
+@@ -14,8 +14,8 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA
int keylen, unsigned char *out);
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
@@ -124689,7 +132348,7 @@
=head1 DESCRIPTION
-@@ -31,7 +31,7 @@ B<salt> is NULL, then B<saltlen> must be 0. The function will not
+@@ -31,7 +31,7 @@ B<salt> is NULL, then B<saltlen> must be
attempt to calculate the length of the B<salt> because it is not assumed to
be NULL terminated.
@@ -124698,7 +132357,7 @@
equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
B<iter> less than 1 is treated as a single iteration.
-@@ -61,6 +61,13 @@ PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on er
+@@ -61,6 +61,13 @@ PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HM
L<evp(3)>, L<rand(3)>,
L<EVP_BytesToKey(3)>
@@ -124713,11 +132372,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod
-index 90cf506..4ed8aa7 100644
--- a/doc/crypto/PKCS7_decrypt.pod
+++ b/doc/crypto/PKCS7_decrypt.pod
-@@ -45,4 +45,13 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify().
+@@ -45,4 +45,13 @@ mentioned in PKCS7_sign() also applies t
L<ERR_get_error(3)>, L<PKCS7_encrypt(3)>
@@ -124731,11 +132388,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS7_encrypt.pod b/doc/crypto/PKCS7_encrypt.pod
-index 12475cf..4e1afc9 100644
--- a/doc/crypto/PKCS7_encrypt.pod
+++ b/doc/crypto/PKCS7_encrypt.pod
-@@ -30,7 +30,7 @@ bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
+@@ -30,7 +30,7 @@ bit RC2. These can be used by passing EV
respectively.
The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
@@ -124744,7 +132399,7 @@
Many browsers implement a "sign and encrypt" option which is simply an S/MIME
envelopedData containing an S/MIME signed message. This can be readily produced
-@@ -55,7 +55,7 @@ suitable for streaming I/O: no data is read from the BIO B<in>.
+@@ -55,7 +55,7 @@ suitable for streaming I/O: no data is r
If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
complete and outputting its contents via a function that does not
@@ -124767,11 +132422,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod
-index 2593ed1..b5a52da 100644
--- a/doc/crypto/PKCS7_sign.pod
+++ b/doc/crypto/PKCS7_sign.pod
-@@ -15,7 +15,7 @@ PKCS7_sign - create a PKCS#7 signedData structure
+@@ -15,7 +15,7 @@ PKCS7_sign - create a PKCS#7 signedData
PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
the certificate to sign with, B<pkey> is the corresponding private key.
B<certs> is an optional additional set of certificates to include in the PKCS#7
@@ -124780,7 +132433,7 @@
The data to be signed is read from BIO B<data>.
-@@ -112,4 +112,13 @@ and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0
+@@ -112,4 +112,13 @@ and B<pkey> parameters to be B<NULL> to
The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
@@ -124794,8 +132447,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS7_sign_add_signer.pod b/doc/crypto/PKCS7_sign_add_signer.pod
-index 580a9a1..c2a06e7 100644
--- a/doc/crypto/PKCS7_sign_add_signer.pod
+++ b/doc/crypto/PKCS7_sign_add_signer.pod
@@ -2,7 +2,7 @@
@@ -124807,7 +132458,7 @@
=head1 SYNOPSIS
-@@ -44,7 +44,7 @@ digest value from the PKCS7 structure: to add a signer to an existing structure.
+@@ -44,7 +44,7 @@ digest value from the PKCS7 structure: t
An error occurs if a matching digest value cannot be found to copy. The
returned PKCS7 structure will be valid and finalized when this flag is set.
@@ -124816,7 +132467,7 @@
B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
needed to finalize it.
-@@ -67,7 +67,7 @@ these algorithms is disabled then it will not be included.
+@@ -67,7 +67,7 @@ these algorithms is disabled then it wil
PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
@@ -124839,19 +132490,18 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod
-index b013e33..6cf80df 100644
--- a/doc/crypto/PKCS7_verify.pod
+++ b/doc/crypto/PKCS7_verify.pod
-@@ -2,6 +2,7 @@
+@@ -8,8 +8,6 @@ PKCS7_verify, PKCS7_get0_signers - verif
- =head1 NAME
+ #include <openssl/pkcs7.h>
-+PKCS7_NO_DUAL_CONTENT,
- PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
+- #define PKCS7_NO_DUAL_CONTENT
+-
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
- =head1 SYNOPSIS
-@@ -61,7 +62,7 @@ Any of the following flags (ored together) can be passed in the B<flags> paramet
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+@@ -61,7 +59,7 @@ Any of the following flags (ored togethe
to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
meaningful to PKCS7_get0_signers().
@@ -124860,7 +132510,7 @@
searched when locating the signer's certificate. This means that all the signers
certificates must be in the B<certs> parameter.
-@@ -86,7 +87,7 @@ certificates supplied in B<certs> then the verify will fail because the
+@@ -86,7 +84,7 @@ certificates supplied in B<certs> then t
signer cannot be found.
Care should be taken when modifying the default verify behaviour, for example
@@ -124869,7 +132519,7 @@
and any signed message will be considered valid. This combination is however
useful if one merely wishes to write the content to B<out> and its validity
is not considered important.
-@@ -118,4 +119,13 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify().
+@@ -118,4 +116,13 @@ mentioned in PKCS7_sign() also applies t
L<ERR_get_error(3)>, L<PKCS7_sign(3)>
@@ -124883,8 +132533,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod
-index d54e1f5..46de165 100644
--- a/doc/crypto/RAND_add.pod
+++ b/doc/crypto/RAND_add.pod
@@ -15,8 +15,10 @@ entropy to the PRNG
@@ -124949,8 +132597,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod
-index 03c6e7f..684215c 100644
--- a/doc/crypto/RAND_bytes.pod
+++ b/doc/crypto/RAND_bytes.pod
@@ -46,4 +46,13 @@ method.
@@ -124967,8 +132613,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod
-index fd3f81c..2640c7d 100644
--- a/doc/crypto/RAND_cleanup.pod
+++ b/doc/crypto/RAND_cleanup.pod
@@ -30,4 +30,13 @@ L<rand(3)>
@@ -124985,11 +132629,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod
-index 4c68113..fcc57c0 100644
--- a/doc/crypto/RAND_egd.pod
+++ b/doc/crypto/RAND_egd.pod
-@@ -75,4 +75,13 @@ success, and -1 if the connection failed. The PRNG state is not considered.
+@@ -75,4 +75,13 @@ success, and -1 if the connection failed
L<rand(3)>, L<RAND_add(3)>,
L<RAND_cleanup(3)>
@@ -125003,11 +132645,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod
-index 6bc779a..39084b2 100644
--- a/doc/crypto/RAND_load_file.pod
+++ b/doc/crypto/RAND_load_file.pod
-@@ -18,9 +18,31 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+@@ -18,9 +18,31 @@ RAND_load_file, RAND_write_file, RAND_fi
RAND_file_name() generates a default path for the random seed
file. B<buf> points to a buffer of size B<num> in which to store the
@@ -125056,11 +132696,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod
-index 6a421a2..02fe90c 100644
--- a/doc/crypto/RAND_set_rand_method.pod
+++ b/doc/crypto/RAND_set_rand_method.pod
-@@ -42,7 +42,7 @@ API is being used, so this function is no longer recommended.
+@@ -42,7 +42,7 @@ API is being used, so this function is n
void (*cleanup)(void);
void (*add)(const void *buf, int num, int entropy);
int (*pseudorand)(unsigned char *buf, int num);
@@ -125083,9 +132721,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RC4_set_key.pod b/doc/crypto/RC4_set_key.pod
-new file mode 100644
-index 0000000..fe5d2d1
--- /dev/null
+++ b/doc/crypto/RC4_set_key.pod
@@ -0,0 +1,66 @@
@@ -125155,9 +132790,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/RIPEMD160_Init.pod b/doc/crypto/RIPEMD160_Init.pod
-new file mode 100644
-index 0000000..a372e32
--- /dev/null
+++ b/doc/crypto/RIPEMD160_Init.pod
@@ -0,0 +1,72 @@
@@ -125233,11 +132865,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod
-index a323949..33d49d3 100644
--- a/doc/crypto/RSA_blinding_on.pod
+++ b/doc/crypto/RSA_blinding_on.pod
-@@ -32,8 +32,13 @@ RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+@@ -32,8 +32,13 @@ RSA_blinding_on() returns 1 on success,
RSA_blinding_off() returns no value.
@@ -125253,8 +132883,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
-index 8fd7d1f..d8689f4 100644
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -2,7 +2,7 @@
@@ -125287,12 +132915,19 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod
-index 380bf12..a8fab52 100644
--- a/doc/crypto/RSA_generate_key.pod
+++ b/doc/crypto/RSA_generate_key.pod
-@@ -72,7 +72,16 @@ RSA_generate_key() goes into an infinite loop for illegal input values.
+@@ -14,7 +14,7 @@ RSA_generate_key_ex, RSA_generate_key -
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ RSA *RSA_generate_key(int num, unsigned long e,
+- void (*callback)(int,int,void *), void *cb_arg);
++ void (*callback)(int, int, void *), void *cb_arg);
+ #endif
+
+ =head1 DESCRIPTION
+@@ -72,7 +72,16 @@ RSA_generate_key() goes into an infinite
+
=head1 SEE ALSO
-L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
@@ -125310,16 +132945,16 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/RSA_get0_key.pod b/doc/crypto/RSA_get0_key.pod
-index 5caf9dd..77e0d3b 100644
--- a/doc/crypto/RSA_get0_key.pod
+++ b/doc/crypto/RSA_get0_key.pod
-@@ -14,10 +14,12 @@ and setting data in an RSA object
+@@ -13,11 +13,13 @@ and setting data in an RSA object
+
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
- int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+- int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
- void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d);
- void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q);
++ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+ void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
@@ -125377,8 +133012,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_meth_new.pod b/doc/crypto/RSA_meth_new.pod
-index e6499b7..e46b398 100644
--- a/doc/crypto/RSA_meth_new.pod
+++ b/doc/crypto/RSA_meth_new.pod
@@ -2,9 +2,10 @@
@@ -125415,8 +133048,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod
-index 4910557..3317920 100644
--- a/doc/crypto/RSA_new.pod
+++ b/doc/crypto/RSA_new.pod
@@ -31,8 +31,17 @@ RSA_free() returns no value.
@@ -125438,8 +133069,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
-index fe81e5f..3089944 100644
--- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -110,4 +110,13 @@ L<RSA_public_encrypt(3)>,
@@ -125456,11 +133085,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod
-index df09726..1367478 100644
--- a/doc/crypto/RSA_print.pod
+++ b/doc/crypto/RSA_print.pod
-@@ -38,6 +38,15 @@ These functions return 1 on success, 0 on error.
+@@ -38,6 +38,15 @@ These functions return 1 on success, 0 o
=head1 SEE ALSO
@@ -125477,11 +133104,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod
-index fa4830c..7870371 100644
--- a/doc/crypto/RSA_private_encrypt.pod
+++ b/doc/crypto/RSA_private_encrypt.pod
-@@ -11,7 +11,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+@@ -11,7 +11,7 @@ RSA_private_encrypt, RSA_public_decrypt
int RSA_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
@@ -125508,8 +133133,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod
-index 57f1f18..2f78c27 100644
--- a/doc/crypto/RSA_public_encrypt.pod
+++ b/doc/crypto/RSA_public_encrypt.pod
@@ -73,7 +73,16 @@ SSL, PKCS #1 v2.0
@@ -125530,11 +133153,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
-index a3572f1..7e7d27c 100644
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
-@@ -43,7 +43,7 @@ been set as a default for RSA, so this function is no longer recommended.
+@@ -43,7 +43,7 @@ been set as a default for RSA, so this f
RSA_get_default_method() returns a pointer to the current default
RSA_METHOD. However, the meaningfulness of this result is dependent on
@@ -125636,8 +133257,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod
-index 94fae37..64418a5 100644
--- a/doc/crypto/RSA_sign.pod
+++ b/doc/crypto/RSA_sign.pod
@@ -50,7 +50,16 @@ SSL, PKCS #1 v2.0
@@ -125659,11 +133278,9 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
-index 2ba2b47..16303c9 100644
--- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
-@@ -48,7 +48,16 @@ These functions serve no recognizable purpose.
+@@ -48,7 +48,16 @@ These functions serve no recognizable pu
=head1 SEE ALSO
L<ERR_get_error(3)>,
@@ -125681,8 +133298,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/RSA_size.pod b/doc/crypto/RSA_size.pod
-index eff8cdc..eb6e481 100644
--- a/doc/crypto/RSA_size.pod
+++ b/doc/crypto/RSA_size.pod
@@ -28,10 +28,19 @@ The size.
@@ -125706,9 +133321,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/SHA256_Init.pod b/doc/crypto/SHA256_Init.pod
-new file mode 100644
-index 0000000..f3565bb
--- /dev/null
+++ b/doc/crypto/SHA256_Init.pod
@@ -0,0 +1,108 @@
@@ -125820,8 +133432,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/SMIME_read_CMS.pod b/doc/crypto/SMIME_read_CMS.pod
-index 4b7c14d..efde0bd 100644
--- a/doc/crypto/SMIME_read_CMS.pod
+++ b/doc/crypto/SMIME_read_CMS.pod
@@ -2,7 +2,7 @@
@@ -125847,8 +133457,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod
-index e96038b..86d5cc3 100644
--- a/doc/crypto/SMIME_read_PKCS7.pod
+++ b/doc/crypto/SMIME_read_PKCS7.pod
@@ -2,7 +2,7 @@
@@ -125860,7 +133468,7 @@
=head1 SYNOPSIS
-@@ -66,4 +66,13 @@ L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>,
+@@ -66,4 +66,13 @@ L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>
L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
L<PKCS7_decrypt(3)>
@@ -125874,8 +133482,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/SMIME_write_CMS.pod b/doc/crypto/SMIME_write_CMS.pod
-index 0895825..d58baeb 100644
--- a/doc/crypto/SMIME_write_CMS.pod
+++ b/doc/crypto/SMIME_write_CMS.pod
@@ -2,7 +2,7 @@
@@ -125901,8 +133507,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod
-index 6e272cf..b573123 100644
--- a/doc/crypto/SMIME_write_PKCS7.pod
+++ b/doc/crypto/SMIME_write_PKCS7.pod
@@ -2,7 +2,7 @@
@@ -125928,20 +133532,14 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/UI_new.pod b/doc/crypto/UI_new.pod
-new file mode 100644
-index 0000000..72a2ea7
--- /dev/null
+++ b/doc/crypto/UI_new.pod
-@@ -0,0 +1,195 @@
+@@ -0,0 +1,186 @@
+=pod
+
+=head1 NAME
+
-+UI, UI_METHOD, UI_INPUT_FLAG_ECHO,
-+UI_INPUT_FLAG_DEFAULT_PWD,
-+UI_CTRL_PRINT_ERRORS,
-+UI_CTRL_IS_REDOABLE,
++UI, UI_METHOD,
+UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
+UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
@@ -125980,10 +133578,6 @@
+ int UI_add_error_string(UI *ui, const char *text);
+ int UI_dup_error_string(UI *ui, const char *text);
+
-+ /* These are the possible flags. They can be or'ed together. */
-+ #define UI_INPUT_FLAG_ECHO 0x01
-+ #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-+
+ char *UI_construct_prompt(UI *ui_method,
+ const char *object_desc, const char *object_name);
+
@@ -125995,8 +133589,6 @@
+ int UI_process(UI *ui);
+
+ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
-+ #define UI_CTRL_PRINT_ERRORS 1
-+ #define UI_CTRL_IS_REDOABLE 2
+
+ void UI_set_default_method(const UI_METHOD *meth);
+ const UI_METHOD *UI_get_default_method(void);
@@ -126070,10 +133662,10 @@
+there's no technical difference between them. Other methods may make a
+difference between them, however.
+
-+The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
++The flags currently supported are B<UI_INPUT_FLAG_ECHO>, which is relevant for
+UI_add_input_string() and will have the users response be echoed (when
+prompting for a password, this flag should obviously not be used, and
-+UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
++B<UI_INPUT_FLAG_DEFAULT_PWD>, which means that a default password of some
+sort will be used (completely depending on the application and the UI
+method).
+
@@ -126106,9 +133698,9 @@
+and prompting and returns.
+
+UI_ctrl() adds extra control for the application author. For now, it
-+understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
++understands two commands: B<UI_CTRL_PRINT_ERRORS>, which makes UI_process()
+print the OpenSSL error stack as part of processing the UI, and
-+UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
++B<UI_CTRL_IS_REDOABLE>, which returns a flag saying if the used UI can
+be used again or not.
+
+UI_set_default_method() changes the default UI method to the one given.
@@ -126129,8 +133721,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509V3_get_d2i.pod b/doc/crypto/X509V3_get_d2i.pod
-index b502e81..89dc875 100644
--- a/doc/crypto/X509V3_get_d2i.pod
+++ b/doc/crypto/X509V3_get_d2i.pod
@@ -2,6 +2,7 @@
@@ -126141,6 +133731,41 @@
X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
+@@ -11,7 +12,7 @@ X509_REVOKED_add1_ext_i2d - X509 extensi
+
+ #include <openssl/x509v3.h>
+
+- void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
++ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ int *idx);
+ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+ int crit, unsigned long flags);
+@@ -19,21 +20,21 @@ X509_REVOKED_add1_ext_i2d - X509 extensi
+ void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
+
+- void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
++ void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+- void *X509_CRL_get_ext_d2i(X509_CRL *crl, int nid, int *crit, int *idx);
++ void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
+ int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
+ unsigned long flags);
+
+- void *X509_REVOKED_get_ext_d2i(X509_REVOKED *r, int nid, int *crit, int *idx);
++ void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
+ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
+ unsigned long flags);
+
+ STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
+- STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
++ STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+
+ =head1 DESCRIPTION
+
@@ -88,7 +89,7 @@ exist.
B<X509V3_ADD_APPEND> appends a new extension, ignoring whether the extension
already exists.
@@ -126150,7 +133775,7 @@
a new extension.
B<X509V3_ADD_REPLACE_EXISTING> replaces an existing extension if it exists
-@@ -98,7 +99,7 @@ B<X509V3_ADD_KEEP_EXISTING> appends a new extension only if the extension does
+@@ -98,7 +99,7 @@ B<X509V3_ADD_KEEP_EXISTING> appends a ne
not already exist. An error B<is not> returned if the extension does already
exist.
@@ -126159,7 +133784,7 @@
If B<X509V3_ADD_SILENT> is ored with B<flags>: any error returned will not
be added to the error queue.
-@@ -112,7 +113,7 @@ determine the precise reason by checking the value of B<*crit>.
+@@ -112,7 +113,7 @@ determine the precise reason by checking
The following sections contain a list of all supported extensions
including their name and NID.
@@ -126177,7 +133802,7 @@
The following are (largely obsolete) Netscape certificate extensions.
-@@ -154,12 +155,12 @@ The following are (largely obsolete) Netscape certificate extensions.
+@@ -154,12 +155,12 @@ The following are (largely obsolete) Net
Netscape SSL Server Name NID_netscape_ssl_server_name
Netscape Comment NID_netscape_comment
@@ -126192,7 +133817,7 @@
The following are CRL extensions from PKIX standards such as RFC5280.
-@@ -175,7 +176,7 @@ The following are CRL entry extensions from PKIX standards such as RFC5280.
+@@ -175,7 +176,7 @@ The following are CRL entry extensions f
CRL Reason Code NID_crl_reason
Certificate Issuer NID_certificate_issuer
@@ -126201,7 +133826,7 @@
OCSP Nonce NID_id_pkix_OCSP_Nonce
OCSP CRL ID NID_id_pkix_OCSP_CrlID
-@@ -185,7 +186,7 @@ The following are CRL entry extensions from PKIX standards such as RFC5280.
+@@ -185,7 +186,7 @@ The following are CRL entry extensions f
OCSP Service Locator NID_id_pkix_OCSP_serviceLocator
Hold Instruction Code NID_hold_instruction_code
@@ -126210,7 +133835,7 @@
The following extensions are used by certificate transparency, RFC6962
-@@ -206,7 +207,7 @@ cannot be encoded) or -1 due to a fatal error such as a memory allocation
+@@ -206,7 +207,7 @@ cannot be encoded) or -1 due to a fatal
failure.
X509_get0_extensions(), X509_CRL_get0_extensions() and
@@ -126233,9 +133858,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_ALGOR_dup.pod b/doc/crypto/X509_ALGOR_dup.pod
-new file mode 100644
-index 0000000..8f6c9b0
--- /dev/null
+++ b/doc/crypto/X509_ALGOR_dup.pod
@@ -0,0 +1,48 @@
@@ -126287,11 +133909,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_CRL_get0_by_serial.pod b/doc/crypto/X509_CRL_get0_by_serial.pod
-index d00dab9..add8490 100644
--- a/doc/crypto/X509_CRL_get0_by_serial.pod
+++ b/doc/crypto/X509_CRL_get0_by_serial.pod
-@@ -6,7 +6,7 @@ X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED,
+@@ -6,7 +6,7 @@ X509_CRL_get0_by_serial, X509_CRL_get0_b
X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate,
X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate,
X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility
@@ -126314,8 +133934,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_EXTENSION_set_object.pod b/doc/crypto/X509_EXTENSION_set_object.pod
-index 6afef2b..fb94d23 100644
--- a/doc/crypto/X509_EXTENSION_set_object.pod
+++ b/doc/crypto/X509_EXTENSION_set_object.pod
@@ -1,10 +1,12 @@
@@ -126332,7 +133950,16 @@
=head1 SYNOPSIS
-@@ -81,3 +83,14 @@ X509_EXTENSION_get_data() returns an B<ASN1_OCTET_STRING> pointer.
+@@ -20,7 +22,7 @@ functions.
+ ASN1_OCTET_STRING *data);
+
+ ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+- int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
++ int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+
+ =head1 DESCRIPTION
+@@ -81,3 +83,14 @@ X509_EXTENSION_get_data() returns an B<A
=head1 SEE ALSO
L<X509V3_get_d2i(3)>
@@ -126347,8 +133974,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_LOOKUP_hash_dir.pod b/doc/crypto/X509_LOOKUP_hash_dir.pod
-index dfb9e21..08fa731 100644
--- a/doc/crypto/X509_LOOKUP_hash_dir.pod
+++ b/doc/crypto/X509_LOOKUP_hash_dir.pod
@@ -51,7 +51,7 @@ L<X509_STORE_set_default_paths(3)>.
@@ -126378,7 +134003,7 @@
B<X509_LOOKUP_hash_dir> is a more advanced method, which loads
certificates and CRLs on demand, and caches them in memory once
-@@ -113,10 +113,19 @@ hashed names for all files with .pem suffix in a given directory.
+@@ -113,10 +113,19 @@ hashed names for all files with .pem suf
=head1 SEE ALSO
@@ -126400,11 +134025,25 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_NAME_ENTRY_get_object.pod b/doc/crypto/X509_NAME_ENTRY_get_object.pod
-index 2cb96c5..363a89b 100644
--- a/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod
-@@ -35,17 +35,17 @@ X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
+@@ -14,12 +14,12 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAM
+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+- int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
++ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
++ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type, unsigned char *bytes, int len);
++ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+
+ =head1 DESCRIPTION
+
+@@ -35,17 +35,17 @@ X509_NAME_ENTRY_set_data() sets the fiel
B<type> and value determined by B<bytes> and B<len>.
X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
@@ -126425,7 +134064,7 @@
X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
-@@ -60,15 +60,18 @@ X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
+@@ -60,15 +60,18 @@ X509_NAME_add_entry_by_txt(). So for exa
B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
set first so the relevant field information can be looked up internally.
@@ -126448,11 +134087,23 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_NAME_add_entry_by_txt.pod b/doc/crypto/X509_NAME_add_entry_by_txt.pod
-index c10ea0f..0b00278 100644
--- a/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ b/doc/crypto/X509_NAME_add_entry_by_txt.pod
-@@ -61,7 +61,7 @@ to 0. This adds a new entry to the end of B<name> as a single valued
+@@ -11,11 +11,11 @@ X509_NAME_add_entry, X509_NAME_delete_en
+
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+
+- int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
++ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+
+- int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
++ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set);
+
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+
+@@ -61,7 +61,7 @@ to 0. This adds a new entry to the end o
RelativeDistinguishedName (RDN).
B<loc> actually determines the index where the new entry is inserted:
@@ -126461,7 +134112,7 @@
B<set> determines how the new type is added. If it is zero a
new RDN is created.
-@@ -80,16 +80,16 @@ Create an B<X509_NAME> structure:
+@@ -80,16 +80,16 @@ always set to zero.
X509_NAME *nm;
nm = X509_NAME_new();
if (nm == NULL)
@@ -126486,7 +134137,7 @@
=head1 RETURN VALUES
-@@ -111,6 +111,13 @@ can result in invalid field types its use is strongly discouraged.
+@@ -111,6 +111,13 @@ can result in invalid field types its us
L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>
@@ -126501,9 +134152,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_NAME_get0_der.pod b/doc/crypto/X509_NAME_get0_der.pod
-new file mode 100644
-index 0000000..062bc7e
--- /dev/null
+++ b/doc/crypto/X509_NAME_get0_der.pod
@@ -0,0 +1,40 @@
@@ -126547,11 +134195,29 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod
-index e6dfff3..e84642a 100644
--- a/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/doc/crypto/X509_NAME_get_index_by_NID.pod
-@@ -44,7 +44,7 @@ B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
+@@ -10,14 +10,14 @@ X509_NAME lookup and enumeration functio
+
+ #include <openssl/x509.h>
+
+- int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+- int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
++ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
++ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos);
+
+- int X509_NAME_entry_count(X509_NAME *name);
++ int X509_NAME_entry_count(const X509_NAME *name);
+ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+
+- int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+- int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
++ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
++ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, int len);
+
+ =head1 DESCRIPTION
+
+@@ -44,7 +44,7 @@ B<obj>, if no such entry exists -1 is re
will be written and the text written to B<buf> will be null
terminated. The length of the output string written is returned
excluding the terminating null. If B<buf> is <NULL> then the amount
@@ -126560,7 +134226,7 @@
=head1 NOTES
-@@ -76,10 +76,10 @@ Process all entries:
+@@ -76,10 +76,10 @@ can be determined first by checking OBJ_
X509_NAME_ENTRY *e;
for (i = 0; i < X509_NAME_entry_count(nm); i++)
@@ -126575,7 +134241,7 @@
Process all commonName entries:
-@@ -88,13 +88,13 @@ Process all commonName entries:
+@@ -88,13 +88,13 @@ can be determined first by checking OBJ_
loc = -1;
for (;;)
@@ -126596,7 +134262,7 @@
=head1 RETURN VALUES
-@@ -112,8 +112,13 @@ requested entry or B<NULL> if the index is invalid.
+@@ -112,8 +112,13 @@ requested entry or B<NULL> if the index
L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>
@@ -126612,8 +134278,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_NAME_print_ex.pod b/doc/crypto/X509_NAME_print_ex.pod
-index 0d8e5fe..9d92824 100644
--- a/doc/crypto/X509_NAME_print_ex.pod
+++ b/doc/crypto/X509_NAME_print_ex.pod
@@ -3,7 +3,7 @@
@@ -126625,16 +134289,16 @@
=head1 SYNOPSIS
-@@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing routines.
+@@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing r
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
- char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-+ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
++ char * X509_NAME_oneline(X509_NAME *a, char *buf, int size);
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
=head1 DESCRIPTION
-@@ -27,7 +27,7 @@ X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
+@@ -27,7 +27,7 @@ X509_NAME_oneline() prints an ASCII vers
bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
and returned, otherwise B<buf> is returned.
@@ -126652,7 +134316,7 @@
control how each field value is displayed.
In addition a number options can be set for commonly used formats.
-@@ -98,8 +98,13 @@ B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls
+@@ -98,8 +98,13 @@ B<XN_FLAG_COMPAT> uses a format identica
L<ASN1_STRING_print_ex(3)>
@@ -126668,9 +134332,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_PUBKEY.pod b/doc/crypto/X509_PUBKEY.pod
-deleted file mode 100644
-index 7b85ffa..0000000
--- a/doc/crypto/X509_PUBKEY.pod
+++ /dev/null
@@ -1,111 +0,0 @@
@@ -126785,9 +134446,6 @@
-L<X509_get_pubkey(3)>,
-
-=cut
-diff --git a/doc/crypto/X509_PUBKEY_new.pod b/doc/crypto/X509_PUBKEY_new.pod
-new file mode 100644
-index 0000000..b133105
--- /dev/null
+++ b/doc/crypto/X509_PUBKEY_new.pod
@@ -0,0 +1,120 @@
@@ -126911,9 +134569,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_SIG_get0.pod b/doc/crypto/X509_SIG_get0.pod
-new file mode 100644
-index 0000000..1d61497
--- /dev/null
+++ b/doc/crypto/X509_SIG_get0.pod
@@ -0,0 +1,32 @@
@@ -126949,8 +134604,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod
-index 1cc6bb5..105e051 100644
--- a/doc/crypto/X509_STORE_CTX_get_error.pod
+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -3,20 +3,23 @@
@@ -126986,7 +134639,7 @@
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-@@ -39,11 +42,28 @@ non-negative integer representing where in the certificate chain the error
+@@ -39,11 +42,28 @@ non-negative integer representing where
occurred. If it is zero it occurred in the end entity certificate, one if
it is the certificate which signed the end entity certificate and so on.
@@ -127025,32 +134678,32 @@
=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
-@@ -302,10 +322,17 @@ thread safe but will never happen unless an invalid code is passed.
+@@ -302,10 +322,17 @@ thread safe but will never happen unless
=head1 SEE ALSO
-L<X509_verify_cert(3)>
+-
+-=head1 HISTORY
+-
+-TBA
+L<X509_verify_cert(3)>,
+L<X509_up_ref(3)>,
+L<X509_free(3)>.
+
+=head1 COPYRIGHT
-
--=head1 HISTORY
++
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-
--TBA
++
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
-index 17517b3..480b492 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
-@@ -7,12 +7,11 @@ X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert,
+@@ -7,12 +7,11 @@ X509_STORE_CTX_init, X509_STORE_CTX_set0
X509_STORE_CTX_set0_crls,
X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param,
@@ -127064,7 +134717,7 @@
X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
=head1 SYNOPSIS
-@@ -24,7 +23,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+@@ -24,11 +23,11 @@ X509_STORE_CTX_get_verify - X509_STORE_C
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
@@ -127073,7 +134726,12 @@
void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-@@ -37,7 +36,6 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+- void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
++ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+@@ -37,7 +36,6 @@ X509_STORE_CTX_get_verify - X509_STORE_C
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
@@ -127081,7 +134739,7 @@
STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-@@ -47,6 +45,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+@@ -47,6 +45,7 @@ X509_STORE_CTX_get_verify - X509_STORE_C
X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify);
@@ -127106,7 +134764,7 @@
X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
to B<param>. After this call B<param> should not be used.
-@@ -115,6 +111,23 @@ find an appropriate set of parameters from B<name>.
+@@ -115,6 +111,23 @@ find an appropriate set of parameters fr
X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
that were used in building the chain following a call to X509_verify_cert().
@@ -127130,7 +134788,7 @@
=head1 NOTES
The certificates and CRLs in a store are used internally and should B<not>
-@@ -147,6 +160,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
+@@ -147,6 +160,9 @@ X509_STORE_CTX_set_default() returns 1 f
X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
used.
@@ -127158,20 +134816,56 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
-index e89b806..1305f32 100644
--- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
+++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
-@@ -14,7 +14,7 @@ X509_STORE_CTX_set_verify_cb - get and set verification callback
+@@ -14,7 +14,19 @@ X509_STORE_CTX_set_verify_cb - get and s
X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
- X509_STORE_CTX_verify_cb verify_cb);
+ X509_STORE_CTX_verify_cb verify_cb);
++
++ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
++ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
=head1 DESCRIPTION
-@@ -68,92 +68,92 @@ X509_STORE_CTX_set_verify_cb() does not return a value.
+@@ -29,7 +41,7 @@ However a verification callback is B<not
+ is often sufficient.
+
+ The B<ok> parameter to the callback indicates the value the callback should
+-return to retain the default behaviour. If it is zero then and error condition
++return to retain the default behaviour. If it is zero then an error condition
+ is indicated. If it is 1 then no error occurred. If the flag
+ B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
+ policy checking is complete.
+@@ -43,6 +55,16 @@ be passed to the callback via the B<ex_d
+ X509_STORE_CTX_get_verify_cb() returns the value of the current callback
+ for the specific B<ctx>.
+
++X509_STORE_CTX_get_verify(), X509_STORE_CTX_get_get_issuer(),
++X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
++X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
++X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
++X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
++and X509_STORE_CTX_get_cleanup() return the function pointers cached
++from the corresponding B<X509_STORE>, please see
++L<X509_STORE_set_verify(3)> for more information.
++
++
+ =head1 WARNING
+
+ In general a verification callback should B<NOT> unconditionally return 1 in
+@@ -68,92 +90,92 @@ X509_STORE_CTX_set_verify_cb() does not
Default callback operation:
int verify_callback(int ok, X509_STORE_CTX *ctx)
@@ -127284,13 +134978,13 @@
- }
+ {
+ X509 *err_cert;
-+ int err,depth;
++ int err, depth;
+
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
-+ BIO_printf(bio_err,"depth=%d ",depth);
++ BIO_printf(bio_err, "depth=%d ", depth);
+ if (err_cert)
+ {
+ X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
@@ -127300,27 +134994,27 @@
+ else
+ BIO_puts(bio_err, "<no cert>\n");
+ if (!ok)
-+ BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
++ BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+ X509_verify_cert_error_string(err));
+ switch (err)
+ {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-+ BIO_puts(bio_err,"issuer= ");
++ BIO_puts(bio_err, "issuer= ");
+ X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+ 0, XN_FLAG_ONELINE);
+ BIO_puts(bio_err, "\n");
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-+ BIO_printf(bio_err,"notBefore=");
-+ ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
-+ BIO_printf(bio_err,"\n");
++ BIO_printf(bio_err, "notBefore=");
++ ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
++ BIO_printf(bio_err, "\n");
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-+ BIO_printf(bio_err,"notAfter=");
-+ ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
-+ BIO_printf(bio_err,"\n");
++ BIO_printf(bio_err, "notAfter=");
++ ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
++ BIO_printf(bio_err, "\n");
+ break;
+ case X509_V_ERR_NO_EXPLICIT_POLICY:
+ policies_print(bio_err, ctx);
@@ -127329,16 +135023,25 @@
+ if (err == X509_V_OK && ok == 2)
+ /* print out policies */
+
-+ BIO_printf(bio_err,"verify return:%d\n",ok);
++ BIO_printf(bio_err, "verify return:%d\n", ok);
+ return(ok);
+ }
=head1 SEE ALSO
-@@ -161,4 +161,13 @@ L<X509_STORE_CTX_get_error(3)>
+@@ -161,4 +183,22 @@ L<X509_STORE_CTX_get_error(3)>
L<X509_STORE_set_verify_cb_func(3)>
L<X509_STORE_CTX_get_ex_new_index(3)>
++=head1 HISTORY
++
++X509_STORE_CTX_get_verify(), X509_STORE_CTX_get_get_issuer(),
++X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
++X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
++X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
++X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
++and X509_STORE_CTX_get_cleanup() were addded in OpenSSL 1.1.0.
++
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -127349,9 +135052,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_STORE_get0_param.pod b/doc/crypto/X509_STORE_get0_param.pod
-new file mode 100644
-index 0000000..2144f2b
--- /dev/null
+++ b/doc/crypto/X509_STORE_get0_param.pod
@@ -0,0 +1,57 @@
@@ -127412,11 +135112,46 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_STORE_new.pod b/doc/crypto/X509_STORE_new.pod
-index 37cabb5..0d0656f 100644
--- a/doc/crypto/X509_STORE_new.pod
+++ b/doc/crypto/X509_STORE_new.pod
-@@ -32,5 +32,19 @@ X509_STORE_free() does not return values.
+@@ -2,7 +2,8 @@
+
+ =head1 NAME
+
+-X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and freeing functions
++X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,
++X509_STORE_unlock - X509_STORE allocation, freeing and locking functions
+
+ =head1 SYNOPSIS
+
+@@ -10,6 +11,8 @@ X509_STORE_new, X509_STORE_up_ref, X509_
+
+ X509_STORE *X509_STORE_new(void);
+ void X509_STORE_free(X509_STORE *v);
++ int X509_STORE_lock(X509_STORE *v);
++ int X509_STORE_unlock(X509_STORE *v);
+ int X509_STORE_up_ref(X509_STORE *v);
+
+ =head1 DESCRIPTION
+@@ -19,18 +22,37 @@ The X509_STORE_new() function returns a
+ X509_STORE_up_ref() increments the reference count associated with the
+ X509_STORE object.
+
++X509_STORE_lock() locks the store from modification by other threads,
++X509_STORE_unlock() locks it.
++
+ X509_STORE_free() frees up a single X509_STORE object.
+
+ =head1 RETURN VALUES
+
+ X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.
+
+-X509_STORE_up_ref() returns 1 for success and 0 for failure.
++X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return
++1 for success and 0 for failure.
+
+ X509_STORE_free() does not return values.
+
=head1 SEE ALSO
L<X509_STORE_set_verify_cb_func(3)>
@@ -127424,7 +135159,8 @@
+
+=head1 HISTORY
+
-+The B<X509_STORE_up_ref> function was added in OpenSSL 1.1.0
++The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock()
++functions were added in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
@@ -127436,33 +135172,202 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_STORE_set_verify_cb_func.pod b/doc/crypto/X509_STORE_set_verify_cb_func.pod
-index 67092db..7e66b23 100644
--- a/doc/crypto/X509_STORE_set_verify_cb_func.pod
+++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod
-@@ -9,10 +9,10 @@ X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callb
+@@ -8,44 +8,228 @@ X509_STORE_set_verify_cb_func, X509_STOR
+
#include <openssl/x509_vfy.h>
- void X509_STORE_set_verify_cb(X509_STORE *st,
+- void X509_STORE_set_verify_cb(X509_STORE *st,
- int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
-+ int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
++ typedef int (*X509_STORE_CTX_verify_cb)(int ok, X509_STORE_CTX *ctx);
++ typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *ctx);
++ typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
++ X509_STORE_CTX *ctx, X509 *x);
++ typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
++ X509 *x, X509 *issuer);
++ typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
++ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
++ X509_CRL **crl, X509 *x);
++ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
++ typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
++ X509_CRL *crl, X509 *x);
++ typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
++ typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
++ X509_NAME *nm);
++ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
++ X509_NAME *nm);
++ typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_verify_cb(X509_STORE *ctx,
++ X509_STORE_CTX_verify_cb verify_cb);
++ X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
++ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_get_issuer(X509_STORE *ctx,
++ X509_STORE_CTX_get_issuer_fn get_issuer);
++ X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_check_issued(X509_STORE *ctx,
++ X509_STORE_CTX_check_issued_fn check_issued);
++ X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_check_revocation(X509_STORE *ctx,
++ X509_STORE_CTX_check_revocation_fn check_revocation);
++ X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_get_crl(X509_STORE *ctx,
++ X509_STORE_CTX_get_crl_fn get_crl);
++ X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_check_crl(X509_STORE *ctx,
++ X509_STORE_CTX_check_crl_fn check_crl);
++ X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_cert_crl(X509_STORE *ctx,
++ X509_STORE_CTX_cert_crl_fn cert_crl);
++ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_check_policy(X509_STORE *ctx,
++ X509_STORE_CTX_check_policy_fn check_policy);
++ X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_lookup_certs(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_certs_fn lookup_certs);
++ X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_lookup_crls(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_crls_fn lookup_crls);
++ X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
++
++ void X509_STORE_set_cleanup(X509_STORE *ctx,
++ X509_STORE_CTX_cleanup_fn cleanup);
++ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
++ /* Aliases */
void X509_STORE_set_verify_cb_func(X509_STORE *st,
- int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
-+ int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
++ X509_STORE_CTX_verify_cb verify_cb);
++ void X509_STORE_set_verify_func(X509_STORE *ctx,
++ X509_STORE_CTX_verify_fn verify);
++ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_crls_fn lookup_crls);
=head1 DESCRIPTION
-@@ -24,14 +24,14 @@ is implemented as a macro.
+ X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
+-B<verify_cb> overwriting any existing callback.
+-
+-X509_STORE_set_verify_cb_func() also sets the verification callback but it
+-is implemented as a macro.
++B<verify_cb> overwriting the previous callback.
++The callback assigned with this function becomes a default for the one
++that can be assigned directly to the corresponding B<X509_STORE_CTX>,
++please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
++
++X509_STORE_set_verify() sets the final chain verification function for
++B<ctx> to B<verify>.
++Its purpose is to go through the chain of certificates and check that
++all signatures are valid and that the current time is within the
++limits of each certificate's first and last validity time.
++The final chain verification functions must return 0 on failure and 1
++on success.
++I<If no chain verification function is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_get_issuer() sets the function to get the issuer
++certificate that verifies the given certificate B<x>.
++When found, the issuer certificate must be assigned to B<*issuer>.
++This function must return 0 on failure and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_check_issued() sets the function to check that a given
++certificate B<x> is issued with the issuer certificate B<issuer>.
++This function must return 0 on failure (among others if B<x> hasn't
++been issued with B<issuer>) and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_check_revocation() sets the revocation checking
++function.
++Its purpose is to look through the final chain and check the
++revocation status for each certificate.
++It must return 0 on failure and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_get_crl() sets the function to get the crl for a given
++certificate B<x>.
++When found, the crl must be assigned to B<*crl>.
++This function must return 0 on failure and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_check_crl() sets the function to check the validity of
++the given B<crl>.
++This function must return 0 on failure and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_cert_crl() sets the function to check the revocation
++status of the given certificate B<x> against the given B<crl>.
++This function must return 0 on failure and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_check_policy() sets the function to check the policies
++of all the certificates in the final chain..
++This function must return 0 on failure and 1 on success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
++functions to look up all the certs or all the CRLs that match the
++given name B<nm>.
++These functions return NULL on failure and a pointer to a stack of
++certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
++success.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_set_cleanup() sets the final cleanup function, which is
++called when the context (B<X509_STORE_CTX>) is being torn down.
++This function doesn't return any value.
++I<If no function to get the issuer is provided, the internal default
++function will be used instead.>
++
++X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
++X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
++X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
++X509_STORE_get_check_crl(), X509_STORE_set_verify(),
++X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
++X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
++X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
++the function pointer assigned with X509_STORE_set_check_issued(),
++X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
++X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
++X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
++X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
++no assignment has been made.
++
++X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
++X509_STORE_set_lookup_crls_cb() are aliases for
++X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
++X509_STORE_set_lookup_crls, available as macros for backward
++compatibility.
=head1 NOTES
-The verification callback from an B<X509_STORE> is inherited by
-+The verification callback from an B<X509_STORE> is inherited by
- the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
+-the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
-be used to set the verification callback when the B<X509_STORE_CTX> is
-+be used to set the verification callback when the B<X509_STORE_CTX> is
- otherwise inaccessible (for example during S/MIME verification).
+-otherwise inaccessible (for example during S/MIME verification).
++All the callbacks from a B<X509_STORE> are inherited by the
++corresponding B<X509_STORE_CTX> structure when it is initialized.
++See L<X509_STORE_CTX_set_verify_cb(3)> for further details.
=head1 BUGS
@@ -127471,10 +135376,38 @@
OpenSSL 1.0.0.
=head1 RETURN VALUES
-@@ -48,4 +48,13 @@ L<CMS_verify(3)>
+-X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return
+-a value.
++The X509_STORE_set_*() functions do not return a value.
++
++The X509_STORE_get_*() functions return a pointer of the appropriate
++function type.
+
+ =head1 SEE ALSO
+
+-L<X509_STORE_CTX_set_verify_cb(3)>
++L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
+ L<CMS_verify(3)>
+
+ =head1 HISTORY
+
X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
++X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
++X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
++X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
++X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
++X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
++X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
++X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
++X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
++X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
++X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
++X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
++X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were addded in
++OpenSSL 1.1.0.
++
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -127485,11 +135418,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-index 04f5215..2800cd4 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-@@ -11,7 +11,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
+@@ -11,7 +11,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
unsigned long flags);
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
@@ -127498,7 +135429,7 @@
unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-@@ -20,9 +20,9 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
+@@ -20,9 +20,9 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY
void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
@@ -127511,7 +135442,7 @@
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-@@ -32,22 +32,22 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
+@@ -32,22 +32,22 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY
int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
@@ -127539,7 +135470,7 @@
The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
-@@ -61,7 +61,7 @@ X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
+@@ -61,7 +61,7 @@ X509_VERIFY_PARAM_set_purpose() sets the
to B<purpose>. This determines the acceptable purpose of the certificate
chain, for example SSL client or SSL server.
@@ -127548,7 +135479,7 @@
B<trust>.
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
-@@ -79,7 +79,7 @@ X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
+@@ -79,7 +79,7 @@ X509_VERIFY_PARAM_set_depth() sets the m
That is the maximum number of intermediate CA certificates that can appear in a
chain.
A maximal depth chain contains 2 more certificates than the limit, since
@@ -127557,7 +135488,7 @@
limit.
Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
directly by the trust-anchor, while with a B<depth> limit of 1 there can be one
-@@ -177,7 +177,7 @@ The verification flags consists of zero or more of the following flags
+@@ -177,7 +177,7 @@ The verification flags consists of zero
ored together.
B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
@@ -127575,7 +135506,7 @@
maintained.
If CRLs checking is enable CRLs are expected to be available in the
-@@ -260,7 +260,7 @@ CRLs from the CRL distribution points extension.
+@@ -260,7 +260,7 @@ CRLs from the CRL distribution points ex
=head1 EXAMPLE
@@ -127584,7 +135515,7 @@
connections associated with an B<SSL_CTX> structure B<ctx>:
X509_VERIFY_PARAM *param;
-@@ -282,4 +282,13 @@ The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0
+@@ -282,4 +282,13 @@ The B<X509_V_FLAG_NO_ALT_CHAINS> flag wa
The legacy B<X509_V_FLAG_CB_ISSUER_CHECK> flag is deprecated as of
OpenSSL 1.1.0, and has no effect.
@@ -127598,8 +135529,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_check_ca.pod b/doc/crypto/X509_check_ca.pod
-index 87b6c26..b79efb5 100644
--- a/doc/crypto/X509_check_ca.pod
+++ b/doc/crypto/X509_check_ca.pod
@@ -19,7 +19,7 @@ to sign other certificates).
@@ -127625,11 +135554,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod
-index d35ade8..9384815 100644
--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
-@@ -9,11 +9,11 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert
+@@ -9,11 +9,11 @@ X509_check_host, X509_check_email, X509_
#include <openssl/x509.h>
int X509_check_host(X509 *, const char *name, size_t namelen,
@@ -127658,8 +135585,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_check_issued.pod b/doc/crypto/X509_check_issued.pod
-index 0830e82..8e4b111 100644
--- a/doc/crypto/X509_check_issued.pod
+++ b/doc/crypto/X509_check_issued.pod
@@ -15,7 +15,7 @@ certificate
@@ -127685,12 +135610,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_dup.pod b/doc/crypto/X509_dup.pod
-new file mode 100644
-index 0000000..b93c228
--- /dev/null
+++ b/doc/crypto/X509_dup.pod
-@@ -0,0 +1,302 @@
+@@ -0,0 +1,301 @@
+=pod
+
+=head1 NAME
@@ -127932,8 +135854,8 @@
+
+ #include <openssl/asn1t.h>
+
-+ #define DECLARE_ASN1_FUNCTIONS(type) ...
-+ #define IMPLEMENT_ASN1_FUNCTIONS(stname) ...
++ DECLARE_ASN1_FUNCTIONS(type)
++ IMPLEMENT_ASN1_FUNCTIONS(stname)
+
+ typedef struct ASN1_ITEM_st ASN1_ITEM;
+
@@ -127943,7 +135865,6 @@
+ void TYPE_free(TYPE *a);
+ int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
+
-+
+=head1 DESCRIPTION
+
+In the description below, I<TYPE> is used
@@ -127993,8 +135914,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/X509_get0_signature.pod b/doc/crypto/X509_get0_signature.pod
-index 8758684..7de2236 100644
--- a/doc/crypto/X509_get0_signature.pod
+++ b/doc/crypto/X509_get0_signature.pod
@@ -4,7 +4,7 @@
@@ -128006,7 +135925,7 @@
=head1 SYNOPSIS
-@@ -82,4 +82,13 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
+@@ -82,4 +82,13 @@ X509_REQ_get0_signature(), X509_REQ_get_
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added
to OpenSSL 1.1.0.
@@ -128020,8 +135939,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_get0_uids.pod b/doc/crypto/X509_get0_uids.pod
-index a61c267..ccdded6 100644
--- a/doc/crypto/X509_get0_uids.pod
+++ b/doc/crypto/X509_get0_uids.pod
@@ -44,4 +44,13 @@ L<X509_sign(3)>,
@@ -128038,19 +135955,22 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod
-index c6e2486..2509b65 100644
--- a/doc/crypto/X509_get_extension_flags.pod
+++ b/doc/crypto/X509_get_extension_flags.pod
-@@ -2,13 +2,16 @@
+@@ -2,21 +2,35 @@
=head1 NAME
+-X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
+-retrieve certificate extension flags.
+X509_get0_subject_key_id,
+X509_get_pathlen,
- X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
--retrieve certificate extension flags.
-+retrieve certificate extension data
++X509_get_extension_flags,
++X509_get_key_usage,
++X509_get_extended_key_usage,
++X509_set_proxy_flag,
++X509_set_proxy_pathlen,
++X509_get_proxy_pathlen - retrieve certificate extension data
=head1 SYNOPSIS
@@ -128060,7 +135980,10 @@
uint32_t X509_get_extension_flags(X509 *x);
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
-@@ -16,7 +19,11 @@ retrieve certificate extension flags.
+ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
++ void X509_set_proxy_flag(X509 *x);
++ void X509_set_proxy_path_length(int l);
++ long X509_get_proxy_pathlen(X509 *x);
=head1 DESCRIPTION
@@ -128073,8 +135996,26 @@
X509_get_extension_flags() retrieves general information about a certificate,
it will return one or more of the following flags ored together.
-@@ -115,6 +122,9 @@ X509_get_ext_d2i().
+@@ -95,6 +109,17 @@ X509_get_extended_key_usage() return an
+ identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
+ is not present or cannot be parsed.
++X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
++This is for the users who need to mark non-RFC3820 proxy certificates as
++such, as OpenSSL only detects RFC3820 compliant ones.
++
++X509_set_proxy_pathlen() sets the proxy certificate path length for the given
++certificate B<x>. This is for the users who need to mark non-RFC3820 proxy
++certificates as such, as OpenSSL only detects RFC3820 compliant ones.
++
++X509_get_proxy_pathlen() returns the proxy certificate path length for the
++given certificate B<x> if it is a proxy certicate.
++
+ =head1 NOTES
+
+ The value of the flags correspond to extension values which are cached
+@@ -115,6 +140,9 @@ X509_get_ext_d2i().
+
=head1 RETURN VALUE
+X509_get_pathlen() returns the path length value, or -1 if the extension
@@ -128083,13 +136024,21 @@
X509_get_extension_flags(), X509_get_key_usage() and
X509_get_extended_key_usage() return sets of flags corresponding to the
certificate extension values.
-@@ -127,4 +137,17 @@ is absent or an error occurred during parsing.
+@@ -123,8 +151,25 @@ X509_get0_subject_key_id() returns the s
+ pointer to an B<ASN1_OCTET_STRING> structure or B<NULL> if the extension
+ is absent or an error occurred during parsing.
++X509_get_proxy_pathlen() returns the path length value if the given
++certificate is a proxy one and has a path length set, and -1 otherwise.
++
+ =head1 SEE ALSO
+
L<X509_check_purpose(3)>
+=head1 HISTORY
+
-+X509_get_pathlen() was added in OpenSSL 1.1.0.
++X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and
++X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
@@ -128101,11 +136050,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_get_pubkey.pod b/doc/crypto/X509_get_pubkey.pod
-index c2fb5c0..2a5718f 100644
--- a/doc/crypto/X509_get_pubkey.pod
+++ b/doc/crypto/X509_get_pubkey.pod
-@@ -3,9 +3,9 @@
+@@ -3,16 +3,16 @@
=head1 NAME
X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY,
@@ -128118,6 +136065,14 @@
=head1 SYNOPSIS
+ #include <openssl/x509.h>
+
+ EVP_PKEY *X509_get_pubkey(X509 *x);
+- EVP_PKEY *X509_get0_pubkey(X509 *x);
++ EVP_PKEY *X509_get0_pubkey(const X509 *x);
+ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
+
@@ -37,7 +37,7 @@ must not be freed up after use.
X509_set_pubkey() attempts to set the public key for certificate B<x> to
B<pkey>. The key B<pkey> should be freed up after use.
@@ -128142,8 +136097,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/X509_get_serialNumber.pod b/doc/crypto/X509_get_serialNumber.pod
-index 42ba257..4f1b033 100644
--- a/doc/crypto/X509_get_serialNumber.pod
+++ b/doc/crypto/X509_get_serialNumber.pod
@@ -3,7 +3,7 @@
@@ -128169,8 +136122,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_get_subject_name.pod b/doc/crypto/X509_get_subject_name.pod
-index dcbf969..3889735 100644
--- a/doc/crypto/X509_get_subject_name.pod
+++ b/doc/crypto/X509_get_subject_name.pod
@@ -5,7 +5,7 @@
@@ -128210,8 +136161,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_get_version.pod b/doc/crypto/X509_get_version.pod
-index b02f12b..c7decc3 100644
--- a/doc/crypto/X509_get_version.pod
+++ b/doc/crypto/X509_get_version.pod
@@ -4,7 +4,7 @@
@@ -128246,8 +136195,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod
-index 8db6cdb..4f53499 100644
--- a/doc/crypto/X509_new.pod
+++ b/doc/crypto/X509_new.pod
@@ -2,6 +2,7 @@
@@ -128258,7 +136205,7 @@
X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
=head1 SYNOPSIS
-@@ -10,7 +11,7 @@ X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
+@@ -10,7 +11,7 @@ X509_new, X509_free, X509_up_ref - X509
X509 *X509_new(void);
void X509_free(X509 *a);
@@ -128267,7 +136214,7 @@
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
=head1 DESCRIPTION
-@@ -46,7 +47,7 @@ If the allocation fails, X509_new() returns B<NULL> and sets an error
+@@ -46,7 +47,7 @@ If the allocation fails, X509_new() retu
code that can be obtained by L<ERR_get_error(3)>.
Otherwise it returns a pointer to the newly allocated structure.
@@ -128290,8 +136237,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_sign.pod b/doc/crypto/X509_sign.pod
-index fa24360..994fd43 100644
--- a/doc/crypto/X509_sign.pod
+++ b/doc/crypto/X509_sign.pod
@@ -4,7 +4,7 @@
@@ -128303,7 +136248,7 @@
=head1 SYNOPSIS
-@@ -30,7 +30,7 @@ certificate B<x> but uses the parameters contained in digest context B<ctx>.
+@@ -30,7 +30,7 @@ certificate B<x> but uses the parameters
X509_verify() verifies the signature of certificate B<x> using public key
B<pkey>. Only the signature is checked: no other checks (such as certificate
@@ -128326,11 +136271,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
-index a84ef00..74acf8d 100644
--- a/doc/crypto/X509_verify_cert.pod
+++ b/doc/crypto/X509_verify_cert.pod
-@@ -31,12 +31,13 @@ Applications rarely call this function directly but it is used by
+@@ -31,12 +31,13 @@ Applications rarely call this function d
OpenSSL internally for certificate validation, in both the S/MIME and
SSL/TLS code.
@@ -128364,8 +136307,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/X509v3_get_ext_by_NID.pod b/doc/crypto/X509v3_get_ext_by_NID.pod
-index b11d663..b379678 100644
--- a/doc/crypto/X509v3_get_ext_by_NID.pod
+++ b/doc/crypto/X509v3_get_ext_by_NID.pod
@@ -4,15 +4,14 @@
@@ -128386,7 +136327,7 @@
=head1 SYNOPSIS
-@@ -31,10 +30,6 @@ X509_REVOKED_add_ext - extension stack utility functions.
+@@ -31,32 +30,28 @@ X509_REVOKED_add_ext - extension stack u
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509_EXTENSION *ex, int loc);
@@ -128394,10 +136335,47 @@
- STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
- STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
-
- int X509_get_ext_count(X509 *x);
- X509_EXTENSION *X509_get_ext(X509 *x, int loc);
- int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-@@ -75,7 +70,7 @@ extension after B<lastpos> or from the beginning if <lastpos> is B<-1>. If
+- int X509_get_ext_count(X509 *x);
+- X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+- int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+- int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
+- int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
++ int X509_get_ext_count(const X509 *x);
++ X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
++ int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
++ int X509_get_ext_by_OBJ(const X509 *x, ASN1_OBJECT *obj, int lastpos);
++ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+ X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+
+- int X509_CRL_get_ext_count(X509_CRL *x);
+- X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+- int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+- int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
+- int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
++ int X509_CRL_get_ext_count(const X509_CRL *x);
++ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
++ int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
++ int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
++ int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+
+- int X509_REVOKED_get_ext_count(X509_REVOKED *x);
+- X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+- int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+- int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
++ int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
++ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
++ int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
++ int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, ASN1_OBJECT *obj,
+ int lastpos);
+- int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
++ int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
+ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+
+@@ -75,7 +70,7 @@ extension after B<lastpos> or from the b
the extension is found its index is returned otherwise B<-1> is returned.
X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it
@@ -128406,7 +136384,7 @@
looks for a non-critical extension a non-zero value looks for a critical
extension.
-@@ -88,10 +83,6 @@ B<loc> is B<-1> the new extension is added to the end. If B<*x> is B<NULL>
+@@ -88,10 +83,6 @@ B<loc> is B<-1> the new extension is add
a new stack will be allocated. The passed extension B<ex> is duplicated
internally so it must be freed after use.
@@ -128439,11 +136417,9 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/bio.pod b/doc/crypto/bio.pod
-index fc1da92..5a305c6 100644
--- a/doc/crypto/bio.pod
+++ b/doc/crypto/bio.pod
-@@ -1,16 +1,15 @@
+@@ -1,16 +1,17 @@
=pod
+=for comment openssl_manual_section 7
@@ -128452,6 +136428,8 @@
-bio - I/O abstraction
+bio - Basic I/O abstraction
++
++=for comment generic
=head1 SYNOPSIS
@@ -128463,7 +136441,7 @@
=head1 DESCRIPTION
A BIO is an I/O abstraction, it hides many of the underlying I/O
-@@ -37,6 +36,28 @@ BIO and one or more filter BIOs. Data read from or written to the
+@@ -37,6 +38,28 @@ BIO and one or more filter BIOs. Data re
first BIO then traverses the chain to the end (normally a source/sink
BIO).
@@ -128492,7 +136470,7 @@
=head1 SEE ALSO
L<BIO_ctrl(3)>,
-@@ -53,3 +74,15 @@ L<BIO_s_mem(3)>,
+@@ -53,3 +76,15 @@ L<BIO_s_mem(3)>,
L<BIO_s_null(3)>, L<BIO_s_socket(3)>,
L<BIO_set_callback(3)>,
L<BIO_should_retry(3)>
@@ -128508,9 +136486,6 @@
+
+=cut
+
-diff --git a/doc/crypto/blowfish.pod b/doc/crypto/blowfish.pod
-deleted file mode 100644
-index 25b954c..0000000
--- a/doc/crypto/blowfish.pod
+++ /dev/null
@@ -1,108 +0,0 @@
@@ -128622,9 +136597,6 @@
-L<des_modes(7)>
-
-=cut
-diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod
-deleted file mode 100644
-index 37d638d..0000000
--- a/doc/crypto/bn.pod
+++ /dev/null
@@ -1,188 +0,0 @@
@@ -128816,9 +136788,6 @@
-L<BN_BLINDING_new(3)>
-
-=cut
-diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod
-deleted file mode 100644
-index e609a08..0000000
--- a/doc/crypto/bn_internal.pod
+++ /dev/null
@@ -1,238 +0,0 @@
@@ -129060,9 +137029,6 @@
-L<bn(3)>
-
-=cut
-diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
-deleted file mode 100644
-index a2543e8..0000000
--- a/doc/crypto/buffer.pod
+++ /dev/null
@@ -1,59 +0,0 @@
@@ -129125,8 +137091,6 @@
-BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
-
-=cut
-diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod
-index 6e23c1a..6ed3a90 100644
--- a/doc/crypto/crypto.pod
+++ b/doc/crypto/crypto.pod
@@ -1,11 +1,15 @@
@@ -129145,7 +137109,7 @@
=head1 DESCRIPTION
The OpenSSL B<crypto> library implements a wide range of cryptographic
-@@ -14,8 +18,6 @@ by this library are used by the OpenSSL implementations of SSL, TLS
+@@ -14,8 +18,6 @@ by this library are used by the OpenSSL
and S/MIME, and they have also been used to implement SSH, OpenPGP, and
other cryptographic standards.
@@ -129154,7 +137118,7 @@
B<libcrypto> consists of a number of sub-libraries that implement the
individual algorithms.
-@@ -24,8 +26,6 @@ cryptography and key agreement, certificate handling, cryptographic
+@@ -24,8 +26,6 @@ cryptography and key agreement, certific
hash functions, cryptographic pseudo-random number generator, and
various utilities.
@@ -129163,7 +137127,7 @@
=head1 NOTES
Some of the newer functions follow a naming convention using the numbers
-@@ -42,8 +42,21 @@ The B<1> function uses a copy of the supplied structure pointer
+@@ -42,8 +42,21 @@ The B<1> function uses a copy of the sup
(or in some cases increases its link count) in the parent and
so both (B<x> and B<obj> above) should be freed up.
@@ -129185,9 +137149,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/d2i_ASN1_OBJECT.pod b/doc/crypto/d2i_ASN1_OBJECT.pod
-deleted file mode 100644
-index 32c6b05..0000000
--- a/doc/crypto/d2i_ASN1_OBJECT.pod
+++ /dev/null
@@ -1,29 +0,0 @@
@@ -129220,9 +137181,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod
-deleted file mode 100644
-index e3142cb..0000000
--- a/doc/crypto/d2i_CMS_ContentInfo.pod
+++ /dev/null
@@ -1,25 +0,0 @@
@@ -129251,8 +137209,6 @@
-L<d2i_X509(3)>
-
-=cut
-diff --git a/doc/crypto/d2i_DHparams.pod b/doc/crypto/d2i_DHparams.pod
-index f13d0b5..cd1c162 100644
--- a/doc/crypto/d2i_DHparams.pod
+++ b/doc/crypto/d2i_DHparams.pod
@@ -2,7 +2,7 @@
@@ -129264,7 +137220,7 @@
=head1 SYNOPSIS
-@@ -23,8 +23,13 @@ described in the L<d2i_X509(3)> manual page.
+@@ -23,8 +23,13 @@ described in the L<d2i_X509(3)> manual p
L<d2i_X509(3)>
@@ -129280,9 +137236,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod
-deleted file mode 100644
-index 1344b00..0000000
--- a/doc/crypto/d2i_DSAPublicKey.pod
+++ /dev/null
@@ -1,91 +0,0 @@
@@ -129377,9 +137330,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/d2i_ECPKParameters.pod b/doc/crypto/d2i_ECPKParameters.pod
-deleted file mode 100644
-index abb6f4f..0000000
--- a/doc/crypto/d2i_ECPKParameters.pod
+++ /dev/null
@@ -1,84 +0,0 @@
@@ -129467,9 +137417,6 @@
-L<EC_GFp_simple_method(3)>, L<d2i_X509(3)>
-
-=cut
-diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod
-deleted file mode 100644
-index 0859579..0000000
--- a/doc/crypto/d2i_ECPrivateKey.pod
+++ /dev/null
@@ -1,67 +0,0 @@
@@ -129540,9 +137487,6 @@
-L<d2i_ECPrivateKey(3)>
-
-=cut
-diff --git a/doc/crypto/d2i_Netscape_RSA.pod b/doc/crypto/d2i_Netscape_RSA.pod
-new file mode 100644
-index 0000000..ee39bd8
--- /dev/null
+++ b/doc/crypto/d2i_Netscape_RSA.pod
@@ -0,0 +1,38 @@
@@ -129584,9 +137528,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey.pod
-deleted file mode 100644
-index cc20479..0000000
--- a/doc/crypto/d2i_PKCS8PrivateKey.pod
+++ /dev/null
@@ -1,52 +0,0 @@
@@ -129642,9 +137583,6 @@
-L<pem(3)>
-
-=cut
-diff --git a/doc/crypto/d2i_PKCS8PrivateKey_bio.pod b/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
-new file mode 100644
-index 0000000..164d93f
--- /dev/null
+++ b/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
@@ -0,0 +1,61 @@
@@ -129709,9 +137647,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/d2i_PrivateKey.pod b/doc/crypto/d2i_PrivateKey.pod
-new file mode 100644
-index 0000000..6b12ad9
--- /dev/null
+++ b/doc/crypto/d2i_PrivateKey.pod
@@ -0,0 +1,71 @@
@@ -129786,9 +137721,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod
-deleted file mode 100644
-index 946fe0f..0000000
--- a/doc/crypto/d2i_RSAPublicKey.pod
+++ /dev/null
@@ -1,78 +0,0 @@
@@ -129870,8 +137802,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
-index 3cd2509..06546a4 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -2,83 +2,425 @@
@@ -130226,70 +138156,73 @@
+i2d_X509_SIG,
+i2d_X509_VAL,
+- convert objects from/to ASN.1/DER representation
-+
+
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
+- int i2d_X509(X509 *x, unsigned char **out);
+=for comment generic
- =head1 SYNOPSIS
+- X509 *d2i_X509_bio(BIO *bp, X509 **x);
+- X509 *d2i_X509_fp(FILE *fp, X509 **x);
+-
+- int i2d_X509_bio(BIO *bp, X509 *x);
+- int i2d_X509_fp(FILE *fp, X509 *x);
++=head1 SYNOPSIS
-- #include <openssl/x509.h>
+- int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+ TYPE *d2i_TYPE(TYPE **a, unsigned char **pp, long length);
+ TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
-
-- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
-- int i2d_X509(X509 *x, unsigned char **out);
++
+ int i2d_TYPE(TYPE *a, unsigned char **pp);
+ int i2d_TYPE_fp(FILE *fp, TYPE *a);
+ int i2d_TYPE_bio(BIO *bp, TYPE *a);
-- X509 *d2i_X509_bio(BIO *bp, X509 **x);
-- X509 *d2i_X509_fp(FILE *fp, X509 **x);
-+=head1 DESCRIPTION
+ =head1 DESCRIPTION
-- int i2d_X509_bio(BIO *bp, X509 *x);
-- int i2d_X509_fp(FILE *fp, X509 *x);
+-The X509 encode and decode routines encode and parse an
+-B<X509> structure, which represents an X509 certificate.
+In the description here, I<TYPE> is used a placeholder
+for any of the OpenSSL datatypes, such as I<X509_CRL>.
-- int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+-d2i_X509() attempts to decode B<len> bytes at B<*in>. If
+-successful a pointer to the B<X509> structure is returned. If an error
+-occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+-returned structure is written to B<*px>. If B<*px> is not B<NULL>
+-then it is assumed that B<*px> contains a valid B<X509>
+-structure and an attempt is made to reuse it. This "reuse" capability is present
+-for historical compatibility but its use is B<strongly discouraged> (see BUGS
+-below, and the discussion in the RETURN VALUES section).
+These functions convert OpenSSL objects to and from their ASN.1/DER
+encoding. Unlike the C structures which can have pointers to sub-objects
+within, the DER is a serialized encoding, suitable for sending over the
+network, writing to a file, and so on.
-
--=head1 DESCRIPTION
++
+d2i_TYPE() attempts to decode B<len> bytes at B<*in>. If successful a
+pointer to the B<TYPE> structure is returned and B<*in> is incremented to
+the byte following the parsed data. If B<a> is not B<NULL> then a pointer
+to the returned structure is also written to B<*a>. If an error occurred
+then B<NULL> is returned.
-
--The X509 encode and decode routines encode and parse an
--B<X509> structure, which represents an X509 certificate.
++
+On a successful return, if B<*a> is not B<NULL> then it is assumed that B<*a>
+contains a valid B<TYPE> structure and an attempt is made to reuse it. This
+"reuse" capability is present for historical compatibility but its use is
+B<strongly discouraged> (see BUGS below, and the discussion in the RETURN
+VALUES section).
--d2i_X509() attempts to decode B<len> bytes at B<*in>. If
--successful a pointer to the B<X509> structure is returned. If an error
--occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
--returned structure is written to B<*px>. If B<*px> is not B<NULL>
--then it is assumed that B<*px> contains a valid B<X509>
--structure and an attempt is made to reuse it. This "reuse" capability is present
--for historical compatibility but its use is B<strongly discouraged> (see BUGS
--below, and the discussion in the RETURN VALUES section).
+-If the call is successful B<*in> is incremented to the byte following the
+-parsed data.
+d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts
+to parse data from BIO B<bp>.
--If the call is successful B<*in> is incremented to the byte following the
--parsed data.
+-i2d_X509() encodes the structure pointed to by B<x> into DER format.
+-If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts
+to parse data from FILE pointer B<fp>.
-
--i2d_X509() encodes the structure pointed to by B<x> into DER format.
--If B<out> is not B<NULL> is writes the DER encoded data to the buffer
++
+i2d_TYPE() encodes the structure pointed to by B<a> into DER format.
+If B<out> is not B<NULL>, it writes the DER encoded data to the buffer
at B<*out>, and increments it to point after the data just written.
@@ -130300,11 +138233,11 @@
-allocated for a buffer and the encoded data written to it. In this
-case B<*out> is not incremented and it points to the start of the
-data just written.
+-
+-d2i_X509_bio() is similar to d2i_X509() except it attempts
+-to parse data from BIO B<bp>.
+returns the length of the encoded data.
--d2i_X509_bio() is similar to d2i_X509() except it attempts
--to parse data from BIO B<bp>.
--
-d2i_X509_fp() is similar to d2i_X509() except it attempts
-to parse data from FILE pointer B<fp>.
+If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded
@@ -130413,7 +138346,7 @@
=head1 EXAMPLES
-@@ -103,7 +493,7 @@ Allocate and encode the DER encoding of an X509 structure:
+@@ -103,7 +493,7 @@ another will processed after it.
buf = NULL;
len = i2d_X509(x, &buf);
if (len < 0)
@@ -130422,7 +138355,7 @@
Attempt to decode a buffer:
-@@ -111,12 +501,11 @@ Attempt to decode a buffer:
+@@ -111,12 +501,11 @@ another will processed after it.
unsigned char *buf, *p;
int len;
@@ -130437,7 +138370,7 @@
Alternative technique:
-@@ -124,17 +513,16 @@ Alternative technique:
+@@ -124,17 +513,16 @@ another will processed after it.
unsigned char *buf, *p;
int len;
@@ -130459,7 +138392,7 @@
mistake is to attempt to use a buffer directly as follows:
int len;
-@@ -142,24 +530,22 @@ mistake is to attempt to use a buffer directly as follows:
+@@ -142,24 +530,22 @@ The use of temporary variable is mandato
len = i2d_X509(x, NULL);
buf = OPENSSL_malloc(len);
@@ -130514,37 +138447,23 @@
-in the B<X509> structure internally to improve encoding performance
-and to ensure certificate signatures are verified correctly in some
-certificates with broken (non-DER) encodings.
-+Any function which encodes a structure (i2d_TYPE(),
-+i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the
-+structure has been modified after deserialization or previous
-+serialization. This is because some objects cache the encoding for
-+efficiency reasons.
-
+-
-Any function which encodes an X509 structure such as i2d_X509(),
-i2d_X509_fp() or i2d_X509_bio() may return a stale encoding if the
-B<X509> structure has been modified after deserialization or previous
-serialization.
-+=head1 RETURN VALUES
-
+-
-If, after modification, the B<X509> object is re-signed with X509_sign(),
-the encoding is automatically renewed. Otherwise, the encoding of the
-TBSCertificate portion of the B<X509> can be manually renewed by calling
-i2d_re_X509_tbs().
-+d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B<TYPE> structure
-+or B<NULL> if an error occurs. If the "reuse" capability has been used with
-+a valid structure being passed in via B<a>, then the object is not freed in
-+the event of error but may be in a potentially invalid or inconsistent state.
++Any function which encodes a structure (i2d_TYPE(),
++i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the
++structure has been modified after deserialization or previous
++serialization. This is because some objects cache the encoding for
++efficiency reasons.
--=head1 RETURN VALUES
-+i2d_TYPE() returns the number of bytes successfully encoded or a negative
-+value if an error occurs.
-+
-+i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error
-+occurs.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ =head1 RETURN VALUES
-d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
-or B<NULL> if an error occurs. The error code that can be obtained by
@@ -130578,15 +138497,27 @@
-L<X509_sign(3)>,
-L<X509V3_get_d2i(3)>,
-L<X509_verify_cert(3)>
++d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B<TYPE> structure
++or B<NULL> if an error occurs. If the "reuse" capability has been used with
++a valid structure being passed in via B<a>, then the object is not freed in
++the event of error but may be in a potentially invalid or inconsistent state.
++
++i2d_TYPE() returns the number of bytes successfully encoded or a negative
++value if an error occurs.
++
++i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error
++occurs.
++
++=head1 COPYRIGHT
++
++Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
++
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/crypto/d2i_X509_ALGOR.pod b/doc/crypto/d2i_X509_ALGOR.pod
-deleted file mode 100644
-index fb8a75d..0000000
--- a/doc/crypto/d2i_X509_ALGOR.pod
+++ /dev/null
@@ -1,55 +0,0 @@
@@ -130645,9 +138576,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/d2i_X509_CRL.pod b/doc/crypto/d2i_X509_CRL.pod
-deleted file mode 100644
-index 96f5a4d..0000000
--- a/doc/crypto/d2i_X509_CRL.pod
+++ /dev/null
@@ -1,39 +0,0 @@
@@ -130690,9 +138618,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod
-deleted file mode 100644
-index d1d32df..0000000
--- a/doc/crypto/d2i_X509_NAME.pod
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -130741,9 +138666,6 @@
-L<d2i_X509(3)>
-
-=cut
-diff --git a/doc/crypto/d2i_X509_REQ.pod b/doc/crypto/d2i_X509_REQ.pod
-deleted file mode 100644
-index 0d66da7..0000000
--- a/doc/crypto/d2i_X509_REQ.pod
+++ /dev/null
@@ -1,39 +0,0 @@
@@ -130786,9 +138708,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/d2i_X509_SIG.pod b/doc/crypto/d2i_X509_SIG.pod
-deleted file mode 100644
-index 08d0876..0000000
--- a/doc/crypto/d2i_X509_SIG.pod
+++ /dev/null
@@ -1,36 +0,0 @@
@@ -130828,9 +138747,6 @@
-TBA
-
-=cut
-diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
-deleted file mode 100644
-index 19b6662..0000000
--- a/doc/crypto/des.pod
+++ /dev/null
@@ -1,320 +0,0 @@
@@ -131154,11 +139070,9 @@
-L<EVP_EncryptInit(3)>
-
-=cut
-diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod
-index bd6a358..5107b77 100644
--- a/doc/crypto/des_modes.pod
+++ b/doc/crypto/des_modes.pod
-@@ -240,16 +240,24 @@ This text was been written in large parts by Eric Young in his original
+@@ -240,16 +240,24 @@ This text was been written in large part
documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed
it to:
@@ -131189,9 +139103,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod
-deleted file mode 100644
-index b1eaa48..0000000
--- a/doc/crypto/dh.pod
+++ /dev/null
@@ -1,61 +0,0 @@
@@ -131256,9 +139167,6 @@
-L<RSA_print(3)>
-
-=cut
-diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod
-deleted file mode 100644
-index 9cf1c49..0000000
--- a/doc/crypto/dsa.pod
+++ /dev/null
@@ -1,109 +0,0 @@
@@ -131371,9 +139279,6 @@
-L<RSA_print(3)>
-
-=cut
-diff --git a/doc/crypto/ec.pod b/doc/crypto/ec.pod
-deleted file mode 100644
-index d6f1381..0000000
--- a/doc/crypto/ec.pod
+++ /dev/null
@@ -1,198 +0,0 @@
@@ -131575,9 +139480,6 @@
-
-
-=cut
-diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod
-deleted file mode 100644
-index c2e786e..0000000
--- a/doc/crypto/ecdsa.pod
+++ /dev/null
@@ -1,189 +0,0 @@
@@ -131770,9 +139672,6 @@
-L<EVP_DigestVerifyInit(3)>
-
-=cut
-diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
-deleted file mode 100644
-index 8d1b3df..0000000
--- a/doc/crypto/engine.pod
+++ /dev/null
@@ -1,566 +0,0 @@
@@ -132342,9 +140241,6 @@
-OPENSSL_init_crypto().
-
-=cut
-diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
-deleted file mode 100644
-index 33cb19d..0000000
--- a/doc/crypto/err.pod
+++ /dev/null
@@ -1,199 +0,0 @@
@@ -132547,8 +140443,6 @@
-OPENSSL_init_crypto().
-
-=cut
-diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod
-index 09870b4..31f4590 100644
--- a/doc/crypto/evp.pod
+++ b/doc/crypto/evp.pod
@@ -1,5 +1,7 @@
@@ -132559,7 +140453,7 @@
=head1 NAME
evp - high-level cryptographic functions
-@@ -61,6 +63,10 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD
+@@ -61,6 +63,10 @@ based encryption. Careful selection of t
implementation. However, new applications should not typically use this (preferring, for example,
PBKDF2 from PCKS#5).
@@ -132570,7 +140464,7 @@
All the symmetric algorithms (ciphers), digests and asymmetric algorithms
(public key algorithms) can be replaced by L<engine(3)> modules providing alternative
implementations. If ENGINE implementations of ciphers or digests are registered
-@@ -71,7 +77,7 @@ implementations. For more information, consult the engine(3) man page.
+@@ -71,7 +77,7 @@ implementations. For more information, c
Although low level algorithm specific functions exist for many algorithms
their use is discouraged. They cannot be used with an ENGINE and ENGINE
versions of new algorithms cannot be accessed using the low level functions.
@@ -132601,9 +140495,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod
-deleted file mode 100644
-index 57c274c..0000000
--- a/doc/crypto/hmac.pod
+++ /dev/null
@@ -1,113 +0,0 @@
@@ -132720,8 +140611,6 @@
-versions of OpenSSL before 1.0.0.
-
-=cut
-diff --git a/doc/crypto/i2d_CMS_bio_stream.pod b/doc/crypto/i2d_CMS_bio_stream.pod
-index 42b06c2..ece7a48 100644
--- a/doc/crypto/i2d_CMS_bio_stream.pod
+++ b/doc/crypto/i2d_CMS_bio_stream.pod
@@ -2,7 +2,7 @@
@@ -132747,8 +140636,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/i2d_PKCS7_bio_stream.pod b/doc/crypto/i2d_PKCS7_bio_stream.pod
-index 7a96cf9..b42940a 100644
--- a/doc/crypto/i2d_PKCS7_bio_stream.pod
+++ b/doc/crypto/i2d_PKCS7_bio_stream.pod
@@ -2,7 +2,7 @@
@@ -132774,9 +140661,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/crypto/i2d_re_X509_tbs.pod b/doc/crypto/i2d_re_X509_tbs.pod
-new file mode 100644
-index 0000000..672c7ab
--- /dev/null
+++ b/doc/crypto/i2d_re_X509_tbs.pod
@@ -0,0 +1,79 @@
@@ -132859,9 +140743,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/crypto/lh_stats.pod b/doc/crypto/lh_stats.pod
-deleted file mode 100644
-index fa7bd9d..0000000
--- a/doc/crypto/lh_stats.pod
+++ /dev/null
@@ -1,54 +0,0 @@
@@ -132919,9 +140800,6 @@
-L<bio(3)>, L<lhash(3)>
-
-=cut
-diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod
-deleted file mode 100644
-index 7d39a67..0000000
--- a/doc/crypto/lhash.pod
+++ /dev/null
@@ -1,246 +0,0 @@
@@ -133171,9 +141049,6 @@
-type checking.
-
-=cut
-diff --git a/doc/crypto/md5.pod b/doc/crypto/md5.pod
-deleted file mode 100644
-index a8c0718..0000000
--- a/doc/crypto/md5.pod
+++ /dev/null
@@ -1,92 +0,0 @@
@@ -133269,9 +141144,6 @@
-L<EVP_DigestInit(3)>
-
-=cut
-diff --git a/doc/crypto/mdc2.pod b/doc/crypto/mdc2.pod
-deleted file mode 100644
-index f7cc425..0000000
--- a/doc/crypto/mdc2.pod
+++ /dev/null
@@ -1,59 +0,0 @@
@@ -133334,9 +141206,6 @@
-L<EVP_DigestInit(3)>
-
-=cut
-diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
-deleted file mode 100644
-index 5687375..0000000
--- a/doc/crypto/pem.pod
+++ /dev/null
@@ -1,458 +0,0 @@
@@ -133798,9 +141667,6 @@
-=head1 SEE ALSO
-
-L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
-diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
-deleted file mode 100644
-index 46de8f7..0000000
--- a/doc/crypto/rand.pod
+++ /dev/null
@@ -1,77 +0,0 @@
@@ -133881,9 +141747,6 @@
-L<RAND_cleanup(3)>
-
-=cut
-diff --git a/doc/crypto/rc4.pod b/doc/crypto/rc4.pod
-deleted file mode 100644
-index af2a609..0000000
--- a/doc/crypto/rc4.pod
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -133944,9 +141807,6 @@
-L<EVP_EncryptInit(3)>
-
-=cut
-diff --git a/doc/crypto/ripemd.pod b/doc/crypto/ripemd.pod
-deleted file mode 100644
-index c7a94cc..0000000
--- a/doc/crypto/ripemd.pod
+++ /dev/null
@@ -1,63 +0,0 @@
@@ -134013,9 +141873,6 @@
-L<EVP_DigestInit(3)>
-
-=cut
-diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod
-deleted file mode 100644
-index a1341b8..0000000
--- a/doc/crypto/rsa.pod
+++ /dev/null
@@ -1,103 +0,0 @@
@@ -134122,9 +141979,6 @@
-L<RSA_padding_add_PKCS1_type_1(3)>
-
-=cut
-diff --git a/doc/crypto/sha.pod b/doc/crypto/sha.pod
-deleted file mode 100644
-index 26f1df3..0000000
--- a/doc/crypto/sha.pod
+++ /dev/null
@@ -1,99 +0,0 @@
@@ -134227,9 +142081,6 @@
-L<EVP_DigestInit(3)>
-
-=cut
-diff --git a/doc/crypto/sk_X509_num.pod b/doc/crypto/sk_X509_num.pod
-deleted file mode 100644
-index eebdeb3..0000000
--- a/doc/crypto/sk_X509_num.pod
+++ /dev/null
@@ -1,200 +0,0 @@
@@ -134433,9 +142284,6 @@
-
-Use of inline functions and application defined stacks first appeared in
-OpenSSL 1.1.0. Previous versions of OpenSSL implemented stacks as macros.
-diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
-deleted file mode 100644
-index 90c5709..0000000
--- a/doc/crypto/threads.pod
+++ /dev/null
@@ -1,82 +0,0 @@
@@ -134521,9 +142369,6 @@
-L<crypto(3)>
-
-=cut
-diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod
-deleted file mode 100644
-index f03e989..0000000
--- a/doc/crypto/ui.pod
+++ /dev/null
@@ -1,186 +0,0 @@
@@ -134713,8 +142558,6 @@
-L<ui_create(3)>, L<ui_compat(3)>
-
-=cut
-diff --git a/doc/crypto/x509.pod b/doc/crypto/x509.pod
-index 8639525..8319b15 100644
--- a/doc/crypto/x509.pod
+++ b/doc/crypto/x509.pod
@@ -1,5 +1,7 @@
@@ -134739,8 +142582,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/DTLSv1_listen.pod b/doc/ssl/DTLSv1_listen.pod
-index 7416693..a839d9f 100644
--- a/doc/ssl/DTLSv1_listen.pod
+++ b/doc/ssl/DTLSv1_listen.pod
@@ -2,7 +2,7 @@
@@ -134766,8 +142607,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/OPENSSL_init_ssl.pod b/doc/ssl/OPENSSL_init_ssl.pod
-index 110a282..b963e5e 100644
--- a/doc/ssl/OPENSSL_init_ssl.pod
+++ b/doc/ssl/OPENSSL_init_ssl.pod
@@ -72,4 +72,13 @@ L<OPENSSL_init_crypto(3)>
@@ -134784,8 +142623,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod
-index 296aa32..b7ee3c8 100644
--- a/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/doc/ssl/SSL_CIPHER_get_name.pod
@@ -2,7 +2,11 @@
@@ -134801,7 +142638,7 @@
=head1 SYNOPSIS
-@@ -112,4 +116,13 @@ rather than a fixed string, in OpenSSL 1.1
+@@ -112,4 +116,13 @@ rather than a fixed string, in OpenSSL 1
L<ssl(3)>, L<SSL_get_current_cipher(3)>,
L<SSL_get_ciphers(3)>, L<ciphers(1)>
@@ -134815,11 +142652,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
-index fe10e1b..c455832 100644
--- a/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
-@@ -26,7 +26,7 @@ It cannot be set for specific SSL_CTX or SSL objects.
+@@ -26,7 +26,7 @@ It cannot be set for specific SSL_CTX or
In versions of OpenSSL prior to 1.1.0 SSL_COMP_free_compression_methods() freed
the internal table of compression methods that were built internally, and
possibly augmented by adding SSL_COMP_add_compression_method(). However this is
@@ -134842,8 +142677,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CONF_CTX_new.pod b/doc/ssl/SSL_CONF_CTX_new.pod
-index 329e3c7..79f0bbc 100644
--- a/doc/ssl/SSL_CONF_CTX_new.pod
+++ b/doc/ssl/SSL_CONF_CTX_new.pod
@@ -38,4 +38,13 @@ L<SSL_CONF_cmd_argv(3)>
@@ -134860,11 +142693,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
-index 5083a73..da9e580 100644
--- a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
+++ b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
-@@ -20,7 +20,7 @@ to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value.
+@@ -20,7 +20,7 @@ to B<prefix>. If B<prefix> is B<NULL> it
Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd()
calls. For example for files, if the prefix "SSL" is set then command names
such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol"
@@ -134887,8 +142718,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod
-index 10cfc4d..efd8da3 100644
--- a/doc/ssl/SSL_CONF_CTX_set_flags.pod
+++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod
@@ -72,4 +72,13 @@ L<SSL_CONF_cmd_argv(3)>
@@ -134905,8 +142734,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
-index e7ede42..7e4120f 100644
--- a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
+++ b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
@@ -44,4 +44,13 @@ L<SSL_CONF_cmd_argv(3)>
@@ -134923,8 +142750,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
-index 17b8758..fb39f94 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -2,6 +2,7 @@
@@ -134935,8 +142760,19 @@
SSL_CONF_cmd - send configuration command
=head1 SYNOPSIS
-@@ -465,7 +466,7 @@ Set supported signature algorithms:
+@@ -123,8 +124,8 @@ than the deprecated alternative commands
+ =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+ Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the
+-corresponding options B<SSL_OP_NO_SSL3>, B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1>
+-and B<SSL_OP_NO_TLS1_2> respectively.
++corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>
++and B<SSL_OP_NO_TLSv1_2> respectively.
+ These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>.
+
+ =item B<-bugs>
+@@ -465,7 +466,7 @@ pathname to an absolute pathname.
+
SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
-There are various ways to select the supported procotols.
@@ -134958,8 +142794,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CONF_cmd_argv.pod b/doc/ssl/SSL_CONF_cmd_argv.pod
-index c06b44f..15529a5 100644
--- a/doc/ssl/SSL_CONF_cmd_argv.pod
+++ b/doc/ssl/SSL_CONF_cmd_argv.pod
@@ -2,7 +2,7 @@
@@ -134985,8 +142819,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_add1_chain_cert.pod b/doc/ssl/SSL_CTX_add1_chain_cert.pod
-index 545b82e..1f0418b 100644
--- a/doc/ssl/SSL_CTX_add1_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add1_chain_cert.pod
@@ -146,4 +146,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>
@@ -135003,8 +142835,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
-index 63cf2b2..e2783de 100644
--- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -68,4 +68,13 @@ L<SSL_add1_chain_cert(3)>
@@ -135021,11 +142851,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
-index fb8cf6a..dbdd9f0 100644
--- a/doc/ssl/SSL_CTX_add_session.pod
+++ b/doc/ssl/SSL_CTX_add_session.pod
-@@ -59,7 +59,7 @@ The following values are returned by all functions:
+@@ -59,7 +59,7 @@ over the sessions that can be resumed if
session was not found in the cache.
=item Z<>1
@@ -135048,8 +142876,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_config.pod b/doc/ssl/SSL_CTX_config.pod
-index 0cf93dd..802c4c3 100644
--- a/doc/ssl/SSL_CTX_config.pod
+++ b/doc/ssl/SSL_CTX_config.pod
@@ -2,7 +2,7 @@
@@ -135075,8 +142901,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_ctrl.pod b/doc/ssl/SSL_CTX_ctrl.pod
-index b59d267..e8386a5 100644
--- a/doc/ssl/SSL_CTX_ctrl.pod
+++ b/doc/ssl/SSL_CTX_ctrl.pod
@@ -31,4 +31,13 @@ supplied via the B<cmd> parameter.
@@ -135093,11 +142917,31 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
-index 8463a3d..7923bf4 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
-@@ -71,11 +71,17 @@ The arguments specify the fields of the TLSA record.
+@@ -3,7 +3,9 @@
+ =head1 NAME
+
+ SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable,
+-SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa -
++SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa
++SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags,
++SSL_dane_set_flags, SSL_dane_clear_flags -
+ enable DANE TLS authentication of the remote TLS server in the local
+ TLS client
+
+@@ -21,6 +23,10 @@ TLS client
+ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+ uint8_t *mtype, unsigned const char **data,
+ size_t *dlen);
++ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
++ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
++ unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
++ unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+ =head1 DESCRIPTION
+
+@@ -71,11 +77,17 @@ The arguments specify the fields of the
The B<data> field is provided in binary (wire RDATA) form, not the hexadecimal
ASCII presentation form, with an explicit length passed via B<dlen>.
A return value of 0 indicates that "unusable" TLSA records (with invalid or
@@ -135120,16 +142964,76 @@
SSL_get0_dane_authority() can be used to get more detailed information about
the matched DANE trust-anchor after successful connection completion.
-@@ -149,6 +155,7 @@ the lifetime of the SSL connection.
+@@ -118,6 +130,33 @@ The B<data> parameter is set to a short-
+ data field and must not be freed by the application.
+ Applications that need long-term access to this field need to copy the content.
++SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable
++optional DANE verification features.
++SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable
++the same features.
++The B<flags> argument is a bitmask of the features to enable or disable.
++The B<flags> set for an B<SSL_CTX> context are copied to each B<SSL> handle
++associated with that context at the time the handle is created.
++Subsequent changes in the context's B<flags> have no effect on the B<flags> set
++for the handle.
++
++At present, the only available option is B<DANE_FLAG_NO_DANE_EE_NAMECHECKS>
++which can be used to disable server name checks when authenticating via
++DANE-EE(3) TLSA records.
++For some applications, primarily web browsers, it is not safe to disable name
++checks due to "unknown key share" attacks, in which a malicious server can
++convince a client that a connection to a victim server is instead a secure
++connection to the malicious server.
++The malicious server may then be able to violate cross-origin scripting
++restrictions.
++Thus, despite the text of RFC7671, name checks are by default enabled for
++DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
++to do so.
++In particular, SMTP and XMPP clients should set this option as SRV and MX
++records already make it possible for a remote domain to redirect client
++connections to any server of its choice, and in any case SMTP and XMPP clients
++do not execute scripts downloaded from remote servers.
++
+ =head1 RETURN VALUES
+
+ The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(),
+@@ -136,6 +175,10 @@ non-negative value indicates the chain d
+ chain certificate, or the depth of the top-most certificate, when the TLSA
+ record is a full public key that is its signer.
+
++The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(),
++SSL_dane_set_flags() and SSL_dane_clear_flags() return the B<flags> in effect
++before they were called.
++
+ =head1 EXAMPLE
+
+ Suppose "smtp.example.com" is the MX host of the domain "example.com", and has
+@@ -149,6 +192,7 @@ the lifetime of the SSL connection.
+
SSL_CTX *ctx;
SSL *ssl;
+ int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
int num_usable = 0;
const char *nexthop_domain = "example.com";
const char *dane_tlsa_domain = "smtp.example.com";
-@@ -175,11 +182,19 @@ the lifetime of the SSL connection.
+@@ -164,6 +208,14 @@ the lifetime of the SSL connection.
+ if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+ /* handle error */
++
++ /*
++ * For many applications it is safe to skip DANE-EE(3) namechecks. Do not
++ * disable the checks unless "unknown key share" attacks pose no risk for
++ * your application.
++ */
++ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
++
+ if (!SSL_add1_host(ssl, nexthop_domain))
+ /* handle error */
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+@@ -175,11 +227,19 @@ the lifetime of the SSL connection.
+
/* set usage, selector, mtype, data, len */
- /* Opportunistic DANE TLS clients treat usages 0, 1 as unusable. */
@@ -135149,7 +143053,7 @@
}
ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
-@@ -194,16 +209,29 @@ the lifetime of the SSL connection.
+@@ -194,16 +254,29 @@ the lifetime of the SSL connection.
}
/*
@@ -135183,7 +143087,7 @@
}
/*
-@@ -240,14 +268,14 @@ the lifetime of the SSL connection.
+@@ -240,14 +313,14 @@ the lifetime of the SSL connection.
}
if (peername != NULL) {
/* Name checks were in scope and matched the peername */
@@ -135202,7 +143106,7 @@
*/
}
-@@ -265,7 +293,7 @@ them among the TLSA records used to authenticate peer connections.
+@@ -265,7 +338,7 @@ them among the TLSA records used to auth
In addition, some TLSA records with supported usages may be "unusable" as a
result of invalid or unsupported parameters.
@@ -135211,7 +143115,7 @@
application must avoid cleartext, but cannot authenticate the peer,
and so should generally proceed with an unauthenticated connection.
Opportunistic applications need to note the return value of each
-@@ -297,4 +325,13 @@ L<EVP_PKEY_free(3)>
+@@ -297,4 +370,13 @@ L<EVP_PKEY_free(3)>
These functions were first added to OpenSSL 1.1.0.
@@ -135225,11 +143129,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_flush_sessions.pod b/doc/ssl/SSL_CTX_flush_sessions.pod
-index 103e13f..7639451 100644
--- a/doc/ssl/SSL_CTX_flush_sessions.pod
+++ b/doc/ssl/SSL_CTX_flush_sessions.pod
-@@ -26,7 +26,7 @@ As sessions will not be reused ones they are expired, they should be
+@@ -26,7 +26,7 @@ As sessions will not be reused ones they
removed from the cache to save resources. This can either be done
automatically whenever 255 new sessions were established (see
L<SSL_CTX_set_session_cache_mode(3)>)
@@ -135238,7 +143140,7 @@
The parameter B<tm> specifies the time which should be used for the
expiration test, in most cases the actual time given by time(0)
-@@ -37,8 +37,6 @@ cache. When a session is found and removed, the remove_session_cb is however
+@@ -37,8 +37,6 @@ cache. When a session is found and remov
called to synchronize with the external cache (see
L<SSL_CTX_sess_set_get_cb(3)>).
@@ -135261,11 +143163,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod
-index 70a6314..e5cc1aa 100644
--- a/doc/ssl/SSL_CTX_free.pod
+++ b/doc/ssl/SSL_CTX_free.pod
-@@ -39,4 +39,13 @@ SSL_CTX_free() does not provide diagnostic information.
+@@ -39,4 +39,13 @@ SSL_CTX_free() does not provide diagnost
L<SSL_CTX_new(3)>, L<ssl(3)>,
L<SSL_CTX_sess_set_get_cb(3)>
@@ -135279,8 +143179,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod
-index 6fdc2bd..6b93737 100644
--- a/doc/ssl/SSL_CTX_get0_param.pod
+++ b/doc/ssl/SSL_CTX_get0_param.pod
@@ -52,4 +52,13 @@ L<X509_VERIFY_PARAM_set_flags(3)>
@@ -135297,8 +143195,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_get_verify_mode.pod b/doc/ssl/SSL_CTX_get_verify_mode.pod
-index f75c2da..bd10034 100644
--- a/doc/ssl/SSL_CTX_get_verify_mode.pod
+++ b/doc/ssl/SSL_CTX_get_verify_mode.pod
@@ -47,4 +47,13 @@ See DESCRIPTION
@@ -135315,11 +143211,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_has_client_custom_ext.pod b/doc/ssl/SSL_CTX_has_client_custom_ext.pod
-index 3a1079d..d9e9a06 100644
--- a/doc/ssl/SSL_CTX_has_client_custom_ext.pod
+++ b/doc/ssl/SSL_CTX_has_client_custom_ext.pod
-@@ -25,4 +25,13 @@ Returns 1 if a handler has been set, 0 otherwise.
+@@ -25,4 +25,13 @@ Returns 1 if a handler has been set, 0 o
L<ssl(3)>,
L<SSL_CTX_add_client_custom_ext(3)>
@@ -135333,8 +143227,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
-index 53e119e..59d11e0 100644
--- a/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -2,8 +2,9 @@
@@ -135349,7 +143241,7 @@
=head1 SYNOPSIS
-@@ -24,9 +25,13 @@ SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
+@@ -24,9 +25,13 @@ SSL_CTX_load_verify_locations() specifie
which CA certificates for verification purposes are located. The certificates
available via B<CAfile> and B<CApath> are trusted.
@@ -135379,8 +143271,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
-index f2cdc71..c199b31 100644
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -2,14 +2,15 @@
@@ -135401,7 +143291,7 @@
functions
=head1 SYNOPSIS
-@@ -17,7 +18,7 @@ functions
+@@ -17,15 +18,15 @@ functions
#include <openssl/ssl.h>
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
@@ -135410,6 +143300,17 @@
const SSL_METHOD *TLS_method(void);
const SSL_METHOD *TLS_server_method(void);
+ const SSL_METHOD *TLS_client_method(void);
+
+- #define SSLv23_method TLS_method
+- #define SSLv23_server_method TLS_server_method
+- #define SSLv23_client_method TLS_client_method
++ const SSL_METHOD *SSLv23_method(void);
++ const SSL_METHOD *SSLv23_server_method(void);
++ const SSL_METHOD *SSLv23_client_method(void);
+
+ #ifndef OPENSSL_NO_SSL3_METHOD
+ const SSL_METHOD *SSLv3_method(void);
@@ -184,6 +185,8 @@ the reason.
The return value points to an allocated SSL_CTX object.
@@ -135419,7 +143320,7 @@
=back
=head1 HISTORY
-@@ -201,6 +204,15 @@ All version-specific methods were deprecated in OpenSSL 1.1.0.
+@@ -201,6 +204,15 @@ All version-specific methods were deprec
=head1 SEE ALSO
L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<SSL_accept(3)>,
@@ -135436,8 +143337,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/ssl/SSL_CTX_sess_number.pod b/doc/ssl/SSL_CTX_sess_number.pod
-index aa82c30..049c04c 100644
--- a/doc/ssl/SSL_CTX_sess_number.pod
+++ b/doc/ssl/SSL_CTX_sess_number.pod
@@ -73,4 +73,13 @@ L<ssl(3)>, L<SSL_set_session(3)>,
@@ -135454,8 +143353,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
-index 3239675..5aef10b 100644
--- a/doc/ssl/SSL_CTX_sess_set_cache_size.pod
+++ b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
@@ -50,4 +50,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
@@ -135472,11 +143369,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
-index b6e266b..d2b0e04 100644
--- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
-@@ -9,11 +9,11 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
+@@ -9,11 +9,11 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_se
#include <openssl/ssl.h>
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
@@ -135491,7 +143386,7 @@
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-@@ -22,7 +22,7 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
+@@ -22,7 +22,7 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_se
int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
@@ -135514,8 +143409,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_sessions.pod b/doc/ssl/SSL_CTX_sessions.pod
-index 0099b31..bc4a55e 100644
--- a/doc/ssl/SSL_CTX_sessions.pod
+++ b/doc/ssl/SSL_CTX_sessions.pod
@@ -31,4 +31,13 @@ L<ssl(3)>, L<lhash(3)>,
@@ -135532,11 +143425,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod
-index 4b6d1af..b0276c8 100644
--- a/doc/ssl/SSL_CTX_set1_curves.pod
+++ b/doc/ssl/SSL_CTX_set1_curves.pod
-@@ -23,7 +23,7 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve
+@@ -23,7 +23,7 @@ SSL_set1_curves_list, SSL_get1_curves, S
SSL_CTX_set1_curves() sets the supported curves for B<ctx> to B<clistlen>
curves in the array B<clist>. The array consist of all NIDs of curves in
preference order. For a TLS client the curves are used directly in the
@@ -135545,7 +143436,7 @@
determine the set of shared curves.
SSL_CTX_set1_curves_list() sets the supported curves for B<ctx> to
-@@ -34,7 +34,7 @@ SSL_set1_curves() and SSL_set1_curves_list() are similar except they set
+@@ -34,7 +34,7 @@ SSL_set1_curves() and SSL_set1_curves_li
supported curves for the SSL structure B<ssl>.
SSL_get1_curves() returns the set of supported curves sent by a client
@@ -135568,11 +143459,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set1_sigalgs.pod b/doc/ssl/SSL_CTX_set1_sigalgs.pod
-index a63076c..e9073b9 100644
--- a/doc/ssl/SSL_CTX_set1_sigalgs.pod
+++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod
-@@ -101,4 +101,13 @@ All these functions return 1 for success and 0 for failure.
+@@ -101,4 +101,13 @@ All these functions return 1 for success
L<ssl(3)>, L<SSL_get_shared_sigalgs(3)>,
L<SSL_CONF_CTX_new(3)>
@@ -135586,8 +143475,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
-index 989e145..bfe8b70 100644
--- a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
+++ b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
@@ -54,7 +54,7 @@ any client certificate chain.
@@ -135613,11 +143500,19 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_alpn_select_cb.pod b/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
-index 1a3d92c..4859b3c 100644
--- a/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
+++ b/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
-@@ -123,4 +123,13 @@ ALPN protocol not selected.
+@@ -44,7 +44,8 @@ the application callback.
+ B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
+ vector in protocol-list format. The value of the B<out>, B<outlen> vector
+ should be set to the value of a single protocol selected from the B<in>,
+-B<inlen> vector. The B<arg> parameter is the pointer set via
++B<inlen> vector. The B<out> buffer may point directly into B<in>, or to a
++buffer that outlives the handshake. The B<arg> parameter is the pointer set via
+ SSL_CTX_set_alpn_select_cb().
+
+ SSL_select_next_proto() is a helper function used to select protocols. It
+@@ -123,4 +124,13 @@ ALPN protocol not selected.
L<ssl(3)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
L<SSL_CTX_set_tlsext_servername_arg(3)>
@@ -135631,8 +143526,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_cert_cb.pod b/doc/ssl/SSL_CTX_set_cert_cb.pod
-index 9152907..eaa7a4e 100644
--- a/doc/ssl/SSL_CTX_set_cert_cb.pod
+++ b/doc/ssl/SSL_CTX_set_cert_cb.pod
@@ -65,4 +65,13 @@ L<SSL_add1_chain_cert(3)>,
@@ -135649,11 +143542,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_cert_store.pod b/doc/ssl/SSL_CTX_set_cert_store.pod
-index 03a0937..7f7a794 100644
--- a/doc/ssl/SSL_CTX_set_cert_store.pod
+++ b/doc/ssl/SSL_CTX_set_cert_store.pod
-@@ -46,7 +46,7 @@ X509_STORE object and its handling becomes available.
+@@ -46,7 +46,7 @@ X509_STORE object and its handling becom
The X509_STORE structure used by an SSL_CTX is used for verifying peer
certificates and building certificate chains, it is also shared by
@@ -135676,11 +143567,18 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
-index 6f6fe56..ca614d1 100644
--- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
-@@ -26,7 +26,7 @@ SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
+@@ -8,7 +8,7 @@ SSL_CTX_set_cert_verify_callback - set p
+
+ #include <openssl/ssl.h>
+
+- void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
++ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *, void *), void *arg);
+
+ =head1 DESCRIPTION
+
+@@ -26,7 +26,7 @@ SSL_CTX_set_cert_verify_callback(), the
instead. By setting I<callback> to NULL, the default behaviour is restored.
When the verification must be performed, I<callback> will be called with
@@ -135689,7 +143587,7 @@
argument I<arg> is specified by the application when setting I<callback>.
I<callback> should return 1 to indicate verification success and 0 to
-@@ -35,7 +35,7 @@ returns 0, the handshake will fail. As the verification procedure may
+@@ -35,7 +35,7 @@ returns 0, the handshake will fail. As t
allow to continue the connection in case of failure (by always returning 1)
the verification result must be set in any case using the B<error>
member of I<x509_store_ctx> so that the calling application will be informed
@@ -135721,8 +143619,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod
-index 512ca81..4e66917 100644
--- a/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -62,4 +62,13 @@ L<SSL_CTX_use_certificate(3)>,
@@ -135739,8 +143635,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
-index cc05d77..668fbbb 100644
--- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -9,7 +9,7 @@ client certificate
@@ -135752,7 +143646,7 @@
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
-@@ -42,7 +42,7 @@ This list must explicitly be set using SSL_CTX_set_client_CA_list() for
+@@ -42,7 +42,7 @@ This list must explicitly be set using S
B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
specified overrides the previous setting. The CAs listed do not become
trusted (B<list> only contains the names, not the complete certificates); use
@@ -135761,6 +143655,15 @@
to additionally load them for verification.
If the list of acceptable CAs is compiled in a file, the
+@@ -82,7 +82,7 @@ The operation succeeded.
+
+ Scan all certificates in B<CAfile> and list them as acceptable CAs:
+
+- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
++ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
+ =head1 SEE ALSO
+
@@ -91,4 +91,13 @@ L<SSL_get_client_CA_list(3)>,
L<SSL_load_client_CA_file(3)>,
L<SSL_CTX_load_verify_locations(3)>
@@ -135775,8 +143678,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
-index 45cef75..aed7d4f 100644
--- a/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+++ b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
@@ -91,4 +91,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>,
@@ -135793,11 +143694,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
-index ec51c75..2ff33f7 100644
--- a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
+++ b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
-@@ -33,21 +33,29 @@ The behaviour of the callback is determined by the B<validation_mode> argument,
+@@ -33,21 +33,29 @@ The behaviour of the callback is determi
which can be either of B<SSL_CT_VALIDATION_PERMISSIVE> or
B<SSL_CT_VALIDATION_STRICT> as described below.
@@ -135858,11 +143757,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_ctlog_list_file.pod b/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
-index 9e5798f..737dea9 100644
--- a/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
+++ b/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
-@@ -51,4 +51,13 @@ the case of an error, the log list may have been partially loaded.
+@@ -51,4 +51,13 @@ the case of an error, the log list may h
L<ssl(3)>,
L<ssl_ct_validation_cb(3)>
@@ -135876,9 +143773,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod b/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
-deleted file mode 100644
-index 3fceef9..0000000
--- a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
+++ /dev/null
@@ -1,133 +0,0 @@
@@ -136015,39 +143909,14 @@
-internally by OpenSSL and 0 otherwise.
-
-=cut
-diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
-index 45a4311..fb44807 100644
--- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+SSL_CTX_passwd_cb,
- SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata,
- SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata,
- SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata,
-@@ -12,31 +13,31 @@ get passwd callback for encrypted PEM file handling
-
- #include <openssl/ssl.h>
-
-- void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-+ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, SSL_CTX_passwd_cb *cb);
- void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-- pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
-+ SSL_CTX_passwd_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
- void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
-
-- void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
-+ void SSL_set_default_passwd_cb(SSL *s, SSL_CTX_passwd_cb *cb);
- void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
-- pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
-+ SSL_CTX_passwd_cb *SSL_get_default_passwd_cb(SSL *s);
+@@ -22,21 +22,19 @@ get passwd callback for encrypted PEM fi
+ pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
void *SSL_get_default_passwd_cb_userdata(SSL *s);
- int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
-+ typedef int (*SSL_CTX_passwd_cb)(char *buf, int size, int rwflag, void *u);
-
+-
=head1 DESCRIPTION
SSL_CTX_set_default_passwd_cb() sets the default password callback called
@@ -136067,7 +143936,7 @@
currently set in B<ctx>. If no userdata was explicitly set, the NULL pointer
is returned.
-@@ -44,9 +45,9 @@ SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(),
+@@ -44,26 +42,28 @@ SSL_set_default_passwd_cb(), SSL_set_def
SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform
the same function as their SSL_CTX counterparts, but using an SSL object.
@@ -136075,12 +143944,17 @@
-password to be used during decryption. On invocation a pointer to B<userdata>
-is provided. The pem_passwd_cb must write the password into the provided buffer
+The password callback, which must be provided by the application, hands back the
-+password to be used during decryption. On invocation a pointer to userdata
++password to be used during decryption.
++On invocation a pointer to userdata
+is provided. The function must store the password into the provided buffer
B<buf> which is of size B<size>. The actual length of the password must
be returned to the calling function. B<rwflag> indicates whether the
callback is used for reading/decryption (rwflag=0) or writing/encryption
-@@ -57,13 +58,13 @@ callback is used for reading/decryption (rwflag=0) or writing/encryption
+ (rwflag=1).
++For more details, see L<pem_password_cb(3)>.
+
+ =head1 NOTES
+
When loading or storing private keys, a password might be supplied to
protect the private key. The way this password can be supplied may depend
on the application. If only one private key is handled, it can be practical
@@ -136098,7 +143972,7 @@
B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
In this case the password dialog may ask for the same password twice
for comparison in order to catch typos, that would make decryption
-@@ -78,16 +79,16 @@ These functions do not provide diagnostic information.
+@@ -78,16 +78,16 @@ These functions do not provide diagnosti
=head1 EXAMPLES
@@ -136120,7 +143994,7 @@
}
=head1 HISTORY
-@@ -101,4 +102,13 @@ first added to OpenSSL 1.1.0
+@@ -101,4 +101,13 @@ first added to OpenSSL 1.1.0
L<ssl(3)>,
L<SSL_CTX_use_certificate(3)>
@@ -136134,11 +144008,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod
-index e8459c9..95b7e9e 100644
--- a/doc/ssl/SSL_CTX_set_generate_session_id.pod
+++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod
-@@ -14,7 +14,7 @@ SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_s
+@@ -14,7 +14,7 @@ SSL_CTX_set_generate_session_id, SSL_set
int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
@@ -136147,8 +144019,51 @@
=head1 DESCRIPTION
-@@ -123,4 +123,13 @@ same id is already in the cache.
+@@ -90,25 +90,27 @@ The callback function listed will genera
+ #define MAX_SESSION_ID_ATTEMPTS 10
+ static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len)
+- {
++ {
+ unsigned int count = 0;
+- do {
+- RAND_pseudo_bytes(id, *id_len);
+- /* Prefix the session_id with the required prefix. NB: If our
+- * prefix is too long, clip it - but there will be worse effects
+- * anyway, eg. the server could only possibly create 1 session
+- * ID (ie. the prefix!) so all future session negotiations will
+- * fail due to conflicts. */
+- memcpy(id, session_id_prefix,
+- (strlen(session_id_prefix) < *id_len) ?
+- strlen(session_id_prefix) : *id_len);
+- }
+- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
++ do {
++ RAND_pseudo_bytes(id, *id_len);
++ /*
++ * Prefix the session_id with the required prefix. NB: If our
++ * prefix is too long, clip it - but there will be worse effects
++ * anyway, eg. the server could only possibly create 1 session
++ * ID (ie. the prefix!) so all future session negotiations will
++ * fail due to conflicts.
++ */
++ memcpy(id, session_id_prefix,
++ (strlen(session_id_prefix) < *id_len) ?
++ strlen(session_id_prefix) : *id_len);
++ }
++ while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++count < MAX_SESSION_ID_ATTEMPTS));
+- if(count >= MAX_SESSION_ID_ATTEMPTS)
++ if (count >= MAX_SESSION_ID_ATTEMPTS)
+ return 0;
+ return 1;
+- }
++ }
+
+ =head1 RETURN VALUES
+@@ -123,4 +125,13 @@ same id is already in the cache.
+
L<ssl(3)>, L<SSL_get_version(3)>
+=head1 COPYRIGHT
@@ -136161,11 +144076,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod
-index 978ce26..b0e845d 100644
--- a/doc/ssl/SSL_CTX_set_info_callback.pod
+++ b/doc/ssl/SSL_CTX_set_info_callback.pod
-@@ -110,44 +110,53 @@ The following example callback function prints state strings, information
+@@ -110,44 +110,53 @@ The following example callback function
about alerts being handled and error messages to the B<bio_err> BIO.
void apps_ssl_info_callback(SSL *s, int where, int ret)
@@ -136207,20 +144120,20 @@
+ const char *str;
+ int w;
+
-+ w=where& ~SSL_ST_MASK;
++ w = where & ~SSL_ST_MASK;
+
-+ if (w & SSL_ST_CONNECT) str="SSL_connect";
-+ else if (w & SSL_ST_ACCEPT) str="SSL_accept";
-+ else str="undefined";
++ if (w & SSL_ST_CONNECT) str = "SSL_connect";
++ else if (w & SSL_ST_ACCEPT) str = "SSL_accept";
++ else str = "undefined";
+
+ if (where & SSL_CB_LOOP)
+ {
-+ BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
++ BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+ }
+ else if (where & SSL_CB_ALERT)
+ {
-+ str=(where & SSL_CB_READ)?"read":"write";
-+ BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
++ str = (where & SSL_CB_READ) ? "read" : "write";
++ BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
+ str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
@@ -136228,12 +144141,12 @@
+ else if (where & SSL_CB_EXIT)
+ {
+ if (ret == 0)
-+ BIO_printf(bio_err,"%s:failed in %s\n",
-+ str,SSL_state_string_long(s));
++ BIO_printf(bio_err, "%s:failed in %s\n",
++ str, SSL_state_string_long(s));
+ else if (ret < 0)
+ {
-+ BIO_printf(bio_err,"%s:error in %s\n",
-+ str,SSL_state_string_long(s));
++ BIO_printf(bio_err, "%s:error in %s\n",
++ str, SSL_state_string_long(s));
+ }
+ }
+ }
@@ -136253,8 +144166,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_max_cert_list.pod b/doc/ssl/SSL_CTX_set_max_cert_list.pod
-index 080400c..482751e 100644
--- a/doc/ssl/SSL_CTX_set_max_cert_list.pod
+++ b/doc/ssl/SSL_CTX_set_max_cert_list.pod
@@ -70,4 +70,13 @@ set value.
@@ -136271,8 +144182,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_min_proto_version.pod b/doc/ssl/SSL_CTX_set_min_proto_version.pod
-index 535ae83..8878514 100644
--- a/doc/ssl/SSL_CTX_set_min_proto_version.pod
+++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod
@@ -17,7 +17,7 @@ and maximum supported protocol version
@@ -136284,7 +144193,7 @@
for the B<ctx> or B<ssl>.
This works in combination with the options set via
L<SSL_CTX_set_options(3)> that also make it possible to disable
-@@ -48,4 +48,13 @@ The functions were added in OpenSSL 1.1.0
+@@ -48,4 +48,13 @@ The functions were added in OpenSSL 1.1.
L<SSL_CTX_set_options(3)>, L<SSL_CONF_cmd(3)>
@@ -136298,11 +144207,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod
-index d31c18c..1b3e783 100644
--- a/doc/ssl/SSL_CTX_set_mode.pod
+++ b/doc/ssl/SSL_CTX_set_mode.pod
-@@ -102,4 +102,13 @@ L<ssl(3)>, L<SSL_read(3)>, L<SSL_write(3)>, L<SSL_get_error(3)>
+@@ -102,4 +102,13 @@ L<ssl(3)>, L<SSL_read(3)>, L<SSL_write(3
SSL_MODE_ASYNC was first added to OpenSSL 1.1.0.
@@ -136316,8 +144223,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_msg_callback.pod b/doc/ssl/SSL_CTX_set_msg_callback.pod
-index 8f092da..9546e75 100644
--- a/doc/ssl/SSL_CTX_set_msg_callback.pod
+++ b/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -91,4 +91,13 @@ I<version> will be B<SSL3_VERSION>.
@@ -136334,8 +144239,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
-index c132568..635b470 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -280,4 +280,13 @@ L<dhparam(1)>
@@ -136352,8 +144255,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_psk_client_callback.pod b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
-index b7f574b..a417508 100644
--- a/doc/ssl/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
@@ -1,34 +1,5 @@
@@ -136391,7 +144292,7 @@
=head1 NAME
SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client callback
-@@ -38,13 +9,13 @@ SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client ca
+@@ -38,13 +9,13 @@ SSL_CTX_set_psk_client_callback, SSL_set
#include <openssl/ssl.h>
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
@@ -136411,7 +144312,7 @@
=head1 DESCRIPTION
-@@ -78,4 +49,15 @@ the length (> 0) of B<psk> in bytes is returned.
+@@ -78,4 +49,15 @@ the length (> 0) of B<psk> in bytes is r
Otherwise or on errors callback should return 0. In this case
the connection setup fails.
@@ -136427,8 +144328,6 @@
+Copyright 2005 Nokia.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
-index 25bb664..d39d747 100644
--- a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+++ b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
@@ -60,4 +60,13 @@ L<ssl(3)>, L<SSL_shutdown(3)>,
@@ -136445,12 +144344,50 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
-index 771d59d..d2b584d 100644
--- a/doc/ssl/SSL_CTX_set_read_ahead.pod
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
-@@ -43,11 +43,20 @@ B<read_ahead> can impact the behaviour of the SSL_pending() function
+@@ -2,21 +2,21 @@
+ =head1 NAME
+
+-SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
+-SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
++SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead,
++SSL_set_read_ahead, SSL_get_read_ahead,
++SSL_CTX_get_default_read_ahead
+ - manage whether to read as many input bytes as possible
+
+ =head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+- int SSL_get_read_ahead(const SSL *s);
+ void SSL_set_read_ahead(SSL *s, int yes);
++ int SSL_get_read_ahead(const SSL *s);
+
+- #define SSL_CTX_get_default_read_ahead(ctx)
+- #define SSL_CTX_set_default_read_ahead(ctx,m)
+- #define SSL_CTX_get_read_ahead(ctx)
+- #define SSL_CTX_set_read_ahead(ctx,m)
++ SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
++ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
++ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
+
+ =head1 DESCRIPTION
+
+@@ -27,9 +27,7 @@ the underlying BIO (where B<y> > B<x>),
+ into its buffer (providing that the buffer is large enough) if reading ahead is
+ on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+ reading ahead is off, or non zero otherwise.
+-
+-SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
+-SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
++SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().
+
+ SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ ahead has been set or not.
+@@ -43,11 +41,20 @@ B<read_ahead> can impact the behaviour o
+
=head1 RETURN VALUES
-SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
@@ -136471,11 +144408,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_security_level.pod b/doc/ssl/SSL_CTX_set_security_level.pod
-index 2b56472..577b393 100644
--- a/doc/ssl/SSL_CTX_set_security_level.pod
+++ b/doc/ssl/SSL_CTX_set_security_level.pod
-@@ -15,12 +15,12 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level,
+@@ -15,12 +15,12 @@ SSL_CTX_set_security_level, SSL_set_secu
int SSL_get_security_level(const SSL *s);
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
@@ -136492,7 +144427,7 @@
int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
-@@ -105,7 +105,7 @@ shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.
+@@ -105,7 +105,7 @@ shorter than 15360 bits and ECC keys sho
=head1 APPLICATION DEFINED SECURITY CALLBACKS
@@ -136501,7 +144436,7 @@
=head1 NOTES
-@@ -153,12 +153,17 @@ key using SSL_CTX_use_certificate() at level 1. Applications which do not
+@@ -153,12 +153,17 @@ key using SSL_CTX_use_certificate() at l
check the return values for errors will misbehave: for example it might
appear that a certificate is not set at all because it had been rejected.
@@ -136523,11 +144458,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
-index 4be9e24..a2e8266 100644
--- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
-@@ -26,7 +26,7 @@ SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
+@@ -26,7 +26,7 @@ SSL_CTX object is being maintained, the
object.
In order to reuse a session, a client must send the session's id to the
@@ -136550,8 +144483,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
-index 712b518..a873b03 100644
--- a/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -80,4 +80,13 @@ The operation succeeded.
@@ -136568,11 +144499,36 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_split_send_fragment.pod b/doc/ssl/SSL_CTX_set_split_send_fragment.pod
-index 9e7ab63..a1f42e2 100644
--- a/doc/ssl/SSL_CTX_set_split_send_fragment.pod
+++ b/doc/ssl/SSL_CTX_set_split_send_fragment.pod
-@@ -58,7 +58,7 @@ explained further below. OpenSSL will only every use more than one pipeline if
+@@ -12,18 +12,14 @@ fragment sizes and pipelining operations
+
+ #include <openssl/ssl.h>
+
+- # define SSL_CTX_set_max_send_fragment(ctx,m) \
+- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+- # define SSL_set_max_send_fragment(ssl,m) \
+- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+- # define SSL_CTX_set_max_pipelines(ctx,m) \
+- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+- # define SSL_set_max_pipelines(ssl,m) \
+- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+- # define SSL_CTX_set_split_send_fragment(ctx,m) \
+- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+- # define SSL_set_split_send_fragment(ssl,m) \
+- SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
++ long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
++ long SSL_set_max_send_fragment(SSL *ssl, long m);
++
++ long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
++ long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
++
++ long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
++ long SSL_set_split_send_fragment(SSL *ssl, long m);
+
+ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+ void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+@@ -58,7 +54,7 @@ explained further below. OpenSSL will on
a ciphersuite is negotiated that uses a pipeline capable cipher provided by an
engine.
@@ -136581,7 +144537,7 @@
writing encrypted data. SSL_CTX_set_split_send_fragment() and
SSL_set_split_send_fragment() define how data is split up into pipelines when
writing encrypted data. The number of pipelines used will be determined by the
-@@ -124,4 +124,13 @@ functions were added in OpenSSL 1.1.0.
+@@ -124,4 +120,13 @@ functions were added in OpenSSL 1.1.0.
L<SSL_CTX_set_read_ahead(3)>, L<SSL_pending(3)>
@@ -136595,8 +144551,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
-index 5bbc65e..22c0370 100644
--- a/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -58,4 +58,13 @@ L<SSL_CTX_new(3)>, L<SSL_new(3)>,
@@ -136613,8 +144567,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_timeout.pod b/doc/ssl/SSL_CTX_set_timeout.pod
-index eb9f404..470efdf 100644
--- a/doc/ssl/SSL_CTX_set_timeout.pod
+++ b/doc/ssl/SSL_CTX_set_timeout.pod
@@ -56,4 +56,13 @@ L<SSL_SESSION_get_time(3)>,
@@ -136631,8 +144583,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
-index b8147ba..5c58b23 100644
--- a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
+++ b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
@@ -2,9 +2,15 @@
@@ -136654,7 +144604,7 @@
=head1 SYNOPSIS
-@@ -14,7 +20,11 @@ SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
+@@ -14,7 +20,11 @@ SSL_set_tlsext_status_ocsp_resp - OCSP C
int (*callback)(SSL *, void *));
long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
@@ -136666,7 +144616,7 @@
long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
-@@ -23,16 +33,28 @@ SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
+@@ -23,16 +33,28 @@ SSL_set_tlsext_status_ocsp_resp - OCSP C
A client application may request that a server send back an OCSP status response
(also known as OCSP stapling). To do so the client should call the
@@ -136704,7 +144654,7 @@
The response returned by the server can be obtained via a call to
SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point
-@@ -64,10 +86,31 @@ returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has
+@@ -64,10 +86,31 @@ returned) or SSL_TLSEXT_ERR_ALERT_FATAL
occurred).
SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),
@@ -136738,11 +144688,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
-index 3502c1c..5308ccc 100644
--- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
-@@ -10,13 +10,13 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
+@@ -10,13 +10,13 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a
long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
int (*cb)(SSL *s, unsigned char key_name[16],
@@ -136759,7 +144707,7 @@
RFC5077 provide an enhanced session resumption capability where the server
implementation is not required to maintain per session state. It only applies
to TLS and there is no SSLv3 implementation.
-@@ -26,9 +26,9 @@ session when session ticket extension is presented in the TLS hello
+@@ -26,9 +26,9 @@ session when session ticket extension is
message. It is the responsibility of this function to create or retrieve the
cryptographic parameters and to maintain their state.
@@ -136771,7 +144719,7 @@
maintained by the callback function implementation.
In order to reuse a session, a TLS client must send the a session ticket
-@@ -56,7 +56,7 @@ I<ctx> should use the initialisation vector I<iv>. The cipher context can be
+@@ -56,7 +56,7 @@ I<ctx> should use the initialisation vec
set using L<EVP_EncryptInit_ex(3)>. The hmac context can be set using
L<HMAC_Init_ex(3)>.
@@ -136780,7 +144728,7 @@
with I<enc> set to 0 indicating that the I<cb> function should retrieve a set
of parameters. In this case I<name> and I<iv> have already been parsed out of
the session ticket. The OpenSSL library expects that the I<name> will be used
-@@ -76,7 +76,7 @@ further processing will occur. The following return values have meaning:
+@@ -76,7 +76,7 @@ The return value of the I<cb> function i
=item Z<>2
@@ -136789,7 +144737,7 @@
continue on those parameters. Additionally it indicates that the session
ticket is in a renewal period and should be replaced. The OpenSSL library will
call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
-@@ -84,12 +84,12 @@ call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
+@@ -84,12 +84,12 @@ call I<cb> again with an enc argument of
=item Z<>1
@@ -136804,7 +144752,16 @@
the SSL/TLS session will continue by negotiating a set of cryptographic
parameters or using the alternate SSL/TLS resumption mechanism, session ids.
-@@ -133,7 +133,7 @@ Reference Implementation:
+@@ -124,7 +124,7 @@ enable an attacker to obtain the session
+ =head1 EXAMPLES
+
+ Reference Implementation:
+- SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);
++ SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
+ ....
+
+ static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+@@ -133,7 +133,7 @@ enable an attacker to obtain the session
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
return -1; /* insufficient random */
}
@@ -136813,7 +144770,7 @@
key = currentkey(); /* something that you need to implement */
if ( !key ) {
/* current key doesn't exist or isn't valid */
-@@ -146,19 +146,19 @@ Reference Implementation:
+@@ -146,19 +146,19 @@ enable an attacker to obtain the session
}
}
memcpy(key_name, key->name, 16);
@@ -136838,7 +144795,7 @@
HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
-@@ -167,7 +167,7 @@ Reference Implementation:
+@@ -167,7 +167,7 @@ enable an attacker to obtain the session
return 2;
}
return 1;
@@ -136861,8 +144818,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
-index 57bf211..fbfb8cb 100644
--- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
@@ -104,7 +104,7 @@ partly left out.)
@@ -136874,7 +144829,7 @@
}
if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
/* Error. */
-@@ -122,8 +122,16 @@ on failure. Check the error queue to find out the reason of failure.
+@@ -122,8 +122,16 @@ on failure. Check the error queue to fin
=head1 SEE ALSO
L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
@@ -136892,11 +144847,18 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod
-index d60bb6a..1afd548 100644
--- a/doc/ssl/SSL_CTX_set_verify.pod
+++ b/doc/ssl/SSL_CTX_set_verify.pod
-@@ -208,7 +208,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
+@@ -12,7 +12,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_
+ int (*verify_callback)(int, X509_STORE_CTX *));
+ void SSL_set_verify(SSL *s, int mode,
+ int (*verify_callback)(int, X509_STORE_CTX *));
+- void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
++ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+ void SSL_set_verify_depth(SSL *s, int depth);
+
+ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
+@@ -208,7 +208,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>
preverify_ok = 0;
err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
X509_STORE_CTX_set_error(ctx, err);
@@ -136905,7 +144867,7 @@
if (!preverify_ok) {
printf("verify error:num=%d:%s:depth=%d:%s\n", err,
X509_verify_cert_error_string(err), depth, buf);
-@@ -256,9 +256,9 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
+@@ -256,9 +256,9 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>
*/
mydata.verify_depth = verify_depth; ...
SSL_set_ex_data(ssl, mydata_index, &mydata);
@@ -136931,8 +144893,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
-index 13bb277..748175b 100644
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -2,7 +2,17 @@
@@ -136954,7 +144914,7 @@
=head1 SYNOPSIS
-@@ -20,7 +30,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
+@@ -20,13 +30,13 @@ SSL_CTX_use_certificate, SSL_CTX_use_cer
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
@@ -136963,7 +144923,14 @@
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
-@@ -67,12 +77,12 @@ SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
+ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+- int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
++ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
+ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+@@ -67,12 +77,12 @@ SSL_use_certificate_file() loads the cer
See the NOTES section on why SSL_CTX_use_certificate_chain_file()
should be preferred.
@@ -136978,7 +144945,7 @@
SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
-@@ -82,7 +92,7 @@ If a certificate has already been set and the private does not belong
+@@ -82,7 +92,7 @@ If a certificate has already been set an
to the certificate an error is returned. To change a certificate, private
key pair the new certificate needs to be set with SSL_use_certificate()
or SSL_CTX_use_certificate() before setting the private key with
@@ -136987,7 +144954,7 @@
SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
-@@ -109,14 +119,14 @@ the same check for B<ssl>. If no key/certificate was explicitly added for
+@@ -109,14 +119,14 @@ the same check for B<ssl>. If no key/cer
this B<ssl>, the last item added into B<ctx> will be checked.
=head1 NOTES
@@ -137004,7 +144971,7 @@
SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting.
Files of type SSL_FILETYPE_PEM can contain more than one item.
-@@ -124,7 +134,7 @@ SSL_CTX_use_certificate_chain_file() adds the first certificate found
+@@ -124,7 +134,7 @@ SSL_CTX_use_certificate_chain_file() add
in the file to the certificate store. The other certificates are added
to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single
certificate chain store for all certificate types, OpenSSL 1.0.2 and later
@@ -137027,8 +144994,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-index 12db0da..753074a 100644
--- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -1,41 +1,11 @@
@@ -137105,11 +145070,9 @@
+Copyright 2005 Nokia.
+
=cut
-diff --git a/doc/ssl/SSL_CTX_use_serverinfo.pod b/doc/ssl/SSL_CTX_use_serverinfo.pod
-index 318e052..bd496ff 100644
--- a/doc/ssl/SSL_CTX_use_serverinfo.pod
+++ b/doc/ssl/SSL_CTX_use_serverinfo.pod
-@@ -20,8 +20,8 @@ A "serverinfo" extension is returned in response to an empty ClientHello
+@@ -20,8 +20,8 @@ A "serverinfo" extension is returned in
Extension.
SSL_CTX_use_serverinfo() loads one or more serverinfo extensions from
@@ -137120,7 +145083,7 @@
a 2-byte length, and then length bytes of extension_data.
SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
-@@ -30,7 +30,13 @@ must consist of a 2-byte Extension Type, a 2-byte length, and then length
+@@ -30,7 +30,13 @@ must consist of a 2-byte Extension Type,
bytes of extension_data. Each PEM extension name must begin with the phrase
"BEGIN SERVERINFO FOR ".
@@ -137151,8 +145114,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod
-index 5791da1..1906510 100644
--- a/doc/ssl/SSL_SESSION_free.pod
+++ b/doc/ssl/SSL_SESSION_free.pod
@@ -53,4 +53,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
@@ -137169,9 +145130,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_SESSION_get0_hostname.pod b/doc/ssl/SSL_SESSION_get0_hostname.pod
-new file mode 100644
-index 0000000..6fb12be
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get0_hostname.pod
@@ -0,0 +1,37 @@
@@ -137212,9 +145170,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/ssl/SSL_SESSION_get_hostname.pod b/doc/ssl/SSL_SESSION_get_hostname.pod
-deleted file mode 100644
-index 8b739e3..0000000
--- a/doc/ssl/SSL_SESSION_get_hostname.pod
+++ /dev/null
@@ -1,28 +0,0 @@
@@ -137246,9 +145201,6 @@
-L<SSL_SESSION_free(3)>
-
-=cut
-diff --git a/doc/ssl/SSL_SESSION_get_protocol_version.pod b/doc/ssl/SSL_SESSION_get_protocol_version.pod
-new file mode 100644
-index 0000000..a033fdd
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get_protocol_version.pod
@@ -0,0 +1,44 @@
@@ -137296,8 +145248,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/ssl/SSL_SESSION_get_time.pod b/doc/ssl/SSL_SESSION_get_time.pod
-index dbbf7bf..d92a8ef 100644
--- a/doc/ssl/SSL_SESSION_get_time.pod
+++ b/doc/ssl/SSL_SESSION_get_time.pod
@@ -2,7 +2,10 @@
@@ -137335,8 +145285,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod
-index 92d261f..2982c19 100644
--- a/doc/ssl/SSL_SESSION_has_ticket.pod
+++ b/doc/ssl/SSL_SESSION_has_ticket.pod
@@ -2,7 +2,9 @@
@@ -137350,7 +145298,7 @@
=head1 SYNOPSIS
-@@ -11,7 +13,7 @@ SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ti
+@@ -11,7 +13,7 @@ SSL_SESSION_has_ticket, SSL_SESSION_get_
int SSL_SESSION_has_ticket(const SSL_SESSION *s);
unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
@@ -137373,8 +145321,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
-index a827fb5..3248cac 100644
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -18,7 +18,7 @@ B<ssl> by setting an underlying B<BIO>.
@@ -137400,8 +145346,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_alert_type_string.pod b/doc/ssl/SSL_alert_type_string.pod
-index c61b61b..6e2768e 100644
--- a/doc/ssl/SSL_alert_type_string.pod
+++ b/doc/ssl/SSL_alert_type_string.pod
@@ -217,7 +217,7 @@ point. This message is always a warning.
@@ -137413,7 +145357,7 @@
=item "UK"/"unknown"
-@@ -230,4 +230,13 @@ Probably B<value> does not contain a correct alert message.
+@@ -230,4 +230,13 @@ Probably B<value> does not contain a cor
L<ssl(3)>, L<SSL_CTX_set_info_callback(3)>
@@ -137427,8 +145371,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_check_chain.pod b/doc/ssl/SSL_check_chain.pod
-index da6d8ab..8691994 100644
--- a/doc/ssl/SSL_check_chain.pod
+++ b/doc/ssl/SSL_check_chain.pod
@@ -82,4 +82,13 @@ for earlier versions of TLS or DTLS.
@@ -137445,11 +145387,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
-index 9a760b5..ed0ad60 100644
--- a/doc/ssl/SSL_clear.pod
+++ b/doc/ssl/SSL_clear.pod
-@@ -72,4 +72,13 @@ L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
+@@ -72,4 +72,13 @@ L<SSL_shutdown(3)>, L<SSL_set_shutdown(3
L<SSL_CTX_set_options(3)>, L<ssl(3)>,
L<SSL_CTX_set_client_cert_cb(3)>
@@ -137463,8 +145403,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
-index 8101d4d..df198f9 100644
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -18,7 +18,7 @@ underlying B<BIO>.
@@ -137490,8 +145428,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
-index 01b71ae..ffb71cc 100644
--- a/doc/ssl/SSL_do_handshake.pod
+++ b/doc/ssl/SSL_do_handshake.pod
@@ -69,4 +69,13 @@ L<SSL_get_error(3)>, L<SSL_connect(3)>,
@@ -137508,9 +145444,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_extension_supported.pod b/doc/ssl/SSL_extension_supported.pod
-new file mode 100644
-index 0000000..a56087e
--- /dev/null
+++ b/doc/ssl/SSL_extension_supported.pod
@@ -0,0 +1,144 @@
@@ -137658,8 +145591,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/doc/ssl/SSL_free.pod b/doc/ssl/SSL_free.pod
-index 2715443..eb69a16 100644
--- a/doc/ssl/SSL_free.pod
+++ b/doc/ssl/SSL_free.pod
@@ -42,4 +42,13 @@ L<SSL_new(3)>, L<SSL_clear(3)>,
@@ -137676,11 +145607,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get0_peer_scts.pod b/doc/ssl/SSL_get0_peer_scts.pod
-index f14ba17..05d39fe 100644
--- a/doc/ssl/SSL_get0_peer_scts.pod
+++ b/doc/ssl/SSL_get0_peer_scts.pod
-@@ -33,4 +33,13 @@ SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.
+@@ -33,4 +33,13 @@ SSL_get0_peer_scts() returns a list of S
L<ssl(3)>,
L<SSL_CTX_set_ct_validation_callback(3)>
@@ -137694,11 +145623,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_SSL_CTX.pod b/doc/ssl/SSL_get_SSL_CTX.pod
-index ed3a3b2..98b9bc6 100644
--- a/doc/ssl/SSL_get_SSL_CTX.pod
+++ b/doc/ssl/SSL_get_SSL_CTX.pod
-@@ -23,4 +23,13 @@ The pointer to the SSL_CTX object is returned.
+@@ -23,4 +23,13 @@ The pointer to the SSL_CTX object is ret
L<ssl(3)>, L<SSL_new(3)>
@@ -137712,11 +145639,33 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_all_async_fds.pod b/doc/ssl/SSL_get_all_async_fds.pod
-index a5064e2..deb81e1 100644
--- a/doc/ssl/SSL_get_all_async_fds.pod
+++ b/doc/ssl/SSL_get_all_async_fds.pod
-@@ -62,4 +62,13 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
+@@ -7,6 +7,7 @@ asynchronous operations
+
+ =head1 SYNOPSIS
+
++ #include <openssl/async.h>
+ #include <openssl/ssl.h>
+
+ int SSL_waiting_for_async(SSL *s);
+@@ -53,6 +54,15 @@ for an async operation to complete and 0
+ SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or
+ 0 on error.
+
++=head1 NOTES
++
++On Windows platforms the openssl/async.h header is dependent on some
++of the types customarily made available by including windows.h. The
++application developer is likely to require control over when the latter
++is included, commonly as one of the first included headers. Therefore
++it is defined as an application developer's responsibility to include
++windows.h prior to async.h.
++
+ =head1 SEE ALSO
+
+ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
+@@ -62,4 +72,13 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(
SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds()
were first added to OpenSSL 1.1.0.
@@ -137730,8 +145679,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod
-index a017392..cc55095 100644
--- a/doc/ssl/SSL_get_ciphers.pod
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -2,7 +2,9 @@
@@ -137759,11 +145706,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod
-index 62be122..b6092fe 100644
--- a/doc/ssl/SSL_get_client_CA_list.pod
+++ b/doc/ssl/SSL_get_client_CA_list.pod
-@@ -9,7 +9,7 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
+@@ -9,7 +9,7 @@ SSL_get_client_CA_list, SSL_CTX_get_clie
#include <openssl/ssl.h>
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
@@ -137786,8 +145731,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_client_random.pod b/doc/ssl/SSL_get_client_random.pod
-index 3db5a26..46a2aa3 100644
--- a/doc/ssl/SSL_get_client_random.pod
+++ b/doc/ssl/SSL_get_client_random.pod
@@ -41,7 +41,7 @@ details.
@@ -137813,21 +145756,65 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_current_cipher.pod b/doc/ssl/SSL_get_current_cipher.pod
-index 9151203..0fdf60f 100644
--- a/doc/ssl/SSL_get_current_cipher.pod
+++ b/doc/ssl/SSL_get_current_cipher.pod
-@@ -27,7 +27,7 @@ the B<ssl> object.
+@@ -2,7 +2,7 @@
- SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the
- name of the currently used cipher. SSL_get_cipher_bits() is a
+ =head1 NAME
+
+-SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
++SSL_get_current_cipher, SSL_get_cipher_name, *SSL_get_cipher,
+ SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
+
+ =head1 SYNOPSIS
+@@ -10,34 +10,46 @@ SSL_get_cipher_bits, SSL_get_cipher_vers
+ #include <openssl/ssl.h>
+
+ SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+- #define SSL_get_cipher(s) \
+- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+- #define SSL_get_cipher_name(s) \
+- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+- #define SSL_get_cipher_bits(s,np) \
+- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+- #define SSL_get_cipher_version(s) \
+- SSL_CIPHER_get_version(SSL_get_current_cipher(s))
++
++ const char *SSL_get_cipher_name(const SSL *s);
++ const char *SSL_get_cipher(const SSL *s);
++ int SSL_get_cipher_bits(const SSL *s, int *np) \
++ const char *SSL_get_cipher_version(const SSL *s);
+
+ =head1 DESCRIPTION
+
+ SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing
+ the description of the actually used cipher of a connection established with
+ the B<ssl> object.
++See L<SSL_CIPHER_get_name(3)> for more details.
+
+-SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the
+-name of the currently used cipher. SSL_get_cipher_bits() is a
-macro to obtain the number of secret/algorithm bits used and
++SSL_get_cipher_name() obtains the
++name of the currently used cipher.
++SSL_get_cipher() is identical to SSL_get_cipher_name().
++SSL_get_cipher_bits() is a
+macro to obtain the number of secret/algorithm bits used and
SSL_get_cipher_version() returns the protocol name.
- See L<SSL_CIPHER_get_name(3)> for more details.
+-See L<SSL_CIPHER_get_name(3)> for more details.
-@@ -40,4 +40,13 @@ no session has been established.
+ =head1 RETURN VALUES
+-SSL_get_current_cipher() returns the cipher actually used or NULL, when
++SSL_get_current_cipher() returns the cipher actually used, or NULL if
+ no session has been established.
+
++=head1 NOTES
++
++These are implemented as macros.
++
+ =head1 SEE ALSO
+
L<ssl(3)>, L<SSL_CIPHER_get_name(3)>
+=head1 COPYRIGHT
@@ -137840,8 +145827,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod
-index 9bde222..875d38a 100644
--- a/doc/ssl/SSL_get_default_timeout.pod
+++ b/doc/ssl/SSL_get_default_timeout.pod
@@ -38,4 +38,13 @@ L<SSL_SESSION_get_time(3)>,
@@ -137858,11 +145843,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod
-index 271f849..ddd72f7 100644
--- a/doc/ssl/SSL_get_error.pod
+++ b/doc/ssl/SSL_get_error.pod
-@@ -95,9 +95,19 @@ using L<SSL_CTX_set_mode(3)> or L<SSL_set_mode(3)> and an asynchronous capable
+@@ -95,9 +95,19 @@ using L<SSL_CTX_set_mode(3)> or L<SSL_se
engine is being used. An application can determine whether the engine has
completed its processing using select() or poll() on the asynchronous wait file
descriptor. This file descriptor is available by calling
@@ -137899,8 +145882,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod
-index ecfd090..ba4de3a 100644
--- a/doc/ssl/SSL_get_extms_support.pod
+++ b/doc/ssl/SSL_get_extms_support.pod
@@ -28,4 +28,13 @@ was used.
@@ -137917,8 +145898,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod
-index 8895747..cd5b6ec 100644
--- a/doc/ssl/SSL_get_fd.pod
+++ b/doc/ssl/SSL_get_fd.pod
@@ -41,4 +41,13 @@ The file descriptor linked to B<ssl>.
@@ -137935,11 +145914,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_peer_cert_chain.pod b/doc/ssl/SSL_get_peer_cert_chain.pod
-index 1320bcb..2e4f1e4 100644
--- a/doc/ssl/SSL_get_peer_cert_chain.pod
+++ b/doc/ssl/SSL_get_peer_cert_chain.pod
-@@ -65,4 +65,13 @@ The return value points to the certificate chain presented by the peer.
+@@ -65,4 +65,13 @@ The return value points to the certifica
L<ssl(3)>, L<SSL_get_peer_certificate(3)>, L<X509_up_ref(3)>,
L<X509_chain_up_ref(3)>
@@ -137953,11 +145930,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod
-index c605a7c..57ed272 100644
--- a/doc/ssl/SSL_get_peer_certificate.pod
+++ b/doc/ssl/SSL_get_peer_certificate.pod
-@@ -52,4 +52,13 @@ The return value points to the certificate presented by the peer.
+@@ -52,4 +52,13 @@ The return value points to the certifica
L<ssl(3)>, L<SSL_get_verify_result(3)>,
L<SSL_CTX_set_verify(3)>
@@ -137971,8 +145946,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_psk_identity.pod b/doc/ssl/SSL_get_psk_identity.pod
-index fe62916..d330eee 100644
--- a/doc/ssl/SSL_get_psk_identity.pod
+++ b/doc/ssl/SSL_get_psk_identity.pod
@@ -1,39 +1,9 @@
@@ -138015,7 +145988,7 @@
=head1 SYNOPSIS
#include <openssl/ssl.h>
-@@ -60,4 +30,15 @@ no PSK identity hint was used during the connection setup.
+@@ -60,4 +30,15 @@ no PSK identity hint was used during the
Note that the return value is valid only during the lifetime of the
SSL object B<ssl>.
@@ -138031,8 +146004,6 @@
+Copyright 2005 Nokia.
+
=cut
-diff --git a/doc/ssl/SSL_get_rbio.pod b/doc/ssl/SSL_get_rbio.pod
-index 4e91ce0..5ac4ca2 100644
--- a/doc/ssl/SSL_get_rbio.pod
+++ b/doc/ssl/SSL_get_rbio.pod
@@ -37,4 +37,13 @@ The BIO linked to B<ssl>.
@@ -138049,8 +146020,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod
-index d8aa705..99936ad 100644
--- a/doc/ssl/SSL_get_session.pod
+++ b/doc/ssl/SSL_get_session.pod
@@ -70,4 +70,13 @@ L<ssl(3)>, L<SSL_free(3)>,
@@ -138067,11 +146036,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_shared_sigalgs.pod b/doc/ssl/SSL_get_shared_sigalgs.pod
-index ad305e6..6a70e90 100644
--- a/doc/ssl/SSL_get_shared_sigalgs.pod
+++ b/doc/ssl/SSL_get_shared_sigalgs.pod
-@@ -65,7 +65,7 @@ The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and
+@@ -65,7 +65,7 @@ The NIDs are OpenSSL equivalents. For ex
rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig>
NID_rsaEncryption and B<*psighash> NID_sha256WithRSAEncryption.
@@ -138080,7 +146047,7 @@
will be set to B<NID_undef>. This may be because the value is not supported
or is not an appropriate combination (for example MD5 and DSA).
-@@ -74,4 +74,13 @@ or is not an appropriate combination (for example MD5 and DSA).
+@@ -74,4 +74,13 @@ or is not an appropriate combination (fo
L<SSL_CTX_set_cert_cb(3)>,
L<ssl(3)>
@@ -138094,8 +146061,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_verify_result.pod b/doc/ssl/SSL_get_verify_result.pod
-index 8b25eb2..3b8b657 100644
--- a/doc/ssl/SSL_get_verify_result.pod
+++ b/doc/ssl/SSL_get_verify_result.pod
@@ -54,4 +54,13 @@ L<ssl(3)>, L<SSL_set_verify_result(3)>,
@@ -138112,8 +146077,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod
-index e0c7034..23b6497 100644
--- a/doc/ssl/SSL_get_version.pod
+++ b/doc/ssl/SSL_get_version.pod
@@ -2,7 +2,7 @@
@@ -138125,7 +146088,7 @@
=head1 SYNOPSIS
-@@ -10,14 +10,18 @@ SSL_get_version - get the protocol version of a connection.
+@@ -10,14 +10,18 @@ SSL_get_version - get the protocol versi
const char *SSL_get_version(const SSL *ssl);
@@ -138145,7 +146108,7 @@
=over 4
-@@ -47,4 +51,17 @@ This indicates that no version has been set (no connection established).
+@@ -47,4 +51,17 @@ This indicates that no version has been
L<ssl(3)>
@@ -138163,11 +146126,24 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod
-index c872858..57b65d5 100644
--- a/doc/ssl/SSL_library_init.pod
+++ b/doc/ssl/SSL_library_init.pod
-@@ -21,7 +21,7 @@ OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init().
+@@ -10,18 +10,20 @@ SSL_library_init, OpenSSL_add_ssl_algori
+ #include <openssl/ssl.h>
+
+ int SSL_library_init(void);
+- #define OpenSSL_add_ssl_algorithms() SSL_library_init()
++
++ int OpenSSL_add_ssl_algorithms(void);
+
+ =head1 DESCRIPTION
+
+ SSL_library_init() registers the available SSL/TLS ciphers and digests.
+
+-OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init().
++OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is
++implemented as a macro.
+
=head1 NOTES
SSL_library_init() must be called before any other action takes place.
@@ -138176,7 +146152,7 @@
=head1 WARNING
-@@ -43,4 +43,13 @@ L<RAND_add(3)>
+@@ -43,4 +45,13 @@ L<RAND_add(3)>
The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were
deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().
@@ -138190,11 +146166,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod
-index f9da0c2..cc6a19c 100644
--- a/doc/ssl/SSL_load_client_CA_file.pod
+++ b/doc/ssl/SSL_load_client_CA_file.pod
-@@ -30,7 +30,7 @@ Load names of CAs from file and use it as a client CA list:
+@@ -30,7 +30,7 @@ it is not limited to CA certificates.
SSL_CTX *ctx;
STACK_OF(X509_NAME) *cert_names;
@@ -138203,7 +146177,7 @@
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
if (cert_names != NULL)
SSL_CTX_set_client_CA_list(ctx, cert_names);
-@@ -59,4 +59,13 @@ Pointer to the subject names of the successfully read certificates.
+@@ -59,4 +59,13 @@ Pointer to the subject names of the succ
L<ssl(3)>,
L<SSL_CTX_set_client_CA_list(3)>
@@ -138217,11 +146191,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod
-index f0e0795..a5a3ff9 100644
--- a/doc/ssl/SSL_new.pod
+++ b/doc/ssl/SSL_new.pod
-@@ -9,7 +9,7 @@ SSL_new, SSL_up_ref - create a new SSL structure for a connection
+@@ -9,7 +9,7 @@ SSL_new, SSL_up_ref - create a new SSL s
#include <openssl/ssl.h>
SSL *SSL_new(SSL_CTX *ctx);
@@ -138253,11 +146225,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
-index d247fa3..f6ed565 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
-@@ -56,4 +56,13 @@ L<SSL_CTX_set_split_send_fragment(3)>, L<ssl(3)>
+@@ -56,4 +56,13 @@ L<SSL_CTX_set_split_send_fragment(3)>, L
The SSL_has_pending() function was added in OpenSSL 1.1.0.
@@ -138271,8 +146241,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
-index e0a9bd4..8dff244 100644
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
@@ -2,7 +2,7 @@
@@ -138284,7 +146252,7 @@
=head1 SYNOPSIS
-@@ -22,7 +22,7 @@ not already explicitly performed by L<SSL_connect(3)> or
+@@ -22,7 +22,7 @@ not already explicitly performed by L<SS
L<SSL_accept(3)>. If the
peer requests a re-negotiation, it will be performed transparently during
the SSL_read() operation. The behaviour of SSL_read() depends on the
@@ -138293,7 +146261,7 @@
For the transparent negotiation to succeed, the B<ssl> must have been
initialized to client or server mode. This is being done by calling
-@@ -47,7 +47,7 @@ record is complete and SSL_read() can succeed.
+@@ -47,7 +47,7 @@ record is complete and SSL_read() can su
If the underlying BIO is B<blocking>, SSL_read() will only return, once the
read operation has been finished or an error occurred, except when a
@@ -138316,11 +146284,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_rstate_string.pod b/doc/ssl/SSL_rstate_string.pod
-index 7309483..7775913 100644
--- a/doc/ssl/SSL_rstate_string.pod
+++ b/doc/ssl/SSL_rstate_string.pod
-@@ -56,4 +56,13 @@ The read state is unknown. This should never happen.
+@@ -56,4 +56,13 @@ The read state is unknown. This should n
L<ssl(3)>
@@ -138334,8 +146300,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
-index 4a738fa..eda66b2 100644
--- a/doc/ssl/SSL_session_reused.pod
+++ b/doc/ssl/SSL_session_reused.pod
@@ -42,4 +42,13 @@ A session was reused.
@@ -138352,8 +146316,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set1_host.pod b/doc/ssl/SSL_set1_host.pod
-index 0ef2448..3339a0e 100644
--- a/doc/ssl/SSL_set1_host.pod
+++ b/doc/ssl/SSL_set1_host.pod
@@ -2,13 +2,12 @@
@@ -138372,7 +146334,7 @@
int SSL_set1_host(SSL *s, const char *hostname);
int SSL_add1_host(SSL *s, const char *hostname);
-@@ -72,8 +71,6 @@ applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
+@@ -72,8 +71,6 @@ applicable (as with RFC7671 DANE-EE(3)),
matched. Otherwise, it returns the matched peername. To determine
whether verification succeeded call L<SSL_get_verify_result(3)>.
@@ -138395,11 +146357,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod
-index 3e87ee1..204c89e 100644
--- a/doc/ssl/SSL_set_bio.pod
+++ b/doc/ssl/SSL_set_bio.pod
-@@ -9,6 +9,8 @@ SSL_set_bio, SSL_set_rbio, SSL_set_wbio - connect the SSL object with a BIO
+@@ -9,6 +9,8 @@ SSL_set_bio, SSL_set_rbio, SSL_set_wbio
#include <openssl/ssl.h>
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
@@ -138422,8 +146382,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod
-index 4c3626c..60c18a4 100644
--- a/doc/ssl/SSL_set_connect_state.pod
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -52,4 +52,13 @@ L<SSL_write(3)>, L<SSL_read(3)>,
@@ -138440,8 +146398,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
-index faf1d17..e1f9988 100644
--- a/doc/ssl/SSL_set_fd.pod
+++ b/doc/ssl/SSL_set_fd.pod
@@ -51,4 +51,13 @@ L<SSL_get_fd(3)>, L<SSL_set_bio(3)>,
@@ -138458,8 +146414,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
-index c9e31c4..1de533f 100644
--- a/doc/ssl/SSL_set_session.pod
+++ b/doc/ssl/SSL_set_session.pod
@@ -21,7 +21,11 @@ with the L<SSL_session_reused(3)> call.
@@ -138489,8 +146443,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
-index 91d7697..ecdf60c 100644
--- a/doc/ssl/SSL_set_shutdown.pod
+++ b/doc/ssl/SSL_set_shutdown.pod
@@ -69,4 +69,13 @@ L<ssl(3)>, L<SSL_shutdown(3)>,
@@ -138507,8 +146459,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_set_verify_result.pod b/doc/ssl/SSL_set_verify_result.pod
-index 2c6d0b4..8738d78 100644
--- a/doc/ssl/SSL_set_verify_result.pod
+++ b/doc/ssl/SSL_set_verify_result.pod
@@ -35,4 +35,13 @@ L<ssl(3)>, L<SSL_get_verify_result(3)>,
@@ -138525,11 +146475,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
-index 169079a..e8ec454 100644
--- a/doc/ssl/SSL_shutdown.pod
+++ b/doc/ssl/SSL_shutdown.pod
-@@ -12,7 +12,7 @@ SSL_shutdown - shut down a TLS/SSL connection
+@@ -12,7 +12,7 @@ SSL_shutdown - shut down a TLS/SSL conne
=head1 DESCRIPTION
@@ -138538,7 +146486,7 @@
"close notify" shutdown alert to the peer.
=head1 NOTES
-@@ -62,7 +62,7 @@ It is therefore recommended, to check the return value of SSL_shutdown()
+@@ -62,7 +62,7 @@ It is therefore recommended, to check th
and call SSL_shutdown() again, if the bidirectional shutdown is not yet
complete (return value of the first call is 0).
@@ -138561,11 +146509,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_state_string.pod b/doc/ssl/SSL_state_string.pod
-index 0d2ba61..a2f59e8 100644
--- a/doc/ssl/SSL_state_string.pod
+++ b/doc/ssl/SSL_state_string.pod
-@@ -42,4 +42,13 @@ Detailed description of possible states to be included later.
+@@ -42,4 +42,13 @@ Detailed description of possible states
L<ssl(3)>, L<SSL_CTX_set_info_callback(3)>
@@ -138579,8 +146525,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod
-index e8b426c..e179d6b 100644
--- a/doc/ssl/SSL_want.pod
+++ b/doc/ssl/SSL_want.pod
@@ -2,7 +2,9 @@
@@ -138594,7 +146538,7 @@
=head1 SYNOPSIS
-@@ -13,6 +15,8 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup
+@@ -13,6 +15,8 @@ SSL_want, SSL_want_nothing, SSL_want_rea
int SSL_want_read(const SSL *ssl);
int SSL_want_write(const SSL *ssl);
int SSL_want_x509_lookup(const SSL *ssl);
@@ -138603,7 +146547,7 @@
=head1 DESCRIPTION
-@@ -65,13 +69,35 @@ SSL_CTX_set_client_cert_cb() has asked to be called again.
+@@ -65,13 +69,35 @@ SSL_CTX_set_client_cert_cb() has asked t
A call to L<SSL_get_error(3)> should return
SSL_ERROR_WANT_X509_LOOKUP.
@@ -138641,8 +146585,6 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
-index 1fff854..5ab0790 100644
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -2,7 +2,7 @@
@@ -138654,7 +146596,7 @@
=head1 SYNOPSIS
-@@ -22,7 +22,7 @@ not already explicitly performed by L<SSL_connect(3)> or
+@@ -22,7 +22,7 @@ not already explicitly performed by L<SS
L<SSL_accept(3)>. If the
peer requests a re-negotiation, it will be performed transparently during
the SSL_write() operation. The behaviour of SSL_write() depends on the
@@ -138663,7 +146605,7 @@
For the transparent negotiation to succeed, the B<ssl> must have been
initialized to client or server mode. This is being done by calling
-@@ -31,7 +31,7 @@ before the first call to an L<SSL_read(3)> or SSL_write() function.
+@@ -31,7 +31,7 @@ before the first call to an L<SSL_read(3
If the underlying BIO is B<blocking>, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a
@@ -138686,11 +146628,9 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
-diff --git a/doc/ssl/d2i_SSL_SESSION.pod b/doc/ssl/d2i_SSL_SESSION.pod
-index 985d158..d6b1707 100644
--- a/doc/ssl/d2i_SSL_SESSION.pod
+++ b/doc/ssl/d2i_SSL_SESSION.pod
-@@ -13,28 +13,8 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 repre
+@@ -13,28 +13,8 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - conve
=head1 DESCRIPTION
@@ -138721,7 +146661,7 @@
SSL_SESSION objects keep internal link information about the session cache
list, when being inserted into one SSL_CTX object's session cache.
-@@ -42,23 +22,6 @@ One SSL_SESSION object, regardless of its reference count, must therefore
+@@ -42,23 +22,6 @@ One SSL_SESSION object, regardless of it
only be used with one SSL_CTX object (and the SSL objects created
from this SSL_CTX object).
@@ -138745,7 +146685,7 @@
=head1 RETURN VALUES
d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
-@@ -71,6 +34,16 @@ When the session is not valid, B<0> is returned and no operation is performed.
+@@ -71,6 +34,16 @@ When the session is not valid, B<0> is r
=head1 SEE ALSO
L<ssl(3)>, L<SSL_SESSION_free(3)>,
@@ -138763,8 +146703,6 @@
+L<https://www.openssl.org/source/license.html>.
=cut
-diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
-index 7e2cd85..dfd83ea 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -1,12 +1,15 @@
@@ -138793,7 +146731,7 @@
Here we document the various API functions which deal with the SSL/TLS
protocol methods defined in B<SSL_METHOD> structures.
-@@ -182,7 +185,7 @@ Constructor for the SSLv3 SSL_METHOD structure for servers.
+@@ -182,7 +185,7 @@ Constructor for the SSLv3 SSL_METHOD str
=back
@@ -138811,7 +146749,7 @@
Here we document the various API functions which deal with the SSL/TLS
protocol context defined in the B<SSL_CTX> structure.
-@@ -265,13 +268,11 @@ protocol context defined in the B<SSL_CTX> structure.
+@@ -265,13 +268,11 @@ protocol context defined in the B<SSL_CT
=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
@@ -138827,8 +146765,26 @@
=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
-@@ -380,19 +381,19 @@ Use the file path to locate trusted CA certificates.
+@@ -305,7 +306,7 @@ protocol context defined in the B<SSL_CT
+ =item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+
+-=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
++=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx, t);
+
+ =item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+@@ -317,7 +318,7 @@ protocol context defined in the B<SSL_CT
+
+ =item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+
+-=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
++=item int B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+
+ =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+
+@@ -380,19 +381,19 @@ Use the file path to locate trusted CA c
+
=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
-=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
@@ -138850,7 +146806,7 @@
=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
-@@ -405,11 +406,9 @@ Use the file path to locate trusted CA certificates.
+@@ -405,11 +406,9 @@ Use the file path to locate trusted CA c
=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
@@ -138863,8 +146819,17 @@
Here we document the various API functions which deal with the SSL/TLS
sessions defined in the B<SSL_SESSION> structures.
-@@ -448,7 +447,7 @@ sessions defined in the B<SSL_SESSION> structures.
+@@ -438,7 +437,7 @@ sessions defined in the B<SSL_SESSION> s
+ =item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
+
+-=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
++=item int B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+
+ =item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+
+@@ -448,7 +447,7 @@ sessions defined in the B<SSL_SESSION> s
+
=back
-=head2 DEALING WITH CONNECTIONS
@@ -138881,6 +146846,15 @@
=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
+@@ -575,7 +576,7 @@ fresh handle for each connection.
+
+ =item long B<SSL_get_timeout>(const SSL *ssl);
+
+-=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *)
++=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int, X509_STORE_CTX *)
+
+ =item int B<SSL_get_verify_mode>(const SSL *ssl);
+
@@ -595,11 +596,11 @@ fresh handle for each connection.
=item int B<SSL_is_init_finished>(SSL *ssl);
@@ -138944,8 +146918,6 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff --git a/e_os.h b/e_os.h
-index 0124e5e..eafa862 100644
--- a/e_os.h
+++ b/e_os.h
@@ -1,58 +1,10 @@
@@ -139065,7 +147037,7 @@
# ifdef USE_SOCKETS
# ifdef OPENSSL_NO_SOCK
# elif defined(WINDOWS) || defined(MSDOS)
-@@ -517,12 +471,17 @@ struct servent *PASCAL getservbyname(const char *, const char *);
+@@ -517,12 +471,17 @@ struct servent *PASCAL getservbyname(con
# if defined(OPENSSL_SYS_WINDOWS)
# define strcasecmp _stricmp
# define strncasecmp _strnicmp
@@ -139089,7 +147061,7 @@
# endif
/* vxworks */
-@@ -552,13 +511,6 @@ struct servent *getservbyname(const char *name, const char *proto);
+@@ -552,13 +511,6 @@ struct servent *getservbyname(const char
# endif
/* end vxworks */
@@ -139103,9 +147075,6 @@
#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0]))
#ifdef __cplusplus
-diff --git a/engines/Makefile.in b/engines/Makefile.in
-deleted file mode 100644
-index e37c4e2..0000000
--- a/engines/Makefile.in
+++ /dev/null
@@ -1,119 +0,0 @@
@@ -139228,9 +147197,6 @@
- @target=clean; $(RECURSIVE_MAKE)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/engines/afalg/Makefile.in b/engines/afalg/Makefile.in
-deleted file mode 100644
-index 8a7408f..0000000
--- a/engines/afalg/Makefile.in
+++ /dev/null
@@ -1,75 +0,0 @@
@@ -139309,8 +147275,6 @@
- ../../include/openssl/sha.h ../../include/openssl/x509_vfy.h \
- ../../include/openssl/pkcs7.h ../../include/openssl/async.h e_afalg.h \
- e_afalg_err.h
-diff --git a/engines/afalg/build.info b/engines/afalg/build.info
-index 5aba447..8601b1a 100644
--- a/engines/afalg/build.info
+++ b/engines/afalg/build.info
@@ -1,5 +1,3 @@
@@ -139328,8 +147292,6 @@
ENDIF
ENDIF
ENDIF
-diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c
-index d8599a1..2e7ce34 100644
--- a/engines/afalg/e_afalg.c
+++ b/engines/afalg/e_afalg.c
@@ -1,55 +1,10 @@
@@ -139436,7 +147398,7 @@
struct io_event *events,
struct timespec *timeout)
{
-@@ -275,7 +230,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+@@ -275,7 +230,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio,
memset(cb, '\0', sizeof(*cb));
cb->aio_fildes = sfd;
cb->aio_lio_opcode = IOCB_CMD_PREAD;
@@ -139445,7 +147407,7 @@
cb->aio_offset = 0;
cb->aio_data = 0;
cb->aio_nbytes = len;
-@@ -355,7 +310,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+@@ -355,7 +310,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio,
return 1;
}
@@ -139454,7 +147416,7 @@
const unsigned int op)
{
cmsg->cmsg_level = SOL_ALG;
-@@ -377,7 +332,7 @@ static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
+@@ -377,7 +332,7 @@ static void afalg_set_iv_sk(struct cmsgh
memcpy(aiv->iv, iv, len);
}
@@ -139486,8 +147448,6 @@
return 1;
}
-diff --git a/engines/afalg/e_afalg.h b/engines/afalg/e_afalg.h
-index 8b589e4..8f4d2d1 100644
--- a/engines/afalg/e_afalg.h
+++ b/engines/afalg/e_afalg.h
@@ -1,59 +1,14 @@
@@ -139558,8 +147518,6 @@
# ifdef ALG_DEBUG
# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
-diff --git a/engines/afalg/e_afalg_err.c b/engines/afalg/e_afalg_err.c
-index 71c4a01..ca394ed 100644
--- a/engines/afalg/e_afalg_err.c
+++ b/engines/afalg/e_afalg_err.c
@@ -1,55 +1,10 @@
@@ -139624,8 +147582,6 @@
*/
/*
-diff --git a/engines/afalg/e_afalg_err.h b/engines/afalg/e_afalg_err.h
-index 64468c3..21abc97 100644
--- a/engines/afalg/e_afalg_err.h
+++ b/engines/afalg/e_afalg_err.h
@@ -1,55 +1,16 @@
@@ -139707,8 +147663,6 @@
void ERR_load_AFALG_strings(void);
void ERR_unload_AFALG_strings(void);
void ERR_AFALG_error(int function, int reason, char *file, int line);
-diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl
-index 1a22dc8..bf6b312 100644
--- a/engines/asm/e_padlock-x86.pl
+++ b/engines/asm/e_padlock-x86.pl
@@ -1,4 +1,11 @@
@@ -139724,8 +147678,6 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl
-index 07c0a6d..da285ab 100644
--- a/engines/asm/e_padlock-x86_64.pl
+++ b/engines/asm/e_padlock-x86_64.pl
@@ -1,4 +1,11 @@
@@ -139741,7 +147693,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -23,7 +30,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+@@ -23,7 +30,7 @@ if ($flavour =~ /\./) { $output = $flavo
( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
@@ -139750,8 +147702,6 @@
*STDOUT=*OUT;
$code=".text\n";
-diff --git a/engines/build.info b/engines/build.info
-index 065d412..e42684f 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -1,4 +1,3 @@
@@ -139759,8 +147709,13 @@
IF[{- !$disabled{"engine"} -}]
IF[{- $disabled{"dynamic-engine"} -}]
LIBS=../libcrypto
-@@ -12,19 +11,19 @@ IF[{- !$disabled{"engine"} -}]
- ENGINES=padlock dasync ossltest
+@@ -9,22 +8,23 @@ IF[{- !$disabled{"engine"} -}]
+ SOURCE[../libcrypto]=e_capi.c
+ ENDIF
+ ELSE
+- ENGINES=padlock dasync ossltest
++ ENGINES=padlock dasync
++ ENGINES_NO_INST=ossltest
SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
DEPEND[padlock]=../libcrypto
- INCLUDE[padlock]={- rel2abs(catdir($builddir,"../include")) -} ../include
@@ -139783,18 +147738,13 @@
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
-diff --git a/engines/capierr.bat b/engines/capierr.bat
-deleted file mode 100644
-index 274ffac..0000000
--- a/engines/capierr.bat
+++ /dev/null
@@ -1 +0,0 @@
-perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c
-diff --git a/engines/e_capi.c b/engines/e_capi.c
-index 5bf0fe9..4923eef 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
-@@ -1,54 +1,10 @@
+@@ -1,63 +1,29 @@
/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
@@ -139818,7 +147768,8 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -139832,8 +147783,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -139853,8 +147803,59 @@
+ * https://www.openssl.org/source/license.html
*/
- #include <stdio.h>
-@@ -176,9 +132,11 @@ static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+-#include <stdio.h>
+-#include <string.h>
+-#include <stdlib.h>
++#ifdef _WIN32
++# ifndef _WIN32_WINNT
++# define _WIN32_WINNT 0x0400
++# endif
++# include <windows.h>
++# include <wincrypt.h>
+
+-#include <openssl/crypto.h>
++# include <stdio.h>
++# include <string.h>
++# include <stdlib.h>
++# include <malloc.h>
++# ifndef alloca
++# define alloca _alloca
++# endif
++
++# include <openssl/crypto.h>
+
+-#ifdef OPENSSL_SYS_WIN32
+ # ifndef OPENSSL_NO_CAPIENG
+
+ # include <openssl/buffer.h>
+@@ -65,17 +31,6 @@
+ # include <openssl/rsa.h>
+ # include <openssl/dsa.h>
+
+-# ifndef _WIN32_WINNT
+-# define _WIN32_WINNT 0x0400
+-# endif
+-
+-# include <windows.h>
+-# include <wincrypt.h>
+-# include <malloc.h>
+-# ifndef alloca
+-# define alloca _alloca
+-# endif
+-
+ /*
+ * This module uses several "new" interfaces, among which is
+ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
+@@ -94,7 +49,7 @@
+ # define __COMPILE_CAPIENG
+ # endif /* CERT_KEY_PROV_INFO_PROP_ID */
+ # endif /* OPENSSL_NO_CAPIENG */
+-#endif /* OPENSSL_SYS_WIN32 */
++#endif /* _WIN32 */
+
+ #ifdef __COMPILE_CAPIENG
+
+@@ -176,9 +131,11 @@ static int capi_rsa_priv_dec(int flen, c
unsigned char *to, RSA *rsa, int padding);
static int capi_rsa_free(RSA *rsa);
@@ -139866,7 +147867,7 @@
static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
-@@ -337,6 +295,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -337,6 +294,7 @@ static int capi_ctrl(ENGINE *e, int cmd,
int ret = 1;
CAPI_CTX *ctx;
BIO *out;
@@ -139874,7 +147875,7 @@
if (capi_idx == -1) {
CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
return 0;
-@@ -365,9 +324,15 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -365,9 +323,15 @@ static int capi_ctrl(ENGINE *e, int cmd,
break;
case CAPI_CMD_STORE_NAME:
@@ -139893,7 +147894,7 @@
break;
case CAPI_CMD_STORE_FLAGS:
-@@ -387,8 +352,14 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -387,8 +351,14 @@ static int capi_ctrl(ENGINE *e, int cmd,
break;
case CAPI_CMD_DEBUG_FILE:
@@ -139910,7 +147911,7 @@
break;
case CAPI_CMD_KEYTYPE:
-@@ -432,7 +403,9 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -432,7 +402,9 @@ static int capi_ctrl(ENGINE *e, int cmd,
}
static RSA_METHOD *capi_rsa_method = NULL;
@@ -139920,7 +147921,7 @@
static int use_aes_csp = 0;
-@@ -440,7 +413,9 @@ static int capi_init(ENGINE *e)
+@@ -440,7 +412,9 @@ static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
@@ -139930,7 +147931,7 @@
HCRYPTPROV hprov;
if (capi_idx < 0) {
-@@ -468,6 +443,7 @@ static int capi_init(ENGINE *e)
+@@ -468,6 +442,7 @@ static int capi_init(ENGINE *e)
goto memerr;
}
@@ -139938,7 +147939,7 @@
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
-@@ -481,6 +457,7 @@ static int capi_init(ENGINE *e)
+@@ -481,6 +456,7 @@ static int capi_init(ENGINE *e)
DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
goto memerr;
}
@@ -139946,7 +147947,7 @@
}
ctx = capi_ctx_new();
-@@ -526,8 +503,10 @@ static int capi_destroy(ENGINE *e)
+@@ -526,8 +502,10 @@ static int capi_destroy(ENGINE *e)
{
RSA_meth_free(capi_rsa_method);
capi_rsa_method = NULL;
@@ -139957,7 +147958,7 @@
ERR_unload_CAPI_strings();
return 1;
}
-@@ -560,9 +539,11 @@ static int bind_capi(ENGINE *e)
+@@ -560,9 +538,11 @@ static int bind_capi(ENGINE *e)
capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
if (capi_rsa_method == NULL)
return 0;
@@ -139969,7 +147970,7 @@
if (!ENGINE_set_id(e, engine_capi_id)
|| !ENGINE_set_name(e, engine_capi_name)
|| !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
-@@ -570,7 +551,9 @@ static int bind_capi(ENGINE *e)
+@@ -570,7 +550,9 @@ static int bind_capi(ENGINE *e)
|| !ENGINE_set_finish_function(e, capi_finish)
|| !ENGINE_set_destroy_function(e, capi_destroy)
|| !ENGINE_set_RSA(e, capi_rsa_method)
@@ -139979,7 +147980,7 @@
|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
|| !ENGINE_set_load_ssl_client_cert_function(e,
capi_load_ssl_client_cert)
-@@ -583,8 +566,10 @@ static int bind_capi(ENGINE *e)
+@@ -583,8 +565,10 @@ static int bind_capi(ENGINE *e)
memerr:
RSA_meth_free(capi_rsa_method);
capi_rsa_method = NULL;
@@ -139990,7 +147991,7 @@
return 0;
}
-@@ -722,6 +707,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
+@@ -722,6 +706,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *e
EVP_PKEY_assign_RSA(ret, rkey);
rkey = NULL;
@@ -139998,7 +147999,7 @@
} else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
DSSPUBKEY *dp;
DWORD dsa_plen;
-@@ -774,6 +760,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
+@@ -774,6 +759,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *e
EVP_PKEY_assign_DSA(ret, dkey);
dkey = NULL;
@@ -140006,7 +148007,7 @@
} else {
char algstr[10];
BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
-@@ -787,7 +774,9 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
+@@ -787,7 +773,9 @@ static EVP_PKEY *capi_get_pkey(ENGINE *e
OPENSSL_free(pubkey);
if (!ret) {
RSA_free(rkey);
@@ -140016,7 +148017,7 @@
}
return ret;
-@@ -990,6 +979,7 @@ static int capi_rsa_free(RSA *rsa)
+@@ -990,6 +978,7 @@ static int capi_rsa_free(RSA *rsa)
return 1;
}
@@ -140024,7 +148025,7 @@
/* CryptoAPI DSA operations */
static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
-@@ -1039,17 +1029,17 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+@@ -1039,17 +1028,17 @@ static DSA_SIG *capi_dsa_do_sign(const u
capi_addlasterror();
goto err;
} else {
@@ -140051,7 +148052,7 @@
}
/* Now cleanup */
-@@ -1068,6 +1058,7 @@ static int capi_dsa_free(DSA *dsa)
+@@ -1068,6 +1057,7 @@ static int capi_dsa_free(DSA *dsa)
DSA_set_ex_data(dsa, dsa_capi_idx, 0);
return 1;
}
@@ -140059,7 +148060,7 @@
static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
va_list argptr)
-@@ -1647,6 +1638,8 @@ static void capi_ctx_free(CAPI_CTX * ctx)
+@@ -1647,6 +1637,8 @@ static void capi_ctx_free(CAPI_CTX * ctx
static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
int check)
{
@@ -140068,7 +148069,7 @@
CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
if (check) {
HCRYPTPROV hprov;
-@@ -1670,8 +1663,13 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+@@ -1670,8 +1662,13 @@ static int capi_ctx_set_provname(CAPI_CT
}
CryptReleaseContext(hprov, 0);
}
@@ -140083,8 +148084,6 @@
ctx->csptype = type;
return 1;
}
-diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c
-index 1de6f25..64e963a 100644
--- a/engines/e_capi_err.c
+++ b/engines/e_capi_err.c
@@ -1,55 +1,10 @@
@@ -140149,8 +148148,6 @@
*/
/*
-diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
-index 01ec2ef..bbaffad 100644
--- a/engines/e_capi_err.h
+++ b/engines/e_capi_err.h
@@ -1,55 +1,16 @@
@@ -140232,8 +148229,6 @@
static void ERR_load_CAPI_strings(void);
static void ERR_unload_CAPI_strings(void);
static void ERR_CAPI_error(int function, int reason, char *file, int line);
-diff --git a/engines/e_chil.c b/engines/e_chil.c
-index b09d525..8d81b46 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -1,60 +1,10 @@
@@ -140314,7 +148309,7 @@
if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
!ENGINE_set_name(e, engine_hwcrhk_name) ||
-@@ -689,7 +641,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -689,7 +641,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cm
CRYPTO_THREAD_write_lock(chil_lock);
BIO_free(logstream);
logstream = NULL;
@@ -140323,7 +148318,7 @@
logstream = bio;
else
HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
-@@ -1142,8 +1094,10 @@ static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
+@@ -1142,8 +1094,10 @@ static int hwcrhk_mutex_init(HWCryptoHoo
HWCryptoHook_CallerContext * cactx)
{
mt->lock = CRYPTO_THREAD_lock_new();
@@ -140335,7 +148330,7 @@
return 0; /* success */
}
-@@ -1262,7 +1216,7 @@ static int hwcrhk_insert_card(const char *prompt_info,
+@@ -1262,7 +1216,7 @@ static int hwcrhk_insert_card(const char
ui = UI_new_method(ui_method);
if (ui) {
@@ -140344,8 +148339,6 @@
char buf[BUFSIZ];
/*
* Despite what the documentation says wrong_info can be an empty
-diff --git a/engines/e_chil_err.c b/engines/e_chil_err.c
-index 2cfcab2..0058684 100644
--- a/engines/e_chil_err.c
+++ b/engines/e_chil_err.c
@@ -1,55 +1,10 @@
@@ -140410,8 +148403,6 @@
*/
/*
-diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
-index 3d961b9..b0f0dd9 100644
--- a/engines/e_chil_err.h
+++ b/engines/e_chil_err.h
@@ -1,55 +1,16 @@
@@ -140493,7 +148484,7 @@
static void ERR_load_HWCRHK_strings(void);
static void ERR_unload_HWCRHK_strings(void);
static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-@@ -82,6 +39,8 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+@@ -82,6 +39,8 @@ static void ERR_HWCRHK_error(int functio
# define HWCRHK_F_HWCRHK_MOD_EXP 107
# define HWCRHK_F_HWCRHK_RAND_BYTES 108
# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
@@ -140502,11 +148493,9 @@
/* Reason codes. */
# define HWCRHK_R_ALREADY_LOADED 100
-diff --git a/engines/e_dasync.c b/engines/e_dasync.c
-index 27a5602..ed3f00a 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
-@@ -1,53 +1,10 @@
+@@ -1,55 +1,16 @@
/*
- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
- */
@@ -140534,7 +148523,8 @@
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
@@ -140543,8 +148533,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -140564,8 +148553,22 @@
+ * https://www.openssl.org/source/license.html
*/
++#if defined(_WIN32)
++# include <windows.h>
++#endif
++
#include <stdio.h>
-@@ -228,7 +185,7 @@ static int bind_dasync(ENGINE *e)
+ #include <string.h>
+
+@@ -71,7 +32,6 @@
+ #elif defined(_WIN32)
+ # undef ASYNC_WIN
+ # define ASYNC_WIN
+-# include <windows.h>
+ #endif
+
+ #define DASYNC_LIB_NAME "DASYNC"
+@@ -228,7 +188,7 @@ static int bind_dasync(ENGINE *e)
|| RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
|| RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
|| RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
@@ -140574,8 +148577,6 @@
|| RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
-diff --git a/engines/e_dasync_err.c b/engines/e_dasync_err.c
-index 3b462ba..a9e7765 100644
--- a/engines/e_dasync_err.c
+++ b/engines/e_dasync_err.c
@@ -1,55 +1,10 @@
@@ -140640,8 +148641,6 @@
*/
/*
-diff --git a/engines/e_dasync_err.h b/engines/e_dasync_err.h
-index 304eeef..b01fead 100644
--- a/engines/e_dasync_err.h
+++ b/engines/e_dasync_err.h
@@ -1,55 +1,16 @@
@@ -140723,8 +148722,6 @@
static void ERR_load_DASYNC_strings(void);
static void ERR_unload_DASYNC_strings(void);
static void ERR_DASYNC_error(int function, int reason, char *file, int line);
-diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
-index e641a44..b4c83cb 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -1,53 +1,10 @@
@@ -140786,8 +148783,6 @@
*/
/*
-diff --git a/engines/e_ossltest_err.c b/engines/e_ossltest_err.c
-index 5e5355d..71d0578 100644
--- a/engines/e_ossltest_err.c
+++ b/engines/e_ossltest_err.c
@@ -1,55 +1,10 @@
@@ -140852,8 +148847,6 @@
*/
/*
-diff --git a/engines/e_ossltest_err.h b/engines/e_ossltest_err.h
-index b30509d..a323c39 100644
--- a/engines/e_ossltest_err.h
+++ b/engines/e_ossltest_err.h
@@ -1,55 +1,16 @@
@@ -140935,8 +148928,6 @@
static void ERR_load_OSSLTEST_strings(void);
static void ERR_unload_OSSLTEST_strings(void);
static void ERR_OSSLTEST_error(int function, int reason, char *file, int line);
-diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index dab6c44..77cebe3 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -1,65 +1,10 @@
@@ -141021,8 +149012,6 @@
# define COMPILE_HW_PADLOCK
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *ENGINE_padlock(void);
-diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h
-index 2bafffe..c3dcd56 100644
--- a/engines/vendor_defns/hwcryptohook.h
+++ b/engines/vendor_defns/hwcryptohook.h
@@ -1,3 +1,12 @@
@@ -141047,8 +149036,6 @@
*/
#ifndef HWCRYPTOHOOK_H
-diff --git a/external/perl/transfer/Text/Template.pm b/external/perl/transfer/Text/Template.pm
-index d018e6b..7dbfe3f 100644
--- a/external/perl/transfer/Text/Template.pm
+++ b/external/perl/transfer/Text/Template.pm
@@ -1,4 +1,9 @@
@@ -141062,12 +149049,9 @@
# Quick transfer to the downloaded Text::Template
-diff --git a/fuzz/README.md b/fuzz/README.md
-new file mode 100644
-index 0000000..e9ec88b
--- /dev/null
+++ b/fuzz/README.md
-@@ -0,0 +1,70 @@
+@@ -0,0 +1,66 @@
+# I Can Haz Fuzz?
+
+LibFuzzer
@@ -141111,16 +149095,14 @@
+ enable-asan enable-ubsan no-shared
+ $ sudo apt-get install make
+ $ LDCMD=clang++ make -j
-+ $ fuzz/helper.py <fuzzer> <arguments>
++ $ fuzz/helper.py $FUZZER
+
-+Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
-+need any command line arguments, but, for example, `asn1` needs the name of a
-+data type.
++Where $FUZZER is one of the executables in `fuzz/`.
+
+If you get a crash, you should find a corresponding input file in
-+`fuzz/corpora/<fuzzer>-crash/`. You can reproduce the crash with
++`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with
+
-+ $ fuzz/<fuzzer> <crashfile>
++ $ fuzz/$FUZZER <crashfile>
+
+AFL
+===
@@ -141133,17 +149115,12 @@
+
+Run one of the fuzzers:
+
-+ $ afl-fuzz fuzz/<fuzzer> -i fuzz/corpora/<fuzzer> -o fuzz/corpora/<fuzzer>/out <fuzzer> <arguments>
++ $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
+
-+Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
-+need any command line arguments, but, for example, `asn1` needs the name of a
-+data type.
-diff --git a/fuzz/asn1.c b/fuzz/asn1.c
-new file mode 100644
-index 0000000..4d22eeb
++Where $FUZZER is one of the executables in `fuzz/`.
--- /dev/null
+++ b/fuzz/asn1.c
-@@ -0,0 +1,77 @@
+@@ -0,0 +1,208 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -141170,21 +149147,99 @@
+#include <openssl/pkcs12.h>
+#include <openssl/ts.h>
+#include <openssl/x509v3.h>
++#include <openssl/cms.h>
+#include "fuzzer.h"
+
+static ASN1_ITEM_EXP *item_type[] = {
++ ASN1_ITEM_ref(ACCESS_DESCRIPTION),
++ ASN1_ITEM_ref(ASIdentifierChoice),
++ ASN1_ITEM_ref(ASIdentifiers),
++ ASN1_ITEM_ref(ASIdOrRange),
++ ASN1_ITEM_ref(ASN1_ANY),
++ ASN1_ITEM_ref(ASN1_BIT_STRING),
++ ASN1_ITEM_ref(ASN1_BMPSTRING),
++ ASN1_ITEM_ref(ASN1_BOOLEAN),
++ ASN1_ITEM_ref(ASN1_ENUMERATED),
++ ASN1_ITEM_ref(ASN1_FBOOLEAN),
++ ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
++ ASN1_ITEM_ref(ASN1_GENERALSTRING),
++ ASN1_ITEM_ref(ASN1_IA5STRING),
++ ASN1_ITEM_ref(ASN1_INTEGER),
++ ASN1_ITEM_ref(ASN1_NULL),
++ ASN1_ITEM_ref(ASN1_OBJECT),
++ ASN1_ITEM_ref(ASN1_OCTET_STRING),
++ ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
++ ASN1_ITEM_ref(ASN1_PRINTABLE),
++ ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+ ASN1_ITEM_ref(ASN1_SEQUENCE),
++ ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
++ ASN1_ITEM_ref(ASN1_SET_ANY),
++ ASN1_ITEM_ref(ASN1_T61STRING),
++ ASN1_ITEM_ref(ASN1_TBOOLEAN),
++ ASN1_ITEM_ref(ASN1_TIME),
++ ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
++ ASN1_ITEM_ref(ASN1_UTCTIME),
++ ASN1_ITEM_ref(ASN1_UTF8STRING),
++ ASN1_ITEM_ref(ASN1_VISIBLESTRING),
++ ASN1_ITEM_ref(ASRange),
+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
++ ASN1_ITEM_ref(AUTHORITY_KEYID),
++ ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+ ASN1_ITEM_ref(BIGNUM),
++ ASN1_ITEM_ref(CBIGNUM),
++ ASN1_ITEM_ref(CERTIFICATEPOLICIES),
++ ASN1_ITEM_ref(CMS_ContentInfo),
++ ASN1_ITEM_ref(CMS_ReceiptRequest),
++ ASN1_ITEM_ref(CRL_DIST_POINTS),
++ ASN1_ITEM_ref(DHparams),
++ ASN1_ITEM_ref(DIRECTORYSTRING),
++ ASN1_ITEM_ref(DISPLAYTEXT),
++ ASN1_ITEM_ref(DIST_POINT),
++ ASN1_ITEM_ref(DIST_POINT_NAME),
++#ifndef OPENSSL_NO_EC
+ ASN1_ITEM_ref(ECPARAMETERS),
+ ASN1_ITEM_ref(ECPKPARAMETERS),
++#endif
++ ASN1_ITEM_ref(EDIPARTYNAME),
++ ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+ ASN1_ITEM_ref(GENERAL_NAME),
++ ASN1_ITEM_ref(GENERAL_NAMES),
+ ASN1_ITEM_ref(GENERAL_SUBTREE),
++ ASN1_ITEM_ref(IPAddressChoice),
++ ASN1_ITEM_ref(IPAddressFamily),
++ ASN1_ITEM_ref(IPAddressOrRange),
++ ASN1_ITEM_ref(IPAddressRange),
++ ASN1_ITEM_ref(ISSUING_DIST_POINT),
++ ASN1_ITEM_ref(LONG),
+ ASN1_ITEM_ref(NAME_CONSTRAINTS),
++ ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
++ ASN1_ITEM_ref(NETSCAPE_SPKAC),
++ ASN1_ITEM_ref(NETSCAPE_SPKI),
++ ASN1_ITEM_ref(NOTICEREF),
+ ASN1_ITEM_ref(OCSP_BASICRESP),
++ ASN1_ITEM_ref(OCSP_CERTID),
++ ASN1_ITEM_ref(OCSP_CERTSTATUS),
++ ASN1_ITEM_ref(OCSP_CRLID),
++ ASN1_ITEM_ref(OCSP_ONEREQ),
++ ASN1_ITEM_ref(OCSP_REQINFO),
++ ASN1_ITEM_ref(OCSP_REQUEST),
++ ASN1_ITEM_ref(OCSP_RESPBYTES),
++ ASN1_ITEM_ref(OCSP_RESPDATA),
++ ASN1_ITEM_ref(OCSP_RESPID),
+ ASN1_ITEM_ref(OCSP_RESPONSE),
++ ASN1_ITEM_ref(OCSP_REVOKEDINFO),
++ ASN1_ITEM_ref(OCSP_SERVICELOC),
++ ASN1_ITEM_ref(OCSP_SIGNATURE),
++ ASN1_ITEM_ref(OCSP_SINGLERESP),
++ ASN1_ITEM_ref(OTHERNAME),
++ ASN1_ITEM_ref(PBE2PARAM),
++ ASN1_ITEM_ref(PBEPARAM),
++ ASN1_ITEM_ref(PBKDF2PARAM),
+ ASN1_ITEM_ref(PKCS12),
+ ASN1_ITEM_ref(PKCS12_AUTHSAFES),
++ ASN1_ITEM_ref(PKCS12_BAGS),
++ ASN1_ITEM_ref(PKCS12_MAC_DATA),
++ ASN1_ITEM_ref(PKCS12_SAFEBAG),
+ ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+ ASN1_ITEM_ref(PKCS7),
+ ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
@@ -141193,16 +149248,47 @@
+ ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+ ASN1_ITEM_ref(PKCS7_ENCRYPT),
+ ASN1_ITEM_ref(PKCS7_ENVELOPE),
++ ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+ ASN1_ITEM_ref(PKCS7_RECIP_INFO),
++ ASN1_ITEM_ref(PKCS7_SIGNED),
+ ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
-+ ASN1_ITEM_ref(PKCS7_SIGNED),
+ ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
++ ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
++ ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+ ASN1_ITEM_ref(POLICY_CONSTRAINTS),
++ ASN1_ITEM_ref(POLICYINFO),
++ ASN1_ITEM_ref(POLICY_MAPPING),
+ ASN1_ITEM_ref(POLICY_MAPPINGS),
++ ASN1_ITEM_ref(POLICYQUALINFO),
++ ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
++ ASN1_ITEM_ref(PROXY_POLICY),
++ ASN1_ITEM_ref(RSA_OAEP_PARAMS),
++ ASN1_ITEM_ref(RSAPrivateKey),
++ ASN1_ITEM_ref(RSA_PSS_PARAMS),
++ ASN1_ITEM_ref(RSAPublicKey),
+ ASN1_ITEM_ref(SXNET),
++ ASN1_ITEM_ref(SXNETID),
+ /*ASN1_ITEM_ref(TS_RESP), want to do this, but type is hidden, however d2i exists... */
++ ASN1_ITEM_ref(USERNOTICE),
+ ASN1_ITEM_ref(X509),
++ ASN1_ITEM_ref(X509_ALGOR),
++ ASN1_ITEM_ref(X509_ALGORS),
++ ASN1_ITEM_ref(X509_ATTRIBUTE),
++ ASN1_ITEM_ref(X509_CERT_AUX),
++ ASN1_ITEM_ref(X509_CINF),
+ ASN1_ITEM_ref(X509_CRL),
++ ASN1_ITEM_ref(X509_CRL_INFO),
++ ASN1_ITEM_ref(X509_EXTENSION),
++ ASN1_ITEM_ref(X509_EXTENSIONS),
++ ASN1_ITEM_ref(X509_NAME),
++ ASN1_ITEM_ref(X509_NAME_ENTRY),
++ ASN1_ITEM_ref(X509_PUBKEY),
++ ASN1_ITEM_ref(X509_REQ),
++ ASN1_ITEM_ref(X509_REQ_INFO),
++ ASN1_ITEM_ref(X509_REVOKED),
++ ASN1_ITEM_ref(X509_SIG),
++ ASN1_ITEM_ref(X509_VAL),
++ ASN1_ITEM_ref(ZLONG),
+ NULL
+};
+
@@ -141213,17 +149299,36 @@
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ int n;
+
++ ASN1_PCTX *pctx = ASN1_PCTX_new();
++
++ ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
++ ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
++ ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
++ ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
++ ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
++
+ for (n = 0; item_type[n] != NULL; ++n) {
+ const uint8_t *b = buf;
++ unsigned char *der = NULL;
+ const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
+ ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
-+ ASN1_item_free(o, i);
++
++ if (o != NULL) {
++ BIO *bio = BIO_new(BIO_s_null());
++ ASN1_item_print(bio, o, 4, i, pctx);
++ BIO_free(bio);
++
++ ASN1_item_i2d(o, &der, i);
++ OPENSSL_free(der);
++
++ ASN1_item_free(o, i);
++ }
+ }
++
++ ASN1_PCTX_free(pctx);
++
+ return 0;
+}
-diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c
-new file mode 100644
-index 0000000..b3a6dab
--- /dev/null
+++ b/fuzz/asn1parse.c
@@ -0,0 +1,33 @@
@@ -141260,9 +149365,6 @@
+ (void)ASN1_parse_dump(bio_out, buf, len, 0, 0);
+ return 0;
+}
-diff --git a/fuzz/bignum.c b/fuzz/bignum.c
-new file mode 100644
-index 0000000..43e134b
--- /dev/null
+++ b/fuzz/bignum.c
@@ -0,0 +1,94 @@
@@ -141360,9 +149462,6 @@
+
+ return 0;
+}
-diff --git a/fuzz/bndiv.c b/fuzz/bndiv.c
-new file mode 100644
-index 0000000..45a3937
--- /dev/null
+++ b/fuzz/bndiv.c
@@ -0,0 +1,107 @@
@@ -141473,114 +149572,122 @@
+
+ return 0;
+}
-diff --git a/fuzz/build.info b/fuzz/build.info
-new file mode 100644
-index 0000000..82569a2
--- /dev/null
+++ b/fuzz/build.info
-@@ -0,0 +1,42 @@
-+{- use File::Spec::Functions qw/catdir rel2abs/; -}
-+PROGRAMS=asn1-test asn1parse-test bignum-test bndiv-test cms-test conf-test crl-test ct-test server-test x509-test
+@@ -0,0 +1,113 @@
++{- use File::Spec::Functions;
++ our $ex_inc = $withargs{fuzzer_include} &&
++ (file_name_is_absolute($withargs{fuzzer_include}) ?
++ $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
++ our $ex_lib = $withargs{fuzzer_lib} &&
++ (file_name_is_absolute($withargs{fuzzer_lib}) ?
++ $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
++ ""
++-}
+
-+SOURCE[asn1-test]=asn1.c test-corpus.c
-+INCLUDE[asn1-test]=../include
-+DEPEND[asn1-test]=../libcrypto
++IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
++ PROGRAMS_NO_INST=asn1 asn1parse bignum bndiv conf crl server x509
+
-+SOURCE[asn1parse-test]=asn1parse.c test-corpus.c
-+INCLUDE[asn1parse-test]=../include
-+DEPEND[asn1parse-test]=../libcrypto
++ IF[{- !$disabled{"cms"} -}]
++ PROGRAMS_NO_INST=cms
++ ENDIF
+
-+SOURCE[bignum-test]=bignum.c test-corpus.c
-+INCLUDE[bignum-test]=../include
-+DEPEND[bignum-test]=../libcrypto
++ IF[{- !$disabled{"ct"} -}]
++ PROGRAMS_NO_INST=ct
++ ENDIF
+
-+SOURCE[bndiv-test]=bndiv.c test-corpus.c
-+INCLUDE[bndiv-test]=../include
-+DEPEND[bndiv-test]=../libcrypto
++ SOURCE[asn1]=asn1.c driver.c
++ INCLUDE[asn1]=../include {- $ex_inc -}
++ DEPEND[asn1]=../libcrypto {- $ex_lib -}
+
-+SOURCE[cms-test]=cms.c test-corpus.c
-+INCLUDE[cms-test]=../include
-+DEPEND[cms-test]=../libcrypto
++ SOURCE[asn1parse]=asn1parse.c driver.c
++ INCLUDE[asn1parse]=../include {- $ex_inc -}
++ DEPEND[asn1parse]=../libcrypto {- $ex_lib -}
+
-+SOURCE[conf-test]=conf.c test-corpus.c
-+INCLUDE[conf-test]=../include
-+DEPEND[conf-test]=../libcrypto
++ SOURCE[bignum]=bignum.c driver.c
++ INCLUDE[bignum]=../include {- $ex_inc -}
++ DEPEND[bignum]=../libcrypto {- $ex_lib -}
+
-+SOURCE[crl-test]=crl.c test-corpus.c
-+INCLUDE[crl-test]=../include
-+DEPEND[crl-test]=../libcrypto
++ SOURCE[bndiv]=bndiv.c driver.c
++ INCLUDE[bndiv]=../include {- $ex_inc -}
++ DEPEND[bndiv]=../libcrypto {- $ex_lib -}
+
-+SOURCE[ct-test]=ct.c test-corpus.c
-+INCLUDE[ct-test]=../include
-+DEPEND[ct-test]=../libcrypto
++ SOURCE[cms]=cms.c driver.c
++ INCLUDE[cms]=../include {- $ex_inc -}
++ DEPEND[cms]=../libcrypto {- $ex_lib -}
+
-+SOURCE[server-test]=server.c test-corpus.c
-+INCLUDE[server-test]=../include
-+DEPEND[server-test]=../libcrypto ../libssl
++ SOURCE[conf]=conf.c driver.c
++ INCLUDE[conf]=../include {- $ex_inc -}
++ DEPEND[conf]=../libcrypto {- $ex_lib -}
+
-+SOURCE[x509-test]=x509.c test-corpus.c
-+INCLUDE[x509-test]=../include
-+DEPEND[x509-test]=../libcrypto
-diff --git a/fuzz/build.info.fuzz b/fuzz/build.info.fuzz
-new file mode 100644
-index 0000000..44cac86
---- /dev/null
-+++ b/fuzz/build.info.fuzz
-@@ -0,0 +1,51 @@
-+{- use File::Spec::Functions;
-+ our $ex_inc = $withargs{fuzzer_include} &&
-+ (file_name_is_absolute($withargs{fuzzer_include}) ?
-+ $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
-+ our $ex_lib = $withargs{fuzzer_lib} &&
-+ (file_name_is_absolute($withargs{fuzzer_lib}) ?
-+ $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
-+ ""
-+-}
++ SOURCE[crl]=crl.c driver.c
++ INCLUDE[crl]=../include {- $ex_inc -}
++ DEPEND[crl]=../libcrypto {- $ex_lib -}
+
-+PROGRAMS=asn1 asn1parse bignum bndiv cms conf crl ct server x509
++ SOURCE[ct]=ct.c driver.c
++ INCLUDE[ct]=../include {- $ex_inc -}
++ DEPEND[ct]=../libcrypto {- $ex_lib -}
+
-+SOURCE[asn1]=asn1.c driver.c
-+INCLUDE[asn1]=../include {- $ex_inc -}
-+DEPEND[asn1]=../libcrypto {- $ex_lib -}
++ SOURCE[server]=server.c driver.c
++ INCLUDE[server]=../include {- $ex_inc -}
++ DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
+
-+SOURCE[asn1parse]=asn1parse.c driver.c
-+INCLUDE[asn1parse]=../include {- $ex_inc -}
-+DEPEND[asn1parse]=../libcrypto {- $ex_lib -}
++ SOURCE[x509]=x509.c driver.c
++ INCLUDE[x509]=../include {- $ex_inc -}
++ DEPEND[x509]=../libcrypto {- $ex_lib -}
++ENDIF
+
-+SOURCE[bignum]=bignum.c driver.c
-+INCLUDE[bignum]=../include {- $ex_inc -}
-+DEPEND[bignum]=../libcrypto {- $ex_lib -}
++IF[{- !$disabled{tests} -}]
++ PROGRAMS_NO_INST=asn1-test asn1parse-test bignum-test bndiv-test conf-test crl-test server-test x509-test
+
-+SOURCE[bndiv]=bndiv.c driver.c
-+INCLUDE[bndiv]=../include {- $ex_inc -}
-+DEPEND[bndiv]=../libcrypto {- $ex_lib -}
++ IF[{- !$disabled{"cms"} -}]
++ PROGRAMS_NO_INST=cms-test
++ ENDIF
+
-+SOURCE[cms]=cms.c driver.c
-+INCLUDE[cms]=../include {- $ex_inc -}
-+DEPEND[cms]=../libcrypto {- $ex_lib -}
++ IF[{- !$disabled{"ct"} -}]
++ PROGRAMS_NO_INST=ct-test
++ ENDIF
+
-+SOURCE[conf]=conf.c driver.c
-+INCLUDE[conf]=../include {- $ex_inc -}
-+DEPEND[conf]=../libcrypto {- $ex_lib -}
++ SOURCE[asn1-test]=asn1.c test-corpus.c
++ INCLUDE[asn1-test]=../include
++ DEPEND[asn1-test]=../libcrypto
+
-+SOURCE[crl]=crl.c driver.c
-+INCLUDE[crl]=../include {- $ex_inc -}
-+DEPEND[crl]=../libcrypto {- $ex_lib -}
++ SOURCE[asn1parse-test]=asn1parse.c test-corpus.c
++ INCLUDE[asn1parse-test]=../include
++ DEPEND[asn1parse-test]=../libcrypto
+
-+SOURCE[ct]=ct.c driver.c
-+INCLUDE[ct]=../include {- $ex_inc -}
-+DEPEND[ct]=../libcrypto {- $ex_lib -}
++ SOURCE[bignum-test]=bignum.c test-corpus.c
++ INCLUDE[bignum-test]=../include
++ DEPEND[bignum-test]=../libcrypto
+
-+SOURCE[server]=server.c driver.c
-+INCLUDE[server]=../include {- $ex_inc -}
-+DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
++ SOURCE[bndiv-test]=bndiv.c test-corpus.c
++ INCLUDE[bndiv-test]=../include
++ DEPEND[bndiv-test]=../libcrypto
+
-+SOURCE[x509]=x509.c driver.c
-+INCLUDE[x509]=../include {- $ex_inc -}
-+DEPEND[x509]=../libcrypto {- $ex_lib -}
-diff --git a/fuzz/cms.c b/fuzz/cms.c
-new file mode 100644
-index 0000000..f97173a
++ SOURCE[cms-test]=cms.c test-corpus.c
++ INCLUDE[cms-test]=../include
++ DEPEND[cms-test]=../libcrypto
++
++ SOURCE[conf-test]=conf.c test-corpus.c
++ INCLUDE[conf-test]=../include
++ DEPEND[conf-test]=../libcrypto
++
++ SOURCE[crl-test]=crl.c test-corpus.c
++ INCLUDE[crl-test]=../include
++ DEPEND[crl-test]=../libcrypto
++
++ SOURCE[ct-test]=ct.c test-corpus.c
++ INCLUDE[ct-test]=../include
++ DEPEND[ct-test]=../libcrypto
++
++ SOURCE[server-test]=server.c test-corpus.c
++ INCLUDE[server-test]=../include
++ DEPEND[server-test]=../libcrypto ../libssl
++
++ SOURCE[x509-test]=x509.c test-corpus.c
++ INCLUDE[x509-test]=../include
++ DEPEND[x509-test]=../libcrypto
++ENDIF
--- /dev/null
+++ b/fuzz/cms.c
@@ -0,0 +1,32 @@
@@ -141616,9 +149723,6 @@
+ BIO_free(in);
+ return 0;
+}
-diff --git a/fuzz/conf.c b/fuzz/conf.c
-new file mode 100644
-index 0000000..a76068d
--- /dev/null
+++ b/fuzz/conf.c
@@ -0,0 +1,33 @@
@@ -141655,11088 +149759,6 @@
+
+ return 0;
+}
-diff --git a/fuzz/corpora/asn1/000383229db805b2274ec1ac55ad7c59a42feb61 b/fuzz/corpora/asn1/000383229db805b2274ec1ac55ad7c59a42feb61
-new file mode 100644
-index 0000000..1c1e399
-Binary files /dev/null and b/fuzz/corpora/asn1/000383229db805b2274ec1ac55ad7c59a42feb61 differ
-diff --git a/fuzz/corpora/asn1/01073e4ffc830b6abd2647c8c3ec818315e9c000 b/fuzz/corpora/asn1/01073e4ffc830b6abd2647c8c3ec818315e9c000
-new file mode 100644
-index 0000000..41e6709
-Binary files /dev/null and b/fuzz/corpora/asn1/01073e4ffc830b6abd2647c8c3ec818315e9c000 differ
-diff --git a/fuzz/corpora/asn1/0136e7416e1c2e6b49e6bc8677dc03317b071a83 b/fuzz/corpora/asn1/0136e7416e1c2e6b49e6bc8677dc03317b071a83
-new file mode 100644
-index 0000000..778c31a
-Binary files /dev/null and b/fuzz/corpora/asn1/0136e7416e1c2e6b49e6bc8677dc03317b071a83 differ
-diff --git a/fuzz/corpora/asn1/015ab2e9621bc91c4de2560d1b4c759d5dfd488f b/fuzz/corpora/asn1/015ab2e9621bc91c4de2560d1b4c759d5dfd488f
-new file mode 100644
-index 0000000..ef6f493
-Binary files /dev/null and b/fuzz/corpora/asn1/015ab2e9621bc91c4de2560d1b4c759d5dfd488f differ
-diff --git a/fuzz/corpora/asn1/0192d6d830049af32ed04078e8e8f2a32b2be067 b/fuzz/corpora/asn1/0192d6d830049af32ed04078e8e8f2a32b2be067
-new file mode 100644
-index 0000000..a3802be
-Binary files /dev/null and b/fuzz/corpora/asn1/0192d6d830049af32ed04078e8e8f2a32b2be067 differ
-diff --git a/fuzz/corpora/asn1/020de368f5bdf20c6d6f2ba37ad8ff20cc719950 b/fuzz/corpora/asn1/020de368f5bdf20c6d6f2ba37ad8ff20cc719950
-new file mode 100644
-index 0000000..402fc9b
-Binary files /dev/null and b/fuzz/corpora/asn1/020de368f5bdf20c6d6f2ba37ad8ff20cc719950 differ
-diff --git a/fuzz/corpora/asn1/023c0fef1f464b69b8cc7901832b3fb008b505e1 b/fuzz/corpora/asn1/023c0fef1f464b69b8cc7901832b3fb008b505e1
-new file mode 100644
-index 0000000..5d21dad
-Binary files /dev/null and b/fuzz/corpora/asn1/023c0fef1f464b69b8cc7901832b3fb008b505e1 differ
-diff --git a/fuzz/corpora/asn1/0270d4aa8aebf5e1d5e79e6e48b604abf9cb0329 b/fuzz/corpora/asn1/0270d4aa8aebf5e1d5e79e6e48b604abf9cb0329
-new file mode 100644
-index 0000000..a77cdbb
-Binary files /dev/null and b/fuzz/corpora/asn1/0270d4aa8aebf5e1d5e79e6e48b604abf9cb0329 differ
-diff --git a/fuzz/corpora/asn1/02940b881cbd47154f2a992dbc2f714c6428344e b/fuzz/corpora/asn1/02940b881cbd47154f2a992dbc2f714c6428344e
-new file mode 100644
-index 0000000..bad1473
-Binary files /dev/null and b/fuzz/corpora/asn1/02940b881cbd47154f2a992dbc2f714c6428344e differ
-diff --git a/fuzz/corpora/asn1/03167752c924f20c59bd20a4c0827a8a6a0461bb b/fuzz/corpora/asn1/03167752c924f20c59bd20a4c0827a8a6a0461bb
-new file mode 100644
-index 0000000..93f2eab
-Binary files /dev/null and b/fuzz/corpora/asn1/03167752c924f20c59bd20a4c0827a8a6a0461bb differ
-diff --git a/fuzz/corpora/asn1/03503cd9b7688240c3500db871fb811f6c4ff3b5 b/fuzz/corpora/asn1/03503cd9b7688240c3500db871fb811f6c4ff3b5
-new file mode 100644
-index 0000000..61c133e
-Binary files /dev/null and b/fuzz/corpora/asn1/03503cd9b7688240c3500db871fb811f6c4ff3b5 differ
-diff --git a/fuzz/corpora/asn1/0361ec92f0b4d3a34a581ea7ed94f533297ebdaa b/fuzz/corpora/asn1/0361ec92f0b4d3a34a581ea7ed94f533297ebdaa
-new file mode 100644
-index 0000000..79158b4
-Binary files /dev/null and b/fuzz/corpora/asn1/0361ec92f0b4d3a34a581ea7ed94f533297ebdaa differ
-diff --git a/fuzz/corpora/asn1/03b23fad5e45c9c6c3e4c9f01fe9f921111e968a b/fuzz/corpora/asn1/03b23fad5e45c9c6c3e4c9f01fe9f921111e968a
-new file mode 100644
-index 0000000..19661ee
-Binary files /dev/null and b/fuzz/corpora/asn1/03b23fad5e45c9c6c3e4c9f01fe9f921111e968a differ
-diff --git a/fuzz/corpora/asn1/03d04402324f00166328eb4c16bee388ba7e5865 b/fuzz/corpora/asn1/03d04402324f00166328eb4c16bee388ba7e5865
-new file mode 100644
-index 0000000..4bae61e
-Binary files /dev/null and b/fuzz/corpora/asn1/03d04402324f00166328eb4c16bee388ba7e5865 differ
-diff --git a/fuzz/corpora/asn1/040756bbe9ac08ed7243038ee0be85d605d80865 b/fuzz/corpora/asn1/040756bbe9ac08ed7243038ee0be85d605d80865
-new file mode 100644
-index 0000000..0406483
-Binary files /dev/null and b/fuzz/corpora/asn1/040756bbe9ac08ed7243038ee0be85d605d80865 differ
-diff --git a/fuzz/corpora/asn1/042a8e4ebcf1ff474247f69314aa6dfa82f7445c b/fuzz/corpora/asn1/042a8e4ebcf1ff474247f69314aa6dfa82f7445c
-new file mode 100644
-index 0000000..6086915
-Binary files /dev/null and b/fuzz/corpora/asn1/042a8e4ebcf1ff474247f69314aa6dfa82f7445c differ
-diff --git a/fuzz/corpora/asn1/046b7fc8aeaf3e238c1e7d345622b6ffa1ffeea4 b/fuzz/corpora/asn1/046b7fc8aeaf3e238c1e7d345622b6ffa1ffeea4
-new file mode 100644
-index 0000000..3b06a0a
-Binary files /dev/null and b/fuzz/corpora/asn1/046b7fc8aeaf3e238c1e7d345622b6ffa1ffeea4 differ
-diff --git a/fuzz/corpora/asn1/0471a2db016eec09fb45db71d67ec08ca708f5df b/fuzz/corpora/asn1/0471a2db016eec09fb45db71d67ec08ca708f5df
-new file mode 100644
-index 0000000..ade8512
-Binary files /dev/null and b/fuzz/corpora/asn1/0471a2db016eec09fb45db71d67ec08ca708f5df differ
-diff --git a/fuzz/corpora/asn1/059c4d82039af49bafeafe60381a1bf477df418e b/fuzz/corpora/asn1/059c4d82039af49bafeafe60381a1bf477df418e
-new file mode 100644
-index 0000000..340ef6e
-Binary files /dev/null and b/fuzz/corpora/asn1/059c4d82039af49bafeafe60381a1bf477df418e differ
-diff --git a/fuzz/corpora/asn1/05f5c21da0f12cdf33556018f183ba8ea5098040 b/fuzz/corpora/asn1/05f5c21da0f12cdf33556018f183ba8ea5098040
-new file mode 100644
-index 0000000..713dd04
-Binary files /dev/null and b/fuzz/corpora/asn1/05f5c21da0f12cdf33556018f183ba8ea5098040 differ
-diff --git a/fuzz/corpora/asn1/06ed71c46c8da7e0c84c443f054456b71b1df088 b/fuzz/corpora/asn1/06ed71c46c8da7e0c84c443f054456b71b1df088
-new file mode 100644
-index 0000000..3f30557
-Binary files /dev/null and b/fuzz/corpora/asn1/06ed71c46c8da7e0c84c443f054456b71b1df088 differ
-diff --git a/fuzz/corpora/asn1/074f21c223d4546de68dc8ef5ab5cc6e9b3e32cb b/fuzz/corpora/asn1/074f21c223d4546de68dc8ef5ab5cc6e9b3e32cb
-new file mode 100644
-index 0000000..0a70006
-Binary files /dev/null and b/fuzz/corpora/asn1/074f21c223d4546de68dc8ef5ab5cc6e9b3e32cb differ
-diff --git a/fuzz/corpora/asn1/075e5a7bc127167c081b46177b91cf42f18343cc b/fuzz/corpora/asn1/075e5a7bc127167c081b46177b91cf42f18343cc
-new file mode 100644
-index 0000000..2b316cc
-Binary files /dev/null and b/fuzz/corpora/asn1/075e5a7bc127167c081b46177b91cf42f18343cc differ
-diff --git a/fuzz/corpora/asn1/07ff9d5bb0036a00b04d9a1fdf84e0a0b9e6f6ae b/fuzz/corpora/asn1/07ff9d5bb0036a00b04d9a1fdf84e0a0b9e6f6ae
-new file mode 100644
-index 0000000..8292ac9
-Binary files /dev/null and b/fuzz/corpora/asn1/07ff9d5bb0036a00b04d9a1fdf84e0a0b9e6f6ae differ
-diff --git a/fuzz/corpora/asn1/0877cbd6ba4a14c9873ad6e352637f024f0e50cf b/fuzz/corpora/asn1/0877cbd6ba4a14c9873ad6e352637f024f0e50cf
-new file mode 100644
-index 0000000..56ff799
-Binary files /dev/null and b/fuzz/corpora/asn1/0877cbd6ba4a14c9873ad6e352637f024f0e50cf differ
-diff --git a/fuzz/corpora/asn1/0990615a80d13cf70ea7fb9f38150b5701605aec b/fuzz/corpora/asn1/0990615a80d13cf70ea7fb9f38150b5701605aec
-new file mode 100644
-index 0000000..3b267d4
-Binary files /dev/null and b/fuzz/corpora/asn1/0990615a80d13cf70ea7fb9f38150b5701605aec differ
-diff --git a/fuzz/corpora/asn1/099740fd2bed601d9541ea44c00453ee7ffbc7c9 b/fuzz/corpora/asn1/099740fd2bed601d9541ea44c00453ee7ffbc7c9
-new file mode 100644
-index 0000000..d0ce34b
-Binary files /dev/null and b/fuzz/corpora/asn1/099740fd2bed601d9541ea44c00453ee7ffbc7c9 differ
-diff --git a/fuzz/corpora/asn1/09afb922be9b2ea1e6407a1c20a7f5bdd713f8db b/fuzz/corpora/asn1/09afb922be9b2ea1e6407a1c20a7f5bdd713f8db
-new file mode 100644
-index 0000000..e018cdc
-Binary files /dev/null and b/fuzz/corpora/asn1/09afb922be9b2ea1e6407a1c20a7f5bdd713f8db differ
-diff --git a/fuzz/corpora/asn1/09f344ccd0ee6185b6ae0ab9b71dc8f0256a11c3 b/fuzz/corpora/asn1/09f344ccd0ee6185b6ae0ab9b71dc8f0256a11c3
-new file mode 100644
-index 0000000..2716d96
-Binary files /dev/null and b/fuzz/corpora/asn1/09f344ccd0ee6185b6ae0ab9b71dc8f0256a11c3 differ
-diff --git a/fuzz/corpora/asn1/0a0ae2c78033a178f91bbb1a7ffb3cd93181bc6f b/fuzz/corpora/asn1/0a0ae2c78033a178f91bbb1a7ffb3cd93181bc6f
-new file mode 100644
-index 0000000..f925b5a
-Binary files /dev/null and b/fuzz/corpora/asn1/0a0ae2c78033a178f91bbb1a7ffb3cd93181bc6f differ
-diff --git a/fuzz/corpora/asn1/0aacbcd90283731343e6eaf68abcee2909d8ed9a b/fuzz/corpora/asn1/0aacbcd90283731343e6eaf68abcee2909d8ed9a
-new file mode 100644
-index 0000000..2e3d746
-Binary files /dev/null and b/fuzz/corpora/asn1/0aacbcd90283731343e6eaf68abcee2909d8ed9a differ
-diff --git a/fuzz/corpora/asn1/0b91ff744f525abb88d3b74a29b82b3461601889 b/fuzz/corpora/asn1/0b91ff744f525abb88d3b74a29b82b3461601889
-new file mode 100644
-index 0000000..336e46e
-Binary files /dev/null and b/fuzz/corpora/asn1/0b91ff744f525abb88d3b74a29b82b3461601889 differ
-diff --git a/fuzz/corpora/asn1/0c1e42bb41daf86898dea2b2a4b459565d72c66a b/fuzz/corpora/asn1/0c1e42bb41daf86898dea2b2a4b459565d72c66a
-new file mode 100644
-index 0000000..613be26
-Binary files /dev/null and b/fuzz/corpora/asn1/0c1e42bb41daf86898dea2b2a4b459565d72c66a differ
-diff --git a/fuzz/corpora/asn1/0c2b650a2b2e38a6dc5c046feb8c20afca4722e2 b/fuzz/corpora/asn1/0c2b650a2b2e38a6dc5c046feb8c20afca4722e2
-new file mode 100644
-index 0000000..59b4a2a
-Binary files /dev/null and b/fuzz/corpora/asn1/0c2b650a2b2e38a6dc5c046feb8c20afca4722e2 differ
-diff --git a/fuzz/corpora/asn1/0c6964f7ccef7cb9c7d322a7849bf27877c20217 b/fuzz/corpora/asn1/0c6964f7ccef7cb9c7d322a7849bf27877c20217
-new file mode 100644
-index 0000000..b1065b1
-Binary files /dev/null and b/fuzz/corpora/asn1/0c6964f7ccef7cb9c7d322a7849bf27877c20217 differ
-diff --git a/fuzz/corpora/asn1/0c6a2cf3e0645689b47b822d4201e7d32f1bbc49 b/fuzz/corpora/asn1/0c6a2cf3e0645689b47b822d4201e7d32f1bbc49
-new file mode 100644
-index 0000000..80000bc
-Binary files /dev/null and b/fuzz/corpora/asn1/0c6a2cf3e0645689b47b822d4201e7d32f1bbc49 differ
-diff --git a/fuzz/corpora/asn1/0c9cd80b757d84be843e7bc95df4f3717f0138ae b/fuzz/corpora/asn1/0c9cd80b757d84be843e7bc95df4f3717f0138ae
-new file mode 100644
-index 0000000..93711ec
-Binary files /dev/null and b/fuzz/corpora/asn1/0c9cd80b757d84be843e7bc95df4f3717f0138ae differ
-diff --git a/fuzz/corpora/asn1/0cbab2444a617fc8cb18e4978f19401d3bbb3976 b/fuzz/corpora/asn1/0cbab2444a617fc8cb18e4978f19401d3bbb3976
-new file mode 100644
-index 0000000..04b6669
-Binary files /dev/null and b/fuzz/corpora/asn1/0cbab2444a617fc8cb18e4978f19401d3bbb3976 differ
-diff --git a/fuzz/corpora/asn1/0e12cdb93321d3fe6bd910c9e9901eb50992b0b5 b/fuzz/corpora/asn1/0e12cdb93321d3fe6bd910c9e9901eb50992b0b5
-new file mode 100644
-index 0000000..5403017
-Binary files /dev/null and b/fuzz/corpora/asn1/0e12cdb93321d3fe6bd910c9e9901eb50992b0b5 differ
-diff --git a/fuzz/corpora/asn1/0e353a5e6e018d516b097d6628a2698d94969a4f b/fuzz/corpora/asn1/0e353a5e6e018d516b097d6628a2698d94969a4f
-new file mode 100644
-index 0000000..d551f69
-Binary files /dev/null and b/fuzz/corpora/asn1/0e353a5e6e018d516b097d6628a2698d94969a4f differ
-diff --git a/fuzz/corpora/asn1/0e745d5a1a3a84114c12847900b3be61dff8e284 b/fuzz/corpora/asn1/0e745d5a1a3a84114c12847900b3be61dff8e284
-new file mode 100644
-index 0000000..fc73495
-Binary files /dev/null and b/fuzz/corpora/asn1/0e745d5a1a3a84114c12847900b3be61dff8e284 differ
-diff --git a/fuzz/corpora/asn1/0eb5037935ba1c2791f3b7e9bc8470c3c60d2aff b/fuzz/corpora/asn1/0eb5037935ba1c2791f3b7e9bc8470c3c60d2aff
-new file mode 100644
-index 0000000..1c8ce6f
-Binary files /dev/null and b/fuzz/corpora/asn1/0eb5037935ba1c2791f3b7e9bc8470c3c60d2aff differ
-diff --git a/fuzz/corpora/asn1/0ff32ade892d52e00eeb11dc32d2ed7efbf151bb b/fuzz/corpora/asn1/0ff32ade892d52e00eeb11dc32d2ed7efbf151bb
-new file mode 100644
-index 0000000..7888bf7
-Binary files /dev/null and b/fuzz/corpora/asn1/0ff32ade892d52e00eeb11dc32d2ed7efbf151bb differ
-diff --git a/fuzz/corpora/asn1/10c59637fc2c224c6871ab549878a156d5b1b119 b/fuzz/corpora/asn1/10c59637fc2c224c6871ab549878a156d5b1b119
-new file mode 100644
-index 0000000..a7b0e7d
-Binary files /dev/null and b/fuzz/corpora/asn1/10c59637fc2c224c6871ab549878a156d5b1b119 differ
-diff --git a/fuzz/corpora/asn1/10ef958f5ed129a370de66684368b6ae3f624617 b/fuzz/corpora/asn1/10ef958f5ed129a370de66684368b6ae3f624617
-new file mode 100644
-index 0000000..6f1de1c
-Binary files /dev/null and b/fuzz/corpora/asn1/10ef958f5ed129a370de66684368b6ae3f624617 differ
-diff --git a/fuzz/corpora/asn1/113d8e8da5a67ca02ac75765b8bd4a781880e57c b/fuzz/corpora/asn1/113d8e8da5a67ca02ac75765b8bd4a781880e57c
-new file mode 100644
-index 0000000..9944292
-Binary files /dev/null and b/fuzz/corpora/asn1/113d8e8da5a67ca02ac75765b8bd4a781880e57c differ
-diff --git a/fuzz/corpora/asn1/118d17cce624aba02c7d56850f10889d88b1e04f b/fuzz/corpora/asn1/118d17cce624aba02c7d56850f10889d88b1e04f
-new file mode 100644
-index 0000000..5a00bc3
-Binary files /dev/null and b/fuzz/corpora/asn1/118d17cce624aba02c7d56850f10889d88b1e04f differ
-diff --git a/fuzz/corpora/asn1/11fcff5cdc1fa0a45aea9de183dbf2e6771c8a07 b/fuzz/corpora/asn1/11fcff5cdc1fa0a45aea9de183dbf2e6771c8a07
-new file mode 100644
-index 0000000..e9c5c19
-Binary files /dev/null and b/fuzz/corpora/asn1/11fcff5cdc1fa0a45aea9de183dbf2e6771c8a07 differ
-diff --git a/fuzz/corpora/asn1/121d9762652e173d08ff5282edf5932782ab5972 b/fuzz/corpora/asn1/121d9762652e173d08ff5282edf5932782ab5972
-new file mode 100644
-index 0000000..c91cc37
-Binary files /dev/null and b/fuzz/corpora/asn1/121d9762652e173d08ff5282edf5932782ab5972 differ
-diff --git a/fuzz/corpora/asn1/12e162e1e93655967206eb170d45bd66af421771 b/fuzz/corpora/asn1/12e162e1e93655967206eb170d45bd66af421771
-new file mode 100644
-index 0000000..005cca7
-Binary files /dev/null and b/fuzz/corpora/asn1/12e162e1e93655967206eb170d45bd66af421771 differ
-diff --git a/fuzz/corpora/asn1/12f9f5a3059a4fd76ec1c196427dfe4c70802349 b/fuzz/corpora/asn1/12f9f5a3059a4fd76ec1c196427dfe4c70802349
-new file mode 100644
-index 0000000..7bd061f
-Binary files /dev/null and b/fuzz/corpora/asn1/12f9f5a3059a4fd76ec1c196427dfe4c70802349 differ
-diff --git a/fuzz/corpora/asn1/1311eb79ed372cc0e66fe5e978d24271a1491319 b/fuzz/corpora/asn1/1311eb79ed372cc0e66fe5e978d24271a1491319
-new file mode 100644
-index 0000000..980fcca
-Binary files /dev/null and b/fuzz/corpora/asn1/1311eb79ed372cc0e66fe5e978d24271a1491319 differ
-diff --git a/fuzz/corpora/asn1/135e97e098383361a99b6dfa0b56bfb39644ec70 b/fuzz/corpora/asn1/135e97e098383361a99b6dfa0b56bfb39644ec70
-new file mode 100644
-index 0000000..21a7ba8
-Binary files /dev/null and b/fuzz/corpora/asn1/135e97e098383361a99b6dfa0b56bfb39644ec70 differ
-diff --git a/fuzz/corpora/asn1/1383974191112834fdfd3c1ba4da4a6c3e46dc6a b/fuzz/corpora/asn1/1383974191112834fdfd3c1ba4da4a6c3e46dc6a
-new file mode 100644
-index 0000000..1ceb717
-Binary files /dev/null and b/fuzz/corpora/asn1/1383974191112834fdfd3c1ba4da4a6c3e46dc6a differ
-diff --git a/fuzz/corpora/asn1/1473d4569f0c2f8e92ac16afca6f2b2b8f124af8 b/fuzz/corpora/asn1/1473d4569f0c2f8e92ac16afca6f2b2b8f124af8
-new file mode 100644
-index 0000000..40014b8
-Binary files /dev/null and b/fuzz/corpora/asn1/1473d4569f0c2f8e92ac16afca6f2b2b8f124af8 differ
-diff --git a/fuzz/corpora/asn1/14bc1ae947b39b448b6bec5182cef0eb7db847d4 b/fuzz/corpora/asn1/14bc1ae947b39b448b6bec5182cef0eb7db847d4
-new file mode 100644
-index 0000000..8f39bef
-Binary files /dev/null and b/fuzz/corpora/asn1/14bc1ae947b39b448b6bec5182cef0eb7db847d4 differ
-diff --git a/fuzz/corpora/asn1/157ab9b35e077788bf3062b738dbc4bd9592d84d b/fuzz/corpora/asn1/157ab9b35e077788bf3062b738dbc4bd9592d84d
-new file mode 100644
-index 0000000..d91593c
-Binary files /dev/null and b/fuzz/corpora/asn1/157ab9b35e077788bf3062b738dbc4bd9592d84d differ
-diff --git a/fuzz/corpora/asn1/1601617abbd702da71e8a5dd25627ae3ed38696e b/fuzz/corpora/asn1/1601617abbd702da71e8a5dd25627ae3ed38696e
-new file mode 100644
-index 0000000..67ab9f8
-Binary files /dev/null and b/fuzz/corpora/asn1/1601617abbd702da71e8a5dd25627ae3ed38696e differ
-diff --git a/fuzz/corpora/asn1/161b0b67e7eac76a2a7b1bb46595d7e54b5d8ab2 b/fuzz/corpora/asn1/161b0b67e7eac76a2a7b1bb46595d7e54b5d8ab2
-new file mode 100644
-index 0000000..cf5eca6
-Binary files /dev/null and b/fuzz/corpora/asn1/161b0b67e7eac76a2a7b1bb46595d7e54b5d8ab2 differ
-diff --git a/fuzz/corpora/asn1/16b5f141f7dc87e3fd2a495b234eef1201562af4 b/fuzz/corpora/asn1/16b5f141f7dc87e3fd2a495b234eef1201562af4
-new file mode 100644
-index 0000000..33e01ff
-Binary files /dev/null and b/fuzz/corpora/asn1/16b5f141f7dc87e3fd2a495b234eef1201562af4 differ
-diff --git a/fuzz/corpora/asn1/16dba7a632295190ba58a1c3514dedac11d6b2f5 b/fuzz/corpora/asn1/16dba7a632295190ba58a1c3514dedac11d6b2f5
-new file mode 100644
-index 0000000..caa2a82
-Binary files /dev/null and b/fuzz/corpora/asn1/16dba7a632295190ba58a1c3514dedac11d6b2f5 differ
-diff --git a/fuzz/corpora/asn1/1832bb739f0f22c1d72752c8ece60111c4d02011 b/fuzz/corpora/asn1/1832bb739f0f22c1d72752c8ece60111c4d02011
-new file mode 100644
-index 0000000..1f8b3b7
-Binary files /dev/null and b/fuzz/corpora/asn1/1832bb739f0f22c1d72752c8ece60111c4d02011 differ
-diff --git a/fuzz/corpora/asn1/185036d6fddb06db6b02379eff60009e61f9e9d3 b/fuzz/corpora/asn1/185036d6fddb06db6b02379eff60009e61f9e9d3
-new file mode 100644
-index 0000000..fccd3fd
-Binary files /dev/null and b/fuzz/corpora/asn1/185036d6fddb06db6b02379eff60009e61f9e9d3 differ
-diff --git a/fuzz/corpora/asn1/18ccda0e109b97078629fec6f9f28976ec695da0 b/fuzz/corpora/asn1/18ccda0e109b97078629fec6f9f28976ec695da0
-new file mode 100644
-index 0000000..1862825
-Binary files /dev/null and b/fuzz/corpora/asn1/18ccda0e109b97078629fec6f9f28976ec695da0 differ
-diff --git a/fuzz/corpora/asn1/198698c8c07cc1cd6177d5443bc5938aaf0e6a76 b/fuzz/corpora/asn1/198698c8c07cc1cd6177d5443bc5938aaf0e6a76
-new file mode 100644
-index 0000000..3634ecb
-Binary files /dev/null and b/fuzz/corpora/asn1/198698c8c07cc1cd6177d5443bc5938aaf0e6a76 differ
-diff --git a/fuzz/corpora/asn1/199bc5dd543a2bca85d4211bc36fe4f370e397af b/fuzz/corpora/asn1/199bc5dd543a2bca85d4211bc36fe4f370e397af
-new file mode 100644
-index 0000000..b7087f0
-Binary files /dev/null and b/fuzz/corpora/asn1/199bc5dd543a2bca85d4211bc36fe4f370e397af differ
-diff --git a/fuzz/corpora/asn1/19a2926280cbdb2190aefc048b28af0c3a3fe325 b/fuzz/corpora/asn1/19a2926280cbdb2190aefc048b28af0c3a3fe325
-new file mode 100644
-index 0000000..02d4292
-Binary files /dev/null and b/fuzz/corpora/asn1/19a2926280cbdb2190aefc048b28af0c3a3fe325 differ
-diff --git a/fuzz/corpora/asn1/1b59931fcdf91917110547f6214a0e55f3955d67 b/fuzz/corpora/asn1/1b59931fcdf91917110547f6214a0e55f3955d67
-new file mode 100644
-index 0000000..896f7d1
-Binary files /dev/null and b/fuzz/corpora/asn1/1b59931fcdf91917110547f6214a0e55f3955d67 differ
-diff --git a/fuzz/corpora/asn1/1b9fc3140db0dd1fac54a30ff7a952f498357b57 b/fuzz/corpora/asn1/1b9fc3140db0dd1fac54a30ff7a952f498357b57
-new file mode 100644
-index 0000000..97abd7a
-Binary files /dev/null and b/fuzz/corpora/asn1/1b9fc3140db0dd1fac54a30ff7a952f498357b57 differ
-diff --git a/fuzz/corpora/asn1/1c70f3406ef7c9d64565be72494cc0497abf80b6 b/fuzz/corpora/asn1/1c70f3406ef7c9d64565be72494cc0497abf80b6
-new file mode 100644
-index 0000000..5d2a106
-Binary files /dev/null and b/fuzz/corpora/asn1/1c70f3406ef7c9d64565be72494cc0497abf80b6 differ
-diff --git a/fuzz/corpora/asn1/1d73a991ace2edf243fbd2530c84d3d31d5cf6af b/fuzz/corpora/asn1/1d73a991ace2edf243fbd2530c84d3d31d5cf6af
-new file mode 100644
-index 0000000..f2084c1
-Binary files /dev/null and b/fuzz/corpora/asn1/1d73a991ace2edf243fbd2530c84d3d31d5cf6af differ
-diff --git a/fuzz/corpora/asn1/1db55e24ccf714535151ff4b1f95664a6799aa53 b/fuzz/corpora/asn1/1db55e24ccf714535151ff4b1f95664a6799aa53
-new file mode 100644
-index 0000000..9b1818d
-Binary files /dev/null and b/fuzz/corpora/asn1/1db55e24ccf714535151ff4b1f95664a6799aa53 differ
-diff --git a/fuzz/corpora/asn1/1dfd87dff884809947c98655e8c800be2b2fceb1 b/fuzz/corpora/asn1/1dfd87dff884809947c98655e8c800be2b2fceb1
-new file mode 100644
-index 0000000..b3dc40c
-Binary files /dev/null and b/fuzz/corpora/asn1/1dfd87dff884809947c98655e8c800be2b2fceb1 differ
-diff --git a/fuzz/corpora/asn1/1e053986e6701a49a46e0e2f86e1751503357705 b/fuzz/corpora/asn1/1e053986e6701a49a46e0e2f86e1751503357705
-new file mode 100644
-index 0000000..0027fa6
-Binary files /dev/null and b/fuzz/corpora/asn1/1e053986e6701a49a46e0e2f86e1751503357705 differ
-diff --git a/fuzz/corpora/asn1/1e742ee7bbf5cbfd68b24bbad47842a31aeef3c4 b/fuzz/corpora/asn1/1e742ee7bbf5cbfd68b24bbad47842a31aeef3c4
-new file mode 100644
-index 0000000..cf07fb0
-Binary files /dev/null and b/fuzz/corpora/asn1/1e742ee7bbf5cbfd68b24bbad47842a31aeef3c4 differ
-diff --git a/fuzz/corpora/asn1/1e8aeb4d99cf53e09ecf9f2189543e3e1ea1b25a b/fuzz/corpora/asn1/1e8aeb4d99cf53e09ecf9f2189543e3e1ea1b25a
-new file mode 100644
-index 0000000..72398c1
-Binary files /dev/null and b/fuzz/corpora/asn1/1e8aeb4d99cf53e09ecf9f2189543e3e1ea1b25a differ
-diff --git a/fuzz/corpora/asn1/1eeb2d4ae688e8b87cb27feaa538656dd16495d4 b/fuzz/corpora/asn1/1eeb2d4ae688e8b87cb27feaa538656dd16495d4
-new file mode 100644
-index 0000000..2b85acc
-Binary files /dev/null and b/fuzz/corpora/asn1/1eeb2d4ae688e8b87cb27feaa538656dd16495d4 differ
-diff --git a/fuzz/corpora/asn1/1efabf67e60af252b66a60ba9f6c10c21322c062 b/fuzz/corpora/asn1/1efabf67e60af252b66a60ba9f6c10c21322c062
-new file mode 100644
-index 0000000..fb758e1
-Binary files /dev/null and b/fuzz/corpora/asn1/1efabf67e60af252b66a60ba9f6c10c21322c062 differ
-diff --git a/fuzz/corpora/asn1/1f01cd296050714d6817cdaecdd53855f55f66c3 b/fuzz/corpora/asn1/1f01cd296050714d6817cdaecdd53855f55f66c3
-new file mode 100644
-index 0000000..42a49ba
-Binary files /dev/null and b/fuzz/corpora/asn1/1f01cd296050714d6817cdaecdd53855f55f66c3 differ
-diff --git a/fuzz/corpora/asn1/1f8b4496fd82b52a53b87ef675266e42debd0b9e b/fuzz/corpora/asn1/1f8b4496fd82b52a53b87ef675266e42debd0b9e
-new file mode 100644
-index 0000000..41ba691
-Binary files /dev/null and b/fuzz/corpora/asn1/1f8b4496fd82b52a53b87ef675266e42debd0b9e differ
-diff --git a/fuzz/corpora/asn1/1fbff79c4f964cf8fccc19af6a4a0b450ea512bb b/fuzz/corpora/asn1/1fbff79c4f964cf8fccc19af6a4a0b450ea512bb
-new file mode 100644
-index 0000000..3fbf43c
-Binary files /dev/null and b/fuzz/corpora/asn1/1fbff79c4f964cf8fccc19af6a4a0b450ea512bb differ
-diff --git a/fuzz/corpora/asn1/20186945e10c1f507c9aec4e45b72c852d144dfd b/fuzz/corpora/asn1/20186945e10c1f507c9aec4e45b72c852d144dfd
-new file mode 100644
-index 0000000..abe6dac
-Binary files /dev/null and b/fuzz/corpora/asn1/20186945e10c1f507c9aec4e45b72c852d144dfd differ
-diff --git a/fuzz/corpora/asn1/201ccf9086a3def73f2f61632ec31950cdbb7c1b b/fuzz/corpora/asn1/201ccf9086a3def73f2f61632ec31950cdbb7c1b
-new file mode 100644
-index 0000000..1adc1e1
-Binary files /dev/null and b/fuzz/corpora/asn1/201ccf9086a3def73f2f61632ec31950cdbb7c1b differ
-diff --git a/fuzz/corpora/asn1/2059f36ddfb3613486d887a78d3e16a448f67de9 b/fuzz/corpora/asn1/2059f36ddfb3613486d887a78d3e16a448f67de9
-new file mode 100644
-index 0000000..f1705e9
-Binary files /dev/null and b/fuzz/corpora/asn1/2059f36ddfb3613486d887a78d3e16a448f67de9 differ
-diff --git a/fuzz/corpora/asn1/20766d50bc70921056897f492668f6da906d5f92 b/fuzz/corpora/asn1/20766d50bc70921056897f492668f6da906d5f92
-new file mode 100644
-index 0000000..02ef330
-Binary files /dev/null and b/fuzz/corpora/asn1/20766d50bc70921056897f492668f6da906d5f92 differ
-diff --git a/fuzz/corpora/asn1/2119ab1038159967cf6545c21147d756ead89e77 b/fuzz/corpora/asn1/2119ab1038159967cf6545c21147d756ead89e77
-new file mode 100644
-index 0000000..4a697e3
-Binary files /dev/null and b/fuzz/corpora/asn1/2119ab1038159967cf6545c21147d756ead89e77 differ
-diff --git a/fuzz/corpora/asn1/2125eeb95b4ab5281a03b5c02412a2411c9e7972 b/fuzz/corpora/asn1/2125eeb95b4ab5281a03b5c02412a2411c9e7972
-new file mode 100644
-index 0000000..92c1139
-Binary files /dev/null and b/fuzz/corpora/asn1/2125eeb95b4ab5281a03b5c02412a2411c9e7972 differ
-diff --git a/fuzz/corpora/asn1/21fa40b26f9d01bd1d9aec4d7292f4602522371a b/fuzz/corpora/asn1/21fa40b26f9d01bd1d9aec4d7292f4602522371a
-new file mode 100644
-index 0000000..fe3bbec
-Binary files /dev/null and b/fuzz/corpora/asn1/21fa40b26f9d01bd1d9aec4d7292f4602522371a differ
-diff --git a/fuzz/corpora/asn1/226f1602c2476e955cd47bdcec7aa1458c804495 b/fuzz/corpora/asn1/226f1602c2476e955cd47bdcec7aa1458c804495
-new file mode 100644
-index 0000000..cdd488b
-Binary files /dev/null and b/fuzz/corpora/asn1/226f1602c2476e955cd47bdcec7aa1458c804495 differ
-diff --git a/fuzz/corpora/asn1/22eefc3026a889e6f77d7557909acf9ce8fea4f5 b/fuzz/corpora/asn1/22eefc3026a889e6f77d7557909acf9ce8fea4f5
-new file mode 100644
-index 0000000..223950e
-Binary files /dev/null and b/fuzz/corpora/asn1/22eefc3026a889e6f77d7557909acf9ce8fea4f5 differ
-diff --git a/fuzz/corpora/asn1/22efaa6358b7d544d3593906739ffabf839d83b4 b/fuzz/corpora/asn1/22efaa6358b7d544d3593906739ffabf839d83b4
-new file mode 100644
-index 0000000..1b4aec0
-Binary files /dev/null and b/fuzz/corpora/asn1/22efaa6358b7d544d3593906739ffabf839d83b4 differ
-diff --git a/fuzz/corpora/asn1/235d5d70085db543bd7f17a6c81ee6857344d384 b/fuzz/corpora/asn1/235d5d70085db543bd7f17a6c81ee6857344d384
-new file mode 100644
-index 0000000..64ac817
-Binary files /dev/null and b/fuzz/corpora/asn1/235d5d70085db543bd7f17a6c81ee6857344d384 differ
-diff --git a/fuzz/corpora/asn1/239d8c71aaabbab62ae494a97f818865ef5de306 b/fuzz/corpora/asn1/239d8c71aaabbab62ae494a97f818865ef5de306
-new file mode 100644
-index 0000000..045ce3b
-Binary files /dev/null and b/fuzz/corpora/asn1/239d8c71aaabbab62ae494a97f818865ef5de306 differ
-diff --git a/fuzz/corpora/asn1/247688efc4c52662bde1cc26f4a1515c2a865f25 b/fuzz/corpora/asn1/247688efc4c52662bde1cc26f4a1515c2a865f25
-new file mode 100644
-index 0000000..3dd7c7f
-Binary files /dev/null and b/fuzz/corpora/asn1/247688efc4c52662bde1cc26f4a1515c2a865f25 differ
-diff --git a/fuzz/corpora/asn1/2488b5ce7e73833c22626af89b907a22ecdf2772 b/fuzz/corpora/asn1/2488b5ce7e73833c22626af89b907a22ecdf2772
-new file mode 100644
-index 0000000..3ea5678
-Binary files /dev/null and b/fuzz/corpora/asn1/2488b5ce7e73833c22626af89b907a22ecdf2772 differ
-diff --git a/fuzz/corpora/asn1/24a0fdcd46a8d881d32779a6744af57122956db4 b/fuzz/corpora/asn1/24a0fdcd46a8d881d32779a6744af57122956db4
-new file mode 100644
-index 0000000..8bd1f9b
-Binary files /dev/null and b/fuzz/corpora/asn1/24a0fdcd46a8d881d32779a6744af57122956db4 differ
-diff --git a/fuzz/corpora/asn1/24ea03f656dee22836f41fdff109b51cf15fe610 b/fuzz/corpora/asn1/24ea03f656dee22836f41fdff109b51cf15fe610
-new file mode 100644
-index 0000000..99451d4
-Binary files /dev/null and b/fuzz/corpora/asn1/24ea03f656dee22836f41fdff109b51cf15fe610 differ
-diff --git a/fuzz/corpora/asn1/25662f2ed02e9f664dc6530d179828ebdbc60335 b/fuzz/corpora/asn1/25662f2ed02e9f664dc6530d179828ebdbc60335
-new file mode 100644
-index 0000000..09eee80
-Binary files /dev/null and b/fuzz/corpora/asn1/25662f2ed02e9f664dc6530d179828ebdbc60335 differ
-diff --git a/fuzz/corpora/asn1/257229e8accca7e733def4852efd83fb804f8358 b/fuzz/corpora/asn1/257229e8accca7e733def4852efd83fb804f8358
-new file mode 100644
-index 0000000..acc5adf
-Binary files /dev/null and b/fuzz/corpora/asn1/257229e8accca7e733def4852efd83fb804f8358 differ
-diff --git a/fuzz/corpora/asn1/25a02e8a73c825d25fa23f2ab182ad44da504681 b/fuzz/corpora/asn1/25a02e8a73c825d25fa23f2ab182ad44da504681
-new file mode 100644
-index 0000000..e591e7c
-Binary files /dev/null and b/fuzz/corpora/asn1/25a02e8a73c825d25fa23f2ab182ad44da504681 differ
-diff --git a/fuzz/corpora/asn1/25b944076c4f71c28399952443eff819b715d037 b/fuzz/corpora/asn1/25b944076c4f71c28399952443eff819b715d037
-new file mode 100644
-index 0000000..e3ea0b8
-Binary files /dev/null and b/fuzz/corpora/asn1/25b944076c4f71c28399952443eff819b715d037 differ
-diff --git a/fuzz/corpora/asn1/260d32084c95680a54f8ad93728ca5d5ea1e72c9 b/fuzz/corpora/asn1/260d32084c95680a54f8ad93728ca5d5ea1e72c9
-new file mode 100644
-index 0000000..b043587
-Binary files /dev/null and b/fuzz/corpora/asn1/260d32084c95680a54f8ad93728ca5d5ea1e72c9 differ
-diff --git a/fuzz/corpora/asn1/26a7b9c14109dae427cad449bec9f0c225e1810d b/fuzz/corpora/asn1/26a7b9c14109dae427cad449bec9f0c225e1810d
-new file mode 100644
-index 0000000..50c033d
-Binary files /dev/null and b/fuzz/corpora/asn1/26a7b9c14109dae427cad449bec9f0c225e1810d differ
-diff --git a/fuzz/corpora/asn1/26c88e54e6015032a1aba37455474a1ee8ce847d b/fuzz/corpora/asn1/26c88e54e6015032a1aba37455474a1ee8ce847d
-new file mode 100644
-index 0000000..9f9b084
-Binary files /dev/null and b/fuzz/corpora/asn1/26c88e54e6015032a1aba37455474a1ee8ce847d differ
-diff --git a/fuzz/corpora/asn1/272a73430dff2986335b83922f238d3b0af2b76d b/fuzz/corpora/asn1/272a73430dff2986335b83922f238d3b0af2b76d
-new file mode 100644
-index 0000000..9c2a1be
-Binary files /dev/null and b/fuzz/corpora/asn1/272a73430dff2986335b83922f238d3b0af2b76d differ
-diff --git a/fuzz/corpora/asn1/27ab47a9ff7f12971aa969ada276c881e062002a b/fuzz/corpora/asn1/27ab47a9ff7f12971aa969ada276c881e062002a
-new file mode 100644
-index 0000000..f97eb53
-Binary files /dev/null and b/fuzz/corpora/asn1/27ab47a9ff7f12971aa969ada276c881e062002a differ
-diff --git a/fuzz/corpora/asn1/27bcd340392849e99bfd8e2794a1c92e3cc43afc b/fuzz/corpora/asn1/27bcd340392849e99bfd8e2794a1c92e3cc43afc
-new file mode 100644
-index 0000000..ecab4af
-Binary files /dev/null and b/fuzz/corpora/asn1/27bcd340392849e99bfd8e2794a1c92e3cc43afc differ
-diff --git a/fuzz/corpora/asn1/27f5fef0f361ab387b6e56f6e8491064d5dd6531 b/fuzz/corpora/asn1/27f5fef0f361ab387b6e56f6e8491064d5dd6531
-new file mode 100644
-index 0000000..b9c3091
-Binary files /dev/null and b/fuzz/corpora/asn1/27f5fef0f361ab387b6e56f6e8491064d5dd6531 differ
-diff --git a/fuzz/corpora/asn1/28acdfbed832e79acbeec09d7f0d0aa828b29146 b/fuzz/corpora/asn1/28acdfbed832e79acbeec09d7f0d0aa828b29146
-new file mode 100644
-index 0000000..a22fc0f
-Binary files /dev/null and b/fuzz/corpora/asn1/28acdfbed832e79acbeec09d7f0d0aa828b29146 differ
-diff --git a/fuzz/corpora/asn1/290c536d83ed646bbdcf836de1dad96b0670fca6 b/fuzz/corpora/asn1/290c536d83ed646bbdcf836de1dad96b0670fca6
-new file mode 100644
-index 0000000..ede2bad
-Binary files /dev/null and b/fuzz/corpora/asn1/290c536d83ed646bbdcf836de1dad96b0670fca6 differ
-diff --git a/fuzz/corpora/asn1/291fa17ebf7125f2b8ae413b15620c0eed640fe2 b/fuzz/corpora/asn1/291fa17ebf7125f2b8ae413b15620c0eed640fe2
-new file mode 100644
-index 0000000..d74198a
-Binary files /dev/null and b/fuzz/corpora/asn1/291fa17ebf7125f2b8ae413b15620c0eed640fe2 differ
-diff --git a/fuzz/corpora/asn1/29ebb3aa035b56453700d6b8ea8280a8defb3a98 b/fuzz/corpora/asn1/29ebb3aa035b56453700d6b8ea8280a8defb3a98
-new file mode 100644
-index 0000000..f9b9132
-Binary files /dev/null and b/fuzz/corpora/asn1/29ebb3aa035b56453700d6b8ea8280a8defb3a98 differ
-diff --git a/fuzz/corpora/asn1/2a7d4f911654e943a4ce7d2fa44a63e292dd69bb b/fuzz/corpora/asn1/2a7d4f911654e943a4ce7d2fa44a63e292dd69bb
-new file mode 100644
-index 0000000..be91aa5
-Binary files /dev/null and b/fuzz/corpora/asn1/2a7d4f911654e943a4ce7d2fa44a63e292dd69bb differ
-diff --git a/fuzz/corpora/asn1/2ac07988db91cab7352c0442566d8ce1c74cf775 b/fuzz/corpora/asn1/2ac07988db91cab7352c0442566d8ce1c74cf775
-new file mode 100644
-index 0000000..77c814d
-Binary files /dev/null and b/fuzz/corpora/asn1/2ac07988db91cab7352c0442566d8ce1c74cf775 differ
-diff --git a/fuzz/corpora/asn1/2b076169b4d8b250b373a2ee08bd3a0e5b751396 b/fuzz/corpora/asn1/2b076169b4d8b250b373a2ee08bd3a0e5b751396
-new file mode 100644
-index 0000000..80123c5
-Binary files /dev/null and b/fuzz/corpora/asn1/2b076169b4d8b250b373a2ee08bd3a0e5b751396 differ
-diff --git a/fuzz/corpora/asn1/2b0e0b4bae9061e708842e449a84565adeff5816 b/fuzz/corpora/asn1/2b0e0b4bae9061e708842e449a84565adeff5816
-new file mode 100644
-index 0000000..909c2eb
-Binary files /dev/null and b/fuzz/corpora/asn1/2b0e0b4bae9061e708842e449a84565adeff5816 differ
-diff --git a/fuzz/corpora/asn1/2b34ef2683b4ec8a631364709522dbaed77940ee b/fuzz/corpora/asn1/2b34ef2683b4ec8a631364709522dbaed77940ee
-new file mode 100644
-index 0000000..6019796
-Binary files /dev/null and b/fuzz/corpora/asn1/2b34ef2683b4ec8a631364709522dbaed77940ee differ
-diff --git a/fuzz/corpora/asn1/2b86ecd479a55d5635b8c77f033273b0883f3e9e b/fuzz/corpora/asn1/2b86ecd479a55d5635b8c77f033273b0883f3e9e
-new file mode 100644
-index 0000000..06e8884
-Binary files /dev/null and b/fuzz/corpora/asn1/2b86ecd479a55d5635b8c77f033273b0883f3e9e differ
-diff --git a/fuzz/corpora/asn1/2b9abd6991ddc296de6801640313dd1f1d1f82b2 b/fuzz/corpora/asn1/2b9abd6991ddc296de6801640313dd1f1d1f82b2
-new file mode 100644
-index 0000000..6de4b74
-Binary files /dev/null and b/fuzz/corpora/asn1/2b9abd6991ddc296de6801640313dd1f1d1f82b2 differ
-diff --git a/fuzz/corpora/asn1/2cba67046c5a6ce38406838af8b2fdae255b9ea6 b/fuzz/corpora/asn1/2cba67046c5a6ce38406838af8b2fdae255b9ea6
-new file mode 100644
-index 0000000..e034af9
-Binary files /dev/null and b/fuzz/corpora/asn1/2cba67046c5a6ce38406838af8b2fdae255b9ea6 differ
-diff --git a/fuzz/corpora/asn1/2ccb90602816e9a33f685ecc8b6f47488eb16c95 b/fuzz/corpora/asn1/2ccb90602816e9a33f685ecc8b6f47488eb16c95
-new file mode 100644
-index 0000000..8a130fc
-Binary files /dev/null and b/fuzz/corpora/asn1/2ccb90602816e9a33f685ecc8b6f47488eb16c95 differ
-diff --git a/fuzz/corpora/asn1/2d4d812eb441023b2b6047a7286434d4c578fef4 b/fuzz/corpora/asn1/2d4d812eb441023b2b6047a7286434d4c578fef4
-new file mode 100644
-index 0000000..46b1387
-Binary files /dev/null and b/fuzz/corpora/asn1/2d4d812eb441023b2b6047a7286434d4c578fef4 differ
-diff --git a/fuzz/corpora/asn1/2d9f8f01e6c43c1601aebcf5da997c5bd663f599 b/fuzz/corpora/asn1/2d9f8f01e6c43c1601aebcf5da997c5bd663f599
-new file mode 100644
-index 0000000..72fa2ae
-Binary files /dev/null and b/fuzz/corpora/asn1/2d9f8f01e6c43c1601aebcf5da997c5bd663f599 differ
-diff --git a/fuzz/corpora/asn1/2e3309282624aa9fe5c1fdf6a0b5e6974e09d63f b/fuzz/corpora/asn1/2e3309282624aa9fe5c1fdf6a0b5e6974e09d63f
-new file mode 100644
-index 0000000..ec5a37c
-Binary files /dev/null and b/fuzz/corpora/asn1/2e3309282624aa9fe5c1fdf6a0b5e6974e09d63f differ
-diff --git a/fuzz/corpora/asn1/2e390f5f09fb097de5857beea8d3a136894ac2eb b/fuzz/corpora/asn1/2e390f5f09fb097de5857beea8d3a136894ac2eb
-new file mode 100644
-index 0000000..74a3659
-Binary files /dev/null and b/fuzz/corpora/asn1/2e390f5f09fb097de5857beea8d3a136894ac2eb differ
-diff --git a/fuzz/corpora/asn1/2e6f8f58ebf4affab5711080521166130d41a240 b/fuzz/corpora/asn1/2e6f8f58ebf4affab5711080521166130d41a240
-new file mode 100644
-index 0000000..00109fb
-Binary files /dev/null and b/fuzz/corpora/asn1/2e6f8f58ebf4affab5711080521166130d41a240 differ
-diff --git a/fuzz/corpora/asn1/2ed47f8390db2e2481f18561fbdbddf91a6c84c6 b/fuzz/corpora/asn1/2ed47f8390db2e2481f18561fbdbddf91a6c84c6
-new file mode 100644
-index 0000000..fc47dd3
-Binary files /dev/null and b/fuzz/corpora/asn1/2ed47f8390db2e2481f18561fbdbddf91a6c84c6 differ
-diff --git a/fuzz/corpora/asn1/2f11418b258aabbe3ef157283dc179c83c971b0f b/fuzz/corpora/asn1/2f11418b258aabbe3ef157283dc179c83c971b0f
-new file mode 100644
-index 0000000..f9dba88
-Binary files /dev/null and b/fuzz/corpora/asn1/2f11418b258aabbe3ef157283dc179c83c971b0f differ
-diff --git a/fuzz/corpora/asn1/2f3e96e2e432e4a79d236f149de42e7ab38152fa b/fuzz/corpora/asn1/2f3e96e2e432e4a79d236f149de42e7ab38152fa
-new file mode 100644
-index 0000000..7cda646
-Binary files /dev/null and b/fuzz/corpora/asn1/2f3e96e2e432e4a79d236f149de42e7ab38152fa differ
-diff --git a/fuzz/corpora/asn1/2f8fe04399c725d8b469349ab27078ff9a191a6f b/fuzz/corpora/asn1/2f8fe04399c725d8b469349ab27078ff9a191a6f
-new file mode 100644
-index 0000000..df3cbee
-Binary files /dev/null and b/fuzz/corpora/asn1/2f8fe04399c725d8b469349ab27078ff9a191a6f differ
-diff --git a/fuzz/corpora/asn1/2fa5dc0a693bf74b29b0123fbdbec3e1460d4ddd b/fuzz/corpora/asn1/2fa5dc0a693bf74b29b0123fbdbec3e1460d4ddd
-new file mode 100644
-index 0000000..1124cc4
-Binary files /dev/null and b/fuzz/corpora/asn1/2fa5dc0a693bf74b29b0123fbdbec3e1460d4ddd differ
-diff --git a/fuzz/corpora/asn1/300dbc480b25cf3588e2bfce64d4b8be2fcd1091 b/fuzz/corpora/asn1/300dbc480b25cf3588e2bfce64d4b8be2fcd1091
-new file mode 100644
-index 0000000..c61a71f
-Binary files /dev/null and b/fuzz/corpora/asn1/300dbc480b25cf3588e2bfce64d4b8be2fcd1091 differ
-diff --git a/fuzz/corpora/asn1/30d28a1a6f48f1c535965b8ae935d5e0e5ee67bb b/fuzz/corpora/asn1/30d28a1a6f48f1c535965b8ae935d5e0e5ee67bb
-new file mode 100644
-index 0000000..6430d66
-Binary files /dev/null and b/fuzz/corpora/asn1/30d28a1a6f48f1c535965b8ae935d5e0e5ee67bb differ
-diff --git a/fuzz/corpora/asn1/319c0df7ba35cd3b9ba391defad83a65b0c43a28 b/fuzz/corpora/asn1/319c0df7ba35cd3b9ba391defad83a65b0c43a28
-new file mode 100644
-index 0000000..0bc94a6
-Binary files /dev/null and b/fuzz/corpora/asn1/319c0df7ba35cd3b9ba391defad83a65b0c43a28 differ
-diff --git a/fuzz/corpora/asn1/32a3832bc20a2cf50ec7e37c86f2df13c16179cd b/fuzz/corpora/asn1/32a3832bc20a2cf50ec7e37c86f2df13c16179cd
-new file mode 100644
-index 0000000..a50e0fd
-Binary files /dev/null and b/fuzz/corpora/asn1/32a3832bc20a2cf50ec7e37c86f2df13c16179cd differ
-diff --git a/fuzz/corpora/asn1/32ca5d156403b6545f042da25d04a2d332554ee4 b/fuzz/corpora/asn1/32ca5d156403b6545f042da25d04a2d332554ee4
-new file mode 100644
-index 0000000..e8d9e97
-Binary files /dev/null and b/fuzz/corpora/asn1/32ca5d156403b6545f042da25d04a2d332554ee4 differ
-diff --git a/fuzz/corpora/asn1/32e7849783e075d148777cd1ababf29f55ddd0ab b/fuzz/corpora/asn1/32e7849783e075d148777cd1ababf29f55ddd0ab
-new file mode 100644
-index 0000000..07416cd
-Binary files /dev/null and b/fuzz/corpora/asn1/32e7849783e075d148777cd1ababf29f55ddd0ab differ
-diff --git a/fuzz/corpora/asn1/32f18ff5a5fd178ae76c8c096805b1aac5bc146f b/fuzz/corpora/asn1/32f18ff5a5fd178ae76c8c096805b1aac5bc146f
-new file mode 100644
-index 0000000..573b8d7
-Binary files /dev/null and b/fuzz/corpora/asn1/32f18ff5a5fd178ae76c8c096805b1aac5bc146f differ
-diff --git a/fuzz/corpora/asn1/33149bdcc6abc4f4a9505e7ae51234e93722b553 b/fuzz/corpora/asn1/33149bdcc6abc4f4a9505e7ae51234e93722b553
-new file mode 100644
-index 0000000..fca00d6
-Binary files /dev/null and b/fuzz/corpora/asn1/33149bdcc6abc4f4a9505e7ae51234e93722b553 differ
-diff --git a/fuzz/corpora/asn1/33184719b40b23a016798b0aafbdd65f430b3941 b/fuzz/corpora/asn1/33184719b40b23a016798b0aafbdd65f430b3941
-new file mode 100644
-index 0000000..9ca5ece
-Binary files /dev/null and b/fuzz/corpora/asn1/33184719b40b23a016798b0aafbdd65f430b3941 differ
-diff --git a/fuzz/corpora/asn1/334d4f7c8523990d8f5a3421f39677bcf03308c3 b/fuzz/corpora/asn1/334d4f7c8523990d8f5a3421f39677bcf03308c3
-new file mode 100644
-index 0000000..a6cd417
-Binary files /dev/null and b/fuzz/corpora/asn1/334d4f7c8523990d8f5a3421f39677bcf03308c3 differ
-diff --git a/fuzz/corpora/asn1/337f4e069641e3f984c7ec2e3fd21e929842b5a2 b/fuzz/corpora/asn1/337f4e069641e3f984c7ec2e3fd21e929842b5a2
-new file mode 100644
-index 0000000..9552587
-Binary files /dev/null and b/fuzz/corpora/asn1/337f4e069641e3f984c7ec2e3fd21e929842b5a2 differ
-diff --git a/fuzz/corpora/asn1/33893b4a5d14d4ec7ed54328190e4449124fcadf b/fuzz/corpora/asn1/33893b4a5d14d4ec7ed54328190e4449124fcadf
-new file mode 100644
-index 0000000..0dbd4ad
-Binary files /dev/null and b/fuzz/corpora/asn1/33893b4a5d14d4ec7ed54328190e4449124fcadf differ
-diff --git a/fuzz/corpora/asn1/33e444fd8b38c33eebe330951049a859edccb0d6 b/fuzz/corpora/asn1/33e444fd8b38c33eebe330951049a859edccb0d6
-new file mode 100644
-index 0000000..98bb624
-Binary files /dev/null and b/fuzz/corpora/asn1/33e444fd8b38c33eebe330951049a859edccb0d6 differ
-diff --git a/fuzz/corpora/asn1/345bd68388e09b501c9e657174ac839b08490684 b/fuzz/corpora/asn1/345bd68388e09b501c9e657174ac839b08490684
-new file mode 100644
-index 0000000..df6b39b
-Binary files /dev/null and b/fuzz/corpora/asn1/345bd68388e09b501c9e657174ac839b08490684 differ
-diff --git a/fuzz/corpora/asn1/347171eaf30bb2d236a0ac96e376728926203063 b/fuzz/corpora/asn1/347171eaf30bb2d236a0ac96e376728926203063
-new file mode 100644
-index 0000000..6971803
-Binary files /dev/null and b/fuzz/corpora/asn1/347171eaf30bb2d236a0ac96e376728926203063 differ
-diff --git a/fuzz/corpora/asn1/348e087e3eb99f5d51551cc86905cddb1313ee60 b/fuzz/corpora/asn1/348e087e3eb99f5d51551cc86905cddb1313ee60
-new file mode 100644
-index 0000000..d214326
-Binary files /dev/null and b/fuzz/corpora/asn1/348e087e3eb99f5d51551cc86905cddb1313ee60 differ
-diff --git a/fuzz/corpora/asn1/349abe618f170a4a3809f68dc93f3593945bef6c b/fuzz/corpora/asn1/349abe618f170a4a3809f68dc93f3593945bef6c
-new file mode 100644
-index 0000000..8731300
-Binary files /dev/null and b/fuzz/corpora/asn1/349abe618f170a4a3809f68dc93f3593945bef6c differ
-diff --git a/fuzz/corpora/asn1/34c7a2e43a887258f3318afe8820d3476193d5e6 b/fuzz/corpora/asn1/34c7a2e43a887258f3318afe8820d3476193d5e6
-new file mode 100644
-index 0000000..3158330
-Binary files /dev/null and b/fuzz/corpora/asn1/34c7a2e43a887258f3318afe8820d3476193d5e6 differ
-diff --git a/fuzz/corpora/asn1/3511326b46c76d66269b4505bd1e0585fc0ecce0 b/fuzz/corpora/asn1/3511326b46c76d66269b4505bd1e0585fc0ecce0
-new file mode 100644
-index 0000000..31aee5e
-Binary files /dev/null and b/fuzz/corpora/asn1/3511326b46c76d66269b4505bd1e0585fc0ecce0 differ
-diff --git a/fuzz/corpora/asn1/357672ff8a333b57c345d2e415d7eda779229c76 b/fuzz/corpora/asn1/357672ff8a333b57c345d2e415d7eda779229c76
-new file mode 100644
-index 0000000..fc40921
-Binary files /dev/null and b/fuzz/corpora/asn1/357672ff8a333b57c345d2e415d7eda779229c76 differ
-diff --git a/fuzz/corpora/asn1/3594e418036043716caee0dc5ad38201cacf59ce b/fuzz/corpora/asn1/3594e418036043716caee0dc5ad38201cacf59ce
-new file mode 100644
-index 0000000..00c788c
-Binary files /dev/null and b/fuzz/corpora/asn1/3594e418036043716caee0dc5ad38201cacf59ce differ
-diff --git a/fuzz/corpora/asn1/35fbd4bee538b385d7abfc56df4e701615f73784 b/fuzz/corpora/asn1/35fbd4bee538b385d7abfc56df4e701615f73784
-new file mode 100644
-index 0000000..95d25a7
-Binary files /dev/null and b/fuzz/corpora/asn1/35fbd4bee538b385d7abfc56df4e701615f73784 differ
-diff --git a/fuzz/corpora/asn1/3624f9cbb1f8456c3b90267c4936d106c1b9e5bd b/fuzz/corpora/asn1/3624f9cbb1f8456c3b90267c4936d106c1b9e5bd
-new file mode 100644
-index 0000000..55d8bfc
-Binary files /dev/null and b/fuzz/corpora/asn1/3624f9cbb1f8456c3b90267c4936d106c1b9e5bd differ
-diff --git a/fuzz/corpora/asn1/3635441a6d36542c24a9549072870cdd7c837753 b/fuzz/corpora/asn1/3635441a6d36542c24a9549072870cdd7c837753
-new file mode 100644
-index 0000000..2661bbf
-Binary files /dev/null and b/fuzz/corpora/asn1/3635441a6d36542c24a9549072870cdd7c837753 differ
-diff --git a/fuzz/corpora/asn1/368eaa8895518d4e5cb0be1595bf6dd298c11afc b/fuzz/corpora/asn1/368eaa8895518d4e5cb0be1595bf6dd298c11afc
-new file mode 100644
-index 0000000..da3ffbc
-Binary files /dev/null and b/fuzz/corpora/asn1/368eaa8895518d4e5cb0be1595bf6dd298c11afc differ
-diff --git a/fuzz/corpora/asn1/3747f5f72ab5f63bcc056cde8b59517042b3c766 b/fuzz/corpora/asn1/3747f5f72ab5f63bcc056cde8b59517042b3c766
-new file mode 100644
-index 0000000..40c504b
-Binary files /dev/null and b/fuzz/corpora/asn1/3747f5f72ab5f63bcc056cde8b59517042b3c766 differ
-diff --git a/fuzz/corpora/asn1/378677007524e6d9f34e022939c81bc76e09b428 b/fuzz/corpora/asn1/378677007524e6d9f34e022939c81bc76e09b428
-new file mode 100644
-index 0000000..18c3513
-Binary files /dev/null and b/fuzz/corpora/asn1/378677007524e6d9f34e022939c81bc76e09b428 differ
-diff --git a/fuzz/corpora/asn1/3798f152277f4cab5b0c27eb540255faad850890 b/fuzz/corpora/asn1/3798f152277f4cab5b0c27eb540255faad850890
-new file mode 100644
-index 0000000..04ea678
-Binary files /dev/null and b/fuzz/corpora/asn1/3798f152277f4cab5b0c27eb540255faad850890 differ
-diff --git a/fuzz/corpora/asn1/37c04fd318d6828861cb8a2c8ebcd1260d93d5a8 b/fuzz/corpora/asn1/37c04fd318d6828861cb8a2c8ebcd1260d93d5a8
-new file mode 100644
-index 0000000..ddb7a7b
-Binary files /dev/null and b/fuzz/corpora/asn1/37c04fd318d6828861cb8a2c8ebcd1260d93d5a8 differ
-diff --git a/fuzz/corpora/asn1/380e84418cb0633d81cb9b8b70c74ed44d7b3a66 b/fuzz/corpora/asn1/380e84418cb0633d81cb9b8b70c74ed44d7b3a66
-new file mode 100644
-index 0000000..0188572
-Binary files /dev/null and b/fuzz/corpora/asn1/380e84418cb0633d81cb9b8b70c74ed44d7b3a66 differ
-diff --git a/fuzz/corpora/asn1/385200608a11d0b0c6c2be5ce07f77e18d60bdf7 b/fuzz/corpora/asn1/385200608a11d0b0c6c2be5ce07f77e18d60bdf7
-new file mode 100644
-index 0000000..57d3628
-Binary files /dev/null and b/fuzz/corpora/asn1/385200608a11d0b0c6c2be5ce07f77e18d60bdf7 differ
-diff --git a/fuzz/corpora/asn1/387a666e8e930cad08bc15b2d7e0ba4f4b0a4672 b/fuzz/corpora/asn1/387a666e8e930cad08bc15b2d7e0ba4f4b0a4672
-new file mode 100644
-index 0000000..fe9016a
-Binary files /dev/null and b/fuzz/corpora/asn1/387a666e8e930cad08bc15b2d7e0ba4f4b0a4672 differ
-diff --git a/fuzz/corpora/asn1/38a0ab613dedd85c7173aa098f3e44b011e1cd3f b/fuzz/corpora/asn1/38a0ab613dedd85c7173aa098f3e44b011e1cd3f
-new file mode 100644
-index 0000000..a324adb
-Binary files /dev/null and b/fuzz/corpora/asn1/38a0ab613dedd85c7173aa098f3e44b011e1cd3f differ
-diff --git a/fuzz/corpora/asn1/38b12ffff3ca6f71ad36704147e147fe36585b7c b/fuzz/corpora/asn1/38b12ffff3ca6f71ad36704147e147fe36585b7c
-new file mode 100644
-index 0000000..0fb7487
-Binary files /dev/null and b/fuzz/corpora/asn1/38b12ffff3ca6f71ad36704147e147fe36585b7c differ
-diff --git a/fuzz/corpora/asn1/3923557f5fd1c61d8e1f46e3dc6e42e858dd5c6e b/fuzz/corpora/asn1/3923557f5fd1c61d8e1f46e3dc6e42e858dd5c6e
-new file mode 100644
-index 0000000..d3b8c0d
-Binary files /dev/null and b/fuzz/corpora/asn1/3923557f5fd1c61d8e1f46e3dc6e42e858dd5c6e differ
-diff --git a/fuzz/corpora/asn1/39ad279c305bd8bfe535dec7a97e5997c85e95a1 b/fuzz/corpora/asn1/39ad279c305bd8bfe535dec7a97e5997c85e95a1
-new file mode 100644
-index 0000000..fb24066
-Binary files /dev/null and b/fuzz/corpora/asn1/39ad279c305bd8bfe535dec7a97e5997c85e95a1 differ
-diff --git a/fuzz/corpora/asn1/3a199ae5839e654f22b30fb367e7c5542c747ea4 b/fuzz/corpora/asn1/3a199ae5839e654f22b30fb367e7c5542c747ea4
-new file mode 100644
-index 0000000..803f138
-Binary files /dev/null and b/fuzz/corpora/asn1/3a199ae5839e654f22b30fb367e7c5542c747ea4 differ
-diff --git a/fuzz/corpora/asn1/3a35a9022715bb9ad7490e92f3c82e4a327cc0e7 b/fuzz/corpora/asn1/3a35a9022715bb9ad7490e92f3c82e4a327cc0e7
-new file mode 100644
-index 0000000..fa57042
-Binary files /dev/null and b/fuzz/corpora/asn1/3a35a9022715bb9ad7490e92f3c82e4a327cc0e7 differ
-diff --git a/fuzz/corpora/asn1/3ac2a5830d2521614d7cdb7b61d8f6e95fe2e58b b/fuzz/corpora/asn1/3ac2a5830d2521614d7cdb7b61d8f6e95fe2e58b
-new file mode 100644
-index 0000000..5c26926
-Binary files /dev/null and b/fuzz/corpora/asn1/3ac2a5830d2521614d7cdb7b61d8f6e95fe2e58b differ
-diff --git a/fuzz/corpora/asn1/3acf1b3adf612336975ad5caa624c26bfe98dbf0 b/fuzz/corpora/asn1/3acf1b3adf612336975ad5caa624c26bfe98dbf0
-new file mode 100644
-index 0000000..b73e216
-Binary files /dev/null and b/fuzz/corpora/asn1/3acf1b3adf612336975ad5caa624c26bfe98dbf0 differ
-diff --git a/fuzz/corpora/asn1/3c47caeaef1457850fa9b94d4392a830382fb7af b/fuzz/corpora/asn1/3c47caeaef1457850fa9b94d4392a830382fb7af
-new file mode 100644
-index 0000000..27e2d36
-Binary files /dev/null and b/fuzz/corpora/asn1/3c47caeaef1457850fa9b94d4392a830382fb7af differ
-diff --git a/fuzz/corpora/asn1/3cfca2b16bd5b2c67dce1718c517dc6906a355f3 b/fuzz/corpora/asn1/3cfca2b16bd5b2c67dce1718c517dc6906a355f3
-new file mode 100644
-index 0000000..de32c7a
-Binary files /dev/null and b/fuzz/corpora/asn1/3cfca2b16bd5b2c67dce1718c517dc6906a355f3 differ
-diff --git a/fuzz/corpora/asn1/3db655a41ba9a773e5cb68fbe05d5d8ea7e7597f b/fuzz/corpora/asn1/3db655a41ba9a773e5cb68fbe05d5d8ea7e7597f
-new file mode 100644
-index 0000000..94a192a
-Binary files /dev/null and b/fuzz/corpora/asn1/3db655a41ba9a773e5cb68fbe05d5d8ea7e7597f differ
-diff --git a/fuzz/corpora/asn1/3dfa5027157aa4dd1ab0dbc178f2abc6a2cb4749 b/fuzz/corpora/asn1/3dfa5027157aa4dd1ab0dbc178f2abc6a2cb4749
-new file mode 100644
-index 0000000..8687517
-Binary files /dev/null and b/fuzz/corpora/asn1/3dfa5027157aa4dd1ab0dbc178f2abc6a2cb4749 differ
-diff --git a/fuzz/corpora/asn1/3e1f40595a47ad6173c5f353fb1a4419e4e553fc b/fuzz/corpora/asn1/3e1f40595a47ad6173c5f353fb1a4419e4e553fc
-new file mode 100644
-index 0000000..0d54d82
-Binary files /dev/null and b/fuzz/corpora/asn1/3e1f40595a47ad6173c5f353fb1a4419e4e553fc differ
-diff --git a/fuzz/corpora/asn1/3e7ddc8ed2d42b4ad52d72e008475eca6901eb54 b/fuzz/corpora/asn1/3e7ddc8ed2d42b4ad52d72e008475eca6901eb54
-new file mode 100644
-index 0000000..9c6ac27
-Binary files /dev/null and b/fuzz/corpora/asn1/3e7ddc8ed2d42b4ad52d72e008475eca6901eb54 differ
-diff --git a/fuzz/corpora/asn1/3ef6c43699bc40723cf2fd4d1cf0988fc920e8b2 b/fuzz/corpora/asn1/3ef6c43699bc40723cf2fd4d1cf0988fc920e8b2
-new file mode 100644
-index 0000000..5747a00
-Binary files /dev/null and b/fuzz/corpora/asn1/3ef6c43699bc40723cf2fd4d1cf0988fc920e8b2 differ
-diff --git a/fuzz/corpora/asn1/3f0dbc9596ee11c0fff7d60fe258a9b4fc102448 b/fuzz/corpora/asn1/3f0dbc9596ee11c0fff7d60fe258a9b4fc102448
-new file mode 100644
-index 0000000..68fcb1b
-Binary files /dev/null and b/fuzz/corpora/asn1/3f0dbc9596ee11c0fff7d60fe258a9b4fc102448 differ
-diff --git a/fuzz/corpora/asn1/3f1ede82d469dc1e069905ebfaf98abfe5b3574f b/fuzz/corpora/asn1/3f1ede82d469dc1e069905ebfaf98abfe5b3574f
-new file mode 100644
-index 0000000..abc52a0
-Binary files /dev/null and b/fuzz/corpora/asn1/3f1ede82d469dc1e069905ebfaf98abfe5b3574f differ
-diff --git a/fuzz/corpora/asn1/3f90415ad45ee677173d53df27e85e5c59e838da b/fuzz/corpora/asn1/3f90415ad45ee677173d53df27e85e5c59e838da
-new file mode 100644
-index 0000000..48b028b
-Binary files /dev/null and b/fuzz/corpora/asn1/3f90415ad45ee677173d53df27e85e5c59e838da differ
-diff --git a/fuzz/corpora/asn1/402fa877d4caf7971dcbcd32314ca9a17122a9c9 b/fuzz/corpora/asn1/402fa877d4caf7971dcbcd32314ca9a17122a9c9
-new file mode 100644
-index 0000000..01c9572
-Binary files /dev/null and b/fuzz/corpora/asn1/402fa877d4caf7971dcbcd32314ca9a17122a9c9 differ
-diff --git a/fuzz/corpora/asn1/40f0ea9f1ccf03658e853078faa65ce9ff1f5b89 b/fuzz/corpora/asn1/40f0ea9f1ccf03658e853078faa65ce9ff1f5b89
-new file mode 100644
-index 0000000..e4a7db9
-Binary files /dev/null and b/fuzz/corpora/asn1/40f0ea9f1ccf03658e853078faa65ce9ff1f5b89 differ
-diff --git a/fuzz/corpora/asn1/4118f19202eba604f16ff9779f83d0b5588275ef b/fuzz/corpora/asn1/4118f19202eba604f16ff9779f83d0b5588275ef
-new file mode 100644
-index 0000000..cfbcb14
-Binary files /dev/null and b/fuzz/corpora/asn1/4118f19202eba604f16ff9779f83d0b5588275ef differ
-diff --git a/fuzz/corpora/asn1/414f5678f95a36ad75a700940e29793f12c97ded b/fuzz/corpora/asn1/414f5678f95a36ad75a700940e29793f12c97ded
-new file mode 100644
-index 0000000..16df64e
-Binary files /dev/null and b/fuzz/corpora/asn1/414f5678f95a36ad75a700940e29793f12c97ded differ
-diff --git a/fuzz/corpora/asn1/42e77bb6904c89a883cb6d50f08a44c3625f7db9 b/fuzz/corpora/asn1/42e77bb6904c89a883cb6d50f08a44c3625f7db9
-new file mode 100644
-index 0000000..2cd7c2d
-Binary files /dev/null and b/fuzz/corpora/asn1/42e77bb6904c89a883cb6d50f08a44c3625f7db9 differ
-diff --git a/fuzz/corpora/asn1/42f7c071f1ca890c2ceb1e98d3279ec83ad6a85f b/fuzz/corpora/asn1/42f7c071f1ca890c2ceb1e98d3279ec83ad6a85f
-new file mode 100644
-index 0000000..6838cd2
-Binary files /dev/null and b/fuzz/corpora/asn1/42f7c071f1ca890c2ceb1e98d3279ec83ad6a85f differ
-diff --git a/fuzz/corpora/asn1/42ff70e4c6482b755eda53d9599c5a498048df36 b/fuzz/corpora/asn1/42ff70e4c6482b755eda53d9599c5a498048df36
-new file mode 100644
-index 0000000..6168281
-Binary files /dev/null and b/fuzz/corpora/asn1/42ff70e4c6482b755eda53d9599c5a498048df36 differ
-diff --git a/fuzz/corpora/asn1/4356d5298465e4be0f0b690fc5dae955e26ccfb4 b/fuzz/corpora/asn1/4356d5298465e4be0f0b690fc5dae955e26ccfb4
-new file mode 100644
-index 0000000..3fdaa6b
-Binary files /dev/null and b/fuzz/corpora/asn1/4356d5298465e4be0f0b690fc5dae955e26ccfb4 differ
-diff --git a/fuzz/corpora/asn1/435b6d3643b613a79fcfbb165c4b7760c5c797ee b/fuzz/corpora/asn1/435b6d3643b613a79fcfbb165c4b7760c5c797ee
-new file mode 100644
-index 0000000..91303a7
-Binary files /dev/null and b/fuzz/corpora/asn1/435b6d3643b613a79fcfbb165c4b7760c5c797ee differ
-diff --git a/fuzz/corpora/asn1/444c5c8991ebc6543e149816a7b9f3f2188e1bc5 b/fuzz/corpora/asn1/444c5c8991ebc6543e149816a7b9f3f2188e1bc5
-new file mode 100644
-index 0000000..b7d236b
-Binary files /dev/null and b/fuzz/corpora/asn1/444c5c8991ebc6543e149816a7b9f3f2188e1bc5 differ
-diff --git a/fuzz/corpora/asn1/445c3a6e5509021fd2aa1c785b8c52291e01d4bc b/fuzz/corpora/asn1/445c3a6e5509021fd2aa1c785b8c52291e01d4bc
-new file mode 100644
-index 0000000..08c261c
-Binary files /dev/null and b/fuzz/corpora/asn1/445c3a6e5509021fd2aa1c785b8c52291e01d4bc differ
-diff --git a/fuzz/corpora/asn1/45010837ada788fd363ecc80dd8492b2350de3fd b/fuzz/corpora/asn1/45010837ada788fd363ecc80dd8492b2350de3fd
-new file mode 100644
-index 0000000..f1258b6
-Binary files /dev/null and b/fuzz/corpora/asn1/45010837ada788fd363ecc80dd8492b2350de3fd differ
-diff --git a/fuzz/corpora/asn1/45453d2de66005a8c343d5553b6f80b6a2553116 b/fuzz/corpora/asn1/45453d2de66005a8c343d5553b6f80b6a2553116
-new file mode 100644
-index 0000000..5a27dd7
-Binary files /dev/null and b/fuzz/corpora/asn1/45453d2de66005a8c343d5553b6f80b6a2553116 differ
-diff --git a/fuzz/corpora/asn1/45ba957914fc8ad4ad9e9be4bda9bb3c8b9f5567 b/fuzz/corpora/asn1/45ba957914fc8ad4ad9e9be4bda9bb3c8b9f5567
-new file mode 100644
-index 0000000..29fff1d
-Binary files /dev/null and b/fuzz/corpora/asn1/45ba957914fc8ad4ad9e9be4bda9bb3c8b9f5567 differ
-diff --git a/fuzz/corpora/asn1/4613e22dbcad746474dac567e30138b891b5d315 b/fuzz/corpora/asn1/4613e22dbcad746474dac567e30138b891b5d315
-new file mode 100644
-index 0000000..4a73254
-Binary files /dev/null and b/fuzz/corpora/asn1/4613e22dbcad746474dac567e30138b891b5d315 differ
-diff --git a/fuzz/corpora/asn1/461964976a2bafa41e95602ab5f1a55832b6a4ad b/fuzz/corpora/asn1/461964976a2bafa41e95602ab5f1a55832b6a4ad
-new file mode 100644
-index 0000000..3f96747
-Binary files /dev/null and b/fuzz/corpora/asn1/461964976a2bafa41e95602ab5f1a55832b6a4ad differ
-diff --git a/fuzz/corpora/asn1/4717d5f18d20c11cf8b9e99d938e2587d7c4891c b/fuzz/corpora/asn1/4717d5f18d20c11cf8b9e99d938e2587d7c4891c
-new file mode 100644
-index 0000000..5317482
-Binary files /dev/null and b/fuzz/corpora/asn1/4717d5f18d20c11cf8b9e99d938e2587d7c4891c differ
-diff --git a/fuzz/corpora/asn1/481c8f6a2d2cde890b44dfe637f015fb7413a5ac b/fuzz/corpora/asn1/481c8f6a2d2cde890b44dfe637f015fb7413a5ac
-new file mode 100644
-index 0000000..76093b3
-Binary files /dev/null and b/fuzz/corpora/asn1/481c8f6a2d2cde890b44dfe637f015fb7413a5ac differ
-diff --git a/fuzz/corpora/asn1/4852491625c6c0779a756e2511928e3d629de538 b/fuzz/corpora/asn1/4852491625c6c0779a756e2511928e3d629de538
-new file mode 100644
-index 0000000..f1c42cc
-Binary files /dev/null and b/fuzz/corpora/asn1/4852491625c6c0779a756e2511928e3d629de538 differ
-diff --git a/fuzz/corpora/asn1/48c91a84571f76a9b681173d43d67c58eb91b63f b/fuzz/corpora/asn1/48c91a84571f76a9b681173d43d67c58eb91b63f
-new file mode 100644
-index 0000000..b3c50f7
-Binary files /dev/null and b/fuzz/corpora/asn1/48c91a84571f76a9b681173d43d67c58eb91b63f differ
-diff --git a/fuzz/corpora/asn1/492268a1c7e33f758bdac15df2feb8fe10bef776 b/fuzz/corpora/asn1/492268a1c7e33f758bdac15df2feb8fe10bef776
-new file mode 100644
-index 0000000..d75854d
-Binary files /dev/null and b/fuzz/corpora/asn1/492268a1c7e33f758bdac15df2feb8fe10bef776 differ
-diff --git a/fuzz/corpora/asn1/4956492d6930faa9bf7b9b6f9616b124b0741d1a b/fuzz/corpora/asn1/4956492d6930faa9bf7b9b6f9616b124b0741d1a
-new file mode 100644
-index 0000000..bc259ac
-Binary files /dev/null and b/fuzz/corpora/asn1/4956492d6930faa9bf7b9b6f9616b124b0741d1a differ
-diff --git a/fuzz/corpora/asn1/49858f9dfe30f31bb9f6836c9fb0bdf06b3c3a2c b/fuzz/corpora/asn1/49858f9dfe30f31bb9f6836c9fb0bdf06b3c3a2c
-new file mode 100644
-index 0000000..182872b
-Binary files /dev/null and b/fuzz/corpora/asn1/49858f9dfe30f31bb9f6836c9fb0bdf06b3c3a2c differ
-diff --git a/fuzz/corpora/asn1/499b514a646a97eb238f27e70ddaf77a2b706de1 b/fuzz/corpora/asn1/499b514a646a97eb238f27e70ddaf77a2b706de1
-new file mode 100644
-index 0000000..4a19572
-Binary files /dev/null and b/fuzz/corpora/asn1/499b514a646a97eb238f27e70ddaf77a2b706de1 differ
-diff --git a/fuzz/corpora/asn1/49bdf45db7530e49261e96c980f1a827215776c0 b/fuzz/corpora/asn1/49bdf45db7530e49261e96c980f1a827215776c0
-new file mode 100644
-index 0000000..30f3b37
-Binary files /dev/null and b/fuzz/corpora/asn1/49bdf45db7530e49261e96c980f1a827215776c0 differ
-diff --git a/fuzz/corpora/asn1/4a8c6a9e2fec1353ce314414ed8fc35519415224 b/fuzz/corpora/asn1/4a8c6a9e2fec1353ce314414ed8fc35519415224
-new file mode 100644
-index 0000000..7fdf592
-Binary files /dev/null and b/fuzz/corpora/asn1/4a8c6a9e2fec1353ce314414ed8fc35519415224 differ
-diff --git a/fuzz/corpora/asn1/4b02b3c2655208abbc930028d17939b12cac74b4 b/fuzz/corpora/asn1/4b02b3c2655208abbc930028d17939b12cac74b4
-new file mode 100644
-index 0000000..fc8ef27
-Binary files /dev/null and b/fuzz/corpora/asn1/4b02b3c2655208abbc930028d17939b12cac74b4 differ
-diff --git a/fuzz/corpora/asn1/4b044371bd7fb299447f119959e0f2471539b740 b/fuzz/corpora/asn1/4b044371bd7fb299447f119959e0f2471539b740
-new file mode 100644
-index 0000000..c415313
-Binary files /dev/null and b/fuzz/corpora/asn1/4b044371bd7fb299447f119959e0f2471539b740 differ
-diff --git a/fuzz/corpora/asn1/4bac4537238648572886188cd62ba3e9d7b1c5ff b/fuzz/corpora/asn1/4bac4537238648572886188cd62ba3e9d7b1c5ff
-new file mode 100644
-index 0000000..d695510
-Binary files /dev/null and b/fuzz/corpora/asn1/4bac4537238648572886188cd62ba3e9d7b1c5ff differ
-diff --git a/fuzz/corpora/asn1/4c044e182d5f08fa3a734805f72e871b112c91de b/fuzz/corpora/asn1/4c044e182d5f08fa3a734805f72e871b112c91de
-new file mode 100644
-index 0000000..4950aa6
-Binary files /dev/null and b/fuzz/corpora/asn1/4c044e182d5f08fa3a734805f72e871b112c91de differ
-diff --git a/fuzz/corpora/asn1/4c1fa7e9c06f58663beefb15c45f9087ec561937 b/fuzz/corpora/asn1/4c1fa7e9c06f58663beefb15c45f9087ec561937
-new file mode 100644
-index 0000000..3032fc1
-Binary files /dev/null and b/fuzz/corpora/asn1/4c1fa7e9c06f58663beefb15c45f9087ec561937 differ
-diff --git a/fuzz/corpora/asn1/4c228a197b7ac543c869c8296d4643bb67198843 b/fuzz/corpora/asn1/4c228a197b7ac543c869c8296d4643bb67198843
-new file mode 100644
-index 0000000..3c548c8
-Binary files /dev/null and b/fuzz/corpora/asn1/4c228a197b7ac543c869c8296d4643bb67198843 differ
-diff --git a/fuzz/corpora/asn1/4d0625e6621790d3736c6ea29b1354977beae554 b/fuzz/corpora/asn1/4d0625e6621790d3736c6ea29b1354977beae554
-new file mode 100644
-index 0000000..9101b6c
-Binary files /dev/null and b/fuzz/corpora/asn1/4d0625e6621790d3736c6ea29b1354977beae554 differ
-diff --git a/fuzz/corpora/asn1/4d21ad882d2c9c5ca59d3db67f01392aa331a3b9 b/fuzz/corpora/asn1/4d21ad882d2c9c5ca59d3db67f01392aa331a3b9
-new file mode 100644
-index 0000000..80a8a89
-Binary files /dev/null and b/fuzz/corpora/asn1/4d21ad882d2c9c5ca59d3db67f01392aa331a3b9 differ
-diff --git a/fuzz/corpora/asn1/4d4312b370f8c6bd07883f53d0827cab5070d8cc b/fuzz/corpora/asn1/4d4312b370f8c6bd07883f53d0827cab5070d8cc
-new file mode 100644
-index 0000000..d953cab
-Binary files /dev/null and b/fuzz/corpora/asn1/4d4312b370f8c6bd07883f53d0827cab5070d8cc differ
-diff --git a/fuzz/corpora/asn1/4d5a821b499b10d2cd76904f672a63c79a7644c4 b/fuzz/corpora/asn1/4d5a821b499b10d2cd76904f672a63c79a7644c4
-new file mode 100644
-index 0000000..b2daa5c
-Binary files /dev/null and b/fuzz/corpora/asn1/4d5a821b499b10d2cd76904f672a63c79a7644c4 differ
-diff --git a/fuzz/corpora/asn1/4d5e5e366be74be272807e6b61a97f48b61d1233 b/fuzz/corpora/asn1/4d5e5e366be74be272807e6b61a97f48b61d1233
-new file mode 100644
-index 0000000..2f02418
-Binary files /dev/null and b/fuzz/corpora/asn1/4d5e5e366be74be272807e6b61a97f48b61d1233 differ
-diff --git a/fuzz/corpora/asn1/4d6ab9d83ba620d248b49eb45e06d6edd1e9e709 b/fuzz/corpora/asn1/4d6ab9d83ba620d248b49eb45e06d6edd1e9e709
-new file mode 100644
-index 0000000..e9c59a2
-Binary files /dev/null and b/fuzz/corpora/asn1/4d6ab9d83ba620d248b49eb45e06d6edd1e9e709 differ
-diff --git a/fuzz/corpora/asn1/4de8a279b38cc5d5b2bd2d71bcc652d701d07f2f b/fuzz/corpora/asn1/4de8a279b38cc5d5b2bd2d71bcc652d701d07f2f
-new file mode 100644
-index 0000000..9a37717
-Binary files /dev/null and b/fuzz/corpora/asn1/4de8a279b38cc5d5b2bd2d71bcc652d701d07f2f differ
-diff --git a/fuzz/corpora/asn1/4e46cdbd0d5607b6ac9eb386195ae46b1e0ad735 b/fuzz/corpora/asn1/4e46cdbd0d5607b6ac9eb386195ae46b1e0ad735
-new file mode 100644
-index 0000000..c3f9133
-Binary files /dev/null and b/fuzz/corpora/asn1/4e46cdbd0d5607b6ac9eb386195ae46b1e0ad735 differ
-diff --git a/fuzz/corpora/asn1/4eb32351601776bf5e4c36ba6a86be85273efa33 b/fuzz/corpora/asn1/4eb32351601776bf5e4c36ba6a86be85273efa33
-new file mode 100644
-index 0000000..71d608d
-Binary files /dev/null and b/fuzz/corpora/asn1/4eb32351601776bf5e4c36ba6a86be85273efa33 differ
-diff --git a/fuzz/corpora/asn1/4f08bec74e36313557bdb0a0f8e72e081f8cf735 b/fuzz/corpora/asn1/4f08bec74e36313557bdb0a0f8e72e081f8cf735
-new file mode 100644
-index 0000000..0e75027
-Binary files /dev/null and b/fuzz/corpora/asn1/4f08bec74e36313557bdb0a0f8e72e081f8cf735 differ
-diff --git a/fuzz/corpora/asn1/4f157de8b7e6f83574995f8c86b79f36ce7af7bf b/fuzz/corpora/asn1/4f157de8b7e6f83574995f8c86b79f36ce7af7bf
-new file mode 100644
-index 0000000..7923ade
-Binary files /dev/null and b/fuzz/corpora/asn1/4f157de8b7e6f83574995f8c86b79f36ce7af7bf differ
-diff --git a/fuzz/corpora/asn1/4f551240c77fa67ec97709d54c77ba92dff2bcf3 b/fuzz/corpora/asn1/4f551240c77fa67ec97709d54c77ba92dff2bcf3
-new file mode 100644
-index 0000000..1c41a66
-Binary files /dev/null and b/fuzz/corpora/asn1/4f551240c77fa67ec97709d54c77ba92dff2bcf3 differ
-diff --git a/fuzz/corpora/asn1/4f8050bf4b3bd2013806bffff5419cb24a43e941 b/fuzz/corpora/asn1/4f8050bf4b3bd2013806bffff5419cb24a43e941
-new file mode 100644
-index 0000000..7eabab2
-Binary files /dev/null and b/fuzz/corpora/asn1/4f8050bf4b3bd2013806bffff5419cb24a43e941 differ
-diff --git a/fuzz/corpora/asn1/4fe234bce04ba8fe7eb1ec0ffb204579ecced38e b/fuzz/corpora/asn1/4fe234bce04ba8fe7eb1ec0ffb204579ecced38e
-new file mode 100644
-index 0000000..6e04f3b
-Binary files /dev/null and b/fuzz/corpora/asn1/4fe234bce04ba8fe7eb1ec0ffb204579ecced38e differ
-diff --git a/fuzz/corpora/asn1/50b588e223e2b113978a6a4a7f5ac12299172a15 b/fuzz/corpora/asn1/50b588e223e2b113978a6a4a7f5ac12299172a15
-new file mode 100644
-index 0000000..f83320c
-Binary files /dev/null and b/fuzz/corpora/asn1/50b588e223e2b113978a6a4a7f5ac12299172a15 differ
-diff --git a/fuzz/corpora/asn1/510421198fbf07a578b3f60fb5d91d88e7402617 b/fuzz/corpora/asn1/510421198fbf07a578b3f60fb5d91d88e7402617
-new file mode 100644
-index 0000000..d786d0f
-Binary files /dev/null and b/fuzz/corpora/asn1/510421198fbf07a578b3f60fb5d91d88e7402617 differ
-diff --git a/fuzz/corpora/asn1/5115d1f97a374d6a8b6604021d55fd7e1dfab131 b/fuzz/corpora/asn1/5115d1f97a374d6a8b6604021d55fd7e1dfab131
-new file mode 100644
-index 0000000..48d8a25
-Binary files /dev/null and b/fuzz/corpora/asn1/5115d1f97a374d6a8b6604021d55fd7e1dfab131 differ
-diff --git a/fuzz/corpora/asn1/52ab05578c8e87fd952eac1a52292c94210862f0 b/fuzz/corpora/asn1/52ab05578c8e87fd952eac1a52292c94210862f0
-new file mode 100644
-index 0000000..efcea25
-Binary files /dev/null and b/fuzz/corpora/asn1/52ab05578c8e87fd952eac1a52292c94210862f0 differ
-diff --git a/fuzz/corpora/asn1/52e20d13cd280adbcd36284e1b73c61db4ab3391 b/fuzz/corpora/asn1/52e20d13cd280adbcd36284e1b73c61db4ab3391
-new file mode 100644
-index 0000000..61a3a80
-Binary files /dev/null and b/fuzz/corpora/asn1/52e20d13cd280adbcd36284e1b73c61db4ab3391 differ
-diff --git a/fuzz/corpora/asn1/52f886e3e29fe0e134421e40c1f5de5ac6b3a33b b/fuzz/corpora/asn1/52f886e3e29fe0e134421e40c1f5de5ac6b3a33b
-new file mode 100644
-index 0000000..14487ad
-Binary files /dev/null and b/fuzz/corpora/asn1/52f886e3e29fe0e134421e40c1f5de5ac6b3a33b differ
-diff --git a/fuzz/corpora/asn1/548953015dee047bd555881f6c9a43c17ce2547a b/fuzz/corpora/asn1/548953015dee047bd555881f6c9a43c17ce2547a
-new file mode 100644
-index 0000000..f61aeef
-Binary files /dev/null and b/fuzz/corpora/asn1/548953015dee047bd555881f6c9a43c17ce2547a differ
-diff --git a/fuzz/corpora/asn1/5597641af850ba7307e3437bde13a81ba77e68a7 b/fuzz/corpora/asn1/5597641af850ba7307e3437bde13a81ba77e68a7
-new file mode 100644
-index 0000000..7fc079d
-Binary files /dev/null and b/fuzz/corpora/asn1/5597641af850ba7307e3437bde13a81ba77e68a7 differ
-diff --git a/fuzz/corpora/asn1/55b782049549e17a5d80cde8a03014e0401dec08 b/fuzz/corpora/asn1/55b782049549e17a5d80cde8a03014e0401dec08
-new file mode 100644
-index 0000000..c4a9c3b
-Binary files /dev/null and b/fuzz/corpora/asn1/55b782049549e17a5d80cde8a03014e0401dec08 differ
-diff --git a/fuzz/corpora/asn1/55f8256895b20e9c3755a38b587129664dadbec8 b/fuzz/corpora/asn1/55f8256895b20e9c3755a38b587129664dadbec8
-new file mode 100644
-index 0000000..741ca76
-Binary files /dev/null and b/fuzz/corpora/asn1/55f8256895b20e9c3755a38b587129664dadbec8 differ
-diff --git a/fuzz/corpora/asn1/5612dc3aaba2e77dcba85583b31ff002cc11f573 b/fuzz/corpora/asn1/5612dc3aaba2e77dcba85583b31ff002cc11f573
-new file mode 100644
-index 0000000..056d1c2
-Binary files /dev/null and b/fuzz/corpora/asn1/5612dc3aaba2e77dcba85583b31ff002cc11f573 differ
-diff --git a/fuzz/corpora/asn1/56bc472e147812d3a4d18e2c2105291f608097b9 b/fuzz/corpora/asn1/56bc472e147812d3a4d18e2c2105291f608097b9
-new file mode 100644
-index 0000000..9875a3a
-Binary files /dev/null and b/fuzz/corpora/asn1/56bc472e147812d3a4d18e2c2105291f608097b9 differ
-diff --git a/fuzz/corpora/asn1/5701217de486b834b98b4769e2ca2dc8a0c35021 b/fuzz/corpora/asn1/5701217de486b834b98b4769e2ca2dc8a0c35021
-new file mode 100644
-index 0000000..c2c259f
-Binary files /dev/null and b/fuzz/corpora/asn1/5701217de486b834b98b4769e2ca2dc8a0c35021 differ
-diff --git a/fuzz/corpora/asn1/573e681caeb7a1690c4916711d190da2d825f746 b/fuzz/corpora/asn1/573e681caeb7a1690c4916711d190da2d825f746
-new file mode 100644
-index 0000000..99a1694
-Binary files /dev/null and b/fuzz/corpora/asn1/573e681caeb7a1690c4916711d190da2d825f746 differ
-diff --git a/fuzz/corpora/asn1/585211423db28929b6cdb87f33347aa9c519ad65 b/fuzz/corpora/asn1/585211423db28929b6cdb87f33347aa9c519ad65
-new file mode 100644
-index 0000000..430c9fd
-Binary files /dev/null and b/fuzz/corpora/asn1/585211423db28929b6cdb87f33347aa9c519ad65 differ
-diff --git a/fuzz/corpora/asn1/58eaedbc0b8ad8e78d09bb370a36edbdff06fc7c b/fuzz/corpora/asn1/58eaedbc0b8ad8e78d09bb370a36edbdff06fc7c
-new file mode 100644
-index 0000000..33b929a
-Binary files /dev/null and b/fuzz/corpora/asn1/58eaedbc0b8ad8e78d09bb370a36edbdff06fc7c differ
-diff --git a/fuzz/corpora/asn1/58ec3b293fd9533330c2b683e239905f229ab0d7 b/fuzz/corpora/asn1/58ec3b293fd9533330c2b683e239905f229ab0d7
-new file mode 100644
-index 0000000..e304602
-Binary files /dev/null and b/fuzz/corpora/asn1/58ec3b293fd9533330c2b683e239905f229ab0d7 differ
-diff --git a/fuzz/corpora/asn1/59d92d62f51e26ec31d9b3f09a6cf236abc7be8f b/fuzz/corpora/asn1/59d92d62f51e26ec31d9b3f09a6cf236abc7be8f
-new file mode 100644
-index 0000000..055cff3
-Binary files /dev/null and b/fuzz/corpora/asn1/59d92d62f51e26ec31d9b3f09a6cf236abc7be8f differ
-diff --git a/fuzz/corpora/asn1/5ad0ef3dccda6ac674a78f8e6419e5d7b6eba594 b/fuzz/corpora/asn1/5ad0ef3dccda6ac674a78f8e6419e5d7b6eba594
-new file mode 100644
-index 0000000..896b525
-Binary files /dev/null and b/fuzz/corpora/asn1/5ad0ef3dccda6ac674a78f8e6419e5d7b6eba594 differ
-diff --git a/fuzz/corpora/asn1/5b163a5af80498bd854846229f7ce08dd6a84714 b/fuzz/corpora/asn1/5b163a5af80498bd854846229f7ce08dd6a84714
-new file mode 100644
-index 0000000..cb82c4e
-Binary files /dev/null and b/fuzz/corpora/asn1/5b163a5af80498bd854846229f7ce08dd6a84714 differ
-diff --git a/fuzz/corpora/asn1/5b8a5cf371de8d2b80acd0f446c01553e54e6eb5 b/fuzz/corpora/asn1/5b8a5cf371de8d2b80acd0f446c01553e54e6eb5
-new file mode 100644
-index 0000000..7deb59a
-Binary files /dev/null and b/fuzz/corpora/asn1/5b8a5cf371de8d2b80acd0f446c01553e54e6eb5 differ
-diff --git a/fuzz/corpora/asn1/5bab61eb53176449e25c2c82f172b82cb13ffb9d b/fuzz/corpora/asn1/5bab61eb53176449e25c2c82f172b82cb13ffb9d
-new file mode 100644
-index 0000000..0d758c9
-Binary files /dev/null and b/fuzz/corpora/asn1/5bab61eb53176449e25c2c82f172b82cb13ffb9d differ
-diff --git a/fuzz/corpora/asn1/5c4190931731d524df96b5fc1ba20fb9baf21763 b/fuzz/corpora/asn1/5c4190931731d524df96b5fc1ba20fb9baf21763
-new file mode 100644
-index 0000000..afc0e11
-Binary files /dev/null and b/fuzz/corpora/asn1/5c4190931731d524df96b5fc1ba20fb9baf21763 differ
-diff --git a/fuzz/corpora/asn1/5c5e2c550c4295b5fd38004774610b3fbe80014f b/fuzz/corpora/asn1/5c5e2c550c4295b5fd38004774610b3fbe80014f
-new file mode 100644
-index 0000000..e31e20e
-Binary files /dev/null and b/fuzz/corpora/asn1/5c5e2c550c4295b5fd38004774610b3fbe80014f differ
-diff --git a/fuzz/corpora/asn1/5c650f24a20538774d50943271acfadfac26fe7c b/fuzz/corpora/asn1/5c650f24a20538774d50943271acfadfac26fe7c
-new file mode 100644
-index 0000000..1f8dee7
-Binary files /dev/null and b/fuzz/corpora/asn1/5c650f24a20538774d50943271acfadfac26fe7c differ
-diff --git a/fuzz/corpora/asn1/5cf459041a413c1216634cd375b27aa49d76dd78 b/fuzz/corpora/asn1/5cf459041a413c1216634cd375b27aa49d76dd78
-new file mode 100644
-index 0000000..175e440
-Binary files /dev/null and b/fuzz/corpora/asn1/5cf459041a413c1216634cd375b27aa49d76dd78 differ
-diff --git a/fuzz/corpora/asn1/5d2da4b41e8e78bc1b7f0e8a03ce1fda997e94f2 b/fuzz/corpora/asn1/5d2da4b41e8e78bc1b7f0e8a03ce1fda997e94f2
-new file mode 100644
-index 0000000..15aa01a
-Binary files /dev/null and b/fuzz/corpora/asn1/5d2da4b41e8e78bc1b7f0e8a03ce1fda997e94f2 differ
-diff --git a/fuzz/corpora/asn1/5d776155e7b127e48971cf895a1ad0ba1c8ced3b b/fuzz/corpora/asn1/5d776155e7b127e48971cf895a1ad0ba1c8ced3b
-new file mode 100644
-index 0000000..aa2663b
-Binary files /dev/null and b/fuzz/corpora/asn1/5d776155e7b127e48971cf895a1ad0ba1c8ced3b differ
-diff --git a/fuzz/corpora/asn1/5eb872eea3d3d5557b4716874f65fd8d0c449481 b/fuzz/corpora/asn1/5eb872eea3d3d5557b4716874f65fd8d0c449481
-new file mode 100644
-index 0000000..e07cc9a
-Binary files /dev/null and b/fuzz/corpora/asn1/5eb872eea3d3d5557b4716874f65fd8d0c449481 differ
-diff --git a/fuzz/corpora/asn1/5ee5bc091b8e16933584f433dba0d4275fb51a29 b/fuzz/corpora/asn1/5ee5bc091b8e16933584f433dba0d4275fb51a29
-new file mode 100644
-index 0000000..e3668b7
-Binary files /dev/null and b/fuzz/corpora/asn1/5ee5bc091b8e16933584f433dba0d4275fb51a29 differ
-diff --git a/fuzz/corpora/asn1/5eef81a21e594686ae80c8aa021d53e04496c5b0 b/fuzz/corpora/asn1/5eef81a21e594686ae80c8aa021d53e04496c5b0
-new file mode 100644
-index 0000000..057a3a4
-Binary files /dev/null and b/fuzz/corpora/asn1/5eef81a21e594686ae80c8aa021d53e04496c5b0 differ
-diff --git a/fuzz/corpora/asn1/5f744458d42f089f4e8c6edaf764c7de8d0d3888 b/fuzz/corpora/asn1/5f744458d42f089f4e8c6edaf764c7de8d0d3888
-new file mode 100644
-index 0000000..85c0799
-Binary files /dev/null and b/fuzz/corpora/asn1/5f744458d42f089f4e8c6edaf764c7de8d0d3888 differ
-diff --git a/fuzz/corpora/asn1/5f77ed7492d7d9f87500872990d4f4ae0bfdd9e4 b/fuzz/corpora/asn1/5f77ed7492d7d9f87500872990d4f4ae0bfdd9e4
-new file mode 100644
-index 0000000..4b66222
-Binary files /dev/null and b/fuzz/corpora/asn1/5f77ed7492d7d9f87500872990d4f4ae0bfdd9e4 differ
-diff --git a/fuzz/corpora/asn1/6071c700f618a4b7de005f6deadb7a4f61300ae9 b/fuzz/corpora/asn1/6071c700f618a4b7de005f6deadb7a4f61300ae9
-new file mode 100644
-index 0000000..bbffcf3
-Binary files /dev/null and b/fuzz/corpora/asn1/6071c700f618a4b7de005f6deadb7a4f61300ae9 differ
-diff --git a/fuzz/corpora/asn1/61d57ff14e544bc34117a1d054a55413a446b61b b/fuzz/corpora/asn1/61d57ff14e544bc34117a1d054a55413a446b61b
-new file mode 100644
-index 0000000..1b45b72
-Binary files /dev/null and b/fuzz/corpora/asn1/61d57ff14e544bc34117a1d054a55413a446b61b differ
-diff --git a/fuzz/corpora/asn1/6240f139a01f8fc6ad627cdaced967854551c7dd b/fuzz/corpora/asn1/6240f139a01f8fc6ad627cdaced967854551c7dd
-new file mode 100644
-index 0000000..8ce2284
-Binary files /dev/null and b/fuzz/corpora/asn1/6240f139a01f8fc6ad627cdaced967854551c7dd differ
-diff --git a/fuzz/corpora/asn1/62bf1a2c54f6284043c268e7e738b9895be0c101 b/fuzz/corpora/asn1/62bf1a2c54f6284043c268e7e738b9895be0c101
-new file mode 100644
-index 0000000..ebddbd0
-Binary files /dev/null and b/fuzz/corpora/asn1/62bf1a2c54f6284043c268e7e738b9895be0c101 differ
-diff --git a/fuzz/corpora/asn1/63452d65cfccc21afd3d21207dcbd1621766d48d b/fuzz/corpora/asn1/63452d65cfccc21afd3d21207dcbd1621766d48d
-new file mode 100644
-index 0000000..9a0ff8b
-Binary files /dev/null and b/fuzz/corpora/asn1/63452d65cfccc21afd3d21207dcbd1621766d48d differ
-diff --git a/fuzz/corpora/asn1/63e7a7e0ae1edb16eaf97deaf48e123079c08196 b/fuzz/corpora/asn1/63e7a7e0ae1edb16eaf97deaf48e123079c08196
-new file mode 100644
-index 0000000..25829d6
-Binary files /dev/null and b/fuzz/corpora/asn1/63e7a7e0ae1edb16eaf97deaf48e123079c08196 differ
-diff --git a/fuzz/corpora/asn1/641d57777a4ca345b6a5cd14ced23cac253b086a b/fuzz/corpora/asn1/641d57777a4ca345b6a5cd14ced23cac253b086a
-new file mode 100644
-index 0000000..9d719a8
-Binary files /dev/null and b/fuzz/corpora/asn1/641d57777a4ca345b6a5cd14ced23cac253b086a differ
-diff --git a/fuzz/corpora/asn1/649b52e10735051c8c7d1807a5b69f8d586d3661 b/fuzz/corpora/asn1/649b52e10735051c8c7d1807a5b69f8d586d3661
-new file mode 100644
-index 0000000..bc70f43
-Binary files /dev/null and b/fuzz/corpora/asn1/649b52e10735051c8c7d1807a5b69f8d586d3661 differ
-diff --git a/fuzz/corpora/asn1/652af8e5e2f7d2a7d5ba33ec5d7945503f2b90d7 b/fuzz/corpora/asn1/652af8e5e2f7d2a7d5ba33ec5d7945503f2b90d7
-new file mode 100644
-index 0000000..232bcad
-Binary files /dev/null and b/fuzz/corpora/asn1/652af8e5e2f7d2a7d5ba33ec5d7945503f2b90d7 differ
-diff --git a/fuzz/corpora/asn1/66b7293dacd571d9e460dfcb36a2b602ae34320d b/fuzz/corpora/asn1/66b7293dacd571d9e460dfcb36a2b602ae34320d
-new file mode 100644
-index 0000000..822fcf0
-Binary files /dev/null and b/fuzz/corpora/asn1/66b7293dacd571d9e460dfcb36a2b602ae34320d differ
-diff --git a/fuzz/corpora/asn1/66ccb41c2ed71a9210652108e3b46db6bc40a245 b/fuzz/corpora/asn1/66ccb41c2ed71a9210652108e3b46db6bc40a245
-new file mode 100644
-index 0000000..97200f3
-Binary files /dev/null and b/fuzz/corpora/asn1/66ccb41c2ed71a9210652108e3b46db6bc40a245 differ
-diff --git a/fuzz/corpora/asn1/6736b614b5693b40cbcb32ae2500daef3e3fa417 b/fuzz/corpora/asn1/6736b614b5693b40cbcb32ae2500daef3e3fa417
-new file mode 100644
-index 0000000..3286da7
-Binary files /dev/null and b/fuzz/corpora/asn1/6736b614b5693b40cbcb32ae2500daef3e3fa417 differ
-diff --git a/fuzz/corpora/asn1/6772b1dddc0bd43a3ac925e9db431775149e7f69 b/fuzz/corpora/asn1/6772b1dddc0bd43a3ac925e9db431775149e7f69
-new file mode 100644
-index 0000000..6a30a1f
-Binary files /dev/null and b/fuzz/corpora/asn1/6772b1dddc0bd43a3ac925e9db431775149e7f69 differ
-diff --git a/fuzz/corpora/asn1/691998a577c3868a32f9e921214de061f8cb7982 b/fuzz/corpora/asn1/691998a577c3868a32f9e921214de061f8cb7982
-new file mode 100644
-index 0000000..9fd2816
-Binary files /dev/null and b/fuzz/corpora/asn1/691998a577c3868a32f9e921214de061f8cb7982 differ
-diff --git a/fuzz/corpora/asn1/691c5f79265edfad387d007d207aadc9240be0d6 b/fuzz/corpora/asn1/691c5f79265edfad387d007d207aadc9240be0d6
-new file mode 100644
-index 0000000..791c6f0
-Binary files /dev/null and b/fuzz/corpora/asn1/691c5f79265edfad387d007d207aadc9240be0d6 differ
-diff --git a/fuzz/corpora/asn1/69396914f72b398c83971af32cbddc9fc78e7df6 b/fuzz/corpora/asn1/69396914f72b398c83971af32cbddc9fc78e7df6
-new file mode 100644
-index 0000000..eb058cc
-Binary files /dev/null and b/fuzz/corpora/asn1/69396914f72b398c83971af32cbddc9fc78e7df6 differ
-diff --git a/fuzz/corpora/asn1/6a1c25a2fdd64a460ffc5d01a9f6f0cc758d22c1 b/fuzz/corpora/asn1/6a1c25a2fdd64a460ffc5d01a9f6f0cc758d22c1
-new file mode 100644
-index 0000000..de1d673
-Binary files /dev/null and b/fuzz/corpora/asn1/6a1c25a2fdd64a460ffc5d01a9f6f0cc758d22c1 differ
-diff --git a/fuzz/corpora/asn1/6acc61fa2eb3de2a75a19439aceb57e8a038ab3b b/fuzz/corpora/asn1/6acc61fa2eb3de2a75a19439aceb57e8a038ab3b
-new file mode 100644
-index 0000000..0563217
-Binary files /dev/null and b/fuzz/corpora/asn1/6acc61fa2eb3de2a75a19439aceb57e8a038ab3b differ
-diff --git a/fuzz/corpora/asn1/6ad6ef267febd3b4506fdf42e2b6652eb944a36d b/fuzz/corpora/asn1/6ad6ef267febd3b4506fdf42e2b6652eb944a36d
-new file mode 100644
-index 0000000..efae789
-Binary files /dev/null and b/fuzz/corpora/asn1/6ad6ef267febd3b4506fdf42e2b6652eb944a36d differ
-diff --git a/fuzz/corpora/asn1/6b91749ecea9f52797d5d7575432f93da98ed9b6 b/fuzz/corpora/asn1/6b91749ecea9f52797d5d7575432f93da98ed9b6
-new file mode 100644
-index 0000000..19b3e94
-Binary files /dev/null and b/fuzz/corpora/asn1/6b91749ecea9f52797d5d7575432f93da98ed9b6 differ
-diff --git a/fuzz/corpora/asn1/6bbbfc93bb556acc4e41337303c01ee7f32d1e2c b/fuzz/corpora/asn1/6bbbfc93bb556acc4e41337303c01ee7f32d1e2c
-new file mode 100644
-index 0000000..d3db331
-Binary files /dev/null and b/fuzz/corpora/asn1/6bbbfc93bb556acc4e41337303c01ee7f32d1e2c differ
-diff --git a/fuzz/corpora/asn1/6c522864593f9a88b9da3bc8577471eecbf7dfb8 b/fuzz/corpora/asn1/6c522864593f9a88b9da3bc8577471eecbf7dfb8
-new file mode 100644
-index 0000000..a6976f8
-Binary files /dev/null and b/fuzz/corpora/asn1/6c522864593f9a88b9da3bc8577471eecbf7dfb8 differ
-diff --git a/fuzz/corpora/asn1/6c8f1dee251b8288c2f16b441b1810cf7bca49ab b/fuzz/corpora/asn1/6c8f1dee251b8288c2f16b441b1810cf7bca49ab
-new file mode 100644
-index 0000000..f14cc40
-Binary files /dev/null and b/fuzz/corpora/asn1/6c8f1dee251b8288c2f16b441b1810cf7bca49ab differ
-diff --git a/fuzz/corpora/asn1/6d5c7800798dbf022d7bf8c75bf0b8997d623e59 b/fuzz/corpora/asn1/6d5c7800798dbf022d7bf8c75bf0b8997d623e59
-new file mode 100644
-index 0000000..8760ddf
-Binary files /dev/null and b/fuzz/corpora/asn1/6d5c7800798dbf022d7bf8c75bf0b8997d623e59 differ
-diff --git a/fuzz/corpora/asn1/6d95adf42da165512dc2e15f3abb8402474fe400 b/fuzz/corpora/asn1/6d95adf42da165512dc2e15f3abb8402474fe400
-new file mode 100644
-index 0000000..d713fa1
-Binary files /dev/null and b/fuzz/corpora/asn1/6d95adf42da165512dc2e15f3abb8402474fe400 differ
-diff --git a/fuzz/corpora/asn1/6defe05fe2fc2d6590659b5d7e847b1a73f38ca1 b/fuzz/corpora/asn1/6defe05fe2fc2d6590659b5d7e847b1a73f38ca1
-new file mode 100644
-index 0000000..2efabec
-Binary files /dev/null and b/fuzz/corpora/asn1/6defe05fe2fc2d6590659b5d7e847b1a73f38ca1 differ
-diff --git a/fuzz/corpora/asn1/6df417864fe3311b4ccc19b6ab5952a0783653a9 b/fuzz/corpora/asn1/6df417864fe3311b4ccc19b6ab5952a0783653a9
-new file mode 100644
-index 0000000..5ad6269
-Binary files /dev/null and b/fuzz/corpora/asn1/6df417864fe3311b4ccc19b6ab5952a0783653a9 differ
-diff --git a/fuzz/corpora/asn1/6e67b210aa4d3620eb0f903e0d2dce984df7256b b/fuzz/corpora/asn1/6e67b210aa4d3620eb0f903e0d2dce984df7256b
-new file mode 100644
-index 0000000..ed0b996
-Binary files /dev/null and b/fuzz/corpora/asn1/6e67b210aa4d3620eb0f903e0d2dce984df7256b differ
-diff --git a/fuzz/corpora/asn1/6eaeb5e449859220c0b7328e3a93c87dc3ad7897 b/fuzz/corpora/asn1/6eaeb5e449859220c0b7328e3a93c87dc3ad7897
-new file mode 100644
-index 0000000..7236ea8
-Binary files /dev/null and b/fuzz/corpora/asn1/6eaeb5e449859220c0b7328e3a93c87dc3ad7897 differ
-diff --git a/fuzz/corpora/asn1/6ed498806c0a6524439f8ac290f9ff5b18759be7 b/fuzz/corpora/asn1/6ed498806c0a6524439f8ac290f9ff5b18759be7
-new file mode 100644
-index 0000000..7ce8ca6
-Binary files /dev/null and b/fuzz/corpora/asn1/6ed498806c0a6524439f8ac290f9ff5b18759be7 differ
-diff --git a/fuzz/corpora/asn1/6edbb64240cc4f745b8f84422a3e08e499d19869 b/fuzz/corpora/asn1/6edbb64240cc4f745b8f84422a3e08e499d19869
-new file mode 100644
-index 0000000..dab94d3
-Binary files /dev/null and b/fuzz/corpora/asn1/6edbb64240cc4f745b8f84422a3e08e499d19869 differ
-diff --git a/fuzz/corpora/asn1/6f2523624e6731bdeb7f1f9dedbcf90237ed7cd1 b/fuzz/corpora/asn1/6f2523624e6731bdeb7f1f9dedbcf90237ed7cd1
-new file mode 100644
-index 0000000..3ed7bba
-Binary files /dev/null and b/fuzz/corpora/asn1/6f2523624e6731bdeb7f1f9dedbcf90237ed7cd1 differ
-diff --git a/fuzz/corpora/asn1/6f27c43a83e859e9fce3735d0601b8085bc4cb3a b/fuzz/corpora/asn1/6f27c43a83e859e9fce3735d0601b8085bc4cb3a
-new file mode 100644
-index 0000000..0fcf0d8
-Binary files /dev/null and b/fuzz/corpora/asn1/6f27c43a83e859e9fce3735d0601b8085bc4cb3a differ
-diff --git a/fuzz/corpora/asn1/6f3a0f3df23e638769921b35fd6260064f0f1bfd b/fuzz/corpora/asn1/6f3a0f3df23e638769921b35fd6260064f0f1bfd
-new file mode 100644
-index 0000000..de053a1
-Binary files /dev/null and b/fuzz/corpora/asn1/6f3a0f3df23e638769921b35fd6260064f0f1bfd differ
-diff --git a/fuzz/corpora/asn1/6ff275248fc6d0fc09aa13ed2cf1988ab0889504 b/fuzz/corpora/asn1/6ff275248fc6d0fc09aa13ed2cf1988ab0889504
-new file mode 100644
-index 0000000..b3cb4d1
-Binary files /dev/null and b/fuzz/corpora/asn1/6ff275248fc6d0fc09aa13ed2cf1988ab0889504 differ
-diff --git a/fuzz/corpora/asn1/704a87da7bbfad4933905923ff6efc01fbd6300f b/fuzz/corpora/asn1/704a87da7bbfad4933905923ff6efc01fbd6300f
-new file mode 100644
-index 0000000..8321fad
-Binary files /dev/null and b/fuzz/corpora/asn1/704a87da7bbfad4933905923ff6efc01fbd6300f differ
-diff --git a/fuzz/corpora/asn1/7129035ddd05bec23d9909fcf095ca5fea5d2574 b/fuzz/corpora/asn1/7129035ddd05bec23d9909fcf095ca5fea5d2574
-new file mode 100644
-index 0000000..d7fd49f
-Binary files /dev/null and b/fuzz/corpora/asn1/7129035ddd05bec23d9909fcf095ca5fea5d2574 differ
-diff --git a/fuzz/corpora/asn1/71a33cf3c20cd153e09b047267ce792b5c7b9e99 b/fuzz/corpora/asn1/71a33cf3c20cd153e09b047267ce792b5c7b9e99
-new file mode 100644
-index 0000000..b646cc1
-Binary files /dev/null and b/fuzz/corpora/asn1/71a33cf3c20cd153e09b047267ce792b5c7b9e99 differ
-diff --git a/fuzz/corpora/asn1/71c342ab087a30664b93719bcbed6f3b1f160345 b/fuzz/corpora/asn1/71c342ab087a30664b93719bcbed6f3b1f160345
-new file mode 100644
-index 0000000..dd3ddb2
-Binary files /dev/null and b/fuzz/corpora/asn1/71c342ab087a30664b93719bcbed6f3b1f160345 differ
-diff --git a/fuzz/corpora/asn1/71e9c3e636809e938e963c71a334bdc6a29e025b b/fuzz/corpora/asn1/71e9c3e636809e938e963c71a334bdc6a29e025b
-new file mode 100644
-index 0000000..e0d8a52
-Binary files /dev/null and b/fuzz/corpora/asn1/71e9c3e636809e938e963c71a334bdc6a29e025b differ
-diff --git a/fuzz/corpora/asn1/729c18dbdcfe0faafb02aca9161e04c99a3d61ed b/fuzz/corpora/asn1/729c18dbdcfe0faafb02aca9161e04c99a3d61ed
-new file mode 100644
-index 0000000..6359522
-Binary files /dev/null and b/fuzz/corpora/asn1/729c18dbdcfe0faafb02aca9161e04c99a3d61ed differ
-diff --git a/fuzz/corpora/asn1/7395e9e41d7cf962fe7b9093f68ee97f236e6127 b/fuzz/corpora/asn1/7395e9e41d7cf962fe7b9093f68ee97f236e6127
-new file mode 100644
-index 0000000..8112888
-Binary files /dev/null and b/fuzz/corpora/asn1/7395e9e41d7cf962fe7b9093f68ee97f236e6127 differ
-diff --git a/fuzz/corpora/asn1/741de4bc06656d8e1a49451b1f41d29882f035df b/fuzz/corpora/asn1/741de4bc06656d8e1a49451b1f41d29882f035df
-new file mode 100644
-index 0000000..6ad2f3e
-Binary files /dev/null and b/fuzz/corpora/asn1/741de4bc06656d8e1a49451b1f41d29882f035df differ
-diff --git a/fuzz/corpora/asn1/74436b91c383a94975c010acc468a17b8db8c401 b/fuzz/corpora/asn1/74436b91c383a94975c010acc468a17b8db8c401
-new file mode 100644
-index 0000000..6116daf
-Binary files /dev/null and b/fuzz/corpora/asn1/74436b91c383a94975c010acc468a17b8db8c401 differ
-diff --git a/fuzz/corpora/asn1/7445b03035891717a89ccbfe94e93a6cbdc858c6 b/fuzz/corpora/asn1/7445b03035891717a89ccbfe94e93a6cbdc858c6
-new file mode 100644
-index 0000000..c8f5377
-Binary files /dev/null and b/fuzz/corpora/asn1/7445b03035891717a89ccbfe94e93a6cbdc858c6 differ
-diff --git a/fuzz/corpora/asn1/74bc2f89637ac6009f4eb7b42b9f08c26b8a9787 b/fuzz/corpora/asn1/74bc2f89637ac6009f4eb7b42b9f08c26b8a9787
-new file mode 100644
-index 0000000..07c34e2
-Binary files /dev/null and b/fuzz/corpora/asn1/74bc2f89637ac6009f4eb7b42b9f08c26b8a9787 differ
-diff --git a/fuzz/corpora/asn1/751a8f7a80282c0f2a19dbe50ab615306c0abdad b/fuzz/corpora/asn1/751a8f7a80282c0f2a19dbe50ab615306c0abdad
-new file mode 100644
-index 0000000..9058a25
-Binary files /dev/null and b/fuzz/corpora/asn1/751a8f7a80282c0f2a19dbe50ab615306c0abdad differ
-diff --git a/fuzz/corpora/asn1/7548eff33fc7121d2a121f332121c7391106ab73 b/fuzz/corpora/asn1/7548eff33fc7121d2a121f332121c7391106ab73
-new file mode 100644
-index 0000000..966f515
-Binary files /dev/null and b/fuzz/corpora/asn1/7548eff33fc7121d2a121f332121c7391106ab73 differ
-diff --git a/fuzz/corpora/asn1/75c29757e9f2bd4d8f41253003cec32e5bd153f5 b/fuzz/corpora/asn1/75c29757e9f2bd4d8f41253003cec32e5bd153f5
-new file mode 100644
-index 0000000..3ffbd14
-Binary files /dev/null and b/fuzz/corpora/asn1/75c29757e9f2bd4d8f41253003cec32e5bd153f5 differ
-diff --git a/fuzz/corpora/asn1/76579e818c3ed4dfecb8f3dee908d447123c8ba8 b/fuzz/corpora/asn1/76579e818c3ed4dfecb8f3dee908d447123c8ba8
-new file mode 100644
-index 0000000..94f4916
-Binary files /dev/null and b/fuzz/corpora/asn1/76579e818c3ed4dfecb8f3dee908d447123c8ba8 differ
-diff --git a/fuzz/corpora/asn1/76f5fbbe0340445a16ed71b8b3f1d2af6393d50b b/fuzz/corpora/asn1/76f5fbbe0340445a16ed71b8b3f1d2af6393d50b
-new file mode 100644
-index 0000000..cf49ddb
-Binary files /dev/null and b/fuzz/corpora/asn1/76f5fbbe0340445a16ed71b8b3f1d2af6393d50b differ
-diff --git a/fuzz/corpora/asn1/773ca70f3b9bb09f4a5255d769756be7d57234a0 b/fuzz/corpora/asn1/773ca70f3b9bb09f4a5255d769756be7d57234a0
-new file mode 100644
-index 0000000..3489536
-Binary files /dev/null and b/fuzz/corpora/asn1/773ca70f3b9bb09f4a5255d769756be7d57234a0 differ
-diff --git a/fuzz/corpora/asn1/774786bd08bce61feaa96355c44d98131a1d1440 b/fuzz/corpora/asn1/774786bd08bce61feaa96355c44d98131a1d1440
-new file mode 100644
-index 0000000..8d869d0
-Binary files /dev/null and b/fuzz/corpora/asn1/774786bd08bce61feaa96355c44d98131a1d1440 differ
-diff --git a/fuzz/corpora/asn1/7781995f3330a985d4669b4ba90a08cac1245dac b/fuzz/corpora/asn1/7781995f3330a985d4669b4ba90a08cac1245dac
-new file mode 100644
-index 0000000..5481531
-Binary files /dev/null and b/fuzz/corpora/asn1/7781995f3330a985d4669b4ba90a08cac1245dac differ
-diff --git a/fuzz/corpora/asn1/779a1b62f75fef70234b0488e852ef9ba7aef9eb b/fuzz/corpora/asn1/779a1b62f75fef70234b0488e852ef9ba7aef9eb
-new file mode 100644
-index 0000000..357a535
-Binary files /dev/null and b/fuzz/corpora/asn1/779a1b62f75fef70234b0488e852ef9ba7aef9eb differ
-diff --git a/fuzz/corpora/asn1/77fa694ee6a8933d8a45b4acbfa99f305bd4ba5e b/fuzz/corpora/asn1/77fa694ee6a8933d8a45b4acbfa99f305bd4ba5e
-new file mode 100644
-index 0000000..2d81425
-Binary files /dev/null and b/fuzz/corpora/asn1/77fa694ee6a8933d8a45b4acbfa99f305bd4ba5e differ
-diff --git a/fuzz/corpora/asn1/784e62a345a422126b86285f19d9c8a148714d1d b/fuzz/corpora/asn1/784e62a345a422126b86285f19d9c8a148714d1d
-new file mode 100644
-index 0000000..be040b4
-Binary files /dev/null and b/fuzz/corpora/asn1/784e62a345a422126b86285f19d9c8a148714d1d differ
-diff --git a/fuzz/corpora/asn1/78b385be3402a90b215d5eb47593f1d236ea4b1f b/fuzz/corpora/asn1/78b385be3402a90b215d5eb47593f1d236ea4b1f
-new file mode 100644
-index 0000000..a129b36
-Binary files /dev/null and b/fuzz/corpora/asn1/78b385be3402a90b215d5eb47593f1d236ea4b1f differ
-diff --git a/fuzz/corpora/asn1/7974aedf1c3d8b6100f72387f8fcdc08507f9f3d b/fuzz/corpora/asn1/7974aedf1c3d8b6100f72387f8fcdc08507f9f3d
-new file mode 100644
-index 0000000..1c796b0
-Binary files /dev/null and b/fuzz/corpora/asn1/7974aedf1c3d8b6100f72387f8fcdc08507f9f3d differ
-diff --git a/fuzz/corpora/asn1/79e4309f5a0a248ac327c35d7a51b0f6a336bb3a b/fuzz/corpora/asn1/79e4309f5a0a248ac327c35d7a51b0f6a336bb3a
-new file mode 100644
-index 0000000..819e7f4
-Binary files /dev/null and b/fuzz/corpora/asn1/79e4309f5a0a248ac327c35d7a51b0f6a336bb3a differ
-diff --git a/fuzz/corpora/asn1/7a122d256eea2d89fcd7abcdf24fdd35933ba68b b/fuzz/corpora/asn1/7a122d256eea2d89fcd7abcdf24fdd35933ba68b
-new file mode 100644
-index 0000000..c27c9f6
-Binary files /dev/null and b/fuzz/corpora/asn1/7a122d256eea2d89fcd7abcdf24fdd35933ba68b differ
-diff --git a/fuzz/corpora/asn1/7a369aef952b5e4be40ce8caa890c9194e53dd7f b/fuzz/corpora/asn1/7a369aef952b5e4be40ce8caa890c9194e53dd7f
-new file mode 100644
-index 0000000..a4152b3
-Binary files /dev/null and b/fuzz/corpora/asn1/7a369aef952b5e4be40ce8caa890c9194e53dd7f differ
-diff --git a/fuzz/corpora/asn1/7aa94232655a15bc21241d6e1271e06e4b2d7229 b/fuzz/corpora/asn1/7aa94232655a15bc21241d6e1271e06e4b2d7229
-new file mode 100644
-index 0000000..8e35923
-Binary files /dev/null and b/fuzz/corpora/asn1/7aa94232655a15bc21241d6e1271e06e4b2d7229 differ
-diff --git a/fuzz/corpora/asn1/7b3678849faeb8f8e4d04309621a4114dc7c77e1 b/fuzz/corpora/asn1/7b3678849faeb8f8e4d04309621a4114dc7c77e1
-new file mode 100644
-index 0000000..42a526b
-Binary files /dev/null and b/fuzz/corpora/asn1/7b3678849faeb8f8e4d04309621a4114dc7c77e1 differ
-diff --git a/fuzz/corpora/asn1/7ba0ef01ab4c2976fc08a6aef52a8c27e7761478 b/fuzz/corpora/asn1/7ba0ef01ab4c2976fc08a6aef52a8c27e7761478
-new file mode 100644
-index 0000000..ef7cde6
-Binary files /dev/null and b/fuzz/corpora/asn1/7ba0ef01ab4c2976fc08a6aef52a8c27e7761478 differ
-diff --git a/fuzz/corpora/asn1/7ca0d3944d78f58d41775fe01511ec2153292d25 b/fuzz/corpora/asn1/7ca0d3944d78f58d41775fe01511ec2153292d25
-new file mode 100644
-index 0000000..53a77e3
-Binary files /dev/null and b/fuzz/corpora/asn1/7ca0d3944d78f58d41775fe01511ec2153292d25 differ
-diff --git a/fuzz/corpora/asn1/7de8c7aa4c34d4ecb59ed356c6a91dc4ff8b0781 b/fuzz/corpora/asn1/7de8c7aa4c34d4ecb59ed356c6a91dc4ff8b0781
-new file mode 100644
-index 0000000..984c49c
-Binary files /dev/null and b/fuzz/corpora/asn1/7de8c7aa4c34d4ecb59ed356c6a91dc4ff8b0781 differ
-diff --git a/fuzz/corpora/asn1/7e6f4ca47e70a0be99e51d8267f24c08bebf9208 b/fuzz/corpora/asn1/7e6f4ca47e70a0be99e51d8267f24c08bebf9208
-new file mode 100644
-index 0000000..9a17aec
-Binary files /dev/null and b/fuzz/corpora/asn1/7e6f4ca47e70a0be99e51d8267f24c08bebf9208 differ
-diff --git a/fuzz/corpora/asn1/7e7fe83f6b3e6823801407b24da08b31ce802bdd b/fuzz/corpora/asn1/7e7fe83f6b3e6823801407b24da08b31ce802bdd
-new file mode 100644
-index 0000000..2b5a61d
-Binary files /dev/null and b/fuzz/corpora/asn1/7e7fe83f6b3e6823801407b24da08b31ce802bdd differ
-diff --git a/fuzz/corpora/asn1/7e8646694ff239b0f8c844cd3ca54728bf175786 b/fuzz/corpora/asn1/7e8646694ff239b0f8c844cd3ca54728bf175786
-new file mode 100644
-index 0000000..b813b6c
-Binary files /dev/null and b/fuzz/corpora/asn1/7e8646694ff239b0f8c844cd3ca54728bf175786 differ
-diff --git a/fuzz/corpora/asn1/7efe71af0da3d1adbc68617979f5878e0aad2c10 b/fuzz/corpora/asn1/7efe71af0da3d1adbc68617979f5878e0aad2c10
-new file mode 100644
-index 0000000..f6f451b
-Binary files /dev/null and b/fuzz/corpora/asn1/7efe71af0da3d1adbc68617979f5878e0aad2c10 differ
-diff --git a/fuzz/corpora/asn1/7f11b84404d7b3b945ccf797eb94daa8af5cb13b b/fuzz/corpora/asn1/7f11b84404d7b3b945ccf797eb94daa8af5cb13b
-new file mode 100644
-index 0000000..959e0fa
-Binary files /dev/null and b/fuzz/corpora/asn1/7f11b84404d7b3b945ccf797eb94daa8af5cb13b differ
-diff --git a/fuzz/corpora/asn1/7f95d95afdfc580754b2503704e8d44856827194 b/fuzz/corpora/asn1/7f95d95afdfc580754b2503704e8d44856827194
-new file mode 100644
-index 0000000..e83a617
-Binary files /dev/null and b/fuzz/corpora/asn1/7f95d95afdfc580754b2503704e8d44856827194 differ
-diff --git a/fuzz/corpora/asn1/7fa64d33883e91ef4ed0cca054c4944e7f90e90a b/fuzz/corpora/asn1/7fa64d33883e91ef4ed0cca054c4944e7f90e90a
-new file mode 100644
-index 0000000..24a01a4
-Binary files /dev/null and b/fuzz/corpora/asn1/7fa64d33883e91ef4ed0cca054c4944e7f90e90a differ
-diff --git a/fuzz/corpora/asn1/804b242d339d81c62c7e6b3b6af5328e525ca232 b/fuzz/corpora/asn1/804b242d339d81c62c7e6b3b6af5328e525ca232
-new file mode 100644
-index 0000000..9ec1587
-Binary files /dev/null and b/fuzz/corpora/asn1/804b242d339d81c62c7e6b3b6af5328e525ca232 differ
-diff --git a/fuzz/corpora/asn1/80509a6155e130dbea9cc9ca1cb2b6722e3eb779 b/fuzz/corpora/asn1/80509a6155e130dbea9cc9ca1cb2b6722e3eb779
-new file mode 100644
-index 0000000..2aaebb2
-Binary files /dev/null and b/fuzz/corpora/asn1/80509a6155e130dbea9cc9ca1cb2b6722e3eb779 differ
-diff --git a/fuzz/corpora/asn1/80f823e9dc4b13f998c4289d84036cc5fa3ae74e b/fuzz/corpora/asn1/80f823e9dc4b13f998c4289d84036cc5fa3ae74e
-new file mode 100644
-index 0000000..662fc91
-Binary files /dev/null and b/fuzz/corpora/asn1/80f823e9dc4b13f998c4289d84036cc5fa3ae74e differ
-diff --git a/fuzz/corpora/asn1/823976e4af54c438ef3c07f9d9ec9678636a8cbf b/fuzz/corpora/asn1/823976e4af54c438ef3c07f9d9ec9678636a8cbf
-new file mode 100644
-index 0000000..33c79d3
-Binary files /dev/null and b/fuzz/corpora/asn1/823976e4af54c438ef3c07f9d9ec9678636a8cbf differ
-diff --git a/fuzz/corpora/asn1/82493e385e3b648d668c095afa8dde9f7fb9425b b/fuzz/corpora/asn1/82493e385e3b648d668c095afa8dde9f7fb9425b
-new file mode 100644
-index 0000000..3bd8c6b
-Binary files /dev/null and b/fuzz/corpora/asn1/82493e385e3b648d668c095afa8dde9f7fb9425b differ
-diff --git a/fuzz/corpora/asn1/8257c80f9604ef480bc1cd5eb408e441c90b63b2 b/fuzz/corpora/asn1/8257c80f9604ef480bc1cd5eb408e441c90b63b2
-new file mode 100644
-index 0000000..f4143b7
-Binary files /dev/null and b/fuzz/corpora/asn1/8257c80f9604ef480bc1cd5eb408e441c90b63b2 differ
-diff --git a/fuzz/corpora/asn1/82af118d30d485727b66c7f39f6d63d030556063 b/fuzz/corpora/asn1/82af118d30d485727b66c7f39f6d63d030556063
-new file mode 100644
-index 0000000..d92454b
-Binary files /dev/null and b/fuzz/corpora/asn1/82af118d30d485727b66c7f39f6d63d030556063 differ
-diff --git a/fuzz/corpora/asn1/82d2fe81d12bb0c2e3135d7c10c31c486022a52b b/fuzz/corpora/asn1/82d2fe81d12bb0c2e3135d7c10c31c486022a52b
-new file mode 100644
-index 0000000..155a9a8
-Binary files /dev/null and b/fuzz/corpora/asn1/82d2fe81d12bb0c2e3135d7c10c31c486022a52b differ
-diff --git a/fuzz/corpora/asn1/82ef97d7d4381a9425d25fa6e2da9626efdf4007 b/fuzz/corpora/asn1/82ef97d7d4381a9425d25fa6e2da9626efdf4007
-new file mode 100644
-index 0000000..a39fd3b
-Binary files /dev/null and b/fuzz/corpora/asn1/82ef97d7d4381a9425d25fa6e2da9626efdf4007 differ
-diff --git a/fuzz/corpora/asn1/82fe66bc75c49db8ba459e1fd205810bfa8110c6 b/fuzz/corpora/asn1/82fe66bc75c49db8ba459e1fd205810bfa8110c6
-new file mode 100644
-index 0000000..9811496
-Binary files /dev/null and b/fuzz/corpora/asn1/82fe66bc75c49db8ba459e1fd205810bfa8110c6 differ
-diff --git a/fuzz/corpora/asn1/830600aea01af457b490d480883617472f857f15 b/fuzz/corpora/asn1/830600aea01af457b490d480883617472f857f15
-new file mode 100644
-index 0000000..850de61
-Binary files /dev/null and b/fuzz/corpora/asn1/830600aea01af457b490d480883617472f857f15 differ
-diff --git a/fuzz/corpora/asn1/8333671e838436179396036bd885b5ef2a821e7b b/fuzz/corpora/asn1/8333671e838436179396036bd885b5ef2a821e7b
-new file mode 100644
-index 0000000..a80b95c
-Binary files /dev/null and b/fuzz/corpora/asn1/8333671e838436179396036bd885b5ef2a821e7b differ
-diff --git a/fuzz/corpora/asn1/84249c956490bba3589a5082e89412f41ed037d0 b/fuzz/corpora/asn1/84249c956490bba3589a5082e89412f41ed037d0
-new file mode 100644
-index 0000000..10e43e7
-Binary files /dev/null and b/fuzz/corpora/asn1/84249c956490bba3589a5082e89412f41ed037d0 differ
-diff --git a/fuzz/corpora/asn1/8431cb6d64ae0269b5ecea31e3b561ce60949261 b/fuzz/corpora/asn1/8431cb6d64ae0269b5ecea31e3b561ce60949261
-new file mode 100644
-index 0000000..48b2a60
-Binary files /dev/null and b/fuzz/corpora/asn1/8431cb6d64ae0269b5ecea31e3b561ce60949261 differ
-diff --git a/fuzz/corpora/asn1/84cd6d0c9e78c2bce24633a3dd3e542ab0c8a1e5 b/fuzz/corpora/asn1/84cd6d0c9e78c2bce24633a3dd3e542ab0c8a1e5
-new file mode 100644
-index 0000000..ce635a7
-Binary files /dev/null and b/fuzz/corpora/asn1/84cd6d0c9e78c2bce24633a3dd3e542ab0c8a1e5 differ
-diff --git a/fuzz/corpora/asn1/85572d4495136eaee0654eb4b0f053e932b2a0a7 b/fuzz/corpora/asn1/85572d4495136eaee0654eb4b0f053e932b2a0a7
-new file mode 100644
-index 0000000..d4f3083
-Binary files /dev/null and b/fuzz/corpora/asn1/85572d4495136eaee0654eb4b0f053e932b2a0a7 differ
-diff --git a/fuzz/corpora/asn1/85c7cbdc6c0705935c687bbe191e7c8ae03d1228 b/fuzz/corpora/asn1/85c7cbdc6c0705935c687bbe191e7c8ae03d1228
-new file mode 100644
-index 0000000..38ba4b3
-Binary files /dev/null and b/fuzz/corpora/asn1/85c7cbdc6c0705935c687bbe191e7c8ae03d1228 differ
-diff --git a/fuzz/corpora/asn1/85cb27ff195a3f2a1e7240a3bfe698b6b5c16915 b/fuzz/corpora/asn1/85cb27ff195a3f2a1e7240a3bfe698b6b5c16915
-new file mode 100644
-index 0000000..700370f
-Binary files /dev/null and b/fuzz/corpora/asn1/85cb27ff195a3f2a1e7240a3bfe698b6b5c16915 differ
-diff --git a/fuzz/corpora/asn1/8644cac95ed5395b19d840af70a4e659d83cc1d6 b/fuzz/corpora/asn1/8644cac95ed5395b19d840af70a4e659d83cc1d6
-new file mode 100644
-index 0000000..c4bc3df
-Binary files /dev/null and b/fuzz/corpora/asn1/8644cac95ed5395b19d840af70a4e659d83cc1d6 differ
-diff --git a/fuzz/corpora/asn1/86b23a65c38cd68fedcea976dae2523ac273214b b/fuzz/corpora/asn1/86b23a65c38cd68fedcea976dae2523ac273214b
-new file mode 100644
-index 0000000..a529eca
-Binary files /dev/null and b/fuzz/corpora/asn1/86b23a65c38cd68fedcea976dae2523ac273214b differ
-diff --git a/fuzz/corpora/asn1/87816bf6fc274d0b97e6177a9dda31c9b6e06d80 b/fuzz/corpora/asn1/87816bf6fc274d0b97e6177a9dda31c9b6e06d80
-new file mode 100644
-index 0000000..91cb3f7
-Binary files /dev/null and b/fuzz/corpora/asn1/87816bf6fc274d0b97e6177a9dda31c9b6e06d80 differ
-diff --git a/fuzz/corpora/asn1/87ff2af32fae5bf6dc911b0b2c2190466299f3e4 b/fuzz/corpora/asn1/87ff2af32fae5bf6dc911b0b2c2190466299f3e4
-new file mode 100644
-index 0000000..bfdedad
-Binary files /dev/null and b/fuzz/corpora/asn1/87ff2af32fae5bf6dc911b0b2c2190466299f3e4 differ
-diff --git a/fuzz/corpora/asn1/8860687467d460c068b88efa0dc86c69712e6920 b/fuzz/corpora/asn1/8860687467d460c068b88efa0dc86c69712e6920
-new file mode 100644
-index 0000000..386ac74
-Binary files /dev/null and b/fuzz/corpora/asn1/8860687467d460c068b88efa0dc86c69712e6920 differ
-diff --git a/fuzz/corpora/asn1/89d8ec9aa70e23e6d58499de4b7912bbaceb1af1 b/fuzz/corpora/asn1/89d8ec9aa70e23e6d58499de4b7912bbaceb1af1
-new file mode 100644
-index 0000000..b7331b4
-Binary files /dev/null and b/fuzz/corpora/asn1/89d8ec9aa70e23e6d58499de4b7912bbaceb1af1 differ
-diff --git a/fuzz/corpora/asn1/8a3f3de0d02fb96a2df34ab4f46bed19dcc7b2ea b/fuzz/corpora/asn1/8a3f3de0d02fb96a2df34ab4f46bed19dcc7b2ea
-new file mode 100644
-index 0000000..210fd96
-Binary files /dev/null and b/fuzz/corpora/asn1/8a3f3de0d02fb96a2df34ab4f46bed19dcc7b2ea differ
-diff --git a/fuzz/corpora/asn1/8ab441d40455aafe54351f3552b9ee5c2a8504ae b/fuzz/corpora/asn1/8ab441d40455aafe54351f3552b9ee5c2a8504ae
-new file mode 100644
-index 0000000..041e55f
-Binary files /dev/null and b/fuzz/corpora/asn1/8ab441d40455aafe54351f3552b9ee5c2a8504ae differ
-diff --git a/fuzz/corpora/asn1/8ab54e13e34af68607762f703debdfe340d8b3db b/fuzz/corpora/asn1/8ab54e13e34af68607762f703debdfe340d8b3db
-new file mode 100644
-index 0000000..df16822
-Binary files /dev/null and b/fuzz/corpora/asn1/8ab54e13e34af68607762f703debdfe340d8b3db differ
-diff --git a/fuzz/corpora/asn1/8ac98f7b5af304a200250b97a7d07313027589be b/fuzz/corpora/asn1/8ac98f7b5af304a200250b97a7d07313027589be
-new file mode 100644
-index 0000000..ab07cd7
-Binary files /dev/null and b/fuzz/corpora/asn1/8ac98f7b5af304a200250b97a7d07313027589be differ
-diff --git a/fuzz/corpora/asn1/8add3836f2a979722a969248ce4e4ac957ce5df9 b/fuzz/corpora/asn1/8add3836f2a979722a969248ce4e4ac957ce5df9
-new file mode 100644
-index 0000000..a83396a
-Binary files /dev/null and b/fuzz/corpora/asn1/8add3836f2a979722a969248ce4e4ac957ce5df9 differ
-diff --git a/fuzz/corpora/asn1/8b086d4948ddf04aef2b1a293e0f9eb137b7ac13 b/fuzz/corpora/asn1/8b086d4948ddf04aef2b1a293e0f9eb137b7ac13
-new file mode 100644
-index 0000000..877a622
-Binary files /dev/null and b/fuzz/corpora/asn1/8b086d4948ddf04aef2b1a293e0f9eb137b7ac13 differ
-diff --git a/fuzz/corpora/asn1/8b5eae71187d1d38aaf2f9a819f770e0c955db2b b/fuzz/corpora/asn1/8b5eae71187d1d38aaf2f9a819f770e0c955db2b
-new file mode 100644
-index 0000000..aba8c5f
-Binary files /dev/null and b/fuzz/corpora/asn1/8b5eae71187d1d38aaf2f9a819f770e0c955db2b differ
-diff --git a/fuzz/corpora/asn1/8c180d269ec9eefdeb88386b7cca321b3fb96e39 b/fuzz/corpora/asn1/8c180d269ec9eefdeb88386b7cca321b3fb96e39
-new file mode 100644
-index 0000000..4f37372
-Binary files /dev/null and b/fuzz/corpora/asn1/8c180d269ec9eefdeb88386b7cca321b3fb96e39 differ
-diff --git a/fuzz/corpora/asn1/8c62a4350f7dc95e057182f47e4d8e0c7b80465c b/fuzz/corpora/asn1/8c62a4350f7dc95e057182f47e4d8e0c7b80465c
-new file mode 100644
-index 0000000..9b830df
-Binary files /dev/null and b/fuzz/corpora/asn1/8c62a4350f7dc95e057182f47e4d8e0c7b80465c differ
-diff --git a/fuzz/corpora/asn1/8c684269cc6256b23e1eeb76bd350689db421ee6 b/fuzz/corpora/asn1/8c684269cc6256b23e1eeb76bd350689db421ee6
-new file mode 100644
-index 0000000..40a8dbf
-Binary files /dev/null and b/fuzz/corpora/asn1/8c684269cc6256b23e1eeb76bd350689db421ee6 differ
-diff --git a/fuzz/corpora/asn1/8c7e46731ac5668b084d5b5d044a9efaea203301 b/fuzz/corpora/asn1/8c7e46731ac5668b084d5b5d044a9efaea203301
-new file mode 100644
-index 0000000..9398a1d
-Binary files /dev/null and b/fuzz/corpora/asn1/8c7e46731ac5668b084d5b5d044a9efaea203301 differ
-diff --git a/fuzz/corpora/asn1/8c8120b8201acd4e86277012e7c4f871e20bdd9e b/fuzz/corpora/asn1/8c8120b8201acd4e86277012e7c4f871e20bdd9e
-new file mode 100644
-index 0000000..64a23c4
-Binary files /dev/null and b/fuzz/corpora/asn1/8c8120b8201acd4e86277012e7c4f871e20bdd9e differ
-diff --git a/fuzz/corpora/asn1/8cbfd99799af52f40d13100df83608c8d7d9024f b/fuzz/corpora/asn1/8cbfd99799af52f40d13100df83608c8d7d9024f
-new file mode 100644
-index 0000000..04fa1cc
-Binary files /dev/null and b/fuzz/corpora/asn1/8cbfd99799af52f40d13100df83608c8d7d9024f differ
-diff --git a/fuzz/corpora/asn1/8cf9832a30b3b848b1150b30319824a3dae1a2a6 b/fuzz/corpora/asn1/8cf9832a30b3b848b1150b30319824a3dae1a2a6
-new file mode 100644
-index 0000000..d30fecf
-Binary files /dev/null and b/fuzz/corpora/asn1/8cf9832a30b3b848b1150b30319824a3dae1a2a6 differ
-diff --git a/fuzz/corpora/asn1/8d75f73f43f7d1c5bd1f7039cbf54f68ed3efb6b b/fuzz/corpora/asn1/8d75f73f43f7d1c5bd1f7039cbf54f68ed3efb6b
-new file mode 100644
-index 0000000..00b857a
-Binary files /dev/null and b/fuzz/corpora/asn1/8d75f73f43f7d1c5bd1f7039cbf54f68ed3efb6b differ
-diff --git a/fuzz/corpora/asn1/8d9f29da4f36be31ecd5b362163c83b1df9f029b b/fuzz/corpora/asn1/8d9f29da4f36be31ecd5b362163c83b1df9f029b
-new file mode 100644
-index 0000000..0bdef0b
-Binary files /dev/null and b/fuzz/corpora/asn1/8d9f29da4f36be31ecd5b362163c83b1df9f029b differ
-diff --git a/fuzz/corpora/asn1/8dc59cab591fc37500834cd73d72c42cf265501b b/fuzz/corpora/asn1/8dc59cab591fc37500834cd73d72c42cf265501b
-new file mode 100644
-index 0000000..3015a79
-Binary files /dev/null and b/fuzz/corpora/asn1/8dc59cab591fc37500834cd73d72c42cf265501b differ
-diff --git a/fuzz/corpora/asn1/8dda726e1b06a53b8bc931fefd125f89af63dcda b/fuzz/corpora/asn1/8dda726e1b06a53b8bc931fefd125f89af63dcda
-new file mode 100644
-index 0000000..19f3723
-Binary files /dev/null and b/fuzz/corpora/asn1/8dda726e1b06a53b8bc931fefd125f89af63dcda differ
-diff --git a/fuzz/corpora/asn1/8ded6eb87ab6a567bc01319f7df216e6af2ee837 b/fuzz/corpora/asn1/8ded6eb87ab6a567bc01319f7df216e6af2ee837
-new file mode 100644
-index 0000000..dd5b528
-Binary files /dev/null and b/fuzz/corpora/asn1/8ded6eb87ab6a567bc01319f7df216e6af2ee837 differ
-diff --git a/fuzz/corpora/asn1/8e6035b597d6f72c7e9d0444f1cfb4696b445cc6 b/fuzz/corpora/asn1/8e6035b597d6f72c7e9d0444f1cfb4696b445cc6
-new file mode 100644
-index 0000000..8a3c62d
-Binary files /dev/null and b/fuzz/corpora/asn1/8e6035b597d6f72c7e9d0444f1cfb4696b445cc6 differ
-diff --git a/fuzz/corpora/asn1/8efe96e9cc150434397d75336a86cc4669ffa04a b/fuzz/corpora/asn1/8efe96e9cc150434397d75336a86cc4669ffa04a
-new file mode 100644
-index 0000000..36e9c4f
-Binary files /dev/null and b/fuzz/corpora/asn1/8efe96e9cc150434397d75336a86cc4669ffa04a differ
-diff --git a/fuzz/corpora/asn1/8f34e1680371f1abd5c6ae2ef51dc97c2ce9193d b/fuzz/corpora/asn1/8f34e1680371f1abd5c6ae2ef51dc97c2ce9193d
-new file mode 100644
-index 0000000..f39a502
-Binary files /dev/null and b/fuzz/corpora/asn1/8f34e1680371f1abd5c6ae2ef51dc97c2ce9193d differ
-diff --git a/fuzz/corpora/asn1/902064d161ecaa804752939e835ce71c8083cb7d b/fuzz/corpora/asn1/902064d161ecaa804752939e835ce71c8083cb7d
-new file mode 100644
-index 0000000..88d6030
-Binary files /dev/null and b/fuzz/corpora/asn1/902064d161ecaa804752939e835ce71c8083cb7d differ
-diff --git a/fuzz/corpora/asn1/9029c44315b823b93d065e64587913d614b848be b/fuzz/corpora/asn1/9029c44315b823b93d065e64587913d614b848be
-new file mode 100644
-index 0000000..8264876
-Binary files /dev/null and b/fuzz/corpora/asn1/9029c44315b823b93d065e64587913d614b848be differ
-diff --git a/fuzz/corpora/asn1/902c37754afaf62cf4e8c1e45ff94c99787d4a79 b/fuzz/corpora/asn1/902c37754afaf62cf4e8c1e45ff94c99787d4a79
-new file mode 100644
-index 0000000..ebedc8c
-Binary files /dev/null and b/fuzz/corpora/asn1/902c37754afaf62cf4e8c1e45ff94c99787d4a79 differ
-diff --git a/fuzz/corpora/asn1/90b8394c85fbc62fcffa03170146905eda00f96b b/fuzz/corpora/asn1/90b8394c85fbc62fcffa03170146905eda00f96b
-new file mode 100644
-index 0000000..aaf386f
-Binary files /dev/null and b/fuzz/corpora/asn1/90b8394c85fbc62fcffa03170146905eda00f96b differ
-diff --git a/fuzz/corpora/asn1/90e450a84161f2fc5f63aaf474199a1527375dd0 b/fuzz/corpora/asn1/90e450a84161f2fc5f63aaf474199a1527375dd0
-new file mode 100644
-index 0000000..190deda
-Binary files /dev/null and b/fuzz/corpora/asn1/90e450a84161f2fc5f63aaf474199a1527375dd0 differ
-diff --git a/fuzz/corpora/asn1/90ffbc5b177474f6c6ced2dbe3af46daa9e2e6bc b/fuzz/corpora/asn1/90ffbc5b177474f6c6ced2dbe3af46daa9e2e6bc
-new file mode 100644
-index 0000000..49338f4
-Binary files /dev/null and b/fuzz/corpora/asn1/90ffbc5b177474f6c6ced2dbe3af46daa9e2e6bc differ
-diff --git a/fuzz/corpora/asn1/917c46fb5b46fa92b2ad4d8470ce1106caf7654f b/fuzz/corpora/asn1/917c46fb5b46fa92b2ad4d8470ce1106caf7654f
-new file mode 100644
-index 0000000..d2e1f44
-Binary files /dev/null and b/fuzz/corpora/asn1/917c46fb5b46fa92b2ad4d8470ce1106caf7654f differ
-diff --git a/fuzz/corpora/asn1/94caffa0d76f1a8c4b2e95d23222b1493c9bbb35 b/fuzz/corpora/asn1/94caffa0d76f1a8c4b2e95d23222b1493c9bbb35
-new file mode 100644
-index 0000000..3b3c9a1
-Binary files /dev/null and b/fuzz/corpora/asn1/94caffa0d76f1a8c4b2e95d23222b1493c9bbb35 differ
-diff --git a/fuzz/corpora/asn1/94e00b6b8275402bba83e2a5b8f8ec3cf8074d96 b/fuzz/corpora/asn1/94e00b6b8275402bba83e2a5b8f8ec3cf8074d96
-new file mode 100644
-index 0000000..b08ec52
-Binary files /dev/null and b/fuzz/corpora/asn1/94e00b6b8275402bba83e2a5b8f8ec3cf8074d96 differ
-diff --git a/fuzz/corpora/asn1/95626febd84d77331f02725fba7abe5e92a3a880 b/fuzz/corpora/asn1/95626febd84d77331f02725fba7abe5e92a3a880
-new file mode 100644
-index 0000000..38302d1
-Binary files /dev/null and b/fuzz/corpora/asn1/95626febd84d77331f02725fba7abe5e92a3a880 differ
-diff --git a/fuzz/corpora/asn1/95ae794899a46a3cfae1ee8feeee0bd955082c57 b/fuzz/corpora/asn1/95ae794899a46a3cfae1ee8feeee0bd955082c57
-new file mode 100644
-index 0000000..8b2c567
-Binary files /dev/null and b/fuzz/corpora/asn1/95ae794899a46a3cfae1ee8feeee0bd955082c57 differ
-diff --git a/fuzz/corpora/asn1/961ee1e29c154830670a596a684bc13c0ea6160e b/fuzz/corpora/asn1/961ee1e29c154830670a596a684bc13c0ea6160e
-new file mode 100644
-index 0000000..638b0aa
-Binary files /dev/null and b/fuzz/corpora/asn1/961ee1e29c154830670a596a684bc13c0ea6160e differ
-diff --git a/fuzz/corpora/asn1/96233cfd5ef0bedcaea62a51341b9415b9cc1edb b/fuzz/corpora/asn1/96233cfd5ef0bedcaea62a51341b9415b9cc1edb
-new file mode 100644
-index 0000000..f8b32ae
-Binary files /dev/null and b/fuzz/corpora/asn1/96233cfd5ef0bedcaea62a51341b9415b9cc1edb differ
-diff --git a/fuzz/corpora/asn1/9667d92e68f9724a5973e6cc48fd9669727db8cf b/fuzz/corpora/asn1/9667d92e68f9724a5973e6cc48fd9669727db8cf
-new file mode 100644
-index 0000000..397794a
-Binary files /dev/null and b/fuzz/corpora/asn1/9667d92e68f9724a5973e6cc48fd9669727db8cf differ
-diff --git a/fuzz/corpora/asn1/96b6c1c415b27dc04d509c7b13c35069c0c1f4bd b/fuzz/corpora/asn1/96b6c1c415b27dc04d509c7b13c35069c0c1f4bd
-new file mode 100644
-index 0000000..6bcfca6
-Binary files /dev/null and b/fuzz/corpora/asn1/96b6c1c415b27dc04d509c7b13c35069c0c1f4bd differ
-diff --git a/fuzz/corpora/asn1/96d999250ee8b43c5cb3e893420158647bd4e3cd b/fuzz/corpora/asn1/96d999250ee8b43c5cb3e893420158647bd4e3cd
-new file mode 100644
-index 0000000..6730548
-Binary files /dev/null and b/fuzz/corpora/asn1/96d999250ee8b43c5cb3e893420158647bd4e3cd differ
-diff --git a/fuzz/corpora/asn1/9731883d270bb659b3598bc292b477c8293c4436 b/fuzz/corpora/asn1/9731883d270bb659b3598bc292b477c8293c4436
-new file mode 100644
-index 0000000..bc20b20
-Binary files /dev/null and b/fuzz/corpora/asn1/9731883d270bb659b3598bc292b477c8293c4436 differ
-diff --git a/fuzz/corpora/asn1/979aa8aee513b11e723228cd376053c7ef672f19 b/fuzz/corpora/asn1/979aa8aee513b11e723228cd376053c7ef672f19
-new file mode 100644
-index 0000000..f94ab55
-Binary files /dev/null and b/fuzz/corpora/asn1/979aa8aee513b11e723228cd376053c7ef672f19 differ
-diff --git a/fuzz/corpora/asn1/97bccdbb167af8f30b26e0ebc2a9da1b441738d5 b/fuzz/corpora/asn1/97bccdbb167af8f30b26e0ebc2a9da1b441738d5
-new file mode 100644
-index 0000000..80879d4
-Binary files /dev/null and b/fuzz/corpora/asn1/97bccdbb167af8f30b26e0ebc2a9da1b441738d5 differ
-diff --git a/fuzz/corpora/asn1/97ef34e9e4abe05f3dab82fd2aa645b1cbb89d91 b/fuzz/corpora/asn1/97ef34e9e4abe05f3dab82fd2aa645b1cbb89d91
-new file mode 100644
-index 0000000..73d3f22
-Binary files /dev/null and b/fuzz/corpora/asn1/97ef34e9e4abe05f3dab82fd2aa645b1cbb89d91 differ
-diff --git a/fuzz/corpora/asn1/981e6fd89148e6d89e60179caa27867d40cc14ae b/fuzz/corpora/asn1/981e6fd89148e6d89e60179caa27867d40cc14ae
-new file mode 100644
-index 0000000..3e0bf5a
-Binary files /dev/null and b/fuzz/corpora/asn1/981e6fd89148e6d89e60179caa27867d40cc14ae differ
-diff --git a/fuzz/corpora/asn1/988462d9eb543e051dfdf20545272e7a7f08babb b/fuzz/corpora/asn1/988462d9eb543e051dfdf20545272e7a7f08babb
-new file mode 100644
-index 0000000..2c7be7e
-Binary files /dev/null and b/fuzz/corpora/asn1/988462d9eb543e051dfdf20545272e7a7f08babb differ
-diff --git a/fuzz/corpora/asn1/98c0616408e0496e1f962fe0c5f981d54f149767 b/fuzz/corpora/asn1/98c0616408e0496e1f962fe0c5f981d54f149767
-new file mode 100644
-index 0000000..9d3e624
-Binary files /dev/null and b/fuzz/corpora/asn1/98c0616408e0496e1f962fe0c5f981d54f149767 differ
-diff --git a/fuzz/corpora/asn1/99e40270dc37204b7fb3839917e43a68a0fb652e b/fuzz/corpora/asn1/99e40270dc37204b7fb3839917e43a68a0fb652e
-new file mode 100644
-index 0000000..acfc6cf
-Binary files /dev/null and b/fuzz/corpora/asn1/99e40270dc37204b7fb3839917e43a68a0fb652e differ
-diff --git a/fuzz/corpora/asn1/9aa47d903ebe90ff383d5e702bd630c75922657b b/fuzz/corpora/asn1/9aa47d903ebe90ff383d5e702bd630c75922657b
-new file mode 100644
-index 0000000..a6a26d1
-Binary files /dev/null and b/fuzz/corpora/asn1/9aa47d903ebe90ff383d5e702bd630c75922657b differ
-diff --git a/fuzz/corpora/asn1/9ac9fcd0cc01d409c084822b72e683941b81d5db b/fuzz/corpora/asn1/9ac9fcd0cc01d409c084822b72e683941b81d5db
-new file mode 100644
-index 0000000..bcc0b27
-Binary files /dev/null and b/fuzz/corpora/asn1/9ac9fcd0cc01d409c084822b72e683941b81d5db differ
-diff --git a/fuzz/corpora/asn1/9b13654bcb26e5265f3d40acd514374d58d312e9 b/fuzz/corpora/asn1/9b13654bcb26e5265f3d40acd514374d58d312e9
-new file mode 100644
-index 0000000..93a3655
-Binary files /dev/null and b/fuzz/corpora/asn1/9b13654bcb26e5265f3d40acd514374d58d312e9 differ
-diff --git a/fuzz/corpora/asn1/9b29e3be40c2a6d68bd6bc2aba0c1e02da1722b5 b/fuzz/corpora/asn1/9b29e3be40c2a6d68bd6bc2aba0c1e02da1722b5
-new file mode 100644
-index 0000000..534fffb
-Binary files /dev/null and b/fuzz/corpora/asn1/9b29e3be40c2a6d68bd6bc2aba0c1e02da1722b5 differ
-diff --git a/fuzz/corpora/asn1/9b2cba86e0b521bed51fc3cda40a4271fd18b780 b/fuzz/corpora/asn1/9b2cba86e0b521bed51fc3cda40a4271fd18b780
-new file mode 100644
-index 0000000..22ec331
-Binary files /dev/null and b/fuzz/corpora/asn1/9b2cba86e0b521bed51fc3cda40a4271fd18b780 differ
-diff --git a/fuzz/corpora/asn1/9b3ba3833a5b4cba37faac9857c6506bb14db7e7 b/fuzz/corpora/asn1/9b3ba3833a5b4cba37faac9857c6506bb14db7e7
-new file mode 100644
-index 0000000..627ebbe
-Binary files /dev/null and b/fuzz/corpora/asn1/9b3ba3833a5b4cba37faac9857c6506bb14db7e7 differ
-diff --git a/fuzz/corpora/asn1/9b99593353a610c4bee0d6a94a01a3296080c0fb b/fuzz/corpora/asn1/9b99593353a610c4bee0d6a94a01a3296080c0fb
-new file mode 100644
-index 0000000..5407bf3
-Binary files /dev/null and b/fuzz/corpora/asn1/9b99593353a610c4bee0d6a94a01a3296080c0fb differ
-diff --git a/fuzz/corpora/asn1/9ba071ea0d6b23ae22de1a88d5c91ec32c024b35 b/fuzz/corpora/asn1/9ba071ea0d6b23ae22de1a88d5c91ec32c024b35
-new file mode 100644
-index 0000000..bc67265
-Binary files /dev/null and b/fuzz/corpora/asn1/9ba071ea0d6b23ae22de1a88d5c91ec32c024b35 differ
-diff --git a/fuzz/corpora/asn1/9bc50a258e79f0e061128ce44acbe687a8ea344d b/fuzz/corpora/asn1/9bc50a258e79f0e061128ce44acbe687a8ea344d
-new file mode 100644
-index 0000000..03b8fbe
-Binary files /dev/null and b/fuzz/corpora/asn1/9bc50a258e79f0e061128ce44acbe687a8ea344d differ
-diff --git a/fuzz/corpora/asn1/9bc7139d4a38bf9abadbb260033272107b8d7989 b/fuzz/corpora/asn1/9bc7139d4a38bf9abadbb260033272107b8d7989
-new file mode 100644
-index 0000000..29d0e97
-Binary files /dev/null and b/fuzz/corpora/asn1/9bc7139d4a38bf9abadbb260033272107b8d7989 differ
-diff --git a/fuzz/corpora/asn1/9bd4fd517d4b1967628c0fff9a6f004512f04738 b/fuzz/corpora/asn1/9bd4fd517d4b1967628c0fff9a6f004512f04738
-new file mode 100644
-index 0000000..337f632
-Binary files /dev/null and b/fuzz/corpora/asn1/9bd4fd517d4b1967628c0fff9a6f004512f04738 differ
-diff --git a/fuzz/corpora/asn1/9bdbcff5f232e629ce0d657b11cb89d09de6801d b/fuzz/corpora/asn1/9bdbcff5f232e629ce0d657b11cb89d09de6801d
-new file mode 100644
-index 0000000..ab6fdfd
-Binary files /dev/null and b/fuzz/corpora/asn1/9bdbcff5f232e629ce0d657b11cb89d09de6801d differ
-diff --git a/fuzz/corpora/asn1/9bdcfcc7b299b2487af57c647b448527fc2020d5 b/fuzz/corpora/asn1/9bdcfcc7b299b2487af57c647b448527fc2020d5
-new file mode 100644
-index 0000000..bb2d726
-Binary files /dev/null and b/fuzz/corpora/asn1/9bdcfcc7b299b2487af57c647b448527fc2020d5 differ
-diff --git a/fuzz/corpora/asn1/9c099247096984f7dcb0496cde04297074a5f483 b/fuzz/corpora/asn1/9c099247096984f7dcb0496cde04297074a5f483
-new file mode 100644
-index 0000000..a4869c0
-Binary files /dev/null and b/fuzz/corpora/asn1/9c099247096984f7dcb0496cde04297074a5f483 differ
-diff --git a/fuzz/corpora/asn1/9c1755e2cf0da24945b1c32a84ed86ca57509d88 b/fuzz/corpora/asn1/9c1755e2cf0da24945b1c32a84ed86ca57509d88
-new file mode 100644
-index 0000000..d7636b1
-Binary files /dev/null and b/fuzz/corpora/asn1/9c1755e2cf0da24945b1c32a84ed86ca57509d88 differ
-diff --git a/fuzz/corpora/asn1/9d406bd08b7874c0e4deb7c002da2153b84ad186 b/fuzz/corpora/asn1/9d406bd08b7874c0e4deb7c002da2153b84ad186
-new file mode 100644
-index 0000000..5ada5a1
-Binary files /dev/null and b/fuzz/corpora/asn1/9d406bd08b7874c0e4deb7c002da2153b84ad186 differ
-diff --git a/fuzz/corpora/asn1/9d786125e731cd664fbec8e8f0bad6eed50c44af b/fuzz/corpora/asn1/9d786125e731cd664fbec8e8f0bad6eed50c44af
-new file mode 100644
-index 0000000..5b4a9b1
-Binary files /dev/null and b/fuzz/corpora/asn1/9d786125e731cd664fbec8e8f0bad6eed50c44af differ
-diff --git a/fuzz/corpora/asn1/9d92d963300c0891362f6a0e7af5b2b2e2226c5e b/fuzz/corpora/asn1/9d92d963300c0891362f6a0e7af5b2b2e2226c5e
-new file mode 100644
-index 0000000..d76c696
-Binary files /dev/null and b/fuzz/corpora/asn1/9d92d963300c0891362f6a0e7af5b2b2e2226c5e differ
-diff --git a/fuzz/corpora/asn1/9e091b9105599652a76e65e02c2393ea552a6391 b/fuzz/corpora/asn1/9e091b9105599652a76e65e02c2393ea552a6391
-new file mode 100644
-index 0000000..01dc708
-Binary files /dev/null and b/fuzz/corpora/asn1/9e091b9105599652a76e65e02c2393ea552a6391 differ
-diff --git a/fuzz/corpora/asn1/9e9511bdb7b647b9e2c9f3bbd5efda0ba1244a5f b/fuzz/corpora/asn1/9e9511bdb7b647b9e2c9f3bbd5efda0ba1244a5f
-new file mode 100644
-index 0000000..bf33a4e
-Binary files /dev/null and b/fuzz/corpora/asn1/9e9511bdb7b647b9e2c9f3bbd5efda0ba1244a5f differ
-diff --git a/fuzz/corpora/asn1/9ed1d93221f68bb77476bcac5d3e9b6fced230c5 b/fuzz/corpora/asn1/9ed1d93221f68bb77476bcac5d3e9b6fced230c5
-new file mode 100644
-index 0000000..9624d4c
-Binary files /dev/null and b/fuzz/corpora/asn1/9ed1d93221f68bb77476bcac5d3e9b6fced230c5 differ
-diff --git a/fuzz/corpora/asn1/9f00f6f23e7797cdacde7284ba7736e163ed8f48 b/fuzz/corpora/asn1/9f00f6f23e7797cdacde7284ba7736e163ed8f48
-new file mode 100644
-index 0000000..0b85a81
-Binary files /dev/null and b/fuzz/corpora/asn1/9f00f6f23e7797cdacde7284ba7736e163ed8f48 differ
-diff --git a/fuzz/corpora/asn1/9f3d166a81c0b977ef4748738d8b6edb15c1db82 b/fuzz/corpora/asn1/9f3d166a81c0b977ef4748738d8b6edb15c1db82
-new file mode 100644
-index 0000000..152b785
-Binary files /dev/null and b/fuzz/corpora/asn1/9f3d166a81c0b977ef4748738d8b6edb15c1db82 differ
-diff --git a/fuzz/corpora/asn1/9ff3b4f5148369b4e79098c3a2c3ae67393de8e0 b/fuzz/corpora/asn1/9ff3b4f5148369b4e79098c3a2c3ae67393de8e0
-new file mode 100644
-index 0000000..60b8cf1
-Binary files /dev/null and b/fuzz/corpora/asn1/9ff3b4f5148369b4e79098c3a2c3ae67393de8e0 differ
-diff --git a/fuzz/corpora/asn1/a0c4ad6f002c44e505ae017a4eb0c7741c2eca57 b/fuzz/corpora/asn1/a0c4ad6f002c44e505ae017a4eb0c7741c2eca57
-new file mode 100644
-index 0000000..e5b8826
-Binary files /dev/null and b/fuzz/corpora/asn1/a0c4ad6f002c44e505ae017a4eb0c7741c2eca57 differ
-diff --git a/fuzz/corpora/asn1/a128ca5292357fc631d2c0d4d8bcab7d2667c82e b/fuzz/corpora/asn1/a128ca5292357fc631d2c0d4d8bcab7d2667c82e
-new file mode 100644
-index 0000000..a184c4e
-Binary files /dev/null and b/fuzz/corpora/asn1/a128ca5292357fc631d2c0d4d8bcab7d2667c82e differ
-diff --git a/fuzz/corpora/asn1/a15717134bda74ad10c2fc65917864bb2bc0d36c b/fuzz/corpora/asn1/a15717134bda74ad10c2fc65917864bb2bc0d36c
-new file mode 100644
-index 0000000..eaae8c1
-Binary files /dev/null and b/fuzz/corpora/asn1/a15717134bda74ad10c2fc65917864bb2bc0d36c differ
-diff --git a/fuzz/corpora/asn1/a1943af2fe9af31fde2999cbb2841a2272a54806 b/fuzz/corpora/asn1/a1943af2fe9af31fde2999cbb2841a2272a54806
-new file mode 100644
-index 0000000..3d5d5c1
-Binary files /dev/null and b/fuzz/corpora/asn1/a1943af2fe9af31fde2999cbb2841a2272a54806 differ
-diff --git a/fuzz/corpora/asn1/a1bd4af7b4429a7d9e241f695f7b24b5dff59065 b/fuzz/corpora/asn1/a1bd4af7b4429a7d9e241f695f7b24b5dff59065
-new file mode 100644
-index 0000000..b9ff461
-Binary files /dev/null and b/fuzz/corpora/asn1/a1bd4af7b4429a7d9e241f695f7b24b5dff59065 differ
-diff --git a/fuzz/corpora/asn1/a1becad663dfa5776e755b0f25d704840e3bf449 b/fuzz/corpora/asn1/a1becad663dfa5776e755b0f25d704840e3bf449
-new file mode 100644
-index 0000000..8f2e59c
-Binary files /dev/null and b/fuzz/corpora/asn1/a1becad663dfa5776e755b0f25d704840e3bf449 differ
-diff --git a/fuzz/corpora/asn1/a23e72da377c2c5aced9c5ed0872dd2dc1c89e93 b/fuzz/corpora/asn1/a23e72da377c2c5aced9c5ed0872dd2dc1c89e93
-new file mode 100644
-index 0000000..8ebe4ea
-Binary files /dev/null and b/fuzz/corpora/asn1/a23e72da377c2c5aced9c5ed0872dd2dc1c89e93 differ
-diff --git a/fuzz/corpora/asn1/a268ec5215153c2f8e74017ce4197bc28c668b33 b/fuzz/corpora/asn1/a268ec5215153c2f8e74017ce4197bc28c668b33
-new file mode 100644
-index 0000000..f6dbd9b
-Binary files /dev/null and b/fuzz/corpora/asn1/a268ec5215153c2f8e74017ce4197bc28c668b33 differ
-diff --git a/fuzz/corpora/asn1/a285e98db403fbb82797523a28c741ab172201f7 b/fuzz/corpora/asn1/a285e98db403fbb82797523a28c741ab172201f7
-new file mode 100644
-index 0000000..904fb98
-Binary files /dev/null and b/fuzz/corpora/asn1/a285e98db403fbb82797523a28c741ab172201f7 differ
-diff --git a/fuzz/corpora/asn1/a295040fae5fc0e600c7f810c632f20d69dd19ad b/fuzz/corpora/asn1/a295040fae5fc0e600c7f810c632f20d69dd19ad
-new file mode 100644
-index 0000000..1c8ec80
-Binary files /dev/null and b/fuzz/corpora/asn1/a295040fae5fc0e600c7f810c632f20d69dd19ad differ
-diff --git a/fuzz/corpora/asn1/a2db25c13bd3df94f29e841ae14486e502bab399 b/fuzz/corpora/asn1/a2db25c13bd3df94f29e841ae14486e502bab399
-new file mode 100644
-index 0000000..eb5d645
-Binary files /dev/null and b/fuzz/corpora/asn1/a2db25c13bd3df94f29e841ae14486e502bab399 differ
-diff --git a/fuzz/corpora/asn1/a2f6946d87050d6802d0485af0a9663758e7467a b/fuzz/corpora/asn1/a2f6946d87050d6802d0485af0a9663758e7467a
-new file mode 100644
-index 0000000..82dec41
-Binary files /dev/null and b/fuzz/corpora/asn1/a2f6946d87050d6802d0485af0a9663758e7467a differ
-diff --git a/fuzz/corpora/asn1/a35da5952254c41061f9bfa0ad2a117d46953dc2 b/fuzz/corpora/asn1/a35da5952254c41061f9bfa0ad2a117d46953dc2
-new file mode 100644
-index 0000000..5651f14
-Binary files /dev/null and b/fuzz/corpora/asn1/a35da5952254c41061f9bfa0ad2a117d46953dc2 differ
-diff --git a/fuzz/corpora/asn1/a36d3087ddf4004d6e8407149146005454c1324d b/fuzz/corpora/asn1/a36d3087ddf4004d6e8407149146005454c1324d
-new file mode 100644
-index 0000000..2b74b3c
-Binary files /dev/null and b/fuzz/corpora/asn1/a36d3087ddf4004d6e8407149146005454c1324d differ
-diff --git a/fuzz/corpora/asn1/a3ba936220e5b5e79a0f0e319a00ea2da7060bbd b/fuzz/corpora/asn1/a3ba936220e5b5e79a0f0e319a00ea2da7060bbd
-new file mode 100644
-index 0000000..02c514a
-Binary files /dev/null and b/fuzz/corpora/asn1/a3ba936220e5b5e79a0f0e319a00ea2da7060bbd differ
-diff --git a/fuzz/corpora/asn1/a4284317619d2ea0d0a7fd36a6d4ca5cefb0b596 b/fuzz/corpora/asn1/a4284317619d2ea0d0a7fd36a6d4ca5cefb0b596
-new file mode 100644
-index 0000000..4c596ba
-Binary files /dev/null and b/fuzz/corpora/asn1/a4284317619d2ea0d0a7fd36a6d4ca5cefb0b596 differ
-diff --git a/fuzz/corpora/asn1/a42d1b598c6dffea3a00ef477ce20d6bd8b31116 b/fuzz/corpora/asn1/a42d1b598c6dffea3a00ef477ce20d6bd8b31116
-new file mode 100644
-index 0000000..1b8fbdb
-Binary files /dev/null and b/fuzz/corpora/asn1/a42d1b598c6dffea3a00ef477ce20d6bd8b31116 differ
-diff --git a/fuzz/corpora/asn1/a49f4d71b9a9d876051c044c2b4f0db425f13545 b/fuzz/corpora/asn1/a49f4d71b9a9d876051c044c2b4f0db425f13545
-new file mode 100644
-index 0000000..e79313d
-Binary files /dev/null and b/fuzz/corpora/asn1/a49f4d71b9a9d876051c044c2b4f0db425f13545 differ
-diff --git a/fuzz/corpora/asn1/a4b4b5bb3bfd99d3b683a56ae0866f3526b32a55 b/fuzz/corpora/asn1/a4b4b5bb3bfd99d3b683a56ae0866f3526b32a55
-new file mode 100644
-index 0000000..c82ea2f
-Binary files /dev/null and b/fuzz/corpora/asn1/a4b4b5bb3bfd99d3b683a56ae0866f3526b32a55 differ
-diff --git a/fuzz/corpora/asn1/a4d8f7a2497881c61186c23882a31737efc6d9fa b/fuzz/corpora/asn1/a4d8f7a2497881c61186c23882a31737efc6d9fa
-new file mode 100644
-index 0000000..8673988
-Binary files /dev/null and b/fuzz/corpora/asn1/a4d8f7a2497881c61186c23882a31737efc6d9fa differ
-diff --git a/fuzz/corpora/asn1/a4e7c84e48c9230f15b48f6907f1e7676fc37ad6 b/fuzz/corpora/asn1/a4e7c84e48c9230f15b48f6907f1e7676fc37ad6
-new file mode 100644
-index 0000000..b9422b9
-Binary files /dev/null and b/fuzz/corpora/asn1/a4e7c84e48c9230f15b48f6907f1e7676fc37ad6 differ
-diff --git a/fuzz/corpora/asn1/a5d5341d7cb4438216bf4bf343ec0fbcefa0f394 b/fuzz/corpora/asn1/a5d5341d7cb4438216bf4bf343ec0fbcefa0f394
-new file mode 100644
-index 0000000..6800da5
-Binary files /dev/null and b/fuzz/corpora/asn1/a5d5341d7cb4438216bf4bf343ec0fbcefa0f394 differ
-diff --git a/fuzz/corpora/asn1/a64b63dd5b22d391b3f14ad213e442d9ac5aad63 b/fuzz/corpora/asn1/a64b63dd5b22d391b3f14ad213e442d9ac5aad63
-new file mode 100644
-index 0000000..675d172
-Binary files /dev/null and b/fuzz/corpora/asn1/a64b63dd5b22d391b3f14ad213e442d9ac5aad63 differ
-diff --git a/fuzz/corpora/asn1/a6874e55401bbd0c59ab43728156755794e00f5f b/fuzz/corpora/asn1/a6874e55401bbd0c59ab43728156755794e00f5f
-new file mode 100644
-index 0000000..c6f8c73
-Binary files /dev/null and b/fuzz/corpora/asn1/a6874e55401bbd0c59ab43728156755794e00f5f differ
-diff --git a/fuzz/corpora/asn1/a6d0cd63d28d02ebd931a0eefeedd0146f90b338 b/fuzz/corpora/asn1/a6d0cd63d28d02ebd931a0eefeedd0146f90b338
-new file mode 100644
-index 0000000..18c7cc1
-Binary files /dev/null and b/fuzz/corpora/asn1/a6d0cd63d28d02ebd931a0eefeedd0146f90b338 differ
-diff --git a/fuzz/corpora/asn1/a7c2749b661279d081a53c16414f156854817511 b/fuzz/corpora/asn1/a7c2749b661279d081a53c16414f156854817511
-new file mode 100644
-index 0000000..a3fc35e
-Binary files /dev/null and b/fuzz/corpora/asn1/a7c2749b661279d081a53c16414f156854817511 differ
-diff --git a/fuzz/corpora/asn1/a85fbf3f4edd8a7c9bae18d813f29b3e5e4061ff b/fuzz/corpora/asn1/a85fbf3f4edd8a7c9bae18d813f29b3e5e4061ff
-new file mode 100644
-index 0000000..49cd8da
-Binary files /dev/null and b/fuzz/corpora/asn1/a85fbf3f4edd8a7c9bae18d813f29b3e5e4061ff differ
-diff --git a/fuzz/corpora/asn1/a8ae08b58b33fc791d3e7a79ccf53c725fa66453 b/fuzz/corpora/asn1/a8ae08b58b33fc791d3e7a79ccf53c725fa66453
-new file mode 100644
-index 0000000..6456b27
-Binary files /dev/null and b/fuzz/corpora/asn1/a8ae08b58b33fc791d3e7a79ccf53c725fa66453 differ
-diff --git a/fuzz/corpora/asn1/a9064a836dac56da1cade6ed7d0e43945a1563a1 b/fuzz/corpora/asn1/a9064a836dac56da1cade6ed7d0e43945a1563a1
-new file mode 100644
-index 0000000..ea9aad6
-Binary files /dev/null and b/fuzz/corpora/asn1/a9064a836dac56da1cade6ed7d0e43945a1563a1 differ
-diff --git a/fuzz/corpora/asn1/a96365927db2dd434bfe075059c7c8ea9a3796d0 b/fuzz/corpora/asn1/a96365927db2dd434bfe075059c7c8ea9a3796d0
-new file mode 100644
-index 0000000..755e105
-Binary files /dev/null and b/fuzz/corpora/asn1/a96365927db2dd434bfe075059c7c8ea9a3796d0 differ
-diff --git a/fuzz/corpora/asn1/aa6c5534ddacb267a95b17511a9af27ee681f7b2 b/fuzz/corpora/asn1/aa6c5534ddacb267a95b17511a9af27ee681f7b2
-new file mode 100644
-index 0000000..5177fd9
-Binary files /dev/null and b/fuzz/corpora/asn1/aa6c5534ddacb267a95b17511a9af27ee681f7b2 differ
-diff --git a/fuzz/corpora/asn1/aab7bf9659bb2c83378fc5339ee08ee0659c12e6 b/fuzz/corpora/asn1/aab7bf9659bb2c83378fc5339ee08ee0659c12e6
-new file mode 100644
-index 0000000..b075249
-Binary files /dev/null and b/fuzz/corpora/asn1/aab7bf9659bb2c83378fc5339ee08ee0659c12e6 differ
-diff --git a/fuzz/corpora/asn1/aaf583ad7d0bf39c8b11f3c6e67fb6aa5bf6d33d b/fuzz/corpora/asn1/aaf583ad7d0bf39c8b11f3c6e67fb6aa5bf6d33d
-new file mode 100644
-index 0000000..10145c6
-Binary files /dev/null and b/fuzz/corpora/asn1/aaf583ad7d0bf39c8b11f3c6e67fb6aa5bf6d33d differ
-diff --git a/fuzz/corpora/asn1/ab40e7b29148855b448d90340850362c31edbf70 b/fuzz/corpora/asn1/ab40e7b29148855b448d90340850362c31edbf70
-new file mode 100644
-index 0000000..cf61b66
-Binary files /dev/null and b/fuzz/corpora/asn1/ab40e7b29148855b448d90340850362c31edbf70 differ
-diff --git a/fuzz/corpora/asn1/ab801e1e4f1f3e717fb51a77ea625239b7ae1723 b/fuzz/corpora/asn1/ab801e1e4f1f3e717fb51a77ea625239b7ae1723
-new file mode 100644
-index 0000000..bfb9604
-Binary files /dev/null and b/fuzz/corpora/asn1/ab801e1e4f1f3e717fb51a77ea625239b7ae1723 differ
-diff --git a/fuzz/corpora/asn1/abab6d4fbdafafc1c06a4be1d4b2b419403be9b4 b/fuzz/corpora/asn1/abab6d4fbdafafc1c06a4be1d4b2b419403be9b4
-new file mode 100644
-index 0000000..3c8be35
-Binary files /dev/null and b/fuzz/corpora/asn1/abab6d4fbdafafc1c06a4be1d4b2b419403be9b4 differ
-diff --git a/fuzz/corpora/asn1/ac220abc9bb738f9bb966b1e75cef315cd438a82 b/fuzz/corpora/asn1/ac220abc9bb738f9bb966b1e75cef315cd438a82
-new file mode 100644
-index 0000000..7de8c19
-Binary files /dev/null and b/fuzz/corpora/asn1/ac220abc9bb738f9bb966b1e75cef315cd438a82 differ
-diff --git a/fuzz/corpora/asn1/acd93634b6be7ef30de495dd7deae84ad3f80afe b/fuzz/corpora/asn1/acd93634b6be7ef30de495dd7deae84ad3f80afe
-new file mode 100644
-index 0000000..83afef0
-Binary files /dev/null and b/fuzz/corpora/asn1/acd93634b6be7ef30de495dd7deae84ad3f80afe differ
-diff --git a/fuzz/corpora/asn1/ad24d2c54721184a4f65d5de749493af503a4042 b/fuzz/corpora/asn1/ad24d2c54721184a4f65d5de749493af503a4042
-new file mode 100644
-index 0000000..b6bd8ca
-Binary files /dev/null and b/fuzz/corpora/asn1/ad24d2c54721184a4f65d5de749493af503a4042 differ
-diff --git a/fuzz/corpora/asn1/ad55e2413cbbf4ac12d716e55fd74e2672b09c22 b/fuzz/corpora/asn1/ad55e2413cbbf4ac12d716e55fd74e2672b09c22
-new file mode 100644
-index 0000000..c82798b
-Binary files /dev/null and b/fuzz/corpora/asn1/ad55e2413cbbf4ac12d716e55fd74e2672b09c22 differ
-diff --git a/fuzz/corpora/asn1/afdcf8d02e514b323679fb8fcf3e31121f6f040c b/fuzz/corpora/asn1/afdcf8d02e514b323679fb8fcf3e31121f6f040c
-new file mode 100644
-index 0000000..531717c
-Binary files /dev/null and b/fuzz/corpora/asn1/afdcf8d02e514b323679fb8fcf3e31121f6f040c differ
-diff --git a/fuzz/corpora/asn1/afe8921f7e820d5ce78fdaaa6447e40072723823 b/fuzz/corpora/asn1/afe8921f7e820d5ce78fdaaa6447e40072723823
-new file mode 100644
-index 0000000..21b2417
-Binary files /dev/null and b/fuzz/corpora/asn1/afe8921f7e820d5ce78fdaaa6447e40072723823 differ
-diff --git a/fuzz/corpora/asn1/b0093873fa3900dc71246ec1f0e324f325f72036 b/fuzz/corpora/asn1/b0093873fa3900dc71246ec1f0e324f325f72036
-new file mode 100644
-index 0000000..740bfc0
-Binary files /dev/null and b/fuzz/corpora/asn1/b0093873fa3900dc71246ec1f0e324f325f72036 differ
-diff --git a/fuzz/corpora/asn1/b021b873b34dd08d83b8e038425c026e2e73ce68 b/fuzz/corpora/asn1/b021b873b34dd08d83b8e038425c026e2e73ce68
-new file mode 100644
-index 0000000..d7d63f4
-Binary files /dev/null and b/fuzz/corpora/asn1/b021b873b34dd08d83b8e038425c026e2e73ce68 differ
-diff --git a/fuzz/corpora/asn1/b085357480cbe2899b0b0c410a225c18e54441fd b/fuzz/corpora/asn1/b085357480cbe2899b0b0c410a225c18e54441fd
-new file mode 100644
-index 0000000..176debf
-Binary files /dev/null and b/fuzz/corpora/asn1/b085357480cbe2899b0b0c410a225c18e54441fd differ
-diff --git a/fuzz/corpora/asn1/b0c111676fd39dc7b987c0d14d622c72648fecbc b/fuzz/corpora/asn1/b0c111676fd39dc7b987c0d14d622c72648fecbc
-new file mode 100644
-index 0000000..70a0d9d
-Binary files /dev/null and b/fuzz/corpora/asn1/b0c111676fd39dc7b987c0d14d622c72648fecbc differ
-diff --git a/fuzz/corpora/asn1/b198966f0f37eefee29b457e2267c13a65829d64 b/fuzz/corpora/asn1/b198966f0f37eefee29b457e2267c13a65829d64
-new file mode 100644
-index 0000000..9cb7a58
-Binary files /dev/null and b/fuzz/corpora/asn1/b198966f0f37eefee29b457e2267c13a65829d64 differ
-diff --git a/fuzz/corpora/asn1/b26bdd9f8d719a933d1b72f70dd7ba081beece8f b/fuzz/corpora/asn1/b26bdd9f8d719a933d1b72f70dd7ba081beece8f
-new file mode 100644
-index 0000000..5e651e9
-Binary files /dev/null and b/fuzz/corpora/asn1/b26bdd9f8d719a933d1b72f70dd7ba081beece8f differ
-diff --git a/fuzz/corpora/asn1/b2e2c34ef5ddb8c1b2768de13babae8bf320996f b/fuzz/corpora/asn1/b2e2c34ef5ddb8c1b2768de13babae8bf320996f
-new file mode 100644
-index 0000000..77ab651
-Binary files /dev/null and b/fuzz/corpora/asn1/b2e2c34ef5ddb8c1b2768de13babae8bf320996f differ
-diff --git a/fuzz/corpora/asn1/b322cde2a2df9986622238eac73a17c898a2f30a b/fuzz/corpora/asn1/b322cde2a2df9986622238eac73a17c898a2f30a
-new file mode 100644
-index 0000000..81a3baf
-Binary files /dev/null and b/fuzz/corpora/asn1/b322cde2a2df9986622238eac73a17c898a2f30a differ
-diff --git a/fuzz/corpora/asn1/b3687b637f029d93d1c8368fe815066be5e597bd b/fuzz/corpora/asn1/b3687b637f029d93d1c8368fe815066be5e597bd
-new file mode 100644
-index 0000000..f621f0d
-Binary files /dev/null and b/fuzz/corpora/asn1/b3687b637f029d93d1c8368fe815066be5e597bd differ
-diff --git a/fuzz/corpora/asn1/b3da114bd014de9f367a20ad387245b970e19c08 b/fuzz/corpora/asn1/b3da114bd014de9f367a20ad387245b970e19c08
-new file mode 100644
-index 0000000..7b42ad1
-Binary files /dev/null and b/fuzz/corpora/asn1/b3da114bd014de9f367a20ad387245b970e19c08 differ
-diff --git a/fuzz/corpora/asn1/b4a7ad1caf7ec9fe7465f40ebb60d9e3563c48dd b/fuzz/corpora/asn1/b4a7ad1caf7ec9fe7465f40ebb60d9e3563c48dd
-new file mode 100644
-index 0000000..fe20132
-Binary files /dev/null and b/fuzz/corpora/asn1/b4a7ad1caf7ec9fe7465f40ebb60d9e3563c48dd differ
-diff --git a/fuzz/corpora/asn1/b5148b3ca4be1a34938800efaf8efb2a71419e30 b/fuzz/corpora/asn1/b5148b3ca4be1a34938800efaf8efb2a71419e30
-new file mode 100644
-index 0000000..f5a2647
-Binary files /dev/null and b/fuzz/corpora/asn1/b5148b3ca4be1a34938800efaf8efb2a71419e30 differ
-diff --git a/fuzz/corpora/asn1/b54841cb0971ee9c9fff3c7c784c1aa64b9c45ce b/fuzz/corpora/asn1/b54841cb0971ee9c9fff3c7c784c1aa64b9c45ce
-new file mode 100644
-index 0000000..4d58a24
-Binary files /dev/null and b/fuzz/corpora/asn1/b54841cb0971ee9c9fff3c7c784c1aa64b9c45ce differ
-diff --git a/fuzz/corpora/asn1/b5bc844d0c0ef3b9f683f2d7e671c84f618fb078 b/fuzz/corpora/asn1/b5bc844d0c0ef3b9f683f2d7e671c84f618fb078
-new file mode 100644
-index 0000000..4b703b8
-Binary files /dev/null and b/fuzz/corpora/asn1/b5bc844d0c0ef3b9f683f2d7e671c84f618fb078 differ
-diff --git a/fuzz/corpora/asn1/b5cf6792a189ff5a73861ca7bb83a5725422dbc2 b/fuzz/corpora/asn1/b5cf6792a189ff5a73861ca7bb83a5725422dbc2
-new file mode 100644
-index 0000000..f90e978
-Binary files /dev/null and b/fuzz/corpora/asn1/b5cf6792a189ff5a73861ca7bb83a5725422dbc2 differ
-diff --git a/fuzz/corpora/asn1/b61c50bf61ddcddfef5aff329cf79ccd40ad3d4b b/fuzz/corpora/asn1/b61c50bf61ddcddfef5aff329cf79ccd40ad3d4b
-new file mode 100644
-index 0000000..efd9e3f
-Binary files /dev/null and b/fuzz/corpora/asn1/b61c50bf61ddcddfef5aff329cf79ccd40ad3d4b differ
-diff --git a/fuzz/corpora/asn1/b6dd20fc4405b1689a7def3232862ec073b611d5 b/fuzz/corpora/asn1/b6dd20fc4405b1689a7def3232862ec073b611d5
-new file mode 100644
-index 0000000..2912da3
-Binary files /dev/null and b/fuzz/corpora/asn1/b6dd20fc4405b1689a7def3232862ec073b611d5 differ
-diff --git a/fuzz/corpora/asn1/b704bca3a4cb9620096a5f6374c62966b6f044e8 b/fuzz/corpora/asn1/b704bca3a4cb9620096a5f6374c62966b6f044e8
-new file mode 100644
-index 0000000..5674292
-Binary files /dev/null and b/fuzz/corpora/asn1/b704bca3a4cb9620096a5f6374c62966b6f044e8 differ
-diff --git a/fuzz/corpora/asn1/b75a4c69fc51bab42175df11b5bd938bf7585f9f b/fuzz/corpora/asn1/b75a4c69fc51bab42175df11b5bd938bf7585f9f
-new file mode 100644
-index 0000000..b99ab86
-Binary files /dev/null and b/fuzz/corpora/asn1/b75a4c69fc51bab42175df11b5bd938bf7585f9f differ
-diff --git a/fuzz/corpora/asn1/b787176eeb72eb38212e0000c5ef645859b0e5a4 b/fuzz/corpora/asn1/b787176eeb72eb38212e0000c5ef645859b0e5a4
-new file mode 100644
-index 0000000..41a3ec5
-Binary files /dev/null and b/fuzz/corpora/asn1/b787176eeb72eb38212e0000c5ef645859b0e5a4 differ
-diff --git a/fuzz/corpora/asn1/b7e8c3cc445e56c75a8f2f72323f9645c7394555 b/fuzz/corpora/asn1/b7e8c3cc445e56c75a8f2f72323f9645c7394555
-new file mode 100644
-index 0000000..7ac88ce
-Binary files /dev/null and b/fuzz/corpora/asn1/b7e8c3cc445e56c75a8f2f72323f9645c7394555 differ
-diff --git a/fuzz/corpora/asn1/b934529bd78d21ad544d2d90e5c9c083d6b6fb95 b/fuzz/corpora/asn1/b934529bd78d21ad544d2d90e5c9c083d6b6fb95
-new file mode 100644
-index 0000000..36d8376
-Binary files /dev/null and b/fuzz/corpora/asn1/b934529bd78d21ad544d2d90e5c9c083d6b6fb95 differ
-diff --git a/fuzz/corpora/asn1/ba2ba442cccf4e026d286f06105cca1d430bfd9e b/fuzz/corpora/asn1/ba2ba442cccf4e026d286f06105cca1d430bfd9e
-new file mode 100644
-index 0000000..085a3ef
-Binary files /dev/null and b/fuzz/corpora/asn1/ba2ba442cccf4e026d286f06105cca1d430bfd9e differ
-diff --git a/fuzz/corpora/asn1/ba77e24967afe44d1695e50bbe0e53bcee26d6a4 b/fuzz/corpora/asn1/ba77e24967afe44d1695e50bbe0e53bcee26d6a4
-new file mode 100644
-index 0000000..0fb24c3
-Binary files /dev/null and b/fuzz/corpora/asn1/ba77e24967afe44d1695e50bbe0e53bcee26d6a4 differ
-diff --git a/fuzz/corpora/asn1/babc5b090a441616e50304692d9ef5adfce104ee b/fuzz/corpora/asn1/babc5b090a441616e50304692d9ef5adfce104ee
-new file mode 100644
-index 0000000..8fdc4b0
-Binary files /dev/null and b/fuzz/corpora/asn1/babc5b090a441616e50304692d9ef5adfce104ee differ
-diff --git a/fuzz/corpora/asn1/baecd38e160b8a14c83951262cab71a5468e5550 b/fuzz/corpora/asn1/baecd38e160b8a14c83951262cab71a5468e5550
-new file mode 100644
-index 0000000..a6b5116
-Binary files /dev/null and b/fuzz/corpora/asn1/baecd38e160b8a14c83951262cab71a5468e5550 differ
-diff --git a/fuzz/corpora/asn1/bbaf31a9f3f30e8e3fce116d62a6140b14fd2fdb b/fuzz/corpora/asn1/bbaf31a9f3f30e8e3fce116d62a6140b14fd2fdb
-new file mode 100644
-index 0000000..e8c0155
-Binary files /dev/null and b/fuzz/corpora/asn1/bbaf31a9f3f30e8e3fce116d62a6140b14fd2fdb differ
-diff --git a/fuzz/corpora/asn1/bbe393fd04295360a219f0b6db558c07c10f9291 b/fuzz/corpora/asn1/bbe393fd04295360a219f0b6db558c07c10f9291
-new file mode 100644
-index 0000000..d6bc389
-Binary files /dev/null and b/fuzz/corpora/asn1/bbe393fd04295360a219f0b6db558c07c10f9291 differ
-diff --git a/fuzz/corpora/asn1/bc2fefc799d4cf6de5277240b3e9f699487ef202 b/fuzz/corpora/asn1/bc2fefc799d4cf6de5277240b3e9f699487ef202
-new file mode 100644
-index 0000000..c8a0421
-Binary files /dev/null and b/fuzz/corpora/asn1/bc2fefc799d4cf6de5277240b3e9f699487ef202 differ
-diff --git a/fuzz/corpora/asn1/bc47631242f8f2577026f22263262c29c62a98e4 b/fuzz/corpora/asn1/bc47631242f8f2577026f22263262c29c62a98e4
-new file mode 100644
-index 0000000..4c59243
-Binary files /dev/null and b/fuzz/corpora/asn1/bc47631242f8f2577026f22263262c29c62a98e4 differ
-diff --git a/fuzz/corpora/asn1/bc747214184d501e2bf69394cf3ee1bfc5c688be b/fuzz/corpora/asn1/bc747214184d501e2bf69394cf3ee1bfc5c688be
-new file mode 100644
-index 0000000..04addfa
-Binary files /dev/null and b/fuzz/corpora/asn1/bc747214184d501e2bf69394cf3ee1bfc5c688be differ
-diff --git a/fuzz/corpora/asn1/bcb714a44a8cce41b733825a05337a4945c44b41 b/fuzz/corpora/asn1/bcb714a44a8cce41b733825a05337a4945c44b41
-new file mode 100644
-index 0000000..8003cff
-Binary files /dev/null and b/fuzz/corpora/asn1/bcb714a44a8cce41b733825a05337a4945c44b41 differ
-diff --git a/fuzz/corpora/asn1/bd3f536ee33bb4be8acdc7a9e0536973761bbf8a b/fuzz/corpora/asn1/bd3f536ee33bb4be8acdc7a9e0536973761bbf8a
-new file mode 100644
-index 0000000..19d6ea6
-Binary files /dev/null and b/fuzz/corpora/asn1/bd3f536ee33bb4be8acdc7a9e0536973761bbf8a differ
-diff --git a/fuzz/corpora/asn1/bd9c427e93542f64ff484ffee0bebcf4a70287ba b/fuzz/corpora/asn1/bd9c427e93542f64ff484ffee0bebcf4a70287ba
-new file mode 100644
-index 0000000..795c1a5
-Binary files /dev/null and b/fuzz/corpora/asn1/bd9c427e93542f64ff484ffee0bebcf4a70287ba differ
-diff --git a/fuzz/corpora/asn1/bdfd0fe5c46934269fe00cbbd744b17d63c58fc5 b/fuzz/corpora/asn1/bdfd0fe5c46934269fe00cbbd744b17d63c58fc5
-new file mode 100644
-index 0000000..24bdab3
-Binary files /dev/null and b/fuzz/corpora/asn1/bdfd0fe5c46934269fe00cbbd744b17d63c58fc5 differ
-diff --git a/fuzz/corpora/asn1/bea13ded9e8609b25b5a2ec851d207acb34c9ce9 b/fuzz/corpora/asn1/bea13ded9e8609b25b5a2ec851d207acb34c9ce9
-new file mode 100644
-index 0000000..a3245e9
-Binary files /dev/null and b/fuzz/corpora/asn1/bea13ded9e8609b25b5a2ec851d207acb34c9ce9 differ
-diff --git a/fuzz/corpora/asn1/bf4c60f7dcf49889929dd59703710dfc094b56d3 b/fuzz/corpora/asn1/bf4c60f7dcf49889929dd59703710dfc094b56d3
-new file mode 100644
-index 0000000..9bc15ea
-Binary files /dev/null and b/fuzz/corpora/asn1/bf4c60f7dcf49889929dd59703710dfc094b56d3 differ
-diff --git a/fuzz/corpora/asn1/bf7eba524a082166222eceaf30ff396305dbd7e1 b/fuzz/corpora/asn1/bf7eba524a082166222eceaf30ff396305dbd7e1
-new file mode 100644
-index 0000000..5abd448
-Binary files /dev/null and b/fuzz/corpora/asn1/bf7eba524a082166222eceaf30ff396305dbd7e1 differ
-diff --git a/fuzz/corpora/asn1/bf8e70f25295cb56ae69b117985487ccc02c1335 b/fuzz/corpora/asn1/bf8e70f25295cb56ae69b117985487ccc02c1335
-new file mode 100644
-index 0000000..b2fff9f
-Binary files /dev/null and b/fuzz/corpora/asn1/bf8e70f25295cb56ae69b117985487ccc02c1335 differ
-diff --git a/fuzz/corpora/asn1/bfcd14c4e65de0e5d008c9bb5b88cda74db96720 b/fuzz/corpora/asn1/bfcd14c4e65de0e5d008c9bb5b88cda74db96720
-new file mode 100644
-index 0000000..dcf2d19
-Binary files /dev/null and b/fuzz/corpora/asn1/bfcd14c4e65de0e5d008c9bb5b88cda74db96720 differ
-diff --git a/fuzz/corpora/asn1/bff945b72337dfa5ec7c030c29d309f226f03d1b b/fuzz/corpora/asn1/bff945b72337dfa5ec7c030c29d309f226f03d1b
-new file mode 100644
-index 0000000..c6a7ab4
-Binary files /dev/null and b/fuzz/corpora/asn1/bff945b72337dfa5ec7c030c29d309f226f03d1b differ
-diff --git a/fuzz/corpora/asn1/c035b70163fdbc3e7f403475eda1ceb1c9819b1e b/fuzz/corpora/asn1/c035b70163fdbc3e7f403475eda1ceb1c9819b1e
-new file mode 100644
-index 0000000..4d988f6
-Binary files /dev/null and b/fuzz/corpora/asn1/c035b70163fdbc3e7f403475eda1ceb1c9819b1e differ
-diff --git a/fuzz/corpora/asn1/c0e19b65ddeb63e3e38b80e2fbcf75d60d24e1fd b/fuzz/corpora/asn1/c0e19b65ddeb63e3e38b80e2fbcf75d60d24e1fd
-new file mode 100644
-index 0000000..e9fdbfd
-Binary files /dev/null and b/fuzz/corpora/asn1/c0e19b65ddeb63e3e38b80e2fbcf75d60d24e1fd differ
-diff --git a/fuzz/corpora/asn1/c1159215685302c309879b45764969d2e5c9444e b/fuzz/corpora/asn1/c1159215685302c309879b45764969d2e5c9444e
-new file mode 100644
-index 0000000..a7127e4
-Binary files /dev/null and b/fuzz/corpora/asn1/c1159215685302c309879b45764969d2e5c9444e differ
-diff --git a/fuzz/corpora/asn1/c18cf11f455f9bf8334313d1a6e46080d76278e4 b/fuzz/corpora/asn1/c18cf11f455f9bf8334313d1a6e46080d76278e4
-new file mode 100644
-index 0000000..6df1fff
-Binary files /dev/null and b/fuzz/corpora/asn1/c18cf11f455f9bf8334313d1a6e46080d76278e4 differ
-diff --git a/fuzz/corpora/asn1/c24459a5c2ccbb0d39e437fd821e9e5826f32c5b b/fuzz/corpora/asn1/c24459a5c2ccbb0d39e437fd821e9e5826f32c5b
-new file mode 100644
-index 0000000..eae0bc2
-Binary files /dev/null and b/fuzz/corpora/asn1/c24459a5c2ccbb0d39e437fd821e9e5826f32c5b differ
-diff --git a/fuzz/corpora/asn1/c3be2883ad65e378469618d6afadfc4945ebcd54 b/fuzz/corpora/asn1/c3be2883ad65e378469618d6afadfc4945ebcd54
-new file mode 100644
-index 0000000..9405795
-Binary files /dev/null and b/fuzz/corpora/asn1/c3be2883ad65e378469618d6afadfc4945ebcd54 differ
-diff --git a/fuzz/corpora/asn1/c4b041f5849abbcdee22ba6bc39e34664d4ea790 b/fuzz/corpora/asn1/c4b041f5849abbcdee22ba6bc39e34664d4ea790
-new file mode 100644
-index 0000000..23db241
-Binary files /dev/null and b/fuzz/corpora/asn1/c4b041f5849abbcdee22ba6bc39e34664d4ea790 differ
-diff --git a/fuzz/corpora/asn1/c5897095d9ceaff84e2fa0f550796ea7fa5be50d b/fuzz/corpora/asn1/c5897095d9ceaff84e2fa0f550796ea7fa5be50d
-new file mode 100644
-index 0000000..e777841
-Binary files /dev/null and b/fuzz/corpora/asn1/c5897095d9ceaff84e2fa0f550796ea7fa5be50d differ
-diff --git a/fuzz/corpora/asn1/c670a23b5d57b87e64b0dff6d97cfd92d2a66ef3 b/fuzz/corpora/asn1/c670a23b5d57b87e64b0dff6d97cfd92d2a66ef3
-new file mode 100644
-index 0000000..79bba4f
-Binary files /dev/null and b/fuzz/corpora/asn1/c670a23b5d57b87e64b0dff6d97cfd92d2a66ef3 differ
-diff --git a/fuzz/corpora/asn1/c6c78faba8edc05444fb777320579760c9330ffa b/fuzz/corpora/asn1/c6c78faba8edc05444fb777320579760c9330ffa
-new file mode 100644
-index 0000000..ea6d249
-Binary files /dev/null and b/fuzz/corpora/asn1/c6c78faba8edc05444fb777320579760c9330ffa differ
-diff --git a/fuzz/corpora/asn1/c70ddebd0fe8cab2ff742841fd1464a03795e1aa b/fuzz/corpora/asn1/c70ddebd0fe8cab2ff742841fd1464a03795e1aa
-new file mode 100644
-index 0000000..48bf019
-Binary files /dev/null and b/fuzz/corpora/asn1/c70ddebd0fe8cab2ff742841fd1464a03795e1aa differ
-diff --git a/fuzz/corpora/asn1/c736da2aef7921945b15613a3f800afaa744b5cb b/fuzz/corpora/asn1/c736da2aef7921945b15613a3f800afaa744b5cb
-new file mode 100644
-index 0000000..ab9cab9
-Binary files /dev/null and b/fuzz/corpora/asn1/c736da2aef7921945b15613a3f800afaa744b5cb differ
-diff --git a/fuzz/corpora/asn1/c77e55d25d9eb301b5ec5548ea71feebcc80292f b/fuzz/corpora/asn1/c77e55d25d9eb301b5ec5548ea71feebcc80292f
-new file mode 100644
-index 0000000..1abd529
-Binary files /dev/null and b/fuzz/corpora/asn1/c77e55d25d9eb301b5ec5548ea71feebcc80292f differ
-diff --git a/fuzz/corpora/asn1/c7852328102e7a88853f5af49709305946181e2e b/fuzz/corpora/asn1/c7852328102e7a88853f5af49709305946181e2e
-new file mode 100644
-index 0000000..aab4f7c
-Binary files /dev/null and b/fuzz/corpora/asn1/c7852328102e7a88853f5af49709305946181e2e differ
-diff --git a/fuzz/corpora/asn1/c787ac1ef2fff18420330c9bf1499d0b505e3467 b/fuzz/corpora/asn1/c787ac1ef2fff18420330c9bf1499d0b505e3467
-new file mode 100644
-index 0000000..da54dc1
-Binary files /dev/null and b/fuzz/corpora/asn1/c787ac1ef2fff18420330c9bf1499d0b505e3467 differ
-diff --git a/fuzz/corpora/asn1/c81350a833faec238ab52b2edf5a3e3dab462dea b/fuzz/corpora/asn1/c81350a833faec238ab52b2edf5a3e3dab462dea
-new file mode 100644
-index 0000000..845ae53
-Binary files /dev/null and b/fuzz/corpora/asn1/c81350a833faec238ab52b2edf5a3e3dab462dea differ
-diff --git a/fuzz/corpora/asn1/c8319f2ebcf46a7b15b39a8a28820293313b496b b/fuzz/corpora/asn1/c8319f2ebcf46a7b15b39a8a28820293313b496b
-new file mode 100644
-index 0000000..402fcaa
-Binary files /dev/null and b/fuzz/corpora/asn1/c8319f2ebcf46a7b15b39a8a28820293313b496b differ
-diff --git a/fuzz/corpora/asn1/c88fb060760434ce41cc3c56e5b8841301caf861 b/fuzz/corpora/asn1/c88fb060760434ce41cc3c56e5b8841301caf861
-new file mode 100644
-index 0000000..c715d51
-Binary files /dev/null and b/fuzz/corpora/asn1/c88fb060760434ce41cc3c56e5b8841301caf861 differ
-diff --git a/fuzz/corpora/asn1/c8b6c70b7b185c5a322669e12d6a9f8ba04fcc31 b/fuzz/corpora/asn1/c8b6c70b7b185c5a322669e12d6a9f8ba04fcc31
-new file mode 100644
-index 0000000..a823d7a
-Binary files /dev/null and b/fuzz/corpora/asn1/c8b6c70b7b185c5a322669e12d6a9f8ba04fcc31 differ
-diff --git a/fuzz/corpora/asn1/c905bf5cebe323c45d997693d4c16c9d791ed418 b/fuzz/corpora/asn1/c905bf5cebe323c45d997693d4c16c9d791ed418
-new file mode 100644
-index 0000000..f902cea
-Binary files /dev/null and b/fuzz/corpora/asn1/c905bf5cebe323c45d997693d4c16c9d791ed418 differ
-diff --git a/fuzz/corpora/asn1/c9da2adafe59dd645447d76d0eb472decce11782 b/fuzz/corpora/asn1/c9da2adafe59dd645447d76d0eb472decce11782
-new file mode 100644
-index 0000000..1f1652f
-Binary files /dev/null and b/fuzz/corpora/asn1/c9da2adafe59dd645447d76d0eb472decce11782 differ
-diff --git a/fuzz/corpora/asn1/c9e4e20e2cc0a358a36418c4eb0c1048b19b0467 b/fuzz/corpora/asn1/c9e4e20e2cc0a358a36418c4eb0c1048b19b0467
-new file mode 100644
-index 0000000..64a8a95
-Binary files /dev/null and b/fuzz/corpora/asn1/c9e4e20e2cc0a358a36418c4eb0c1048b19b0467 differ
-diff --git a/fuzz/corpora/asn1/cacbede362e94cc239c1a23ad17c8da55db878b7 b/fuzz/corpora/asn1/cacbede362e94cc239c1a23ad17c8da55db878b7
-new file mode 100644
-index 0000000..26d2873
-Binary files /dev/null and b/fuzz/corpora/asn1/cacbede362e94cc239c1a23ad17c8da55db878b7 differ
-diff --git a/fuzz/corpora/asn1/caea92ea7777f9944477e68935cf7f04f875b79a b/fuzz/corpora/asn1/caea92ea7777f9944477e68935cf7f04f875b79a
-new file mode 100644
-index 0000000..6b14913
-Binary files /dev/null and b/fuzz/corpora/asn1/caea92ea7777f9944477e68935cf7f04f875b79a differ
-diff --git a/fuzz/corpora/asn1/caf107097c511b0ab7fd2d8c0389d7b690a512db b/fuzz/corpora/asn1/caf107097c511b0ab7fd2d8c0389d7b690a512db
-new file mode 100644
-index 0000000..64149f3
-Binary files /dev/null and b/fuzz/corpora/asn1/caf107097c511b0ab7fd2d8c0389d7b690a512db differ
-diff --git a/fuzz/corpora/asn1/cbff7144f7946f833a0199c9a62d0db8cb53bca5 b/fuzz/corpora/asn1/cbff7144f7946f833a0199c9a62d0db8cb53bca5
-new file mode 100644
-index 0000000..893dcc1
-Binary files /dev/null and b/fuzz/corpora/asn1/cbff7144f7946f833a0199c9a62d0db8cb53bca5 differ
-diff --git a/fuzz/corpora/asn1/cd32b9cda0246b257f18a8a74e1b8570f4cdee85 b/fuzz/corpora/asn1/cd32b9cda0246b257f18a8a74e1b8570f4cdee85
-new file mode 100644
-index 0000000..bdf950b
-Binary files /dev/null and b/fuzz/corpora/asn1/cd32b9cda0246b257f18a8a74e1b8570f4cdee85 differ
-diff --git a/fuzz/corpora/asn1/cd381b27b629e8f6cdf27ddacd3246ca375289fd b/fuzz/corpora/asn1/cd381b27b629e8f6cdf27ddacd3246ca375289fd
-new file mode 100644
-index 0000000..1b92c30
-Binary files /dev/null and b/fuzz/corpora/asn1/cd381b27b629e8f6cdf27ddacd3246ca375289fd differ
-diff --git a/fuzz/corpora/asn1/ceca57f30163201f55a12396a0c6293c8711ba95 b/fuzz/corpora/asn1/ceca57f30163201f55a12396a0c6293c8711ba95
-new file mode 100644
-index 0000000..9a6d876
-Binary files /dev/null and b/fuzz/corpora/asn1/ceca57f30163201f55a12396a0c6293c8711ba95 differ
-diff --git a/fuzz/corpora/asn1/cf5dc30bb36cdbe76ecae400597a652e5eaf87ac b/fuzz/corpora/asn1/cf5dc30bb36cdbe76ecae400597a652e5eaf87ac
-new file mode 100644
-index 0000000..12130e8
-Binary files /dev/null and b/fuzz/corpora/asn1/cf5dc30bb36cdbe76ecae400597a652e5eaf87ac differ
-diff --git a/fuzz/corpora/asn1/cfb560acf01c6870e74227a161de86113806b8eb b/fuzz/corpora/asn1/cfb560acf01c6870e74227a161de86113806b8eb
-new file mode 100644
-index 0000000..d176e3f
-Binary files /dev/null and b/fuzz/corpora/asn1/cfb560acf01c6870e74227a161de86113806b8eb differ
-diff --git a/fuzz/corpora/asn1/cfd8bf40f9d4d20dd6d96bde901b6651e0400fa4 b/fuzz/corpora/asn1/cfd8bf40f9d4d20dd6d96bde901b6651e0400fa4
-new file mode 100644
-index 0000000..8d8b30b
-Binary files /dev/null and b/fuzz/corpora/asn1/cfd8bf40f9d4d20dd6d96bde901b6651e0400fa4 differ
-diff --git a/fuzz/corpora/asn1/d04453a330add1a99224c90ca366039e8e679ecb b/fuzz/corpora/asn1/d04453a330add1a99224c90ca366039e8e679ecb
-new file mode 100644
-index 0000000..327f010
-Binary files /dev/null and b/fuzz/corpora/asn1/d04453a330add1a99224c90ca366039e8e679ecb differ
-diff --git a/fuzz/corpora/asn1/d05e086fee4cecf9d9f7bca06f5b66b53eb3db0b b/fuzz/corpora/asn1/d05e086fee4cecf9d9f7bca06f5b66b53eb3db0b
-new file mode 100644
-index 0000000..ea250d2
-Binary files /dev/null and b/fuzz/corpora/asn1/d05e086fee4cecf9d9f7bca06f5b66b53eb3db0b differ
-diff --git a/fuzz/corpora/asn1/d17beba5c5ec82adda69747dbbc5bab2129ba7b5 b/fuzz/corpora/asn1/d17beba5c5ec82adda69747dbbc5bab2129ba7b5
-new file mode 100644
-index 0000000..8365627
-Binary files /dev/null and b/fuzz/corpora/asn1/d17beba5c5ec82adda69747dbbc5bab2129ba7b5 differ
-diff --git a/fuzz/corpora/asn1/d1b3dcadd3fb2c792550b1d0f5332f9c97758840 b/fuzz/corpora/asn1/d1b3dcadd3fb2c792550b1d0f5332f9c97758840
-new file mode 100644
-index 0000000..0093ac8
-Binary files /dev/null and b/fuzz/corpora/asn1/d1b3dcadd3fb2c792550b1d0f5332f9c97758840 differ
-diff --git a/fuzz/corpora/asn1/d1cc721a233a3a0a24b5b701372ff59beda81d0f b/fuzz/corpora/asn1/d1cc721a233a3a0a24b5b701372ff59beda81d0f
-new file mode 100644
-index 0000000..4499653
-Binary files /dev/null and b/fuzz/corpora/asn1/d1cc721a233a3a0a24b5b701372ff59beda81d0f differ
-diff --git a/fuzz/corpora/asn1/d1f4416393b9ee2cf7196b5c3ced1253fee35f88 b/fuzz/corpora/asn1/d1f4416393b9ee2cf7196b5c3ced1253fee35f88
-new file mode 100644
-index 0000000..cd3cc73
-Binary files /dev/null and b/fuzz/corpora/asn1/d1f4416393b9ee2cf7196b5c3ced1253fee35f88 differ
-diff --git a/fuzz/corpora/asn1/d256a9fcd11ee6b8911a9fcd45182462f17eae5b b/fuzz/corpora/asn1/d256a9fcd11ee6b8911a9fcd45182462f17eae5b
-new file mode 100644
-index 0000000..60ae2f3
-Binary files /dev/null and b/fuzz/corpora/asn1/d256a9fcd11ee6b8911a9fcd45182462f17eae5b differ
-diff --git a/fuzz/corpora/asn1/d352df8e00ba28b037d54280e68d276d3b13d933 b/fuzz/corpora/asn1/d352df8e00ba28b037d54280e68d276d3b13d933
-new file mode 100644
-index 0000000..2132740
-Binary files /dev/null and b/fuzz/corpora/asn1/d352df8e00ba28b037d54280e68d276d3b13d933 differ
-diff --git a/fuzz/corpora/asn1/d3cdc3c23b0c0d9f8905938606438c40b7959f2f b/fuzz/corpora/asn1/d3cdc3c23b0c0d9f8905938606438c40b7959f2f
-new file mode 100644
-index 0000000..5c79247
-Binary files /dev/null and b/fuzz/corpora/asn1/d3cdc3c23b0c0d9f8905938606438c40b7959f2f differ
-diff --git a/fuzz/corpora/asn1/d3cf742049e6e0aac75148f9bb284cc737c8510e b/fuzz/corpora/asn1/d3cf742049e6e0aac75148f9bb284cc737c8510e
-new file mode 100644
-index 0000000..29f33de
-Binary files /dev/null and b/fuzz/corpora/asn1/d3cf742049e6e0aac75148f9bb284cc737c8510e differ
-diff --git a/fuzz/corpora/asn1/d3f57745670579b197e1c3ea3cbad82d045d4787 b/fuzz/corpora/asn1/d3f57745670579b197e1c3ea3cbad82d045d4787
-new file mode 100644
-index 0000000..fce5889
-Binary files /dev/null and b/fuzz/corpora/asn1/d3f57745670579b197e1c3ea3cbad82d045d4787 differ
-diff --git a/fuzz/corpora/asn1/d41e2df798cb4916671f4688874ec86323e246d2 b/fuzz/corpora/asn1/d41e2df798cb4916671f4688874ec86323e246d2
-new file mode 100644
-index 0000000..53af518
-Binary files /dev/null and b/fuzz/corpora/asn1/d41e2df798cb4916671f4688874ec86323e246d2 differ
-diff --git a/fuzz/corpora/asn1/d4731682c59d649974cd4e1f4be1a128bd2778cb b/fuzz/corpora/asn1/d4731682c59d649974cd4e1f4be1a128bd2778cb
-new file mode 100644
-index 0000000..ab39203
-Binary files /dev/null and b/fuzz/corpora/asn1/d4731682c59d649974cd4e1f4be1a128bd2778cb differ
-diff --git a/fuzz/corpora/asn1/d4963351f071b64781faacc7dbb8b4233820586d b/fuzz/corpora/asn1/d4963351f071b64781faacc7dbb8b4233820586d
-new file mode 100644
-index 0000000..805cb5d
-Binary files /dev/null and b/fuzz/corpora/asn1/d4963351f071b64781faacc7dbb8b4233820586d differ
-diff --git a/fuzz/corpora/asn1/d4dce122bf7a4a02fdee31259fcb9c44f7c3271e b/fuzz/corpora/asn1/d4dce122bf7a4a02fdee31259fcb9c44f7c3271e
-new file mode 100644
-index 0000000..ad175c6
-Binary files /dev/null and b/fuzz/corpora/asn1/d4dce122bf7a4a02fdee31259fcb9c44f7c3271e differ
-diff --git a/fuzz/corpora/asn1/d5e4347b044f231b1398ebd56e2fc636e64287a0 b/fuzz/corpora/asn1/d5e4347b044f231b1398ebd56e2fc636e64287a0
-new file mode 100644
-index 0000000..43ef00e
-Binary files /dev/null and b/fuzz/corpora/asn1/d5e4347b044f231b1398ebd56e2fc636e64287a0 differ
-diff --git a/fuzz/corpora/asn1/d6696039ab9d22de15b93e71be313e7c4d5c18d5 b/fuzz/corpora/asn1/d6696039ab9d22de15b93e71be313e7c4d5c18d5
-new file mode 100644
-index 0000000..717f1ca
-Binary files /dev/null and b/fuzz/corpora/asn1/d6696039ab9d22de15b93e71be313e7c4d5c18d5 differ
-diff --git a/fuzz/corpora/asn1/d681fe34423ca8007d746f8e9caad301bc005dde b/fuzz/corpora/asn1/d681fe34423ca8007d746f8e9caad301bc005dde
-new file mode 100644
-index 0000000..5ac784f
-Binary files /dev/null and b/fuzz/corpora/asn1/d681fe34423ca8007d746f8e9caad301bc005dde differ
-diff --git a/fuzz/corpora/asn1/d6ce64b5471688c87502f7248332714adf49c24e b/fuzz/corpora/asn1/d6ce64b5471688c87502f7248332714adf49c24e
-new file mode 100644
-index 0000000..e729c38
-Binary files /dev/null and b/fuzz/corpora/asn1/d6ce64b5471688c87502f7248332714adf49c24e differ
-diff --git a/fuzz/corpora/asn1/d72a42044e54203273641b155486004924000530 b/fuzz/corpora/asn1/d72a42044e54203273641b155486004924000530
-new file mode 100644
-index 0000000..e928437
-Binary files /dev/null and b/fuzz/corpora/asn1/d72a42044e54203273641b155486004924000530 differ
-diff --git a/fuzz/corpora/asn1/d85943441d5eb01a2d5aa8f3d5871a410610e8d6 b/fuzz/corpora/asn1/d85943441d5eb01a2d5aa8f3d5871a410610e8d6
-new file mode 100644
-index 0000000..90e153c
-Binary files /dev/null and b/fuzz/corpora/asn1/d85943441d5eb01a2d5aa8f3d5871a410610e8d6 differ
-diff --git a/fuzz/corpora/asn1/d8a83f860e641c6dc6ab4700b4f0d7dc76f7f3b0 b/fuzz/corpora/asn1/d8a83f860e641c6dc6ab4700b4f0d7dc76f7f3b0
-new file mode 100644
-index 0000000..024394e
-Binary files /dev/null and b/fuzz/corpora/asn1/d8a83f860e641c6dc6ab4700b4f0d7dc76f7f3b0 differ
-diff --git a/fuzz/corpora/asn1/d8fb22f6a8222c712c7d671b7171126ff7e626ac b/fuzz/corpora/asn1/d8fb22f6a8222c712c7d671b7171126ff7e626ac
-new file mode 100644
-index 0000000..492c950
-Binary files /dev/null and b/fuzz/corpora/asn1/d8fb22f6a8222c712c7d671b7171126ff7e626ac differ
-diff --git a/fuzz/corpora/asn1/d90eeebe796d2423479b9d01d66ef43b1ac3419f b/fuzz/corpora/asn1/d90eeebe796d2423479b9d01d66ef43b1ac3419f
-new file mode 100644
-index 0000000..7e17b69
-Binary files /dev/null and b/fuzz/corpora/asn1/d90eeebe796d2423479b9d01d66ef43b1ac3419f differ
-diff --git a/fuzz/corpora/asn1/d939bc48706c947f8ce6d4220cae7f81f8177f93 b/fuzz/corpora/asn1/d939bc48706c947f8ce6d4220cae7f81f8177f93
-new file mode 100644
-index 0000000..4484d54
-Binary files /dev/null and b/fuzz/corpora/asn1/d939bc48706c947f8ce6d4220cae7f81f8177f93 differ
-diff --git a/fuzz/corpora/asn1/d93c206428dededc8ee059643d86449f3f989112 b/fuzz/corpora/asn1/d93c206428dededc8ee059643d86449f3f989112
-new file mode 100644
-index 0000000..faa6f00
-Binary files /dev/null and b/fuzz/corpora/asn1/d93c206428dededc8ee059643d86449f3f989112 differ
-diff --git a/fuzz/corpora/asn1/d95819332791622a213a3fb495b9e172a924bd8e b/fuzz/corpora/asn1/d95819332791622a213a3fb495b9e172a924bd8e
-new file mode 100644
-index 0000000..558f2b3
-Binary files /dev/null and b/fuzz/corpora/asn1/d95819332791622a213a3fb495b9e172a924bd8e differ
-diff --git a/fuzz/corpora/asn1/d99e507bd9385253f519886e7ef65ea71aca9650 b/fuzz/corpora/asn1/d99e507bd9385253f519886e7ef65ea71aca9650
-new file mode 100644
-index 0000000..6879c13
-Binary files /dev/null and b/fuzz/corpora/asn1/d99e507bd9385253f519886e7ef65ea71aca9650 differ
-diff --git a/fuzz/corpora/asn1/d9b1f8a68e0e75db80fc1f4f6f2439608c43a289 b/fuzz/corpora/asn1/d9b1f8a68e0e75db80fc1f4f6f2439608c43a289
-new file mode 100644
-index 0000000..4d31ce1
-Binary files /dev/null and b/fuzz/corpora/asn1/d9b1f8a68e0e75db80fc1f4f6f2439608c43a289 differ
-diff --git a/fuzz/corpora/asn1/d9c254f73e313d3ac9a085d35310e6ec3a25bea7 b/fuzz/corpora/asn1/d9c254f73e313d3ac9a085d35310e6ec3a25bea7
-new file mode 100644
-index 0000000..da8e4a4
-Binary files /dev/null and b/fuzz/corpora/asn1/d9c254f73e313d3ac9a085d35310e6ec3a25bea7 differ
-diff --git a/fuzz/corpora/asn1/dbc3b09c9fb6b8c0cd9f5e78919975d6fd5fb5af b/fuzz/corpora/asn1/dbc3b09c9fb6b8c0cd9f5e78919975d6fd5fb5af
-new file mode 100644
-index 0000000..d5babe5
-Binary files /dev/null and b/fuzz/corpora/asn1/dbc3b09c9fb6b8c0cd9f5e78919975d6fd5fb5af differ
-diff --git a/fuzz/corpora/asn1/dbde92ff802bdc67cbd9e72a2d7e53aba426a203 b/fuzz/corpora/asn1/dbde92ff802bdc67cbd9e72a2d7e53aba426a203
-new file mode 100644
-index 0000000..c23266d
-Binary files /dev/null and b/fuzz/corpora/asn1/dbde92ff802bdc67cbd9e72a2d7e53aba426a203 differ
-diff --git a/fuzz/corpora/asn1/ddacea689252d994d128d90bdd9c990f78ba70c9 b/fuzz/corpora/asn1/ddacea689252d994d128d90bdd9c990f78ba70c9
-new file mode 100644
-index 0000000..ee4970a
-Binary files /dev/null and b/fuzz/corpora/asn1/ddacea689252d994d128d90bdd9c990f78ba70c9 differ
-diff --git a/fuzz/corpora/asn1/ddde5e4ac72407ffd17e48ff16ccaea7ef0cdb7c b/fuzz/corpora/asn1/ddde5e4ac72407ffd17e48ff16ccaea7ef0cdb7c
-new file mode 100644
-index 0000000..07b4a78
-Binary files /dev/null and b/fuzz/corpora/asn1/ddde5e4ac72407ffd17e48ff16ccaea7ef0cdb7c differ
-diff --git a/fuzz/corpora/asn1/ddf345a4f66187d5e8ec1edefd0badd8d74c3961 b/fuzz/corpora/asn1/ddf345a4f66187d5e8ec1edefd0badd8d74c3961
-new file mode 100644
-index 0000000..f78bdb0
-Binary files /dev/null and b/fuzz/corpora/asn1/ddf345a4f66187d5e8ec1edefd0badd8d74c3961 differ
-diff --git a/fuzz/corpora/asn1/dec2164e3a2d71c33e33d6be19b9252fae096bd7 b/fuzz/corpora/asn1/dec2164e3a2d71c33e33d6be19b9252fae096bd7
-new file mode 100644
-index 0000000..3ab746a
-Binary files /dev/null and b/fuzz/corpora/asn1/dec2164e3a2d71c33e33d6be19b9252fae096bd7 differ
-diff --git a/fuzz/corpora/asn1/df07b41663cdf161f39c120224b6d56f46a44391 b/fuzz/corpora/asn1/df07b41663cdf161f39c120224b6d56f46a44391
-new file mode 100644
-index 0000000..8b1cad0
-Binary files /dev/null and b/fuzz/corpora/asn1/df07b41663cdf161f39c120224b6d56f46a44391 differ
-diff --git a/fuzz/corpora/asn1/df18f8a76eed9fb163746d5d7803a0b815e135fc b/fuzz/corpora/asn1/df18f8a76eed9fb163746d5d7803a0b815e135fc
-new file mode 100644
-index 0000000..ab04f6a
-Binary files /dev/null and b/fuzz/corpora/asn1/df18f8a76eed9fb163746d5d7803a0b815e135fc differ
-diff --git a/fuzz/corpora/asn1/df8e8071d5920502412adca3fd66d82242b5160d b/fuzz/corpora/asn1/df8e8071d5920502412adca3fd66d82242b5160d
-new file mode 100644
-index 0000000..d3c50fe
-Binary files /dev/null and b/fuzz/corpora/asn1/df8e8071d5920502412adca3fd66d82242b5160d differ
-diff --git a/fuzz/corpora/asn1/dfe88a388dff356aca1dd4cf0d9676f8297e5ac8 b/fuzz/corpora/asn1/dfe88a388dff356aca1dd4cf0d9676f8297e5ac8
-new file mode 100644
-index 0000000..269879b
-Binary files /dev/null and b/fuzz/corpora/asn1/dfe88a388dff356aca1dd4cf0d9676f8297e5ac8 differ
-diff --git a/fuzz/corpora/asn1/e067118a67a45db886557c8114c358a1a2d2044e b/fuzz/corpora/asn1/e067118a67a45db886557c8114c358a1a2d2044e
-new file mode 100644
-index 0000000..257383e
-Binary files /dev/null and b/fuzz/corpora/asn1/e067118a67a45db886557c8114c358a1a2d2044e differ
-diff --git a/fuzz/corpora/asn1/e09109071a1825f4bff5112ad7de24567cc92300 b/fuzz/corpora/asn1/e09109071a1825f4bff5112ad7de24567cc92300
-new file mode 100644
-index 0000000..ee56783
-Binary files /dev/null and b/fuzz/corpora/asn1/e09109071a1825f4bff5112ad7de24567cc92300 differ
-diff --git a/fuzz/corpora/asn1/e0c5bc2daf0061f65791509c12f826264fe8f3a2 b/fuzz/corpora/asn1/e0c5bc2daf0061f65791509c12f826264fe8f3a2
-new file mode 100644
-index 0000000..4ad8e9c
-Binary files /dev/null and b/fuzz/corpora/asn1/e0c5bc2daf0061f65791509c12f826264fe8f3a2 differ
-diff --git a/fuzz/corpora/asn1/e1b3134c8bd6322b2c00ac14ffee95201e9d842b b/fuzz/corpora/asn1/e1b3134c8bd6322b2c00ac14ffee95201e9d842b
-new file mode 100644
-index 0000000..e88f6d7
-Binary files /dev/null and b/fuzz/corpora/asn1/e1b3134c8bd6322b2c00ac14ffee95201e9d842b differ
-diff --git a/fuzz/corpora/asn1/e1c02573789e3b64218f6dbbddfc603219a1e66f b/fuzz/corpora/asn1/e1c02573789e3b64218f6dbbddfc603219a1e66f
-new file mode 100644
-index 0000000..ff56318
-Binary files /dev/null and b/fuzz/corpora/asn1/e1c02573789e3b64218f6dbbddfc603219a1e66f differ
-diff --git a/fuzz/corpora/asn1/e2c0b06b7bcdf2b18beb67e0401414fe7a6d659d b/fuzz/corpora/asn1/e2c0b06b7bcdf2b18beb67e0401414fe7a6d659d
-new file mode 100644
-index 0000000..8cd8dfb
-Binary files /dev/null and b/fuzz/corpora/asn1/e2c0b06b7bcdf2b18beb67e0401414fe7a6d659d differ
-diff --git a/fuzz/corpora/asn1/e2f5792e88f91cd132d2ec47c0fe73e294a7b672 b/fuzz/corpora/asn1/e2f5792e88f91cd132d2ec47c0fe73e294a7b672
-new file mode 100644
-index 0000000..92405de
-Binary files /dev/null and b/fuzz/corpora/asn1/e2f5792e88f91cd132d2ec47c0fe73e294a7b672 differ
-diff --git a/fuzz/corpora/asn1/e3c9e3063960e9aa5c9aaf60f850cbef2265d3a3 b/fuzz/corpora/asn1/e3c9e3063960e9aa5c9aaf60f850cbef2265d3a3
-new file mode 100644
-index 0000000..46739ee
-Binary files /dev/null and b/fuzz/corpora/asn1/e3c9e3063960e9aa5c9aaf60f850cbef2265d3a3 differ
-diff --git a/fuzz/corpora/asn1/e3e57a670e390d70de7688896a1960d7ac1c2e1d b/fuzz/corpora/asn1/e3e57a670e390d70de7688896a1960d7ac1c2e1d
-new file mode 100644
-index 0000000..6d9993f
-Binary files /dev/null and b/fuzz/corpora/asn1/e3e57a670e390d70de7688896a1960d7ac1c2e1d differ
-diff --git a/fuzz/corpora/asn1/e4100cce6dfa9105ce953df5aaf67774bbd0b55e b/fuzz/corpora/asn1/e4100cce6dfa9105ce953df5aaf67774bbd0b55e
-new file mode 100644
-index 0000000..01fed9e
-Binary files /dev/null and b/fuzz/corpora/asn1/e4100cce6dfa9105ce953df5aaf67774bbd0b55e differ
-diff --git a/fuzz/corpora/asn1/e45f79d6f4b85331b6e7a528f988707211952a06 b/fuzz/corpora/asn1/e45f79d6f4b85331b6e7a528f988707211952a06
-new file mode 100644
-index 0000000..2e41bee
-Binary files /dev/null and b/fuzz/corpora/asn1/e45f79d6f4b85331b6e7a528f988707211952a06 differ
-diff --git a/fuzz/corpora/asn1/e4e6d205b78aa6a2f562093d96f0ba5cbb8c8127 b/fuzz/corpora/asn1/e4e6d205b78aa6a2f562093d96f0ba5cbb8c8127
-new file mode 100644
-index 0000000..e1fddf0
-Binary files /dev/null and b/fuzz/corpora/asn1/e4e6d205b78aa6a2f562093d96f0ba5cbb8c8127 differ
-diff --git a/fuzz/corpora/asn1/e55305c4430166914bdb5f249d30835c885a1410 b/fuzz/corpora/asn1/e55305c4430166914bdb5f249d30835c885a1410
-new file mode 100644
-index 0000000..41da2f8
-Binary files /dev/null and b/fuzz/corpora/asn1/e55305c4430166914bdb5f249d30835c885a1410 differ
-diff --git a/fuzz/corpora/asn1/e563370dfda3b4784a33268a2b0e1fe9c40faead b/fuzz/corpora/asn1/e563370dfda3b4784a33268a2b0e1fe9c40faead
-new file mode 100644
-index 0000000..4b2794b
-Binary files /dev/null and b/fuzz/corpora/asn1/e563370dfda3b4784a33268a2b0e1fe9c40faead differ
-diff --git a/fuzz/corpora/asn1/e5c0e45bd9c244bcdc4842b8e7742796302bab1c b/fuzz/corpora/asn1/e5c0e45bd9c244bcdc4842b8e7742796302bab1c
-new file mode 100644
-index 0000000..70e344c
-Binary files /dev/null and b/fuzz/corpora/asn1/e5c0e45bd9c244bcdc4842b8e7742796302bab1c differ
-diff --git a/fuzz/corpora/asn1/e5dc4f5212391430ef7450ccc1fb0dda31f5e702 b/fuzz/corpora/asn1/e5dc4f5212391430ef7450ccc1fb0dda31f5e702
-new file mode 100644
-index 0000000..82acc95
-Binary files /dev/null and b/fuzz/corpora/asn1/e5dc4f5212391430ef7450ccc1fb0dda31f5e702 differ
-diff --git a/fuzz/corpora/asn1/e684ef823edb7bd781e2828246823e641a1455ed b/fuzz/corpora/asn1/e684ef823edb7bd781e2828246823e641a1455ed
-new file mode 100644
-index 0000000..bbc68c5
-Binary files /dev/null and b/fuzz/corpora/asn1/e684ef823edb7bd781e2828246823e641a1455ed differ
-diff --git a/fuzz/corpora/asn1/e6d9677c6f7f215b25333df1a9cd6d1a57a107ed b/fuzz/corpora/asn1/e6d9677c6f7f215b25333df1a9cd6d1a57a107ed
-new file mode 100644
-index 0000000..67d95db
-Binary files /dev/null and b/fuzz/corpora/asn1/e6d9677c6f7f215b25333df1a9cd6d1a57a107ed differ
-diff --git a/fuzz/corpora/asn1/e731c00bf0b0ad231e81ea40c7b93b71acf7950e b/fuzz/corpora/asn1/e731c00bf0b0ad231e81ea40c7b93b71acf7950e
-new file mode 100644
-index 0000000..d95c52a
-Binary files /dev/null and b/fuzz/corpora/asn1/e731c00bf0b0ad231e81ea40c7b93b71acf7950e differ
-diff --git a/fuzz/corpora/asn1/e7533d91074222f7764a76fa83d5fa40c18361f6 b/fuzz/corpora/asn1/e7533d91074222f7764a76fa83d5fa40c18361f6
-new file mode 100644
-index 0000000..200c789
-Binary files /dev/null and b/fuzz/corpora/asn1/e7533d91074222f7764a76fa83d5fa40c18361f6 differ
-diff --git a/fuzz/corpora/asn1/e78bb12083370720485e38fdbb1e26d840f29cdf b/fuzz/corpora/asn1/e78bb12083370720485e38fdbb1e26d840f29cdf
-new file mode 100644
-index 0000000..6338671
-Binary files /dev/null and b/fuzz/corpora/asn1/e78bb12083370720485e38fdbb1e26d840f29cdf differ
-diff --git a/fuzz/corpora/asn1/e7a8233ce913bb904a55bd4053f94d4cd10958dc b/fuzz/corpora/asn1/e7a8233ce913bb904a55bd4053f94d4cd10958dc
-new file mode 100644
-index 0000000..6efdcdf
-Binary files /dev/null and b/fuzz/corpora/asn1/e7a8233ce913bb904a55bd4053f94d4cd10958dc differ
-diff --git a/fuzz/corpora/asn1/e7f7fdad8485025c5da1f8dfffc0016333eb3179 b/fuzz/corpora/asn1/e7f7fdad8485025c5da1f8dfffc0016333eb3179
-new file mode 100644
-index 0000000..53a4461
-Binary files /dev/null and b/fuzz/corpora/asn1/e7f7fdad8485025c5da1f8dfffc0016333eb3179 differ
-diff --git a/fuzz/corpora/asn1/e8873dd4ea0965cea15753d1a2faf974751a6593 b/fuzz/corpora/asn1/e8873dd4ea0965cea15753d1a2faf974751a6593
-new file mode 100644
-index 0000000..74e029c
-Binary files /dev/null and b/fuzz/corpora/asn1/e8873dd4ea0965cea15753d1a2faf974751a6593 differ
-diff --git a/fuzz/corpora/asn1/e89955acaa41ff842e0da28f1a47836a8ed9fe72 b/fuzz/corpora/asn1/e89955acaa41ff842e0da28f1a47836a8ed9fe72
-new file mode 100644
-index 0000000..9c386db
-Binary files /dev/null and b/fuzz/corpora/asn1/e89955acaa41ff842e0da28f1a47836a8ed9fe72 differ
-diff --git a/fuzz/corpora/asn1/e8db6c423411e084be8729d429307f7898e0057c b/fuzz/corpora/asn1/e8db6c423411e084be8729d429307f7898e0057c
-new file mode 100644
-index 0000000..1461985
-Binary files /dev/null and b/fuzz/corpora/asn1/e8db6c423411e084be8729d429307f7898e0057c differ
-diff --git a/fuzz/corpora/asn1/e8f8bb99f9c79840058c45628a7279d5e6e35091 b/fuzz/corpora/asn1/e8f8bb99f9c79840058c45628a7279d5e6e35091
-new file mode 100644
-index 0000000..46f6092
-Binary files /dev/null and b/fuzz/corpora/asn1/e8f8bb99f9c79840058c45628a7279d5e6e35091 differ
-diff --git a/fuzz/corpora/asn1/e951e4bb370bae1960e8e5d66b8ca4bf313a778b b/fuzz/corpora/asn1/e951e4bb370bae1960e8e5d66b8ca4bf313a778b
-new file mode 100644
-index 0000000..20a0aef
-Binary files /dev/null and b/fuzz/corpora/asn1/e951e4bb370bae1960e8e5d66b8ca4bf313a778b differ
-diff --git a/fuzz/corpora/asn1/e958b9415fd00698520a14a0c7e4206dfb95b2ea b/fuzz/corpora/asn1/e958b9415fd00698520a14a0c7e4206dfb95b2ea
-new file mode 100644
-index 0000000..d6830d5
-Binary files /dev/null and b/fuzz/corpora/asn1/e958b9415fd00698520a14a0c7e4206dfb95b2ea differ
-diff --git a/fuzz/corpora/asn1/ea4934c76cdddd2358b74b09e1a270748d8f2f1d b/fuzz/corpora/asn1/ea4934c76cdddd2358b74b09e1a270748d8f2f1d
-new file mode 100644
-index 0000000..b514d9b
-Binary files /dev/null and b/fuzz/corpora/asn1/ea4934c76cdddd2358b74b09e1a270748d8f2f1d differ
-diff --git a/fuzz/corpora/asn1/ea65143a6a77df7717dee8798f2e57650e95a383 b/fuzz/corpora/asn1/ea65143a6a77df7717dee8798f2e57650e95a383
-new file mode 100644
-index 0000000..cd21977
-Binary files /dev/null and b/fuzz/corpora/asn1/ea65143a6a77df7717dee8798f2e57650e95a383 differ
-diff --git a/fuzz/corpora/asn1/eb5e913244e2cf12c66876612635dacfdfce828b b/fuzz/corpora/asn1/eb5e913244e2cf12c66876612635dacfdfce828b
-new file mode 100644
-index 0000000..cd90f8b
-Binary files /dev/null and b/fuzz/corpora/asn1/eb5e913244e2cf12c66876612635dacfdfce828b differ
-diff --git a/fuzz/corpora/asn1/eb71f96ed9325b4dd1c163d6962c86dcf760e300 b/fuzz/corpora/asn1/eb71f96ed9325b4dd1c163d6962c86dcf760e300
-new file mode 100644
-index 0000000..565a32f
-Binary files /dev/null and b/fuzz/corpora/asn1/eb71f96ed9325b4dd1c163d6962c86dcf760e300 differ
-diff --git a/fuzz/corpora/asn1/eb7cd76326d1337e63c7c282ff7f087f89b9713c b/fuzz/corpora/asn1/eb7cd76326d1337e63c7c282ff7f087f89b9713c
-new file mode 100644
-index 0000000..2273fee
-Binary files /dev/null and b/fuzz/corpora/asn1/eb7cd76326d1337e63c7c282ff7f087f89b9713c differ
-diff --git a/fuzz/corpora/asn1/ebc72e481f034a395e815e32d32066203fc02f45 b/fuzz/corpora/asn1/ebc72e481f034a395e815e32d32066203fc02f45
-new file mode 100644
-index 0000000..eae8231
-Binary files /dev/null and b/fuzz/corpora/asn1/ebc72e481f034a395e815e32d32066203fc02f45 differ
-diff --git a/fuzz/corpora/asn1/ebf1af5db6d0abdc0615ee0c4d308940949303c1 b/fuzz/corpora/asn1/ebf1af5db6d0abdc0615ee0c4d308940949303c1
-new file mode 100644
-index 0000000..6274fff
-Binary files /dev/null and b/fuzz/corpora/asn1/ebf1af5db6d0abdc0615ee0c4d308940949303c1 differ
-diff --git a/fuzz/corpora/asn1/ebf3c41912e4489be981284eaaf51eb2deb522db b/fuzz/corpora/asn1/ebf3c41912e4489be981284eaaf51eb2deb522db
-new file mode 100644
-index 0000000..55e5112
-Binary files /dev/null and b/fuzz/corpora/asn1/ebf3c41912e4489be981284eaaf51eb2deb522db differ
-diff --git a/fuzz/corpora/asn1/ebfcd88553b0430b32da34cb53fcfc19d8440b90 b/fuzz/corpora/asn1/ebfcd88553b0430b32da34cb53fcfc19d8440b90
-new file mode 100644
-index 0000000..7f23093
-Binary files /dev/null and b/fuzz/corpora/asn1/ebfcd88553b0430b32da34cb53fcfc19d8440b90 differ
-diff --git a/fuzz/corpora/asn1/ecb9261ef336a630745690f3b6540666d7387b4c b/fuzz/corpora/asn1/ecb9261ef336a630745690f3b6540666d7387b4c
-new file mode 100644
-index 0000000..96e1758
-Binary files /dev/null and b/fuzz/corpora/asn1/ecb9261ef336a630745690f3b6540666d7387b4c differ
-diff --git a/fuzz/corpora/asn1/ed0eaa4be01ad456ede8e1f3b4c2cf705c1ab514 b/fuzz/corpora/asn1/ed0eaa4be01ad456ede8e1f3b4c2cf705c1ab514
-new file mode 100644
-index 0000000..b28e209
-Binary files /dev/null and b/fuzz/corpora/asn1/ed0eaa4be01ad456ede8e1f3b4c2cf705c1ab514 differ
-diff --git a/fuzz/corpora/asn1/ee0d148696595c12d7b6bb425d5cf04952aab8ea b/fuzz/corpora/asn1/ee0d148696595c12d7b6bb425d5cf04952aab8ea
-new file mode 100644
-index 0000000..b2a520d
-Binary files /dev/null and b/fuzz/corpora/asn1/ee0d148696595c12d7b6bb425d5cf04952aab8ea differ
-diff --git a/fuzz/corpora/asn1/ef0414e8c908af622733c8e40229f5a10362dc78 b/fuzz/corpora/asn1/ef0414e8c908af622733c8e40229f5a10362dc78
-new file mode 100644
-index 0000000..f342e57
-Binary files /dev/null and b/fuzz/corpora/asn1/ef0414e8c908af622733c8e40229f5a10362dc78 differ
-diff --git a/fuzz/corpora/asn1/ef25429949168cbb23b81c4aebe4e5a63d677d12 b/fuzz/corpora/asn1/ef25429949168cbb23b81c4aebe4e5a63d677d12
-new file mode 100644
-index 0000000..82b658e
-Binary files /dev/null and b/fuzz/corpora/asn1/ef25429949168cbb23b81c4aebe4e5a63d677d12 differ
-diff --git a/fuzz/corpora/asn1/efed54b27799ba94f5f099d34159fb4b0f355fe2 b/fuzz/corpora/asn1/efed54b27799ba94f5f099d34159fb4b0f355fe2
-new file mode 100644
-index 0000000..487e9ee
-Binary files /dev/null and b/fuzz/corpora/asn1/efed54b27799ba94f5f099d34159fb4b0f355fe2 differ
-diff --git a/fuzz/corpora/asn1/f1635f2056c37b7f9d4bfbece486a3bfaebdea9c b/fuzz/corpora/asn1/f1635f2056c37b7f9d4bfbece486a3bfaebdea9c
-new file mode 100644
-index 0000000..46612b1
-Binary files /dev/null and b/fuzz/corpora/asn1/f1635f2056c37b7f9d4bfbece486a3bfaebdea9c differ
-diff --git a/fuzz/corpora/asn1/f1a599deb6f048e985cdff83e08f1de1a273a484 b/fuzz/corpora/asn1/f1a599deb6f048e985cdff83e08f1de1a273a484
-new file mode 100644
-index 0000000..9a3b921
-Binary files /dev/null and b/fuzz/corpora/asn1/f1a599deb6f048e985cdff83e08f1de1a273a484 differ
-diff --git a/fuzz/corpora/asn1/f30375f617adb4eb17f77ab8a9f7872a515830ba b/fuzz/corpora/asn1/f30375f617adb4eb17f77ab8a9f7872a515830ba
-new file mode 100644
-index 0000000..bbbbc3f
-Binary files /dev/null and b/fuzz/corpora/asn1/f30375f617adb4eb17f77ab8a9f7872a515830ba differ
-diff --git a/fuzz/corpora/asn1/f329f221b8dc4b116ffa1ffa1eba91c60cc72a2b b/fuzz/corpora/asn1/f329f221b8dc4b116ffa1ffa1eba91c60cc72a2b
-new file mode 100644
-index 0000000..1bdf368
-Binary files /dev/null and b/fuzz/corpora/asn1/f329f221b8dc4b116ffa1ffa1eba91c60cc72a2b differ
-diff --git a/fuzz/corpora/asn1/f3a66e0e3be74a6ca2f7ec51a37e13753c7b397e b/fuzz/corpora/asn1/f3a66e0e3be74a6ca2f7ec51a37e13753c7b397e
-new file mode 100644
-index 0000000..3da4f7b
-Binary files /dev/null and b/fuzz/corpora/asn1/f3a66e0e3be74a6ca2f7ec51a37e13753c7b397e differ
-diff --git a/fuzz/corpora/asn1/f3bb7cc54d18274f09e5e077a39d1b2f7544d09f b/fuzz/corpora/asn1/f3bb7cc54d18274f09e5e077a39d1b2f7544d09f
-new file mode 100644
-index 0000000..5cd2f2b
-Binary files /dev/null and b/fuzz/corpora/asn1/f3bb7cc54d18274f09e5e077a39d1b2f7544d09f differ
-diff --git a/fuzz/corpora/asn1/f3c51d61264e71ccf107e7fa41409423ddb2a9ab b/fuzz/corpora/asn1/f3c51d61264e71ccf107e7fa41409423ddb2a9ab
-new file mode 100644
-index 0000000..239b649
-Binary files /dev/null and b/fuzz/corpora/asn1/f3c51d61264e71ccf107e7fa41409423ddb2a9ab differ
-diff --git a/fuzz/corpora/asn1/f514532c61e8ba56d3a2f4ae669eb2757d691442 b/fuzz/corpora/asn1/f514532c61e8ba56d3a2f4ae669eb2757d691442
-new file mode 100644
-index 0000000..7448f29
-Binary files /dev/null and b/fuzz/corpora/asn1/f514532c61e8ba56d3a2f4ae669eb2757d691442 differ
-diff --git a/fuzz/corpora/asn1/f521598fef4693df564f073dd0e17991f457d785 b/fuzz/corpora/asn1/f521598fef4693df564f073dd0e17991f457d785
-new file mode 100644
-index 0000000..a15feae
-Binary files /dev/null and b/fuzz/corpora/asn1/f521598fef4693df564f073dd0e17991f457d785 differ
-diff --git a/fuzz/corpora/asn1/f59d8489d4acd9d1e7f7c0115cf29edfc4d2133b b/fuzz/corpora/asn1/f59d8489d4acd9d1e7f7c0115cf29edfc4d2133b
-new file mode 100644
-index 0000000..ac80dec
-Binary files /dev/null and b/fuzz/corpora/asn1/f59d8489d4acd9d1e7f7c0115cf29edfc4d2133b differ
-diff --git a/fuzz/corpora/asn1/f63c721a418e72eccce1d02ce0881222d4bd85b8 b/fuzz/corpora/asn1/f63c721a418e72eccce1d02ce0881222d4bd85b8
-new file mode 100644
-index 0000000..6cd1a73
-Binary files /dev/null and b/fuzz/corpora/asn1/f63c721a418e72eccce1d02ce0881222d4bd85b8 differ
-diff --git a/fuzz/corpora/asn1/f6ea29df76bf3e80b75fca4d8da10bbf75c5e6da b/fuzz/corpora/asn1/f6ea29df76bf3e80b75fca4d8da10bbf75c5e6da
-new file mode 100644
-index 0000000..afe7584
-Binary files /dev/null and b/fuzz/corpora/asn1/f6ea29df76bf3e80b75fca4d8da10bbf75c5e6da differ
-diff --git a/fuzz/corpora/asn1/f7b03bda30c90043c24b82aecf4a1312f8cfbb3f b/fuzz/corpora/asn1/f7b03bda30c90043c24b82aecf4a1312f8cfbb3f
-new file mode 100644
-index 0000000..2356f51
-Binary files /dev/null and b/fuzz/corpora/asn1/f7b03bda30c90043c24b82aecf4a1312f8cfbb3f differ
-diff --git a/fuzz/corpora/asn1/f7d28bb25fbce84125f5382fe4f699af649e295a b/fuzz/corpora/asn1/f7d28bb25fbce84125f5382fe4f699af649e295a
-new file mode 100644
-index 0000000..477c3b4
-Binary files /dev/null and b/fuzz/corpora/asn1/f7d28bb25fbce84125f5382fe4f699af649e295a differ
-diff --git a/fuzz/corpora/asn1/f84cfead5f30a48c53ad8e5c5fc82e2b88dc48fd b/fuzz/corpora/asn1/f84cfead5f30a48c53ad8e5c5fc82e2b88dc48fd
-new file mode 100644
-index 0000000..546d34a
-Binary files /dev/null and b/fuzz/corpora/asn1/f84cfead5f30a48c53ad8e5c5fc82e2b88dc48fd differ
-diff --git a/fuzz/corpora/asn1/f8a23f012ce3c342c43cdd6b31429edecc59e1f7 b/fuzz/corpora/asn1/f8a23f012ce3c342c43cdd6b31429edecc59e1f7
-new file mode 100644
-index 0000000..0996588
-Binary files /dev/null and b/fuzz/corpora/asn1/f8a23f012ce3c342c43cdd6b31429edecc59e1f7 differ
-diff --git a/fuzz/corpora/asn1/f8ac46c04c63316ee6bbbc477edc5ed1d3939821 b/fuzz/corpora/asn1/f8ac46c04c63316ee6bbbc477edc5ed1d3939821
-new file mode 100644
-index 0000000..3155a3f
-Binary files /dev/null and b/fuzz/corpora/asn1/f8ac46c04c63316ee6bbbc477edc5ed1d3939821 differ
-diff --git a/fuzz/corpora/asn1/f8c0144fd47329eb1ba2f5dc02d8b366c9e1aca2 b/fuzz/corpora/asn1/f8c0144fd47329eb1ba2f5dc02d8b366c9e1aca2
-new file mode 100644
-index 0000000..ce4c86e
-Binary files /dev/null and b/fuzz/corpora/asn1/f8c0144fd47329eb1ba2f5dc02d8b366c9e1aca2 differ
-diff --git a/fuzz/corpora/asn1/f8e0ddd946268f43a7d2091f61bdcc939b4d9476 b/fuzz/corpora/asn1/f8e0ddd946268f43a7d2091f61bdcc939b4d9476
-new file mode 100644
-index 0000000..1d8f099
-Binary files /dev/null and b/fuzz/corpora/asn1/f8e0ddd946268f43a7d2091f61bdcc939b4d9476 differ
-diff --git a/fuzz/corpora/asn1/f8fc6699ebf725e1dc915ba033ab282b167bae61 b/fuzz/corpora/asn1/f8fc6699ebf725e1dc915ba033ab282b167bae61
-new file mode 100644
-index 0000000..6a3ecb6
-Binary files /dev/null and b/fuzz/corpora/asn1/f8fc6699ebf725e1dc915ba033ab282b167bae61 differ
-diff --git a/fuzz/corpora/asn1/f913cc3ec0b243a02704dd0e7376b1d1e8422731 b/fuzz/corpora/asn1/f913cc3ec0b243a02704dd0e7376b1d1e8422731
-new file mode 100644
-index 0000000..7633253
-Binary files /dev/null and b/fuzz/corpora/asn1/f913cc3ec0b243a02704dd0e7376b1d1e8422731 differ
-diff --git a/fuzz/corpora/asn1/f96138334c80e7e496c6b34a034edb0ae5823a61 b/fuzz/corpora/asn1/f96138334c80e7e496c6b34a034edb0ae5823a61
-new file mode 100644
-index 0000000..ae4a39b
-Binary files /dev/null and b/fuzz/corpora/asn1/f96138334c80e7e496c6b34a034edb0ae5823a61 differ
-diff --git a/fuzz/corpora/asn1/f983fd75a288816513f68bf11f03da0e83bacda7 b/fuzz/corpora/asn1/f983fd75a288816513f68bf11f03da0e83bacda7
-new file mode 100644
-index 0000000..92057b0
-Binary files /dev/null and b/fuzz/corpora/asn1/f983fd75a288816513f68bf11f03da0e83bacda7 differ
-diff --git a/fuzz/corpora/asn1/fa292a35c769cb4e4276405fdb96aafb433d2826 b/fuzz/corpora/asn1/fa292a35c769cb4e4276405fdb96aafb433d2826
-new file mode 100644
-index 0000000..0e7019d
-Binary files /dev/null and b/fuzz/corpora/asn1/fa292a35c769cb4e4276405fdb96aafb433d2826 differ
-diff --git a/fuzz/corpora/asn1/fc8c0bae10d131bb6ac8a2778d6b77401016b490 b/fuzz/corpora/asn1/fc8c0bae10d131bb6ac8a2778d6b77401016b490
-new file mode 100644
-index 0000000..fc33267
-Binary files /dev/null and b/fuzz/corpora/asn1/fc8c0bae10d131bb6ac8a2778d6b77401016b490 differ
-diff --git a/fuzz/corpora/asn1/fc8e104a0086ea94e323b8f0dea5026b1b53acb2 b/fuzz/corpora/asn1/fc8e104a0086ea94e323b8f0dea5026b1b53acb2
-new file mode 100644
-index 0000000..a97b5b8
-Binary files /dev/null and b/fuzz/corpora/asn1/fc8e104a0086ea94e323b8f0dea5026b1b53acb2 differ
-diff --git a/fuzz/corpora/asn1/fd5c8ced4c1dd0ddbf30238603e84b1778d66caf b/fuzz/corpora/asn1/fd5c8ced4c1dd0ddbf30238603e84b1778d66caf
-new file mode 100644
-index 0000000..af17200
-Binary files /dev/null and b/fuzz/corpora/asn1/fd5c8ced4c1dd0ddbf30238603e84b1778d66caf differ
-diff --git a/fuzz/corpora/asn1/fdd46cb2d8ec650cbed11d0a0b983812b85bcb1f b/fuzz/corpora/asn1/fdd46cb2d8ec650cbed11d0a0b983812b85bcb1f
-new file mode 100644
-index 0000000..d98edb5
-Binary files /dev/null and b/fuzz/corpora/asn1/fdd46cb2d8ec650cbed11d0a0b983812b85bcb1f differ
-diff --git a/fuzz/corpora/asn1/fde0087aacbd199b4efba12999fe9a34508f3734 b/fuzz/corpora/asn1/fde0087aacbd199b4efba12999fe9a34508f3734
-new file mode 100644
-index 0000000..18c2aca
-Binary files /dev/null and b/fuzz/corpora/asn1/fde0087aacbd199b4efba12999fe9a34508f3734 differ
-diff --git a/fuzz/corpora/asn1/ff034f82fc46b5b43ae9f1eb939d728f89f8b1e9 b/fuzz/corpora/asn1/ff034f82fc46b5b43ae9f1eb939d728f89f8b1e9
-new file mode 100644
-index 0000000..89ae94b
-Binary files /dev/null and b/fuzz/corpora/asn1/ff034f82fc46b5b43ae9f1eb939d728f89f8b1e9 differ
-diff --git a/fuzz/corpora/asn1/ff0afff318887d1f6970da547491f2eda17628f4 b/fuzz/corpora/asn1/ff0afff318887d1f6970da547491f2eda17628f4
-new file mode 100644
-index 0000000..43a51f9
-Binary files /dev/null and b/fuzz/corpora/asn1/ff0afff318887d1f6970da547491f2eda17628f4 differ
-diff --git a/fuzz/corpora/asn1/ff3c26e1ed66adafafa7a59bff9993960172dcdb b/fuzz/corpora/asn1/ff3c26e1ed66adafafa7a59bff9993960172dcdb
-new file mode 100644
-index 0000000..75fba0d
-Binary files /dev/null and b/fuzz/corpora/asn1/ff3c26e1ed66adafafa7a59bff9993960172dcdb differ
-diff --git a/fuzz/corpora/asn1/ff6b75fb93f69dbcf2bcd3fa7aa1280d47337217 b/fuzz/corpora/asn1/ff6b75fb93f69dbcf2bcd3fa7aa1280d47337217
-new file mode 100644
-index 0000000..2d0e02c
-Binary files /dev/null and b/fuzz/corpora/asn1/ff6b75fb93f69dbcf2bcd3fa7aa1280d47337217 differ
-diff --git a/fuzz/corpora/asn1/ffbe27dfdb7897075d1ff49d6b0049a213b72dfc b/fuzz/corpora/asn1/ffbe27dfdb7897075d1ff49d6b0049a213b72dfc
-new file mode 100644
-index 0000000..ecf95a6
-Binary files /dev/null and b/fuzz/corpora/asn1/ffbe27dfdb7897075d1ff49d6b0049a213b72dfc differ
-diff --git a/fuzz/corpora/asn1parse/0302630484b83092d4b22ace986b235a1b8e2e4a b/fuzz/corpora/asn1parse/0302630484b83092d4b22ace986b235a1b8e2e4a
-new file mode 100644
-index 0000000..c56bf59
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0302630484b83092d4b22ace986b235a1b8e2e4a differ
-diff --git a/fuzz/corpora/asn1parse/03ce5cb9478d0f4fa9cf89bfbb112eea32d4faa5 b/fuzz/corpora/asn1parse/03ce5cb9478d0f4fa9cf89bfbb112eea32d4faa5
-new file mode 100644
-index 0000000..e01ae61
-Binary files /dev/null and b/fuzz/corpora/asn1parse/03ce5cb9478d0f4fa9cf89bfbb112eea32d4faa5 differ
-diff --git a/fuzz/corpora/asn1parse/043212150d776edfcb896f364c3ad04a50d67ee9 b/fuzz/corpora/asn1parse/043212150d776edfcb896f364c3ad04a50d67ee9
-new file mode 100644
-index 0000000..55e0a90
-Binary files /dev/null and b/fuzz/corpora/asn1parse/043212150d776edfcb896f364c3ad04a50d67ee9 differ
-diff --git a/fuzz/corpora/asn1parse/06231118d5d0287480eb543eb247dc37ac2f7320 b/fuzz/corpora/asn1parse/06231118d5d0287480eb543eb247dc37ac2f7320
-new file mode 100644
-index 0000000..ccb8cf1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/06231118d5d0287480eb543eb247dc37ac2f7320 differ
-diff --git a/fuzz/corpora/asn1parse/07fd5dec705f378f0f9fda040a34a3913d042e00 b/fuzz/corpora/asn1parse/07fd5dec705f378f0f9fda040a34a3913d042e00
-new file mode 100644
-index 0000000..308fe59
-Binary files /dev/null and b/fuzz/corpora/asn1parse/07fd5dec705f378f0f9fda040a34a3913d042e00 differ
-diff --git a/fuzz/corpora/asn1parse/088ad5e9936b65a595b22c723333c9be42eeff7d b/fuzz/corpora/asn1parse/088ad5e9936b65a595b22c723333c9be42eeff7d
-new file mode 100644
-index 0000000..3a81222
-Binary files /dev/null and b/fuzz/corpora/asn1parse/088ad5e9936b65a595b22c723333c9be42eeff7d differ
-diff --git a/fuzz/corpora/asn1parse/08afd52e5767b4ac3a6f6c904f057b7eb4cae823 b/fuzz/corpora/asn1parse/08afd52e5767b4ac3a6f6c904f057b7eb4cae823
-new file mode 100644
-index 0000000..83f0bec
-Binary files /dev/null and b/fuzz/corpora/asn1parse/08afd52e5767b4ac3a6f6c904f057b7eb4cae823 differ
-diff --git a/fuzz/corpora/asn1parse/0b004c117f49f96209e36ec055acfedf376b558f b/fuzz/corpora/asn1parse/0b004c117f49f96209e36ec055acfedf376b558f
-new file mode 100644
-index 0000000..7433427
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0b004c117f49f96209e36ec055acfedf376b558f differ
-diff --git a/fuzz/corpora/asn1parse/0b7545beebe036689bf899b47fbc8c64e8ba3507 b/fuzz/corpora/asn1parse/0b7545beebe036689bf899b47fbc8c64e8ba3507
-new file mode 100644
-index 0000000..77b6f67
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0b7545beebe036689bf899b47fbc8c64e8ba3507 differ
-diff --git a/fuzz/corpora/asn1parse/0c13726de36b584f8fd84873d6a76132a170eb9d b/fuzz/corpora/asn1parse/0c13726de36b584f8fd84873d6a76132a170eb9d
-new file mode 100644
-index 0000000..15b0dc0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0c13726de36b584f8fd84873d6a76132a170eb9d differ
-diff --git a/fuzz/corpora/asn1parse/0c3a6d6a6a23c11652d992416fe432b5123dea56 b/fuzz/corpora/asn1parse/0c3a6d6a6a23c11652d992416fe432b5123dea56
-new file mode 100644
-index 0000000..eb3f5c6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0c3a6d6a6a23c11652d992416fe432b5123dea56 differ
-diff --git a/fuzz/corpora/asn1parse/0c43e098ac9e066aac29f6d1747d0f00227f59ba b/fuzz/corpora/asn1parse/0c43e098ac9e066aac29f6d1747d0f00227f59ba
-new file mode 100644
-index 0000000..273ae7e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0c43e098ac9e066aac29f6d1747d0f00227f59ba differ
-diff --git a/fuzz/corpora/asn1parse/0d3abaec17c86f74b1da9680432348d66d185663 b/fuzz/corpora/asn1parse/0d3abaec17c86f74b1da9680432348d66d185663
-new file mode 100644
-index 0000000..8f9b061
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0d3abaec17c86f74b1da9680432348d66d185663 differ
-diff --git a/fuzz/corpora/asn1parse/0d7872c1aba243907c006412582186ed4fb8ff7f b/fuzz/corpora/asn1parse/0d7872c1aba243907c006412582186ed4fb8ff7f
-new file mode 100644
-index 0000000..f83b4e1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0d7872c1aba243907c006412582186ed4fb8ff7f differ
-diff --git a/fuzz/corpora/asn1parse/0d9a00c5f5070abf35ba5f0995be72d554851627 b/fuzz/corpora/asn1parse/0d9a00c5f5070abf35ba5f0995be72d554851627
-new file mode 100644
-index 0000000..538c535
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0d9a00c5f5070abf35ba5f0995be72d554851627 differ
-diff --git a/fuzz/corpora/asn1parse/0ef84e2873342dfc9b4f91a732ac21f7e3ebdc77 b/fuzz/corpora/asn1parse/0ef84e2873342dfc9b4f91a732ac21f7e3ebdc77
-new file mode 100644
-index 0000000..ad68b76
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0ef84e2873342dfc9b4f91a732ac21f7e3ebdc77 differ
-diff --git a/fuzz/corpora/asn1parse/0f15db777a0272c5e089f1508a6cd2e064df7b7e b/fuzz/corpora/asn1parse/0f15db777a0272c5e089f1508a6cd2e064df7b7e
-new file mode 100644
-index 0000000..a601a5c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0f15db777a0272c5e089f1508a6cd2e064df7b7e differ
-diff --git a/fuzz/corpora/asn1parse/0f65f726a522ad9ccc99ba767d8046f5524a8b82 b/fuzz/corpora/asn1parse/0f65f726a522ad9ccc99ba767d8046f5524a8b82
-new file mode 100644
-index 0000000..0d8cb49
-Binary files /dev/null and b/fuzz/corpora/asn1parse/0f65f726a522ad9ccc99ba767d8046f5524a8b82 differ
-diff --git a/fuzz/corpora/asn1parse/10b92d1dafe9b5373c58e5d575cdeff240112123 b/fuzz/corpora/asn1parse/10b92d1dafe9b5373c58e5d575cdeff240112123
-new file mode 100644
-index 0000000..3658ae9
-Binary files /dev/null and b/fuzz/corpora/asn1parse/10b92d1dafe9b5373c58e5d575cdeff240112123 differ
-diff --git a/fuzz/corpora/asn1parse/125c107782e144ac2624c8d8a7d8ccea6c75072f b/fuzz/corpora/asn1parse/125c107782e144ac2624c8d8a7d8ccea6c75072f
-new file mode 100644
-index 0000000..0b72d8c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/125c107782e144ac2624c8d8a7d8ccea6c75072f differ
-diff --git a/fuzz/corpora/asn1parse/12c269f44807a3993a66695328e97a87ad42f558 b/fuzz/corpora/asn1parse/12c269f44807a3993a66695328e97a87ad42f558
-new file mode 100644
-index 0000000..d547b82
-Binary files /dev/null and b/fuzz/corpora/asn1parse/12c269f44807a3993a66695328e97a87ad42f558 differ
-diff --git a/fuzz/corpora/asn1parse/13bb95716a09d43d42d0ba522d941e82a778706f b/fuzz/corpora/asn1parse/13bb95716a09d43d42d0ba522d941e82a778706f
-new file mode 100644
-index 0000000..ce9b5e8
-Binary files /dev/null and b/fuzz/corpora/asn1parse/13bb95716a09d43d42d0ba522d941e82a778706f differ
-diff --git a/fuzz/corpora/asn1parse/1489f923c4dca729178b3e3233458550d8dddf29 b/fuzz/corpora/asn1parse/1489f923c4dca729178b3e3233458550d8dddf29
-new file mode 100644
-index 0000000..09f370e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1489f923c4dca729178b3e3233458550d8dddf29 differ
-diff --git a/fuzz/corpora/asn1parse/14cdf9a6f84d57c8f08ca4594cca37102b7b98ee b/fuzz/corpora/asn1parse/14cdf9a6f84d57c8f08ca4594cca37102b7b98ee
-new file mode 100644
-index 0000000..f40adaa
-Binary files /dev/null and b/fuzz/corpora/asn1parse/14cdf9a6f84d57c8f08ca4594cca37102b7b98ee differ
-diff --git a/fuzz/corpora/asn1parse/160a4d6a0ff94a82d61baf040b5da29e16b6acdc b/fuzz/corpora/asn1parse/160a4d6a0ff94a82d61baf040b5da29e16b6acdc
-new file mode 100644
-index 0000000..b860b51
-Binary files /dev/null and b/fuzz/corpora/asn1parse/160a4d6a0ff94a82d61baf040b5da29e16b6acdc differ
-diff --git a/fuzz/corpora/asn1parse/162a6cf964559f0eb33cd6055e328e80c171871b b/fuzz/corpora/asn1parse/162a6cf964559f0eb33cd6055e328e80c171871b
-new file mode 100644
-index 0000000..39d9d27
-Binary files /dev/null and b/fuzz/corpora/asn1parse/162a6cf964559f0eb33cd6055e328e80c171871b differ
-diff --git a/fuzz/corpora/asn1parse/16354324f7b68152b53b1e5023b4751aa7ac3f21 b/fuzz/corpora/asn1parse/16354324f7b68152b53b1e5023b4751aa7ac3f21
-new file mode 100644
-index 0000000..28f56cc
-Binary files /dev/null and b/fuzz/corpora/asn1parse/16354324f7b68152b53b1e5023b4751aa7ac3f21 differ
-diff --git a/fuzz/corpora/asn1parse/16b17dbe0489884b43ae117268c6eac1b41daf2e b/fuzz/corpora/asn1parse/16b17dbe0489884b43ae117268c6eac1b41daf2e
-new file mode 100644
-index 0000000..ac88008
-Binary files /dev/null and b/fuzz/corpora/asn1parse/16b17dbe0489884b43ae117268c6eac1b41daf2e differ
-diff --git a/fuzz/corpora/asn1parse/16cc7e00142568b19f260c7bcb50f804b70f35f1 b/fuzz/corpora/asn1parse/16cc7e00142568b19f260c7bcb50f804b70f35f1
-new file mode 100644
-index 0000000..dce09a8
-Binary files /dev/null and b/fuzz/corpora/asn1parse/16cc7e00142568b19f260c7bcb50f804b70f35f1 differ
-diff --git a/fuzz/corpora/asn1parse/1739ff1b5b47bf35d2d10ca6b64ccb8658759c98 b/fuzz/corpora/asn1parse/1739ff1b5b47bf35d2d10ca6b64ccb8658759c98
-new file mode 100644
-index 0000000..684f15d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1739ff1b5b47bf35d2d10ca6b64ccb8658759c98 differ
-diff --git a/fuzz/corpora/asn1parse/17bd7186e1fc55bbbaed50ca24311d690f2da29b b/fuzz/corpora/asn1parse/17bd7186e1fc55bbbaed50ca24311d690f2da29b
-new file mode 100644
-index 0000000..242083b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/17bd7186e1fc55bbbaed50ca24311d690f2da29b differ
-diff --git a/fuzz/corpora/asn1parse/17e32e60699709ed27c86ca6ef5f4cc7c1d2bd4e b/fuzz/corpora/asn1parse/17e32e60699709ed27c86ca6ef5f4cc7c1d2bd4e
-new file mode 100644
-index 0000000..bb72c28
-Binary files /dev/null and b/fuzz/corpora/asn1parse/17e32e60699709ed27c86ca6ef5f4cc7c1d2bd4e differ
-diff --git a/fuzz/corpora/asn1parse/1afbec3c8949562b299d5e473559a79c8fb3dc5c b/fuzz/corpora/asn1parse/1afbec3c8949562b299d5e473559a79c8fb3dc5c
-new file mode 100644
-index 0000000..f721f1f
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1afbec3c8949562b299d5e473559a79c8fb3dc5c differ
-diff --git a/fuzz/corpora/asn1parse/1b8b3fe4764eadfb2f0fad054155fcb757f58836 b/fuzz/corpora/asn1parse/1b8b3fe4764eadfb2f0fad054155fcb757f58836
-new file mode 100644
-index 0000000..3692b1d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1b8b3fe4764eadfb2f0fad054155fcb757f58836 differ
-diff --git a/fuzz/corpora/asn1parse/1c872d648467a24940828da4fad31849a48d359b b/fuzz/corpora/asn1parse/1c872d648467a24940828da4fad31849a48d359b
-new file mode 100644
-index 0000000..07a0df5
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1c872d648467a24940828da4fad31849a48d359b differ
-diff --git a/fuzz/corpora/asn1parse/1d0a87b0fff12d89b84137f8a518dc0d321aa2ea b/fuzz/corpora/asn1parse/1d0a87b0fff12d89b84137f8a518dc0d321aa2ea
-new file mode 100644
-index 0000000..6429cf1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1d0a87b0fff12d89b84137f8a518dc0d321aa2ea differ
-diff --git a/fuzz/corpora/asn1parse/1d572206a40b1056acdd79a679e59ab973cbec3b b/fuzz/corpora/asn1parse/1d572206a40b1056acdd79a679e59ab973cbec3b
-new file mode 100644
-index 0000000..061819c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1d572206a40b1056acdd79a679e59ab973cbec3b differ
-diff --git a/fuzz/corpora/asn1parse/1e22b79efd8a3d3c0cbf8b9d8bf05fc5503cc587 b/fuzz/corpora/asn1parse/1e22b79efd8a3d3c0cbf8b9d8bf05fc5503cc587
-new file mode 100644
-index 0000000..43faf6e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1e22b79efd8a3d3c0cbf8b9d8bf05fc5503cc587 differ
-diff --git a/fuzz/corpora/asn1parse/1eac0a5650c7bd04d7d29d39ed58f244855c162b b/fuzz/corpora/asn1parse/1eac0a5650c7bd04d7d29d39ed58f244855c162b
-new file mode 100644
-index 0000000..8e04a47
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1eac0a5650c7bd04d7d29d39ed58f244855c162b differ
-diff --git a/fuzz/corpora/asn1parse/1eb9f5c867b188e22ae985023c31259a0ae18a9d b/fuzz/corpora/asn1parse/1eb9f5c867b188e22ae985023c31259a0ae18a9d
-new file mode 100644
-index 0000000..bb88752
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1eb9f5c867b188e22ae985023c31259a0ae18a9d differ
-diff --git a/fuzz/corpora/asn1parse/1f13c38ddf2d25ffc65c9a8fa90eb54b2de02416 b/fuzz/corpora/asn1parse/1f13c38ddf2d25ffc65c9a8fa90eb54b2de02416
-new file mode 100644
-index 0000000..907ebff
-Binary files /dev/null and b/fuzz/corpora/asn1parse/1f13c38ddf2d25ffc65c9a8fa90eb54b2de02416 differ
-diff --git a/fuzz/corpora/asn1parse/203c349f5066f5f0f106a9d47192879fdc184381 b/fuzz/corpora/asn1parse/203c349f5066f5f0f106a9d47192879fdc184381
-new file mode 100644
-index 0000000..c577849
-Binary files /dev/null and b/fuzz/corpora/asn1parse/203c349f5066f5f0f106a9d47192879fdc184381 differ
-diff --git a/fuzz/corpora/asn1parse/20e8a2b4be019cf38515dbd31c5f28f5c080a5d9 b/fuzz/corpora/asn1parse/20e8a2b4be019cf38515dbd31c5f28f5c080a5d9
-new file mode 100644
-index 0000000..97eb99e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/20e8a2b4be019cf38515dbd31c5f28f5c080a5d9 differ
-diff --git a/fuzz/corpora/asn1parse/21518ea8cb1737fc2699de1470018dfb6c22675f b/fuzz/corpora/asn1parse/21518ea8cb1737fc2699de1470018dfb6c22675f
-new file mode 100644
-index 0000000..5c2c9c7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/21518ea8cb1737fc2699de1470018dfb6c22675f differ
-diff --git a/fuzz/corpora/asn1parse/2179dcdc49396a298f76393d9dc9e425067be632 b/fuzz/corpora/asn1parse/2179dcdc49396a298f76393d9dc9e425067be632
-new file mode 100644
-index 0000000..4943bb7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2179dcdc49396a298f76393d9dc9e425067be632 differ
-diff --git a/fuzz/corpora/asn1parse/218af3a838b5cb7eaed5a80e23b6a03762da07d4 b/fuzz/corpora/asn1parse/218af3a838b5cb7eaed5a80e23b6a03762da07d4
-new file mode 100644
-index 0000000..607394a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/218af3a838b5cb7eaed5a80e23b6a03762da07d4 differ
-diff --git a/fuzz/corpora/asn1parse/21b334b7359fd1ccae5d51d7063172600400d761 b/fuzz/corpora/asn1parse/21b334b7359fd1ccae5d51d7063172600400d761
-new file mode 100644
-index 0000000..c9f5c53
-Binary files /dev/null and b/fuzz/corpora/asn1parse/21b334b7359fd1ccae5d51d7063172600400d761 differ
-diff --git a/fuzz/corpora/asn1parse/2202efa17c0fd94b1da47d92fc3451c51c546a83 b/fuzz/corpora/asn1parse/2202efa17c0fd94b1da47d92fc3451c51c546a83
-new file mode 100644
-index 0000000..ba8bc13
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2202efa17c0fd94b1da47d92fc3451c51c546a83 differ
-diff --git a/fuzz/corpora/asn1parse/23502e02c75d278f15be1670eab512acb7e342c1 b/fuzz/corpora/asn1parse/23502e02c75d278f15be1670eab512acb7e342c1
-new file mode 100644
-index 0000000..85bbe0a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/23502e02c75d278f15be1670eab512acb7e342c1 differ
-diff --git a/fuzz/corpora/asn1parse/2522d0402786f54548338848e634da0d4097e749 b/fuzz/corpora/asn1parse/2522d0402786f54548338848e634da0d4097e749
-new file mode 100644
-index 0000000..7eaa3c0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2522d0402786f54548338848e634da0d4097e749 differ
-diff --git a/fuzz/corpora/asn1parse/25a02e8a73c825d25fa23f2ab182ad44da504681 b/fuzz/corpora/asn1parse/25a02e8a73c825d25fa23f2ab182ad44da504681
-new file mode 100644
-index 0000000..e591e7c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/25a02e8a73c825d25fa23f2ab182ad44da504681 differ
-diff --git a/fuzz/corpora/asn1parse/2735e3edb439342b57a4ef5df88dfe289fcf9c14 b/fuzz/corpora/asn1parse/2735e3edb439342b57a4ef5df88dfe289fcf9c14
-new file mode 100644
-index 0000000..ec06ecc
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2735e3edb439342b57a4ef5df88dfe289fcf9c14 differ
-diff --git a/fuzz/corpora/asn1parse/2742754bf28857232c28809bd2842e51a9c7842c b/fuzz/corpora/asn1parse/2742754bf28857232c28809bd2842e51a9c7842c
-new file mode 100644
-index 0000000..dc4c8e4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2742754bf28857232c28809bd2842e51a9c7842c differ
-diff --git a/fuzz/corpora/asn1parse/2773df93849ba08bacf4933ce0c433b035b81ac2 b/fuzz/corpora/asn1parse/2773df93849ba08bacf4933ce0c433b035b81ac2
-new file mode 100644
-index 0000000..6ea3d26
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2773df93849ba08bacf4933ce0c433b035b81ac2 differ
-diff --git a/fuzz/corpora/asn1parse/28e61f143cc0fa72e7fe8d112791f2dd3ecfada2 b/fuzz/corpora/asn1parse/28e61f143cc0fa72e7fe8d112791f2dd3ecfada2
-new file mode 100644
-index 0000000..7fb59ce
-Binary files /dev/null and b/fuzz/corpora/asn1parse/28e61f143cc0fa72e7fe8d112791f2dd3ecfada2 differ
-diff --git a/fuzz/corpora/asn1parse/293b1ed28a80fa56c6202cc18cc4a1e31be5f0e9 b/fuzz/corpora/asn1parse/293b1ed28a80fa56c6202cc18cc4a1e31be5f0e9
-new file mode 100644
-index 0000000..fc39b4d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/293b1ed28a80fa56c6202cc18cc4a1e31be5f0e9 differ
-diff --git a/fuzz/corpora/asn1parse/29c4dc5c59fd4b26ce0c779c7b2239cc84740edd b/fuzz/corpora/asn1parse/29c4dc5c59fd4b26ce0c779c7b2239cc84740edd
-new file mode 100644
-index 0000000..8d6c20a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/29c4dc5c59fd4b26ce0c779c7b2239cc84740edd differ
-diff --git a/fuzz/corpora/asn1parse/29dbdb1a76abe6cd241e78c57099ae6d3eab3749 b/fuzz/corpora/asn1parse/29dbdb1a76abe6cd241e78c57099ae6d3eab3749
-new file mode 100644
-index 0000000..af86dd7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/29dbdb1a76abe6cd241e78c57099ae6d3eab3749 differ
-diff --git a/fuzz/corpora/asn1parse/2aa83c59b223001df187bf5ac0a2d5a1ab4d6dfe b/fuzz/corpora/asn1parse/2aa83c59b223001df187bf5ac0a2d5a1ab4d6dfe
-new file mode 100644
-index 0000000..ca60e15
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2aa83c59b223001df187bf5ac0a2d5a1ab4d6dfe differ
-diff --git a/fuzz/corpora/asn1parse/2b450fcf2655d30eb33caf1dd8041ba0ff0dc9f0 b/fuzz/corpora/asn1parse/2b450fcf2655d30eb33caf1dd8041ba0ff0dc9f0
-new file mode 100644
-index 0000000..869da9c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2b450fcf2655d30eb33caf1dd8041ba0ff0dc9f0 differ
-diff --git a/fuzz/corpora/asn1parse/2b86500a677ee7f6108955c72ac5c7d703a5f71f b/fuzz/corpora/asn1parse/2b86500a677ee7f6108955c72ac5c7d703a5f71f
-new file mode 100644
-index 0000000..89f32e6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2b86500a677ee7f6108955c72ac5c7d703a5f71f differ
-diff --git a/fuzz/corpora/asn1parse/2ca248a3fe09f684a926964e3ddf3c97a107ac3d b/fuzz/corpora/asn1parse/2ca248a3fe09f684a926964e3ddf3c97a107ac3d
-new file mode 100644
-index 0000000..da72425
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2ca248a3fe09f684a926964e3ddf3c97a107ac3d differ
-diff --git a/fuzz/corpora/asn1parse/2ca9a4d5e858c73ea413bb7d5ba9af365a997f48 b/fuzz/corpora/asn1parse/2ca9a4d5e858c73ea413bb7d5ba9af365a997f48
-new file mode 100644
-index 0000000..cff8fb6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2ca9a4d5e858c73ea413bb7d5ba9af365a997f48 differ
-diff --git a/fuzz/corpora/asn1parse/2cd23713ff8cf7d52ac57cadabdb50489baa06aa b/fuzz/corpora/asn1parse/2cd23713ff8cf7d52ac57cadabdb50489baa06aa
-new file mode 100644
-index 0000000..94a8033
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2cd23713ff8cf7d52ac57cadabdb50489baa06aa differ
-diff --git a/fuzz/corpora/asn1parse/2d53518c509ed664cde67cdaa342940ef406b47c b/fuzz/corpora/asn1parse/2d53518c509ed664cde67cdaa342940ef406b47c
-new file mode 100644
-index 0000000..3b5bca2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2d53518c509ed664cde67cdaa342940ef406b47c differ
-diff --git a/fuzz/corpora/asn1parse/2f9fdd74ee250586fba8ef55fe1fedbcb54bf223 b/fuzz/corpora/asn1parse/2f9fdd74ee250586fba8ef55fe1fedbcb54bf223
-new file mode 100644
-index 0000000..18c8c7a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2f9fdd74ee250586fba8ef55fe1fedbcb54bf223 differ
-diff --git a/fuzz/corpora/asn1parse/2fb2eb4ac4fe5becd705ea0b966df2dab5f3e694 b/fuzz/corpora/asn1parse/2fb2eb4ac4fe5becd705ea0b966df2dab5f3e694
-new file mode 100644
-index 0000000..e108a27
-Binary files /dev/null and b/fuzz/corpora/asn1parse/2fb2eb4ac4fe5becd705ea0b966df2dab5f3e694 differ
-diff --git a/fuzz/corpora/asn1parse/31162429dacfabf9c3aeb28835256421e16741ad b/fuzz/corpora/asn1parse/31162429dacfabf9c3aeb28835256421e16741ad
-new file mode 100644
-index 0000000..3db23a4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/31162429dacfabf9c3aeb28835256421e16741ad differ
-diff --git a/fuzz/corpora/asn1parse/32a85a93f275705414405e8060649f589a39a644 b/fuzz/corpora/asn1parse/32a85a93f275705414405e8060649f589a39a644
-new file mode 100644
-index 0000000..31fa2e5
-Binary files /dev/null and b/fuzz/corpora/asn1parse/32a85a93f275705414405e8060649f589a39a644 differ
-diff --git a/fuzz/corpora/asn1parse/331dfc28c6438cd019de551c3687660e7e5cd577 b/fuzz/corpora/asn1parse/331dfc28c6438cd019de551c3687660e7e5cd577
-new file mode 100644
-index 0000000..2025dc5
-Binary files /dev/null and b/fuzz/corpora/asn1parse/331dfc28c6438cd019de551c3687660e7e5cd577 differ
-diff --git a/fuzz/corpora/asn1parse/337ce6c4072b38fa759bdc40e955acaf15c26f12 b/fuzz/corpora/asn1parse/337ce6c4072b38fa759bdc40e955acaf15c26f12
-new file mode 100644
-index 0000000..df2b1c6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/337ce6c4072b38fa759bdc40e955acaf15c26f12 differ
-diff --git a/fuzz/corpora/asn1parse/342226bf21097e14864bebe3303b791c3a0109b9 b/fuzz/corpora/asn1parse/342226bf21097e14864bebe3303b791c3a0109b9
-new file mode 100644
-index 0000000..d85cb07
-Binary files /dev/null and b/fuzz/corpora/asn1parse/342226bf21097e14864bebe3303b791c3a0109b9 differ
-diff --git a/fuzz/corpora/asn1parse/345e713263d4e932364abe93c1d8017920e71d16 b/fuzz/corpora/asn1parse/345e713263d4e932364abe93c1d8017920e71d16
-new file mode 100644
-index 0000000..9d387f1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/345e713263d4e932364abe93c1d8017920e71d16 differ
-diff --git a/fuzz/corpora/asn1parse/3726c72029149557c8c4078f832229c4b5ff3144 b/fuzz/corpora/asn1parse/3726c72029149557c8c4078f832229c4b5ff3144
-new file mode 100644
-index 0000000..fff75f9
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3726c72029149557c8c4078f832229c4b5ff3144 differ
-diff --git a/fuzz/corpora/asn1parse/397aa0c5da33ac747350fb6e0b5e376148deabba b/fuzz/corpora/asn1parse/397aa0c5da33ac747350fb6e0b5e376148deabba
-new file mode 100644
-index 0000000..a81c090
-Binary files /dev/null and b/fuzz/corpora/asn1parse/397aa0c5da33ac747350fb6e0b5e376148deabba differ
-diff --git a/fuzz/corpora/asn1parse/39d27b65c8582a700a576e6d294d264e12b3eabc b/fuzz/corpora/asn1parse/39d27b65c8582a700a576e6d294d264e12b3eabc
-new file mode 100644
-index 0000000..cedfdc9
-Binary files /dev/null and b/fuzz/corpora/asn1parse/39d27b65c8582a700a576e6d294d264e12b3eabc differ
-diff --git a/fuzz/corpora/asn1parse/3a107792c1bd184fd7530291365fa850f7ca0010 b/fuzz/corpora/asn1parse/3a107792c1bd184fd7530291365fa850f7ca0010
-new file mode 100644
-index 0000000..337939e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3a107792c1bd184fd7530291365fa850f7ca0010 differ
-diff --git a/fuzz/corpora/asn1parse/3ac234767cdc5d38fd27b006670f19c52bd8400e b/fuzz/corpora/asn1parse/3ac234767cdc5d38fd27b006670f19c52bd8400e
-new file mode 100644
-index 0000000..456679f
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3ac234767cdc5d38fd27b006670f19c52bd8400e differ
-diff --git a/fuzz/corpora/asn1parse/3bcde7897208530a12f254ae452f218591734d78 b/fuzz/corpora/asn1parse/3bcde7897208530a12f254ae452f218591734d78
-new file mode 100644
-index 0000000..de478b0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3bcde7897208530a12f254ae452f218591734d78 differ
-diff --git a/fuzz/corpora/asn1parse/3c8e2c76435f116f34b44281ca2c068208f9a91c b/fuzz/corpora/asn1parse/3c8e2c76435f116f34b44281ca2c068208f9a91c
-new file mode 100644
-index 0000000..453daaa
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3c8e2c76435f116f34b44281ca2c068208f9a91c differ
-diff --git a/fuzz/corpora/asn1parse/3dc8f0322f63471c23f1d03322f483784ac04511 b/fuzz/corpora/asn1parse/3dc8f0322f63471c23f1d03322f483784ac04511
-new file mode 100644
-index 0000000..90684e2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3dc8f0322f63471c23f1d03322f483784ac04511 differ
-diff --git a/fuzz/corpora/asn1parse/3e0e107aa4b8bda137ad4d428afacc59701712c7 b/fuzz/corpora/asn1parse/3e0e107aa4b8bda137ad4d428afacc59701712c7
-new file mode 100644
-index 0000000..8cdb9e7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3e0e107aa4b8bda137ad4d428afacc59701712c7 differ
-diff --git a/fuzz/corpora/asn1parse/3e94d216d32e589c8373713fc6b7a1122ea559cb b/fuzz/corpora/asn1parse/3e94d216d32e589c8373713fc6b7a1122ea559cb
-new file mode 100644
-index 0000000..1ea544d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/3e94d216d32e589c8373713fc6b7a1122ea559cb differ
-diff --git a/fuzz/corpora/asn1parse/4027a7ceb3d7ba967e3b963a424193c5faa93dcf b/fuzz/corpora/asn1parse/4027a7ceb3d7ba967e3b963a424193c5faa93dcf
-new file mode 100644
-index 0000000..66fca58
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4027a7ceb3d7ba967e3b963a424193c5faa93dcf differ
-diff --git a/fuzz/corpora/asn1parse/41bb59055c179d96b6747ca7d56a8378afbf9d59 b/fuzz/corpora/asn1parse/41bb59055c179d96b6747ca7d56a8378afbf9d59
-new file mode 100644
-index 0000000..0d00cc4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/41bb59055c179d96b6747ca7d56a8378afbf9d59 differ
-diff --git a/fuzz/corpora/asn1parse/42254096048dd74fe855257926a2feee2af783ae b/fuzz/corpora/asn1parse/42254096048dd74fe855257926a2feee2af783ae
-new file mode 100644
-index 0000000..7a8e19a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/42254096048dd74fe855257926a2feee2af783ae differ
-diff --git a/fuzz/corpora/asn1parse/429d7a72eea4a406a603c0071c34a8dbac858916 b/fuzz/corpora/asn1parse/429d7a72eea4a406a603c0071c34a8dbac858916
-new file mode 100644
-index 0000000..07db7f2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/429d7a72eea4a406a603c0071c34a8dbac858916 differ
-diff --git a/fuzz/corpora/asn1parse/42d12c148d607b70ddb068e8f30c9d633c8c50af b/fuzz/corpora/asn1parse/42d12c148d607b70ddb068e8f30c9d633c8c50af
-new file mode 100644
-index 0000000..a54ab34
-Binary files /dev/null and b/fuzz/corpora/asn1parse/42d12c148d607b70ddb068e8f30c9d633c8c50af differ
-diff --git a/fuzz/corpora/asn1parse/435b6d3643b613a79fcfbb165c4b7760c5c797ee b/fuzz/corpora/asn1parse/435b6d3643b613a79fcfbb165c4b7760c5c797ee
-new file mode 100644
-index 0000000..91303a7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/435b6d3643b613a79fcfbb165c4b7760c5c797ee differ
-diff --git a/fuzz/corpora/asn1parse/43f36f59db868d74db75d206e128ae3f1e863a8a b/fuzz/corpora/asn1parse/43f36f59db868d74db75d206e128ae3f1e863a8a
-new file mode 100644
-index 0000000..bb3611b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/43f36f59db868d74db75d206e128ae3f1e863a8a differ
-diff --git a/fuzz/corpora/asn1parse/4415055f62636ca26171b4e2078dcfa997cc5033 b/fuzz/corpora/asn1parse/4415055f62636ca26171b4e2078dcfa997cc5033
-new file mode 100644
-index 0000000..16c3ee3
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4415055f62636ca26171b4e2078dcfa997cc5033 differ
-diff --git a/fuzz/corpora/asn1parse/4571ef1e60c5884b09f4fa9e1d366e6308ff8ea9 b/fuzz/corpora/asn1parse/4571ef1e60c5884b09f4fa9e1d366e6308ff8ea9
-new file mode 100644
-index 0000000..742c749
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4571ef1e60c5884b09f4fa9e1d366e6308ff8ea9 differ
-diff --git a/fuzz/corpora/asn1parse/459617d036852462fdcf1d059135d7f8c2e5fed4 b/fuzz/corpora/asn1parse/459617d036852462fdcf1d059135d7f8c2e5fed4
-new file mode 100644
-index 0000000..802e61c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/459617d036852462fdcf1d059135d7f8c2e5fed4 differ
-diff --git a/fuzz/corpora/asn1parse/463025de80413409130c819670d3a32eaaf484f4 b/fuzz/corpora/asn1parse/463025de80413409130c819670d3a32eaaf484f4
-new file mode 100644
-index 0000000..13dd038
-Binary files /dev/null and b/fuzz/corpora/asn1parse/463025de80413409130c819670d3a32eaaf484f4 differ
-diff --git a/fuzz/corpora/asn1parse/4686ed0ad96463d87d3d5d1aeba9da425ac30670 b/fuzz/corpora/asn1parse/4686ed0ad96463d87d3d5d1aeba9da425ac30670
-new file mode 100644
-index 0000000..c7437d7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4686ed0ad96463d87d3d5d1aeba9da425ac30670 differ
-diff --git a/fuzz/corpora/asn1parse/4793dada2b9d2ef04ba7d5d48f6b02eb8ebe285a b/fuzz/corpora/asn1parse/4793dada2b9d2ef04ba7d5d48f6b02eb8ebe285a
-new file mode 100644
-index 0000000..5b79c8f
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4793dada2b9d2ef04ba7d5d48f6b02eb8ebe285a differ
-diff --git a/fuzz/corpora/asn1parse/4809044d0e4338cef72b108f97a424c1543580d2 b/fuzz/corpora/asn1parse/4809044d0e4338cef72b108f97a424c1543580d2
-new file mode 100644
-index 0000000..5b3f05b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4809044d0e4338cef72b108f97a424c1543580d2 differ
-diff --git a/fuzz/corpora/asn1parse/4996558c8449a84f400f9d10441322e4d99e5b89 b/fuzz/corpora/asn1parse/4996558c8449a84f400f9d10441322e4d99e5b89
-new file mode 100644
-index 0000000..e16fa40
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4996558c8449a84f400f9d10441322e4d99e5b89 differ
-diff --git a/fuzz/corpora/asn1parse/4aae21cc3a76571618dfc7cbe352d5411f160191 b/fuzz/corpora/asn1parse/4aae21cc3a76571618dfc7cbe352d5411f160191
-new file mode 100644
-index 0000000..87728b6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4aae21cc3a76571618dfc7cbe352d5411f160191 differ
-diff --git a/fuzz/corpora/asn1parse/4b792cf826d819cd3caae0893fccda6c652a37f9 b/fuzz/corpora/asn1parse/4b792cf826d819cd3caae0893fccda6c652a37f9
-new file mode 100644
-index 0000000..1ce5e54
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4b792cf826d819cd3caae0893fccda6c652a37f9 differ
-diff --git a/fuzz/corpora/asn1parse/4c481bb654349ccb219e71e7281beafae752ba0c b/fuzz/corpora/asn1parse/4c481bb654349ccb219e71e7281beafae752ba0c
-new file mode 100644
-index 0000000..ad22a4d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4c481bb654349ccb219e71e7281beafae752ba0c differ
-diff --git a/fuzz/corpora/asn1parse/4d69414407bc33ecc6d45f047f2d4cce68953cde b/fuzz/corpora/asn1parse/4d69414407bc33ecc6d45f047f2d4cce68953cde
-new file mode 100644
-index 0000000..69b6a95
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4d69414407bc33ecc6d45f047f2d4cce68953cde differ
-diff --git a/fuzz/corpora/asn1parse/4dd9bea5a9e7b09887af9d31a6cef7579c13568b b/fuzz/corpora/asn1parse/4dd9bea5a9e7b09887af9d31a6cef7579c13568b
-new file mode 100644
-index 0000000..83880cb
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4dd9bea5a9e7b09887af9d31a6cef7579c13568b differ
-diff --git a/fuzz/corpora/asn1parse/4ed5d5f834911777efae935a75734be27f2ffd8a b/fuzz/corpora/asn1parse/4ed5d5f834911777efae935a75734be27f2ffd8a
-new file mode 100644
-index 0000000..699afc2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4ed5d5f834911777efae935a75734be27f2ffd8a differ
-diff --git a/fuzz/corpora/asn1parse/4f08dc2357fc8da5598fbbd645d3b839a0092c25 b/fuzz/corpora/asn1parse/4f08dc2357fc8da5598fbbd645d3b839a0092c25
-new file mode 100644
-index 0000000..97cd7c8
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4f08dc2357fc8da5598fbbd645d3b839a0092c25 differ
-diff --git a/fuzz/corpora/asn1parse/4f90dac4b0fef52cb5d86b0a5bae0eca0d8d44e5 b/fuzz/corpora/asn1parse/4f90dac4b0fef52cb5d86b0a5bae0eca0d8d44e5
-new file mode 100644
-index 0000000..22b0ff7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/4f90dac4b0fef52cb5d86b0a5bae0eca0d8d44e5 differ
-diff --git a/fuzz/corpora/asn1parse/50fb42833848f57be8ca813c7a1ef7fd90348e14 b/fuzz/corpora/asn1parse/50fb42833848f57be8ca813c7a1ef7fd90348e14
-new file mode 100644
-index 0000000..3e30117
-Binary files /dev/null and b/fuzz/corpora/asn1parse/50fb42833848f57be8ca813c7a1ef7fd90348e14 differ
-diff --git a/fuzz/corpora/asn1parse/512ba91d64de774978258daed356968a4184bd26 b/fuzz/corpora/asn1parse/512ba91d64de774978258daed356968a4184bd26
-new file mode 100644
-index 0000000..a6e19e1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/512ba91d64de774978258daed356968a4184bd26 differ
-diff --git a/fuzz/corpora/asn1parse/51c90cd85041bd080a032cfc179c31f713505150 b/fuzz/corpora/asn1parse/51c90cd85041bd080a032cfc179c31f713505150
-new file mode 100644
-index 0000000..6e54b95
-Binary files /dev/null and b/fuzz/corpora/asn1parse/51c90cd85041bd080a032cfc179c31f713505150 differ
-diff --git a/fuzz/corpora/asn1parse/5227955ea593066cbe6b5e533b45de92537b6a19 b/fuzz/corpora/asn1parse/5227955ea593066cbe6b5e533b45de92537b6a19
-new file mode 100644
-index 0000000..dcbd182
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5227955ea593066cbe6b5e533b45de92537b6a19 differ
-diff --git a/fuzz/corpora/asn1parse/559d96a0decd231d5f68a026ed9ce05c3d3b4867 b/fuzz/corpora/asn1parse/559d96a0decd231d5f68a026ed9ce05c3d3b4867
-new file mode 100644
-index 0000000..4006ed6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/559d96a0decd231d5f68a026ed9ce05c3d3b4867 differ
-diff --git a/fuzz/corpora/asn1parse/55d27fc7b9a90a10e64da68f484e7bccb91f389d b/fuzz/corpora/asn1parse/55d27fc7b9a90a10e64da68f484e7bccb91f389d
-new file mode 100644
-index 0000000..0d7ab2a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/55d27fc7b9a90a10e64da68f484e7bccb91f389d differ
-diff --git a/fuzz/corpora/asn1parse/55f83a9f6e78dbf5ee1a3cc7952a91f86822358e b/fuzz/corpora/asn1parse/55f83a9f6e78dbf5ee1a3cc7952a91f86822358e
-new file mode 100644
-index 0000000..287d5bb
-Binary files /dev/null and b/fuzz/corpora/asn1parse/55f83a9f6e78dbf5ee1a3cc7952a91f86822358e differ
-diff --git a/fuzz/corpora/asn1parse/5617a7607b2c65f8d2f116d14794ceba493d3864 b/fuzz/corpora/asn1parse/5617a7607b2c65f8d2f116d14794ceba493d3864
-new file mode 100644
-index 0000000..512a005
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5617a7607b2c65f8d2f116d14794ceba493d3864 differ
-diff --git a/fuzz/corpora/asn1parse/57fd50a24b462b8ea3a9f26e7d65c01eb3872565 b/fuzz/corpora/asn1parse/57fd50a24b462b8ea3a9f26e7d65c01eb3872565
-new file mode 100644
-index 0000000..9959195
-Binary files /dev/null and b/fuzz/corpora/asn1parse/57fd50a24b462b8ea3a9f26e7d65c01eb3872565 differ
-diff --git a/fuzz/corpora/asn1parse/59c511d27d5ec11f5788faf66a7f292cd86ceb23 b/fuzz/corpora/asn1parse/59c511d27d5ec11f5788faf66a7f292cd86ceb23
-new file mode 100644
-index 0000000..5444037
-Binary files /dev/null and b/fuzz/corpora/asn1parse/59c511d27d5ec11f5788faf66a7f292cd86ceb23 differ
-diff --git a/fuzz/corpora/asn1parse/5a3514edc9a14eae1a4182dd13787f11b27c138a b/fuzz/corpora/asn1parse/5a3514edc9a14eae1a4182dd13787f11b27c138a
-new file mode 100644
-index 0000000..414aeae
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5a3514edc9a14eae1a4182dd13787f11b27c138a differ
-diff --git a/fuzz/corpora/asn1parse/5a98569353fce2f80a6d7d99bde5c9802fae309f b/fuzz/corpora/asn1parse/5a98569353fce2f80a6d7d99bde5c9802fae309f
-new file mode 100644
-index 0000000..0a3b055
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5a98569353fce2f80a6d7d99bde5c9802fae309f differ
-diff --git a/fuzz/corpora/asn1parse/5b32fda16dbcebeaa706a17df3256c10e4711c2d b/fuzz/corpora/asn1parse/5b32fda16dbcebeaa706a17df3256c10e4711c2d
-new file mode 100644
-index 0000000..162eefa
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5b32fda16dbcebeaa706a17df3256c10e4711c2d differ
-diff --git a/fuzz/corpora/asn1parse/5bab61eb53176449e25c2c82f172b82cb13ffb9d b/fuzz/corpora/asn1parse/5bab61eb53176449e25c2c82f172b82cb13ffb9d
-new file mode 100644
-index 0000000..0d758c9
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5bab61eb53176449e25c2c82f172b82cb13ffb9d differ
-diff --git a/fuzz/corpora/asn1parse/5bd470c4cea77c2741c79ade7b10bf14f3849c55 b/fuzz/corpora/asn1parse/5bd470c4cea77c2741c79ade7b10bf14f3849c55
-new file mode 100644
-index 0000000..9ce93c9
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5bd470c4cea77c2741c79ade7b10bf14f3849c55 differ
-diff --git a/fuzz/corpora/asn1parse/5d476603f27dae43725c213249c5ee9a2f8306f0 b/fuzz/corpora/asn1parse/5d476603f27dae43725c213249c5ee9a2f8306f0
-new file mode 100644
-index 0000000..d9c9da0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5d476603f27dae43725c213249c5ee9a2f8306f0 differ
-diff --git a/fuzz/corpora/asn1parse/5d63e724a27154dd83cc340c3d3f54119c40ca72 b/fuzz/corpora/asn1parse/5d63e724a27154dd83cc340c3d3f54119c40ca72
-new file mode 100644
-index 0000000..a2c5cea
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5d63e724a27154dd83cc340c3d3f54119c40ca72 differ
-diff --git a/fuzz/corpora/asn1parse/5eb17aa65c228f6fa43d4315a56d232b1927b4d7 b/fuzz/corpora/asn1parse/5eb17aa65c228f6fa43d4315a56d232b1927b4d7
-new file mode 100644
-index 0000000..8e34d70
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5eb17aa65c228f6fa43d4315a56d232b1927b4d7 differ
-diff --git a/fuzz/corpora/asn1parse/5f81f9f6726d889f9b47e51e37efb454f924d93f b/fuzz/corpora/asn1parse/5f81f9f6726d889f9b47e51e37efb454f924d93f
-new file mode 100644
-index 0000000..6d06e5b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5f81f9f6726d889f9b47e51e37efb454f924d93f differ
-diff --git a/fuzz/corpora/asn1parse/5f9e2ddf0af7e1d84c9c0f6017b9ab5a8dcbf2f1 b/fuzz/corpora/asn1parse/5f9e2ddf0af7e1d84c9c0f6017b9ab5a8dcbf2f1
-new file mode 100644
-index 0000000..0220454
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5f9e2ddf0af7e1d84c9c0f6017b9ab5a8dcbf2f1 differ
-diff --git a/fuzz/corpora/asn1parse/5fa48d1ffbc9a079aaf7271399b6ab0a8e533ca6 b/fuzz/corpora/asn1parse/5fa48d1ffbc9a079aaf7271399b6ab0a8e533ca6
-new file mode 100644
-index 0000000..1fdde59
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5fa48d1ffbc9a079aaf7271399b6ab0a8e533ca6 differ
-diff --git a/fuzz/corpora/asn1parse/5fcdb8c6561bd2d86498e277268c7228283fd8e4 b/fuzz/corpora/asn1parse/5fcdb8c6561bd2d86498e277268c7228283fd8e4
-new file mode 100644
-index 0000000..8f5b742
-Binary files /dev/null and b/fuzz/corpora/asn1parse/5fcdb8c6561bd2d86498e277268c7228283fd8e4 differ
-diff --git a/fuzz/corpora/asn1parse/606dae1f1f943dd8c2d99afb10a2622c35e7efc4 b/fuzz/corpora/asn1parse/606dae1f1f943dd8c2d99afb10a2622c35e7efc4
-new file mode 100644
-index 0000000..fd86cf0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/606dae1f1f943dd8c2d99afb10a2622c35e7efc4 differ
-diff --git a/fuzz/corpora/asn1parse/650cf6241b45e084429ce2083e808c1ddd7d0280 b/fuzz/corpora/asn1parse/650cf6241b45e084429ce2083e808c1ddd7d0280
-new file mode 100644
-index 0000000..6566e35
-Binary files /dev/null and b/fuzz/corpora/asn1parse/650cf6241b45e084429ce2083e808c1ddd7d0280 differ
-diff --git a/fuzz/corpora/asn1parse/65ca225d71ea5d0c377abda01ff90d3d6c17a965 b/fuzz/corpora/asn1parse/65ca225d71ea5d0c377abda01ff90d3d6c17a965
-new file mode 100644
-index 0000000..0416a0a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/65ca225d71ea5d0c377abda01ff90d3d6c17a965 differ
-diff --git a/fuzz/corpora/asn1parse/670f3498d1735c7af211d954300943dde6d16074 b/fuzz/corpora/asn1parse/670f3498d1735c7af211d954300943dde6d16074
-new file mode 100644
-index 0000000..01c5f0a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/670f3498d1735c7af211d954300943dde6d16074 differ
-diff --git a/fuzz/corpora/asn1parse/67f669b07c86c9df21a311561fadfba480cb827f b/fuzz/corpora/asn1parse/67f669b07c86c9df21a311561fadfba480cb827f
-new file mode 100644
-index 0000000..f976c2a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/67f669b07c86c9df21a311561fadfba480cb827f differ
-diff --git a/fuzz/corpora/asn1parse/6830abb1f4a3d83460e6aca1e7164e7ef7c8e3a6 b/fuzz/corpora/asn1parse/6830abb1f4a3d83460e6aca1e7164e7ef7c8e3a6
-new file mode 100644
-index 0000000..2eabca0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6830abb1f4a3d83460e6aca1e7164e7ef7c8e3a6 differ
-diff --git a/fuzz/corpora/asn1parse/6931b64fc31d5ff22a61359a39bb9c1e88222d6e b/fuzz/corpora/asn1parse/6931b64fc31d5ff22a61359a39bb9c1e88222d6e
-new file mode 100644
-index 0000000..9c4b0e0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6931b64fc31d5ff22a61359a39bb9c1e88222d6e differ
-diff --git a/fuzz/corpora/asn1parse/699c9163889627104d17c02c4ae77902a4e6f6ab b/fuzz/corpora/asn1parse/699c9163889627104d17c02c4ae77902a4e6f6ab
-new file mode 100644
-index 0000000..b030634
-Binary files /dev/null and b/fuzz/corpora/asn1parse/699c9163889627104d17c02c4ae77902a4e6f6ab differ
-diff --git a/fuzz/corpora/asn1parse/69b09a9cd250aae62114a949b4ce18f5afab773e b/fuzz/corpora/asn1parse/69b09a9cd250aae62114a949b4ce18f5afab773e
-new file mode 100644
-index 0000000..61b2af4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/69b09a9cd250aae62114a949b4ce18f5afab773e differ
-diff --git a/fuzz/corpora/asn1parse/6a31ad7abc949967904218c6ce12299bbad6b789 b/fuzz/corpora/asn1parse/6a31ad7abc949967904218c6ce12299bbad6b789
-new file mode 100644
-index 0000000..619b023
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6a31ad7abc949967904218c6ce12299bbad6b789 differ
-diff --git a/fuzz/corpora/asn1parse/6a7ba9bc4604756d7742626f23007d7a81480c5e b/fuzz/corpora/asn1parse/6a7ba9bc4604756d7742626f23007d7a81480c5e
-new file mode 100644
-index 0000000..c1772b7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6a7ba9bc4604756d7742626f23007d7a81480c5e differ
-diff --git a/fuzz/corpora/asn1parse/6c1e4760c11ff1d575aaf8032ccc2558b559e426 b/fuzz/corpora/asn1parse/6c1e4760c11ff1d575aaf8032ccc2558b559e426
-new file mode 100644
-index 0000000..42f2b60
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6c1e4760c11ff1d575aaf8032ccc2558b559e426 differ
-diff --git a/fuzz/corpora/asn1parse/6c322149ea3bc7d5f553e310dd69e9a8aeb0e22d b/fuzz/corpora/asn1parse/6c322149ea3bc7d5f553e310dd69e9a8aeb0e22d
-new file mode 100644
-index 0000000..e36ccb7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6c322149ea3bc7d5f553e310dd69e9a8aeb0e22d differ
-diff --git a/fuzz/corpora/asn1parse/6c93750be395a298fd69c9970ef09136049de7a7 b/fuzz/corpora/asn1parse/6c93750be395a298fd69c9970ef09136049de7a7
-new file mode 100644
-index 0000000..4801b64
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6c93750be395a298fd69c9970ef09136049de7a7 differ
-diff --git a/fuzz/corpora/asn1parse/6d0e5c3afe023349ebb954548769b682f734d095 b/fuzz/corpora/asn1parse/6d0e5c3afe023349ebb954548769b682f734d095
-new file mode 100644
-index 0000000..b688c8a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6d0e5c3afe023349ebb954548769b682f734d095 differ
-diff --git a/fuzz/corpora/asn1parse/6d808fffe62abb90efaf6f35e5b2a13481f8b888 b/fuzz/corpora/asn1parse/6d808fffe62abb90efaf6f35e5b2a13481f8b888
-new file mode 100644
-index 0000000..ca17f3d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6d808fffe62abb90efaf6f35e5b2a13481f8b888 differ
-diff --git a/fuzz/corpora/asn1parse/6e228749713b2fd9eeb020e4de35fa5e55138c3e b/fuzz/corpora/asn1parse/6e228749713b2fd9eeb020e4de35fa5e55138c3e
-new file mode 100644
-index 0000000..2d0fd87
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6e228749713b2fd9eeb020e4de35fa5e55138c3e differ
-diff --git a/fuzz/corpora/asn1parse/6fc37978c4ae3a27fce9a14ed9aca4edd411b2b4 b/fuzz/corpora/asn1parse/6fc37978c4ae3a27fce9a14ed9aca4edd411b2b4
-new file mode 100644
-index 0000000..0a0598c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/6fc37978c4ae3a27fce9a14ed9aca4edd411b2b4 differ
-diff --git a/fuzz/corpora/asn1parse/701183769cb8a3195c8d6135391223dc11d1942d b/fuzz/corpora/asn1parse/701183769cb8a3195c8d6135391223dc11d1942d
-new file mode 100644
-index 0000000..7a41dfe
-Binary files /dev/null and b/fuzz/corpora/asn1parse/701183769cb8a3195c8d6135391223dc11d1942d differ
-diff --git a/fuzz/corpora/asn1parse/708ca98f2e8daabfd7933631e794cecfaba63ac0 b/fuzz/corpora/asn1parse/708ca98f2e8daabfd7933631e794cecfaba63ac0
-new file mode 100644
-index 0000000..2ef451b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/708ca98f2e8daabfd7933631e794cecfaba63ac0 differ
-diff --git a/fuzz/corpora/asn1parse/70c4ab1a67b8bf29f3abb701123d0e1d9b6d02d3 b/fuzz/corpora/asn1parse/70c4ab1a67b8bf29f3abb701123d0e1d9b6d02d3
-new file mode 100644
-index 0000000..7b6dc1b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/70c4ab1a67b8bf29f3abb701123d0e1d9b6d02d3 differ
-diff --git a/fuzz/corpora/asn1parse/70d4dc49c1d135e736b3a257d52e0979256f4e02 b/fuzz/corpora/asn1parse/70d4dc49c1d135e736b3a257d52e0979256f4e02
-new file mode 100644
-index 0000000..5963f6f
-Binary files /dev/null and b/fuzz/corpora/asn1parse/70d4dc49c1d135e736b3a257d52e0979256f4e02 differ
-diff --git a/fuzz/corpora/asn1parse/716bddf9a58ce3d7da4ba4fd5e575dc85ba7299f b/fuzz/corpora/asn1parse/716bddf9a58ce3d7da4ba4fd5e575dc85ba7299f
-new file mode 100644
-index 0000000..7e5093d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/716bddf9a58ce3d7da4ba4fd5e575dc85ba7299f differ
-diff --git a/fuzz/corpora/asn1parse/72a17e49a4b37de749fe68e4bae55802870aa591 b/fuzz/corpora/asn1parse/72a17e49a4b37de749fe68e4bae55802870aa591
-new file mode 100644
-index 0000000..e08fc6b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/72a17e49a4b37de749fe68e4bae55802870aa591 differ
-diff --git a/fuzz/corpora/asn1parse/7388ea590edf90ecdd59be39726583742cffc402 b/fuzz/corpora/asn1parse/7388ea590edf90ecdd59be39726583742cffc402
-new file mode 100644
-index 0000000..3d764b1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7388ea590edf90ecdd59be39726583742cffc402 differ
-diff --git a/fuzz/corpora/asn1parse/739d0095359e57cf912947060227e1f019112066 b/fuzz/corpora/asn1parse/739d0095359e57cf912947060227e1f019112066
-new file mode 100644
-index 0000000..c7ffb1c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/739d0095359e57cf912947060227e1f019112066 differ
-diff --git a/fuzz/corpora/asn1parse/75859ac2b768af2d69845b5c49ea0163f98730c4 b/fuzz/corpora/asn1parse/75859ac2b768af2d69845b5c49ea0163f98730c4
-new file mode 100644
-index 0000000..533e709
-Binary files /dev/null and b/fuzz/corpora/asn1parse/75859ac2b768af2d69845b5c49ea0163f98730c4 differ
-diff --git a/fuzz/corpora/asn1parse/75d333b8fabbd287821b8d10d3fe3a54dce3f427 b/fuzz/corpora/asn1parse/75d333b8fabbd287821b8d10d3fe3a54dce3f427
-new file mode 100644
-index 0000000..5bc0648
-Binary files /dev/null and b/fuzz/corpora/asn1parse/75d333b8fabbd287821b8d10d3fe3a54dce3f427 differ
-diff --git a/fuzz/corpora/asn1parse/7610532c879bef16a133118f70ff8b8037a7707d b/fuzz/corpora/asn1parse/7610532c879bef16a133118f70ff8b8037a7707d
-new file mode 100644
-index 0000000..4bda238
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7610532c879bef16a133118f70ff8b8037a7707d differ
-diff --git a/fuzz/corpora/asn1parse/761ffd8e88ae3403043ddbc153738e848387256f b/fuzz/corpora/asn1parse/761ffd8e88ae3403043ddbc153738e848387256f
-new file mode 100644
-index 0000000..89478ab
-Binary files /dev/null and b/fuzz/corpora/asn1parse/761ffd8e88ae3403043ddbc153738e848387256f differ
-diff --git a/fuzz/corpora/asn1parse/76659a8d2afc0c07f9d67a7818dd0c2bcdfbb294 b/fuzz/corpora/asn1parse/76659a8d2afc0c07f9d67a7818dd0c2bcdfbb294
-new file mode 100644
-index 0000000..b304059
-Binary files /dev/null and b/fuzz/corpora/asn1parse/76659a8d2afc0c07f9d67a7818dd0c2bcdfbb294 differ
-diff --git a/fuzz/corpora/asn1parse/766fad7cbb4352f9e54f69c1cd5efc1d39be7c11 b/fuzz/corpora/asn1parse/766fad7cbb4352f9e54f69c1cd5efc1d39be7c11
-new file mode 100644
-index 0000000..6150393
-Binary files /dev/null and b/fuzz/corpora/asn1parse/766fad7cbb4352f9e54f69c1cd5efc1d39be7c11 differ
-diff --git a/fuzz/corpora/asn1parse/76c66d7ca20fb78eb2c86eca0c36922e901474f9 b/fuzz/corpora/asn1parse/76c66d7ca20fb78eb2c86eca0c36922e901474f9
-new file mode 100644
-index 0000000..3914a1a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/76c66d7ca20fb78eb2c86eca0c36922e901474f9 differ
-diff --git a/fuzz/corpora/asn1parse/7702b86b6e9ced18a2581858bba27fe4c727077d b/fuzz/corpora/asn1parse/7702b86b6e9ced18a2581858bba27fe4c727077d
-new file mode 100644
-index 0000000..71f4647
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7702b86b6e9ced18a2581858bba27fe4c727077d differ
-diff --git a/fuzz/corpora/asn1parse/77336c9db08321cf33af0120768d02d22baa9ce6 b/fuzz/corpora/asn1parse/77336c9db08321cf33af0120768d02d22baa9ce6
-new file mode 100644
-index 0000000..e2e0610
-Binary files /dev/null and b/fuzz/corpora/asn1parse/77336c9db08321cf33af0120768d02d22baa9ce6 differ
-diff --git a/fuzz/corpora/asn1parse/7893d44985a8463839afdcfd49ff62f5f159e7f5 b/fuzz/corpora/asn1parse/7893d44985a8463839afdcfd49ff62f5f159e7f5
-new file mode 100644
-index 0000000..1b8b72e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7893d44985a8463839afdcfd49ff62f5f159e7f5 differ
-diff --git a/fuzz/corpora/asn1parse/78cad09ff275e3ac43ecce283709cc83fe4aeb30 b/fuzz/corpora/asn1parse/78cad09ff275e3ac43ecce283709cc83fe4aeb30
-new file mode 100644
-index 0000000..3c337ad
-Binary files /dev/null and b/fuzz/corpora/asn1parse/78cad09ff275e3ac43ecce283709cc83fe4aeb30 differ
-diff --git a/fuzz/corpora/asn1parse/78f468a7646f0094403acf24aafe49f57fc5cfe9 b/fuzz/corpora/asn1parse/78f468a7646f0094403acf24aafe49f57fc5cfe9
-new file mode 100644
-index 0000000..c7c3e82
-Binary files /dev/null and b/fuzz/corpora/asn1parse/78f468a7646f0094403acf24aafe49f57fc5cfe9 differ
-diff --git a/fuzz/corpora/asn1parse/7aa3cd76f33a309159ab228b2984119df7b07861 b/fuzz/corpora/asn1parse/7aa3cd76f33a309159ab228b2984119df7b07861
-new file mode 100644
-index 0000000..6813fa6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7aa3cd76f33a309159ab228b2984119df7b07861 differ
-diff --git a/fuzz/corpora/asn1parse/7ae1ca162edb7f78a852789b584a5c3410c8bf96 b/fuzz/corpora/asn1parse/7ae1ca162edb7f78a852789b584a5c3410c8bf96
-new file mode 100644
-index 0000000..44ec1eb
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7ae1ca162edb7f78a852789b584a5c3410c8bf96 differ
-diff --git a/fuzz/corpora/asn1parse/7bef59d7f356c3120dbdb8d7a5c5f83e2f74d771 b/fuzz/corpora/asn1parse/7bef59d7f356c3120dbdb8d7a5c5f83e2f74d771
-new file mode 100644
-index 0000000..8debbab
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7bef59d7f356c3120dbdb8d7a5c5f83e2f74d771 differ
-diff --git a/fuzz/corpora/asn1parse/7c1ce8b10a97536fa01f1a699151d77aa2f46ed8 b/fuzz/corpora/asn1parse/7c1ce8b10a97536fa01f1a699151d77aa2f46ed8
-new file mode 100644
-index 0000000..3a670db
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7c1ce8b10a97536fa01f1a699151d77aa2f46ed8 differ
-diff --git a/fuzz/corpora/asn1parse/7c55fff2cedecee2c0107cc8f63e36fd64d8c593 b/fuzz/corpora/asn1parse/7c55fff2cedecee2c0107cc8f63e36fd64d8c593
-new file mode 100644
-index 0000000..263fbb0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7c55fff2cedecee2c0107cc8f63e36fd64d8c593 differ
-diff --git a/fuzz/corpora/asn1parse/7d1fe7dd371c4ef2e7176cc9f3190cb916b27b64 b/fuzz/corpora/asn1parse/7d1fe7dd371c4ef2e7176cc9f3190cb916b27b64
-new file mode 100644
-index 0000000..4eca932
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7d1fe7dd371c4ef2e7176cc9f3190cb916b27b64 differ
-diff --git a/fuzz/corpora/asn1parse/7ea230ce5ee4519134d044a8f8140d6c458fd514 b/fuzz/corpora/asn1parse/7ea230ce5ee4519134d044a8f8140d6c458fd514
-new file mode 100644
-index 0000000..e97527a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7ea230ce5ee4519134d044a8f8140d6c458fd514 differ
-diff --git a/fuzz/corpora/asn1parse/7fc7162a3ac8d01501fd2e15d2c3e52996320326 b/fuzz/corpora/asn1parse/7fc7162a3ac8d01501fd2e15d2c3e52996320326
-new file mode 100644
-index 0000000..ed000b1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7fc7162a3ac8d01501fd2e15d2c3e52996320326 differ
-diff --git a/fuzz/corpora/asn1parse/7fea2ff7784ea52b4305610423eaf79729176a83 b/fuzz/corpora/asn1parse/7fea2ff7784ea52b4305610423eaf79729176a83
-new file mode 100644
-index 0000000..e6e535c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/7fea2ff7784ea52b4305610423eaf79729176a83 differ
-diff --git a/fuzz/corpora/asn1parse/813751e17baca905f03a1d3bfa4f658923e7558b b/fuzz/corpora/asn1parse/813751e17baca905f03a1d3bfa4f658923e7558b
-new file mode 100644
-index 0000000..a8238f0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/813751e17baca905f03a1d3bfa4f658923e7558b differ
-diff --git a/fuzz/corpora/asn1parse/818e98daa0122418fd34805aa5d2af5768dd2427 b/fuzz/corpora/asn1parse/818e98daa0122418fd34805aa5d2af5768dd2427
-new file mode 100644
-index 0000000..56ed311
-Binary files /dev/null and b/fuzz/corpora/asn1parse/818e98daa0122418fd34805aa5d2af5768dd2427 differ
-diff --git a/fuzz/corpora/asn1parse/834943f158056ae1d12bb83e5bf6779c45570fb8 b/fuzz/corpora/asn1parse/834943f158056ae1d12bb83e5bf6779c45570fb8
-new file mode 100644
-index 0000000..23155df
-Binary files /dev/null and b/fuzz/corpora/asn1parse/834943f158056ae1d12bb83e5bf6779c45570fb8 differ
-diff --git a/fuzz/corpora/asn1parse/838c2383b510c1cfa96c04d3f0039e14cdace011 b/fuzz/corpora/asn1parse/838c2383b510c1cfa96c04d3f0039e14cdace011
-new file mode 100644
-index 0000000..f4caaab
-Binary files /dev/null and b/fuzz/corpora/asn1parse/838c2383b510c1cfa96c04d3f0039e14cdace011 differ
-diff --git a/fuzz/corpora/asn1parse/85e594a34039cf6049ae81d2313382cadd513c5a b/fuzz/corpora/asn1parse/85e594a34039cf6049ae81d2313382cadd513c5a
-new file mode 100644
-index 0000000..7c04265
-Binary files /dev/null and b/fuzz/corpora/asn1parse/85e594a34039cf6049ae81d2313382cadd513c5a differ
-diff --git a/fuzz/corpora/asn1parse/861465831b2b75deb33be48bb5b3c6e3c7e909fc b/fuzz/corpora/asn1parse/861465831b2b75deb33be48bb5b3c6e3c7e909fc
-new file mode 100644
-index 0000000..e1674be
-Binary files /dev/null and b/fuzz/corpora/asn1parse/861465831b2b75deb33be48bb5b3c6e3c7e909fc differ
-diff --git a/fuzz/corpora/asn1parse/8920e2152f3d6d637581b9bb94b6a274ea645e09 b/fuzz/corpora/asn1parse/8920e2152f3d6d637581b9bb94b6a274ea645e09
-new file mode 100644
-index 0000000..1d6d3bf
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8920e2152f3d6d637581b9bb94b6a274ea645e09 differ
-diff --git a/fuzz/corpora/asn1parse/8a35f35c85fc08f93eefb66944cb7f5c84fc5686 b/fuzz/corpora/asn1parse/8a35f35c85fc08f93eefb66944cb7f5c84fc5686
-new file mode 100644
-index 0000000..9f63dc8
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8a35f35c85fc08f93eefb66944cb7f5c84fc5686 differ
-diff --git a/fuzz/corpora/asn1parse/8a47f68865007cbcbc0fca67eb202d33ad3c050a b/fuzz/corpora/asn1parse/8a47f68865007cbcbc0fca67eb202d33ad3c050a
-new file mode 100644
-index 0000000..750a9da
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8a47f68865007cbcbc0fca67eb202d33ad3c050a differ
-diff --git a/fuzz/corpora/asn1parse/8abd4fa40d25af7bcd2fda8c1978128db2c61a27 b/fuzz/corpora/asn1parse/8abd4fa40d25af7bcd2fda8c1978128db2c61a27
-new file mode 100644
-index 0000000..dfd38f2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8abd4fa40d25af7bcd2fda8c1978128db2c61a27 differ
-diff --git a/fuzz/corpora/asn1parse/8af48c039d74d5b449c66433b2ebb5b664d5ae63 b/fuzz/corpora/asn1parse/8af48c039d74d5b449c66433b2ebb5b664d5ae63
-new file mode 100644
-index 0000000..28bd930
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8af48c039d74d5b449c66433b2ebb5b664d5ae63 differ
-diff --git a/fuzz/corpora/asn1parse/8c8c17c265952512ef862604aff015f878103080 b/fuzz/corpora/asn1parse/8c8c17c265952512ef862604aff015f878103080
-new file mode 100644
-index 0000000..2330dfc
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8c8c17c265952512ef862604aff015f878103080 differ
-diff --git a/fuzz/corpora/asn1parse/8d70920d63425691185f0c63026cec7dd672d978 b/fuzz/corpora/asn1parse/8d70920d63425691185f0c63026cec7dd672d978
-new file mode 100644
-index 0000000..71ca276
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8d70920d63425691185f0c63026cec7dd672d978 differ
-diff --git a/fuzz/corpora/asn1parse/8e3b8b24b31c88d466d5041310e67f1780baf9fb b/fuzz/corpora/asn1parse/8e3b8b24b31c88d466d5041310e67f1780baf9fb
-new file mode 100644
-index 0000000..a313a71
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8e3b8b24b31c88d466d5041310e67f1780baf9fb differ
-diff --git a/fuzz/corpora/asn1parse/8e679c206f51e4669c9dd8e68d587a62a56f6437 b/fuzz/corpora/asn1parse/8e679c206f51e4669c9dd8e68d587a62a56f6437
-new file mode 100644
-index 0000000..e059ef5
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8e679c206f51e4669c9dd8e68d587a62a56f6437 differ
-diff --git a/fuzz/corpora/asn1parse/8eef83578369fbc1f38c0abb5f159bfc0c389ac8 b/fuzz/corpora/asn1parse/8eef83578369fbc1f38c0abb5f159bfc0c389ac8
-new file mode 100644
-index 0000000..c904b15
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8eef83578369fbc1f38c0abb5f159bfc0c389ac8 differ
-diff --git a/fuzz/corpora/asn1parse/8f3fa0e046a71f0095bf29fc623e123b7d706343 b/fuzz/corpora/asn1parse/8f3fa0e046a71f0095bf29fc623e123b7d706343
-new file mode 100644
-index 0000000..ed6636b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/8f3fa0e046a71f0095bf29fc623e123b7d706343 differ
-diff --git a/fuzz/corpora/asn1parse/903d3e70fc1fb5cbc807afaa4f16deecb9505c2a b/fuzz/corpora/asn1parse/903d3e70fc1fb5cbc807afaa4f16deecb9505c2a
-new file mode 100644
-index 0000000..9988454
-Binary files /dev/null and b/fuzz/corpora/asn1parse/903d3e70fc1fb5cbc807afaa4f16deecb9505c2a differ
-diff --git a/fuzz/corpora/asn1parse/9127e446dabb95ab8deedffa6e16b42286af059c b/fuzz/corpora/asn1parse/9127e446dabb95ab8deedffa6e16b42286af059c
-new file mode 100644
-index 0000000..170560e
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9127e446dabb95ab8deedffa6e16b42286af059c differ
-diff --git a/fuzz/corpora/asn1parse/924020b047709d6833c27098ab4acb716e5b64b8 b/fuzz/corpora/asn1parse/924020b047709d6833c27098ab4acb716e5b64b8
-new file mode 100644
-index 0000000..2dd0514
-Binary files /dev/null and b/fuzz/corpora/asn1parse/924020b047709d6833c27098ab4acb716e5b64b8 differ
-diff --git a/fuzz/corpora/asn1parse/9283d1029a74e785cf8fa4365f2a676561d56320 b/fuzz/corpora/asn1parse/9283d1029a74e785cf8fa4365f2a676561d56320
-new file mode 100644
-index 0000000..562ef34
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9283d1029a74e785cf8fa4365f2a676561d56320 differ
-diff --git a/fuzz/corpora/asn1parse/92fc5e6882685b1b9856f8cd27a4f5b8e602589a b/fuzz/corpora/asn1parse/92fc5e6882685b1b9856f8cd27a4f5b8e602589a
-new file mode 100644
-index 0000000..8db2469
-Binary files /dev/null and b/fuzz/corpora/asn1parse/92fc5e6882685b1b9856f8cd27a4f5b8e602589a differ
-diff --git a/fuzz/corpora/asn1parse/95110ef863dda8e02a8e000b0a631a8f3854715e b/fuzz/corpora/asn1parse/95110ef863dda8e02a8e000b0a631a8f3854715e
-new file mode 100644
-index 0000000..85ac953
-Binary files /dev/null and b/fuzz/corpora/asn1parse/95110ef863dda8e02a8e000b0a631a8f3854715e differ
-diff --git a/fuzz/corpora/asn1parse/967b3ddb70da537b0fabc179a66e002f905ccd30 b/fuzz/corpora/asn1parse/967b3ddb70da537b0fabc179a66e002f905ccd30
-new file mode 100644
-index 0000000..07f5d19
-Binary files /dev/null and b/fuzz/corpora/asn1parse/967b3ddb70da537b0fabc179a66e002f905ccd30 differ
-diff --git a/fuzz/corpora/asn1parse/97bc79f0f080ada6c5c1139c33d438485146e00b b/fuzz/corpora/asn1parse/97bc79f0f080ada6c5c1139c33d438485146e00b
-new file mode 100644
-index 0000000..ed086ff
-Binary files /dev/null and b/fuzz/corpora/asn1parse/97bc79f0f080ada6c5c1139c33d438485146e00b differ
-diff --git a/fuzz/corpora/asn1parse/9837ab0aa09b25fa8ad4f3d7aab750825addae98 b/fuzz/corpora/asn1parse/9837ab0aa09b25fa8ad4f3d7aab750825addae98
-new file mode 100644
-index 0000000..3a819b1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9837ab0aa09b25fa8ad4f3d7aab750825addae98 differ
-diff --git a/fuzz/corpora/asn1parse/9855bef70bd82ccc8c4a33ae4ed98a1028ca701e b/fuzz/corpora/asn1parse/9855bef70bd82ccc8c4a33ae4ed98a1028ca701e
-new file mode 100644
-index 0000000..9dffb47
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9855bef70bd82ccc8c4a33ae4ed98a1028ca701e differ
-diff --git a/fuzz/corpora/asn1parse/98fd98c5c6c83bc36ccb1f5a939029ab1281db72 b/fuzz/corpora/asn1parse/98fd98c5c6c83bc36ccb1f5a939029ab1281db72
-new file mode 100644
-index 0000000..05aea17
-Binary files /dev/null and b/fuzz/corpora/asn1parse/98fd98c5c6c83bc36ccb1f5a939029ab1281db72 differ
-diff --git a/fuzz/corpora/asn1parse/993cb4240b329e443fb5d072b9d2aa01b1dc8313 b/fuzz/corpora/asn1parse/993cb4240b329e443fb5d072b9d2aa01b1dc8313
-new file mode 100644
-index 0000000..c145d72
-Binary files /dev/null and b/fuzz/corpora/asn1parse/993cb4240b329e443fb5d072b9d2aa01b1dc8313 differ
-diff --git a/fuzz/corpora/asn1parse/9ae81326355f8c296e7c5bf6532f170d7bf053f4 b/fuzz/corpora/asn1parse/9ae81326355f8c296e7c5bf6532f170d7bf053f4
-new file mode 100644
-index 0000000..543649d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9ae81326355f8c296e7c5bf6532f170d7bf053f4 differ
-diff --git a/fuzz/corpora/asn1parse/9bbd0f61386afa1ea4e16d205a0018c8254127b7 b/fuzz/corpora/asn1parse/9bbd0f61386afa1ea4e16d205a0018c8254127b7
-new file mode 100644
-index 0000000..430a6d1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9bbd0f61386afa1ea4e16d205a0018c8254127b7 differ
-diff --git a/fuzz/corpora/asn1parse/9cdc7629f9f39de1103d202eb1c9231ebb2dce5d b/fuzz/corpora/asn1parse/9cdc7629f9f39de1103d202eb1c9231ebb2dce5d
-new file mode 100644
-index 0000000..1c98084
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9cdc7629f9f39de1103d202eb1c9231ebb2dce5d differ
-diff --git a/fuzz/corpora/asn1parse/9d87ff258365d98d2be653b7f02b3f911ff9ec89 b/fuzz/corpora/asn1parse/9d87ff258365d98d2be653b7f02b3f911ff9ec89
-new file mode 100644
-index 0000000..b8242e4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9d87ff258365d98d2be653b7f02b3f911ff9ec89 differ
-diff --git a/fuzz/corpora/asn1parse/9f8c0931a96f9c55c5ec119a50b9b7f37908b688 b/fuzz/corpora/asn1parse/9f8c0931a96f9c55c5ec119a50b9b7f37908b688
-new file mode 100644
-index 0000000..130d976
-Binary files /dev/null and b/fuzz/corpora/asn1parse/9f8c0931a96f9c55c5ec119a50b9b7f37908b688 differ
-diff --git a/fuzz/corpora/asn1parse/a154f2eadf75c5c21077142ec2e2041c05f30d19 b/fuzz/corpora/asn1parse/a154f2eadf75c5c21077142ec2e2041c05f30d19
-new file mode 100644
-index 0000000..68f63fc
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a154f2eadf75c5c21077142ec2e2041c05f30d19 differ
-diff --git a/fuzz/corpora/asn1parse/a1627626a7caa36e9b71d37f705c8e91fa0e421b b/fuzz/corpora/asn1parse/a1627626a7caa36e9b71d37f705c8e91fa0e421b
-new file mode 100644
-index 0000000..cca4e4d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a1627626a7caa36e9b71d37f705c8e91fa0e421b differ
-diff --git a/fuzz/corpora/asn1parse/a1a9380049706f5bef10d86f1df5bea6726f19ac b/fuzz/corpora/asn1parse/a1a9380049706f5bef10d86f1df5bea6726f19ac
-new file mode 100644
-index 0000000..d159fbf
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a1a9380049706f5bef10d86f1df5bea6726f19ac differ
-diff --git a/fuzz/corpora/asn1parse/a2fec28e86e82b0055bec4b8612a24065fd72939 b/fuzz/corpora/asn1parse/a2fec28e86e82b0055bec4b8612a24065fd72939
-new file mode 100644
-index 0000000..c702659
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a2fec28e86e82b0055bec4b8612a24065fd72939 differ
-diff --git a/fuzz/corpora/asn1parse/a5ae5c44b144ecf9d5a96bcb2a10dba99b834dda b/fuzz/corpora/asn1parse/a5ae5c44b144ecf9d5a96bcb2a10dba99b834dda
-new file mode 100644
-index 0000000..83cfe65
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a5ae5c44b144ecf9d5a96bcb2a10dba99b834dda differ
-diff --git a/fuzz/corpora/asn1parse/a5b871a4625307f2d6680b9a3579a98541ef666a b/fuzz/corpora/asn1parse/a5b871a4625307f2d6680b9a3579a98541ef666a
-new file mode 100644
-index 0000000..adbb772
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a5b871a4625307f2d6680b9a3579a98541ef666a differ
-diff --git a/fuzz/corpora/asn1parse/a7543b5ebf6881cc018277a337448f1936fc949b b/fuzz/corpora/asn1parse/a7543b5ebf6881cc018277a337448f1936fc949b
-new file mode 100644
-index 0000000..430befd
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a7543b5ebf6881cc018277a337448f1936fc949b differ
-diff --git a/fuzz/corpora/asn1parse/a7c2d5d8469d9077d6320a0a3447f08e4414ccea b/fuzz/corpora/asn1parse/a7c2d5d8469d9077d6320a0a3447f08e4414ccea
-new file mode 100644
-index 0000000..57f191d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a7c2d5d8469d9077d6320a0a3447f08e4414ccea differ
-diff --git a/fuzz/corpora/asn1parse/a7f4b39afe570a17a16174a2a28ced80ce21e488 b/fuzz/corpora/asn1parse/a7f4b39afe570a17a16174a2a28ced80ce21e488
-new file mode 100644
-index 0000000..0b2a2d3
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a7f4b39afe570a17a16174a2a28ced80ce21e488 differ
-diff --git a/fuzz/corpora/asn1parse/a86048c45a68499e2aa87daa44fbbcaaa19324c5 b/fuzz/corpora/asn1parse/a86048c45a68499e2aa87daa44fbbcaaa19324c5
-new file mode 100644
-index 0000000..e4ba484
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a86048c45a68499e2aa87daa44fbbcaaa19324c5 differ
-diff --git a/fuzz/corpora/asn1parse/a8ce50c57aee91c7f46325d99b3e83ee4a435f9d b/fuzz/corpora/asn1parse/a8ce50c57aee91c7f46325d99b3e83ee4a435f9d
-new file mode 100644
-index 0000000..cc3100a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a8ce50c57aee91c7f46325d99b3e83ee4a435f9d differ
-diff --git a/fuzz/corpora/asn1parse/a91057c71dc3327cdf0513ee7da14dc491fd064a b/fuzz/corpora/asn1parse/a91057c71dc3327cdf0513ee7da14dc491fd064a
-new file mode 100644
-index 0000000..b884d20
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a91057c71dc3327cdf0513ee7da14dc491fd064a differ
-diff --git a/fuzz/corpora/asn1parse/a965cde0e7eb4e19a4030e18a8369fbbc3397d4f b/fuzz/corpora/asn1parse/a965cde0e7eb4e19a4030e18a8369fbbc3397d4f
-new file mode 100644
-index 0000000..977cc15
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a965cde0e7eb4e19a4030e18a8369fbbc3397d4f differ
-diff --git a/fuzz/corpora/asn1parse/a96e527145d8ed286db7b8908082f3dfc892b922 b/fuzz/corpora/asn1parse/a96e527145d8ed286db7b8908082f3dfc892b922
-new file mode 100644
-index 0000000..42925a3
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a96e527145d8ed286db7b8908082f3dfc892b922 differ
-diff --git a/fuzz/corpora/asn1parse/a9f7f96b88f16fd34b0cbcd96532430a52c82d94 b/fuzz/corpora/asn1parse/a9f7f96b88f16fd34b0cbcd96532430a52c82d94
-new file mode 100644
-index 0000000..8d9940a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/a9f7f96b88f16fd34b0cbcd96532430a52c82d94 differ
-diff --git a/fuzz/corpora/asn1parse/aa9628463fb75b7024eb66a10fc25f42cc90eb12 b/fuzz/corpora/asn1parse/aa9628463fb75b7024eb66a10fc25f42cc90eb12
-new file mode 100644
-index 0000000..cc81909
-Binary files /dev/null and b/fuzz/corpora/asn1parse/aa9628463fb75b7024eb66a10fc25f42cc90eb12 differ
-diff --git a/fuzz/corpora/asn1parse/aad67c70ec0c75ba579d0f0c8c85d052159af036 b/fuzz/corpora/asn1parse/aad67c70ec0c75ba579d0f0c8c85d052159af036
-new file mode 100644
-index 0000000..7919a9d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/aad67c70ec0c75ba579d0f0c8c85d052159af036 differ
-diff --git a/fuzz/corpora/asn1parse/ab8425f603bbde93858fc2b8e6ec7ba1cac41c9a b/fuzz/corpora/asn1parse/ab8425f603bbde93858fc2b8e6ec7ba1cac41c9a
-new file mode 100644
-index 0000000..4880307
-Binary files /dev/null and b/fuzz/corpora/asn1parse/ab8425f603bbde93858fc2b8e6ec7ba1cac41c9a differ
-diff --git a/fuzz/corpora/asn1parse/aca96c250106f2471f5251fd17bedb3a34b48e35 b/fuzz/corpora/asn1parse/aca96c250106f2471f5251fd17bedb3a34b48e35
-new file mode 100644
-index 0000000..2f6b2c4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/aca96c250106f2471f5251fd17bedb3a34b48e35 differ
-diff --git a/fuzz/corpora/asn1parse/acde2c49d56d7cee84e400cfab9246c528431d74 b/fuzz/corpora/asn1parse/acde2c49d56d7cee84e400cfab9246c528431d74
-new file mode 100644
-index 0000000..59a4942
-Binary files /dev/null and b/fuzz/corpora/asn1parse/acde2c49d56d7cee84e400cfab9246c528431d74 differ
-diff --git a/fuzz/corpora/asn1parse/ad3f8582777a4094720cb1371c4faff595620815 b/fuzz/corpora/asn1parse/ad3f8582777a4094720cb1371c4faff595620815
-new file mode 100644
-index 0000000..8fe79b5
-Binary files /dev/null and b/fuzz/corpora/asn1parse/ad3f8582777a4094720cb1371c4faff595620815 differ
-diff --git a/fuzz/corpora/asn1parse/adb0f7eef21ab16604c894ba0266a38e0d5bda9b b/fuzz/corpora/asn1parse/adb0f7eef21ab16604c894ba0266a38e0d5bda9b
-new file mode 100644
-index 0000000..201da65
-Binary files /dev/null and b/fuzz/corpora/asn1parse/adb0f7eef21ab16604c894ba0266a38e0d5bda9b differ
-diff --git a/fuzz/corpora/asn1parse/ae81a3ef4a5ba492aaa8f06c1c787cf0e78a9ec8 b/fuzz/corpora/asn1parse/ae81a3ef4a5ba492aaa8f06c1c787cf0e78a9ec8
-new file mode 100644
-index 0000000..b5757fd
-Binary files /dev/null and b/fuzz/corpora/asn1parse/ae81a3ef4a5ba492aaa8f06c1c787cf0e78a9ec8 differ
-diff --git a/fuzz/corpora/asn1parse/af208c9937583b51915ada945fc2a8dcd246bc3b b/fuzz/corpora/asn1parse/af208c9937583b51915ada945fc2a8dcd246bc3b
-new file mode 100644
-index 0000000..af1bf3f
-Binary files /dev/null and b/fuzz/corpora/asn1parse/af208c9937583b51915ada945fc2a8dcd246bc3b differ
-diff --git a/fuzz/corpora/asn1parse/afd27d5be87a423255a9180ea04045929d81fc2b b/fuzz/corpora/asn1parse/afd27d5be87a423255a9180ea04045929d81fc2b
-new file mode 100644
-index 0000000..a51a1c6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/afd27d5be87a423255a9180ea04045929d81fc2b differ
-diff --git a/fuzz/corpora/asn1parse/b198966f0f37eefee29b457e2267c13a65829d64 b/fuzz/corpora/asn1parse/b198966f0f37eefee29b457e2267c13a65829d64
-new file mode 100644
-index 0000000..9cb7a58
-Binary files /dev/null and b/fuzz/corpora/asn1parse/b198966f0f37eefee29b457e2267c13a65829d64 differ
-diff --git a/fuzz/corpora/asn1parse/b35e1b725f84b63c5764f8a6ec7690c799b130c1 b/fuzz/corpora/asn1parse/b35e1b725f84b63c5764f8a6ec7690c799b130c1
-new file mode 100644
-index 0000000..8440078
-Binary files /dev/null and b/fuzz/corpora/asn1parse/b35e1b725f84b63c5764f8a6ec7690c799b130c1 differ
-diff --git a/fuzz/corpora/asn1parse/b700a5dadad9c128c9df5aafa1ade0b8c2bab07f b/fuzz/corpora/asn1parse/b700a5dadad9c128c9df5aafa1ade0b8c2bab07f
-new file mode 100644
-index 0000000..48fe269
-Binary files /dev/null and b/fuzz/corpora/asn1parse/b700a5dadad9c128c9df5aafa1ade0b8c2bab07f differ
-diff --git a/fuzz/corpora/asn1parse/b9b4c0b435d1c226c0feaf4e0e5695e89d9bf51c b/fuzz/corpora/asn1parse/b9b4c0b435d1c226c0feaf4e0e5695e89d9bf51c
-new file mode 100644
-index 0000000..b816380
-Binary files /dev/null and b/fuzz/corpora/asn1parse/b9b4c0b435d1c226c0feaf4e0e5695e89d9bf51c differ
-diff --git a/fuzz/corpora/asn1parse/bb002a83f063d9fffbc05663c2aafcc64ca606fa b/fuzz/corpora/asn1parse/bb002a83f063d9fffbc05663c2aafcc64ca606fa
-new file mode 100644
-index 0000000..8ebe89c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bb002a83f063d9fffbc05663c2aafcc64ca606fa differ
-diff --git a/fuzz/corpora/asn1parse/bc64df47b21c5c0c6d3011d67519a91a84ad84bf b/fuzz/corpora/asn1parse/bc64df47b21c5c0c6d3011d67519a91a84ad84bf
-new file mode 100644
-index 0000000..f2e9bfe
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bc64df47b21c5c0c6d3011d67519a91a84ad84bf differ
-diff --git a/fuzz/corpora/asn1parse/bcf8db4be02ca3b6a035b46c3a18fcf6728f9717 b/fuzz/corpora/asn1parse/bcf8db4be02ca3b6a035b46c3a18fcf6728f9717
-new file mode 100644
-index 0000000..f788fee
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bcf8db4be02ca3b6a035b46c3a18fcf6728f9717 differ
-diff --git a/fuzz/corpora/asn1parse/bd715e57866158f421d6b0cffe13aeda99d44f35 b/fuzz/corpora/asn1parse/bd715e57866158f421d6b0cffe13aeda99d44f35
-new file mode 100644
-index 0000000..8fcef9b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bd715e57866158f421d6b0cffe13aeda99d44f35 differ
-diff --git a/fuzz/corpora/asn1parse/bd73dc61b617d382aa8f1c8a906a9b05b62007ba b/fuzz/corpora/asn1parse/bd73dc61b617d382aa8f1c8a906a9b05b62007ba
-new file mode 100644
-index 0000000..210995c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bd73dc61b617d382aa8f1c8a906a9b05b62007ba differ
-diff --git a/fuzz/corpora/asn1parse/bf0e6c4ed317e97ffc4e9e59dc8617d33c1f5b1f b/fuzz/corpora/asn1parse/bf0e6c4ed317e97ffc4e9e59dc8617d33c1f5b1f
-new file mode 100644
-index 0000000..13dac58
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bf0e6c4ed317e97ffc4e9e59dc8617d33c1f5b1f differ
-diff --git a/fuzz/corpora/asn1parse/bf927eb269787d084f8c752c04a8b692ae9a13d0 b/fuzz/corpora/asn1parse/bf927eb269787d084f8c752c04a8b692ae9a13d0
-new file mode 100644
-index 0000000..3c2b160
-Binary files /dev/null and b/fuzz/corpora/asn1parse/bf927eb269787d084f8c752c04a8b692ae9a13d0 differ
-diff --git a/fuzz/corpora/asn1parse/c1a6cba18b55c29b5b32a444c37f2236348f9df6 b/fuzz/corpora/asn1parse/c1a6cba18b55c29b5b32a444c37f2236348f9df6
-new file mode 100644
-index 0000000..a15167f
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c1a6cba18b55c29b5b32a444c37f2236348f9df6 differ
-diff --git a/fuzz/corpora/asn1parse/c1fb56f7a0d507e50e080c9981230962ed36780a b/fuzz/corpora/asn1parse/c1fb56f7a0d507e50e080c9981230962ed36780a
-new file mode 100644
-index 0000000..4a97aaf
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c1fb56f7a0d507e50e080c9981230962ed36780a differ
-diff --git a/fuzz/corpora/asn1parse/c34e043fb2d6dc778cb39d7bcf0a00003bc1ffad b/fuzz/corpora/asn1parse/c34e043fb2d6dc778cb39d7bcf0a00003bc1ffad
-new file mode 100644
-index 0000000..d84fcca
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c34e043fb2d6dc778cb39d7bcf0a00003bc1ffad differ
-diff --git a/fuzz/corpora/asn1parse/c661b23b9323ff5974cf8fcd05cb93d1ec02bb73 b/fuzz/corpora/asn1parse/c661b23b9323ff5974cf8fcd05cb93d1ec02bb73
-new file mode 100644
-index 0000000..6a01221
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c661b23b9323ff5974cf8fcd05cb93d1ec02bb73 differ
-diff --git a/fuzz/corpora/asn1parse/c6cd6bcee867000f405b6cd7a12dea93bc8ddddc b/fuzz/corpora/asn1parse/c6cd6bcee867000f405b6cd7a12dea93bc8ddddc
-new file mode 100644
-index 0000000..a2b68c3
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c6cd6bcee867000f405b6cd7a12dea93bc8ddddc differ
-diff --git a/fuzz/corpora/asn1parse/c70ddebd0fe8cab2ff742841fd1464a03795e1aa b/fuzz/corpora/asn1parse/c70ddebd0fe8cab2ff742841fd1464a03795e1aa
-new file mode 100644
-index 0000000..48bf019
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c70ddebd0fe8cab2ff742841fd1464a03795e1aa differ
-diff --git a/fuzz/corpora/asn1parse/c7397cf643b59c47a4e3935087c7897b597d224d b/fuzz/corpora/asn1parse/c7397cf643b59c47a4e3935087c7897b597d224d
-new file mode 100644
-index 0000000..176b881
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c7397cf643b59c47a4e3935087c7897b597d224d differ
-diff --git a/fuzz/corpora/asn1parse/c80765af23d8b6b608b23233d4d7c4cc94f0e843 b/fuzz/corpora/asn1parse/c80765af23d8b6b608b23233d4d7c4cc94f0e843
-new file mode 100644
-index 0000000..33d8204
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c80765af23d8b6b608b23233d4d7c4cc94f0e843 differ
-diff --git a/fuzz/corpora/asn1parse/c9bfa677f6eedd01445df24beb6accc936185d04 b/fuzz/corpora/asn1parse/c9bfa677f6eedd01445df24beb6accc936185d04
-new file mode 100644
-index 0000000..1c5fbd0
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c9bfa677f6eedd01445df24beb6accc936185d04 differ
-diff --git a/fuzz/corpora/asn1parse/c9e5d4dc5af1d21b28e4e56320a539d0190d12e0 b/fuzz/corpora/asn1parse/c9e5d4dc5af1d21b28e4e56320a539d0190d12e0
-new file mode 100644
-index 0000000..825e4f9
-Binary files /dev/null and b/fuzz/corpora/asn1parse/c9e5d4dc5af1d21b28e4e56320a539d0190d12e0 differ
-diff --git a/fuzz/corpora/asn1parse/ca93cd29e3b8cd2ef0b8212cad8ddfb88e68d84a b/fuzz/corpora/asn1parse/ca93cd29e3b8cd2ef0b8212cad8ddfb88e68d84a
-new file mode 100644
-index 0000000..bc774b2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/ca93cd29e3b8cd2ef0b8212cad8ddfb88e68d84a differ
-diff --git a/fuzz/corpora/asn1parse/cb2544c29d4a507200638c248a425618c7c83097 b/fuzz/corpora/asn1parse/cb2544c29d4a507200638c248a425618c7c83097
-new file mode 100644
-index 0000000..39db605
-Binary files /dev/null and b/fuzz/corpora/asn1parse/cb2544c29d4a507200638c248a425618c7c83097 differ
-diff --git a/fuzz/corpora/asn1parse/cbc48eb474953e3ca355b613a824e17159b74818 b/fuzz/corpora/asn1parse/cbc48eb474953e3ca355b613a824e17159b74818
-new file mode 100644
-index 0000000..525353c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/cbc48eb474953e3ca355b613a824e17159b74818 differ
-diff --git a/fuzz/corpora/asn1parse/cc89dd1264c3b8cf86a8841e3103b57a16c55d44 b/fuzz/corpora/asn1parse/cc89dd1264c3b8cf86a8841e3103b57a16c55d44
-new file mode 100644
-index 0000000..7f5f2a2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/cc89dd1264c3b8cf86a8841e3103b57a16c55d44 differ
-diff --git a/fuzz/corpora/asn1parse/ce1a3befe579f9e574a80ec39316728c263b5a44 b/fuzz/corpora/asn1parse/ce1a3befe579f9e574a80ec39316728c263b5a44
-new file mode 100644
-index 0000000..749cb18
-Binary files /dev/null and b/fuzz/corpora/asn1parse/ce1a3befe579f9e574a80ec39316728c263b5a44 differ
-diff --git a/fuzz/corpora/asn1parse/cf1fa19b578b0372a429a6c231fcc36dcc2e2abf b/fuzz/corpora/asn1parse/cf1fa19b578b0372a429a6c231fcc36dcc2e2abf
-new file mode 100644
-index 0000000..7997bd2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/cf1fa19b578b0372a429a6c231fcc36dcc2e2abf differ
-diff --git a/fuzz/corpora/asn1parse/d05e7d1ca345e102e97b0c18c920b67fcef3ad5a b/fuzz/corpora/asn1parse/d05e7d1ca345e102e97b0c18c920b67fcef3ad5a
-new file mode 100644
-index 0000000..dfb0b97
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d05e7d1ca345e102e97b0c18c920b67fcef3ad5a differ
-diff --git a/fuzz/corpora/asn1parse/d0ef3bdd878fafa9d19bc76e7d37dfa0a8094a33 b/fuzz/corpora/asn1parse/d0ef3bdd878fafa9d19bc76e7d37dfa0a8094a33
-new file mode 100644
-index 0000000..eeaab6b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d0ef3bdd878fafa9d19bc76e7d37dfa0a8094a33 differ
-diff --git a/fuzz/corpora/asn1parse/d1c134f061c079584a1efc49130dedf873aadf01 b/fuzz/corpora/asn1parse/d1c134f061c079584a1efc49130dedf873aadf01
-new file mode 100644
-index 0000000..a02f87c
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d1c134f061c079584a1efc49130dedf873aadf01 differ
-diff --git a/fuzz/corpora/asn1parse/d325114f7f07668964335796c9ae574fa17bd2e6 b/fuzz/corpora/asn1parse/d325114f7f07668964335796c9ae574fa17bd2e6
-new file mode 100644
-index 0000000..12f24d8
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d325114f7f07668964335796c9ae574fa17bd2e6 differ
-diff --git a/fuzz/corpora/asn1parse/d3c705320b6a61d2ddd85a05799f4503f77a1462 b/fuzz/corpora/asn1parse/d3c705320b6a61d2ddd85a05799f4503f77a1462
-new file mode 100644
-index 0000000..59dcad7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d3c705320b6a61d2ddd85a05799f4503f77a1462 differ
-diff --git a/fuzz/corpora/asn1parse/d3de2c5c3ea9a3d245ede3e27a98e9744abf2b24 b/fuzz/corpora/asn1parse/d3de2c5c3ea9a3d245ede3e27a98e9744abf2b24
-new file mode 100644
-index 0000000..5e1c540
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d3de2c5c3ea9a3d245ede3e27a98e9744abf2b24 differ
-diff --git a/fuzz/corpora/asn1parse/d5c2424baad7cc0ef9529f352c1b6d48710a9153 b/fuzz/corpora/asn1parse/d5c2424baad7cc0ef9529f352c1b6d48710a9153
-new file mode 100644
-index 0000000..4b28da1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d5c2424baad7cc0ef9529f352c1b6d48710a9153 differ
-diff --git a/fuzz/corpora/asn1parse/d62515675a7d1ca9a406f07da79bfd82a4135019 b/fuzz/corpora/asn1parse/d62515675a7d1ca9a406f07da79bfd82a4135019
-new file mode 100644
-index 0000000..182363d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d62515675a7d1ca9a406f07da79bfd82a4135019 differ
-diff --git a/fuzz/corpora/asn1parse/d6b5cac6a02d839539c781b9274b415b66829677 b/fuzz/corpora/asn1parse/d6b5cac6a02d839539c781b9274b415b66829677
-new file mode 100644
-index 0000000..0f8cb94
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d6b5cac6a02d839539c781b9274b415b66829677 differ
-diff --git a/fuzz/corpora/asn1parse/d6ff8c6029535af58880ddfe5b25d48c4307361b b/fuzz/corpora/asn1parse/d6ff8c6029535af58880ddfe5b25d48c4307361b
-new file mode 100644
-index 0000000..dae8b96
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d6ff8c6029535af58880ddfe5b25d48c4307361b differ
-diff --git a/fuzz/corpora/asn1parse/d78473c6750bfec075d759d6d694f94e74bb037a b/fuzz/corpora/asn1parse/d78473c6750bfec075d759d6d694f94e74bb037a
-new file mode 100644
-index 0000000..3c2901a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d78473c6750bfec075d759d6d694f94e74bb037a differ
-diff --git a/fuzz/corpora/asn1parse/d7ea3792ebf29b6c61cb538016e6eaec0cf7f0ec b/fuzz/corpora/asn1parse/d7ea3792ebf29b6c61cb538016e6eaec0cf7f0ec
-new file mode 100644
-index 0000000..0b12de1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d7ea3792ebf29b6c61cb538016e6eaec0cf7f0ec differ
-diff --git a/fuzz/corpora/asn1parse/d8d104dc931ec6c660979efd1a98dbb9db181859 b/fuzz/corpora/asn1parse/d8d104dc931ec6c660979efd1a98dbb9db181859
-new file mode 100644
-index 0000000..c0c12e6
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d8d104dc931ec6c660979efd1a98dbb9db181859 differ
-diff --git a/fuzz/corpora/asn1parse/d9bd2ac70f9e3a49b6b4b6f2dc32388061164ba3 b/fuzz/corpora/asn1parse/d9bd2ac70f9e3a49b6b4b6f2dc32388061164ba3
-new file mode 100644
-index 0000000..a2f6e55
-Binary files /dev/null and b/fuzz/corpora/asn1parse/d9bd2ac70f9e3a49b6b4b6f2dc32388061164ba3 differ
-diff --git a/fuzz/corpora/asn1parse/db4d4c05ec085b7060dcecc9a5257b03310117e7 b/fuzz/corpora/asn1parse/db4d4c05ec085b7060dcecc9a5257b03310117e7
-new file mode 100644
-index 0000000..3222505
-Binary files /dev/null and b/fuzz/corpora/asn1parse/db4d4c05ec085b7060dcecc9a5257b03310117e7 differ
-diff --git a/fuzz/corpora/asn1parse/db682e28c2c97510917e3682e24571e72cc0654e b/fuzz/corpora/asn1parse/db682e28c2c97510917e3682e24571e72cc0654e
-new file mode 100644
-index 0000000..d465424
-Binary files /dev/null and b/fuzz/corpora/asn1parse/db682e28c2c97510917e3682e24571e72cc0654e differ
-diff --git a/fuzz/corpora/asn1parse/dbc2045d8f266834887df6b4efb670901988cadd b/fuzz/corpora/asn1parse/dbc2045d8f266834887df6b4efb670901988cadd
-new file mode 100644
-index 0000000..324635b
-Binary files /dev/null and b/fuzz/corpora/asn1parse/dbc2045d8f266834887df6b4efb670901988cadd differ
-diff --git a/fuzz/corpora/asn1parse/dc0c9f1f28209d6cd51220b11a6a95ecd53ffdfc b/fuzz/corpora/asn1parse/dc0c9f1f28209d6cd51220b11a6a95ecd53ffdfc
-new file mode 100644
-index 0000000..1c3926d
-Binary files /dev/null and b/fuzz/corpora/asn1parse/dc0c9f1f28209d6cd51220b11a6a95ecd53ffdfc differ
-diff --git a/fuzz/corpora/asn1parse/dc72680965866e9c1eec2c5d5b0da1449693a0af b/fuzz/corpora/asn1parse/dc72680965866e9c1eec2c5d5b0da1449693a0af
-new file mode 100644
-index 0000000..9b2f3ab
-Binary files /dev/null and b/fuzz/corpora/asn1parse/dc72680965866e9c1eec2c5d5b0da1449693a0af differ
-diff --git a/fuzz/corpora/asn1parse/dd84c88f88d5ecbe6757b75127232f057b409e9e b/fuzz/corpora/asn1parse/dd84c88f88d5ecbe6757b75127232f057b409e9e
-new file mode 100644
-index 0000000..1052a29
-Binary files /dev/null and b/fuzz/corpora/asn1parse/dd84c88f88d5ecbe6757b75127232f057b409e9e differ
-diff --git a/fuzz/corpora/asn1parse/dda067e9417c03146d10eb26773f06a0fdbc2625 b/fuzz/corpora/asn1parse/dda067e9417c03146d10eb26773f06a0fdbc2625
-new file mode 100644
-index 0000000..06be4ec
-Binary files /dev/null and b/fuzz/corpora/asn1parse/dda067e9417c03146d10eb26773f06a0fdbc2625 differ
-diff --git a/fuzz/corpora/asn1parse/de0120ee3cbff8de7f943ed3f5e7b83cad222b4f b/fuzz/corpora/asn1parse/de0120ee3cbff8de7f943ed3f5e7b83cad222b4f
-new file mode 100644
-index 0000000..84e1e1a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/de0120ee3cbff8de7f943ed3f5e7b83cad222b4f differ
-diff --git a/fuzz/corpora/asn1parse/de75408ddb2328dd29c5f219db602527cafb039d b/fuzz/corpora/asn1parse/de75408ddb2328dd29c5f219db602527cafb039d
-new file mode 100644
-index 0000000..527c014
-Binary files /dev/null and b/fuzz/corpora/asn1parse/de75408ddb2328dd29c5f219db602527cafb039d differ
-diff --git a/fuzz/corpora/asn1parse/e052451bd4b91bf815b2c4c2a3eadabe999ee07b b/fuzz/corpora/asn1parse/e052451bd4b91bf815b2c4c2a3eadabe999ee07b
-new file mode 100644
-index 0000000..1a4ff86
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e052451bd4b91bf815b2c4c2a3eadabe999ee07b differ
-diff --git a/fuzz/corpora/asn1parse/e06dd0a39567d3a5ba9288c6e958bbce567a1f5b b/fuzz/corpora/asn1parse/e06dd0a39567d3a5ba9288c6e958bbce567a1f5b
-new file mode 100644
-index 0000000..25ece56
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e06dd0a39567d3a5ba9288c6e958bbce567a1f5b differ
-diff --git a/fuzz/corpora/asn1parse/e119fba6065c6b714fe5e15437e20070fc0341c6 b/fuzz/corpora/asn1parse/e119fba6065c6b714fe5e15437e20070fc0341c6
-new file mode 100644
-index 0000000..2b92ade
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e119fba6065c6b714fe5e15437e20070fc0341c6 differ
-diff --git a/fuzz/corpora/asn1parse/e3653b46b62553713990252d2975926ccc0eb315 b/fuzz/corpora/asn1parse/e3653b46b62553713990252d2975926ccc0eb315
-new file mode 100644
-index 0000000..7269e74
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e3653b46b62553713990252d2975926ccc0eb315 differ
-diff --git a/fuzz/corpora/asn1parse/e3a8a45a6e86523a21a6f1b36343c2a3929830ea b/fuzz/corpora/asn1parse/e3a8a45a6e86523a21a6f1b36343c2a3929830ea
-new file mode 100644
-index 0000000..1803192
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e3a8a45a6e86523a21a6f1b36343c2a3929830ea differ
-diff --git a/fuzz/corpora/asn1parse/e3e5c7816d86fddd40ea63962f5cc22a78464abf b/fuzz/corpora/asn1parse/e3e5c7816d86fddd40ea63962f5cc22a78464abf
-new file mode 100644
-index 0000000..2e1e8ee
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e3e5c7816d86fddd40ea63962f5cc22a78464abf differ
-diff --git a/fuzz/corpora/asn1parse/e449746789369ea8094ff0d19fe6461d268c84e7 b/fuzz/corpora/asn1parse/e449746789369ea8094ff0d19fe6461d268c84e7
-new file mode 100644
-index 0000000..8d0f898
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e449746789369ea8094ff0d19fe6461d268c84e7 differ
-diff --git a/fuzz/corpora/asn1parse/e4602e7fe47f937a575cdda313094655813480fe b/fuzz/corpora/asn1parse/e4602e7fe47f937a575cdda313094655813480fe
-new file mode 100644
-index 0000000..f976e32
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e4602e7fe47f937a575cdda313094655813480fe differ
-diff --git a/fuzz/corpora/asn1parse/e64dae6abc50fb5c785f8f890a324c76f591aab0 b/fuzz/corpora/asn1parse/e64dae6abc50fb5c785f8f890a324c76f591aab0
-new file mode 100644
-index 0000000..02da766
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e64dae6abc50fb5c785f8f890a324c76f591aab0 differ
-diff --git a/fuzz/corpora/asn1parse/e87fcf809567c9f4cb90fbe17162222eb58226db b/fuzz/corpora/asn1parse/e87fcf809567c9f4cb90fbe17162222eb58226db
-new file mode 100644
-index 0000000..87be267
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e87fcf809567c9f4cb90fbe17162222eb58226db differ
-diff --git a/fuzz/corpora/asn1parse/e94941b8a0c138224c4e9e1864bc09f4a13710bf b/fuzz/corpora/asn1parse/e94941b8a0c138224c4e9e1864bc09f4a13710bf
-new file mode 100644
-index 0000000..1d44df4
-Binary files /dev/null and b/fuzz/corpora/asn1parse/e94941b8a0c138224c4e9e1864bc09f4a13710bf differ
-diff --git a/fuzz/corpora/asn1parse/eadd30308315c67abc51398d404f8f37e11b8940 b/fuzz/corpora/asn1parse/eadd30308315c67abc51398d404f8f37e11b8940
-new file mode 100644
-index 0000000..941a1eb
-Binary files /dev/null and b/fuzz/corpora/asn1parse/eadd30308315c67abc51398d404f8f37e11b8940 differ
-diff --git a/fuzz/corpora/asn1parse/f05d4ba00c4c2e50589afdf0539c6e5aa8370e69 b/fuzz/corpora/asn1parse/f05d4ba00c4c2e50589afdf0539c6e5aa8370e69
-new file mode 100644
-index 0000000..d043717
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f05d4ba00c4c2e50589afdf0539c6e5aa8370e69 differ
-diff --git a/fuzz/corpora/asn1parse/f1a1ae42abd12b44b31e44645dc31255a6a4d140 b/fuzz/corpora/asn1parse/f1a1ae42abd12b44b31e44645dc31255a6a4d140
-new file mode 100644
-index 0000000..dde9ed5
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f1a1ae42abd12b44b31e44645dc31255a6a4d140 differ
-diff --git a/fuzz/corpora/asn1parse/f279f3c49614f5370f3bba1abbf8ca89a317c7c5 b/fuzz/corpora/asn1parse/f279f3c49614f5370f3bba1abbf8ca89a317c7c5
-new file mode 100644
-index 0000000..f5b22a2
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f279f3c49614f5370f3bba1abbf8ca89a317c7c5 differ
-diff --git a/fuzz/corpora/asn1parse/f32ad7ad48ef28d6a43fa2ec9cc65d06d25865bb b/fuzz/corpora/asn1parse/f32ad7ad48ef28d6a43fa2ec9cc65d06d25865bb
-new file mode 100644
-index 0000000..fa91772
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f32ad7ad48ef28d6a43fa2ec9cc65d06d25865bb differ
-diff --git a/fuzz/corpora/asn1parse/f3864c3f23afdbf3273e55df98acce93b59279b5 b/fuzz/corpora/asn1parse/f3864c3f23afdbf3273e55df98acce93b59279b5
-new file mode 100644
-index 0000000..38b78b1
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f3864c3f23afdbf3273e55df98acce93b59279b5 differ
-diff --git a/fuzz/corpora/asn1parse/f4f704f7d91a0f0559d12885d30bd634c623df5d b/fuzz/corpora/asn1parse/f4f704f7d91a0f0559d12885d30bd634c623df5d
-new file mode 100644
-index 0000000..6ac17fa
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f4f704f7d91a0f0559d12885d30bd634c623df5d differ
-diff --git a/fuzz/corpora/asn1parse/f514913b79fdad5b752fa7d3254d7bddac4af52f b/fuzz/corpora/asn1parse/f514913b79fdad5b752fa7d3254d7bddac4af52f
-new file mode 100644
-index 0000000..a8f3b3a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f514913b79fdad5b752fa7d3254d7bddac4af52f differ
-diff --git a/fuzz/corpora/asn1parse/f6cb56d79acb8d557dd3016eccc70f693b30e4af b/fuzz/corpora/asn1parse/f6cb56d79acb8d557dd3016eccc70f693b30e4af
-new file mode 100644
-index 0000000..5099c53
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f6cb56d79acb8d557dd3016eccc70f693b30e4af differ
-diff --git a/fuzz/corpora/asn1parse/f7ebb3f54a3cbbe0d0ca7522edfb2275b0ae37b2 b/fuzz/corpora/asn1parse/f7ebb3f54a3cbbe0d0ca7522edfb2275b0ae37b2
-new file mode 100644
-index 0000000..52d45b8
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f7ebb3f54a3cbbe0d0ca7522edfb2275b0ae37b2 differ
-diff --git a/fuzz/corpora/asn1parse/f934d75808ba8d45653fd499ab221366fa2a2c35 b/fuzz/corpora/asn1parse/f934d75808ba8d45653fd499ab221366fa2a2c35
-new file mode 100644
-index 0000000..5c519f7
-Binary files /dev/null and b/fuzz/corpora/asn1parse/f934d75808ba8d45653fd499ab221366fa2a2c35 differ
-diff --git a/fuzz/corpora/asn1parse/fa89079c59d40b65bcf3935c5e114c0d8d1624a5 b/fuzz/corpora/asn1parse/fa89079c59d40b65bcf3935c5e114c0d8d1624a5
-new file mode 100644
-index 0000000..8667c23a
-Binary files /dev/null and b/fuzz/corpora/asn1parse/fa89079c59d40b65bcf3935c5e114c0d8d1624a5 differ
-diff --git a/fuzz/corpora/asn1parse/fc6767fecf63ff0252dd055ddd148f3c9b175fbc b/fuzz/corpora/asn1parse/fc6767fecf63ff0252dd055ddd148f3c9b175fbc
-new file mode 100644
-index 0000000..6375dab
-Binary files /dev/null and b/fuzz/corpora/asn1parse/fc6767fecf63ff0252dd055ddd148f3c9b175fbc differ
-diff --git a/fuzz/corpora/bignum/01b7fc31773cc20d538c37e8b7e443845851f927 b/fuzz/corpora/bignum/01b7fc31773cc20d538c37e8b7e443845851f927
-new file mode 100644
-index 0000000..9a65919
-Binary files /dev/null and b/fuzz/corpora/bignum/01b7fc31773cc20d538c37e8b7e443845851f927 differ
-diff --git a/fuzz/corpora/bignum/01cfdbae280be58731260e0b5e48baca4998cc2d b/fuzz/corpora/bignum/01cfdbae280be58731260e0b5e48baca4998cc2d
-new file mode 100644
-index 0000000..14a10a1
-Binary files /dev/null and b/fuzz/corpora/bignum/01cfdbae280be58731260e0b5e48baca4998cc2d differ
-diff --git a/fuzz/corpora/bignum/02d1f98307ef9e3e2e735fbab9a513018c830a49 b/fuzz/corpora/bignum/02d1f98307ef9e3e2e735fbab9a513018c830a49
-new file mode 100644
-index 0000000..2c1a3b0
-Binary files /dev/null and b/fuzz/corpora/bignum/02d1f98307ef9e3e2e735fbab9a513018c830a49 differ
-diff --git a/fuzz/corpora/bignum/0417bf46358c09a83fcb0349f7fbc2993615fd88 b/fuzz/corpora/bignum/0417bf46358c09a83fcb0349f7fbc2993615fd88
-new file mode 100644
-index 0000000..c5a53ea
-Binary files /dev/null and b/fuzz/corpora/bignum/0417bf46358c09a83fcb0349f7fbc2993615fd88 differ
-diff --git a/fuzz/corpora/bignum/042a5e464b4433641f400b71ae0b797434205c9b b/fuzz/corpora/bignum/042a5e464b4433641f400b71ae0b797434205c9b
-new file mode 100644
-index 0000000..c055d1e
-Binary files /dev/null and b/fuzz/corpora/bignum/042a5e464b4433641f400b71ae0b797434205c9b differ
-diff --git a/fuzz/corpora/bignum/049d9f8110611ec40b1717abdcaf3f35a15feb49 b/fuzz/corpora/bignum/049d9f8110611ec40b1717abdcaf3f35a15feb49
-new file mode 100644
-index 0000000..46f9e5f
-Binary files /dev/null and b/fuzz/corpora/bignum/049d9f8110611ec40b1717abdcaf3f35a15feb49 differ
-diff --git a/fuzz/corpora/bignum/04e3682a99d151d4c93c247e93755881e363f449 b/fuzz/corpora/bignum/04e3682a99d151d4c93c247e93755881e363f449
-new file mode 100644
-index 0000000..f2f7969
-Binary files /dev/null and b/fuzz/corpora/bignum/04e3682a99d151d4c93c247e93755881e363f449 differ
-diff --git a/fuzz/corpora/bignum/0585cbb7cb87cce39dbaa5e4f963db973f68d0bf b/fuzz/corpora/bignum/0585cbb7cb87cce39dbaa5e4f963db973f68d0bf
-new file mode 100644
-index 0000000..11ffb8c
-Binary files /dev/null and b/fuzz/corpora/bignum/0585cbb7cb87cce39dbaa5e4f963db973f68d0bf differ
-diff --git a/fuzz/corpora/bignum/067e9104675177fd538bf19e654d5a3c09f3ab34 b/fuzz/corpora/bignum/067e9104675177fd538bf19e654d5a3c09f3ab34
-new file mode 100644
-index 0000000..95dbf5f
-Binary files /dev/null and b/fuzz/corpora/bignum/067e9104675177fd538bf19e654d5a3c09f3ab34 differ
-diff --git a/fuzz/corpora/bignum/06e60ad985fbc2c7b51645f5fbaa371b0ed2f394 b/fuzz/corpora/bignum/06e60ad985fbc2c7b51645f5fbaa371b0ed2f394
-new file mode 100644
-index 0000000..6233ac7
-Binary files /dev/null and b/fuzz/corpora/bignum/06e60ad985fbc2c7b51645f5fbaa371b0ed2f394 differ
-diff --git a/fuzz/corpora/bignum/074a34a36fac4d252251a543a2b0fdbcb2acbe22 b/fuzz/corpora/bignum/074a34a36fac4d252251a543a2b0fdbcb2acbe22
-new file mode 100644
-index 0000000..65eea45
-Binary files /dev/null and b/fuzz/corpora/bignum/074a34a36fac4d252251a543a2b0fdbcb2acbe22 differ
-diff --git a/fuzz/corpora/bignum/097b2876b740f095a2e928d296568185e34f7a50 b/fuzz/corpora/bignum/097b2876b740f095a2e928d296568185e34f7a50
-new file mode 100644
-index 0000000..4df5329
-Binary files /dev/null and b/fuzz/corpora/bignum/097b2876b740f095a2e928d296568185e34f7a50 differ
-diff --git a/fuzz/corpora/bignum/0a2224bc6f250eefc4187abbe7bd8f62778ef85e b/fuzz/corpora/bignum/0a2224bc6f250eefc4187abbe7bd8f62778ef85e
-new file mode 100644
-index 0000000..e615fde
-Binary files /dev/null and b/fuzz/corpora/bignum/0a2224bc6f250eefc4187abbe7bd8f62778ef85e differ
-diff --git a/fuzz/corpora/bignum/0a4a65641c3137944451010dbcbb36decca62923 b/fuzz/corpora/bignum/0a4a65641c3137944451010dbcbb36decca62923
-new file mode 100644
-index 0000000..bb8a3ec
-Binary files /dev/null and b/fuzz/corpora/bignum/0a4a65641c3137944451010dbcbb36decca62923 differ
-diff --git a/fuzz/corpora/bignum/0ac3a247cd0051a4faa84fd317b52e467e3ec5ba b/fuzz/corpora/bignum/0ac3a247cd0051a4faa84fd317b52e467e3ec5ba
-new file mode 100644
-index 0000000..5343a32
-Binary files /dev/null and b/fuzz/corpora/bignum/0ac3a247cd0051a4faa84fd317b52e467e3ec5ba differ
-diff --git a/fuzz/corpora/bignum/0b0edb3b41f23e1a6f6ade02ee74f476a63ac140 b/fuzz/corpora/bignum/0b0edb3b41f23e1a6f6ade02ee74f476a63ac140
-new file mode 100644
-index 0000000..22d0804
-Binary files /dev/null and b/fuzz/corpora/bignum/0b0edb3b41f23e1a6f6ade02ee74f476a63ac140 differ
-diff --git a/fuzz/corpora/bignum/0c41747aa58690dd7ffdd1b14686e62f0a4411b2 b/fuzz/corpora/bignum/0c41747aa58690dd7ffdd1b14686e62f0a4411b2
-new file mode 100644
-index 0000000..87c04b1
-Binary files /dev/null and b/fuzz/corpora/bignum/0c41747aa58690dd7ffdd1b14686e62f0a4411b2 differ
-diff --git a/fuzz/corpora/bignum/0da7e2090e1b8744018995800351776d9cd8d0f0 b/fuzz/corpora/bignum/0da7e2090e1b8744018995800351776d9cd8d0f0
-new file mode 100644
-index 0000000..107e51c
-Binary files /dev/null and b/fuzz/corpora/bignum/0da7e2090e1b8744018995800351776d9cd8d0f0 differ
-diff --git a/fuzz/corpora/bignum/0e13483ea0f221d089ffcbe1f73e7f618c0a4a98 b/fuzz/corpora/bignum/0e13483ea0f221d089ffcbe1f73e7f618c0a4a98
-new file mode 100644
-index 0000000..02b0598
-Binary files /dev/null and b/fuzz/corpora/bignum/0e13483ea0f221d089ffcbe1f73e7f618c0a4a98 differ
-diff --git a/fuzz/corpora/bignum/0f1d22d0049fa05be3697fb5fb824dda3591df64 b/fuzz/corpora/bignum/0f1d22d0049fa05be3697fb5fb824dda3591df64
-new file mode 100644
-index 0000000..94c6879
-Binary files /dev/null and b/fuzz/corpora/bignum/0f1d22d0049fa05be3697fb5fb824dda3591df64 differ
-diff --git a/fuzz/corpora/bignum/109b77cf4044da81cc67b7172d943fabec37ac70 b/fuzz/corpora/bignum/109b77cf4044da81cc67b7172d943fabec37ac70
-new file mode 100644
-index 0000000..0e518b6
-Binary files /dev/null and b/fuzz/corpora/bignum/109b77cf4044da81cc67b7172d943fabec37ac70 differ
-diff --git a/fuzz/corpora/bignum/1129623d6f7314caf04ef1baa7e2dc24623cb93c b/fuzz/corpora/bignum/1129623d6f7314caf04ef1baa7e2dc24623cb93c
-new file mode 100644
-index 0000000..43d5bac
-Binary files /dev/null and b/fuzz/corpora/bignum/1129623d6f7314caf04ef1baa7e2dc24623cb93c differ
-diff --git a/fuzz/corpora/bignum/116e6caac2ace207f895d9c9e8e2d520b54f35cf b/fuzz/corpora/bignum/116e6caac2ace207f895d9c9e8e2d520b54f35cf
-new file mode 100644
-index 0000000..7c00cff
-Binary files /dev/null and b/fuzz/corpora/bignum/116e6caac2ace207f895d9c9e8e2d520b54f35cf differ
-diff --git a/fuzz/corpora/bignum/11e957b9bf43166e4b676995eb02eab38c23e396 b/fuzz/corpora/bignum/11e957b9bf43166e4b676995eb02eab38c23e396
-new file mode 100644
-index 0000000..758e96d
-Binary files /dev/null and b/fuzz/corpora/bignum/11e957b9bf43166e4b676995eb02eab38c23e396 differ
-diff --git a/fuzz/corpora/bignum/12e8abf2f756305e336e8c9e958cb92aa11e3457 b/fuzz/corpora/bignum/12e8abf2f756305e336e8c9e958cb92aa11e3457
-new file mode 100644
-index 0000000..f077992
-Binary files /dev/null and b/fuzz/corpora/bignum/12e8abf2f756305e336e8c9e958cb92aa11e3457 differ
-diff --git a/fuzz/corpora/bignum/1368ec0f31248b6066cc6d762ae884c9860490fb b/fuzz/corpora/bignum/1368ec0f31248b6066cc6d762ae884c9860490fb
-new file mode 100644
-index 0000000..0d655a4
-Binary files /dev/null and b/fuzz/corpora/bignum/1368ec0f31248b6066cc6d762ae884c9860490fb differ
-diff --git a/fuzz/corpora/bignum/14604c5374acb8c0155a84a2725b24e8cff1b18a b/fuzz/corpora/bignum/14604c5374acb8c0155a84a2725b24e8cff1b18a
-new file mode 100644
-index 0000000..a5717d2
-Binary files /dev/null and b/fuzz/corpora/bignum/14604c5374acb8c0155a84a2725b24e8cff1b18a differ
-diff --git a/fuzz/corpora/bignum/14a08ecb901485cebb829ca3e6c04895b911b5d8 b/fuzz/corpora/bignum/14a08ecb901485cebb829ca3e6c04895b911b5d8
-new file mode 100644
-index 0000000..da4d6b2
-Binary files /dev/null and b/fuzz/corpora/bignum/14a08ecb901485cebb829ca3e6c04895b911b5d8 differ
-diff --git a/fuzz/corpora/bignum/14a8c3b5add36b2ba5fdf47b25bea3b5d41cbf93 b/fuzz/corpora/bignum/14a8c3b5add36b2ba5fdf47b25bea3b5d41cbf93
-new file mode 100644
-index 0000000..c6da844
-Binary files /dev/null and b/fuzz/corpora/bignum/14a8c3b5add36b2ba5fdf47b25bea3b5d41cbf93 differ
-diff --git a/fuzz/corpora/bignum/17c3e31d4467ae8a632544d9e0731c2bd23fc597 b/fuzz/corpora/bignum/17c3e31d4467ae8a632544d9e0731c2bd23fc597
-new file mode 100644
-index 0000000..64b0dde
-Binary files /dev/null and b/fuzz/corpora/bignum/17c3e31d4467ae8a632544d9e0731c2bd23fc597 differ
-diff --git a/fuzz/corpora/bignum/17fcd7c00609afee40d187d3085358b5feb5e519 b/fuzz/corpora/bignum/17fcd7c00609afee40d187d3085358b5feb5e519
-new file mode 100644
-index 0000000..482bbec
-Binary files /dev/null and b/fuzz/corpora/bignum/17fcd7c00609afee40d187d3085358b5feb5e519 differ
-diff --git a/fuzz/corpora/bignum/1875fc6dd4ca6b01e1a4276460f465efd3f074bf b/fuzz/corpora/bignum/1875fc6dd4ca6b01e1a4276460f465efd3f074bf
-new file mode 100644
-index 0000000..abc56c3
-Binary files /dev/null and b/fuzz/corpora/bignum/1875fc6dd4ca6b01e1a4276460f465efd3f074bf differ
-diff --git a/fuzz/corpora/bignum/18bea75b3872962de874a0f798d41fe2626fc2eb b/fuzz/corpora/bignum/18bea75b3872962de874a0f798d41fe2626fc2eb
-new file mode 100644
-index 0000000..04e9e2c
-Binary files /dev/null and b/fuzz/corpora/bignum/18bea75b3872962de874a0f798d41fe2626fc2eb differ
-diff --git a/fuzz/corpora/bignum/18fed6144f45894eda63a3de4808f66823ca253a b/fuzz/corpora/bignum/18fed6144f45894eda63a3de4808f66823ca253a
-new file mode 100644
-index 0000000..5f1901b
-Binary files /dev/null and b/fuzz/corpora/bignum/18fed6144f45894eda63a3de4808f66823ca253a differ
-diff --git a/fuzz/corpora/bignum/197bbea0fea8cafa9eb72abecafcd74316bf8d5c b/fuzz/corpora/bignum/197bbea0fea8cafa9eb72abecafcd74316bf8d5c
-new file mode 100644
-index 0000000..e7ccbf3
-Binary files /dev/null and b/fuzz/corpora/bignum/197bbea0fea8cafa9eb72abecafcd74316bf8d5c differ
-diff --git a/fuzz/corpora/bignum/19964e1eb90a95ce75f48405a47125e9ca80771c b/fuzz/corpora/bignum/19964e1eb90a95ce75f48405a47125e9ca80771c
-new file mode 100644
-index 0000000..9c6eea0
-Binary files /dev/null and b/fuzz/corpora/bignum/19964e1eb90a95ce75f48405a47125e9ca80771c differ
-diff --git a/fuzz/corpora/bignum/1a1a9717a96bffcb61e1d349fee17d074bb7796a b/fuzz/corpora/bignum/1a1a9717a96bffcb61e1d349fee17d074bb7796a
-new file mode 100644
-index 0000000..dafba2f
-Binary files /dev/null and b/fuzz/corpora/bignum/1a1a9717a96bffcb61e1d349fee17d074bb7796a differ
-diff --git a/fuzz/corpora/bignum/1acdf66acba7eb415911011a0637771b5c0b2a35 b/fuzz/corpora/bignum/1acdf66acba7eb415911011a0637771b5c0b2a35
-new file mode 100644
-index 0000000..317f32f
-Binary files /dev/null and b/fuzz/corpora/bignum/1acdf66acba7eb415911011a0637771b5c0b2a35 differ
-diff --git a/fuzz/corpora/bignum/1adf9e45104072a00f3d0a684f16c164e446805b b/fuzz/corpora/bignum/1adf9e45104072a00f3d0a684f16c164e446805b
-new file mode 100644
-index 0000000..c2fe44a
-Binary files /dev/null and b/fuzz/corpora/bignum/1adf9e45104072a00f3d0a684f16c164e446805b differ
-diff --git a/fuzz/corpora/bignum/1afc4bb08e1c62f5a472a55132e02760e2ca7ea8 b/fuzz/corpora/bignum/1afc4bb08e1c62f5a472a55132e02760e2ca7ea8
-new file mode 100644
-index 0000000..c5df3e0
-Binary files /dev/null and b/fuzz/corpora/bignum/1afc4bb08e1c62f5a472a55132e02760e2ca7ea8 differ
-diff --git a/fuzz/corpora/bignum/1b63f1c99613a491251df22962a347fadcb25380 b/fuzz/corpora/bignum/1b63f1c99613a491251df22962a347fadcb25380
-new file mode 100644
-index 0000000..79bab22
-Binary files /dev/null and b/fuzz/corpora/bignum/1b63f1c99613a491251df22962a347fadcb25380 differ
-diff --git a/fuzz/corpora/bignum/1b9790b42a761831ab4922da1e7628fc9f9e6c53 b/fuzz/corpora/bignum/1b9790b42a761831ab4922da1e7628fc9f9e6c53
-new file mode 100644
-index 0000000..c284292
-Binary files /dev/null and b/fuzz/corpora/bignum/1b9790b42a761831ab4922da1e7628fc9f9e6c53 differ
-diff --git a/fuzz/corpora/bignum/1bb831ff3de3773c8cfd33de2dbfc5fd84c8f2cc b/fuzz/corpora/bignum/1bb831ff3de3773c8cfd33de2dbfc5fd84c8f2cc
-new file mode 100644
-index 0000000..38f77f7
-Binary files /dev/null and b/fuzz/corpora/bignum/1bb831ff3de3773c8cfd33de2dbfc5fd84c8f2cc differ
-diff --git a/fuzz/corpora/bignum/1d4ec214cb15ff71d261ad22c70c715f8006d316 b/fuzz/corpora/bignum/1d4ec214cb15ff71d261ad22c70c715f8006d316
-new file mode 100644
-index 0000000..ddef7ec
-Binary files /dev/null and b/fuzz/corpora/bignum/1d4ec214cb15ff71d261ad22c70c715f8006d316 differ
-diff --git a/fuzz/corpora/bignum/1e488bac6ca6ee846c0e02f279694f74bd412655 b/fuzz/corpora/bignum/1e488bac6ca6ee846c0e02f279694f74bd412655
-new file mode 100644
-index 0000000..7aa5277
-Binary files /dev/null and b/fuzz/corpora/bignum/1e488bac6ca6ee846c0e02f279694f74bd412655 differ
-diff --git a/fuzz/corpora/bignum/1e878bb2aa4a7a2a25a842e73693b08bfe4ad7dd b/fuzz/corpora/bignum/1e878bb2aa4a7a2a25a842e73693b08bfe4ad7dd
-new file mode 100644
-index 0000000..3caebca
-Binary files /dev/null and b/fuzz/corpora/bignum/1e878bb2aa4a7a2a25a842e73693b08bfe4ad7dd differ
-diff --git a/fuzz/corpora/bignum/1f34705cb47b0eac9429c44a63d3d13f6056a26c b/fuzz/corpora/bignum/1f34705cb47b0eac9429c44a63d3d13f6056a26c
-new file mode 100644
-index 0000000..4837f4b
-Binary files /dev/null and b/fuzz/corpora/bignum/1f34705cb47b0eac9429c44a63d3d13f6056a26c differ
-diff --git a/fuzz/corpora/bignum/20777f2cf8e03ce7a9e3cebc56c30ce0c662fb60 b/fuzz/corpora/bignum/20777f2cf8e03ce7a9e3cebc56c30ce0c662fb60
-new file mode 100644
-index 0000000..d67dcba
-Binary files /dev/null and b/fuzz/corpora/bignum/20777f2cf8e03ce7a9e3cebc56c30ce0c662fb60 differ
-diff --git a/fuzz/corpora/bignum/20c0d2fbdfc2fa355bad3bad88cc659cda4a93bc b/fuzz/corpora/bignum/20c0d2fbdfc2fa355bad3bad88cc659cda4a93bc
-new file mode 100644
-index 0000000..fbd4ddd
-Binary files /dev/null and b/fuzz/corpora/bignum/20c0d2fbdfc2fa355bad3bad88cc659cda4a93bc differ
-diff --git a/fuzz/corpora/bignum/21383a2d614a1f1a7cbea6b6da6db44ee374cf41 b/fuzz/corpora/bignum/21383a2d614a1f1a7cbea6b6da6db44ee374cf41
-new file mode 100644
-index 0000000..efd849c
-Binary files /dev/null and b/fuzz/corpora/bignum/21383a2d614a1f1a7cbea6b6da6db44ee374cf41 differ
-diff --git a/fuzz/corpora/bignum/2415d9ddfb5604ce9a9813949e449ee4bd74953f b/fuzz/corpora/bignum/2415d9ddfb5604ce9a9813949e449ee4bd74953f
-new file mode 100644
-index 0000000..2b00097
-Binary files /dev/null and b/fuzz/corpora/bignum/2415d9ddfb5604ce9a9813949e449ee4bd74953f differ
-diff --git a/fuzz/corpora/bignum/24bc38ab6a3d3ba02ffddd687df856076841ce37 b/fuzz/corpora/bignum/24bc38ab6a3d3ba02ffddd687df856076841ce37
-new file mode 100644
-index 0000000..b567965
-Binary files /dev/null and b/fuzz/corpora/bignum/24bc38ab6a3d3ba02ffddd687df856076841ce37 differ
-diff --git a/fuzz/corpora/bignum/2542e7a7df03c1076071c03f4b5e49048f411e0a b/fuzz/corpora/bignum/2542e7a7df03c1076071c03f4b5e49048f411e0a
-new file mode 100644
-index 0000000..3b59799
-Binary files /dev/null and b/fuzz/corpora/bignum/2542e7a7df03c1076071c03f4b5e49048f411e0a differ
-diff --git a/fuzz/corpora/bignum/26e3b5c343880cb49f8840c0a64248529f72dc39 b/fuzz/corpora/bignum/26e3b5c343880cb49f8840c0a64248529f72dc39
-new file mode 100644
-index 0000000..879eefd
-Binary files /dev/null and b/fuzz/corpora/bignum/26e3b5c343880cb49f8840c0a64248529f72dc39 differ
-diff --git a/fuzz/corpora/bignum/2759809e2093df495e3df53874efa6309980d2aa b/fuzz/corpora/bignum/2759809e2093df495e3df53874efa6309980d2aa
-new file mode 100644
-index 0000000..1196cfe
-Binary files /dev/null and b/fuzz/corpora/bignum/2759809e2093df495e3df53874efa6309980d2aa differ
-diff --git a/fuzz/corpora/bignum/2766d9181e2a1c64f8da9ac0d124e05e4785d13c b/fuzz/corpora/bignum/2766d9181e2a1c64f8da9ac0d124e05e4785d13c
-new file mode 100644
-index 0000000..b331daf
-Binary files /dev/null and b/fuzz/corpora/bignum/2766d9181e2a1c64f8da9ac0d124e05e4785d13c differ
-diff --git a/fuzz/corpora/bignum/27c315147cfd907bf5292c7dc72eb05cbdf23bb8 b/fuzz/corpora/bignum/27c315147cfd907bf5292c7dc72eb05cbdf23bb8
-new file mode 100644
-index 0000000..e37b4e0
-Binary files /dev/null and b/fuzz/corpora/bignum/27c315147cfd907bf5292c7dc72eb05cbdf23bb8 differ
-diff --git a/fuzz/corpora/bignum/27dba527829b91d79c47157fc30f053c20c90b6b b/fuzz/corpora/bignum/27dba527829b91d79c47157fc30f053c20c90b6b
-new file mode 100644
-index 0000000..33955c0
-Binary files /dev/null and b/fuzz/corpora/bignum/27dba527829b91d79c47157fc30f053c20c90b6b differ
-diff --git a/fuzz/corpora/bignum/2815c2bef3538048839c53bbf51d7127f2ac327d b/fuzz/corpora/bignum/2815c2bef3538048839c53bbf51d7127f2ac327d
-new file mode 100644
-index 0000000..68aa7b2
-Binary files /dev/null and b/fuzz/corpora/bignum/2815c2bef3538048839c53bbf51d7127f2ac327d differ
-diff --git a/fuzz/corpora/bignum/2992b4067c1f29b093bbfa97c6c59c022de83fa5 b/fuzz/corpora/bignum/2992b4067c1f29b093bbfa97c6c59c022de83fa5
-new file mode 100644
-index 0000000..15635e7
-Binary files /dev/null and b/fuzz/corpora/bignum/2992b4067c1f29b093bbfa97c6c59c022de83fa5 differ
-diff --git a/fuzz/corpora/bignum/29d8ec9adae27883e9efcf2f548ad7d3a4e8f976 b/fuzz/corpora/bignum/29d8ec9adae27883e9efcf2f548ad7d3a4e8f976
-new file mode 100644
-index 0000000..1b7d19e
-Binary files /dev/null and b/fuzz/corpora/bignum/29d8ec9adae27883e9efcf2f548ad7d3a4e8f976 differ
-diff --git a/fuzz/corpora/bignum/2a553f6d68c98e776d9b9e846f341ecd373c59b0 b/fuzz/corpora/bignum/2a553f6d68c98e776d9b9e846f341ecd373c59b0
-new file mode 100644
-index 0000000..1e8c4e1
-Binary files /dev/null and b/fuzz/corpora/bignum/2a553f6d68c98e776d9b9e846f341ecd373c59b0 differ
-diff --git a/fuzz/corpora/bignum/2ad73d503a1b44169940e41c00064ec1fabad324 b/fuzz/corpora/bignum/2ad73d503a1b44169940e41c00064ec1fabad324
-new file mode 100644
-index 0000000..90e935f
-Binary files /dev/null and b/fuzz/corpora/bignum/2ad73d503a1b44169940e41c00064ec1fabad324 differ
-diff --git a/fuzz/corpora/bignum/2c135b2209f97f5cbb4582ece40ee0eda9497b96 b/fuzz/corpora/bignum/2c135b2209f97f5cbb4582ece40ee0eda9497b96
-new file mode 100644
-index 0000000..2f69bbc
-Binary files /dev/null and b/fuzz/corpora/bignum/2c135b2209f97f5cbb4582ece40ee0eda9497b96 differ
-diff --git a/fuzz/corpora/bignum/2d00dc09fa2e4eeb8faac6f9a8945a81835b1013 b/fuzz/corpora/bignum/2d00dc09fa2e4eeb8faac6f9a8945a81835b1013
-new file mode 100644
-index 0000000..ebbbcb1
-Binary files /dev/null and b/fuzz/corpora/bignum/2d00dc09fa2e4eeb8faac6f9a8945a81835b1013 differ
-diff --git a/fuzz/corpora/bignum/2f069b404f7bfa671367d5e4bd6ab3bd7e06d4ab b/fuzz/corpora/bignum/2f069b404f7bfa671367d5e4bd6ab3bd7e06d4ab
-new file mode 100644
-index 0000000..9dc24fe
-Binary files /dev/null and b/fuzz/corpora/bignum/2f069b404f7bfa671367d5e4bd6ab3bd7e06d4ab differ
-diff --git a/fuzz/corpora/bignum/31a46c8e07ad1404d8ff1542b5fb13e2b2bd227e b/fuzz/corpora/bignum/31a46c8e07ad1404d8ff1542b5fb13e2b2bd227e
-new file mode 100644
-index 0000000..6d0a55f
-Binary files /dev/null and b/fuzz/corpora/bignum/31a46c8e07ad1404d8ff1542b5fb13e2b2bd227e differ
-diff --git a/fuzz/corpora/bignum/34818b44af1fb82b0e35579a473105970a1ad10f b/fuzz/corpora/bignum/34818b44af1fb82b0e35579a473105970a1ad10f
-new file mode 100644
-index 0000000..ea22ba9
-Binary files /dev/null and b/fuzz/corpora/bignum/34818b44af1fb82b0e35579a473105970a1ad10f differ
-diff --git a/fuzz/corpora/bignum/350357be2ddcd9156d2815fa704ce76f0bcbc099 b/fuzz/corpora/bignum/350357be2ddcd9156d2815fa704ce76f0bcbc099
-new file mode 100644
-index 0000000..7361daf
-Binary files /dev/null and b/fuzz/corpora/bignum/350357be2ddcd9156d2815fa704ce76f0bcbc099 differ
-diff --git a/fuzz/corpora/bignum/3510b1f19f65a429749cb07c798e7471265695d7 b/fuzz/corpora/bignum/3510b1f19f65a429749cb07c798e7471265695d7
-new file mode 100644
-index 0000000..362df8c
-Binary files /dev/null and b/fuzz/corpora/bignum/3510b1f19f65a429749cb07c798e7471265695d7 differ
-diff --git a/fuzz/corpora/bignum/35c62ca19d6c3b574802a4b680043996487efd93 b/fuzz/corpora/bignum/35c62ca19d6c3b574802a4b680043996487efd93
-new file mode 100644
-index 0000000..23abf51
-Binary files /dev/null and b/fuzz/corpora/bignum/35c62ca19d6c3b574802a4b680043996487efd93 differ
-diff --git a/fuzz/corpora/bignum/3724c0ac79c28e5376604f5fcd103dfd87e9d0fd b/fuzz/corpora/bignum/3724c0ac79c28e5376604f5fcd103dfd87e9d0fd
-new file mode 100644
-index 0000000..c83d7aa
-Binary files /dev/null and b/fuzz/corpora/bignum/3724c0ac79c28e5376604f5fcd103dfd87e9d0fd differ
-diff --git a/fuzz/corpora/bignum/38998198cfa50714b488968b2c7fff0ee082bdf2 b/fuzz/corpora/bignum/38998198cfa50714b488968b2c7fff0ee082bdf2
-new file mode 100644
-index 0000000..5f324b9
-Binary files /dev/null and b/fuzz/corpora/bignum/38998198cfa50714b488968b2c7fff0ee082bdf2 differ
-diff --git a/fuzz/corpora/bignum/38c88c9668d4014d4b2c376d28423612efccd93c b/fuzz/corpora/bignum/38c88c9668d4014d4b2c376d28423612efccd93c
-new file mode 100644
-index 0000000..1ed1d31
-Binary files /dev/null and b/fuzz/corpora/bignum/38c88c9668d4014d4b2c376d28423612efccd93c differ
-diff --git a/fuzz/corpora/bignum/39c5e88032224d232ed3fc602c35c3850990f94f b/fuzz/corpora/bignum/39c5e88032224d232ed3fc602c35c3850990f94f
-new file mode 100644
-index 0000000..d18abd2
-Binary files /dev/null and b/fuzz/corpora/bignum/39c5e88032224d232ed3fc602c35c3850990f94f differ
-diff --git a/fuzz/corpora/bignum/39f053c4fdbcb7eea8787fdc6bd07a380903a246 b/fuzz/corpora/bignum/39f053c4fdbcb7eea8787fdc6bd07a380903a246
-new file mode 100644
-index 0000000..ac739d5
-Binary files /dev/null and b/fuzz/corpora/bignum/39f053c4fdbcb7eea8787fdc6bd07a380903a246 differ
-diff --git a/fuzz/corpora/bignum/3a2d683cd6dbdd214208918c98816c137dadaee8 b/fuzz/corpora/bignum/3a2d683cd6dbdd214208918c98816c137dadaee8
-new file mode 100644
-index 0000000..10660ce
-Binary files /dev/null and b/fuzz/corpora/bignum/3a2d683cd6dbdd214208918c98816c137dadaee8 differ
-diff --git a/fuzz/corpora/bignum/3c6cc768ef1eb17a3af878e3a5af78277908e73a b/fuzz/corpora/bignum/3c6cc768ef1eb17a3af878e3a5af78277908e73a
-new file mode 100644
-index 0000000..b410227
-Binary files /dev/null and b/fuzz/corpora/bignum/3c6cc768ef1eb17a3af878e3a5af78277908e73a differ
-diff --git a/fuzz/corpora/bignum/3c762c68ad23f2930e1494be8aea7362d3aabc1c b/fuzz/corpora/bignum/3c762c68ad23f2930e1494be8aea7362d3aabc1c
-new file mode 100644
-index 0000000..809aa5f
-Binary files /dev/null and b/fuzz/corpora/bignum/3c762c68ad23f2930e1494be8aea7362d3aabc1c differ
-diff --git a/fuzz/corpora/bignum/3cad9056c30b58fe6f2cd34f665125f67558ae4d b/fuzz/corpora/bignum/3cad9056c30b58fe6f2cd34f665125f67558ae4d
-new file mode 100644
-index 0000000..fce045a
-Binary files /dev/null and b/fuzz/corpora/bignum/3cad9056c30b58fe6f2cd34f665125f67558ae4d differ
-diff --git a/fuzz/corpora/bignum/3cf6610dc4d447cd10ec9c76c0e448f0e7cf749b b/fuzz/corpora/bignum/3cf6610dc4d447cd10ec9c76c0e448f0e7cf749b
-new file mode 100644
-index 0000000..fb3280c
-Binary files /dev/null and b/fuzz/corpora/bignum/3cf6610dc4d447cd10ec9c76c0e448f0e7cf749b differ
-diff --git a/fuzz/corpora/bignum/3f9a64bf80bca38bd3ce1e3610ba9a329b809e3c b/fuzz/corpora/bignum/3f9a64bf80bca38bd3ce1e3610ba9a329b809e3c
-new file mode 100644
-index 0000000..fb6ddde
-Binary files /dev/null and b/fuzz/corpora/bignum/3f9a64bf80bca38bd3ce1e3610ba9a329b809e3c differ
-diff --git a/fuzz/corpora/bignum/4030aba47ea3ed0f7396f9c6b5d2d56f7cb3b29d b/fuzz/corpora/bignum/4030aba47ea3ed0f7396f9c6b5d2d56f7cb3b29d
-new file mode 100644
-index 0000000..95f466a
-Binary files /dev/null and b/fuzz/corpora/bignum/4030aba47ea3ed0f7396f9c6b5d2d56f7cb3b29d differ
-diff --git a/fuzz/corpora/bignum/40471848c2f7c59e82c507e57aed109c28564e83 b/fuzz/corpora/bignum/40471848c2f7c59e82c507e57aed109c28564e83
-new file mode 100644
-index 0000000..88ab8de
-Binary files /dev/null and b/fuzz/corpora/bignum/40471848c2f7c59e82c507e57aed109c28564e83 differ
-diff --git a/fuzz/corpora/bignum/405fc653bf29c426245cca244f0d98113340b490 b/fuzz/corpora/bignum/405fc653bf29c426245cca244f0d98113340b490
-new file mode 100644
-index 0000000..6c4140d
-Binary files /dev/null and b/fuzz/corpora/bignum/405fc653bf29c426245cca244f0d98113340b490 differ
-diff --git a/fuzz/corpora/bignum/40ec3a5a8af360f98936d5c10ded3db723808612 b/fuzz/corpora/bignum/40ec3a5a8af360f98936d5c10ded3db723808612
-new file mode 100644
-index 0000000..e118086
-Binary files /dev/null and b/fuzz/corpora/bignum/40ec3a5a8af360f98936d5c10ded3db723808612 differ
-diff --git a/fuzz/corpora/bignum/42082c098d4e5232c38d47a7cebea91fb37153ec b/fuzz/corpora/bignum/42082c098d4e5232c38d47a7cebea91fb37153ec
-new file mode 100644
-index 0000000..8c1d3d2
-Binary files /dev/null and b/fuzz/corpora/bignum/42082c098d4e5232c38d47a7cebea91fb37153ec differ
-diff --git a/fuzz/corpora/bignum/42d6601523f94426c0ca1d25254709e849531d8f b/fuzz/corpora/bignum/42d6601523f94426c0ca1d25254709e849531d8f
-new file mode 100644
-index 0000000..e84cabb
-Binary files /dev/null and b/fuzz/corpora/bignum/42d6601523f94426c0ca1d25254709e849531d8f differ
-diff --git a/fuzz/corpora/bignum/438edf56770c274bdb421047f78aa1eaf06b7461 b/fuzz/corpora/bignum/438edf56770c274bdb421047f78aa1eaf06b7461
-new file mode 100644
-index 0000000..5a08528
-Binary files /dev/null and b/fuzz/corpora/bignum/438edf56770c274bdb421047f78aa1eaf06b7461 differ
-diff --git a/fuzz/corpora/bignum/43f28d1c9b88c80c68f7d89a55468a4e134f110a b/fuzz/corpora/bignum/43f28d1c9b88c80c68f7d89a55468a4e134f110a
-new file mode 100644
-index 0000000..a9fe44f
-Binary files /dev/null and b/fuzz/corpora/bignum/43f28d1c9b88c80c68f7d89a55468a4e134f110a differ
-diff --git a/fuzz/corpora/bignum/4462738e5f1ae745e68902d2573cdc3e6c3560c3 b/fuzz/corpora/bignum/4462738e5f1ae745e68902d2573cdc3e6c3560c3
-new file mode 100644
-index 0000000..abcb4b4
-Binary files /dev/null and b/fuzz/corpora/bignum/4462738e5f1ae745e68902d2573cdc3e6c3560c3 differ
-diff --git a/fuzz/corpora/bignum/44677fc2a023fcc6b49dd4cc8b5138cb258b6681 b/fuzz/corpora/bignum/44677fc2a023fcc6b49dd4cc8b5138cb258b6681
-new file mode 100644
-index 0000000..94635bc
-Binary files /dev/null and b/fuzz/corpora/bignum/44677fc2a023fcc6b49dd4cc8b5138cb258b6681 differ
-diff --git a/fuzz/corpora/bignum/457e4e8a598cd16765e714ca52800b99a79048e1 b/fuzz/corpora/bignum/457e4e8a598cd16765e714ca52800b99a79048e1
-new file mode 100644
-index 0000000..894408c
-Binary files /dev/null and b/fuzz/corpora/bignum/457e4e8a598cd16765e714ca52800b99a79048e1 differ
-diff --git a/fuzz/corpora/bignum/4657598f21021a15e1e3b778616064bc35b18746 b/fuzz/corpora/bignum/4657598f21021a15e1e3b778616064bc35b18746
-new file mode 100644
-index 0000000..ba0d19a
-Binary files /dev/null and b/fuzz/corpora/bignum/4657598f21021a15e1e3b778616064bc35b18746 differ
-diff --git a/fuzz/corpora/bignum/47ab81ffbed978b239b21ea8ac7cd7617bbcc9dc b/fuzz/corpora/bignum/47ab81ffbed978b239b21ea8ac7cd7617bbcc9dc
-new file mode 100644
-index 0000000..b742b7a
-Binary files /dev/null and b/fuzz/corpora/bignum/47ab81ffbed978b239b21ea8ac7cd7617bbcc9dc differ
-diff --git a/fuzz/corpora/bignum/48154c8adaed1e2fdc9f6d67e8bd7cec0ab4a9e8 b/fuzz/corpora/bignum/48154c8adaed1e2fdc9f6d67e8bd7cec0ab4a9e8
-new file mode 100644
-index 0000000..cf0d4f2
-Binary files /dev/null and b/fuzz/corpora/bignum/48154c8adaed1e2fdc9f6d67e8bd7cec0ab4a9e8 differ
-diff --git a/fuzz/corpora/bignum/4860974bbbda76649e507c1f478a463f261280c8 b/fuzz/corpora/bignum/4860974bbbda76649e507c1f478a463f261280c8
-new file mode 100644
-index 0000000..3f9466a
-Binary files /dev/null and b/fuzz/corpora/bignum/4860974bbbda76649e507c1f478a463f261280c8 differ
-diff --git a/fuzz/corpora/bignum/48d24f013773a4287f0bafb2d6f34d162f1b26d9 b/fuzz/corpora/bignum/48d24f013773a4287f0bafb2d6f34d162f1b26d9
-new file mode 100644
-index 0000000..d4eae82
-Binary files /dev/null and b/fuzz/corpora/bignum/48d24f013773a4287f0bafb2d6f34d162f1b26d9 differ
-diff --git a/fuzz/corpora/bignum/4919cd2470b74fc99c77baebae5535ab6b132669 b/fuzz/corpora/bignum/4919cd2470b74fc99c77baebae5535ab6b132669
-new file mode 100644
-index 0000000..f629b8a
-Binary files /dev/null and b/fuzz/corpora/bignum/4919cd2470b74fc99c77baebae5535ab6b132669 differ
-diff --git a/fuzz/corpora/bignum/49c230fa8055349f9de26200d01a168973670777 b/fuzz/corpora/bignum/49c230fa8055349f9de26200d01a168973670777
-new file mode 100644
-index 0000000..59c8695
-Binary files /dev/null and b/fuzz/corpora/bignum/49c230fa8055349f9de26200d01a168973670777 differ
-diff --git a/fuzz/corpora/bignum/4afbb0affba21ce4f61500f6cc0b699aa4c3fc97 b/fuzz/corpora/bignum/4afbb0affba21ce4f61500f6cc0b699aa4c3fc97
-new file mode 100644
-index 0000000..5b4b86a
-Binary files /dev/null and b/fuzz/corpora/bignum/4afbb0affba21ce4f61500f6cc0b699aa4c3fc97 differ
-diff --git a/fuzz/corpora/bignum/4b3910c0ff306403390c144f764fb90c2c14a757 b/fuzz/corpora/bignum/4b3910c0ff306403390c144f764fb90c2c14a757
-new file mode 100644
-index 0000000..847924e
-Binary files /dev/null and b/fuzz/corpora/bignum/4b3910c0ff306403390c144f764fb90c2c14a757 differ
-diff --git a/fuzz/corpora/bignum/4c0699ff1fa931ec5b786bf29569c8201396246a b/fuzz/corpora/bignum/4c0699ff1fa931ec5b786bf29569c8201396246a
-new file mode 100644
-index 0000000..4b59ead
-Binary files /dev/null and b/fuzz/corpora/bignum/4c0699ff1fa931ec5b786bf29569c8201396246a differ
-diff --git a/fuzz/corpora/bignum/4c64c468c5b6652d32ae7c42415d3a0ab481ecd5 b/fuzz/corpora/bignum/4c64c468c5b6652d32ae7c42415d3a0ab481ecd5
-new file mode 100644
-index 0000000..d225eae
-Binary files /dev/null and b/fuzz/corpora/bignum/4c64c468c5b6652d32ae7c42415d3a0ab481ecd5 differ
-diff --git a/fuzz/corpora/bignum/4cd4ae4e59cf4658d00a2ed7ef46394e14b2a0bd b/fuzz/corpora/bignum/4cd4ae4e59cf4658d00a2ed7ef46394e14b2a0bd
-new file mode 100644
-index 0000000..2f920fd
-Binary files /dev/null and b/fuzz/corpora/bignum/4cd4ae4e59cf4658d00a2ed7ef46394e14b2a0bd differ
-diff --git a/fuzz/corpora/bignum/4cf144f4c445667583068e9b0183006aaa67850c b/fuzz/corpora/bignum/4cf144f4c445667583068e9b0183006aaa67850c
-new file mode 100644
-index 0000000..af06ca1
-Binary files /dev/null and b/fuzz/corpora/bignum/4cf144f4c445667583068e9b0183006aaa67850c differ
-diff --git a/fuzz/corpora/bignum/4f6cc20be0bd24d1e7d737313b59f8fd58d8b54c b/fuzz/corpora/bignum/4f6cc20be0bd24d1e7d737313b59f8fd58d8b54c
-new file mode 100644
-index 0000000..d628f10
-Binary files /dev/null and b/fuzz/corpora/bignum/4f6cc20be0bd24d1e7d737313b59f8fd58d8b54c differ
-diff --git a/fuzz/corpora/bignum/4f801fc63989ae0db47ac886eca2a591b3dc687a b/fuzz/corpora/bignum/4f801fc63989ae0db47ac886eca2a591b3dc687a
-new file mode 100644
-index 0000000..4669abc
-Binary files /dev/null and b/fuzz/corpora/bignum/4f801fc63989ae0db47ac886eca2a591b3dc687a differ
-diff --git a/fuzz/corpora/bignum/504326b4f9d08db58ec20b03f327a97671054224 b/fuzz/corpora/bignum/504326b4f9d08db58ec20b03f327a97671054224
-new file mode 100644
-index 0000000..57c04fc
-Binary files /dev/null and b/fuzz/corpora/bignum/504326b4f9d08db58ec20b03f327a97671054224 differ
-diff --git a/fuzz/corpora/bignum/517c790afefcc9ac4f5aff9ea8d77700fcc8a673 b/fuzz/corpora/bignum/517c790afefcc9ac4f5aff9ea8d77700fcc8a673
-new file mode 100644
-index 0000000..4afa752
-Binary files /dev/null and b/fuzz/corpora/bignum/517c790afefcc9ac4f5aff9ea8d77700fcc8a673 differ
-diff --git a/fuzz/corpora/bignum/5238c9e0aafb39479ec43a2d3d0aed3adc68ceee b/fuzz/corpora/bignum/5238c9e0aafb39479ec43a2d3d0aed3adc68ceee
-new file mode 100644
-index 0000000..15190dd
-Binary files /dev/null and b/fuzz/corpora/bignum/5238c9e0aafb39479ec43a2d3d0aed3adc68ceee differ
-diff --git a/fuzz/corpora/bignum/534e41407fa682b9f1360604373b74c371e87086 b/fuzz/corpora/bignum/534e41407fa682b9f1360604373b74c371e87086
-new file mode 100644
-index 0000000..702aae2
-Binary files /dev/null and b/fuzz/corpora/bignum/534e41407fa682b9f1360604373b74c371e87086 differ
-diff --git a/fuzz/corpora/bignum/53607819a57804f016de89749a88428ad5b0450c b/fuzz/corpora/bignum/53607819a57804f016de89749a88428ad5b0450c
-new file mode 100644
-index 0000000..31b9c55
-Binary files /dev/null and b/fuzz/corpora/bignum/53607819a57804f016de89749a88428ad5b0450c differ
-diff --git a/fuzz/corpora/bignum/53f843271b1a21d2b2edc071cd345da8a250eb88 b/fuzz/corpora/bignum/53f843271b1a21d2b2edc071cd345da8a250eb88
-new file mode 100644
-index 0000000..beadb67
-Binary files /dev/null and b/fuzz/corpora/bignum/53f843271b1a21d2b2edc071cd345da8a250eb88 differ
-diff --git a/fuzz/corpora/bignum/5458036c3dd410700b19317c2558873d79ce3c40 b/fuzz/corpora/bignum/5458036c3dd410700b19317c2558873d79ce3c40
-new file mode 100644
-index 0000000..6897cf1
-Binary files /dev/null and b/fuzz/corpora/bignum/5458036c3dd410700b19317c2558873d79ce3c40 differ
-diff --git a/fuzz/corpora/bignum/54b65e7d4991a5c7862d66dd1e6a79615b35a813 b/fuzz/corpora/bignum/54b65e7d4991a5c7862d66dd1e6a79615b35a813
-new file mode 100644
-index 0000000..1cc1783
-Binary files /dev/null and b/fuzz/corpora/bignum/54b65e7d4991a5c7862d66dd1e6a79615b35a813 differ
-diff --git a/fuzz/corpora/bignum/553863271ff34b02143938705bb87e180e440eac b/fuzz/corpora/bignum/553863271ff34b02143938705bb87e180e440eac
-new file mode 100644
-index 0000000..ca359c9
-Binary files /dev/null and b/fuzz/corpora/bignum/553863271ff34b02143938705bb87e180e440eac differ
-diff --git a/fuzz/corpora/bignum/55b52e940efd9c70415b196005a05468475c0237 b/fuzz/corpora/bignum/55b52e940efd9c70415b196005a05468475c0237
-new file mode 100644
-index 0000000..f5e8aea
-Binary files /dev/null and b/fuzz/corpora/bignum/55b52e940efd9c70415b196005a05468475c0237 differ
-diff --git a/fuzz/corpora/bignum/5614732f454872ff628db935a5add0844d204f5d b/fuzz/corpora/bignum/5614732f454872ff628db935a5add0844d204f5d
-new file mode 100644
-index 0000000..b1b7d13
-Binary files /dev/null and b/fuzz/corpora/bignum/5614732f454872ff628db935a5add0844d204f5d differ
-diff --git a/fuzz/corpora/bignum/57a0c38bc4983ad5b24752bbdfd5487994a95b13 b/fuzz/corpora/bignum/57a0c38bc4983ad5b24752bbdfd5487994a95b13
-new file mode 100644
-index 0000000..73fa2b8
-Binary files /dev/null and b/fuzz/corpora/bignum/57a0c38bc4983ad5b24752bbdfd5487994a95b13 differ
-diff --git a/fuzz/corpora/bignum/58b4681433cf739f1559f8d54d1fb0871f8f8623 b/fuzz/corpora/bignum/58b4681433cf739f1559f8d54d1fb0871f8f8623
-new file mode 100644
-index 0000000..932ba62
-Binary files /dev/null and b/fuzz/corpora/bignum/58b4681433cf739f1559f8d54d1fb0871f8f8623 differ
-diff --git a/fuzz/corpora/bignum/5a7c6faec2ec2999aaa8c4175567af26e7056b1f b/fuzz/corpora/bignum/5a7c6faec2ec2999aaa8c4175567af26e7056b1f
-new file mode 100644
-index 0000000..99fb120
-Binary files /dev/null and b/fuzz/corpora/bignum/5a7c6faec2ec2999aaa8c4175567af26e7056b1f differ
-diff --git a/fuzz/corpora/bignum/5af60ae40349117bc0946ea8d070e18d68965915 b/fuzz/corpora/bignum/5af60ae40349117bc0946ea8d070e18d68965915
-new file mode 100644
-index 0000000..e32a01d
-Binary files /dev/null and b/fuzz/corpora/bignum/5af60ae40349117bc0946ea8d070e18d68965915 differ
-diff --git a/fuzz/corpora/bignum/5b6ad31ff3f977dab3c9d979711ce008a42f7c06 b/fuzz/corpora/bignum/5b6ad31ff3f977dab3c9d979711ce008a42f7c06
-new file mode 100644
-index 0000000..654ef7a
-Binary files /dev/null and b/fuzz/corpora/bignum/5b6ad31ff3f977dab3c9d979711ce008a42f7c06 differ
-diff --git a/fuzz/corpora/bignum/5b96ff153d7454a1552accb5f270d4eafc24e40f b/fuzz/corpora/bignum/5b96ff153d7454a1552accb5f270d4eafc24e40f
-new file mode 100644
-index 0000000..8e17008
-Binary files /dev/null and b/fuzz/corpora/bignum/5b96ff153d7454a1552accb5f270d4eafc24e40f differ
-diff --git a/fuzz/corpora/bignum/5be5ab60e1fd75943943b12ed60e4734f6ee3935 b/fuzz/corpora/bignum/5be5ab60e1fd75943943b12ed60e4734f6ee3935
-new file mode 100644
-index 0000000..53d870b
-Binary files /dev/null and b/fuzz/corpora/bignum/5be5ab60e1fd75943943b12ed60e4734f6ee3935 differ
-diff --git a/fuzz/corpora/bignum/5beffa928dfb0c57766bfa9f20e99ba6b514021b b/fuzz/corpora/bignum/5beffa928dfb0c57766bfa9f20e99ba6b514021b
-new file mode 100644
-index 0000000..dcfa09f
-Binary files /dev/null and b/fuzz/corpora/bignum/5beffa928dfb0c57766bfa9f20e99ba6b514021b differ
-diff --git a/fuzz/corpora/bignum/5c3999ed267a29968fade2b27d80037e24a5d314 b/fuzz/corpora/bignum/5c3999ed267a29968fade2b27d80037e24a5d314
-new file mode 100644
-index 0000000..c63e5af
-Binary files /dev/null and b/fuzz/corpora/bignum/5c3999ed267a29968fade2b27d80037e24a5d314 differ
-diff --git a/fuzz/corpora/bignum/5d726dc792e378dcb417cf99155864f1b5360314 b/fuzz/corpora/bignum/5d726dc792e378dcb417cf99155864f1b5360314
-new file mode 100644
-index 0000000..0c64e89
-Binary files /dev/null and b/fuzz/corpora/bignum/5d726dc792e378dcb417cf99155864f1b5360314 differ
-diff --git a/fuzz/corpora/bignum/5db01e3abb3208f37afef65e4506833e97e6ed26 b/fuzz/corpora/bignum/5db01e3abb3208f37afef65e4506833e97e6ed26
-new file mode 100644
-index 0000000..97c4f8f
-Binary files /dev/null and b/fuzz/corpora/bignum/5db01e3abb3208f37afef65e4506833e97e6ed26 differ
-diff --git a/fuzz/corpora/bignum/5dd9fe2f951a5140b3ac48923aaed59ab145d6e3 b/fuzz/corpora/bignum/5dd9fe2f951a5140b3ac48923aaed59ab145d6e3
-new file mode 100644
-index 0000000..046b5db
-Binary files /dev/null and b/fuzz/corpora/bignum/5dd9fe2f951a5140b3ac48923aaed59ab145d6e3 differ
-diff --git a/fuzz/corpora/bignum/5e274c181a945991c9063448c8eb3a2df94c966a b/fuzz/corpora/bignum/5e274c181a945991c9063448c8eb3a2df94c966a
-new file mode 100644
-index 0000000..9df9f17
-Binary files /dev/null and b/fuzz/corpora/bignum/5e274c181a945991c9063448c8eb3a2df94c966a differ
-diff --git a/fuzz/corpora/bignum/6013465dc17db95bef87b8dddba06a7c5572215e b/fuzz/corpora/bignum/6013465dc17db95bef87b8dddba06a7c5572215e
-new file mode 100644
-index 0000000..4d17bb6
-Binary files /dev/null and b/fuzz/corpora/bignum/6013465dc17db95bef87b8dddba06a7c5572215e differ
-diff --git a/fuzz/corpora/bignum/6029823423acb577f59cc96817f6bf64d726263d b/fuzz/corpora/bignum/6029823423acb577f59cc96817f6bf64d726263d
-new file mode 100644
-index 0000000..dd3512c
-Binary files /dev/null and b/fuzz/corpora/bignum/6029823423acb577f59cc96817f6bf64d726263d differ
-diff --git a/fuzz/corpora/bignum/603f1f3e564458d3d0357b0a08906409d428306d b/fuzz/corpora/bignum/603f1f3e564458d3d0357b0a08906409d428306d
-new file mode 100644
-index 0000000..1e818a6
-Binary files /dev/null and b/fuzz/corpora/bignum/603f1f3e564458d3d0357b0a08906409d428306d differ
-diff --git a/fuzz/corpora/bignum/60c8d0ec40218c6427be307a6fda0565719ee2a6 b/fuzz/corpora/bignum/60c8d0ec40218c6427be307a6fda0565719ee2a6
-new file mode 100644
-index 0000000..dc3a951
-Binary files /dev/null and b/fuzz/corpora/bignum/60c8d0ec40218c6427be307a6fda0565719ee2a6 differ
-diff --git a/fuzz/corpora/bignum/60e368073cc04a42ae26a5819888a77bd94d47ae b/fuzz/corpora/bignum/60e368073cc04a42ae26a5819888a77bd94d47ae
-new file mode 100644
-index 0000000..501c0eb
-Binary files /dev/null and b/fuzz/corpora/bignum/60e368073cc04a42ae26a5819888a77bd94d47ae differ
-diff --git a/fuzz/corpora/bignum/611f1a128c646c2c2e213b84fadbeac33fa45147 b/fuzz/corpora/bignum/611f1a128c646c2c2e213b84fadbeac33fa45147
-new file mode 100644
-index 0000000..384154f
-Binary files /dev/null and b/fuzz/corpora/bignum/611f1a128c646c2c2e213b84fadbeac33fa45147 differ
-diff --git a/fuzz/corpora/bignum/61a54b22dd1ae460f3411550df7aebc33023dc41 b/fuzz/corpora/bignum/61a54b22dd1ae460f3411550df7aebc33023dc41
-new file mode 100644
-index 0000000..86abf0b
-Binary files /dev/null and b/fuzz/corpora/bignum/61a54b22dd1ae460f3411550df7aebc33023dc41 differ
-diff --git a/fuzz/corpora/bignum/624a5257b280a1e15967cbd3a24fb040589bae6f b/fuzz/corpora/bignum/624a5257b280a1e15967cbd3a24fb040589bae6f
-new file mode 100644
-index 0000000..96e79ca
-Binary files /dev/null and b/fuzz/corpora/bignum/624a5257b280a1e15967cbd3a24fb040589bae6f differ
-diff --git a/fuzz/corpora/bignum/62511d1631b3583e6546e8d984e228fe85a2142f b/fuzz/corpora/bignum/62511d1631b3583e6546e8d984e228fe85a2142f
-new file mode 100644
-index 0000000..7db1b87
-Binary files /dev/null and b/fuzz/corpora/bignum/62511d1631b3583e6546e8d984e228fe85a2142f differ
-diff --git a/fuzz/corpora/bignum/62771bc7860130002679ca1e900200bcfeb6a6b6 b/fuzz/corpora/bignum/62771bc7860130002679ca1e900200bcfeb6a6b6
-new file mode 100644
-index 0000000..364c3f0
-Binary files /dev/null and b/fuzz/corpora/bignum/62771bc7860130002679ca1e900200bcfeb6a6b6 differ
-diff --git a/fuzz/corpora/bignum/62ef9b2ff19cb07a5df2fbb2204a3a46a287ebc0 b/fuzz/corpora/bignum/62ef9b2ff19cb07a5df2fbb2204a3a46a287ebc0
-new file mode 100644
-index 0000000..b5cc9a6
-Binary files /dev/null and b/fuzz/corpora/bignum/62ef9b2ff19cb07a5df2fbb2204a3a46a287ebc0 differ
-diff --git a/fuzz/corpora/bignum/636212dbe310b2a18c48c8c46da399d2d0099749 b/fuzz/corpora/bignum/636212dbe310b2a18c48c8c46da399d2d0099749
-new file mode 100644
-index 0000000..5903775
-Binary files /dev/null and b/fuzz/corpora/bignum/636212dbe310b2a18c48c8c46da399d2d0099749 differ
-diff --git a/fuzz/corpora/bignum/642b27b3fe5f194405dadb10ab1c381f0f7d2bf9 b/fuzz/corpora/bignum/642b27b3fe5f194405dadb10ab1c381f0f7d2bf9
-new file mode 100644
-index 0000000..3e74509
-Binary files /dev/null and b/fuzz/corpora/bignum/642b27b3fe5f194405dadb10ab1c381f0f7d2bf9 differ
-diff --git a/fuzz/corpora/bignum/644eb8e6734899411e0deb6926132f04dec542aa b/fuzz/corpora/bignum/644eb8e6734899411e0deb6926132f04dec542aa
-new file mode 100644
-index 0000000..861b1d1
-Binary files /dev/null and b/fuzz/corpora/bignum/644eb8e6734899411e0deb6926132f04dec542aa differ
-diff --git a/fuzz/corpora/bignum/66e69dce55bd1e83ecb190305f5d3adb6a203f4b b/fuzz/corpora/bignum/66e69dce55bd1e83ecb190305f5d3adb6a203f4b
-new file mode 100644
-index 0000000..0d0f657
-Binary files /dev/null and b/fuzz/corpora/bignum/66e69dce55bd1e83ecb190305f5d3adb6a203f4b differ
-diff --git a/fuzz/corpora/bignum/67f5b3b4bb7bb43860929b0130ffc6e302f2c4d0 b/fuzz/corpora/bignum/67f5b3b4bb7bb43860929b0130ffc6e302f2c4d0
-new file mode 100644
-index 0000000..b6d081c
-Binary files /dev/null and b/fuzz/corpora/bignum/67f5b3b4bb7bb43860929b0130ffc6e302f2c4d0 differ
-diff --git a/fuzz/corpora/bignum/6a1c154b967390fafe327505baaad7f88f75be54 b/fuzz/corpora/bignum/6a1c154b967390fafe327505baaad7f88f75be54
-new file mode 100644
-index 0000000..35d7249
-Binary files /dev/null and b/fuzz/corpora/bignum/6a1c154b967390fafe327505baaad7f88f75be54 differ
-diff --git a/fuzz/corpora/bignum/6a33c7883703c9277853b13cf671caac6074f518 b/fuzz/corpora/bignum/6a33c7883703c9277853b13cf671caac6074f518
-new file mode 100644
-index 0000000..e92285f
-Binary files /dev/null and b/fuzz/corpora/bignum/6a33c7883703c9277853b13cf671caac6074f518 differ
-diff --git a/fuzz/corpora/bignum/6ae189bad64a248d0cdaa458ea376f61770baf07 b/fuzz/corpora/bignum/6ae189bad64a248d0cdaa458ea376f61770baf07
-new file mode 100644
-index 0000000..dac5f90
-Binary files /dev/null and b/fuzz/corpora/bignum/6ae189bad64a248d0cdaa458ea376f61770baf07 differ
-diff --git a/fuzz/corpora/bignum/6bab15cf7131af8e9d8a18f60891ff427f95eb17 b/fuzz/corpora/bignum/6bab15cf7131af8e9d8a18f60891ff427f95eb17
-new file mode 100644
-index 0000000..74fd721
-Binary files /dev/null and b/fuzz/corpora/bignum/6bab15cf7131af8e9d8a18f60891ff427f95eb17 differ
-diff --git a/fuzz/corpora/bignum/6cc9c5e3f44c96e7b9c5929a2557ae0f5c908bc3 b/fuzz/corpora/bignum/6cc9c5e3f44c96e7b9c5929a2557ae0f5c908bc3
-new file mode 100644
-index 0000000..c1b1203
-Binary files /dev/null and b/fuzz/corpora/bignum/6cc9c5e3f44c96e7b9c5929a2557ae0f5c908bc3 differ
-diff --git a/fuzz/corpora/bignum/6d2fb2f7d1b1945232ac3e02190936fab36634f1 b/fuzz/corpora/bignum/6d2fb2f7d1b1945232ac3e02190936fab36634f1
-new file mode 100644
-index 0000000..914c2af
-Binary files /dev/null and b/fuzz/corpora/bignum/6d2fb2f7d1b1945232ac3e02190936fab36634f1 differ
-diff --git a/fuzz/corpora/bignum/6dab0a0bfb136e26f61c29940c12a5a9dd61a64c b/fuzz/corpora/bignum/6dab0a0bfb136e26f61c29940c12a5a9dd61a64c
-new file mode 100644
-index 0000000..eb5afe4
-Binary files /dev/null and b/fuzz/corpora/bignum/6dab0a0bfb136e26f61c29940c12a5a9dd61a64c differ
-diff --git a/fuzz/corpora/bignum/6ede9a631d07a81e2cb6b89e85690e9ba3d8ef2e b/fuzz/corpora/bignum/6ede9a631d07a81e2cb6b89e85690e9ba3d8ef2e
-new file mode 100644
-index 0000000..da92424
-Binary files /dev/null and b/fuzz/corpora/bignum/6ede9a631d07a81e2cb6b89e85690e9ba3d8ef2e differ
-diff --git a/fuzz/corpora/bignum/7006b9ee1d820603eb6a3b6e950efda465d4597c b/fuzz/corpora/bignum/7006b9ee1d820603eb6a3b6e950efda465d4597c
-new file mode 100644
-index 0000000..db8a445
-Binary files /dev/null and b/fuzz/corpora/bignum/7006b9ee1d820603eb6a3b6e950efda465d4597c differ
-diff --git a/fuzz/corpora/bignum/701843327f24e08a36b21dd5cab28f46e9578527 b/fuzz/corpora/bignum/701843327f24e08a36b21dd5cab28f46e9578527
-new file mode 100644
-index 0000000..e567451
-Binary files /dev/null and b/fuzz/corpora/bignum/701843327f24e08a36b21dd5cab28f46e9578527 differ
-diff --git a/fuzz/corpora/bignum/70713a43e88a51e0312ac282b4c4baecde10780f b/fuzz/corpora/bignum/70713a43e88a51e0312ac282b4c4baecde10780f
-new file mode 100644
-index 0000000..134e5d7
-Binary files /dev/null and b/fuzz/corpora/bignum/70713a43e88a51e0312ac282b4c4baecde10780f differ
-diff --git a/fuzz/corpora/bignum/723c5a448aed95b9b56565845fc325ea42c9c23b b/fuzz/corpora/bignum/723c5a448aed95b9b56565845fc325ea42c9c23b
-new file mode 100644
-index 0000000..a87f993
-Binary files /dev/null and b/fuzz/corpora/bignum/723c5a448aed95b9b56565845fc325ea42c9c23b differ
-diff --git a/fuzz/corpora/bignum/73fd5ba4981316eef8f940845cebb4019c52dbdc b/fuzz/corpora/bignum/73fd5ba4981316eef8f940845cebb4019c52dbdc
-new file mode 100644
-index 0000000..12f4865
-Binary files /dev/null and b/fuzz/corpora/bignum/73fd5ba4981316eef8f940845cebb4019c52dbdc differ
-diff --git a/fuzz/corpora/bignum/7468def26d7e78b89e72998dfe9ea560559ec0b9 b/fuzz/corpora/bignum/7468def26d7e78b89e72998dfe9ea560559ec0b9
-new file mode 100644
-index 0000000..7174234
-Binary files /dev/null and b/fuzz/corpora/bignum/7468def26d7e78b89e72998dfe9ea560559ec0b9 differ
-diff --git a/fuzz/corpora/bignum/75ff386887b24eb337eafee926103fe30caccbd5 b/fuzz/corpora/bignum/75ff386887b24eb337eafee926103fe30caccbd5
-new file mode 100644
-index 0000000..6e2a280
-Binary files /dev/null and b/fuzz/corpora/bignum/75ff386887b24eb337eafee926103fe30caccbd5 differ
-diff --git a/fuzz/corpora/bignum/7601a914b8aaa54cc03cfdc4c53571d7fce2ea1c b/fuzz/corpora/bignum/7601a914b8aaa54cc03cfdc4c53571d7fce2ea1c
-new file mode 100644
-index 0000000..b6e0d59
-Binary files /dev/null and b/fuzz/corpora/bignum/7601a914b8aaa54cc03cfdc4c53571d7fce2ea1c differ
-diff --git a/fuzz/corpora/bignum/77f3dc7df7ed04a5aa80a133caa12b6d938e7e08 b/fuzz/corpora/bignum/77f3dc7df7ed04a5aa80a133caa12b6d938e7e08
-new file mode 100644
-index 0000000..0dc9fa6
-Binary files /dev/null and b/fuzz/corpora/bignum/77f3dc7df7ed04a5aa80a133caa12b6d938e7e08 differ
-diff --git a/fuzz/corpora/bignum/79338d11e647d9135518913e6adae90b2e72b8b8 b/fuzz/corpora/bignum/79338d11e647d9135518913e6adae90b2e72b8b8
-new file mode 100644
-index 0000000..03cf635
-Binary files /dev/null and b/fuzz/corpora/bignum/79338d11e647d9135518913e6adae90b2e72b8b8 differ
-diff --git a/fuzz/corpora/bignum/79c1b5f71a06600e64e5818bcb8f3e41b18e5321 b/fuzz/corpora/bignum/79c1b5f71a06600e64e5818bcb8f3e41b18e5321
-new file mode 100644
-index 0000000..a47817b
-Binary files /dev/null and b/fuzz/corpora/bignum/79c1b5f71a06600e64e5818bcb8f3e41b18e5321 differ
-diff --git a/fuzz/corpora/bignum/79e9cb4a8dad5fb14c851f8d41f1db9b5f938e00 b/fuzz/corpora/bignum/79e9cb4a8dad5fb14c851f8d41f1db9b5f938e00
-new file mode 100644
-index 0000000..b36ae23
-Binary files /dev/null and b/fuzz/corpora/bignum/79e9cb4a8dad5fb14c851f8d41f1db9b5f938e00 differ
-diff --git a/fuzz/corpora/bignum/7a6353d83ccf1a4b5177d3c19f4fa1ef546081a7 b/fuzz/corpora/bignum/7a6353d83ccf1a4b5177d3c19f4fa1ef546081a7
-new file mode 100644
-index 0000000..4772156
-Binary files /dev/null and b/fuzz/corpora/bignum/7a6353d83ccf1a4b5177d3c19f4fa1ef546081a7 differ
-diff --git a/fuzz/corpora/bignum/7ad115b225db1ff25f03e764eb86b20dcac23916 b/fuzz/corpora/bignum/7ad115b225db1ff25f03e764eb86b20dcac23916
-new file mode 100644
-index 0000000..aebf398
-Binary files /dev/null and b/fuzz/corpora/bignum/7ad115b225db1ff25f03e764eb86b20dcac23916 differ
-diff --git a/fuzz/corpora/bignum/7ae93a888eb402e838a518a7c8ad8bafc6a698ce b/fuzz/corpora/bignum/7ae93a888eb402e838a518a7c8ad8bafc6a698ce
-new file mode 100644
-index 0000000..58bc8b7
-Binary files /dev/null and b/fuzz/corpora/bignum/7ae93a888eb402e838a518a7c8ad8bafc6a698ce differ
-diff --git a/fuzz/corpora/bignum/7b487c78ea8b6c6c892652a932016a6f0d784c07 b/fuzz/corpora/bignum/7b487c78ea8b6c6c892652a932016a6f0d784c07
-new file mode 100644
-index 0000000..e4484db
-Binary files /dev/null and b/fuzz/corpora/bignum/7b487c78ea8b6c6c892652a932016a6f0d784c07 differ
-diff --git a/fuzz/corpora/bignum/7b9ccfe541cd7e9280826b28f56d3954c13979dd b/fuzz/corpora/bignum/7b9ccfe541cd7e9280826b28f56d3954c13979dd
-new file mode 100644
-index 0000000..25407e3
-Binary files /dev/null and b/fuzz/corpora/bignum/7b9ccfe541cd7e9280826b28f56d3954c13979dd differ
-diff --git a/fuzz/corpora/bignum/7bc24baf5a8d936d44c13324c39848be10c4ac3c b/fuzz/corpora/bignum/7bc24baf5a8d936d44c13324c39848be10c4ac3c
-new file mode 100644
-index 0000000..1b98c9a
-Binary files /dev/null and b/fuzz/corpora/bignum/7bc24baf5a8d936d44c13324c39848be10c4ac3c differ
-diff --git a/fuzz/corpora/bignum/7c3beca641873ef96f71ec644f0021786b49d256 b/fuzz/corpora/bignum/7c3beca641873ef96f71ec644f0021786b49d256
-new file mode 100644
-index 0000000..51c31f6
-Binary files /dev/null and b/fuzz/corpora/bignum/7c3beca641873ef96f71ec644f0021786b49d256 differ
-diff --git a/fuzz/corpora/bignum/7cd314ab0309529759dbf02c09cc0e7265c0dfe5 b/fuzz/corpora/bignum/7cd314ab0309529759dbf02c09cc0e7265c0dfe5
-new file mode 100644
-index 0000000..3712cd7
-Binary files /dev/null and b/fuzz/corpora/bignum/7cd314ab0309529759dbf02c09cc0e7265c0dfe5 differ
-diff --git a/fuzz/corpora/bignum/7ebbd74d8de2c419a3a9df61812d91e22b4a3585 b/fuzz/corpora/bignum/7ebbd74d8de2c419a3a9df61812d91e22b4a3585
-new file mode 100644
-index 0000000..563f7d7
-Binary files /dev/null and b/fuzz/corpora/bignum/7ebbd74d8de2c419a3a9df61812d91e22b4a3585 differ
-diff --git a/fuzz/corpora/bignum/7ff2381e7c66501b11b3814fbe949ea348e99dab b/fuzz/corpora/bignum/7ff2381e7c66501b11b3814fbe949ea348e99dab
-new file mode 100644
-index 0000000..f420ffa
-Binary files /dev/null and b/fuzz/corpora/bignum/7ff2381e7c66501b11b3814fbe949ea348e99dab differ
-diff --git a/fuzz/corpora/bignum/80872fe8e270e307b02bf7913b515e5b11919fde b/fuzz/corpora/bignum/80872fe8e270e307b02bf7913b515e5b11919fde
-new file mode 100644
-index 0000000..0bf369a
-Binary files /dev/null and b/fuzz/corpora/bignum/80872fe8e270e307b02bf7913b515e5b11919fde differ
-diff --git a/fuzz/corpora/bignum/809f209a4f4e109e5d6b1ab7c8ed493eac03d096 b/fuzz/corpora/bignum/809f209a4f4e109e5d6b1ab7c8ed493eac03d096
-new file mode 100644
-index 0000000..1425c57
-Binary files /dev/null and b/fuzz/corpora/bignum/809f209a4f4e109e5d6b1ab7c8ed493eac03d096 differ
-diff --git a/fuzz/corpora/bignum/81437bccf27af0a8ab0d6af02260956b105bfc63 b/fuzz/corpora/bignum/81437bccf27af0a8ab0d6af02260956b105bfc63
-new file mode 100644
-index 0000000..a7a3c42
-Binary files /dev/null and b/fuzz/corpora/bignum/81437bccf27af0a8ab0d6af02260956b105bfc63 differ
-diff --git a/fuzz/corpora/bignum/81e4e34139e367231e7c4017d70ec4daa6e566ba b/fuzz/corpora/bignum/81e4e34139e367231e7c4017d70ec4daa6e566ba
-new file mode 100644
-index 0000000..8e5a3c6
-Binary files /dev/null and b/fuzz/corpora/bignum/81e4e34139e367231e7c4017d70ec4daa6e566ba differ
-diff --git a/fuzz/corpora/bignum/8343e2e7acad75e615d9411eb6f20de595ffe0fb b/fuzz/corpora/bignum/8343e2e7acad75e615d9411eb6f20de595ffe0fb
-new file mode 100644
-index 0000000..4248e2a
-Binary files /dev/null and b/fuzz/corpora/bignum/8343e2e7acad75e615d9411eb6f20de595ffe0fb differ
-diff --git a/fuzz/corpora/bignum/846edaa19ffe7a1e55e9ebb29c2a4c29486359dd b/fuzz/corpora/bignum/846edaa19ffe7a1e55e9ebb29c2a4c29486359dd
-new file mode 100644
-index 0000000..47ac2bf
-Binary files /dev/null and b/fuzz/corpora/bignum/846edaa19ffe7a1e55e9ebb29c2a4c29486359dd differ
-diff --git a/fuzz/corpora/bignum/850e7dc85f587658838bade1a5792a32df4f0f7f b/fuzz/corpora/bignum/850e7dc85f587658838bade1a5792a32df4f0f7f
-new file mode 100644
-index 0000000..1ced029
-Binary files /dev/null and b/fuzz/corpora/bignum/850e7dc85f587658838bade1a5792a32df4f0f7f differ
-diff --git a/fuzz/corpora/bignum/850fd0a46819cbe65d9a1d26d7663bde2ef5423b b/fuzz/corpora/bignum/850fd0a46819cbe65d9a1d26d7663bde2ef5423b
-new file mode 100644
-index 0000000..684d600
-Binary files /dev/null and b/fuzz/corpora/bignum/850fd0a46819cbe65d9a1d26d7663bde2ef5423b differ
-diff --git a/fuzz/corpora/bignum/8564e156f7608f3eee7bc9f4a682c0095fbed947 b/fuzz/corpora/bignum/8564e156f7608f3eee7bc9f4a682c0095fbed947
-new file mode 100644
-index 0000000..ea9226c
-Binary files /dev/null and b/fuzz/corpora/bignum/8564e156f7608f3eee7bc9f4a682c0095fbed947 differ
-diff --git a/fuzz/corpora/bignum/8643c8cecc2726bb6eeee782a1989eece259d30b b/fuzz/corpora/bignum/8643c8cecc2726bb6eeee782a1989eece259d30b
-new file mode 100644
-index 0000000..b63c785
-Binary files /dev/null and b/fuzz/corpora/bignum/8643c8cecc2726bb6eeee782a1989eece259d30b differ
-diff --git a/fuzz/corpora/bignum/86a399e9e58bc49989cfc7ecd9fd68e0214d9a96 b/fuzz/corpora/bignum/86a399e9e58bc49989cfc7ecd9fd68e0214d9a96
-new file mode 100644
-index 0000000..a6dccea
-Binary files /dev/null and b/fuzz/corpora/bignum/86a399e9e58bc49989cfc7ecd9fd68e0214d9a96 differ
-diff --git a/fuzz/corpora/bignum/873b549530599ef96cf0da41a4577a51074bccc6 b/fuzz/corpora/bignum/873b549530599ef96cf0da41a4577a51074bccc6
-new file mode 100644
-index 0000000..0b6867f
-Binary files /dev/null and b/fuzz/corpora/bignum/873b549530599ef96cf0da41a4577a51074bccc6 differ
-diff --git a/fuzz/corpora/bignum/875a0573d14d7c0db32947f852d5572f3094d24a b/fuzz/corpora/bignum/875a0573d14d7c0db32947f852d5572f3094d24a
-new file mode 100644
-index 0000000..2b81f5c
-Binary files /dev/null and b/fuzz/corpora/bignum/875a0573d14d7c0db32947f852d5572f3094d24a differ
-diff --git a/fuzz/corpora/bignum/87d7a7e7f574a59952ea6d9f35222884e431476c b/fuzz/corpora/bignum/87d7a7e7f574a59952ea6d9f35222884e431476c
-new file mode 100644
-index 0000000..356b7ba
-Binary files /dev/null and b/fuzz/corpora/bignum/87d7a7e7f574a59952ea6d9f35222884e431476c differ
-diff --git a/fuzz/corpora/bignum/888f0024b2fa65f660aca5e32fa1fd07f041282f b/fuzz/corpora/bignum/888f0024b2fa65f660aca5e32fa1fd07f041282f
-new file mode 100644
-index 0000000..f3dd05a
-Binary files /dev/null and b/fuzz/corpora/bignum/888f0024b2fa65f660aca5e32fa1fd07f041282f differ
-diff --git a/fuzz/corpora/bignum/88b3244421af6960fce4ff3059878f068a17e7e4 b/fuzz/corpora/bignum/88b3244421af6960fce4ff3059878f068a17e7e4
-new file mode 100644
-index 0000000..267be21
-Binary files /dev/null and b/fuzz/corpora/bignum/88b3244421af6960fce4ff3059878f068a17e7e4 differ
-diff --git a/fuzz/corpora/bignum/8963514e224558c06cd8b5ddacf2ae0ff2e7e4f3 b/fuzz/corpora/bignum/8963514e224558c06cd8b5ddacf2ae0ff2e7e4f3
-new file mode 100644
-index 0000000..12437ce
-Binary files /dev/null and b/fuzz/corpora/bignum/8963514e224558c06cd8b5ddacf2ae0ff2e7e4f3 differ
-diff --git a/fuzz/corpora/bignum/8a381fdd97dc5f70c7ad0fd55ab2ab71e02ad6d6 b/fuzz/corpora/bignum/8a381fdd97dc5f70c7ad0fd55ab2ab71e02ad6d6
-new file mode 100644
-index 0000000..1271bca
-Binary files /dev/null and b/fuzz/corpora/bignum/8a381fdd97dc5f70c7ad0fd55ab2ab71e02ad6d6 differ
-diff --git a/fuzz/corpora/bignum/8a4198cb150003d28bc39699bc76fad77aa83ee0 b/fuzz/corpora/bignum/8a4198cb150003d28bc39699bc76fad77aa83ee0
-new file mode 100644
-index 0000000..603f300
-Binary files /dev/null and b/fuzz/corpora/bignum/8a4198cb150003d28bc39699bc76fad77aa83ee0 differ
-diff --git a/fuzz/corpora/bignum/8b9b5edfdaae44c224bf3a59febaef5ddc8b30b1 b/fuzz/corpora/bignum/8b9b5edfdaae44c224bf3a59febaef5ddc8b30b1
-new file mode 100644
-index 0000000..1b05595
-Binary files /dev/null and b/fuzz/corpora/bignum/8b9b5edfdaae44c224bf3a59febaef5ddc8b30b1 differ
-diff --git a/fuzz/corpora/bignum/8c6dda8b405cdd3f78774f9eaf0f957b8281c20d b/fuzz/corpora/bignum/8c6dda8b405cdd3f78774f9eaf0f957b8281c20d
-new file mode 100644
-index 0000000..288f223
-Binary files /dev/null and b/fuzz/corpora/bignum/8c6dda8b405cdd3f78774f9eaf0f957b8281c20d differ
-diff --git a/fuzz/corpora/bignum/8de9cc9d2c4798bad1d4ceec36a142af03e7c988 b/fuzz/corpora/bignum/8de9cc9d2c4798bad1d4ceec36a142af03e7c988
-new file mode 100644
-index 0000000..3a2b166
-Binary files /dev/null and b/fuzz/corpora/bignum/8de9cc9d2c4798bad1d4ceec36a142af03e7c988 differ
-diff --git a/fuzz/corpora/bignum/8f1ee48f46c8a12ee373de90efd540eddf555ba9 b/fuzz/corpora/bignum/8f1ee48f46c8a12ee373de90efd540eddf555ba9
-new file mode 100644
-index 0000000..798beff
-Binary files /dev/null and b/fuzz/corpora/bignum/8f1ee48f46c8a12ee373de90efd540eddf555ba9 differ
-diff --git a/fuzz/corpora/bignum/9058a04d701cd6810535730ea03ede1a9f6fd90f b/fuzz/corpora/bignum/9058a04d701cd6810535730ea03ede1a9f6fd90f
-new file mode 100644
-index 0000000..db86929
-Binary files /dev/null and b/fuzz/corpora/bignum/9058a04d701cd6810535730ea03ede1a9f6fd90f differ
-diff --git a/fuzz/corpora/bignum/90de75065461372acb4cdfabe7a73f07f3f73b55 b/fuzz/corpora/bignum/90de75065461372acb4cdfabe7a73f07f3f73b55
-new file mode 100644
-index 0000000..9ecad35
-Binary files /dev/null and b/fuzz/corpora/bignum/90de75065461372acb4cdfabe7a73f07f3f73b55 differ
-diff --git a/fuzz/corpora/bignum/92fca6fef53b5afc598d21ce8b6ed7a3eb5c9442 b/fuzz/corpora/bignum/92fca6fef53b5afc598d21ce8b6ed7a3eb5c9442
-new file mode 100644
-index 0000000..db5a391
-Binary files /dev/null and b/fuzz/corpora/bignum/92fca6fef53b5afc598d21ce8b6ed7a3eb5c9442 differ
-diff --git a/fuzz/corpora/bignum/93df76a722901e69817a502ec316f01f26ff85a2 b/fuzz/corpora/bignum/93df76a722901e69817a502ec316f01f26ff85a2
-new file mode 100644
-index 0000000..c82befd
-Binary files /dev/null and b/fuzz/corpora/bignum/93df76a722901e69817a502ec316f01f26ff85a2 differ
-diff --git a/fuzz/corpora/bignum/94654b73567e989fa87ac3de92b875e1e17c5934 b/fuzz/corpora/bignum/94654b73567e989fa87ac3de92b875e1e17c5934
-new file mode 100644
-index 0000000..3649da6
-Binary files /dev/null and b/fuzz/corpora/bignum/94654b73567e989fa87ac3de92b875e1e17c5934 differ
-diff --git a/fuzz/corpora/bignum/949e1329a2d0596bd2ef36f46bab60bc9b0d9a3e b/fuzz/corpora/bignum/949e1329a2d0596bd2ef36f46bab60bc9b0d9a3e
-new file mode 100644
-index 0000000..cac68bc
-Binary files /dev/null and b/fuzz/corpora/bignum/949e1329a2d0596bd2ef36f46bab60bc9b0d9a3e differ
-diff --git a/fuzz/corpora/bignum/956a5d320b32359f3e1edeef628fce677f4b3785 b/fuzz/corpora/bignum/956a5d320b32359f3e1edeef628fce677f4b3785
-new file mode 100644
-index 0000000..8c69cbe
-Binary files /dev/null and b/fuzz/corpora/bignum/956a5d320b32359f3e1edeef628fce677f4b3785 differ
-diff --git a/fuzz/corpora/bignum/959e19a37954cd22e3c0f1d7a3734e585edd0d58 b/fuzz/corpora/bignum/959e19a37954cd22e3c0f1d7a3734e585edd0d58
-new file mode 100644
-index 0000000..a23bc2d
-Binary files /dev/null and b/fuzz/corpora/bignum/959e19a37954cd22e3c0f1d7a3734e585edd0d58 differ
-diff --git a/fuzz/corpora/bignum/96a3c9b1e2a119e46d1a93d537eb4359cb7876bc b/fuzz/corpora/bignum/96a3c9b1e2a119e46d1a93d537eb4359cb7876bc
-new file mode 100644
-index 0000000..9c25189
-Binary files /dev/null and b/fuzz/corpora/bignum/96a3c9b1e2a119e46d1a93d537eb4359cb7876bc differ
-diff --git a/fuzz/corpora/bignum/976fa015ec637c38d9628b8c17595e9cd44eccdd b/fuzz/corpora/bignum/976fa015ec637c38d9628b8c17595e9cd44eccdd
-new file mode 100644
-index 0000000..ac5aaf5
-Binary files /dev/null and b/fuzz/corpora/bignum/976fa015ec637c38d9628b8c17595e9cd44eccdd differ
-diff --git a/fuzz/corpora/bignum/97b88bdbdb1a2671750879fc9a3127abc792138f b/fuzz/corpora/bignum/97b88bdbdb1a2671750879fc9a3127abc792138f
-new file mode 100644
-index 0000000..c716b48
-Binary files /dev/null and b/fuzz/corpora/bignum/97b88bdbdb1a2671750879fc9a3127abc792138f differ
-diff --git a/fuzz/corpora/bignum/97e88ab5c619e5279012eed0cbcc26e1b70e7702 b/fuzz/corpora/bignum/97e88ab5c619e5279012eed0cbcc26e1b70e7702
-new file mode 100644
-index 0000000..09a32c8
-Binary files /dev/null and b/fuzz/corpora/bignum/97e88ab5c619e5279012eed0cbcc26e1b70e7702 differ
-diff --git a/fuzz/corpora/bignum/985b5f07b1360bb45d5dbd62bd4de08153bfd164 b/fuzz/corpora/bignum/985b5f07b1360bb45d5dbd62bd4de08153bfd164
-new file mode 100644
-index 0000000..9035880
-Binary files /dev/null and b/fuzz/corpora/bignum/985b5f07b1360bb45d5dbd62bd4de08153bfd164 differ
-diff --git a/fuzz/corpora/bignum/98c2b5caa9773cca45ad5ef977021bc8b805422f b/fuzz/corpora/bignum/98c2b5caa9773cca45ad5ef977021bc8b805422f
-new file mode 100644
-index 0000000..fd0eb81
-Binary files /dev/null and b/fuzz/corpora/bignum/98c2b5caa9773cca45ad5ef977021bc8b805422f differ
-diff --git a/fuzz/corpora/bignum/98e8db4f7774386f364ee1c62f576ebfe4bc59f4 b/fuzz/corpora/bignum/98e8db4f7774386f364ee1c62f576ebfe4bc59f4
-new file mode 100644
-index 0000000..4549bd5
-Binary files /dev/null and b/fuzz/corpora/bignum/98e8db4f7774386f364ee1c62f576ebfe4bc59f4 differ
-diff --git a/fuzz/corpora/bignum/99069c6477c76a2cdbf2d026625dedd3ebdd4ed7 b/fuzz/corpora/bignum/99069c6477c76a2cdbf2d026625dedd3ebdd4ed7
-new file mode 100644
-index 0000000..8036b40
-Binary files /dev/null and b/fuzz/corpora/bignum/99069c6477c76a2cdbf2d026625dedd3ebdd4ed7 differ
-diff --git a/fuzz/corpora/bignum/996e60f213c45483c0813403f84b14ce7a331fb6 b/fuzz/corpora/bignum/996e60f213c45483c0813403f84b14ce7a331fb6
-new file mode 100644
-index 0000000..4493cd8
-Binary files /dev/null and b/fuzz/corpora/bignum/996e60f213c45483c0813403f84b14ce7a331fb6 differ
-diff --git a/fuzz/corpora/bignum/9982388f8794a976fc2aaa793ccb5bfd5fd53a49 b/fuzz/corpora/bignum/9982388f8794a976fc2aaa793ccb5bfd5fd53a49
-new file mode 100644
-index 0000000..568db36
-Binary files /dev/null and b/fuzz/corpora/bignum/9982388f8794a976fc2aaa793ccb5bfd5fd53a49 differ
-diff --git a/fuzz/corpora/bignum/9a5a64ecc2d018b4880efcf20bd4491a37566753 b/fuzz/corpora/bignum/9a5a64ecc2d018b4880efcf20bd4491a37566753
-new file mode 100644
-index 0000000..8e501cf
-Binary files /dev/null and b/fuzz/corpora/bignum/9a5a64ecc2d018b4880efcf20bd4491a37566753 differ
-diff --git a/fuzz/corpora/bignum/9ab8fc005381299528262cd0174e1e79aab7ff55 b/fuzz/corpora/bignum/9ab8fc005381299528262cd0174e1e79aab7ff55
-new file mode 100644
-index 0000000..39258cc
-Binary files /dev/null and b/fuzz/corpora/bignum/9ab8fc005381299528262cd0174e1e79aab7ff55 differ
-diff --git a/fuzz/corpora/bignum/9bf4d1d1dbe55c4c3c9f810c6d8b3e5e973f91fa b/fuzz/corpora/bignum/9bf4d1d1dbe55c4c3c9f810c6d8b3e5e973f91fa
-new file mode 100644
-index 0000000..00a141d
-Binary files /dev/null and b/fuzz/corpora/bignum/9bf4d1d1dbe55c4c3c9f810c6d8b3e5e973f91fa differ
-diff --git a/fuzz/corpora/bignum/9bfc4213aed7081179256cf1636bc5a9e6876b71 b/fuzz/corpora/bignum/9bfc4213aed7081179256cf1636bc5a9e6876b71
-new file mode 100644
-index 0000000..66eb657
-Binary files /dev/null and b/fuzz/corpora/bignum/9bfc4213aed7081179256cf1636bc5a9e6876b71 differ
-diff --git a/fuzz/corpora/bignum/9c032b532a4ceb9288ef440992f228049d0a52b9 b/fuzz/corpora/bignum/9c032b532a4ceb9288ef440992f228049d0a52b9
-new file mode 100644
-index 0000000..fefbc60
-Binary files /dev/null and b/fuzz/corpora/bignum/9c032b532a4ceb9288ef440992f228049d0a52b9 differ
-diff --git a/fuzz/corpora/bignum/9c2033cbb7cdb4824ad7ba55f15176c7ee68f7f9 b/fuzz/corpora/bignum/9c2033cbb7cdb4824ad7ba55f15176c7ee68f7f9
-new file mode 100644
-index 0000000..417927c
-Binary files /dev/null and b/fuzz/corpora/bignum/9c2033cbb7cdb4824ad7ba55f15176c7ee68f7f9 differ
-diff --git a/fuzz/corpora/bignum/9d41b7760c4a491041bf47fd34e9b0da4a82db96 b/fuzz/corpora/bignum/9d41b7760c4a491041bf47fd34e9b0da4a82db96
-new file mode 100644
-index 0000000..74cf8be
-Binary files /dev/null and b/fuzz/corpora/bignum/9d41b7760c4a491041bf47fd34e9b0da4a82db96 differ
-diff --git a/fuzz/corpora/bignum/9d4a78b0873cb7d0c46d614defb2b7d9ff62e4b4 b/fuzz/corpora/bignum/9d4a78b0873cb7d0c46d614defb2b7d9ff62e4b4
-new file mode 100644
-index 0000000..2df9d06
-Binary files /dev/null and b/fuzz/corpora/bignum/9d4a78b0873cb7d0c46d614defb2b7d9ff62e4b4 differ
-diff --git a/fuzz/corpora/bignum/9da0af593a71bf8e594cb8bdc8a89efdd5fb1c41 b/fuzz/corpora/bignum/9da0af593a71bf8e594cb8bdc8a89efdd5fb1c41
-new file mode 100644
-index 0000000..51df2f7
-Binary files /dev/null and b/fuzz/corpora/bignum/9da0af593a71bf8e594cb8bdc8a89efdd5fb1c41 differ
-diff --git a/fuzz/corpora/bignum/9dec452fd2081896106600017f9814cd972499d3 b/fuzz/corpora/bignum/9dec452fd2081896106600017f9814cd972499d3
-new file mode 100644
-index 0000000..92059f6
-Binary files /dev/null and b/fuzz/corpora/bignum/9dec452fd2081896106600017f9814cd972499d3 differ
-diff --git a/fuzz/corpora/bignum/9e1c0583543d8f5d2b320657c4ed06abedb2aa85 b/fuzz/corpora/bignum/9e1c0583543d8f5d2b320657c4ed06abedb2aa85
-new file mode 100644
-index 0000000..52fc11c
-Binary files /dev/null and b/fuzz/corpora/bignum/9e1c0583543d8f5d2b320657c4ed06abedb2aa85 differ
-diff --git a/fuzz/corpora/bignum/9f2b852a9efc2247dbc964626a9ccfadc68e19df b/fuzz/corpora/bignum/9f2b852a9efc2247dbc964626a9ccfadc68e19df
-new file mode 100644
-index 0000000..5fac32f
-Binary files /dev/null and b/fuzz/corpora/bignum/9f2b852a9efc2247dbc964626a9ccfadc68e19df differ
-diff --git a/fuzz/corpora/bignum/a0dbdf498f4f44cc29a6f46bf262080138bf7220 b/fuzz/corpora/bignum/a0dbdf498f4f44cc29a6f46bf262080138bf7220
-new file mode 100644
-index 0000000..3a5ccdb
-Binary files /dev/null and b/fuzz/corpora/bignum/a0dbdf498f4f44cc29a6f46bf262080138bf7220 differ
-diff --git a/fuzz/corpora/bignum/a11a589a67807e097144cb3029650aa7eec96783 b/fuzz/corpora/bignum/a11a589a67807e097144cb3029650aa7eec96783
-new file mode 100644
-index 0000000..b0eedb6
-Binary files /dev/null and b/fuzz/corpora/bignum/a11a589a67807e097144cb3029650aa7eec96783 differ
-diff --git a/fuzz/corpora/bignum/a3f987ecce2c9f37c6d6fcc6436afa24d25d55f5 b/fuzz/corpora/bignum/a3f987ecce2c9f37c6d6fcc6436afa24d25d55f5
-new file mode 100644
-index 0000000..31e6a32
-Binary files /dev/null and b/fuzz/corpora/bignum/a3f987ecce2c9f37c6d6fcc6436afa24d25d55f5 differ
-diff --git a/fuzz/corpora/bignum/a4a236f9645d16e4bb313bccc0ed7eb0ca65bd34 b/fuzz/corpora/bignum/a4a236f9645d16e4bb313bccc0ed7eb0ca65bd34
-new file mode 100644
-index 0000000..093f8ab
-Binary files /dev/null and b/fuzz/corpora/bignum/a4a236f9645d16e4bb313bccc0ed7eb0ca65bd34 differ
-diff --git a/fuzz/corpora/bignum/a4a488ee3a307b94de3fffb5225b9ee140eaee71 b/fuzz/corpora/bignum/a4a488ee3a307b94de3fffb5225b9ee140eaee71
-new file mode 100644
-index 0000000..9ed3e90
-Binary files /dev/null and b/fuzz/corpora/bignum/a4a488ee3a307b94de3fffb5225b9ee140eaee71 differ
-diff --git a/fuzz/corpora/bignum/a4c26bc7a6e78b026de91d13cbf00290a3767ef1 b/fuzz/corpora/bignum/a4c26bc7a6e78b026de91d13cbf00290a3767ef1
-new file mode 100644
-index 0000000..585b723
-Binary files /dev/null and b/fuzz/corpora/bignum/a4c26bc7a6e78b026de91d13cbf00290a3767ef1 differ
-diff --git a/fuzz/corpora/bignum/a65ebac4ff932ebb1c073838d708fe3d84191946 b/fuzz/corpora/bignum/a65ebac4ff932ebb1c073838d708fe3d84191946
-new file mode 100644
-index 0000000..3d89b94
-Binary files /dev/null and b/fuzz/corpora/bignum/a65ebac4ff932ebb1c073838d708fe3d84191946 differ
-diff --git a/fuzz/corpora/bignum/a6e206d5ec4d3fe1bcd370586aab0cf77d90b5d4 b/fuzz/corpora/bignum/a6e206d5ec4d3fe1bcd370586aab0cf77d90b5d4
-new file mode 100644
-index 0000000..8142345
-Binary files /dev/null and b/fuzz/corpora/bignum/a6e206d5ec4d3fe1bcd370586aab0cf77d90b5d4 differ
-diff --git a/fuzz/corpora/bignum/a6f514f0f142542619181ffda32107554ffb9603 b/fuzz/corpora/bignum/a6f514f0f142542619181ffda32107554ffb9603
-new file mode 100644
-index 0000000..052055f
-Binary files /dev/null and b/fuzz/corpora/bignum/a6f514f0f142542619181ffda32107554ffb9603 differ
-diff --git a/fuzz/corpora/bignum/a724975343ef0b3756a931f1db6f860aa9ffc427 b/fuzz/corpora/bignum/a724975343ef0b3756a931f1db6f860aa9ffc427
-new file mode 100644
-index 0000000..9592bae
-Binary files /dev/null and b/fuzz/corpora/bignum/a724975343ef0b3756a931f1db6f860aa9ffc427 differ
-diff --git a/fuzz/corpora/bignum/a8692a410c698dcac314b1d6dd868a64f681c8df b/fuzz/corpora/bignum/a8692a410c698dcac314b1d6dd868a64f681c8df
-new file mode 100644
-index 0000000..803d098
-Binary files /dev/null and b/fuzz/corpora/bignum/a8692a410c698dcac314b1d6dd868a64f681c8df differ
-diff --git a/fuzz/corpora/bignum/a94e2a7f4e1a3cfbd1e937ab29171f6c7215aeb2 b/fuzz/corpora/bignum/a94e2a7f4e1a3cfbd1e937ab29171f6c7215aeb2
-new file mode 100644
-index 0000000..e29ec86
-Binary files /dev/null and b/fuzz/corpora/bignum/a94e2a7f4e1a3cfbd1e937ab29171f6c7215aeb2 differ
-diff --git a/fuzz/corpora/bignum/aa5223bcbf7ec2fbae1f969ac2d2edb30dcedd68 b/fuzz/corpora/bignum/aa5223bcbf7ec2fbae1f969ac2d2edb30dcedd68
-new file mode 100644
-index 0000000..371904b
-Binary files /dev/null and b/fuzz/corpora/bignum/aa5223bcbf7ec2fbae1f969ac2d2edb30dcedd68 differ
-diff --git a/fuzz/corpora/bignum/ab1ca6fa5cd2a9333e4bc3a55e5d63af31eeca4e b/fuzz/corpora/bignum/ab1ca6fa5cd2a9333e4bc3a55e5d63af31eeca4e
-new file mode 100644
-index 0000000..40a4aa5
-Binary files /dev/null and b/fuzz/corpora/bignum/ab1ca6fa5cd2a9333e4bc3a55e5d63af31eeca4e differ
-diff --git a/fuzz/corpora/bignum/ab5728b029fc5fb125abd79d5e00ccf27f0bbc24 b/fuzz/corpora/bignum/ab5728b029fc5fb125abd79d5e00ccf27f0bbc24
-new file mode 100644
-index 0000000..84a2348
-Binary files /dev/null and b/fuzz/corpora/bignum/ab5728b029fc5fb125abd79d5e00ccf27f0bbc24 differ
-diff --git a/fuzz/corpora/bignum/ac46a2d8e2a7bf87a16360bd3e71a02017cde625 b/fuzz/corpora/bignum/ac46a2d8e2a7bf87a16360bd3e71a02017cde625
-new file mode 100644
-index 0000000..9005c8e
-Binary files /dev/null and b/fuzz/corpora/bignum/ac46a2d8e2a7bf87a16360bd3e71a02017cde625 differ
-diff --git a/fuzz/corpora/bignum/ac9bd4b75865c15cbdac63b1bca003f3b91a79ec b/fuzz/corpora/bignum/ac9bd4b75865c15cbdac63b1bca003f3b91a79ec
-new file mode 100644
-index 0000000..1f317e9
-Binary files /dev/null and b/fuzz/corpora/bignum/ac9bd4b75865c15cbdac63b1bca003f3b91a79ec differ
-diff --git a/fuzz/corpora/bignum/acedb00640216b8e928ea1b44605b2fb2a2e1d1a b/fuzz/corpora/bignum/acedb00640216b8e928ea1b44605b2fb2a2e1d1a
-new file mode 100644
-index 0000000..8cdd4c4
-Binary files /dev/null and b/fuzz/corpora/bignum/acedb00640216b8e928ea1b44605b2fb2a2e1d1a differ
-diff --git a/fuzz/corpora/bignum/ada80df2a2d6246cb299fcd997afa3910bbeab31 b/fuzz/corpora/bignum/ada80df2a2d6246cb299fcd997afa3910bbeab31
-new file mode 100644
-index 0000000..35bd406
-Binary files /dev/null and b/fuzz/corpora/bignum/ada80df2a2d6246cb299fcd997afa3910bbeab31 differ
-diff --git a/fuzz/corpora/bignum/adcc0d3186263886e11b137cb5a7b3096b009852 b/fuzz/corpora/bignum/adcc0d3186263886e11b137cb5a7b3096b009852
-new file mode 100644
-index 0000000..45af844
-Binary files /dev/null and b/fuzz/corpora/bignum/adcc0d3186263886e11b137cb5a7b3096b009852 differ
-diff --git a/fuzz/corpora/bignum/ae4b3c2d3b7fb5bd35c569d987c7a019ae170bf2 b/fuzz/corpora/bignum/ae4b3c2d3b7fb5bd35c569d987c7a019ae170bf2
-new file mode 100644
-index 0000000..56582a2
-Binary files /dev/null and b/fuzz/corpora/bignum/ae4b3c2d3b7fb5bd35c569d987c7a019ae170bf2 differ
-diff --git a/fuzz/corpora/bignum/ae9dffd38181b93b696d0831ff81e18a2aeb17ef b/fuzz/corpora/bignum/ae9dffd38181b93b696d0831ff81e18a2aeb17ef
-new file mode 100644
-index 0000000..e744359
-Binary files /dev/null and b/fuzz/corpora/bignum/ae9dffd38181b93b696d0831ff81e18a2aeb17ef differ
-diff --git a/fuzz/corpora/bignum/aeda1eedb74aa52d23a00a8ac81d76b0253d53c6 b/fuzz/corpora/bignum/aeda1eedb74aa52d23a00a8ac81d76b0253d53c6
-new file mode 100644
-index 0000000..59079dd
-Binary files /dev/null and b/fuzz/corpora/bignum/aeda1eedb74aa52d23a00a8ac81d76b0253d53c6 differ
-diff --git a/fuzz/corpora/bignum/af3caab87557dc1a275f79cec9f118144bec9bf8 b/fuzz/corpora/bignum/af3caab87557dc1a275f79cec9f118144bec9bf8
-new file mode 100644
-index 0000000..db59807
-Binary files /dev/null and b/fuzz/corpora/bignum/af3caab87557dc1a275f79cec9f118144bec9bf8 differ
-diff --git a/fuzz/corpora/bignum/b0cb4eda2278df4f847f82ba57a84fe77400c9f1 b/fuzz/corpora/bignum/b0cb4eda2278df4f847f82ba57a84fe77400c9f1
-new file mode 100644
-index 0000000..807527f
-Binary files /dev/null and b/fuzz/corpora/bignum/b0cb4eda2278df4f847f82ba57a84fe77400c9f1 differ
-diff --git a/fuzz/corpora/bignum/b1868085865c7fa111a4cb6f86a87633b5886b0e b/fuzz/corpora/bignum/b1868085865c7fa111a4cb6f86a87633b5886b0e
-new file mode 100644
-index 0000000..25c86bb
-Binary files /dev/null and b/fuzz/corpora/bignum/b1868085865c7fa111a4cb6f86a87633b5886b0e differ
-diff --git a/fuzz/corpora/bignum/b1e9a6832f1451091edb1a8ff0c906df7b02fbf9 b/fuzz/corpora/bignum/b1e9a6832f1451091edb1a8ff0c906df7b02fbf9
-new file mode 100644
-index 0000000..1adba58
-Binary files /dev/null and b/fuzz/corpora/bignum/b1e9a6832f1451091edb1a8ff0c906df7b02fbf9 differ
-diff --git a/fuzz/corpora/bignum/b2d67a9b6788b07459ddb856b6235aa765bbc590 b/fuzz/corpora/bignum/b2d67a9b6788b07459ddb856b6235aa765bbc590
-new file mode 100644
-index 0000000..5e38ade
-Binary files /dev/null and b/fuzz/corpora/bignum/b2d67a9b6788b07459ddb856b6235aa765bbc590 differ
-diff --git a/fuzz/corpora/bignum/b2e3dbfa547e52ae0cb6af5974a2f66439e0df58 b/fuzz/corpora/bignum/b2e3dbfa547e52ae0cb6af5974a2f66439e0df58
-new file mode 100644
-index 0000000..f35aee3
-Binary files /dev/null and b/fuzz/corpora/bignum/b2e3dbfa547e52ae0cb6af5974a2f66439e0df58 differ
-diff --git a/fuzz/corpora/bignum/b3a9dbfc41322dabd63e934d3108df781c3e9f1d b/fuzz/corpora/bignum/b3a9dbfc41322dabd63e934d3108df781c3e9f1d
-new file mode 100644
-index 0000000..ba3d419
-Binary files /dev/null and b/fuzz/corpora/bignum/b3a9dbfc41322dabd63e934d3108df781c3e9f1d differ
-diff --git a/fuzz/corpora/bignum/b4fbfcb5b3fd3af88f1908befd361fc555a824c8 b/fuzz/corpora/bignum/b4fbfcb5b3fd3af88f1908befd361fc555a824c8
-new file mode 100644
-index 0000000..acae996
-Binary files /dev/null and b/fuzz/corpora/bignum/b4fbfcb5b3fd3af88f1908befd361fc555a824c8 differ
-diff --git a/fuzz/corpora/bignum/b52a7dcb5f33719f2170fa9ef2dcb750d133ea8d b/fuzz/corpora/bignum/b52a7dcb5f33719f2170fa9ef2dcb750d133ea8d
-new file mode 100644
-index 0000000..eb1a82a
-Binary files /dev/null and b/fuzz/corpora/bignum/b52a7dcb5f33719f2170fa9ef2dcb750d133ea8d differ
-diff --git a/fuzz/corpora/bignum/b595cde7b9ee905b4ba6badcdc7a7866b0ad6f7c b/fuzz/corpora/bignum/b595cde7b9ee905b4ba6badcdc7a7866b0ad6f7c
-new file mode 100644
-index 0000000..2626c43
-Binary files /dev/null and b/fuzz/corpora/bignum/b595cde7b9ee905b4ba6badcdc7a7866b0ad6f7c differ
-diff --git a/fuzz/corpora/bignum/b67048c6f06c61b5867df86f4d0b4b407f4e2f87 b/fuzz/corpora/bignum/b67048c6f06c61b5867df86f4d0b4b407f4e2f87
-new file mode 100644
-index 0000000..c6989b4
-Binary files /dev/null and b/fuzz/corpora/bignum/b67048c6f06c61b5867df86f4d0b4b407f4e2f87 differ
-diff --git a/fuzz/corpora/bignum/b730d549c09235410129b2ecae056f8dbd461b1f b/fuzz/corpora/bignum/b730d549c09235410129b2ecae056f8dbd461b1f
-new file mode 100644
-index 0000000..30a2efe
-Binary files /dev/null and b/fuzz/corpora/bignum/b730d549c09235410129b2ecae056f8dbd461b1f differ
-diff --git a/fuzz/corpora/bignum/b86408442d9222cdc0c64870a9c0b7bca011acb7 b/fuzz/corpora/bignum/b86408442d9222cdc0c64870a9c0b7bca011acb7
-new file mode 100644
-index 0000000..8c14960
-Binary files /dev/null and b/fuzz/corpora/bignum/b86408442d9222cdc0c64870a9c0b7bca011acb7 differ
-diff --git a/fuzz/corpora/bignum/b86e9787cb8d5ce41984fb7dee449f7aef638f88 b/fuzz/corpora/bignum/b86e9787cb8d5ce41984fb7dee449f7aef638f88
-new file mode 100644
-index 0000000..805e665
-Binary files /dev/null and b/fuzz/corpora/bignum/b86e9787cb8d5ce41984fb7dee449f7aef638f88 differ
-diff --git a/fuzz/corpora/bignum/b9c61eb6c57ad07579f58f79d5886e3a90bd590e b/fuzz/corpora/bignum/b9c61eb6c57ad07579f58f79d5886e3a90bd590e
-new file mode 100644
-index 0000000..096077b
-Binary files /dev/null and b/fuzz/corpora/bignum/b9c61eb6c57ad07579f58f79d5886e3a90bd590e differ
-diff --git a/fuzz/corpora/bignum/bad27945ff0cbb12cd16cd7b4a369c83a298e7ae b/fuzz/corpora/bignum/bad27945ff0cbb12cd16cd7b4a369c83a298e7ae
-new file mode 100644
-index 0000000..1e9b5b0
-Binary files /dev/null and b/fuzz/corpora/bignum/bad27945ff0cbb12cd16cd7b4a369c83a298e7ae differ
-diff --git a/fuzz/corpora/bignum/bae7d336ec4bd269bbae7d9cdb5b10f0a157eaaf b/fuzz/corpora/bignum/bae7d336ec4bd269bbae7d9cdb5b10f0a157eaaf
-new file mode 100644
-index 0000000..9161a81
-Binary files /dev/null and b/fuzz/corpora/bignum/bae7d336ec4bd269bbae7d9cdb5b10f0a157eaaf differ
-diff --git a/fuzz/corpora/bignum/bbb4303aa041446fb406f6271610bee84df13699 b/fuzz/corpora/bignum/bbb4303aa041446fb406f6271610bee84df13699
-new file mode 100644
-index 0000000..205ef75
-Binary files /dev/null and b/fuzz/corpora/bignum/bbb4303aa041446fb406f6271610bee84df13699 differ
-diff --git a/fuzz/corpora/bignum/bc569ce29a57303bdc8bf0b151d557287fad499b b/fuzz/corpora/bignum/bc569ce29a57303bdc8bf0b151d557287fad499b
-new file mode 100644
-index 0000000..0fc440d
-Binary files /dev/null and b/fuzz/corpora/bignum/bc569ce29a57303bdc8bf0b151d557287fad499b differ
-diff --git a/fuzz/corpora/bignum/bc896b78d33d62724e5691c6096fcdd45d43ac6a b/fuzz/corpora/bignum/bc896b78d33d62724e5691c6096fcdd45d43ac6a
-new file mode 100644
-index 0000000..2ddd88e
-Binary files /dev/null and b/fuzz/corpora/bignum/bc896b78d33d62724e5691c6096fcdd45d43ac6a differ
-diff --git a/fuzz/corpora/bignum/bd93067db277b8dc2a3a29b2137a56cdc6b1ae9f b/fuzz/corpora/bignum/bd93067db277b8dc2a3a29b2137a56cdc6b1ae9f
-new file mode 100644
-index 0000000..44efa4a
-Binary files /dev/null and b/fuzz/corpora/bignum/bd93067db277b8dc2a3a29b2137a56cdc6b1ae9f differ
-diff --git a/fuzz/corpora/bignum/be36f88aa6cc80f1f6c614d0a38131da07b258de b/fuzz/corpora/bignum/be36f88aa6cc80f1f6c614d0a38131da07b258de
-new file mode 100644
-index 0000000..1cfdcea
-Binary files /dev/null and b/fuzz/corpora/bignum/be36f88aa6cc80f1f6c614d0a38131da07b258de differ
-diff --git a/fuzz/corpora/bignum/bfb9ac1d7078ae366c7f6abf3d447830d8bd3243 b/fuzz/corpora/bignum/bfb9ac1d7078ae366c7f6abf3d447830d8bd3243
-new file mode 100644
-index 0000000..590dd03
-Binary files /dev/null and b/fuzz/corpora/bignum/bfb9ac1d7078ae366c7f6abf3d447830d8bd3243 differ
-diff --git a/fuzz/corpora/bignum/bfe99b92105e713b3e4e9af958ba558bbc9e4371 b/fuzz/corpora/bignum/bfe99b92105e713b3e4e9af958ba558bbc9e4371
-new file mode 100644
-index 0000000..d465b98
-Binary files /dev/null and b/fuzz/corpora/bignum/bfe99b92105e713b3e4e9af958ba558bbc9e4371 differ
-diff --git a/fuzz/corpora/bignum/c0a4185497eead63d7e7eda4b1a0a10ccb8b2879 b/fuzz/corpora/bignum/c0a4185497eead63d7e7eda4b1a0a10ccb8b2879
-new file mode 100644
-index 0000000..dc347f2
-Binary files /dev/null and b/fuzz/corpora/bignum/c0a4185497eead63d7e7eda4b1a0a10ccb8b2879 differ
-diff --git a/fuzz/corpora/bignum/c0a90a79b5a172dff33e3b053d2f4700c6549740 b/fuzz/corpora/bignum/c0a90a79b5a172dff33e3b053d2f4700c6549740
-new file mode 100644
-index 0000000..b8c8d5a
-Binary files /dev/null and b/fuzz/corpora/bignum/c0a90a79b5a172dff33e3b053d2f4700c6549740 differ
-diff --git a/fuzz/corpora/bignum/c0bccbae706d198a28ba5a2567b72124ccbb06f0 b/fuzz/corpora/bignum/c0bccbae706d198a28ba5a2567b72124ccbb06f0
-new file mode 100644
-index 0000000..37ba7eb
-Binary files /dev/null and b/fuzz/corpora/bignum/c0bccbae706d198a28ba5a2567b72124ccbb06f0 differ
-diff --git a/fuzz/corpora/bignum/c1241a5bc797f9c955fda6e7fc2dffe67472304d b/fuzz/corpora/bignum/c1241a5bc797f9c955fda6e7fc2dffe67472304d
-new file mode 100644
-index 0000000..99bff9b
-Binary files /dev/null and b/fuzz/corpora/bignum/c1241a5bc797f9c955fda6e7fc2dffe67472304d differ
-diff --git a/fuzz/corpora/bignum/c220da597bb5869df7edb6628449d999b9111353 b/fuzz/corpora/bignum/c220da597bb5869df7edb6628449d999b9111353
-new file mode 100644
-index 0000000..6e489c5
-Binary files /dev/null and b/fuzz/corpora/bignum/c220da597bb5869df7edb6628449d999b9111353 differ
-diff --git a/fuzz/corpora/bignum/c2d239075efe974b6b8b178cba6455e612760beb b/fuzz/corpora/bignum/c2d239075efe974b6b8b178cba6455e612760beb
-new file mode 100644
-index 0000000..f19496d
-Binary files /dev/null and b/fuzz/corpora/bignum/c2d239075efe974b6b8b178cba6455e612760beb differ
-diff --git a/fuzz/corpora/bignum/c4094266d21263d9d747b9fe6ff5a2630bb4bdf0 b/fuzz/corpora/bignum/c4094266d21263d9d747b9fe6ff5a2630bb4bdf0
-new file mode 100644
-index 0000000..3291d12
-Binary files /dev/null and b/fuzz/corpora/bignum/c4094266d21263d9d747b9fe6ff5a2630bb4bdf0 differ
-diff --git a/fuzz/corpora/bignum/c49c54f2200cf84b8344108682af07ed669ef769 b/fuzz/corpora/bignum/c49c54f2200cf84b8344108682af07ed669ef769
-new file mode 100644
-index 0000000..26c7a57
-Binary files /dev/null and b/fuzz/corpora/bignum/c49c54f2200cf84b8344108682af07ed669ef769 differ
-diff --git a/fuzz/corpora/bignum/c582d26ab53ebb3bd22941b3d6ba0f801ab92fc5 b/fuzz/corpora/bignum/c582d26ab53ebb3bd22941b3d6ba0f801ab92fc5
-new file mode 100644
-index 0000000..2dbd6b7
-Binary files /dev/null and b/fuzz/corpora/bignum/c582d26ab53ebb3bd22941b3d6ba0f801ab92fc5 differ
-diff --git a/fuzz/corpora/bignum/c7761a99a65d35631394cdecd8573906c2e70941 b/fuzz/corpora/bignum/c7761a99a65d35631394cdecd8573906c2e70941
-new file mode 100644
-index 0000000..523eca4
-Binary files /dev/null and b/fuzz/corpora/bignum/c7761a99a65d35631394cdecd8573906c2e70941 differ
-diff --git a/fuzz/corpora/bignum/c8819124d2309d3c3113e71693a4a1de1eac715e b/fuzz/corpora/bignum/c8819124d2309d3c3113e71693a4a1de1eac715e
-new file mode 100644
-index 0000000..f7e4cd2
-Binary files /dev/null and b/fuzz/corpora/bignum/c8819124d2309d3c3113e71693a4a1de1eac715e differ
-diff --git a/fuzz/corpora/bignum/c8c4af39849db822157a7b0404bd56f7c9ffe7a7 b/fuzz/corpora/bignum/c8c4af39849db822157a7b0404bd56f7c9ffe7a7
-new file mode 100644
-index 0000000..b6ef586
-Binary files /dev/null and b/fuzz/corpora/bignum/c8c4af39849db822157a7b0404bd56f7c9ffe7a7 differ
-diff --git a/fuzz/corpora/bignum/ca1004c966a1608ecba3f36a2430993fd0769b6e b/fuzz/corpora/bignum/ca1004c966a1608ecba3f36a2430993fd0769b6e
-new file mode 100644
-index 0000000..1712931
-Binary files /dev/null and b/fuzz/corpora/bignum/ca1004c966a1608ecba3f36a2430993fd0769b6e differ
-diff --git a/fuzz/corpora/bignum/ca4122e206e057ab0056d4c63cd61092a2d6f601 b/fuzz/corpora/bignum/ca4122e206e057ab0056d4c63cd61092a2d6f601
-new file mode 100644
-index 0000000..b30212e
-Binary files /dev/null and b/fuzz/corpora/bignum/ca4122e206e057ab0056d4c63cd61092a2d6f601 differ
-diff --git a/fuzz/corpora/bignum/cadaeab164330e2ff62b8ff98b7e80a94d97642d b/fuzz/corpora/bignum/cadaeab164330e2ff62b8ff98b7e80a94d97642d
-new file mode 100644
-index 0000000..b033ada
-Binary files /dev/null and b/fuzz/corpora/bignum/cadaeab164330e2ff62b8ff98b7e80a94d97642d differ
-diff --git a/fuzz/corpora/bignum/cbf52cea88b45fe80c820dad5b2760515c220f0f b/fuzz/corpora/bignum/cbf52cea88b45fe80c820dad5b2760515c220f0f
-new file mode 100644
-index 0000000..5a4efb7
-Binary files /dev/null and b/fuzz/corpora/bignum/cbf52cea88b45fe80c820dad5b2760515c220f0f differ
-diff --git a/fuzz/corpora/bignum/cce74ca1e2bce5adf81d6b3e8fac1345526613b6 b/fuzz/corpora/bignum/cce74ca1e2bce5adf81d6b3e8fac1345526613b6
-new file mode 100644
-index 0000000..596123c
-Binary files /dev/null and b/fuzz/corpora/bignum/cce74ca1e2bce5adf81d6b3e8fac1345526613b6 differ
-diff --git a/fuzz/corpora/bignum/cd4e0ea481c418a1b6be5ba23094f842b707c1b7 b/fuzz/corpora/bignum/cd4e0ea481c418a1b6be5ba23094f842b707c1b7
-new file mode 100644
-index 0000000..20ca13f
-Binary files /dev/null and b/fuzz/corpora/bignum/cd4e0ea481c418a1b6be5ba23094f842b707c1b7 differ
-diff --git a/fuzz/corpora/bignum/cf5e53925e1803230015d82ff80bb72a93a92ebe b/fuzz/corpora/bignum/cf5e53925e1803230015d82ff80bb72a93a92ebe
-new file mode 100644
-index 0000000..27515dd
-Binary files /dev/null and b/fuzz/corpora/bignum/cf5e53925e1803230015d82ff80bb72a93a92ebe differ
-diff --git a/fuzz/corpora/bignum/d0f09dea5c407a656e05cd85c7364705201b5bbb b/fuzz/corpora/bignum/d0f09dea5c407a656e05cd85c7364705201b5bbb
-new file mode 100644
-index 0000000..622702d
-Binary files /dev/null and b/fuzz/corpora/bignum/d0f09dea5c407a656e05cd85c7364705201b5bbb differ
-diff --git a/fuzz/corpora/bignum/d1c3a495303caf0393bd46392680ed3f191e45b9 b/fuzz/corpora/bignum/d1c3a495303caf0393bd46392680ed3f191e45b9
-new file mode 100644
-index 0000000..b4f6250
-Binary files /dev/null and b/fuzz/corpora/bignum/d1c3a495303caf0393bd46392680ed3f191e45b9 differ
-diff --git a/fuzz/corpora/bignum/d37d4338b259c6703ed7e1f689a648095577d10b b/fuzz/corpora/bignum/d37d4338b259c6703ed7e1f689a648095577d10b
-new file mode 100644
-index 0000000..d88fe09
-Binary files /dev/null and b/fuzz/corpora/bignum/d37d4338b259c6703ed7e1f689a648095577d10b differ
-diff --git a/fuzz/corpora/bignum/d3aefac2d78b866ed49019cc62db145982505449 b/fuzz/corpora/bignum/d3aefac2d78b866ed49019cc62db145982505449
-new file mode 100644
-index 0000000..167a95d
-Binary files /dev/null and b/fuzz/corpora/bignum/d3aefac2d78b866ed49019cc62db145982505449 differ
-diff --git a/fuzz/corpora/bignum/d4302ca1a16abcdb71f348f4f606d8eaa12473fe b/fuzz/corpora/bignum/d4302ca1a16abcdb71f348f4f606d8eaa12473fe
-new file mode 100644
-index 0000000..8e005f9
-Binary files /dev/null and b/fuzz/corpora/bignum/d4302ca1a16abcdb71f348f4f606d8eaa12473fe differ
-diff --git a/fuzz/corpora/bignum/d4dc97aa7dcbcf72f59bc8d1d2b154ea4d9e6ce3 b/fuzz/corpora/bignum/d4dc97aa7dcbcf72f59bc8d1d2b154ea4d9e6ce3
-new file mode 100644
-index 0000000..6a09abf
-Binary files /dev/null and b/fuzz/corpora/bignum/d4dc97aa7dcbcf72f59bc8d1d2b154ea4d9e6ce3 differ
-diff --git a/fuzz/corpora/bignum/d50eeff7da0e3935875579a4389fe7b4aa570d9a b/fuzz/corpora/bignum/d50eeff7da0e3935875579a4389fe7b4aa570d9a
-new file mode 100644
-index 0000000..bed6cdf
-Binary files /dev/null and b/fuzz/corpora/bignum/d50eeff7da0e3935875579a4389fe7b4aa570d9a differ
-diff --git a/fuzz/corpora/bignum/d54f61745afca52e5fb0d11c76f88b974901ef5c b/fuzz/corpora/bignum/d54f61745afca52e5fb0d11c76f88b974901ef5c
-new file mode 100644
-index 0000000..12a5143
-Binary files /dev/null and b/fuzz/corpora/bignum/d54f61745afca52e5fb0d11c76f88b974901ef5c differ
-diff --git a/fuzz/corpora/bignum/d55aa044953344d9a0a30662fa8b4ea83e0b1c53 b/fuzz/corpora/bignum/d55aa044953344d9a0a30662fa8b4ea83e0b1c53
-new file mode 100644
-index 0000000..c72339e
-Binary files /dev/null and b/fuzz/corpora/bignum/d55aa044953344d9a0a30662fa8b4ea83e0b1c53 differ
-diff --git a/fuzz/corpora/bignum/d58a8dd731693c3355345d20cc1010ee4857de06 b/fuzz/corpora/bignum/d58a8dd731693c3355345d20cc1010ee4857de06
-new file mode 100644
-index 0000000..36a5836
-Binary files /dev/null and b/fuzz/corpora/bignum/d58a8dd731693c3355345d20cc1010ee4857de06 differ
-diff --git a/fuzz/corpora/bignum/d60b57b6eb62f98ffc1e4aa34b384550daa3b2cf b/fuzz/corpora/bignum/d60b57b6eb62f98ffc1e4aa34b384550daa3b2cf
-new file mode 100644
-index 0000000..d7ef3f1
-Binary files /dev/null and b/fuzz/corpora/bignum/d60b57b6eb62f98ffc1e4aa34b384550daa3b2cf differ
-diff --git a/fuzz/corpora/bignum/d76f23fcf91c960b5b57342f417fcd05f884409f b/fuzz/corpora/bignum/d76f23fcf91c960b5b57342f417fcd05f884409f
-new file mode 100644
-index 0000000..62a4a72
-Binary files /dev/null and b/fuzz/corpora/bignum/d76f23fcf91c960b5b57342f417fcd05f884409f differ
-diff --git a/fuzz/corpora/bignum/d81149fef0561622dae60072c76dd6df7fd26b54 b/fuzz/corpora/bignum/d81149fef0561622dae60072c76dd6df7fd26b54
-new file mode 100644
-index 0000000..016b633
-Binary files /dev/null and b/fuzz/corpora/bignum/d81149fef0561622dae60072c76dd6df7fd26b54 differ
-diff --git a/fuzz/corpora/bignum/d835fd679d0ff5e68543ee63fa87bf164261ecb0 b/fuzz/corpora/bignum/d835fd679d0ff5e68543ee63fa87bf164261ecb0
-new file mode 100644
-index 0000000..f22d46a
-Binary files /dev/null and b/fuzz/corpora/bignum/d835fd679d0ff5e68543ee63fa87bf164261ecb0 differ
-diff --git a/fuzz/corpora/bignum/d88500f30cc868a87e1f13018f7e2fec9b71eb86 b/fuzz/corpora/bignum/d88500f30cc868a87e1f13018f7e2fec9b71eb86
-new file mode 100644
-index 0000000..716cff7
-Binary files /dev/null and b/fuzz/corpora/bignum/d88500f30cc868a87e1f13018f7e2fec9b71eb86 differ
-diff --git a/fuzz/corpora/bignum/d8d658f5043d7240d0e6b5174903394185531e09 b/fuzz/corpora/bignum/d8d658f5043d7240d0e6b5174903394185531e09
-new file mode 100644
-index 0000000..f314509
-Binary files /dev/null and b/fuzz/corpora/bignum/d8d658f5043d7240d0e6b5174903394185531e09 differ
-diff --git a/fuzz/corpora/bignum/d94272b3af87c591bccf22b647bc355b7fc50030 b/fuzz/corpora/bignum/d94272b3af87c591bccf22b647bc355b7fc50030
-new file mode 100644
-index 0000000..1a43b2e
-Binary files /dev/null and b/fuzz/corpora/bignum/d94272b3af87c591bccf22b647bc355b7fc50030 differ
-diff --git a/fuzz/corpora/bignum/d9b28ccd0d8f01d9c73575285342241713fee2ab b/fuzz/corpora/bignum/d9b28ccd0d8f01d9c73575285342241713fee2ab
-new file mode 100644
-index 0000000..64ef949
-Binary files /dev/null and b/fuzz/corpora/bignum/d9b28ccd0d8f01d9c73575285342241713fee2ab differ
-diff --git a/fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709 b/fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709
-new file mode 100644
-index 0000000..e69de29
-diff --git a/fuzz/corpora/bignum/da5370dcbd6ea928bf2772d5de6f8e6d6022c9e6 b/fuzz/corpora/bignum/da5370dcbd6ea928bf2772d5de6f8e6d6022c9e6
-new file mode 100644
-index 0000000..f2718bd
-Binary files /dev/null and b/fuzz/corpora/bignum/da5370dcbd6ea928bf2772d5de6f8e6d6022c9e6 differ
-diff --git a/fuzz/corpora/bignum/da551e52ae79f9c1aeb6a97aa61735c83eacb3b1 b/fuzz/corpora/bignum/da551e52ae79f9c1aeb6a97aa61735c83eacb3b1
-new file mode 100644
-index 0000000..4918ee2
-Binary files /dev/null and b/fuzz/corpora/bignum/da551e52ae79f9c1aeb6a97aa61735c83eacb3b1 differ
-diff --git a/fuzz/corpora/bignum/db7709a870d6940aacb1e6f33dd5d0defacbc7e5 b/fuzz/corpora/bignum/db7709a870d6940aacb1e6f33dd5d0defacbc7e5
-new file mode 100644
-index 0000000..25986b1
-Binary files /dev/null and b/fuzz/corpora/bignum/db7709a870d6940aacb1e6f33dd5d0defacbc7e5 differ
-diff --git a/fuzz/corpora/bignum/db86f8b3f1de261a583c7217640e03824d354ad3 b/fuzz/corpora/bignum/db86f8b3f1de261a583c7217640e03824d354ad3
-new file mode 100644
-index 0000000..c227346
-Binary files /dev/null and b/fuzz/corpora/bignum/db86f8b3f1de261a583c7217640e03824d354ad3 differ
-diff --git a/fuzz/corpora/bignum/dbd19f9740bc45f57f4d05ded88c1ecc7e6f5b86 b/fuzz/corpora/bignum/dbd19f9740bc45f57f4d05ded88c1ecc7e6f5b86
-new file mode 100644
-index 0000000..9153135
-Binary files /dev/null and b/fuzz/corpora/bignum/dbd19f9740bc45f57f4d05ded88c1ecc7e6f5b86 differ
-diff --git a/fuzz/corpora/bignum/dc68470229f7c1791168f3386688dbe5ef9259c3 b/fuzz/corpora/bignum/dc68470229f7c1791168f3386688dbe5ef9259c3
-new file mode 100644
-index 0000000..bcefd00
-Binary files /dev/null and b/fuzz/corpora/bignum/dc68470229f7c1791168f3386688dbe5ef9259c3 differ
-diff --git a/fuzz/corpora/bignum/dd5124b13f42e797169b89f8cde23589e0fb1350 b/fuzz/corpora/bignum/dd5124b13f42e797169b89f8cde23589e0fb1350
-new file mode 100644
-index 0000000..29202cf
-Binary files /dev/null and b/fuzz/corpora/bignum/dd5124b13f42e797169b89f8cde23589e0fb1350 differ
-diff --git a/fuzz/corpora/bignum/dedbe1f9b6005f34492db4e3375b57469659b99f b/fuzz/corpora/bignum/dedbe1f9b6005f34492db4e3375b57469659b99f
-new file mode 100644
-index 0000000..c8f4754
-Binary files /dev/null and b/fuzz/corpora/bignum/dedbe1f9b6005f34492db4e3375b57469659b99f differ
-diff --git a/fuzz/corpora/bignum/dfa12e8255a314a863127481591f32da00a1d3e5 b/fuzz/corpora/bignum/dfa12e8255a314a863127481591f32da00a1d3e5
-new file mode 100644
-index 0000000..59f7831
-Binary files /dev/null and b/fuzz/corpora/bignum/dfa12e8255a314a863127481591f32da00a1d3e5 differ
-diff --git a/fuzz/corpora/bignum/e02b09b3571e95aba869e9c6edfcea0e9d5e4acd b/fuzz/corpora/bignum/e02b09b3571e95aba869e9c6edfcea0e9d5e4acd
-new file mode 100644
-index 0000000..0af7d6d
-Binary files /dev/null and b/fuzz/corpora/bignum/e02b09b3571e95aba869e9c6edfcea0e9d5e4acd differ
-diff --git a/fuzz/corpora/bignum/e0c1183edf61500c4b318d3c52aa1a616e7d9bdb b/fuzz/corpora/bignum/e0c1183edf61500c4b318d3c52aa1a616e7d9bdb
-new file mode 100644
-index 0000000..a85a6f4
-Binary files /dev/null and b/fuzz/corpora/bignum/e0c1183edf61500c4b318d3c52aa1a616e7d9bdb differ
-diff --git a/fuzz/corpora/bignum/e1b35c61664ea0292a5ee4bd34833feea661fd05 b/fuzz/corpora/bignum/e1b35c61664ea0292a5ee4bd34833feea661fd05
-new file mode 100644
-index 0000000..554de1f
-Binary files /dev/null and b/fuzz/corpora/bignum/e1b35c61664ea0292a5ee4bd34833feea661fd05 differ
-diff --git a/fuzz/corpora/bignum/e1e284a78501c64be10f8a9af6075d06a901a145 b/fuzz/corpora/bignum/e1e284a78501c64be10f8a9af6075d06a901a145
-new file mode 100644
-index 0000000..79cb793
-Binary files /dev/null and b/fuzz/corpora/bignum/e1e284a78501c64be10f8a9af6075d06a901a145 differ
-diff --git a/fuzz/corpora/bignum/e3008f2711abe6e4cb2b94cb0260817c096a216e b/fuzz/corpora/bignum/e3008f2711abe6e4cb2b94cb0260817c096a216e
-new file mode 100644
-index 0000000..432c95e
-Binary files /dev/null and b/fuzz/corpora/bignum/e3008f2711abe6e4cb2b94cb0260817c096a216e differ
-diff --git a/fuzz/corpora/bignum/e39e4dca4106c45da078be7bf069591d722283a5 b/fuzz/corpora/bignum/e39e4dca4106c45da078be7bf069591d722283a5
-new file mode 100644
-index 0000000..bf3da25
-Binary files /dev/null and b/fuzz/corpora/bignum/e39e4dca4106c45da078be7bf069591d722283a5 differ
-diff --git a/fuzz/corpora/bignum/e53feb0e34ee30533a5bcea54a3687d56f55d3d6 b/fuzz/corpora/bignum/e53feb0e34ee30533a5bcea54a3687d56f55d3d6
-new file mode 100644
-index 0000000..3046f07
-Binary files /dev/null and b/fuzz/corpora/bignum/e53feb0e34ee30533a5bcea54a3687d56f55d3d6 differ
-diff --git a/fuzz/corpora/bignum/e59db76f924676be463c5aa68c13bb3457cfb020 b/fuzz/corpora/bignum/e59db76f924676be463c5aa68c13bb3457cfb020
-new file mode 100644
-index 0000000..9d8e5d9
-Binary files /dev/null and b/fuzz/corpora/bignum/e59db76f924676be463c5aa68c13bb3457cfb020 differ
-diff --git a/fuzz/corpora/bignum/e5da763f185c240ebcc5345207eca18a4f8194a4 b/fuzz/corpora/bignum/e5da763f185c240ebcc5345207eca18a4f8194a4
-new file mode 100644
-index 0000000..2c527f6
-Binary files /dev/null and b/fuzz/corpora/bignum/e5da763f185c240ebcc5345207eca18a4f8194a4 differ
-diff --git a/fuzz/corpora/bignum/e79a2a3370a4f7249af7995f776aea90e511c353 b/fuzz/corpora/bignum/e79a2a3370a4f7249af7995f776aea90e511c353
-new file mode 100644
-index 0000000..e404551
-Binary files /dev/null and b/fuzz/corpora/bignum/e79a2a3370a4f7249af7995f776aea90e511c353 differ
-diff --git a/fuzz/corpora/bignum/e83c97778c15858d4f19cce901eacbe1cddc83ea b/fuzz/corpora/bignum/e83c97778c15858d4f19cce901eacbe1cddc83ea
-new file mode 100644
-index 0000000..72682cc
-Binary files /dev/null and b/fuzz/corpora/bignum/e83c97778c15858d4f19cce901eacbe1cddc83ea differ
-diff --git a/fuzz/corpora/bignum/e8f5c5e7f18c0437992a9da521f7ce22c2db1573 b/fuzz/corpora/bignum/e8f5c5e7f18c0437992a9da521f7ce22c2db1573
-new file mode 100644
-index 0000000..f1c20c7
-Binary files /dev/null and b/fuzz/corpora/bignum/e8f5c5e7f18c0437992a9da521f7ce22c2db1573 differ
-diff --git a/fuzz/corpora/bignum/e9475c56725676a03c23602d810bf47fea49123c b/fuzz/corpora/bignum/e9475c56725676a03c23602d810bf47fea49123c
-new file mode 100644
-index 0000000..02c695e
-Binary files /dev/null and b/fuzz/corpora/bignum/e9475c56725676a03c23602d810bf47fea49123c differ
-diff --git a/fuzz/corpora/bignum/e9e2ca60d98b2915614de33bcd72a6da200021c0 b/fuzz/corpora/bignum/e9e2ca60d98b2915614de33bcd72a6da200021c0
-new file mode 100644
-index 0000000..ef6a897
-Binary files /dev/null and b/fuzz/corpora/bignum/e9e2ca60d98b2915614de33bcd72a6da200021c0 differ
-diff --git a/fuzz/corpora/bignum/e9e7b3a09582f6a0461027db07c74bacde736c82 b/fuzz/corpora/bignum/e9e7b3a09582f6a0461027db07c74bacde736c82
-new file mode 100644
-index 0000000..c8f1ef5
-Binary files /dev/null and b/fuzz/corpora/bignum/e9e7b3a09582f6a0461027db07c74bacde736c82 differ
-diff --git a/fuzz/corpora/bignum/ea56b6d83ae13bad869e9e608f328e923f61633a b/fuzz/corpora/bignum/ea56b6d83ae13bad869e9e608f328e923f61633a
-new file mode 100644
-index 0000000..bb9773b
-Binary files /dev/null and b/fuzz/corpora/bignum/ea56b6d83ae13bad869e9e608f328e923f61633a differ
-diff --git a/fuzz/corpora/bignum/ed1ee20c83540da17758a2d4997a0b81909fe599 b/fuzz/corpora/bignum/ed1ee20c83540da17758a2d4997a0b81909fe599
-new file mode 100644
-index 0000000..8875128
-Binary files /dev/null and b/fuzz/corpora/bignum/ed1ee20c83540da17758a2d4997a0b81909fe599 differ
-diff --git a/fuzz/corpora/bignum/ed2b64adb7df78895152aaaaa8ca947832a2a80e b/fuzz/corpora/bignum/ed2b64adb7df78895152aaaaa8ca947832a2a80e
-new file mode 100644
-index 0000000..cfebe80
-Binary files /dev/null and b/fuzz/corpora/bignum/ed2b64adb7df78895152aaaaa8ca947832a2a80e differ
-diff --git a/fuzz/corpora/bignum/edc71e2c67b839fa502a2334b637a9d8f732ab79 b/fuzz/corpora/bignum/edc71e2c67b839fa502a2334b637a9d8f732ab79
-new file mode 100644
-index 0000000..e45b5df
-Binary files /dev/null and b/fuzz/corpora/bignum/edc71e2c67b839fa502a2334b637a9d8f732ab79 differ
-diff --git a/fuzz/corpora/bignum/ef481a2c0d57cadea38f837f4c75f87cca73c8ee b/fuzz/corpora/bignum/ef481a2c0d57cadea38f837f4c75f87cca73c8ee
-new file mode 100644
-index 0000000..31d6a50
-Binary files /dev/null and b/fuzz/corpora/bignum/ef481a2c0d57cadea38f837f4c75f87cca73c8ee differ
-diff --git a/fuzz/corpora/bignum/ef7a76f7e015eb801cca9fe43ba019a9603bf1a2 b/fuzz/corpora/bignum/ef7a76f7e015eb801cca9fe43ba019a9603bf1a2
-new file mode 100644
-index 0000000..a8ddc80
-Binary files /dev/null and b/fuzz/corpora/bignum/ef7a76f7e015eb801cca9fe43ba019a9603bf1a2 differ
-diff --git a/fuzz/corpora/bignum/effd011cf8fdcad940578f6a027f74e86d18d6db b/fuzz/corpora/bignum/effd011cf8fdcad940578f6a027f74e86d18d6db
-new file mode 100644
-index 0000000..1bb07b5
-Binary files /dev/null and b/fuzz/corpora/bignum/effd011cf8fdcad940578f6a027f74e86d18d6db differ
-diff --git a/fuzz/corpora/bignum/f138135c81bedaae4659ea47bd5e788050cf25ef b/fuzz/corpora/bignum/f138135c81bedaae4659ea47bd5e788050cf25ef
-new file mode 100644
-index 0000000..3ad8a9c
-Binary files /dev/null and b/fuzz/corpora/bignum/f138135c81bedaae4659ea47bd5e788050cf25ef differ
-diff --git a/fuzz/corpora/bignum/f15c84ea4cb80ae05ed7d7c125bfcb8a12807a25 b/fuzz/corpora/bignum/f15c84ea4cb80ae05ed7d7c125bfcb8a12807a25
-new file mode 100644
-index 0000000..5246d88
-Binary files /dev/null and b/fuzz/corpora/bignum/f15c84ea4cb80ae05ed7d7c125bfcb8a12807a25 differ
-diff --git a/fuzz/corpora/bignum/f164f093a439aee7ea00bc0cba052fafb1d0f07c b/fuzz/corpora/bignum/f164f093a439aee7ea00bc0cba052fafb1d0f07c
-new file mode 100644
-index 0000000..e9f99c6
-Binary files /dev/null and b/fuzz/corpora/bignum/f164f093a439aee7ea00bc0cba052fafb1d0f07c differ
-diff --git a/fuzz/corpora/bignum/f2e62ef219669c455d8943d6fdf7892125cfea41 b/fuzz/corpora/bignum/f2e62ef219669c455d8943d6fdf7892125cfea41
-new file mode 100644
-index 0000000..9397e9f
-Binary files /dev/null and b/fuzz/corpora/bignum/f2e62ef219669c455d8943d6fdf7892125cfea41 differ
-diff --git a/fuzz/corpora/bignum/f366bed376017d8ea40a09d09da44f8e8224c88c b/fuzz/corpora/bignum/f366bed376017d8ea40a09d09da44f8e8224c88c
-new file mode 100644
-index 0000000..626c7f8
-Binary files /dev/null and b/fuzz/corpora/bignum/f366bed376017d8ea40a09d09da44f8e8224c88c differ
-diff --git a/fuzz/corpora/bignum/f3bba7334065c76aaf49fcc23c0481aeb3735a4a b/fuzz/corpora/bignum/f3bba7334065c76aaf49fcc23c0481aeb3735a4a
-new file mode 100644
-index 0000000..07b923d
-Binary files /dev/null and b/fuzz/corpora/bignum/f3bba7334065c76aaf49fcc23c0481aeb3735a4a differ
-diff --git a/fuzz/corpora/bignum/f53100b8bda05a3399f91c0866c94f1adcc5e629 b/fuzz/corpora/bignum/f53100b8bda05a3399f91c0866c94f1adcc5e629
-new file mode 100644
-index 0000000..9108fc1
-Binary files /dev/null and b/fuzz/corpora/bignum/f53100b8bda05a3399f91c0866c94f1adcc5e629 differ
-diff --git a/fuzz/corpora/bignum/f565309ce6077ac467273dc49b50c9664208c228 b/fuzz/corpora/bignum/f565309ce6077ac467273dc49b50c9664208c228
-new file mode 100644
-index 0000000..42e44fd
-Binary files /dev/null and b/fuzz/corpora/bignum/f565309ce6077ac467273dc49b50c9664208c228 differ
-diff --git a/fuzz/corpora/bignum/f62d4aa49791b84c2adf1a07766db25b130bf841 b/fuzz/corpora/bignum/f62d4aa49791b84c2adf1a07766db25b130bf841
-new file mode 100644
-index 0000000..5c7b2e4
-Binary files /dev/null and b/fuzz/corpora/bignum/f62d4aa49791b84c2adf1a07766db25b130bf841 differ
-diff --git a/fuzz/corpora/bignum/f644154f4e54cf898f679c0abf5b42ad7a19cc5c b/fuzz/corpora/bignum/f644154f4e54cf898f679c0abf5b42ad7a19cc5c
-new file mode 100644
-index 0000000..193a16d
-Binary files /dev/null and b/fuzz/corpora/bignum/f644154f4e54cf898f679c0abf5b42ad7a19cc5c differ
-diff --git a/fuzz/corpora/bignum/f8f6ea63840ca98cc7c864473a5c668dd869a4c0 b/fuzz/corpora/bignum/f8f6ea63840ca98cc7c864473a5c668dd869a4c0
-new file mode 100644
-index 0000000..379ff53
-Binary files /dev/null and b/fuzz/corpora/bignum/f8f6ea63840ca98cc7c864473a5c668dd869a4c0 differ
-diff --git a/fuzz/corpora/bignum/f9129fc8bacd59389223492d7abd3c9e5c8272cc b/fuzz/corpora/bignum/f9129fc8bacd59389223492d7abd3c9e5c8272cc
-new file mode 100644
-index 0000000..44a5879
-Binary files /dev/null and b/fuzz/corpora/bignum/f9129fc8bacd59389223492d7abd3c9e5c8272cc differ
-diff --git a/fuzz/corpora/bignum/f97dea3c7637f9efde63372cd0d3fff7ffc3d0ea b/fuzz/corpora/bignum/f97dea3c7637f9efde63372cd0d3fff7ffc3d0ea
-new file mode 100644
-index 0000000..0962e67
-Binary files /dev/null and b/fuzz/corpora/bignum/f97dea3c7637f9efde63372cd0d3fff7ffc3d0ea differ
-diff --git a/fuzz/corpora/bignum/f98f2e3e4df0ff9890ff838928e428d698e87f31 b/fuzz/corpora/bignum/f98f2e3e4df0ff9890ff838928e428d698e87f31
-new file mode 100644
-index 0000000..0fdb24d
-Binary files /dev/null and b/fuzz/corpora/bignum/f98f2e3e4df0ff9890ff838928e428d698e87f31 differ
-diff --git a/fuzz/corpora/bignum/fac3509f3b62f60fbc267220557f90ebdd5c587b b/fuzz/corpora/bignum/fac3509f3b62f60fbc267220557f90ebdd5c587b
-new file mode 100644
-index 0000000..901f4e5
-Binary files /dev/null and b/fuzz/corpora/bignum/fac3509f3b62f60fbc267220557f90ebdd5c587b differ
-diff --git a/fuzz/corpora/bignum/fb8f9f4ff8b7bfec73d4a47c48f9820a0e6e2721 b/fuzz/corpora/bignum/fb8f9f4ff8b7bfec73d4a47c48f9820a0e6e2721
-new file mode 100644
-index 0000000..30d2249
-Binary files /dev/null and b/fuzz/corpora/bignum/fb8f9f4ff8b7bfec73d4a47c48f9820a0e6e2721 differ
-diff --git a/fuzz/corpora/bignum/fc160e0b4b3b30969994514ff4ba8958866babd4 b/fuzz/corpora/bignum/fc160e0b4b3b30969994514ff4ba8958866babd4
-new file mode 100644
-index 0000000..ff00af9
-Binary files /dev/null and b/fuzz/corpora/bignum/fc160e0b4b3b30969994514ff4ba8958866babd4 differ
-diff --git a/fuzz/corpora/bignum/fc1c7db52ac1dbdb1e0a88c52c6fbaf6e19f0003 b/fuzz/corpora/bignum/fc1c7db52ac1dbdb1e0a88c52c6fbaf6e19f0003
-new file mode 100644
-index 0000000..01ea52c
-Binary files /dev/null and b/fuzz/corpora/bignum/fc1c7db52ac1dbdb1e0a88c52c6fbaf6e19f0003 differ
-diff --git a/fuzz/corpora/bignum/fe346f9985c50d852d07e13cf21c73dc9a486dc5 b/fuzz/corpora/bignum/fe346f9985c50d852d07e13cf21c73dc9a486dc5
-new file mode 100644
-index 0000000..a851043
-Binary files /dev/null and b/fuzz/corpora/bignum/fe346f9985c50d852d07e13cf21c73dc9a486dc5 differ
-diff --git a/fuzz/corpora/bignum/fe895191aa8a48014a0b2d932bef5e7223d53507 b/fuzz/corpora/bignum/fe895191aa8a48014a0b2d932bef5e7223d53507
-new file mode 100644
-index 0000000..714089c
-Binary files /dev/null and b/fuzz/corpora/bignum/fe895191aa8a48014a0b2d932bef5e7223d53507 differ
-diff --git a/fuzz/corpora/bignum/ff635957c92f17fd478794221afa83b3e9c06557 b/fuzz/corpora/bignum/ff635957c92f17fd478794221afa83b3e9c06557
-new file mode 100644
-index 0000000..365c67c
-Binary files /dev/null and b/fuzz/corpora/bignum/ff635957c92f17fd478794221afa83b3e9c06557 differ
-diff --git a/fuzz/corpora/bignum/ff7240dfbdf96586c558feef1aaf3208989032f0 b/fuzz/corpora/bignum/ff7240dfbdf96586c558feef1aaf3208989032f0
-new file mode 100644
-index 0000000..44ebb18
-Binary files /dev/null and b/fuzz/corpora/bignum/ff7240dfbdf96586c558feef1aaf3208989032f0 differ
-diff --git a/fuzz/corpora/bignum/ff966598b4d65277aac2b9ffc0deb102e24f5095 b/fuzz/corpora/bignum/ff966598b4d65277aac2b9ffc0deb102e24f5095
-new file mode 100644
-index 0000000..4dd91e9
-Binary files /dev/null and b/fuzz/corpora/bignum/ff966598b4d65277aac2b9ffc0deb102e24f5095 differ
-diff --git a/fuzz/corpora/bignum/ffbd1fba1279cf746dd7f4d33f966ebc24b4a225 b/fuzz/corpora/bignum/ffbd1fba1279cf746dd7f4d33f966ebc24b4a225
-new file mode 100644
-index 0000000..1c7aa6c
-Binary files /dev/null and b/fuzz/corpora/bignum/ffbd1fba1279cf746dd7f4d33f966ebc24b4a225 differ
-diff --git a/fuzz/corpora/bndiv/00a4391021a4b7faf18aa2ffeccf94240ec6435d b/fuzz/corpora/bndiv/00a4391021a4b7faf18aa2ffeccf94240ec6435d
-new file mode 100644
-index 0000000..52dfd98
-Binary files /dev/null and b/fuzz/corpora/bndiv/00a4391021a4b7faf18aa2ffeccf94240ec6435d differ
-diff --git a/fuzz/corpora/bndiv/0172e8d2d0f74f9ab80de8ff716098022b3584ca b/fuzz/corpora/bndiv/0172e8d2d0f74f9ab80de8ff716098022b3584ca
-new file mode 100644
-index 0000000..ad9688f
-Binary files /dev/null and b/fuzz/corpora/bndiv/0172e8d2d0f74f9ab80de8ff716098022b3584ca differ
-diff --git a/fuzz/corpora/bndiv/022882c0711914a328451bc0aa60287609c1c91d b/fuzz/corpora/bndiv/022882c0711914a328451bc0aa60287609c1c91d
-new file mode 100644
-index 0000000..5c1ed48
-Binary files /dev/null and b/fuzz/corpora/bndiv/022882c0711914a328451bc0aa60287609c1c91d differ
-diff --git a/fuzz/corpora/bndiv/04291fea732292dfe6ef8f01d09e5a39055f550e b/fuzz/corpora/bndiv/04291fea732292dfe6ef8f01d09e5a39055f550e
-new file mode 100644
-index 0000000..36f6789
-Binary files /dev/null and b/fuzz/corpora/bndiv/04291fea732292dfe6ef8f01d09e5a39055f550e differ
-diff --git a/fuzz/corpora/bndiv/04ade4986288fdde3a53533e5439eaeee6f5b2f1 b/fuzz/corpora/bndiv/04ade4986288fdde3a53533e5439eaeee6f5b2f1
-new file mode 100644
-index 0000000..a30c409
-Binary files /dev/null and b/fuzz/corpora/bndiv/04ade4986288fdde3a53533e5439eaeee6f5b2f1 differ
-diff --git a/fuzz/corpora/bndiv/08c78177b063da5570aee27e16917935bb988756 b/fuzz/corpora/bndiv/08c78177b063da5570aee27e16917935bb988756
-new file mode 100644
-index 0000000..2aa6be4
-Binary files /dev/null and b/fuzz/corpora/bndiv/08c78177b063da5570aee27e16917935bb988756 differ
-diff --git a/fuzz/corpora/bndiv/092c0a40cbb2af70c447cbce348490c44ab11257 b/fuzz/corpora/bndiv/092c0a40cbb2af70c447cbce348490c44ab11257
-new file mode 100644
-index 0000000..803c3d4
-Binary files /dev/null and b/fuzz/corpora/bndiv/092c0a40cbb2af70c447cbce348490c44ab11257 differ
-diff --git a/fuzz/corpora/bndiv/0a9a3cd8cfbcad724c4601cf81555498d7072714 b/fuzz/corpora/bndiv/0a9a3cd8cfbcad724c4601cf81555498d7072714
-new file mode 100644
-index 0000000..3c82e0f
-Binary files /dev/null and b/fuzz/corpora/bndiv/0a9a3cd8cfbcad724c4601cf81555498d7072714 differ
-diff --git a/fuzz/corpora/bndiv/0bddb4e8b56c948c73496431b890746adc831067 b/fuzz/corpora/bndiv/0bddb4e8b56c948c73496431b890746adc831067
-new file mode 100644
-index 0000000..73ba911
-Binary files /dev/null and b/fuzz/corpora/bndiv/0bddb4e8b56c948c73496431b890746adc831067 differ
-diff --git a/fuzz/corpora/bndiv/0e74182a473f1cca80d19f902e5fc05e66aa8df0 b/fuzz/corpora/bndiv/0e74182a473f1cca80d19f902e5fc05e66aa8df0
-new file mode 100644
-index 0000000..151659b
-Binary files /dev/null and b/fuzz/corpora/bndiv/0e74182a473f1cca80d19f902e5fc05e66aa8df0 differ
-diff --git a/fuzz/corpora/bndiv/1091f85efb8316d007d0c71cfb247cf8020dff64 b/fuzz/corpora/bndiv/1091f85efb8316d007d0c71cfb247cf8020dff64
-new file mode 100644
-index 0000000..1d8cf4a
-Binary files /dev/null and b/fuzz/corpora/bndiv/1091f85efb8316d007d0c71cfb247cf8020dff64 differ
-diff --git a/fuzz/corpora/bndiv/1229e240647323af5cac0e93db35ca9a0f9ae229 b/fuzz/corpora/bndiv/1229e240647323af5cac0e93db35ca9a0f9ae229
-new file mode 100644
-index 0000000..7341a8c
-Binary files /dev/null and b/fuzz/corpora/bndiv/1229e240647323af5cac0e93db35ca9a0f9ae229 differ
-diff --git a/fuzz/corpora/bndiv/12bdd00fd4038756cbcf8ecdad1b0cd862603cd8 b/fuzz/corpora/bndiv/12bdd00fd4038756cbcf8ecdad1b0cd862603cd8
-new file mode 100644
-index 0000000..9de2941
-Binary files /dev/null and b/fuzz/corpora/bndiv/12bdd00fd4038756cbcf8ecdad1b0cd862603cd8 differ
-diff --git a/fuzz/corpora/bndiv/13a35b9248a978527c14224774941fc9b7468f7c b/fuzz/corpora/bndiv/13a35b9248a978527c14224774941fc9b7468f7c
-new file mode 100644
-index 0000000..f263133
-Binary files /dev/null and b/fuzz/corpora/bndiv/13a35b9248a978527c14224774941fc9b7468f7c differ
-diff --git a/fuzz/corpora/bndiv/179c24968f78d3417f730bbe12b8210977b901bc b/fuzz/corpora/bndiv/179c24968f78d3417f730bbe12b8210977b901bc
-new file mode 100644
-index 0000000..760a4ea
-Binary files /dev/null and b/fuzz/corpora/bndiv/179c24968f78d3417f730bbe12b8210977b901bc differ
-diff --git a/fuzz/corpora/bndiv/17a02eb3490e07f04d1a79ebbc36d67bd6cc1b44 b/fuzz/corpora/bndiv/17a02eb3490e07f04d1a79ebbc36d67bd6cc1b44
-new file mode 100644
-index 0000000..4d2f176
-Binary files /dev/null and b/fuzz/corpora/bndiv/17a02eb3490e07f04d1a79ebbc36d67bd6cc1b44 differ
-diff --git a/fuzz/corpora/bndiv/18dcb593b08a0dbf137a54cc7ac3a9b279f2a356 b/fuzz/corpora/bndiv/18dcb593b08a0dbf137a54cc7ac3a9b279f2a356
-new file mode 100644
-index 0000000..d65639c
-Binary files /dev/null and b/fuzz/corpora/bndiv/18dcb593b08a0dbf137a54cc7ac3a9b279f2a356 differ
-diff --git a/fuzz/corpora/bndiv/1c86250e4dd50f51b90fb2197ae308dd8c0da288 b/fuzz/corpora/bndiv/1c86250e4dd50f51b90fb2197ae308dd8c0da288
-new file mode 100644
-index 0000000..7b8f925
-Binary files /dev/null and b/fuzz/corpora/bndiv/1c86250e4dd50f51b90fb2197ae308dd8c0da288 differ
-diff --git a/fuzz/corpora/bndiv/1ea20e2761bcd8107882905b07c5dd7967c837c7 b/fuzz/corpora/bndiv/1ea20e2761bcd8107882905b07c5dd7967c837c7
-new file mode 100644
-index 0000000..5dcc3a6
-Binary files /dev/null and b/fuzz/corpora/bndiv/1ea20e2761bcd8107882905b07c5dd7967c837c7 differ
-diff --git a/fuzz/corpora/bndiv/1fd771718246d11b926bd90795d0a305f0483afd b/fuzz/corpora/bndiv/1fd771718246d11b926bd90795d0a305f0483afd
-new file mode 100644
-index 0000000..90154fc
-Binary files /dev/null and b/fuzz/corpora/bndiv/1fd771718246d11b926bd90795d0a305f0483afd differ
-diff --git a/fuzz/corpora/bndiv/200ef8aa067a701528d079ddf5ac44e158df9fed b/fuzz/corpora/bndiv/200ef8aa067a701528d079ddf5ac44e158df9fed
-new file mode 100644
-index 0000000..69cbc1d
-Binary files /dev/null and b/fuzz/corpora/bndiv/200ef8aa067a701528d079ddf5ac44e158df9fed differ
-diff --git a/fuzz/corpora/bndiv/220f09642702ac4c14ae347aba995f04023cb956 b/fuzz/corpora/bndiv/220f09642702ac4c14ae347aba995f04023cb956
-new file mode 100644
-index 0000000..7f1fccb
-Binary files /dev/null and b/fuzz/corpora/bndiv/220f09642702ac4c14ae347aba995f04023cb956 differ
-diff --git a/fuzz/corpora/bndiv/227712a3bb59a424ba26261a09a93b431a79bd43 b/fuzz/corpora/bndiv/227712a3bb59a424ba26261a09a93b431a79bd43
-new file mode 100644
-index 0000000..55de52b
-Binary files /dev/null and b/fuzz/corpora/bndiv/227712a3bb59a424ba26261a09a93b431a79bd43 differ
-diff --git a/fuzz/corpora/bndiv/23aac9e429789a651302a63b4258cf5ecac336fd b/fuzz/corpora/bndiv/23aac9e429789a651302a63b4258cf5ecac336fd
-new file mode 100644
-index 0000000..89029dc
-Binary files /dev/null and b/fuzz/corpora/bndiv/23aac9e429789a651302a63b4258cf5ecac336fd differ
-diff --git a/fuzz/corpora/bndiv/24eb6d22462609aa45ce4e01d071f69f01298518 b/fuzz/corpora/bndiv/24eb6d22462609aa45ce4e01d071f69f01298518
-new file mode 100644
-index 0000000..ea24d00
-Binary files /dev/null and b/fuzz/corpora/bndiv/24eb6d22462609aa45ce4e01d071f69f01298518 differ
-diff --git a/fuzz/corpora/bndiv/2667c9b7b024ce57e2e434d7f48238d0a16d1901 b/fuzz/corpora/bndiv/2667c9b7b024ce57e2e434d7f48238d0a16d1901
-new file mode 100644
-index 0000000..6c4bef8
-Binary files /dev/null and b/fuzz/corpora/bndiv/2667c9b7b024ce57e2e434d7f48238d0a16d1901 differ
-diff --git a/fuzz/corpora/bndiv/29a7a95bffb1df09f915f3f123e48ce0bc9bad9d b/fuzz/corpora/bndiv/29a7a95bffb1df09f915f3f123e48ce0bc9bad9d
-new file mode 100644
-index 0000000..6422873
-Binary files /dev/null and b/fuzz/corpora/bndiv/29a7a95bffb1df09f915f3f123e48ce0bc9bad9d differ
-diff --git a/fuzz/corpora/bndiv/2ae0b4465404d8512fb476cd6b8ccf8ab0a6dd60 b/fuzz/corpora/bndiv/2ae0b4465404d8512fb476cd6b8ccf8ab0a6dd60
-new file mode 100644
-index 0000000..0d209d9
-Binary files /dev/null and b/fuzz/corpora/bndiv/2ae0b4465404d8512fb476cd6b8ccf8ab0a6dd60 differ
-diff --git a/fuzz/corpora/bndiv/3035ec0874e44fe9f6e8d7bd0a909db80b230625 b/fuzz/corpora/bndiv/3035ec0874e44fe9f6e8d7bd0a909db80b230625
-new file mode 100644
-index 0000000..3b83a27
-Binary files /dev/null and b/fuzz/corpora/bndiv/3035ec0874e44fe9f6e8d7bd0a909db80b230625 differ
-diff --git a/fuzz/corpora/bndiv/311e82be75434fc5602731f6aee79c7d3111248c b/fuzz/corpora/bndiv/311e82be75434fc5602731f6aee79c7d3111248c
-new file mode 100644
-index 0000000..aa6df4e
-Binary files /dev/null and b/fuzz/corpora/bndiv/311e82be75434fc5602731f6aee79c7d3111248c differ
-diff --git a/fuzz/corpora/bndiv/320cb258a8f9598bcc38d5ffdb2aff6805197d6d b/fuzz/corpora/bndiv/320cb258a8f9598bcc38d5ffdb2aff6805197d6d
-new file mode 100644
-index 0000000..b0b4a5c
-Binary files /dev/null and b/fuzz/corpora/bndiv/320cb258a8f9598bcc38d5ffdb2aff6805197d6d differ
-diff --git a/fuzz/corpora/bndiv/322c493fc8f43154ef4e53a020ffd594209320a9 b/fuzz/corpora/bndiv/322c493fc8f43154ef4e53a020ffd594209320a9
-new file mode 100644
-index 0000000..404c95d
-Binary files /dev/null and b/fuzz/corpora/bndiv/322c493fc8f43154ef4e53a020ffd594209320a9 differ
-diff --git a/fuzz/corpora/bndiv/357e3c15f01b1f6271557e5304c222944dedb35c b/fuzz/corpora/bndiv/357e3c15f01b1f6271557e5304c222944dedb35c
-new file mode 100644
-index 0000000..bd62c8e
-Binary files /dev/null and b/fuzz/corpora/bndiv/357e3c15f01b1f6271557e5304c222944dedb35c differ
-diff --git a/fuzz/corpora/bndiv/37a8d9b70c83c97db16dadbae79f3d7d0f300168 b/fuzz/corpora/bndiv/37a8d9b70c83c97db16dadbae79f3d7d0f300168
-new file mode 100644
-index 0000000..b43f30b
-Binary files /dev/null and b/fuzz/corpora/bndiv/37a8d9b70c83c97db16dadbae79f3d7d0f300168 differ
-diff --git a/fuzz/corpora/bndiv/39018d655a1db047fd6031ba2963758f6b1634fb b/fuzz/corpora/bndiv/39018d655a1db047fd6031ba2963758f6b1634fb
-new file mode 100644
-index 0000000..4f26ead
-Binary files /dev/null and b/fuzz/corpora/bndiv/39018d655a1db047fd6031ba2963758f6b1634fb differ
-diff --git a/fuzz/corpora/bndiv/395a58f26f035fb3f08a0155d27a9bf385bbd5ac b/fuzz/corpora/bndiv/395a58f26f035fb3f08a0155d27a9bf385bbd5ac
-new file mode 100644
-index 0000000..ab2c03c
-Binary files /dev/null and b/fuzz/corpora/bndiv/395a58f26f035fb3f08a0155d27a9bf385bbd5ac differ
-diff --git a/fuzz/corpora/bndiv/3b8aeae736084a86a1aee7dd31319e7d8a98999c b/fuzz/corpora/bndiv/3b8aeae736084a86a1aee7dd31319e7d8a98999c
-new file mode 100644
-index 0000000..69abf7b
-Binary files /dev/null and b/fuzz/corpora/bndiv/3b8aeae736084a86a1aee7dd31319e7d8a98999c differ
-diff --git a/fuzz/corpora/bndiv/3e6d1dbf8d8b5aae5b9c368baafa3f6329220892 b/fuzz/corpora/bndiv/3e6d1dbf8d8b5aae5b9c368baafa3f6329220892
-new file mode 100644
-index 0000000..58b654a
-Binary files /dev/null and b/fuzz/corpora/bndiv/3e6d1dbf8d8b5aae5b9c368baafa3f6329220892 differ
-diff --git a/fuzz/corpora/bndiv/3edaea2a15a1724dbdf97a0ca4796e61641d14a6 b/fuzz/corpora/bndiv/3edaea2a15a1724dbdf97a0ca4796e61641d14a6
-new file mode 100644
-index 0000000..e1a187b
-Binary files /dev/null and b/fuzz/corpora/bndiv/3edaea2a15a1724dbdf97a0ca4796e61641d14a6 differ
-diff --git a/fuzz/corpora/bndiv/3edfe58eebce00eb960eb2b71e0166dc9ce2dfe4 b/fuzz/corpora/bndiv/3edfe58eebce00eb960eb2b71e0166dc9ce2dfe4
-new file mode 100644
-index 0000000..f7223bd
-Binary files /dev/null and b/fuzz/corpora/bndiv/3edfe58eebce00eb960eb2b71e0166dc9ce2dfe4 differ
-diff --git a/fuzz/corpora/bndiv/43b1bc9b15446fd7945528a361f2f1229b91241c b/fuzz/corpora/bndiv/43b1bc9b15446fd7945528a361f2f1229b91241c
-new file mode 100644
-index 0000000..2f97d48
-Binary files /dev/null and b/fuzz/corpora/bndiv/43b1bc9b15446fd7945528a361f2f1229b91241c differ
-diff --git a/fuzz/corpora/bndiv/44854033d6601abc1ed0c5606a5cda68f2363296 b/fuzz/corpora/bndiv/44854033d6601abc1ed0c5606a5cda68f2363296
-new file mode 100644
-index 0000000..3b6e1c8
-Binary files /dev/null and b/fuzz/corpora/bndiv/44854033d6601abc1ed0c5606a5cda68f2363296 differ
-diff --git a/fuzz/corpora/bndiv/45470ba97e24fc59c34fb8fb93460d417d1534df b/fuzz/corpora/bndiv/45470ba97e24fc59c34fb8fb93460d417d1534df
-new file mode 100644
-index 0000000..1245ad9
-Binary files /dev/null and b/fuzz/corpora/bndiv/45470ba97e24fc59c34fb8fb93460d417d1534df differ
-diff --git a/fuzz/corpora/bndiv/4658a5cf1189f7e7cf86a95c2ce0688d752ea99c b/fuzz/corpora/bndiv/4658a5cf1189f7e7cf86a95c2ce0688d752ea99c
-new file mode 100644
-index 0000000..07dd117
-Binary files /dev/null and b/fuzz/corpora/bndiv/4658a5cf1189f7e7cf86a95c2ce0688d752ea99c differ
-diff --git a/fuzz/corpora/bndiv/47966932642ab6eb7ad91c8147adee23231b8d7f b/fuzz/corpora/bndiv/47966932642ab6eb7ad91c8147adee23231b8d7f
-new file mode 100644
-index 0000000..b0c93aa
-Binary files /dev/null and b/fuzz/corpora/bndiv/47966932642ab6eb7ad91c8147adee23231b8d7f differ
-diff --git a/fuzz/corpora/bndiv/49b8c47f97f75f82263e05cb551f4a871b8ca979 b/fuzz/corpora/bndiv/49b8c47f97f75f82263e05cb551f4a871b8ca979
-new file mode 100644
-index 0000000..4ec92e0
-Binary files /dev/null and b/fuzz/corpora/bndiv/49b8c47f97f75f82263e05cb551f4a871b8ca979 differ
-diff --git a/fuzz/corpora/bndiv/4a5c55a6aaeaa9c46ba1cd9a8da91ff52c6612ab b/fuzz/corpora/bndiv/4a5c55a6aaeaa9c46ba1cd9a8da91ff52c6612ab
-new file mode 100644
-index 0000000..a9f3ed6
-Binary files /dev/null and b/fuzz/corpora/bndiv/4a5c55a6aaeaa9c46ba1cd9a8da91ff52c6612ab differ
-diff --git a/fuzz/corpora/bndiv/4b08c2aff33987e086f046d1e5788bc9d95ec2c3 b/fuzz/corpora/bndiv/4b08c2aff33987e086f046d1e5788bc9d95ec2c3
-new file mode 100644
-index 0000000..26e605d
-Binary files /dev/null and b/fuzz/corpora/bndiv/4b08c2aff33987e086f046d1e5788bc9d95ec2c3 differ
-diff --git a/fuzz/corpora/bndiv/4b6e2fd91dfc2aa9051c089fa0a9cc3c30e147b6 b/fuzz/corpora/bndiv/4b6e2fd91dfc2aa9051c089fa0a9cc3c30e147b6
-new file mode 100644
-index 0000000..25a1876
-Binary files /dev/null and b/fuzz/corpora/bndiv/4b6e2fd91dfc2aa9051c089fa0a9cc3c30e147b6 differ
-diff --git a/fuzz/corpora/bndiv/4bb9b051731a6ce1999a9ba6a807cf7637ffb0d5 b/fuzz/corpora/bndiv/4bb9b051731a6ce1999a9ba6a807cf7637ffb0d5
-new file mode 100644
-index 0000000..07e79b9
-Binary files /dev/null and b/fuzz/corpora/bndiv/4bb9b051731a6ce1999a9ba6a807cf7637ffb0d5 differ
-diff --git a/fuzz/corpora/bndiv/4dc223f7703d4d5a6446ca86047557d105977259 b/fuzz/corpora/bndiv/4dc223f7703d4d5a6446ca86047557d105977259
-new file mode 100644
-index 0000000..42e9508
-Binary files /dev/null and b/fuzz/corpora/bndiv/4dc223f7703d4d5a6446ca86047557d105977259 differ
-diff --git a/fuzz/corpora/bndiv/4e5e8520610c56b6379600fd52a2d47ca5376d0e b/fuzz/corpora/bndiv/4e5e8520610c56b6379600fd52a2d47ca5376d0e
-new file mode 100644
-index 0000000..f9e78e0
-Binary files /dev/null and b/fuzz/corpora/bndiv/4e5e8520610c56b6379600fd52a2d47ca5376d0e differ
-diff --git a/fuzz/corpora/bndiv/50fe9ecc00ada6f25550c78238e65c49a17b3003 b/fuzz/corpora/bndiv/50fe9ecc00ada6f25550c78238e65c49a17b3003
-new file mode 100644
-index 0000000..772c1ae
-Binary files /dev/null and b/fuzz/corpora/bndiv/50fe9ecc00ada6f25550c78238e65c49a17b3003 differ
-diff --git a/fuzz/corpora/bndiv/51ffcc7e932af87eb9fcbc710db82c5dde848c3b b/fuzz/corpora/bndiv/51ffcc7e932af87eb9fcbc710db82c5dde848c3b
-new file mode 100644
-index 0000000..4692bb0
-Binary files /dev/null and b/fuzz/corpora/bndiv/51ffcc7e932af87eb9fcbc710db82c5dde848c3b differ
-diff --git a/fuzz/corpora/bndiv/53d5adc15e1a5fe89aeb452a247349c99b280522 b/fuzz/corpora/bndiv/53d5adc15e1a5fe89aeb452a247349c99b280522
-new file mode 100644
-index 0000000..9379893
-Binary files /dev/null and b/fuzz/corpora/bndiv/53d5adc15e1a5fe89aeb452a247349c99b280522 differ
-diff --git a/fuzz/corpora/bndiv/5426ae7492507942ec6fdd74a247a63788ccdcc3 b/fuzz/corpora/bndiv/5426ae7492507942ec6fdd74a247a63788ccdcc3
-new file mode 100644
-index 0000000..46ab6eb
-Binary files /dev/null and b/fuzz/corpora/bndiv/5426ae7492507942ec6fdd74a247a63788ccdcc3 differ
-diff --git a/fuzz/corpora/bndiv/54714bf0285e7c78399a768bf953224e982543ea b/fuzz/corpora/bndiv/54714bf0285e7c78399a768bf953224e982543ea
-new file mode 100644
-index 0000000..3fda648
-Binary files /dev/null and b/fuzz/corpora/bndiv/54714bf0285e7c78399a768bf953224e982543ea differ
-diff --git a/fuzz/corpora/bndiv/56240e5f05dffe0086ed820c497b1c9c899387f9 b/fuzz/corpora/bndiv/56240e5f05dffe0086ed820c497b1c9c899387f9
-new file mode 100644
-index 0000000..5269e03
-Binary files /dev/null and b/fuzz/corpora/bndiv/56240e5f05dffe0086ed820c497b1c9c899387f9 differ
-diff --git a/fuzz/corpora/bndiv/591b8db8c1880ec300914fff8598b6bcf8747b34 b/fuzz/corpora/bndiv/591b8db8c1880ec300914fff8598b6bcf8747b34
-new file mode 100644
-index 0000000..79e4da7
-Binary files /dev/null and b/fuzz/corpora/bndiv/591b8db8c1880ec300914fff8598b6bcf8747b34 differ
-diff --git a/fuzz/corpora/bndiv/59a08bc6e67744082a70b766139de8d3da4f2bab b/fuzz/corpora/bndiv/59a08bc6e67744082a70b766139de8d3da4f2bab
-new file mode 100644
-index 0000000..cf97ea0
-Binary files /dev/null and b/fuzz/corpora/bndiv/59a08bc6e67744082a70b766139de8d3da4f2bab differ
-diff --git a/fuzz/corpora/bndiv/5b661f290853c677810c67b845d3030ae5c0790e b/fuzz/corpora/bndiv/5b661f290853c677810c67b845d3030ae5c0790e
-new file mode 100644
-index 0000000..6542018
-Binary files /dev/null and b/fuzz/corpora/bndiv/5b661f290853c677810c67b845d3030ae5c0790e differ
-diff --git a/fuzz/corpora/bndiv/5c58654951d76ca5193c07e1f00094012400e098 b/fuzz/corpora/bndiv/5c58654951d76ca5193c07e1f00094012400e098
-new file mode 100644
-index 0000000..4ec70a8
-Binary files /dev/null and b/fuzz/corpora/bndiv/5c58654951d76ca5193c07e1f00094012400e098 differ
-diff --git a/fuzz/corpora/bndiv/5ca0765b0f12165d1d9a97e73438e87e0014b2f3 b/fuzz/corpora/bndiv/5ca0765b0f12165d1d9a97e73438e87e0014b2f3
-new file mode 100644
-index 0000000..94b79e0
-Binary files /dev/null and b/fuzz/corpora/bndiv/5ca0765b0f12165d1d9a97e73438e87e0014b2f3 differ
-diff --git a/fuzz/corpora/bndiv/5caf1b331d1346c1b096f65ebd885b8d3a18e873 b/fuzz/corpora/bndiv/5caf1b331d1346c1b096f65ebd885b8d3a18e873
-new file mode 100644
-index 0000000..0a1b32d
-Binary files /dev/null and b/fuzz/corpora/bndiv/5caf1b331d1346c1b096f65ebd885b8d3a18e873 differ
-diff --git a/fuzz/corpora/bndiv/60feb07e3a20177a77974db885180844fcc8fa7b b/fuzz/corpora/bndiv/60feb07e3a20177a77974db885180844fcc8fa7b
-new file mode 100644
-index 0000000..091ca90
-Binary files /dev/null and b/fuzz/corpora/bndiv/60feb07e3a20177a77974db885180844fcc8fa7b differ
-diff --git a/fuzz/corpora/bndiv/61a68425c4221c61815ce8fe579b1441785b1c8f b/fuzz/corpora/bndiv/61a68425c4221c61815ce8fe579b1441785b1c8f
-new file mode 100644
-index 0000000..3553834
-Binary files /dev/null and b/fuzz/corpora/bndiv/61a68425c4221c61815ce8fe579b1441785b1c8f differ
-diff --git a/fuzz/corpora/bndiv/62720164bb76362a5ed382bcf602041d0a0305cc b/fuzz/corpora/bndiv/62720164bb76362a5ed382bcf602041d0a0305cc
-new file mode 100644
-index 0000000..f86edc2
-Binary files /dev/null and b/fuzz/corpora/bndiv/62720164bb76362a5ed382bcf602041d0a0305cc differ
-diff --git a/fuzz/corpora/bndiv/62f57201b37d3bc4f3337340ca3ff8a66498dd10 b/fuzz/corpora/bndiv/62f57201b37d3bc4f3337340ca3ff8a66498dd10
-new file mode 100644
-index 0000000..793b56e
-Binary files /dev/null and b/fuzz/corpora/bndiv/62f57201b37d3bc4f3337340ca3ff8a66498dd10 differ
-diff --git a/fuzz/corpora/bndiv/63ad6c852df126137e8e6dc59f488fa0df175241 b/fuzz/corpora/bndiv/63ad6c852df126137e8e6dc59f488fa0df175241
-new file mode 100644
-index 0000000..b4a56af
-Binary files /dev/null and b/fuzz/corpora/bndiv/63ad6c852df126137e8e6dc59f488fa0df175241 differ
-diff --git a/fuzz/corpora/bndiv/665dfaf50d569bd2da903954d18091001305d18c b/fuzz/corpora/bndiv/665dfaf50d569bd2da903954d18091001305d18c
-new file mode 100644
-index 0000000..f2ab224
-Binary files /dev/null and b/fuzz/corpora/bndiv/665dfaf50d569bd2da903954d18091001305d18c differ
-diff --git a/fuzz/corpora/bndiv/66cba355a88ef6ed3669e127130595d2912813c3 b/fuzz/corpora/bndiv/66cba355a88ef6ed3669e127130595d2912813c3
-new file mode 100644
-index 0000000..7d8afe8
-Binary files /dev/null and b/fuzz/corpora/bndiv/66cba355a88ef6ed3669e127130595d2912813c3 differ
-diff --git a/fuzz/corpora/bndiv/6810d21237efb46876ee55529a0bd16181c8e7b9 b/fuzz/corpora/bndiv/6810d21237efb46876ee55529a0bd16181c8e7b9
-new file mode 100644
-index 0000000..dc42496
-Binary files /dev/null and b/fuzz/corpora/bndiv/6810d21237efb46876ee55529a0bd16181c8e7b9 differ
-diff --git a/fuzz/corpora/bndiv/68c8bb143b10b9b31420a897bf78ab2cf94cacb7 b/fuzz/corpora/bndiv/68c8bb143b10b9b31420a897bf78ab2cf94cacb7
-new file mode 100644
-index 0000000..b7e7dc1
-Binary files /dev/null and b/fuzz/corpora/bndiv/68c8bb143b10b9b31420a897bf78ab2cf94cacb7 differ
-diff --git a/fuzz/corpora/bndiv/6a544b7ad8f77d1395adff499ecf2a135ea3c7d0 b/fuzz/corpora/bndiv/6a544b7ad8f77d1395adff499ecf2a135ea3c7d0
-new file mode 100644
-index 0000000..cc68b58
-Binary files /dev/null and b/fuzz/corpora/bndiv/6a544b7ad8f77d1395adff499ecf2a135ea3c7d0 differ
-diff --git a/fuzz/corpora/bndiv/6ae8a0cfc75bca680af03b8c79cf144fb61ccc8f b/fuzz/corpora/bndiv/6ae8a0cfc75bca680af03b8c79cf144fb61ccc8f
-new file mode 100644
-index 0000000..9473b5d
-Binary files /dev/null and b/fuzz/corpora/bndiv/6ae8a0cfc75bca680af03b8c79cf144fb61ccc8f differ
-diff --git a/fuzz/corpora/bndiv/6cc9d50ad85ac94ded38028abc7010f0c4ed4f41 b/fuzz/corpora/bndiv/6cc9d50ad85ac94ded38028abc7010f0c4ed4f41
-new file mode 100644
-index 0000000..2e2557b
-Binary files /dev/null and b/fuzz/corpora/bndiv/6cc9d50ad85ac94ded38028abc7010f0c4ed4f41 differ
-diff --git a/fuzz/corpora/bndiv/70398a1c546f4dcbfc8150bc08396e72dcec480e b/fuzz/corpora/bndiv/70398a1c546f4dcbfc8150bc08396e72dcec480e
-new file mode 100644
-index 0000000..22e4318
-Binary files /dev/null and b/fuzz/corpora/bndiv/70398a1c546f4dcbfc8150bc08396e72dcec480e differ
-diff --git a/fuzz/corpora/bndiv/7083de0ee1f5197c2e8b601e3a5ed52ad92d0779 b/fuzz/corpora/bndiv/7083de0ee1f5197c2e8b601e3a5ed52ad92d0779
-new file mode 100644
-index 0000000..b5f2e5b
-Binary files /dev/null and b/fuzz/corpora/bndiv/7083de0ee1f5197c2e8b601e3a5ed52ad92d0779 differ
-diff --git a/fuzz/corpora/bndiv/722997b0a95bda87d761ecbf47e2bebbac68de88 b/fuzz/corpora/bndiv/722997b0a95bda87d761ecbf47e2bebbac68de88
-new file mode 100644
-index 0000000..77f6b0c
-Binary files /dev/null and b/fuzz/corpora/bndiv/722997b0a95bda87d761ecbf47e2bebbac68de88 differ
-diff --git a/fuzz/corpora/bndiv/757576f5b8c4ee24ba49854212ec747dea195c21 b/fuzz/corpora/bndiv/757576f5b8c4ee24ba49854212ec747dea195c21
-new file mode 100644
-index 0000000..5d18c8c
-Binary files /dev/null and b/fuzz/corpora/bndiv/757576f5b8c4ee24ba49854212ec747dea195c21 differ
-diff --git a/fuzz/corpora/bndiv/75f1b7f39ea19d555cf998bfdb38e142b5113625 b/fuzz/corpora/bndiv/75f1b7f39ea19d555cf998bfdb38e142b5113625
-new file mode 100644
-index 0000000..6e76965
-Binary files /dev/null and b/fuzz/corpora/bndiv/75f1b7f39ea19d555cf998bfdb38e142b5113625 differ
-diff --git a/fuzz/corpora/bndiv/75f43ca2a3f4ee6d69a8fd89e327e98e2620b1eb b/fuzz/corpora/bndiv/75f43ca2a3f4ee6d69a8fd89e327e98e2620b1eb
-new file mode 100644
-index 0000000..34728e6
-Binary files /dev/null and b/fuzz/corpora/bndiv/75f43ca2a3f4ee6d69a8fd89e327e98e2620b1eb differ
-diff --git a/fuzz/corpora/bndiv/780d387f18af7508e151ac98ae25d720cd617af1 b/fuzz/corpora/bndiv/780d387f18af7508e151ac98ae25d720cd617af1
-new file mode 100644
-index 0000000..6097839
-Binary files /dev/null and b/fuzz/corpora/bndiv/780d387f18af7508e151ac98ae25d720cd617af1 differ
-diff --git a/fuzz/corpora/bndiv/7a460727621724eb63e3d891b780213b2ddf8c9e b/fuzz/corpora/bndiv/7a460727621724eb63e3d891b780213b2ddf8c9e
-new file mode 100644
-index 0000000..8934d12
-Binary files /dev/null and b/fuzz/corpora/bndiv/7a460727621724eb63e3d891b780213b2ddf8c9e differ
-diff --git a/fuzz/corpora/bndiv/7d80e4a509aab45ad255eaf70c55e283d8bc3a8c b/fuzz/corpora/bndiv/7d80e4a509aab45ad255eaf70c55e283d8bc3a8c
-new file mode 100644
-index 0000000..7e2f267
-Binary files /dev/null and b/fuzz/corpora/bndiv/7d80e4a509aab45ad255eaf70c55e283d8bc3a8c differ
-diff --git a/fuzz/corpora/bndiv/7dfa7b2982f30889332a46ab1c156f2fb028d3c2 b/fuzz/corpora/bndiv/7dfa7b2982f30889332a46ab1c156f2fb028d3c2
-new file mode 100644
-index 0000000..8cd385a
-Binary files /dev/null and b/fuzz/corpora/bndiv/7dfa7b2982f30889332a46ab1c156f2fb028d3c2 differ
-diff --git a/fuzz/corpora/bndiv/80dfa4640b4fb70512f32b3935f1b4fbd56bb027 b/fuzz/corpora/bndiv/80dfa4640b4fb70512f32b3935f1b4fbd56bb027
-new file mode 100644
-index 0000000..c7b059e
-Binary files /dev/null and b/fuzz/corpora/bndiv/80dfa4640b4fb70512f32b3935f1b4fbd56bb027 differ
-diff --git a/fuzz/corpora/bndiv/83cc008b2f03b442ab56a1bac2c7a98b586da96c b/fuzz/corpora/bndiv/83cc008b2f03b442ab56a1bac2c7a98b586da96c
-new file mode 100644
-index 0000000..d82827a
-Binary files /dev/null and b/fuzz/corpora/bndiv/83cc008b2f03b442ab56a1bac2c7a98b586da96c differ
-diff --git a/fuzz/corpora/bndiv/84e13713a3c3b63bdce4dca80212bca7bf8c169a b/fuzz/corpora/bndiv/84e13713a3c3b63bdce4dca80212bca7bf8c169a
-new file mode 100644
-index 0000000..b31ae61
-Binary files /dev/null and b/fuzz/corpora/bndiv/84e13713a3c3b63bdce4dca80212bca7bf8c169a differ
-diff --git a/fuzz/corpora/bndiv/8568f6cbf7f27694894008975ea41f63de5a1013 b/fuzz/corpora/bndiv/8568f6cbf7f27694894008975ea41f63de5a1013
-new file mode 100644
-index 0000000..783e4cc
-Binary files /dev/null and b/fuzz/corpora/bndiv/8568f6cbf7f27694894008975ea41f63de5a1013 differ
-diff --git a/fuzz/corpora/bndiv/858f9ff9c8890266ef6686a24145ba26052a3108 b/fuzz/corpora/bndiv/858f9ff9c8890266ef6686a24145ba26052a3108
-new file mode 100644
-index 0000000..8f58496
-Binary files /dev/null and b/fuzz/corpora/bndiv/858f9ff9c8890266ef6686a24145ba26052a3108 differ
-diff --git a/fuzz/corpora/bndiv/85b287d551b5b5e10ad01afec14429ac0683d01c b/fuzz/corpora/bndiv/85b287d551b5b5e10ad01afec14429ac0683d01c
-new file mode 100644
-index 0000000..2724ada
-Binary files /dev/null and b/fuzz/corpora/bndiv/85b287d551b5b5e10ad01afec14429ac0683d01c differ
-diff --git a/fuzz/corpora/bndiv/870d5833dc65c984d4bd40fea6a3ce43c946663a b/fuzz/corpora/bndiv/870d5833dc65c984d4bd40fea6a3ce43c946663a
-new file mode 100644
-index 0000000..9fd75ab
-Binary files /dev/null and b/fuzz/corpora/bndiv/870d5833dc65c984d4bd40fea6a3ce43c946663a differ
-diff --git a/fuzz/corpora/bndiv/8981900dbb68e906264c8f7037292201c73b3047 b/fuzz/corpora/bndiv/8981900dbb68e906264c8f7037292201c73b3047
-new file mode 100644
-index 0000000..76bdbe7
-Binary files /dev/null and b/fuzz/corpora/bndiv/8981900dbb68e906264c8f7037292201c73b3047 differ
-diff --git a/fuzz/corpora/bndiv/8a59b665f31f947b79869ea0e40628efea54e60a b/fuzz/corpora/bndiv/8a59b665f31f947b79869ea0e40628efea54e60a
-new file mode 100644
-index 0000000..c7c8956
-Binary files /dev/null and b/fuzz/corpora/bndiv/8a59b665f31f947b79869ea0e40628efea54e60a differ
-diff --git a/fuzz/corpora/bndiv/8abf22e50a61dbe2c8f8995ffd621f8eb048ec53 b/fuzz/corpora/bndiv/8abf22e50a61dbe2c8f8995ffd621f8eb048ec53
-new file mode 100644
-index 0000000..4ed23fa
-Binary files /dev/null and b/fuzz/corpora/bndiv/8abf22e50a61dbe2c8f8995ffd621f8eb048ec53 differ
-diff --git a/fuzz/corpora/bndiv/8bb9dae6420c9994c388c72b71e6853bff121d4b b/fuzz/corpora/bndiv/8bb9dae6420c9994c388c72b71e6853bff121d4b
-new file mode 100644
-index 0000000..2de2b14
-Binary files /dev/null and b/fuzz/corpora/bndiv/8bb9dae6420c9994c388c72b71e6853bff121d4b differ
-diff --git a/fuzz/corpora/bndiv/8c1010f7c041f2ef9f16181cfc490f8acd6bca37 b/fuzz/corpora/bndiv/8c1010f7c041f2ef9f16181cfc490f8acd6bca37
-new file mode 100644
-index 0000000..7f167ba
-Binary files /dev/null and b/fuzz/corpora/bndiv/8c1010f7c041f2ef9f16181cfc490f8acd6bca37 differ
-diff --git a/fuzz/corpora/bndiv/8c6b43ff095ec92f6d302fc711cc62dedcd2eaa3 b/fuzz/corpora/bndiv/8c6b43ff095ec92f6d302fc711cc62dedcd2eaa3
-new file mode 100644
-index 0000000..dc76939
-Binary files /dev/null and b/fuzz/corpora/bndiv/8c6b43ff095ec92f6d302fc711cc62dedcd2eaa3 differ
-diff --git a/fuzz/corpora/bndiv/8e7f153d6f09bf8b6e67697c9c8333d58583beee b/fuzz/corpora/bndiv/8e7f153d6f09bf8b6e67697c9c8333d58583beee
-new file mode 100644
-index 0000000..c12d7c5
-Binary files /dev/null and b/fuzz/corpora/bndiv/8e7f153d6f09bf8b6e67697c9c8333d58583beee differ
-diff --git a/fuzz/corpora/bndiv/9088b68499089d8fbedf1a0b06627d02e4823d1e b/fuzz/corpora/bndiv/9088b68499089d8fbedf1a0b06627d02e4823d1e
-new file mode 100644
-index 0000000..0396b3d
-Binary files /dev/null and b/fuzz/corpora/bndiv/9088b68499089d8fbedf1a0b06627d02e4823d1e differ
-diff --git a/fuzz/corpora/bndiv/940a04f6f32b60c2feb43666dd29b72387938eec b/fuzz/corpora/bndiv/940a04f6f32b60c2feb43666dd29b72387938eec
-new file mode 100644
-index 0000000..d4a017f
-Binary files /dev/null and b/fuzz/corpora/bndiv/940a04f6f32b60c2feb43666dd29b72387938eec differ
-diff --git a/fuzz/corpora/bndiv/951f7e75731c619d8302b204d53200bc0f6f5722 b/fuzz/corpora/bndiv/951f7e75731c619d8302b204d53200bc0f6f5722
-new file mode 100644
-index 0000000..6d8ac3d
-Binary files /dev/null and b/fuzz/corpora/bndiv/951f7e75731c619d8302b204d53200bc0f6f5722 differ
-diff --git a/fuzz/corpora/bndiv/955c154af6a2cf84af3b08fca48e1dfe7cbb4c1a b/fuzz/corpora/bndiv/955c154af6a2cf84af3b08fca48e1dfe7cbb4c1a
-new file mode 100644
-index 0000000..484f239
-Binary files /dev/null and b/fuzz/corpora/bndiv/955c154af6a2cf84af3b08fca48e1dfe7cbb4c1a differ
-diff --git a/fuzz/corpora/bndiv/95d6379ea58b799ba54425f33bae45bcbaa3d317 b/fuzz/corpora/bndiv/95d6379ea58b799ba54425f33bae45bcbaa3d317
-new file mode 100644
-index 0000000..19e5a77
-Binary files /dev/null and b/fuzz/corpora/bndiv/95d6379ea58b799ba54425f33bae45bcbaa3d317 differ
-diff --git a/fuzz/corpora/bndiv/994cb26e441054f6edd618405777fe3c7de1ecbc b/fuzz/corpora/bndiv/994cb26e441054f6edd618405777fe3c7de1ecbc
-new file mode 100644
-index 0000000..fcb3466
-Binary files /dev/null and b/fuzz/corpora/bndiv/994cb26e441054f6edd618405777fe3c7de1ecbc differ
-diff --git a/fuzz/corpora/bndiv/9b55624a875b903b61596988e5bd60c7f1b2451a b/fuzz/corpora/bndiv/9b55624a875b903b61596988e5bd60c7f1b2451a
-new file mode 100644
-index 0000000..2795c93
-Binary files /dev/null and b/fuzz/corpora/bndiv/9b55624a875b903b61596988e5bd60c7f1b2451a differ
-diff --git a/fuzz/corpora/bndiv/9d79720db949c75a3e03870dd36723a55c221684 b/fuzz/corpora/bndiv/9d79720db949c75a3e03870dd36723a55c221684
-new file mode 100644
-index 0000000..3df0377
-Binary files /dev/null and b/fuzz/corpora/bndiv/9d79720db949c75a3e03870dd36723a55c221684 differ
-diff --git a/fuzz/corpora/bndiv/a3f73dc92096d21d502b9a8546261a74372f1a71 b/fuzz/corpora/bndiv/a3f73dc92096d21d502b9a8546261a74372f1a71
-new file mode 100644
-index 0000000..8440e63
-Binary files /dev/null and b/fuzz/corpora/bndiv/a3f73dc92096d21d502b9a8546261a74372f1a71 differ
-diff --git a/fuzz/corpora/bndiv/a6a176c46fea452190990c1263e213d5f3743050 b/fuzz/corpora/bndiv/a6a176c46fea452190990c1263e213d5f3743050
-new file mode 100644
-index 0000000..da2d7c5
-Binary files /dev/null and b/fuzz/corpora/bndiv/a6a176c46fea452190990c1263e213d5f3743050 differ
-diff --git a/fuzz/corpora/bndiv/a7463b57a3bf2db86a798f26e9ec939965643183 b/fuzz/corpora/bndiv/a7463b57a3bf2db86a798f26e9ec939965643183
-new file mode 100644
-index 0000000..8c081af
-Binary files /dev/null and b/fuzz/corpora/bndiv/a7463b57a3bf2db86a798f26e9ec939965643183 differ
-diff --git a/fuzz/corpora/bndiv/a95761fe9b239c68e07f5bafba71c4a21befe4e9 b/fuzz/corpora/bndiv/a95761fe9b239c68e07f5bafba71c4a21befe4e9
-new file mode 100644
-index 0000000..82054b9
-Binary files /dev/null and b/fuzz/corpora/bndiv/a95761fe9b239c68e07f5bafba71c4a21befe4e9 differ
-diff --git a/fuzz/corpora/bndiv/a9d3b6f9ce1062f128a1e014c43f96985deb4cb6 b/fuzz/corpora/bndiv/a9d3b6f9ce1062f128a1e014c43f96985deb4cb6
-new file mode 100644
-index 0000000..55ee30f
-Binary files /dev/null and b/fuzz/corpora/bndiv/a9d3b6f9ce1062f128a1e014c43f96985deb4cb6 differ
-diff --git a/fuzz/corpora/bndiv/aaac8acbc19d3105c01a0ae20b367dca81f2308d b/fuzz/corpora/bndiv/aaac8acbc19d3105c01a0ae20b367dca81f2308d
-new file mode 100644
-index 0000000..9095189
-Binary files /dev/null and b/fuzz/corpora/bndiv/aaac8acbc19d3105c01a0ae20b367dca81f2308d differ
-diff --git a/fuzz/corpora/bndiv/aceef69d7cea5f18ce634dfd2dbb1212727898e5 b/fuzz/corpora/bndiv/aceef69d7cea5f18ce634dfd2dbb1212727898e5
-new file mode 100644
-index 0000000..767bd11
-Binary files /dev/null and b/fuzz/corpora/bndiv/aceef69d7cea5f18ce634dfd2dbb1212727898e5 differ
-diff --git a/fuzz/corpora/bndiv/adb872f984cb7058234725640be82b94dc1703e0 b/fuzz/corpora/bndiv/adb872f984cb7058234725640be82b94dc1703e0
-new file mode 100644
-index 0000000..4b0959f
-Binary files /dev/null and b/fuzz/corpora/bndiv/adb872f984cb7058234725640be82b94dc1703e0 differ
-diff --git a/fuzz/corpora/bndiv/b4880ee2d8e1f67896696e94d5ddae323628f993 b/fuzz/corpora/bndiv/b4880ee2d8e1f67896696e94d5ddae323628f993
-new file mode 100644
-index 0000000..ce6f76d
-Binary files /dev/null and b/fuzz/corpora/bndiv/b4880ee2d8e1f67896696e94d5ddae323628f993 differ
-diff --git a/fuzz/corpora/bndiv/b4b179e18ca58809359875a2c1e228f4d5cc7f0f b/fuzz/corpora/bndiv/b4b179e18ca58809359875a2c1e228f4d5cc7f0f
-new file mode 100644
-index 0000000..398ed9b
-Binary files /dev/null and b/fuzz/corpora/bndiv/b4b179e18ca58809359875a2c1e228f4d5cc7f0f differ
-diff --git a/fuzz/corpora/bndiv/b6079e2a45a91472dce11a59d56665173526f020 b/fuzz/corpora/bndiv/b6079e2a45a91472dce11a59d56665173526f020
-new file mode 100644
-index 0000000..db4e012
-Binary files /dev/null and b/fuzz/corpora/bndiv/b6079e2a45a91472dce11a59d56665173526f020 differ
-diff --git a/fuzz/corpora/bndiv/b64460520fb69de4d3994dd347cdb6e484661775 b/fuzz/corpora/bndiv/b64460520fb69de4d3994dd347cdb6e484661775
-new file mode 100644
-index 0000000..e1c956a
-Binary files /dev/null and b/fuzz/corpora/bndiv/b64460520fb69de4d3994dd347cdb6e484661775 differ
-diff --git a/fuzz/corpora/bndiv/ba46026e915894d9fe1f4d4ceaea13002af2b360 b/fuzz/corpora/bndiv/ba46026e915894d9fe1f4d4ceaea13002af2b360
-new file mode 100644
-index 0000000..57b2ba9
-Binary files /dev/null and b/fuzz/corpora/bndiv/ba46026e915894d9fe1f4d4ceaea13002af2b360 differ
-diff --git a/fuzz/corpora/bndiv/bb1b8f57b2ee2640740802f7dbc6dd830050203d b/fuzz/corpora/bndiv/bb1b8f57b2ee2640740802f7dbc6dd830050203d
-new file mode 100644
-index 0000000..fbab862
-Binary files /dev/null and b/fuzz/corpora/bndiv/bb1b8f57b2ee2640740802f7dbc6dd830050203d differ
-diff --git a/fuzz/corpora/bndiv/bc351aa1c2dbd0717311a47e7055618957362c8f b/fuzz/corpora/bndiv/bc351aa1c2dbd0717311a47e7055618957362c8f
-new file mode 100644
-index 0000000..483e5fd
-Binary files /dev/null and b/fuzz/corpora/bndiv/bc351aa1c2dbd0717311a47e7055618957362c8f differ
-diff --git a/fuzz/corpora/bndiv/bd25a6b28bc81dc545846a34bfe1a4d67d1841f9 b/fuzz/corpora/bndiv/bd25a6b28bc81dc545846a34bfe1a4d67d1841f9
-new file mode 100644
-index 0000000..12b287e
-Binary files /dev/null and b/fuzz/corpora/bndiv/bd25a6b28bc81dc545846a34bfe1a4d67d1841f9 differ
-diff --git a/fuzz/corpora/bndiv/bd2788635245ee407a282f3bfed29b1adbf0febb b/fuzz/corpora/bndiv/bd2788635245ee407a282f3bfed29b1adbf0febb
-new file mode 100644
-index 0000000..0452fb7
-Binary files /dev/null and b/fuzz/corpora/bndiv/bd2788635245ee407a282f3bfed29b1adbf0febb differ
-diff --git a/fuzz/corpora/bndiv/c1b91b5cbcb97112dcc382a3b3f88494f3494021 b/fuzz/corpora/bndiv/c1b91b5cbcb97112dcc382a3b3f88494f3494021
-new file mode 100644
-index 0000000..064b8f2
-Binary files /dev/null and b/fuzz/corpora/bndiv/c1b91b5cbcb97112dcc382a3b3f88494f3494021 differ
-diff --git a/fuzz/corpora/bndiv/c23b9c05aea82e1646f1ac3e0b6756baa2fb48b7 b/fuzz/corpora/bndiv/c23b9c05aea82e1646f1ac3e0b6756baa2fb48b7
-new file mode 100644
-index 0000000..9d93b81
-Binary files /dev/null and b/fuzz/corpora/bndiv/c23b9c05aea82e1646f1ac3e0b6756baa2fb48b7 differ
-diff --git a/fuzz/corpora/bndiv/c358045a294d116c315ff56aabc4fe7e4e62c480 b/fuzz/corpora/bndiv/c358045a294d116c315ff56aabc4fe7e4e62c480
-new file mode 100644
-index 0000000..84494e1
-Binary files /dev/null and b/fuzz/corpora/bndiv/c358045a294d116c315ff56aabc4fe7e4e62c480 differ
-diff --git a/fuzz/corpora/bndiv/c38089264931877f9972924b51a38a6fe3a8785c b/fuzz/corpora/bndiv/c38089264931877f9972924b51a38a6fe3a8785c
-new file mode 100644
-index 0000000..d868e96
-Binary files /dev/null and b/fuzz/corpora/bndiv/c38089264931877f9972924b51a38a6fe3a8785c differ
-diff --git a/fuzz/corpora/bndiv/c55af0abdf3e4f0db52bdf9e9dacf555045a54de b/fuzz/corpora/bndiv/c55af0abdf3e4f0db52bdf9e9dacf555045a54de
-new file mode 100644
-index 0000000..9b570d5
-Binary files /dev/null and b/fuzz/corpora/bndiv/c55af0abdf3e4f0db52bdf9e9dacf555045a54de differ
-diff --git a/fuzz/corpora/bndiv/c56fca23a44ba369039aa177608b6b1da73533a1 b/fuzz/corpora/bndiv/c56fca23a44ba369039aa177608b6b1da73533a1
-new file mode 100644
-index 0000000..d14c6d3
-Binary files /dev/null and b/fuzz/corpora/bndiv/c56fca23a44ba369039aa177608b6b1da73533a1 differ
-diff --git a/fuzz/corpora/bndiv/c59a984cd4e26d46affb13d9acd868606ee8f091 b/fuzz/corpora/bndiv/c59a984cd4e26d46affb13d9acd868606ee8f091
-new file mode 100644
-index 0000000..3bc528c
-Binary files /dev/null and b/fuzz/corpora/bndiv/c59a984cd4e26d46affb13d9acd868606ee8f091 differ
-diff --git a/fuzz/corpora/bndiv/cca37b71d54143547e75631c96e8f337dd8d04d3 b/fuzz/corpora/bndiv/cca37b71d54143547e75631c96e8f337dd8d04d3
-new file mode 100644
-index 0000000..c6a210b
-Binary files /dev/null and b/fuzz/corpora/bndiv/cca37b71d54143547e75631c96e8f337dd8d04d3 differ
-diff --git a/fuzz/corpora/bndiv/d329b76f5c2df6a9944917b26b38deaaec2a0666 b/fuzz/corpora/bndiv/d329b76f5c2df6a9944917b26b38deaaec2a0666
-new file mode 100644
-index 0000000..db79475
-Binary files /dev/null and b/fuzz/corpora/bndiv/d329b76f5c2df6a9944917b26b38deaaec2a0666 differ
-diff --git a/fuzz/corpora/bndiv/d34ad7b5d248e34a170fe10f10fa97a97c8adec3 b/fuzz/corpora/bndiv/d34ad7b5d248e34a170fe10f10fa97a97c8adec3
-new file mode 100644
-index 0000000..93ca5cb
-Binary files /dev/null and b/fuzz/corpora/bndiv/d34ad7b5d248e34a170fe10f10fa97a97c8adec3 differ
-diff --git a/fuzz/corpora/bndiv/d52521be6f858377528b72b948c39bc8be348fd5 b/fuzz/corpora/bndiv/d52521be6f858377528b72b948c39bc8be348fd5
-new file mode 100644
-index 0000000..bfc56e5
-Binary files /dev/null and b/fuzz/corpora/bndiv/d52521be6f858377528b72b948c39bc8be348fd5 differ
-diff --git a/fuzz/corpora/bndiv/d9eac491478623200cf6605873d0e2bac27a2461 b/fuzz/corpora/bndiv/d9eac491478623200cf6605873d0e2bac27a2461
-new file mode 100644
-index 0000000..3ee0b4e
-Binary files /dev/null and b/fuzz/corpora/bndiv/d9eac491478623200cf6605873d0e2bac27a2461 differ
-diff --git a/fuzz/corpora/bndiv/def1e8a1d7d9366672fbda0a583b692fc0c32c46 b/fuzz/corpora/bndiv/def1e8a1d7d9366672fbda0a583b692fc0c32c46
-new file mode 100644
-index 0000000..d7cd26e
-Binary files /dev/null and b/fuzz/corpora/bndiv/def1e8a1d7d9366672fbda0a583b692fc0c32c46 differ
-diff --git a/fuzz/corpora/bndiv/dfb4a982eabc7a659f1273b32598f150162a69b8 b/fuzz/corpora/bndiv/dfb4a982eabc7a659f1273b32598f150162a69b8
-new file mode 100644
-index 0000000..f3587c7
-Binary files /dev/null and b/fuzz/corpora/bndiv/dfb4a982eabc7a659f1273b32598f150162a69b8 differ
-diff --git a/fuzz/corpora/bndiv/e00abb54d0fe8d11ed63951a407757de2e94a81c b/fuzz/corpora/bndiv/e00abb54d0fe8d11ed63951a407757de2e94a81c
-new file mode 100644
-index 0000000..497a62e
-Binary files /dev/null and b/fuzz/corpora/bndiv/e00abb54d0fe8d11ed63951a407757de2e94a81c differ
-diff --git a/fuzz/corpora/bndiv/e23bffaba03c0778aea4490ce79fdacd03fa1477 b/fuzz/corpora/bndiv/e23bffaba03c0778aea4490ce79fdacd03fa1477
-new file mode 100644
-index 0000000..e8a1dc0
-Binary files /dev/null and b/fuzz/corpora/bndiv/e23bffaba03c0778aea4490ce79fdacd03fa1477 differ
-diff --git a/fuzz/corpora/bndiv/e2523d20cafb2b423f3d88e712a9e5665e6bc48a b/fuzz/corpora/bndiv/e2523d20cafb2b423f3d88e712a9e5665e6bc48a
-new file mode 100644
-index 0000000..cc1561c
-Binary files /dev/null and b/fuzz/corpora/bndiv/e2523d20cafb2b423f3d88e712a9e5665e6bc48a differ
-diff --git a/fuzz/corpora/bndiv/e73ff44782cdf3fbe87ee976fb06a09633e8c4d9 b/fuzz/corpora/bndiv/e73ff44782cdf3fbe87ee976fb06a09633e8c4d9
-new file mode 100644
-index 0000000..20e637e
-Binary files /dev/null and b/fuzz/corpora/bndiv/e73ff44782cdf3fbe87ee976fb06a09633e8c4d9 differ
-diff --git a/fuzz/corpora/bndiv/e74bd53000909087103da03415dc4dd09af11b67 b/fuzz/corpora/bndiv/e74bd53000909087103da03415dc4dd09af11b67
-new file mode 100644
-index 0000000..4cff904
-Binary files /dev/null and b/fuzz/corpora/bndiv/e74bd53000909087103da03415dc4dd09af11b67 differ
-diff --git a/fuzz/corpora/bndiv/e9974c58cdd7dd42b835f16b65e5feff848f0920 b/fuzz/corpora/bndiv/e9974c58cdd7dd42b835f16b65e5feff848f0920
-new file mode 100644
-index 0000000..0775e88
-Binary files /dev/null and b/fuzz/corpora/bndiv/e9974c58cdd7dd42b835f16b65e5feff848f0920 differ
-diff --git a/fuzz/corpora/bndiv/edddcb660ba75b99edb3e12bcdb3fe0fcc55ba81 b/fuzz/corpora/bndiv/edddcb660ba75b99edb3e12bcdb3fe0fcc55ba81
-new file mode 100644
-index 0000000..a677cfe
-Binary files /dev/null and b/fuzz/corpora/bndiv/edddcb660ba75b99edb3e12bcdb3fe0fcc55ba81 differ
-diff --git a/fuzz/corpora/bndiv/ee6367f4b155aaf1d4d3c805576fced110f6de64 b/fuzz/corpora/bndiv/ee6367f4b155aaf1d4d3c805576fced110f6de64
-new file mode 100644
-index 0000000..cc56310
-Binary files /dev/null and b/fuzz/corpora/bndiv/ee6367f4b155aaf1d4d3c805576fced110f6de64 differ
-diff --git a/fuzz/corpora/bndiv/f1a40865f93e75b68c10eb19b8905750a5ed22ad b/fuzz/corpora/bndiv/f1a40865f93e75b68c10eb19b8905750a5ed22ad
-new file mode 100644
-index 0000000..21da658
-Binary files /dev/null and b/fuzz/corpora/bndiv/f1a40865f93e75b68c10eb19b8905750a5ed22ad differ
-diff --git a/fuzz/corpora/bndiv/f2781d83503fc623370404ba2221807d6410f17b b/fuzz/corpora/bndiv/f2781d83503fc623370404ba2221807d6410f17b
-new file mode 100644
-index 0000000..7bbd6e2
-Binary files /dev/null and b/fuzz/corpora/bndiv/f2781d83503fc623370404ba2221807d6410f17b differ
-diff --git a/fuzz/corpora/bndiv/f283157a26e9c36bff5d442440f504382fc632b6 b/fuzz/corpora/bndiv/f283157a26e9c36bff5d442440f504382fc632b6
-new file mode 100644
-index 0000000..d8aa91b
-Binary files /dev/null and b/fuzz/corpora/bndiv/f283157a26e9c36bff5d442440f504382fc632b6 differ
-diff --git a/fuzz/corpora/bndiv/f2cce82b05b8f53f08221a2481082d31e9cc6b51 b/fuzz/corpora/bndiv/f2cce82b05b8f53f08221a2481082d31e9cc6b51
-new file mode 100644
-index 0000000..6bd2cab
-Binary files /dev/null and b/fuzz/corpora/bndiv/f2cce82b05b8f53f08221a2481082d31e9cc6b51 differ
-diff --git a/fuzz/corpora/bndiv/f371e628c2313f381c57918da53bf71ec8c9c277 b/fuzz/corpora/bndiv/f371e628c2313f381c57918da53bf71ec8c9c277
-new file mode 100644
-index 0000000..cf579d1
-Binary files /dev/null and b/fuzz/corpora/bndiv/f371e628c2313f381c57918da53bf71ec8c9c277 differ
-diff --git a/fuzz/corpora/bndiv/f39293903321bea7c8a9433139fc78760b9d40d8 b/fuzz/corpora/bndiv/f39293903321bea7c8a9433139fc78760b9d40d8
-new file mode 100644
-index 0000000..c025671
-Binary files /dev/null and b/fuzz/corpora/bndiv/f39293903321bea7c8a9433139fc78760b9d40d8 differ
-diff --git a/fuzz/corpora/bndiv/f4636445dc7450f2422b4a3255c335e809329772 b/fuzz/corpora/bndiv/f4636445dc7450f2422b4a3255c335e809329772
-new file mode 100644
-index 0000000..ccd1a62
-Binary files /dev/null and b/fuzz/corpora/bndiv/f4636445dc7450f2422b4a3255c335e809329772 differ
-diff --git a/fuzz/corpora/bndiv/f743f3439f37a3f3503f6cce0524303fea29566a b/fuzz/corpora/bndiv/f743f3439f37a3f3503f6cce0524303fea29566a
-new file mode 100644
-index 0000000..dcccf12
-Binary files /dev/null and b/fuzz/corpora/bndiv/f743f3439f37a3f3503f6cce0524303fea29566a differ
-diff --git a/fuzz/corpora/bndiv/fa146f33103edadb91b3eb80ab601ffb072d9b4a b/fuzz/corpora/bndiv/fa146f33103edadb91b3eb80ab601ffb072d9b4a
-new file mode 100644
-index 0000000..8fefd3e
-Binary files /dev/null and b/fuzz/corpora/bndiv/fa146f33103edadb91b3eb80ab601ffb072d9b4a differ
-diff --git a/fuzz/corpora/bndiv/fcfd9398956bf8a0149d82bcb8a159272e9e7e46 b/fuzz/corpora/bndiv/fcfd9398956bf8a0149d82bcb8a159272e9e7e46
-new file mode 100644
-index 0000000..0faac0b
-Binary files /dev/null and b/fuzz/corpora/bndiv/fcfd9398956bf8a0149d82bcb8a159272e9e7e46 differ
-diff --git a/fuzz/corpora/bndiv/fda907bde85e1c335a67508432d0952f8338a30a b/fuzz/corpora/bndiv/fda907bde85e1c335a67508432d0952f8338a30a
-new file mode 100644
-index 0000000..c3221d3
-Binary files /dev/null and b/fuzz/corpora/bndiv/fda907bde85e1c335a67508432d0952f8338a30a differ
-diff --git a/fuzz/corpora/bndiv/ff4937baf5a845b14580e0c331ff85c9039bb287 b/fuzz/corpora/bndiv/ff4937baf5a845b14580e0c331ff85c9039bb287
-new file mode 100644
-index 0000000..ad3198b
-Binary files /dev/null and b/fuzz/corpora/bndiv/ff4937baf5a845b14580e0c331ff85c9039bb287 differ
-diff --git a/fuzz/corpora/bndiv/ffb4c1505b3a3b27a06bc931e8013e89b692eeaa b/fuzz/corpora/bndiv/ffb4c1505b3a3b27a06bc931e8013e89b692eeaa
-new file mode 100644
-index 0000000..62e0e6e
-Binary files /dev/null and b/fuzz/corpora/bndiv/ffb4c1505b3a3b27a06bc931e8013e89b692eeaa differ
-diff --git a/fuzz/corpora/cms/008588f8b942da8fba2812c05522f0f0328d233a b/fuzz/corpora/cms/008588f8b942da8fba2812c05522f0f0328d233a
-new file mode 100644
-index 0000000..4685f85
-Binary files /dev/null and b/fuzz/corpora/cms/008588f8b942da8fba2812c05522f0f0328d233a differ
-diff --git a/fuzz/corpora/cms/008936f1f293b9f495979c3cfc0595d7e273ca65 b/fuzz/corpora/cms/008936f1f293b9f495979c3cfc0595d7e273ca65
-new file mode 100644
-index 0000000..e8f1dc2
-Binary files /dev/null and b/fuzz/corpora/cms/008936f1f293b9f495979c3cfc0595d7e273ca65 differ
-diff --git a/fuzz/corpora/cms/00cd53fdf6a72d35571d3882fb3c74862debc331 b/fuzz/corpora/cms/00cd53fdf6a72d35571d3882fb3c74862debc331
-new file mode 100644
-index 0000000..0279976
-Binary files /dev/null and b/fuzz/corpora/cms/00cd53fdf6a72d35571d3882fb3c74862debc331 differ
-diff --git a/fuzz/corpora/cms/05fb8071206bf0ecd7a2a771e6ba1a77a789ef96 b/fuzz/corpora/cms/05fb8071206bf0ecd7a2a771e6ba1a77a789ef96
-new file mode 100644
-index 0000000..2933a2c
-Binary files /dev/null and b/fuzz/corpora/cms/05fb8071206bf0ecd7a2a771e6ba1a77a789ef96 differ
-diff --git a/fuzz/corpora/cms/0f15db777a0272c5e089f1508a6cd2e064df7b7e b/fuzz/corpora/cms/0f15db777a0272c5e089f1508a6cd2e064df7b7e
-new file mode 100644
-index 0000000..a601a5c
-Binary files /dev/null and b/fuzz/corpora/cms/0f15db777a0272c5e089f1508a6cd2e064df7b7e differ
-diff --git a/fuzz/corpora/cms/111f267698d1cbac816dc35ace482b466b029a9a b/fuzz/corpora/cms/111f267698d1cbac816dc35ace482b466b029a9a
-new file mode 100644
-index 0000000..e817326
-Binary files /dev/null and b/fuzz/corpora/cms/111f267698d1cbac816dc35ace482b466b029a9a differ
-diff --git a/fuzz/corpora/cms/13eb274212ad5e416ba9c1a22e0a502aa9ca8141 b/fuzz/corpora/cms/13eb274212ad5e416ba9c1a22e0a502aa9ca8141
-new file mode 100644
-index 0000000..6208939
-Binary files /dev/null and b/fuzz/corpora/cms/13eb274212ad5e416ba9c1a22e0a502aa9ca8141 differ
-diff --git a/fuzz/corpora/cms/17480c205d8e14d241319419647b4f750f70deff b/fuzz/corpora/cms/17480c205d8e14d241319419647b4f750f70deff
-new file mode 100644
-index 0000000..2b4ad4f
-Binary files /dev/null and b/fuzz/corpora/cms/17480c205d8e14d241319419647b4f750f70deff differ
-diff --git a/fuzz/corpora/cms/17ba378b0b6339b8cc7b620b1b6dd52190758346 b/fuzz/corpora/cms/17ba378b0b6339b8cc7b620b1b6dd52190758346
-new file mode 100644
-index 0000000..8a5e6be
-Binary files /dev/null and b/fuzz/corpora/cms/17ba378b0b6339b8cc7b620b1b6dd52190758346 differ
-diff --git a/fuzz/corpora/cms/1a6e8eb2614c5fc362e1ea2e8eef2b8c6b9d9b40 b/fuzz/corpora/cms/1a6e8eb2614c5fc362e1ea2e8eef2b8c6b9d9b40
-new file mode 100644
-index 0000000..1822470
-Binary files /dev/null and b/fuzz/corpora/cms/1a6e8eb2614c5fc362e1ea2e8eef2b8c6b9d9b40 differ
-diff --git a/fuzz/corpora/cms/1b47e3a0a9c94594e4a9547687ffad954582e473 b/fuzz/corpora/cms/1b47e3a0a9c94594e4a9547687ffad954582e473
-new file mode 100644
-index 0000000..86bff32
-Binary files /dev/null and b/fuzz/corpora/cms/1b47e3a0a9c94594e4a9547687ffad954582e473 differ
-diff --git a/fuzz/corpora/cms/1c95f2671c37c29b4648e148628be77c8b580c55 b/fuzz/corpora/cms/1c95f2671c37c29b4648e148628be77c8b580c55
-new file mode 100644
-index 0000000..2ee0459
-Binary files /dev/null and b/fuzz/corpora/cms/1c95f2671c37c29b4648e148628be77c8b580c55 differ
-diff --git a/fuzz/corpora/cms/1cc1ac7f8b6d10e6d1f91d41f4dee1461b21b614 b/fuzz/corpora/cms/1cc1ac7f8b6d10e6d1f91d41f4dee1461b21b614
-new file mode 100644
-index 0000000..f1e9ce3
-Binary files /dev/null and b/fuzz/corpora/cms/1cc1ac7f8b6d10e6d1f91d41f4dee1461b21b614 differ
-diff --git a/fuzz/corpora/cms/1e1192142dd3e5c9e3652d090547e8931656eaff b/fuzz/corpora/cms/1e1192142dd3e5c9e3652d090547e8931656eaff
-new file mode 100644
-index 0000000..e3dd275
-Binary files /dev/null and b/fuzz/corpora/cms/1e1192142dd3e5c9e3652d090547e8931656eaff differ
-diff --git a/fuzz/corpora/cms/1ee8df2e1477caa935372d96b92062b2070bca6f b/fuzz/corpora/cms/1ee8df2e1477caa935372d96b92062b2070bca6f
-new file mode 100644
-index 0000000..a012145
-Binary files /dev/null and b/fuzz/corpora/cms/1ee8df2e1477caa935372d96b92062b2070bca6f differ
-diff --git a/fuzz/corpora/cms/2220a887761b68984fdc55456edc02e2c84c8b84 b/fuzz/corpora/cms/2220a887761b68984fdc55456edc02e2c84c8b84
-new file mode 100644
-index 0000000..a6a68fb
-Binary files /dev/null and b/fuzz/corpora/cms/2220a887761b68984fdc55456edc02e2c84c8b84 differ
-diff --git a/fuzz/corpora/cms/22eac974c6250817f5976a80d7be85b498fe3c8c b/fuzz/corpora/cms/22eac974c6250817f5976a80d7be85b498fe3c8c
-new file mode 100644
-index 0000000..d3bb72b
-Binary files /dev/null and b/fuzz/corpora/cms/22eac974c6250817f5976a80d7be85b498fe3c8c differ
-diff --git a/fuzz/corpora/cms/29ba133f7cd81aeb0aeafc0874e215fa06bc15fe b/fuzz/corpora/cms/29ba133f7cd81aeb0aeafc0874e215fa06bc15fe
-new file mode 100644
-index 0000000..5d1ff86
-Binary files /dev/null and b/fuzz/corpora/cms/29ba133f7cd81aeb0aeafc0874e215fa06bc15fe differ
-diff --git a/fuzz/corpora/cms/2c2042540c0193350aabec68d9af25d8bbc7c0bd b/fuzz/corpora/cms/2c2042540c0193350aabec68d9af25d8bbc7c0bd
-new file mode 100644
-index 0000000..6ec8d9e
-Binary files /dev/null and b/fuzz/corpora/cms/2c2042540c0193350aabec68d9af25d8bbc7c0bd differ
-diff --git a/fuzz/corpora/cms/2e2f353cfa042160460167ce952bb38e3b4d6039 b/fuzz/corpora/cms/2e2f353cfa042160460167ce952bb38e3b4d6039
-new file mode 100644
-index 0000000..a1de5b2
-Binary files /dev/null and b/fuzz/corpora/cms/2e2f353cfa042160460167ce952bb38e3b4d6039 differ
-diff --git a/fuzz/corpora/cms/30c399c9612c18c7332320341c072b2d61124331 b/fuzz/corpora/cms/30c399c9612c18c7332320341c072b2d61124331
-new file mode 100644
-index 0000000..58ebe50
-Binary files /dev/null and b/fuzz/corpora/cms/30c399c9612c18c7332320341c072b2d61124331 differ
-diff --git a/fuzz/corpora/cms/334d568b5edb44b72ba46b83f5c5a9842fb6cad2 b/fuzz/corpora/cms/334d568b5edb44b72ba46b83f5c5a9842fb6cad2
-new file mode 100644
-index 0000000..266160d
-Binary files /dev/null and b/fuzz/corpora/cms/334d568b5edb44b72ba46b83f5c5a9842fb6cad2 differ
-diff --git a/fuzz/corpora/cms/345bd68388e09b501c9e657174ac839b08490684 b/fuzz/corpora/cms/345bd68388e09b501c9e657174ac839b08490684
-new file mode 100644
-index 0000000..df6b39b
-Binary files /dev/null and b/fuzz/corpora/cms/345bd68388e09b501c9e657174ac839b08490684 differ
-diff --git a/fuzz/corpora/cms/34b45b04ac3e8931f52fb22b786f092f3f349bc8 b/fuzz/corpora/cms/34b45b04ac3e8931f52fb22b786f092f3f349bc8
-new file mode 100644
-index 0000000..29e4ce9
-Binary files /dev/null and b/fuzz/corpora/cms/34b45b04ac3e8931f52fb22b786f092f3f349bc8 differ
-diff --git a/fuzz/corpora/cms/34e5a56abf01b46be37a37e394aa63db5c57f5a1 b/fuzz/corpora/cms/34e5a56abf01b46be37a37e394aa63db5c57f5a1
-new file mode 100644
-index 0000000..d719c15
-Binary files /dev/null and b/fuzz/corpora/cms/34e5a56abf01b46be37a37e394aa63db5c57f5a1 differ
-diff --git a/fuzz/corpora/cms/35b327afa395b5a527da2c60aa55198ae95e12fd b/fuzz/corpora/cms/35b327afa395b5a527da2c60aa55198ae95e12fd
-new file mode 100644
-index 0000000..49757b9
-Binary files /dev/null and b/fuzz/corpora/cms/35b327afa395b5a527da2c60aa55198ae95e12fd differ
-diff --git a/fuzz/corpora/cms/3637fe4634e7ed74df9ff008a9397387bebc133c b/fuzz/corpora/cms/3637fe4634e7ed74df9ff008a9397387bebc133c
-new file mode 100644
-index 0000000..484af4b
-Binary files /dev/null and b/fuzz/corpora/cms/3637fe4634e7ed74df9ff008a9397387bebc133c differ
-diff --git a/fuzz/corpora/cms/37f19198b8e2c1151fbf1c2fb3e233acbc41744a b/fuzz/corpora/cms/37f19198b8e2c1151fbf1c2fb3e233acbc41744a
-new file mode 100644
-index 0000000..49fdb5b
-Binary files /dev/null and b/fuzz/corpora/cms/37f19198b8e2c1151fbf1c2fb3e233acbc41744a differ
-diff --git a/fuzz/corpora/cms/381832e3161e655e2bb4e83d9436134b25e4bc5e b/fuzz/corpora/cms/381832e3161e655e2bb4e83d9436134b25e4bc5e
-new file mode 100644
-index 0000000..42bf122
-Binary files /dev/null and b/fuzz/corpora/cms/381832e3161e655e2bb4e83d9436134b25e4bc5e differ
-diff --git a/fuzz/corpora/cms/3cda064cd26db41a8705b2505e42d67a77f128cf b/fuzz/corpora/cms/3cda064cd26db41a8705b2505e42d67a77f128cf
-new file mode 100644
-index 0000000..b70a1e1
-Binary files /dev/null and b/fuzz/corpora/cms/3cda064cd26db41a8705b2505e42d67a77f128cf differ
-diff --git a/fuzz/corpora/cms/3e1ee8cebe894b30ed5a1a7cbe7bec4c4af2e1db b/fuzz/corpora/cms/3e1ee8cebe894b30ed5a1a7cbe7bec4c4af2e1db
-new file mode 100644
-index 0000000..04ec33e
-Binary files /dev/null and b/fuzz/corpora/cms/3e1ee8cebe894b30ed5a1a7cbe7bec4c4af2e1db differ
-diff --git a/fuzz/corpora/cms/3fa4f3b396722595eb64469fce6eb9f10387be35 b/fuzz/corpora/cms/3fa4f3b396722595eb64469fce6eb9f10387be35
-new file mode 100644
-index 0000000..d73d538
-Binary files /dev/null and b/fuzz/corpora/cms/3fa4f3b396722595eb64469fce6eb9f10387be35 differ
-diff --git a/fuzz/corpora/cms/400bda580ee61c008925f6f84147c4126797afa8 b/fuzz/corpora/cms/400bda580ee61c008925f6f84147c4126797afa8
-new file mode 100644
-index 0000000..b5226b1
-Binary files /dev/null and b/fuzz/corpora/cms/400bda580ee61c008925f6f84147c4126797afa8 differ
-diff --git a/fuzz/corpora/cms/4221d117d1cc60ed3bf9df8521fe41fff9b5f4f1 b/fuzz/corpora/cms/4221d117d1cc60ed3bf9df8521fe41fff9b5f4f1
-new file mode 100644
-index 0000000..8bad434
-Binary files /dev/null and b/fuzz/corpora/cms/4221d117d1cc60ed3bf9df8521fe41fff9b5f4f1 differ
-diff --git a/fuzz/corpora/cms/435b6d3643b613a79fcfbb165c4b7760c5c797ee b/fuzz/corpora/cms/435b6d3643b613a79fcfbb165c4b7760c5c797ee
-new file mode 100644
-index 0000000..91303a7
-Binary files /dev/null and b/fuzz/corpora/cms/435b6d3643b613a79fcfbb165c4b7760c5c797ee differ
-diff --git a/fuzz/corpora/cms/4415864188a309e4bea39e4978a2746b92344947 b/fuzz/corpora/cms/4415864188a309e4bea39e4978a2746b92344947
-new file mode 100644
-index 0000000..f54e9ec
-Binary files /dev/null and b/fuzz/corpora/cms/4415864188a309e4bea39e4978a2746b92344947 differ
-diff --git a/fuzz/corpora/cms/473d52f5773cc6b9e317d366b89d874dadd7ee9a b/fuzz/corpora/cms/473d52f5773cc6b9e317d366b89d874dadd7ee9a
-new file mode 100644
-index 0000000..e866040
-Binary files /dev/null and b/fuzz/corpora/cms/473d52f5773cc6b9e317d366b89d874dadd7ee9a differ
-diff --git a/fuzz/corpora/cms/4748ac55cca483a07dfe6bcceea4890c6092d891 b/fuzz/corpora/cms/4748ac55cca483a07dfe6bcceea4890c6092d891
-new file mode 100644
-index 0000000..a581e7c
-Binary files /dev/null and b/fuzz/corpora/cms/4748ac55cca483a07dfe6bcceea4890c6092d891 differ
-diff --git a/fuzz/corpora/cms/499b514a646a97eb238f27e70ddaf77a2b706de1 b/fuzz/corpora/cms/499b514a646a97eb238f27e70ddaf77a2b706de1
-new file mode 100644
-index 0000000..4a19572
-Binary files /dev/null and b/fuzz/corpora/cms/499b514a646a97eb238f27e70ddaf77a2b706de1 differ
-diff --git a/fuzz/corpora/cms/4cade5da961a5730a28ef9035ecb34b143b1099e b/fuzz/corpora/cms/4cade5da961a5730a28ef9035ecb34b143b1099e
-new file mode 100644
-index 0000000..a518863
-Binary files /dev/null and b/fuzz/corpora/cms/4cade5da961a5730a28ef9035ecb34b143b1099e differ
-diff --git a/fuzz/corpora/cms/4ce0ff06f4588fcefecc113b43115b4ec5ab3912 b/fuzz/corpora/cms/4ce0ff06f4588fcefecc113b43115b4ec5ab3912
-new file mode 100644
-index 0000000..2daf62a
-Binary files /dev/null and b/fuzz/corpora/cms/4ce0ff06f4588fcefecc113b43115b4ec5ab3912 differ
-diff --git a/fuzz/corpora/cms/4dbee9f1ffb494161790ac1fd79d78882c923818 b/fuzz/corpora/cms/4dbee9f1ffb494161790ac1fd79d78882c923818
-new file mode 100644
-index 0000000..99ed076
-Binary files /dev/null and b/fuzz/corpora/cms/4dbee9f1ffb494161790ac1fd79d78882c923818 differ
-diff --git a/fuzz/corpora/cms/4fd63f772b571fd8a354a3f20b60756770817f14 b/fuzz/corpora/cms/4fd63f772b571fd8a354a3f20b60756770817f14
-new file mode 100644
-index 0000000..f62be49
-Binary files /dev/null and b/fuzz/corpora/cms/4fd63f772b571fd8a354a3f20b60756770817f14 differ
-diff --git a/fuzz/corpora/cms/5511d5ca205f5285fb8f2cf64831b8fb0efcd501 b/fuzz/corpora/cms/5511d5ca205f5285fb8f2cf64831b8fb0efcd501
-new file mode 100644
-index 0000000..4183013
-Binary files /dev/null and b/fuzz/corpora/cms/5511d5ca205f5285fb8f2cf64831b8fb0efcd501 differ
-diff --git a/fuzz/corpora/cms/55a5c7054893c48091b370af5fe0a415ea04abaa b/fuzz/corpora/cms/55a5c7054893c48091b370af5fe0a415ea04abaa
-new file mode 100644
-index 0000000..30d653e
-Binary files /dev/null and b/fuzz/corpora/cms/55a5c7054893c48091b370af5fe0a415ea04abaa differ
-diff --git a/fuzz/corpora/cms/5744861a64fd90282b4edfbb8fc558a28d389791 b/fuzz/corpora/cms/5744861a64fd90282b4edfbb8fc558a28d389791
-new file mode 100644
-index 0000000..690b062
-Binary files /dev/null and b/fuzz/corpora/cms/5744861a64fd90282b4edfbb8fc558a28d389791 differ
-diff --git a/fuzz/corpora/cms/57c184a24bdd704ba98e57d1279b24891368ab97 b/fuzz/corpora/cms/57c184a24bdd704ba98e57d1279b24891368ab97
-new file mode 100644
-index 0000000..c898ad2
-Binary files /dev/null and b/fuzz/corpora/cms/57c184a24bdd704ba98e57d1279b24891368ab97 differ
-diff --git a/fuzz/corpora/cms/59b95860da326b260ed7584ffd81a0b02fcc8290 b/fuzz/corpora/cms/59b95860da326b260ed7584ffd81a0b02fcc8290
-new file mode 100644
-index 0000000..38a05fe
-Binary files /dev/null and b/fuzz/corpora/cms/59b95860da326b260ed7584ffd81a0b02fcc8290 differ
-diff --git a/fuzz/corpora/cms/5a37f049dfb23d3dafbb3eee8015957b569efbd6 b/fuzz/corpora/cms/5a37f049dfb23d3dafbb3eee8015957b569efbd6
-new file mode 100644
-index 0000000..a539205
-Binary files /dev/null and b/fuzz/corpora/cms/5a37f049dfb23d3dafbb3eee8015957b569efbd6 differ
-diff --git a/fuzz/corpora/cms/5a4b0a33d668c8a583c8baf37b320444633473e4 b/fuzz/corpora/cms/5a4b0a33d668c8a583c8baf37b320444633473e4
-new file mode 100644
-index 0000000..dbf4d88
-Binary files /dev/null and b/fuzz/corpora/cms/5a4b0a33d668c8a583c8baf37b320444633473e4 differ
-diff --git a/fuzz/corpora/cms/5a95bfce7900eec07c5c2f311d8e0ee2354f3c73 b/fuzz/corpora/cms/5a95bfce7900eec07c5c2f311d8e0ee2354f3c73
-new file mode 100644
-index 0000000..cff1dfa
-Binary files /dev/null and b/fuzz/corpora/cms/5a95bfce7900eec07c5c2f311d8e0ee2354f3c73 differ
-diff --git a/fuzz/corpora/cms/5b5b308ff54ee711f41f06e8e9280544fb8ba903 b/fuzz/corpora/cms/5b5b308ff54ee711f41f06e8e9280544fb8ba903
-new file mode 100644
-index 0000000..d173c92
-Binary files /dev/null and b/fuzz/corpora/cms/5b5b308ff54ee711f41f06e8e9280544fb8ba903 differ
-diff --git a/fuzz/corpora/cms/5be232f372108e0e13b9167710b25937da9c9225 b/fuzz/corpora/cms/5be232f372108e0e13b9167710b25937da9c9225
-new file mode 100644
-index 0000000..0452a7b
-Binary files /dev/null and b/fuzz/corpora/cms/5be232f372108e0e13b9167710b25937da9c9225 differ
-diff --git a/fuzz/corpora/cms/5cd4067458e607443cdc92fac7452e3b733735ff b/fuzz/corpora/cms/5cd4067458e607443cdc92fac7452e3b733735ff
-new file mode 100644
-index 0000000..ea797cf
-Binary files /dev/null and b/fuzz/corpora/cms/5cd4067458e607443cdc92fac7452e3b733735ff differ
-diff --git a/fuzz/corpora/cms/60ca2974be91ab1e368782b208097c67e7e97f8c b/fuzz/corpora/cms/60ca2974be91ab1e368782b208097c67e7e97f8c
-new file mode 100644
-index 0000000..5192e93
-Binary files /dev/null and b/fuzz/corpora/cms/60ca2974be91ab1e368782b208097c67e7e97f8c differ
-diff --git a/fuzz/corpora/cms/62bf1a2c54f6284043c268e7e738b9895be0c101 b/fuzz/corpora/cms/62bf1a2c54f6284043c268e7e738b9895be0c101
-new file mode 100644
-index 0000000..ebddbd0
-Binary files /dev/null and b/fuzz/corpora/cms/62bf1a2c54f6284043c268e7e738b9895be0c101 differ
-diff --git a/fuzz/corpora/cms/6435dde42831698ca72962c7bf7678f69e76bb24 b/fuzz/corpora/cms/6435dde42831698ca72962c7bf7678f69e76bb24
-new file mode 100644
-index 0000000..de7e4ea
-Binary files /dev/null and b/fuzz/corpora/cms/6435dde42831698ca72962c7bf7678f69e76bb24 differ
-diff --git a/fuzz/corpora/cms/64e074c604b1b3f63259926241dc9fefc7baaa26 b/fuzz/corpora/cms/64e074c604b1b3f63259926241dc9fefc7baaa26
-new file mode 100644
-index 0000000..4831dba
-Binary files /dev/null and b/fuzz/corpora/cms/64e074c604b1b3f63259926241dc9fefc7baaa26 differ
-diff --git a/fuzz/corpora/cms/664b1216a36428546e88518468a2cc865100b095 b/fuzz/corpora/cms/664b1216a36428546e88518468a2cc865100b095
-new file mode 100644
-index 0000000..63e97122
-Binary files /dev/null and b/fuzz/corpora/cms/664b1216a36428546e88518468a2cc865100b095 differ
-diff --git a/fuzz/corpora/cms/666850a1ee7e548c1434467c899b28b4762ecffb b/fuzz/corpora/cms/666850a1ee7e548c1434467c899b28b4762ecffb
-new file mode 100644
-index 0000000..ec82010
-Binary files /dev/null and b/fuzz/corpora/cms/666850a1ee7e548c1434467c899b28b4762ecffb differ
-diff --git a/fuzz/corpora/cms/66f832e45d51bfb233d3604ed49837067f147efc b/fuzz/corpora/cms/66f832e45d51bfb233d3604ed49837067f147efc
-new file mode 100644
-index 0000000..910e481
-Binary files /dev/null and b/fuzz/corpora/cms/66f832e45d51bfb233d3604ed49837067f147efc differ
-diff --git a/fuzz/corpora/cms/67487355e4056f3e308e21dd79b6ea9954fc098f b/fuzz/corpora/cms/67487355e4056f3e308e21dd79b6ea9954fc098f
-new file mode 100644
-index 0000000..ded3fc3
-Binary files /dev/null and b/fuzz/corpora/cms/67487355e4056f3e308e21dd79b6ea9954fc098f differ
-diff --git a/fuzz/corpora/cms/675e3131790c9f81bf3d4c4e67fef8ace7a92d6b b/fuzz/corpora/cms/675e3131790c9f81bf3d4c4e67fef8ace7a92d6b
-new file mode 100644
-index 0000000..78e917d
-Binary files /dev/null and b/fuzz/corpora/cms/675e3131790c9f81bf3d4c4e67fef8ace7a92d6b differ
-diff --git a/fuzz/corpora/cms/689ac33ca010339b32083571c4d697fc5108f8cc b/fuzz/corpora/cms/689ac33ca010339b32083571c4d697fc5108f8cc
-new file mode 100644
-index 0000000..2c8f4fc
-Binary files /dev/null and b/fuzz/corpora/cms/689ac33ca010339b32083571c4d697fc5108f8cc differ
-diff --git a/fuzz/corpora/cms/6955f5c1359e1fe3fe99ec6b786c05e9ff9a09cc b/fuzz/corpora/cms/6955f5c1359e1fe3fe99ec6b786c05e9ff9a09cc
-new file mode 100644
-index 0000000..85ba98e
-Binary files /dev/null and b/fuzz/corpora/cms/6955f5c1359e1fe3fe99ec6b786c05e9ff9a09cc differ
-diff --git a/fuzz/corpora/cms/6dda2b5e9c9bf39396bfb598fecb96be87949f07 b/fuzz/corpora/cms/6dda2b5e9c9bf39396bfb598fecb96be87949f07
-new file mode 100644
-index 0000000..051cde4
-Binary files /dev/null and b/fuzz/corpora/cms/6dda2b5e9c9bf39396bfb598fecb96be87949f07 differ
-diff --git a/fuzz/corpora/cms/6fe8dcdc789295233a78295ccd80c0ac1ac7478a b/fuzz/corpora/cms/6fe8dcdc789295233a78295ccd80c0ac1ac7478a
-new file mode 100644
-index 0000000..913cdc5
-Binary files /dev/null and b/fuzz/corpora/cms/6fe8dcdc789295233a78295ccd80c0ac1ac7478a differ
-diff --git a/fuzz/corpora/cms/70f006272146c12e91b7a03e28905b8d82fd41d5 b/fuzz/corpora/cms/70f006272146c12e91b7a03e28905b8d82fd41d5
-new file mode 100644
-index 0000000..4c30a40
-Binary files /dev/null and b/fuzz/corpora/cms/70f006272146c12e91b7a03e28905b8d82fd41d5 differ
-diff --git a/fuzz/corpora/cms/72f31b6c603f132bbed55ae084684dd96d83b42d b/fuzz/corpora/cms/72f31b6c603f132bbed55ae084684dd96d83b42d
-new file mode 100644
-index 0000000..84e4905
-Binary files /dev/null and b/fuzz/corpora/cms/72f31b6c603f132bbed55ae084684dd96d83b42d differ
-diff --git a/fuzz/corpora/cms/759e934de8a5b9aafd8138925f932b8475b20bde b/fuzz/corpora/cms/759e934de8a5b9aafd8138925f932b8475b20bde
-new file mode 100644
-index 0000000..712fc15
-Binary files /dev/null and b/fuzz/corpora/cms/759e934de8a5b9aafd8138925f932b8475b20bde differ
-diff --git a/fuzz/corpora/cms/766eb2bb2097097a45dc91d5a2d9d549d0003fa4 b/fuzz/corpora/cms/766eb2bb2097097a45dc91d5a2d9d549d0003fa4
-new file mode 100644
-index 0000000..efb323a
-Binary files /dev/null and b/fuzz/corpora/cms/766eb2bb2097097a45dc91d5a2d9d549d0003fa4 differ
-diff --git a/fuzz/corpora/cms/768fe6ad43c6cc97a35c21d3d2b54d6bc8a583b9 b/fuzz/corpora/cms/768fe6ad43c6cc97a35c21d3d2b54d6bc8a583b9
-new file mode 100644
-index 0000000..f01362d
-Binary files /dev/null and b/fuzz/corpora/cms/768fe6ad43c6cc97a35c21d3d2b54d6bc8a583b9 differ
-diff --git a/fuzz/corpora/cms/76d91fd5e48d5d7b44184af3fb1fb22245537180 b/fuzz/corpora/cms/76d91fd5e48d5d7b44184af3fb1fb22245537180
-new file mode 100644
-index 0000000..75c1f88
-Binary files /dev/null and b/fuzz/corpora/cms/76d91fd5e48d5d7b44184af3fb1fb22245537180 differ
-diff --git a/fuzz/corpora/cms/76f5fbbe0340445a16ed71b8b3f1d2af6393d50b b/fuzz/corpora/cms/76f5fbbe0340445a16ed71b8b3f1d2af6393d50b
-new file mode 100644
-index 0000000..cf49ddb
-Binary files /dev/null and b/fuzz/corpora/cms/76f5fbbe0340445a16ed71b8b3f1d2af6393d50b differ
-diff --git a/fuzz/corpora/cms/775d61379491e87335fe0a28a5c62750c4155401 b/fuzz/corpora/cms/775d61379491e87335fe0a28a5c62750c4155401
-new file mode 100644
-index 0000000..d587331
-Binary files /dev/null and b/fuzz/corpora/cms/775d61379491e87335fe0a28a5c62750c4155401 differ
-diff --git a/fuzz/corpora/cms/7a3708efa6f4f79aa782edb03582584a557728a2 b/fuzz/corpora/cms/7a3708efa6f4f79aa782edb03582584a557728a2
-new file mode 100644
-index 0000000..4183707
-Binary files /dev/null and b/fuzz/corpora/cms/7a3708efa6f4f79aa782edb03582584a557728a2 differ
-diff --git a/fuzz/corpora/cms/7a970e89c169f03ead4ff1d76531d85d04cf9786 b/fuzz/corpora/cms/7a970e89c169f03ead4ff1d76531d85d04cf9786
-new file mode 100644
-index 0000000..480b6d3
-Binary files /dev/null and b/fuzz/corpora/cms/7a970e89c169f03ead4ff1d76531d85d04cf9786 differ
-diff --git a/fuzz/corpora/cms/7b47ca13f1b515dd3ce54630933bd7c3998b109c b/fuzz/corpora/cms/7b47ca13f1b515dd3ce54630933bd7c3998b109c
-new file mode 100644
-index 0000000..4e6613e
-Binary files /dev/null and b/fuzz/corpora/cms/7b47ca13f1b515dd3ce54630933bd7c3998b109c differ
-diff --git a/fuzz/corpora/cms/7b59ec7b0f34cc2a736cf8add2a2da27e26f5922 b/fuzz/corpora/cms/7b59ec7b0f34cc2a736cf8add2a2da27e26f5922
-new file mode 100644
-index 0000000..0e06346
-Binary files /dev/null and b/fuzz/corpora/cms/7b59ec7b0f34cc2a736cf8add2a2da27e26f5922 differ
-diff --git a/fuzz/corpora/cms/7be9713c5eb8abd83f7663b30c679911c1ad13c4 b/fuzz/corpora/cms/7be9713c5eb8abd83f7663b30c679911c1ad13c4
-new file mode 100644
-index 0000000..765b8af
-Binary files /dev/null and b/fuzz/corpora/cms/7be9713c5eb8abd83f7663b30c679911c1ad13c4 differ
-diff --git a/fuzz/corpora/cms/7dd75785c77dc91df1b8d795e4e75c5af27a318d b/fuzz/corpora/cms/7dd75785c77dc91df1b8d795e4e75c5af27a318d
-new file mode 100644
-index 0000000..0fd5b45
-Binary files /dev/null and b/fuzz/corpora/cms/7dd75785c77dc91df1b8d795e4e75c5af27a318d differ
-diff --git a/fuzz/corpora/cms/7dfa7b2982f30889332a46ab1c156f2fb028d3c2 b/fuzz/corpora/cms/7dfa7b2982f30889332a46ab1c156f2fb028d3c2
-new file mode 100644
-index 0000000..8cd385a
-Binary files /dev/null and b/fuzz/corpora/cms/7dfa7b2982f30889332a46ab1c156f2fb028d3c2 differ
-diff --git a/fuzz/corpora/cms/7faac4ed856459ea622f0eb0666462eb295e3d9c b/fuzz/corpora/cms/7faac4ed856459ea622f0eb0666462eb295e3d9c
-new file mode 100644
-index 0000000..4deb8af
-Binary files /dev/null and b/fuzz/corpora/cms/7faac4ed856459ea622f0eb0666462eb295e3d9c differ
-diff --git a/fuzz/corpora/cms/8149ab1c831c074ef9969b8b73e9075f3c615557 b/fuzz/corpora/cms/8149ab1c831c074ef9969b8b73e9075f3c615557
-new file mode 100644
-index 0000000..2ff5e2e
-Binary files /dev/null and b/fuzz/corpora/cms/8149ab1c831c074ef9969b8b73e9075f3c615557 differ
-diff --git a/fuzz/corpora/cms/815b878d00b81229ba5c75546593f5db0149346f b/fuzz/corpora/cms/815b878d00b81229ba5c75546593f5db0149346f
-new file mode 100644
-index 0000000..453bc5b
-Binary files /dev/null and b/fuzz/corpora/cms/815b878d00b81229ba5c75546593f5db0149346f differ
-diff --git a/fuzz/corpora/cms/83084472b76d4ea4a688317381f55421db83a6f1 b/fuzz/corpora/cms/83084472b76d4ea4a688317381f55421db83a6f1
-new file mode 100644
-index 0000000..bf5a735
-Binary files /dev/null and b/fuzz/corpora/cms/83084472b76d4ea4a688317381f55421db83a6f1 differ
-diff --git a/fuzz/corpora/cms/86a50e4e2de524d3ee4782f304a257934eed0b14 b/fuzz/corpora/cms/86a50e4e2de524d3ee4782f304a257934eed0b14
-new file mode 100644
-index 0000000..ef814d9
-Binary files /dev/null and b/fuzz/corpora/cms/86a50e4e2de524d3ee4782f304a257934eed0b14 differ
-diff --git a/fuzz/corpora/cms/874fe2b05110e7be0a1316a07a321c2e7328a02b b/fuzz/corpora/cms/874fe2b05110e7be0a1316a07a321c2e7328a02b
-new file mode 100644
-index 0000000..3d5ebd6
-Binary files /dev/null and b/fuzz/corpora/cms/874fe2b05110e7be0a1316a07a321c2e7328a02b differ
-diff --git a/fuzz/corpora/cms/893b869ac6d54477a7873a21bdaf531bf9dbbfc2 b/fuzz/corpora/cms/893b869ac6d54477a7873a21bdaf531bf9dbbfc2
-new file mode 100644
-index 0000000..33c4900
-Binary files /dev/null and b/fuzz/corpora/cms/893b869ac6d54477a7873a21bdaf531bf9dbbfc2 differ
-diff --git a/fuzz/corpora/cms/8b3a902bc1c56b0938dbc34b3e32e2d9f293dc82 b/fuzz/corpora/cms/8b3a902bc1c56b0938dbc34b3e32e2d9f293dc82
-new file mode 100644
-index 0000000..47ff9f8
-Binary files /dev/null and b/fuzz/corpora/cms/8b3a902bc1c56b0938dbc34b3e32e2d9f293dc82 differ
-diff --git a/fuzz/corpora/cms/8c645cac2204b09abaa628d187cc1416abe6a934 b/fuzz/corpora/cms/8c645cac2204b09abaa628d187cc1416abe6a934
-new file mode 100644
-index 0000000..6a9d34d
-Binary files /dev/null and b/fuzz/corpora/cms/8c645cac2204b09abaa628d187cc1416abe6a934 differ
-diff --git a/fuzz/corpora/cms/917d36d2030a45f3ee0483f95565a3f1fa38f49d b/fuzz/corpora/cms/917d36d2030a45f3ee0483f95565a3f1fa38f49d
-new file mode 100644
-index 0000000..a3806b2
-Binary files /dev/null and b/fuzz/corpora/cms/917d36d2030a45f3ee0483f95565a3f1fa38f49d differ
-diff --git a/fuzz/corpora/cms/920f10af8f41df8a9995395a43f49f0fd96c6e58 b/fuzz/corpora/cms/920f10af8f41df8a9995395a43f49f0fd96c6e58
-new file mode 100644
-index 0000000..e257b40
-Binary files /dev/null and b/fuzz/corpora/cms/920f10af8f41df8a9995395a43f49f0fd96c6e58 differ
-diff --git a/fuzz/corpora/cms/953efe8f531a5a87f6d2d5a65b78b05e55599abc b/fuzz/corpora/cms/953efe8f531a5a87f6d2d5a65b78b05e55599abc
-new file mode 100644
-index 0000000..1d79949
-Binary files /dev/null and b/fuzz/corpora/cms/953efe8f531a5a87f6d2d5a65b78b05e55599abc differ
-diff --git a/fuzz/corpora/cms/95ae794899a46a3cfae1ee8feeee0bd955082c57 b/fuzz/corpora/cms/95ae794899a46a3cfae1ee8feeee0bd955082c57
-new file mode 100644
-index 0000000..8b2c567
-Binary files /dev/null and b/fuzz/corpora/cms/95ae794899a46a3cfae1ee8feeee0bd955082c57 differ
-diff --git a/fuzz/corpora/cms/97dc59c7b16aaa8181687f07c21dcfa8a1099085 b/fuzz/corpora/cms/97dc59c7b16aaa8181687f07c21dcfa8a1099085
-new file mode 100644
-index 0000000..635708a
-Binary files /dev/null and b/fuzz/corpora/cms/97dc59c7b16aaa8181687f07c21dcfa8a1099085 differ
-diff --git a/fuzz/corpora/cms/9947b6bf8c0024f6846eb3e62f0cd59ea839bc75 b/fuzz/corpora/cms/9947b6bf8c0024f6846eb3e62f0cd59ea839bc75
-new file mode 100644
-index 0000000..f92e126
-Binary files /dev/null and b/fuzz/corpora/cms/9947b6bf8c0024f6846eb3e62f0cd59ea839bc75 differ
-diff --git a/fuzz/corpora/cms/9a6a65622129d86f342231da907b10cb4ff6bdc8 b/fuzz/corpora/cms/9a6a65622129d86f342231da907b10cb4ff6bdc8
-new file mode 100644
-index 0000000..59fc29d
-Binary files /dev/null and b/fuzz/corpora/cms/9a6a65622129d86f342231da907b10cb4ff6bdc8 differ
-diff --git a/fuzz/corpora/cms/9ab084eacc968e9a03b96419a0880e442afdf1e9 b/fuzz/corpora/cms/9ab084eacc968e9a03b96419a0880e442afdf1e9
-new file mode 100644
-index 0000000..5d245f0
-Binary files /dev/null and b/fuzz/corpora/cms/9ab084eacc968e9a03b96419a0880e442afdf1e9 differ
-diff --git a/fuzz/corpora/cms/9c42cb07f9803082c1480a5682a177ead937542c b/fuzz/corpora/cms/9c42cb07f9803082c1480a5682a177ead937542c
-new file mode 100644
-index 0000000..0d6ba39
-Binary files /dev/null and b/fuzz/corpora/cms/9c42cb07f9803082c1480a5682a177ead937542c differ
-diff --git a/fuzz/corpora/cms/9df838e7ac69313b82ac292aac962a6dbec50937 b/fuzz/corpora/cms/9df838e7ac69313b82ac292aac962a6dbec50937
-new file mode 100644
-index 0000000..690520f
-Binary files /dev/null and b/fuzz/corpora/cms/9df838e7ac69313b82ac292aac962a6dbec50937 differ
-diff --git a/fuzz/corpora/cms/9e6828ccee7f415b353d9007420e9840ad4f2c94 b/fuzz/corpora/cms/9e6828ccee7f415b353d9007420e9840ad4f2c94
-new file mode 100644
-index 0000000..a17ed6b
-Binary files /dev/null and b/fuzz/corpora/cms/9e6828ccee7f415b353d9007420e9840ad4f2c94 differ
-diff --git a/fuzz/corpora/cms/a129e2b896dc5cb3664d711c257d3432a0445a3b b/fuzz/corpora/cms/a129e2b896dc5cb3664d711c257d3432a0445a3b
-new file mode 100644
-index 0000000..01b2f00
-Binary files /dev/null and b/fuzz/corpora/cms/a129e2b896dc5cb3664d711c257d3432a0445a3b differ
-diff --git a/fuzz/corpora/cms/a2348469cb708f26fb2a88e11274848e7e5eaaad b/fuzz/corpora/cms/a2348469cb708f26fb2a88e11274848e7e5eaaad
-new file mode 100644
-index 0000000..5ae7113
-Binary files /dev/null and b/fuzz/corpora/cms/a2348469cb708f26fb2a88e11274848e7e5eaaad differ
-diff --git a/fuzz/corpora/cms/a2538d388f37ca721150973f74692afa5da6549c b/fuzz/corpora/cms/a2538d388f37ca721150973f74692afa5da6549c
-new file mode 100644
-index 0000000..88b9214
-Binary files /dev/null and b/fuzz/corpora/cms/a2538d388f37ca721150973f74692afa5da6549c differ
-diff --git a/fuzz/corpora/cms/a344fcae688e7638806476d95bee7d9bad566c10 b/fuzz/corpora/cms/a344fcae688e7638806476d95bee7d9bad566c10
-new file mode 100644
-index 0000000..84d16b7
-Binary files /dev/null and b/fuzz/corpora/cms/a344fcae688e7638806476d95bee7d9bad566c10 differ
-diff --git a/fuzz/corpora/cms/a46997295152a95339e5f8641946db559ae535b8 b/fuzz/corpora/cms/a46997295152a95339e5f8641946db559ae535b8
-new file mode 100644
-index 0000000..5d8ed0b
-Binary files /dev/null and b/fuzz/corpora/cms/a46997295152a95339e5f8641946db559ae535b8 differ
-diff --git a/fuzz/corpora/cms/a54b5c43b9bec701f7d271b08e8281002dbbe4b9 b/fuzz/corpora/cms/a54b5c43b9bec701f7d271b08e8281002dbbe4b9
-new file mode 100644
-index 0000000..888258f
-Binary files /dev/null and b/fuzz/corpora/cms/a54b5c43b9bec701f7d271b08e8281002dbbe4b9 differ
-diff --git a/fuzz/corpora/cms/a69ca92b3b1d77dc45e067717f89d4c889db60f2 b/fuzz/corpora/cms/a69ca92b3b1d77dc45e067717f89d4c889db60f2
-new file mode 100644
-index 0000000..386cef3
-Binary files /dev/null and b/fuzz/corpora/cms/a69ca92b3b1d77dc45e067717f89d4c889db60f2 differ
-diff --git a/fuzz/corpora/cms/a826cb1fe0990fd46959b8e2a9ea03b960014993 b/fuzz/corpora/cms/a826cb1fe0990fd46959b8e2a9ea03b960014993
-new file mode 100644
-index 0000000..5f08b49
-Binary files /dev/null and b/fuzz/corpora/cms/a826cb1fe0990fd46959b8e2a9ea03b960014993 differ
-diff --git a/fuzz/corpora/cms/a933461425fc1e8535a3a37a0ef45f605bb93c98 b/fuzz/corpora/cms/a933461425fc1e8535a3a37a0ef45f605bb93c98
-new file mode 100644
-index 0000000..3e4f142
-Binary files /dev/null and b/fuzz/corpora/cms/a933461425fc1e8535a3a37a0ef45f605bb93c98 differ
-diff --git a/fuzz/corpora/cms/a965cde0e7eb4e19a4030e18a8369fbbc3397d4f b/fuzz/corpora/cms/a965cde0e7eb4e19a4030e18a8369fbbc3397d4f
-new file mode 100644
-index 0000000..977cc15
-Binary files /dev/null and b/fuzz/corpora/cms/a965cde0e7eb4e19a4030e18a8369fbbc3397d4f differ
-diff --git a/fuzz/corpora/cms/adc9f81e2d90f085df4fec21bf42d91b4b87d738 b/fuzz/corpora/cms/adc9f81e2d90f085df4fec21bf42d91b4b87d738
-new file mode 100644
-index 0000000..49a986b
-Binary files /dev/null and b/fuzz/corpora/cms/adc9f81e2d90f085df4fec21bf42d91b4b87d738 differ
-diff --git a/fuzz/corpora/cms/afd5691611aa425eb851c4242d05849a28089ac7 b/fuzz/corpora/cms/afd5691611aa425eb851c4242d05849a28089ac7
-new file mode 100644
-index 0000000..bb0a92a
-Binary files /dev/null and b/fuzz/corpora/cms/afd5691611aa425eb851c4242d05849a28089ac7 differ
-diff --git a/fuzz/corpora/cms/b1c0d358ac20a7227b8b97784b58eb476327795e b/fuzz/corpora/cms/b1c0d358ac20a7227b8b97784b58eb476327795e
-new file mode 100644
-index 0000000..ffa0e70
-Binary files /dev/null and b/fuzz/corpora/cms/b1c0d358ac20a7227b8b97784b58eb476327795e differ
-diff --git a/fuzz/corpora/cms/b4f88268483923da54627c6e568fc61b7a1d042a b/fuzz/corpora/cms/b4f88268483923da54627c6e568fc61b7a1d042a
-new file mode 100644
-index 0000000..51f4036
-Binary files /dev/null and b/fuzz/corpora/cms/b4f88268483923da54627c6e568fc61b7a1d042a differ
-diff --git a/fuzz/corpora/cms/b62f98976c11d79674b019ea78a7ce4d6d78b479 b/fuzz/corpora/cms/b62f98976c11d79674b019ea78a7ce4d6d78b479
-new file mode 100644
-index 0000000..6a4f186
-Binary files /dev/null and b/fuzz/corpora/cms/b62f98976c11d79674b019ea78a7ce4d6d78b479 differ
-diff --git a/fuzz/corpora/cms/b91924b09cd8a573ce5a116f294fa3d423f0c958 b/fuzz/corpora/cms/b91924b09cd8a573ce5a116f294fa3d423f0c958
-new file mode 100644
-index 0000000..ac7e998
-Binary files /dev/null and b/fuzz/corpora/cms/b91924b09cd8a573ce5a116f294fa3d423f0c958 differ
-diff --git a/fuzz/corpora/cms/bca1836b62613649efad3d7f4b492538cd103ec5 b/fuzz/corpora/cms/bca1836b62613649efad3d7f4b492538cd103ec5
-new file mode 100644
-index 0000000..599182c
-Binary files /dev/null and b/fuzz/corpora/cms/bca1836b62613649efad3d7f4b492538cd103ec5 differ
-diff --git a/fuzz/corpora/cms/bfccbadc0a3dac59dc41c092b334ebe1f7e0ab30 b/fuzz/corpora/cms/bfccbadc0a3dac59dc41c092b334ebe1f7e0ab30
-new file mode 100644
-index 0000000..0e519f8
-Binary files /dev/null and b/fuzz/corpora/cms/bfccbadc0a3dac59dc41c092b334ebe1f7e0ab30 differ
-diff --git a/fuzz/corpora/cms/c139bde465e7cb5b84f1b5f72f2d2c2fb456146f b/fuzz/corpora/cms/c139bde465e7cb5b84f1b5f72f2d2c2fb456146f
-new file mode 100644
-index 0000000..9c56d8f
-Binary files /dev/null and b/fuzz/corpora/cms/c139bde465e7cb5b84f1b5f72f2d2c2fb456146f differ
-diff --git a/fuzz/corpora/cms/c335137d428c70c80a6a203592033b3daab5fa63 b/fuzz/corpora/cms/c335137d428c70c80a6a203592033b3daab5fa63
-new file mode 100644
-index 0000000..c2ae826
-Binary files /dev/null and b/fuzz/corpora/cms/c335137d428c70c80a6a203592033b3daab5fa63 differ
-diff --git a/fuzz/corpora/cms/c3fa4e681744fb2fe3517f46c268f0ac31ed81f9 b/fuzz/corpora/cms/c3fa4e681744fb2fe3517f46c268f0ac31ed81f9
-new file mode 100644
-index 0000000..1f23fdf
-Binary files /dev/null and b/fuzz/corpora/cms/c3fa4e681744fb2fe3517f46c268f0ac31ed81f9 differ
-diff --git a/fuzz/corpora/cms/c47f700424640143955162ef4b4c016717d70476 b/fuzz/corpora/cms/c47f700424640143955162ef4b4c016717d70476
-new file mode 100644
-index 0000000..f168069
-Binary files /dev/null and b/fuzz/corpora/cms/c47f700424640143955162ef4b4c016717d70476 differ
-diff --git a/fuzz/corpora/cms/c624b1f2d0c74a70d96e980e2cf2b01ca84187d8 b/fuzz/corpora/cms/c624b1f2d0c74a70d96e980e2cf2b01ca84187d8
-new file mode 100644
-index 0000000..b4a264d
-Binary files /dev/null and b/fuzz/corpora/cms/c624b1f2d0c74a70d96e980e2cf2b01ca84187d8 differ
-diff --git a/fuzz/corpora/cms/c67a989bc86e6042327bbc4bb12a52106a9ed256 b/fuzz/corpora/cms/c67a989bc86e6042327bbc4bb12a52106a9ed256
-new file mode 100644
-index 0000000..6ae26e8
-Binary files /dev/null and b/fuzz/corpora/cms/c67a989bc86e6042327bbc4bb12a52106a9ed256 differ
-diff --git a/fuzz/corpora/cms/c69d7d99ff74598932b3df92a44bb6c0f6e5532a b/fuzz/corpora/cms/c69d7d99ff74598932b3df92a44bb6c0f6e5532a
-new file mode 100644
-index 0000000..dffa160
-Binary files /dev/null and b/fuzz/corpora/cms/c69d7d99ff74598932b3df92a44bb6c0f6e5532a differ
-diff --git a/fuzz/corpora/cms/c9f424d63600220117bef03f9746abc31601c799 b/fuzz/corpora/cms/c9f424d63600220117bef03f9746abc31601c799
-new file mode 100644
-index 0000000..a28ec7e
-Binary files /dev/null and b/fuzz/corpora/cms/c9f424d63600220117bef03f9746abc31601c799 differ
-diff --git a/fuzz/corpora/cms/ce535de93536acd130b8e8c973b77d63be5bb27b b/fuzz/corpora/cms/ce535de93536acd130b8e8c973b77d63be5bb27b
-new file mode 100644
-index 0000000..d03636a
-Binary files /dev/null and b/fuzz/corpora/cms/ce535de93536acd130b8e8c973b77d63be5bb27b differ
-diff --git a/fuzz/corpora/cms/cf471b674c79f6cab6c477f21a492f43e51d5411 b/fuzz/corpora/cms/cf471b674c79f6cab6c477f21a492f43e51d5411
-new file mode 100644
-index 0000000..7af7136
-Binary files /dev/null and b/fuzz/corpora/cms/cf471b674c79f6cab6c477f21a492f43e51d5411 differ
-diff --git a/fuzz/corpora/cms/cf8659bd24f4fc6a7e6c19fa72f791b5858fb6ff b/fuzz/corpora/cms/cf8659bd24f4fc6a7e6c19fa72f791b5858fb6ff
-new file mode 100644
-index 0000000..fd6c628
-Binary files /dev/null and b/fuzz/corpora/cms/cf8659bd24f4fc6a7e6c19fa72f791b5858fb6ff differ
-diff --git a/fuzz/corpora/cms/cfa1351340249433ef3072bb7ab01efd3b063014 b/fuzz/corpora/cms/cfa1351340249433ef3072bb7ab01efd3b063014
-new file mode 100644
-index 0000000..0f54bd3
-Binary files /dev/null and b/fuzz/corpora/cms/cfa1351340249433ef3072bb7ab01efd3b063014 differ
-diff --git a/fuzz/corpora/cms/d3178ff5ed6fb314803a0881d4f7b3f634c6339a b/fuzz/corpora/cms/d3178ff5ed6fb314803a0881d4f7b3f634c6339a
-new file mode 100644
-index 0000000..d9a212f
-Binary files /dev/null and b/fuzz/corpora/cms/d3178ff5ed6fb314803a0881d4f7b3f634c6339a differ
-diff --git a/fuzz/corpora/cms/d37583eadc874662ef21ad71ac9de112b5b67a9c b/fuzz/corpora/cms/d37583eadc874662ef21ad71ac9de112b5b67a9c
-new file mode 100644
-index 0000000..465d1ab
-Binary files /dev/null and b/fuzz/corpora/cms/d37583eadc874662ef21ad71ac9de112b5b67a9c differ
-diff --git a/fuzz/corpora/cms/d5a95a4f94d9bc6b4856e5eaf1ce47fbdcad4bd7 b/fuzz/corpora/cms/d5a95a4f94d9bc6b4856e5eaf1ce47fbdcad4bd7
-new file mode 100644
-index 0000000..b13f766
-Binary files /dev/null and b/fuzz/corpora/cms/d5a95a4f94d9bc6b4856e5eaf1ce47fbdcad4bd7 differ
-diff --git a/fuzz/corpora/cms/d681abcc3744d3de74999f75815b2e3721a3f9c0 b/fuzz/corpora/cms/d681abcc3744d3de74999f75815b2e3721a3f9c0
-new file mode 100644
-index 0000000..f39c209
-Binary files /dev/null and b/fuzz/corpora/cms/d681abcc3744d3de74999f75815b2e3721a3f9c0 differ
-diff --git a/fuzz/corpora/cms/d81548ae9d2c501f03732c62142ac4116f4a4699 b/fuzz/corpora/cms/d81548ae9d2c501f03732c62142ac4116f4a4699
-new file mode 100644
-index 0000000..2e63daa
-Binary files /dev/null and b/fuzz/corpora/cms/d81548ae9d2c501f03732c62142ac4116f4a4699 differ
-diff --git a/fuzz/corpora/cms/d95f911bbe787953dc65b0ea04732f2879153e40 b/fuzz/corpora/cms/d95f911bbe787953dc65b0ea04732f2879153e40
-new file mode 100644
-index 0000000..1980dd1
-Binary files /dev/null and b/fuzz/corpora/cms/d95f911bbe787953dc65b0ea04732f2879153e40 differ
-diff --git a/fuzz/corpora/cms/da6b347cf9de6983719b7bd68f070c3b192e1739 b/fuzz/corpora/cms/da6b347cf9de6983719b7bd68f070c3b192e1739
-new file mode 100644
-index 0000000..6e91faf
-Binary files /dev/null and b/fuzz/corpora/cms/da6b347cf9de6983719b7bd68f070c3b192e1739 differ
-diff --git a/fuzz/corpora/cms/db7822260a45dc627a03528e6b48d745d8c62585 b/fuzz/corpora/cms/db7822260a45dc627a03528e6b48d745d8c62585
-new file mode 100644
-index 0000000..4f7f32b
-Binary files /dev/null and b/fuzz/corpora/cms/db7822260a45dc627a03528e6b48d745d8c62585 differ
-diff --git a/fuzz/corpora/cms/e1a36478e56f0c247bcd7a7e8d893637e02a3cac b/fuzz/corpora/cms/e1a36478e56f0c247bcd7a7e8d893637e02a3cac
-new file mode 100644
-index 0000000..29bd88f
-Binary files /dev/null and b/fuzz/corpora/cms/e1a36478e56f0c247bcd7a7e8d893637e02a3cac differ
-diff --git a/fuzz/corpora/cms/e4ea7bf4df18b529da0e7ccfa63d3444a3e64fc0 b/fuzz/corpora/cms/e4ea7bf4df18b529da0e7ccfa63d3444a3e64fc0
-new file mode 100644
-index 0000000..d0509af
-Binary files /dev/null and b/fuzz/corpora/cms/e4ea7bf4df18b529da0e7ccfa63d3444a3e64fc0 differ
-diff --git a/fuzz/corpora/cms/e5779fd34fad0de62cea25044d7d28233f3d8160 b/fuzz/corpora/cms/e5779fd34fad0de62cea25044d7d28233f3d8160
-new file mode 100644
-index 0000000..ff1b02d
-Binary files /dev/null and b/fuzz/corpora/cms/e5779fd34fad0de62cea25044d7d28233f3d8160 differ
-diff --git a/fuzz/corpora/cms/e61b2d9ebd609bf46cf336b9f706f708a9c149e0 b/fuzz/corpora/cms/e61b2d9ebd609bf46cf336b9f706f708a9c149e0
-new file mode 100644
-index 0000000..f145467
-Binary files /dev/null and b/fuzz/corpora/cms/e61b2d9ebd609bf46cf336b9f706f708a9c149e0 differ
-diff --git a/fuzz/corpora/cms/ebb9dcce4c09d753f4ad58952ca79fd9e75b410b b/fuzz/corpora/cms/ebb9dcce4c09d753f4ad58952ca79fd9e75b410b
-new file mode 100644
-index 0000000..fe0f58c
-Binary files /dev/null and b/fuzz/corpora/cms/ebb9dcce4c09d753f4ad58952ca79fd9e75b410b differ
-diff --git a/fuzz/corpora/cms/ec136e74741602be306adccd947b90be475a9e23 b/fuzz/corpora/cms/ec136e74741602be306adccd947b90be475a9e23
-new file mode 100644
-index 0000000..5d2d14b
-Binary files /dev/null and b/fuzz/corpora/cms/ec136e74741602be306adccd947b90be475a9e23 differ
-diff --git a/fuzz/corpora/cms/ec4b1d63abf02c131bf09ae3f29dc9bab2d7864f b/fuzz/corpora/cms/ec4b1d63abf02c131bf09ae3f29dc9bab2d7864f
-new file mode 100644
-index 0000000..2cd2d93
-Binary files /dev/null and b/fuzz/corpora/cms/ec4b1d63abf02c131bf09ae3f29dc9bab2d7864f differ
-diff --git a/fuzz/corpora/cms/ed3efd5d3bebef9e3a2f5321dc43fe46832b9cd0 b/fuzz/corpora/cms/ed3efd5d3bebef9e3a2f5321dc43fe46832b9cd0
-new file mode 100644
-index 0000000..18924a4
-Binary files /dev/null and b/fuzz/corpora/cms/ed3efd5d3bebef9e3a2f5321dc43fe46832b9cd0 differ
-diff --git a/fuzz/corpora/cms/f350bb36daa2f701a6b5a62871f4a64ad5ebce6b b/fuzz/corpora/cms/f350bb36daa2f701a6b5a62871f4a64ad5ebce6b
-new file mode 100644
-index 0000000..d1f8d2a
-Binary files /dev/null and b/fuzz/corpora/cms/f350bb36daa2f701a6b5a62871f4a64ad5ebce6b differ
-diff --git a/fuzz/corpora/cms/f46dcce21b42b5812457cc75656f42d47b8e1aea b/fuzz/corpora/cms/f46dcce21b42b5812457cc75656f42d47b8e1aea
-new file mode 100644
-index 0000000..c762289
-Binary files /dev/null and b/fuzz/corpora/cms/f46dcce21b42b5812457cc75656f42d47b8e1aea differ
-diff --git a/fuzz/corpora/cms/f502c4a89952fb88153f28db6628d21459f28c7e b/fuzz/corpora/cms/f502c4a89952fb88153f28db6628d21459f28c7e
-new file mode 100644
-index 0000000..23028e8
-Binary files /dev/null and b/fuzz/corpora/cms/f502c4a89952fb88153f28db6628d21459f28c7e differ
-diff --git a/fuzz/corpora/cms/f6fc3ea2878bfcbdbfdc0c768e5d760e19cf3dc0 b/fuzz/corpora/cms/f6fc3ea2878bfcbdbfdc0c768e5d760e19cf3dc0
-new file mode 100644
-index 0000000..4040446
-Binary files /dev/null and b/fuzz/corpora/cms/f6fc3ea2878bfcbdbfdc0c768e5d760e19cf3dc0 differ
-diff --git a/fuzz/corpora/cms/f8ac46c04c63316ee6bbbc477edc5ed1d3939821 b/fuzz/corpora/cms/f8ac46c04c63316ee6bbbc477edc5ed1d3939821
-new file mode 100644
-index 0000000..3155a3f
-Binary files /dev/null and b/fuzz/corpora/cms/f8ac46c04c63316ee6bbbc477edc5ed1d3939821 differ
-diff --git a/fuzz/corpora/cms/f9dc496e898fe6a15bc09ab3cdba0dee74b600b7 b/fuzz/corpora/cms/f9dc496e898fe6a15bc09ab3cdba0dee74b600b7
-new file mode 100644
-index 0000000..a016250
-Binary files /dev/null and b/fuzz/corpora/cms/f9dc496e898fe6a15bc09ab3cdba0dee74b600b7 differ
-diff --git a/fuzz/corpora/cms/fae0ce671456a22f64fab7de34188eb09daa0c1a b/fuzz/corpora/cms/fae0ce671456a22f64fab7de34188eb09daa0c1a
-new file mode 100644
-index 0000000..f22a508
-Binary files /dev/null and b/fuzz/corpora/cms/fae0ce671456a22f64fab7de34188eb09daa0c1a differ
-diff --git a/fuzz/corpora/cms/fbfac32c6f0d76631ad8158d6e91becb6dae3db2 b/fuzz/corpora/cms/fbfac32c6f0d76631ad8158d6e91becb6dae3db2
-new file mode 100644
-index 0000000..99cd148
-Binary files /dev/null and b/fuzz/corpora/cms/fbfac32c6f0d76631ad8158d6e91becb6dae3db2 differ
-diff --git a/fuzz/corpora/conf/00e9a2b1f1d902b878f3ce9f8d7ade4c736902bb b/fuzz/corpora/conf/00e9a2b1f1d902b878f3ce9f8d7ade4c736902bb
-new file mode 100644
-index 0000000..9cf40d1
-Binary files /dev/null and b/fuzz/corpora/conf/00e9a2b1f1d902b878f3ce9f8d7ade4c736902bb differ
-diff --git a/fuzz/corpora/conf/0317c76b5d09f4b40ec234cec6f77b152cb453d5 b/fuzz/corpora/conf/0317c76b5d09f4b40ec234cec6f77b152cb453d5
-new file mode 100644
-index 0000000..ea4a362
-Binary files /dev/null and b/fuzz/corpora/conf/0317c76b5d09f4b40ec234cec6f77b152cb453d5 differ
-diff --git a/fuzz/corpora/conf/031c89c13674f1746f0c43b2247a30ab85b43ee9 b/fuzz/corpora/conf/031c89c13674f1746f0c43b2247a30ab85b43ee9
-new file mode 100644
-index 0000000..2cdd0f5
-Binary files /dev/null and b/fuzz/corpora/conf/031c89c13674f1746f0c43b2247a30ab85b43ee9 differ
-diff --git a/fuzz/corpora/conf/03a2f9836be3c0042e47ebddf64ff4ccd7c54486 b/fuzz/corpora/conf/03a2f9836be3c0042e47ebddf64ff4ccd7c54486
-new file mode 100644
-index 0000000..350873a
-Binary files /dev/null and b/fuzz/corpora/conf/03a2f9836be3c0042e47ebddf64ff4ccd7c54486 differ
-diff --git a/fuzz/corpora/conf/057f8b0cc9cb0f5e5a4e69e8bcae2b86b2a5f354 b/fuzz/corpora/conf/057f8b0cc9cb0f5e5a4e69e8bcae2b86b2a5f354
-new file mode 100644
-index 0000000..68ce1ca
-Binary files /dev/null and b/fuzz/corpora/conf/057f8b0cc9cb0f5e5a4e69e8bcae2b86b2a5f354 differ
-diff --git a/fuzz/corpora/conf/05827d1ef2dbef598effe784d66591c466cf959a b/fuzz/corpora/conf/05827d1ef2dbef598effe784d66591c466cf959a
-new file mode 100644
-index 0000000..688ed8b
-Binary files /dev/null and b/fuzz/corpora/conf/05827d1ef2dbef598effe784d66591c466cf959a differ
-diff --git a/fuzz/corpora/conf/05f0531575c104431c441ee7d458399905d14712 b/fuzz/corpora/conf/05f0531575c104431c441ee7d458399905d14712
-new file mode 100644
-index 0000000..13325a4
-Binary files /dev/null and b/fuzz/corpora/conf/05f0531575c104431c441ee7d458399905d14712 differ
-diff --git a/fuzz/corpora/conf/06aadf5517ac4f0c5cc36a4aa2cca76f9d7ef409 b/fuzz/corpora/conf/06aadf5517ac4f0c5cc36a4aa2cca76f9d7ef409
-new file mode 100644
-index 0000000..f671f3a
-Binary files /dev/null and b/fuzz/corpora/conf/06aadf5517ac4f0c5cc36a4aa2cca76f9d7ef409 differ
-diff --git a/fuzz/corpora/conf/08534f33c201a45017b502e90a800f1b708ebcb3 b/fuzz/corpora/conf/08534f33c201a45017b502e90a800f1b708ebcb3
-new file mode 100644
-index 0000000..b7d5379
-Binary files /dev/null and b/fuzz/corpora/conf/08534f33c201a45017b502e90a800f1b708ebcb3 differ
-diff --git a/fuzz/corpora/conf/09d8e5f13e11301cd1a81460e73282f2880758eb b/fuzz/corpora/conf/09d8e5f13e11301cd1a81460e73282f2880758eb
-new file mode 100644
-index 0000000..217ae43
-Binary files /dev/null and b/fuzz/corpora/conf/09d8e5f13e11301cd1a81460e73282f2880758eb differ
-diff --git a/fuzz/corpora/conf/0a931941ecf0401b98a3198b2d2681fcf2b62483 b/fuzz/corpora/conf/0a931941ecf0401b98a3198b2d2681fcf2b62483
-new file mode 100644
-index 0000000..3997a5f
-Binary files /dev/null and b/fuzz/corpora/conf/0a931941ecf0401b98a3198b2d2681fcf2b62483 differ
-diff --git a/fuzz/corpora/conf/0ab87850197bf8ab520ca7b11a2db4654d6fe466 b/fuzz/corpora/conf/0ab87850197bf8ab520ca7b11a2db4654d6fe466
-new file mode 100644
-index 0000000..b59b13c
-Binary files /dev/null and b/fuzz/corpora/conf/0ab87850197bf8ab520ca7b11a2db4654d6fe466 differ
-diff --git a/fuzz/corpora/conf/0cefd58a8120aa3a813d6ee6fe2a6d87fadb5759 b/fuzz/corpora/conf/0cefd58a8120aa3a813d6ee6fe2a6d87fadb5759
-new file mode 100644
-index 0000000..e8c8881
-Binary files /dev/null and b/fuzz/corpora/conf/0cefd58a8120aa3a813d6ee6fe2a6d87fadb5759 differ
-diff --git a/fuzz/corpora/conf/0d54604a236902ea54f6d121698d95e2d8a78711 b/fuzz/corpora/conf/0d54604a236902ea54f6d121698d95e2d8a78711
-new file mode 100644
-index 0000000..8794b03
-Binary files /dev/null and b/fuzz/corpora/conf/0d54604a236902ea54f6d121698d95e2d8a78711 differ
-diff --git a/fuzz/corpora/conf/0fe6e12156bc2d644b12d0df41120d93e57b683b b/fuzz/corpora/conf/0fe6e12156bc2d644b12d0df41120d93e57b683b
-new file mode 100644
-index 0000000..c70c43b
-Binary files /dev/null and b/fuzz/corpora/conf/0fe6e12156bc2d644b12d0df41120d93e57b683b differ
-diff --git a/fuzz/corpora/conf/103330ce0ee3a69a079be3dbddb6c932c3538670 b/fuzz/corpora/conf/103330ce0ee3a69a079be3dbddb6c932c3538670
-new file mode 100644
-index 0000000..c796d77
-Binary files /dev/null and b/fuzz/corpora/conf/103330ce0ee3a69a079be3dbddb6c932c3538670 differ
-diff --git a/fuzz/corpora/conf/11aa9ba6a328b46ca5c36596c3db5536bc697a50 b/fuzz/corpora/conf/11aa9ba6a328b46ca5c36596c3db5536bc697a50
-new file mode 100644
-index 0000000..d5c244f
-Binary files /dev/null and b/fuzz/corpora/conf/11aa9ba6a328b46ca5c36596c3db5536bc697a50 differ
-diff --git a/fuzz/corpora/conf/11b6ab7b3398a65b0cf5c82408adaf4716bde5a4 b/fuzz/corpora/conf/11b6ab7b3398a65b0cf5c82408adaf4716bde5a4
-new file mode 100644
-index 0000000..aedd49d
-Binary files /dev/null and b/fuzz/corpora/conf/11b6ab7b3398a65b0cf5c82408adaf4716bde5a4 differ
-diff --git a/fuzz/corpora/conf/125e764c4ec81a7092980d2108df00ec190fdca2 b/fuzz/corpora/conf/125e764c4ec81a7092980d2108df00ec190fdca2
-new file mode 100644
-index 0000000..2185bd7
-Binary files /dev/null and b/fuzz/corpora/conf/125e764c4ec81a7092980d2108df00ec190fdca2 differ
-diff --git a/fuzz/corpora/conf/12d3b215d6286e315dea5dc34c69b70c5ab78a19 b/fuzz/corpora/conf/12d3b215d6286e315dea5dc34c69b70c5ab78a19
-new file mode 100644
-index 0000000..c97f077
-Binary files /dev/null and b/fuzz/corpora/conf/12d3b215d6286e315dea5dc34c69b70c5ab78a19 differ
-diff --git a/fuzz/corpora/conf/13674cc8b2665c6a612dc6388c85816fcb399625 b/fuzz/corpora/conf/13674cc8b2665c6a612dc6388c85816fcb399625
-new file mode 100644
-index 0000000..ae03e7a
-Binary files /dev/null and b/fuzz/corpora/conf/13674cc8b2665c6a612dc6388c85816fcb399625 differ
-diff --git a/fuzz/corpora/conf/13bf849b7c51abedb4ecaf2372e43672deda7a53 b/fuzz/corpora/conf/13bf849b7c51abedb4ecaf2372e43672deda7a53
-new file mode 100644
-index 0000000..1bcab9a
-Binary files /dev/null and b/fuzz/corpora/conf/13bf849b7c51abedb4ecaf2372e43672deda7a53 differ
-diff --git a/fuzz/corpora/conf/13cac760a129af1523cbacbefe150b08978a3113 b/fuzz/corpora/conf/13cac760a129af1523cbacbefe150b08978a3113
-new file mode 100644
-index 0000000..48bae77
-Binary files /dev/null and b/fuzz/corpora/conf/13cac760a129af1523cbacbefe150b08978a3113 differ
-diff --git a/fuzz/corpora/conf/1579249a889e3745d2c8e93e024cc46879f428a6 b/fuzz/corpora/conf/1579249a889e3745d2c8e93e024cc46879f428a6
-new file mode 100644
-index 0000000..19150d3
-Binary files /dev/null and b/fuzz/corpora/conf/1579249a889e3745d2c8e93e024cc46879f428a6 differ
-diff --git a/fuzz/corpora/conf/159492e9b362d14fd27a2423a4ef9736e7b09416 b/fuzz/corpora/conf/159492e9b362d14fd27a2423a4ef9736e7b09416
-new file mode 100644
-index 0000000..c6dd9ce
-Binary files /dev/null and b/fuzz/corpora/conf/159492e9b362d14fd27a2423a4ef9736e7b09416 differ
-diff --git a/fuzz/corpora/conf/15eff4e20d80de04d55baefebc960e0062cd60ae b/fuzz/corpora/conf/15eff4e20d80de04d55baefebc960e0062cd60ae
-new file mode 100644
-index 0000000..90648d3
-Binary files /dev/null and b/fuzz/corpora/conf/15eff4e20d80de04d55baefebc960e0062cd60ae differ
-diff --git a/fuzz/corpora/conf/168ae6002c92d886bd954300ec8a0b8d05418752 b/fuzz/corpora/conf/168ae6002c92d886bd954300ec8a0b8d05418752
-new file mode 100644
-index 0000000..76e469c
-Binary files /dev/null and b/fuzz/corpora/conf/168ae6002c92d886bd954300ec8a0b8d05418752 differ
-diff --git a/fuzz/corpora/conf/16e94858b9a607d182cbe5fafed8a0b27da05f9f b/fuzz/corpora/conf/16e94858b9a607d182cbe5fafed8a0b27da05f9f
-new file mode 100644
-index 0000000..34d65a8
-Binary files /dev/null and b/fuzz/corpora/conf/16e94858b9a607d182cbe5fafed8a0b27da05f9f differ
-diff --git a/fuzz/corpora/conf/179a818455fb811e06185c6fe59a5439c60df4cd b/fuzz/corpora/conf/179a818455fb811e06185c6fe59a5439c60df4cd
-new file mode 100644
-index 0000000..9aa92a9
-Binary files /dev/null and b/fuzz/corpora/conf/179a818455fb811e06185c6fe59a5439c60df4cd differ
-diff --git a/fuzz/corpora/conf/1e41b52889772c0906675829d04f26b8cc5c2e30 b/fuzz/corpora/conf/1e41b52889772c0906675829d04f26b8cc5c2e30
-new file mode 100644
-index 0000000..375331c
-Binary files /dev/null and b/fuzz/corpora/conf/1e41b52889772c0906675829d04f26b8cc5c2e30 differ
-diff --git a/fuzz/corpora/conf/1f483c52af07cb9b99afbce907a18fba309c641d b/fuzz/corpora/conf/1f483c52af07cb9b99afbce907a18fba309c641d
-new file mode 100644
-index 0000000..cbe29f9
-Binary files /dev/null and b/fuzz/corpora/conf/1f483c52af07cb9b99afbce907a18fba309c641d differ
-diff --git a/fuzz/corpora/conf/2196ca595cd5b53a959384614f30509ad0799bb8 b/fuzz/corpora/conf/2196ca595cd5b53a959384614f30509ad0799bb8
-new file mode 100644
-index 0000000..1ce6bd5
-Binary files /dev/null and b/fuzz/corpora/conf/2196ca595cd5b53a959384614f30509ad0799bb8 differ
-diff --git a/fuzz/corpora/conf/21cd6d534f12ebd26b68782141edb81316afa004 b/fuzz/corpora/conf/21cd6d534f12ebd26b68782141edb81316afa004
-new file mode 100644
-index 0000000..2daa27e
-Binary files /dev/null and b/fuzz/corpora/conf/21cd6d534f12ebd26b68782141edb81316afa004 differ
-diff --git a/fuzz/corpora/conf/2278b1bffd494aa44bb4af69f56e1861fbf14a34 b/fuzz/corpora/conf/2278b1bffd494aa44bb4af69f56e1861fbf14a34
-new file mode 100644
-index 0000000..b94c449
-Binary files /dev/null and b/fuzz/corpora/conf/2278b1bffd494aa44bb4af69f56e1861fbf14a34 differ
-diff --git a/fuzz/corpora/conf/23a42830872c60f84bc3d4e767f65d79539577c6 b/fuzz/corpora/conf/23a42830872c60f84bc3d4e767f65d79539577c6
-new file mode 100644
-index 0000000..e657eef
-Binary files /dev/null and b/fuzz/corpora/conf/23a42830872c60f84bc3d4e767f65d79539577c6 differ
-diff --git a/fuzz/corpora/conf/254778a8717a4ee769133f17e510cc02a318c5a9 b/fuzz/corpora/conf/254778a8717a4ee769133f17e510cc02a318c5a9
-new file mode 100644
-index 0000000..8b930b7
-Binary files /dev/null and b/fuzz/corpora/conf/254778a8717a4ee769133f17e510cc02a318c5a9 differ
-diff --git a/fuzz/corpora/conf/2731a89539eb4dc84dbb42a62be548123bbf4aab b/fuzz/corpora/conf/2731a89539eb4dc84dbb42a62be548123bbf4aab
-new file mode 100644
-index 0000000..8011507
-Binary files /dev/null and b/fuzz/corpora/conf/2731a89539eb4dc84dbb42a62be548123bbf4aab differ
-diff --git a/fuzz/corpora/conf/274e93788bd77f2351130df347d4d2dfb39d1a1b b/fuzz/corpora/conf/274e93788bd77f2351130df347d4d2dfb39d1a1b
-new file mode 100644
-index 0000000..acb8e0d
-Binary files /dev/null and b/fuzz/corpora/conf/274e93788bd77f2351130df347d4d2dfb39d1a1b differ
-diff --git a/fuzz/corpora/conf/28b42e459db719cc7135614828520d44385229ab b/fuzz/corpora/conf/28b42e459db719cc7135614828520d44385229ab
-new file mode 100644
-index 0000000..39405f5
-Binary files /dev/null and b/fuzz/corpora/conf/28b42e459db719cc7135614828520d44385229ab differ
-diff --git a/fuzz/corpora/conf/2950d5d8dfe23fce6214aea50bbf21f9ae534bc9 b/fuzz/corpora/conf/2950d5d8dfe23fce6214aea50bbf21f9ae534bc9
-new file mode 100644
-index 0000000..ff45715
-Binary files /dev/null and b/fuzz/corpora/conf/2950d5d8dfe23fce6214aea50bbf21f9ae534bc9 differ
-diff --git a/fuzz/corpora/conf/296470254f4b0902fe9602c48db217a46b94c806 b/fuzz/corpora/conf/296470254f4b0902fe9602c48db217a46b94c806
-new file mode 100644
-index 0000000..55691d8
-Binary files /dev/null and b/fuzz/corpora/conf/296470254f4b0902fe9602c48db217a46b94c806 differ
-diff --git a/fuzz/corpora/conf/2af5ceebe9e884c1d5be232740198a624fc51c7f b/fuzz/corpora/conf/2af5ceebe9e884c1d5be232740198a624fc51c7f
-new file mode 100644
-index 0000000..556de0d
-Binary files /dev/null and b/fuzz/corpora/conf/2af5ceebe9e884c1d5be232740198a624fc51c7f differ
-diff --git a/fuzz/corpora/conf/2c2c32bebdea305e9a4a4dd4b5e02e72c042a0d9 b/fuzz/corpora/conf/2c2c32bebdea305e9a4a4dd4b5e02e72c042a0d9
-new file mode 100644
-index 0000000..7c2cb9c
-Binary files /dev/null and b/fuzz/corpora/conf/2c2c32bebdea305e9a4a4dd4b5e02e72c042a0d9 differ
-diff --git a/fuzz/corpora/conf/2c40dba8bde4314318386d15ba22bbdc85a2a7ab b/fuzz/corpora/conf/2c40dba8bde4314318386d15ba22bbdc85a2a7ab
-new file mode 100644
-index 0000000..f4b6d85
-Binary files /dev/null and b/fuzz/corpora/conf/2c40dba8bde4314318386d15ba22bbdc85a2a7ab differ
-diff --git a/fuzz/corpora/conf/2c9c8848be51cba70cd0c7aa9529b992fbe9a9b4 b/fuzz/corpora/conf/2c9c8848be51cba70cd0c7aa9529b992fbe9a9b4
-new file mode 100644
-index 0000000..525759b
-Binary files /dev/null and b/fuzz/corpora/conf/2c9c8848be51cba70cd0c7aa9529b992fbe9a9b4 differ
-diff --git a/fuzz/corpora/conf/2d69b7cdfc2d8c9ced8a68e84d329e2849955e80 b/fuzz/corpora/conf/2d69b7cdfc2d8c9ced8a68e84d329e2849955e80
-new file mode 100644
-index 0000000..5a80a65
-Binary files /dev/null and b/fuzz/corpora/conf/2d69b7cdfc2d8c9ced8a68e84d329e2849955e80 differ
-diff --git a/fuzz/corpora/conf/2da3d22d2c98fd2b339257442e2bd3a69bada418 b/fuzz/corpora/conf/2da3d22d2c98fd2b339257442e2bd3a69bada418
-new file mode 100644
-index 0000000..1fa3b31
-Binary files /dev/null and b/fuzz/corpora/conf/2da3d22d2c98fd2b339257442e2bd3a69bada418 differ
-diff --git a/fuzz/corpora/conf/2e861315484dc786b2db7ecd198982a9988c4448 b/fuzz/corpora/conf/2e861315484dc786b2db7ecd198982a9988c4448
-new file mode 100644
-index 0000000..9283675
-Binary files /dev/null and b/fuzz/corpora/conf/2e861315484dc786b2db7ecd198982a9988c4448 differ
-diff --git a/fuzz/corpora/conf/2f23bbc55d4529cae43a4b7c677351074f8749cf b/fuzz/corpora/conf/2f23bbc55d4529cae43a4b7c677351074f8749cf
-new file mode 100644
-index 0000000..c841047
-Binary files /dev/null and b/fuzz/corpora/conf/2f23bbc55d4529cae43a4b7c677351074f8749cf differ
-diff --git a/fuzz/corpora/conf/2f4a40bead0fa12111a6b1e9ce39985b08e36358 b/fuzz/corpora/conf/2f4a40bead0fa12111a6b1e9ce39985b08e36358
-new file mode 100644
-index 0000000..c68c68a
-Binary files /dev/null and b/fuzz/corpora/conf/2f4a40bead0fa12111a6b1e9ce39985b08e36358 differ
-diff --git a/fuzz/corpora/conf/345503fa580e4c55304b62e0a6f3ae47920f0150 b/fuzz/corpora/conf/345503fa580e4c55304b62e0a6f3ae47920f0150
-new file mode 100644
-index 0000000..5e2b233
-Binary files /dev/null and b/fuzz/corpora/conf/345503fa580e4c55304b62e0a6f3ae47920f0150 differ
-diff --git a/fuzz/corpora/conf/3526c79af1f9a49ebd79eff7861fa8fda26bf087 b/fuzz/corpora/conf/3526c79af1f9a49ebd79eff7861fa8fda26bf087
-new file mode 100644
-index 0000000..12cd9b4
-Binary files /dev/null and b/fuzz/corpora/conf/3526c79af1f9a49ebd79eff7861fa8fda26bf087 differ
-diff --git a/fuzz/corpora/conf/355b2714c04bf27031c0db6563a3ac47f9e57414 b/fuzz/corpora/conf/355b2714c04bf27031c0db6563a3ac47f9e57414
-new file mode 100644
-index 0000000..3901d74
-Binary files /dev/null and b/fuzz/corpora/conf/355b2714c04bf27031c0db6563a3ac47f9e57414 differ
-diff --git a/fuzz/corpora/conf/371dd184aaf659e2d79f9bde7ff3468eb5da6200 b/fuzz/corpora/conf/371dd184aaf659e2d79f9bde7ff3468eb5da6200
-new file mode 100644
-index 0000000..2949d1c
-Binary files /dev/null and b/fuzz/corpora/conf/371dd184aaf659e2d79f9bde7ff3468eb5da6200 differ
-diff --git a/fuzz/corpora/conf/38984c3512b1745a0a41ffb4b7e73683031c10f0 b/fuzz/corpora/conf/38984c3512b1745a0a41ffb4b7e73683031c10f0
-new file mode 100644
-index 0000000..cba8d58
-Binary files /dev/null and b/fuzz/corpora/conf/38984c3512b1745a0a41ffb4b7e73683031c10f0 differ
-diff --git a/fuzz/corpora/conf/398f511daf28561a637b3bff7ff758063b489db8 b/fuzz/corpora/conf/398f511daf28561a637b3bff7ff758063b489db8
-new file mode 100644
-index 0000000..46f14f9
-Binary files /dev/null and b/fuzz/corpora/conf/398f511daf28561a637b3bff7ff758063b489db8 differ
-diff --git a/fuzz/corpora/conf/3b262c69d19aa76c5d4e9563790190c4e58ee283 b/fuzz/corpora/conf/3b262c69d19aa76c5d4e9563790190c4e58ee283
-new file mode 100644
-index 0000000..b510e96
-Binary files /dev/null and b/fuzz/corpora/conf/3b262c69d19aa76c5d4e9563790190c4e58ee283 differ
-diff --git a/fuzz/corpora/conf/3bd0acb1edbcc0b62b9224a709a765e5ee09d179 b/fuzz/corpora/conf/3bd0acb1edbcc0b62b9224a709a765e5ee09d179
-new file mode 100644
-index 0000000..14bd77f
-Binary files /dev/null and b/fuzz/corpora/conf/3bd0acb1edbcc0b62b9224a709a765e5ee09d179 differ
-diff --git a/fuzz/corpora/conf/3c1e8db7c63b5833416c8569efb37dd29c953835 b/fuzz/corpora/conf/3c1e8db7c63b5833416c8569efb37dd29c953835
-new file mode 100644
-index 0000000..3f700e3
-Binary files /dev/null and b/fuzz/corpora/conf/3c1e8db7c63b5833416c8569efb37dd29c953835 differ
-diff --git a/fuzz/corpora/conf/3c81208adb3584e7f20e88b02335665fcf6386be b/fuzz/corpora/conf/3c81208adb3584e7f20e88b02335665fcf6386be
-new file mode 100644
-index 0000000..d8bec79
-Binary files /dev/null and b/fuzz/corpora/conf/3c81208adb3584e7f20e88b02335665fcf6386be differ
-diff --git a/fuzz/corpora/conf/3c84ef2ebaec4b1a06a6fd0d9c44a90c828ec932 b/fuzz/corpora/conf/3c84ef2ebaec4b1a06a6fd0d9c44a90c828ec932
-new file mode 100644
-index 0000000..1289db3
-Binary files /dev/null and b/fuzz/corpora/conf/3c84ef2ebaec4b1a06a6fd0d9c44a90c828ec932 differ
-diff --git a/fuzz/corpora/conf/3d58b4189c84c739fb7c8bb510f3a35c437dc358 b/fuzz/corpora/conf/3d58b4189c84c739fb7c8bb510f3a35c437dc358
-new file mode 100644
-index 0000000..7a578a8
-Binary files /dev/null and b/fuzz/corpora/conf/3d58b4189c84c739fb7c8bb510f3a35c437dc358 differ
-diff --git a/fuzz/corpora/conf/3db997f88bdb06970b6d01b723d355b4649fd5b2 b/fuzz/corpora/conf/3db997f88bdb06970b6d01b723d355b4649fd5b2
-new file mode 100644
-index 0000000..d81419b
-Binary files /dev/null and b/fuzz/corpora/conf/3db997f88bdb06970b6d01b723d355b4649fd5b2 differ
-diff --git a/fuzz/corpora/conf/3fc1025965b9a906fccb68f6390a64b0a39c28d7 b/fuzz/corpora/conf/3fc1025965b9a906fccb68f6390a64b0a39c28d7
-new file mode 100644
-index 0000000..3e4ad24
-Binary files /dev/null and b/fuzz/corpora/conf/3fc1025965b9a906fccb68f6390a64b0a39c28d7 differ
-diff --git a/fuzz/corpora/conf/3fc620949348a5819bf1aa4cbdcef56ad87163f7 b/fuzz/corpora/conf/3fc620949348a5819bf1aa4cbdcef56ad87163f7
-new file mode 100644
-index 0000000..9f3df39
-Binary files /dev/null and b/fuzz/corpora/conf/3fc620949348a5819bf1aa4cbdcef56ad87163f7 differ
-diff --git a/fuzz/corpora/conf/400ca19d56803e7f1b795c111626c22451af9fba b/fuzz/corpora/conf/400ca19d56803e7f1b795c111626c22451af9fba
-new file mode 100644
-index 0000000..42579cf
-Binary files /dev/null and b/fuzz/corpora/conf/400ca19d56803e7f1b795c111626c22451af9fba differ
-diff --git a/fuzz/corpora/conf/423fce2bd177a3e9da1f7d5d17af9c315d4cbab6 b/fuzz/corpora/conf/423fce2bd177a3e9da1f7d5d17af9c315d4cbab6
-new file mode 100644
-index 0000000..a9b087a
-Binary files /dev/null and b/fuzz/corpora/conf/423fce2bd177a3e9da1f7d5d17af9c315d4cbab6 differ
-diff --git a/fuzz/corpora/conf/428df981d37999073b1970800ed48e7b42aa88b9 b/fuzz/corpora/conf/428df981d37999073b1970800ed48e7b42aa88b9
-new file mode 100644
-index 0000000..b531851
-Binary files /dev/null and b/fuzz/corpora/conf/428df981d37999073b1970800ed48e7b42aa88b9 differ
-diff --git a/fuzz/corpora/conf/462ce3e0b85b3c956898fff2f6c1d0822ba5dd61 b/fuzz/corpora/conf/462ce3e0b85b3c956898fff2f6c1d0822ba5dd61
-new file mode 100644
-index 0000000..c5f9373
-Binary files /dev/null and b/fuzz/corpora/conf/462ce3e0b85b3c956898fff2f6c1d0822ba5dd61 differ
-diff --git a/fuzz/corpora/conf/470af8e1da896e8fc3e199443b7d7031629091be b/fuzz/corpora/conf/470af8e1da896e8fc3e199443b7d7031629091be
-new file mode 100644
-index 0000000..b851472
-Binary files /dev/null and b/fuzz/corpora/conf/470af8e1da896e8fc3e199443b7d7031629091be differ
-diff --git a/fuzz/corpora/conf/4c38e4ac639dcaecb2f879aff86f6190bf555991 b/fuzz/corpora/conf/4c38e4ac639dcaecb2f879aff86f6190bf555991
-new file mode 100644
-index 0000000..45db0c4
-Binary files /dev/null and b/fuzz/corpora/conf/4c38e4ac639dcaecb2f879aff86f6190bf555991 differ
-diff --git a/fuzz/corpora/conf/4d4a614308fb1069ad8f73868bdcd281e064f44d b/fuzz/corpora/conf/4d4a614308fb1069ad8f73868bdcd281e064f44d
-new file mode 100644
-index 0000000..e1cbb76
-Binary files /dev/null and b/fuzz/corpora/conf/4d4a614308fb1069ad8f73868bdcd281e064f44d differ
-diff --git a/fuzz/corpora/conf/4e741ccc1d92e1687c12c4d9dd0412540420cbec b/fuzz/corpora/conf/4e741ccc1d92e1687c12c4d9dd0412540420cbec
-new file mode 100644
-index 0000000..1594e76
-Binary files /dev/null and b/fuzz/corpora/conf/4e741ccc1d92e1687c12c4d9dd0412540420cbec differ
-diff --git a/fuzz/corpora/conf/4efd91ba727489e2fc7d8fe532ed80538659ef52 b/fuzz/corpora/conf/4efd91ba727489e2fc7d8fe532ed80538659ef52
-new file mode 100644
-index 0000000..326a973
-Binary files /dev/null and b/fuzz/corpora/conf/4efd91ba727489e2fc7d8fe532ed80538659ef52 differ
-diff --git a/fuzz/corpora/conf/52e153ad39af464e9a4c8e3e9b24c50c255305f0 b/fuzz/corpora/conf/52e153ad39af464e9a4c8e3e9b24c50c255305f0
-new file mode 100644
-index 0000000..8c64b40
-Binary files /dev/null and b/fuzz/corpora/conf/52e153ad39af464e9a4c8e3e9b24c50c255305f0 differ
-diff --git a/fuzz/corpora/conf/53b48739efd26b03f4fc8598bf65e0fb6d1cc268 b/fuzz/corpora/conf/53b48739efd26b03f4fc8598bf65e0fb6d1cc268
-new file mode 100644
-index 0000000..34c4bd9
-Binary files /dev/null and b/fuzz/corpora/conf/53b48739efd26b03f4fc8598bf65e0fb6d1cc268 differ
-diff --git a/fuzz/corpora/conf/543b5625a6e4a27827cba3846a4e4565fa165581 b/fuzz/corpora/conf/543b5625a6e4a27827cba3846a4e4565fa165581
-new file mode 100644
-index 0000000..564717c
-Binary files /dev/null and b/fuzz/corpora/conf/543b5625a6e4a27827cba3846a4e4565fa165581 differ
-diff --git a/fuzz/corpora/conf/5460a41cf43972f1493aeca60ac3bd4f8dc330f2 b/fuzz/corpora/conf/5460a41cf43972f1493aeca60ac3bd4f8dc330f2
-new file mode 100644
-index 0000000..036ae29
-Binary files /dev/null and b/fuzz/corpora/conf/5460a41cf43972f1493aeca60ac3bd4f8dc330f2 differ
-diff --git a/fuzz/corpora/conf/5548deeb862e559b8bd0734b84845f79463f5467 b/fuzz/corpora/conf/5548deeb862e559b8bd0734b84845f79463f5467
-new file mode 100644
-index 0000000..e538162
-Binary files /dev/null and b/fuzz/corpora/conf/5548deeb862e559b8bd0734b84845f79463f5467 differ
-diff --git a/fuzz/corpora/conf/55bfe4ad66c93473328435284c783c8408ac0614 b/fuzz/corpora/conf/55bfe4ad66c93473328435284c783c8408ac0614
-new file mode 100644
-index 0000000..507ecae
-Binary files /dev/null and b/fuzz/corpora/conf/55bfe4ad66c93473328435284c783c8408ac0614 differ
-diff --git a/fuzz/corpora/conf/57351a2a20da075dcb9f8abfecdaee40235042c0 b/fuzz/corpora/conf/57351a2a20da075dcb9f8abfecdaee40235042c0
-new file mode 100644
-index 0000000..f29d35e
-Binary files /dev/null and b/fuzz/corpora/conf/57351a2a20da075dcb9f8abfecdaee40235042c0 differ
-diff --git a/fuzz/corpora/conf/58021be17dcef5b082f1746f0fbd70540ed94f49 b/fuzz/corpora/conf/58021be17dcef5b082f1746f0fbd70540ed94f49
-new file mode 100644
-index 0000000..f8780f1
-Binary files /dev/null and b/fuzz/corpora/conf/58021be17dcef5b082f1746f0fbd70540ed94f49 differ
-diff --git a/fuzz/corpora/conf/59904393d0f60322a189824a0b7e6bcfb13d44d1 b/fuzz/corpora/conf/59904393d0f60322a189824a0b7e6bcfb13d44d1
-new file mode 100644
-index 0000000..b882008
-Binary files /dev/null and b/fuzz/corpora/conf/59904393d0f60322a189824a0b7e6bcfb13d44d1 differ
-diff --git a/fuzz/corpora/conf/5a4d2106376deb6fdda3e97bbdbf6e56c3b3c720 b/fuzz/corpora/conf/5a4d2106376deb6fdda3e97bbdbf6e56c3b3c720
-new file mode 100644
-index 0000000..bea29de
-Binary files /dev/null and b/fuzz/corpora/conf/5a4d2106376deb6fdda3e97bbdbf6e56c3b3c720 differ
-diff --git a/fuzz/corpora/conf/5dbc66f84f1f68c04066a9104f0f59d60f281cd5 b/fuzz/corpora/conf/5dbc66f84f1f68c04066a9104f0f59d60f281cd5
-new file mode 100644
-index 0000000..7108906
-Binary files /dev/null and b/fuzz/corpora/conf/5dbc66f84f1f68c04066a9104f0f59d60f281cd5 differ
-diff --git a/fuzz/corpora/conf/5de6527ce4cbedc54d601da54f2f1f0b67aeea17 b/fuzz/corpora/conf/5de6527ce4cbedc54d601da54f2f1f0b67aeea17
-new file mode 100644
-index 0000000..fc2e9ae
-Binary files /dev/null and b/fuzz/corpora/conf/5de6527ce4cbedc54d601da54f2f1f0b67aeea17 differ
-diff --git a/fuzz/corpora/conf/5e177f1cca848cb1d5e27dbc36612b5fafd1dabb b/fuzz/corpora/conf/5e177f1cca848cb1d5e27dbc36612b5fafd1dabb
-new file mode 100644
-index 0000000..d368c01
-Binary files /dev/null and b/fuzz/corpora/conf/5e177f1cca848cb1d5e27dbc36612b5fafd1dabb differ
-diff --git a/fuzz/corpora/conf/60a1ec1ff9ddf27b1b6b5db10b85f8b320956cf7 b/fuzz/corpora/conf/60a1ec1ff9ddf27b1b6b5db10b85f8b320956cf7
-new file mode 100644
-index 0000000..9461be4
-Binary files /dev/null and b/fuzz/corpora/conf/60a1ec1ff9ddf27b1b6b5db10b85f8b320956cf7 differ
-diff --git a/fuzz/corpora/conf/64434837b4ae8f44f826d7a17721fb3ccc42edde b/fuzz/corpora/conf/64434837b4ae8f44f826d7a17721fb3ccc42edde
-new file mode 100644
-index 0000000..eb7808d
-Binary files /dev/null and b/fuzz/corpora/conf/64434837b4ae8f44f826d7a17721fb3ccc42edde differ
-diff --git a/fuzz/corpora/conf/658faa7cc6f0438faf33a1927641f792b7ad3895 b/fuzz/corpora/conf/658faa7cc6f0438faf33a1927641f792b7ad3895
-new file mode 100644
-index 0000000..3fc52c5
-Binary files /dev/null and b/fuzz/corpora/conf/658faa7cc6f0438faf33a1927641f792b7ad3895 differ
-diff --git a/fuzz/corpora/conf/66da3693cd4c2498ecc7c90625cdbd92ace6c2b1 b/fuzz/corpora/conf/66da3693cd4c2498ecc7c90625cdbd92ace6c2b1
-new file mode 100644
-index 0000000..ad27218
-Binary files /dev/null and b/fuzz/corpora/conf/66da3693cd4c2498ecc7c90625cdbd92ace6c2b1 differ
-diff --git a/fuzz/corpora/conf/679670d561a15a31dfe9d1cf76b49926149e72ea b/fuzz/corpora/conf/679670d561a15a31dfe9d1cf76b49926149e72ea
-new file mode 100644
-index 0000000..481b009
-Binary files /dev/null and b/fuzz/corpora/conf/679670d561a15a31dfe9d1cf76b49926149e72ea differ
-diff --git a/fuzz/corpora/conf/690e824e960bfb72b2c920d885d19a59f40da452 b/fuzz/corpora/conf/690e824e960bfb72b2c920d885d19a59f40da452
-new file mode 100644
-index 0000000..4ae6b98
-Binary files /dev/null and b/fuzz/corpora/conf/690e824e960bfb72b2c920d885d19a59f40da452 differ
-diff --git a/fuzz/corpora/conf/6ae4142481e067d74ef8cbc764664297c5b92a23 b/fuzz/corpora/conf/6ae4142481e067d74ef8cbc764664297c5b92a23
-new file mode 100644
-index 0000000..4e87668
-Binary files /dev/null and b/fuzz/corpora/conf/6ae4142481e067d74ef8cbc764664297c5b92a23 differ
-diff --git a/fuzz/corpora/conf/6aed8e12f8dda79c94bcafe0b654842cfd047bba b/fuzz/corpora/conf/6aed8e12f8dda79c94bcafe0b654842cfd047bba
-new file mode 100644
-index 0000000..2bdc457
-Binary files /dev/null and b/fuzz/corpora/conf/6aed8e12f8dda79c94bcafe0b654842cfd047bba differ
-diff --git a/fuzz/corpora/conf/6b747272cdf1f4a8f3f94729be2813b2fe724295 b/fuzz/corpora/conf/6b747272cdf1f4a8f3f94729be2813b2fe724295
-new file mode 100644
-index 0000000..2015450
-Binary files /dev/null and b/fuzz/corpora/conf/6b747272cdf1f4a8f3f94729be2813b2fe724295 differ
-diff --git a/fuzz/corpora/conf/6c5dbd8ad3468876f42373487698b3d136aeb32c b/fuzz/corpora/conf/6c5dbd8ad3468876f42373487698b3d136aeb32c
-new file mode 100644
-index 0000000..ffb8169
-Binary files /dev/null and b/fuzz/corpora/conf/6c5dbd8ad3468876f42373487698b3d136aeb32c differ
-diff --git a/fuzz/corpora/conf/6ef6b86cd22d6e5eceb4061d706b0d3f56ed1863 b/fuzz/corpora/conf/6ef6b86cd22d6e5eceb4061d706b0d3f56ed1863
-new file mode 100644
-index 0000000..46db25f
-Binary files /dev/null and b/fuzz/corpora/conf/6ef6b86cd22d6e5eceb4061d706b0d3f56ed1863 differ
-diff --git a/fuzz/corpora/conf/6faecd6ee5ecb838d27540410e192519e60bbf24 b/fuzz/corpora/conf/6faecd6ee5ecb838d27540410e192519e60bbf24
-new file mode 100644
-index 0000000..7683dd1
-Binary files /dev/null and b/fuzz/corpora/conf/6faecd6ee5ecb838d27540410e192519e60bbf24 differ
-diff --git a/fuzz/corpora/conf/6fe9763507187df67058c922db6e53cd2108c85d b/fuzz/corpora/conf/6fe9763507187df67058c922db6e53cd2108c85d
-new file mode 100644
-index 0000000..69b0465
-Binary files /dev/null and b/fuzz/corpora/conf/6fe9763507187df67058c922db6e53cd2108c85d differ
-diff --git a/fuzz/corpora/conf/70e78e890f7f9ac768215c3fd10f1c8f407f67cf b/fuzz/corpora/conf/70e78e890f7f9ac768215c3fd10f1c8f407f67cf
-new file mode 100644
-index 0000000..dc02610
-Binary files /dev/null and b/fuzz/corpora/conf/70e78e890f7f9ac768215c3fd10f1c8f407f67cf differ
-diff --git a/fuzz/corpora/conf/71014343fd0fc0678702f24bf07e4810f554e644 b/fuzz/corpora/conf/71014343fd0fc0678702f24bf07e4810f554e644
-new file mode 100644
-index 0000000..16938b5
-Binary files /dev/null and b/fuzz/corpora/conf/71014343fd0fc0678702f24bf07e4810f554e644 differ
-diff --git a/fuzz/corpora/conf/71297df83d7e630f52d5e79742df4c8a8129207f b/fuzz/corpora/conf/71297df83d7e630f52d5e79742df4c8a8129207f
-new file mode 100644
-index 0000000..2921dcb
-Binary files /dev/null and b/fuzz/corpora/conf/71297df83d7e630f52d5e79742df4c8a8129207f differ
-diff --git a/fuzz/corpora/conf/71456a0a3bcdd830d2b95e203d002da9578833f0 b/fuzz/corpora/conf/71456a0a3bcdd830d2b95e203d002da9578833f0
-new file mode 100644
-index 0000000..f592aab
-Binary files /dev/null and b/fuzz/corpora/conf/71456a0a3bcdd830d2b95e203d002da9578833f0 differ
-diff --git a/fuzz/corpora/conf/719d708649871814181291db70291f94636d17d5 b/fuzz/corpora/conf/719d708649871814181291db70291f94636d17d5
-new file mode 100644
-index 0000000..6396ffe
-Binary files /dev/null and b/fuzz/corpora/conf/719d708649871814181291db70291f94636d17d5 differ
-diff --git a/fuzz/corpora/conf/71e868d8b84d7f33ba22ce6708fc23bec2199515 b/fuzz/corpora/conf/71e868d8b84d7f33ba22ce6708fc23bec2199515
-new file mode 100644
-index 0000000..81a0df1
-Binary files /dev/null and b/fuzz/corpora/conf/71e868d8b84d7f33ba22ce6708fc23bec2199515 differ
-diff --git a/fuzz/corpora/conf/7270dbae4f76826e3810af56a1197df9b0b316e7 b/fuzz/corpora/conf/7270dbae4f76826e3810af56a1197df9b0b316e7
-new file mode 100644
-index 0000000..2691a5c
-Binary files /dev/null and b/fuzz/corpora/conf/7270dbae4f76826e3810af56a1197df9b0b316e7 differ
-diff --git a/fuzz/corpora/conf/728419a78db968c1ef3f530b634bc7f587afbf97 b/fuzz/corpora/conf/728419a78db968c1ef3f530b634bc7f587afbf97
-new file mode 100644
-index 0000000..f204b99
-Binary files /dev/null and b/fuzz/corpora/conf/728419a78db968c1ef3f530b634bc7f587afbf97 differ
-diff --git a/fuzz/corpora/conf/749e95ddcc3c2df6746ac8d6c52704502a456393 b/fuzz/corpora/conf/749e95ddcc3c2df6746ac8d6c52704502a456393
-new file mode 100644
-index 0000000..a9d5ab4
-Binary files /dev/null and b/fuzz/corpora/conf/749e95ddcc3c2df6746ac8d6c52704502a456393 differ
-diff --git a/fuzz/corpora/conf/74d357f44d1ccef694bbe3870caac173021515c5 b/fuzz/corpora/conf/74d357f44d1ccef694bbe3870caac173021515c5
-new file mode 100644
-index 0000000..4c0b1bb
-Binary files /dev/null and b/fuzz/corpora/conf/74d357f44d1ccef694bbe3870caac173021515c5 differ
-diff --git a/fuzz/corpora/conf/753cdfe9f6f842a72ab2bf4f37b73777fb2bbd3d b/fuzz/corpora/conf/753cdfe9f6f842a72ab2bf4f37b73777fb2bbd3d
-new file mode 100644
-index 0000000..7ecc739
-Binary files /dev/null and b/fuzz/corpora/conf/753cdfe9f6f842a72ab2bf4f37b73777fb2bbd3d differ
-diff --git a/fuzz/corpora/conf/759794d96ad7023f4f535bd378ef600f75472e96 b/fuzz/corpora/conf/759794d96ad7023f4f535bd378ef600f75472e96
-new file mode 100644
-index 0000000..4961a9f
-Binary files /dev/null and b/fuzz/corpora/conf/759794d96ad7023f4f535bd378ef600f75472e96 differ
-diff --git a/fuzz/corpora/conf/76560f668c1900d645d7b0a9c93d8735f721fdf6 b/fuzz/corpora/conf/76560f668c1900d645d7b0a9c93d8735f721fdf6
-new file mode 100644
-index 0000000..43be197
-Binary files /dev/null and b/fuzz/corpora/conf/76560f668c1900d645d7b0a9c93d8735f721fdf6 differ
-diff --git a/fuzz/corpora/conf/77c58f366322a120af79e12dd3e4522f446252e9 b/fuzz/corpora/conf/77c58f366322a120af79e12dd3e4522f446252e9
-new file mode 100644
-index 0000000..51b2628
-Binary files /dev/null and b/fuzz/corpora/conf/77c58f366322a120af79e12dd3e4522f446252e9 differ
-diff --git a/fuzz/corpora/conf/7885cb129a5b88324e99d804336452020d0d1b9d b/fuzz/corpora/conf/7885cb129a5b88324e99d804336452020d0d1b9d
-new file mode 100644
-index 0000000..077cba9
-Binary files /dev/null and b/fuzz/corpora/conf/7885cb129a5b88324e99d804336452020d0d1b9d differ
-diff --git a/fuzz/corpora/conf/78a07d654d410dc97763d3946e815e930a3c089b b/fuzz/corpora/conf/78a07d654d410dc97763d3946e815e930a3c089b
-new file mode 100644
-index 0000000..214391d
-Binary files /dev/null and b/fuzz/corpora/conf/78a07d654d410dc97763d3946e815e930a3c089b differ
-diff --git a/fuzz/corpora/conf/7906c2ec01167f2d13ba9a6d5b46f892e7f3ce92 b/fuzz/corpora/conf/7906c2ec01167f2d13ba9a6d5b46f892e7f3ce92
-new file mode 100644
-index 0000000..f03baf8
-Binary files /dev/null and b/fuzz/corpora/conf/7906c2ec01167f2d13ba9a6d5b46f892e7f3ce92 differ
-diff --git a/fuzz/corpora/conf/79edcdfbdb120e51ce85833db13142d7eacf6dce b/fuzz/corpora/conf/79edcdfbdb120e51ce85833db13142d7eacf6dce
-new file mode 100644
-index 0000000..9cb991d
-Binary files /dev/null and b/fuzz/corpora/conf/79edcdfbdb120e51ce85833db13142d7eacf6dce differ
-diff --git a/fuzz/corpora/conf/7b4c2b5c8dcdb415df4cc4f1a50b983c94e413e8 b/fuzz/corpora/conf/7b4c2b5c8dcdb415df4cc4f1a50b983c94e413e8
-new file mode 100644
-index 0000000..b824400
-Binary files /dev/null and b/fuzz/corpora/conf/7b4c2b5c8dcdb415df4cc4f1a50b983c94e413e8 differ
-diff --git a/fuzz/corpora/conf/7d2e3a6d9453d786efdca4b1de7629d31848b89f b/fuzz/corpora/conf/7d2e3a6d9453d786efdca4b1de7629d31848b89f
-new file mode 100644
-index 0000000..f40ef9e
-Binary files /dev/null and b/fuzz/corpora/conf/7d2e3a6d9453d786efdca4b1de7629d31848b89f differ
-diff --git a/fuzz/corpora/conf/7ecacd37fc66925d7d95bd91dc5d4eccd069c6f2 b/fuzz/corpora/conf/7ecacd37fc66925d7d95bd91dc5d4eccd069c6f2
-new file mode 100644
-index 0000000..52fc546
-Binary files /dev/null and b/fuzz/corpora/conf/7ecacd37fc66925d7d95bd91dc5d4eccd069c6f2 differ
-diff --git a/fuzz/corpora/conf/7efe16907681e363e7dec6c8d876fe9fb9b5479b b/fuzz/corpora/conf/7efe16907681e363e7dec6c8d876fe9fb9b5479b
-new file mode 100644
-index 0000000..53ef779
-Binary files /dev/null and b/fuzz/corpora/conf/7efe16907681e363e7dec6c8d876fe9fb9b5479b differ
-diff --git a/fuzz/corpora/conf/800506d2d5701894ab9ed2937c394c5e301033cc b/fuzz/corpora/conf/800506d2d5701894ab9ed2937c394c5e301033cc
-new file mode 100644
-index 0000000..a7430d1
-Binary files /dev/null and b/fuzz/corpora/conf/800506d2d5701894ab9ed2937c394c5e301033cc differ
-diff --git a/fuzz/corpora/conf/816ebeab084b18e328dcdcc77c296737ca0676db b/fuzz/corpora/conf/816ebeab084b18e328dcdcc77c296737ca0676db
-new file mode 100644
-index 0000000..fac8f99
-Binary files /dev/null and b/fuzz/corpora/conf/816ebeab084b18e328dcdcc77c296737ca0676db differ
-diff --git a/fuzz/corpora/conf/8269372b8a9e720f49c6a26bcc7bbaa1add4f171 b/fuzz/corpora/conf/8269372b8a9e720f49c6a26bcc7bbaa1add4f171
-new file mode 100644
-index 0000000..3549342
-Binary files /dev/null and b/fuzz/corpora/conf/8269372b8a9e720f49c6a26bcc7bbaa1add4f171 differ
-diff --git a/fuzz/corpora/conf/8271ba0a6a595d9f1d10fa8d33ba3cad17391dd4 b/fuzz/corpora/conf/8271ba0a6a595d9f1d10fa8d33ba3cad17391dd4
-new file mode 100644
-index 0000000..d178697
-Binary files /dev/null and b/fuzz/corpora/conf/8271ba0a6a595d9f1d10fa8d33ba3cad17391dd4 differ
-diff --git a/fuzz/corpora/conf/82ca6a93d298f1c831baa7e7cffcdde7bc0fc918 b/fuzz/corpora/conf/82ca6a93d298f1c831baa7e7cffcdde7bc0fc918
-new file mode 100644
-index 0000000..e3e361b
-Binary files /dev/null and b/fuzz/corpora/conf/82ca6a93d298f1c831baa7e7cffcdde7bc0fc918 differ
-diff --git a/fuzz/corpora/conf/8302247975355e6bffcd5c9a3d3a13bb5327cdb7 b/fuzz/corpora/conf/8302247975355e6bffcd5c9a3d3a13bb5327cdb7
-new file mode 100644
-index 0000000..7f36d21
-Binary files /dev/null and b/fuzz/corpora/conf/8302247975355e6bffcd5c9a3d3a13bb5327cdb7 differ
-diff --git a/fuzz/corpora/conf/83fa5e39243ca6b3976a28d1546c25dc47ce7881 b/fuzz/corpora/conf/83fa5e39243ca6b3976a28d1546c25dc47ce7881
-new file mode 100644
-index 0000000..bd08fe0
-Binary files /dev/null and b/fuzz/corpora/conf/83fa5e39243ca6b3976a28d1546c25dc47ce7881 differ
-diff --git a/fuzz/corpora/conf/846c8f10459bfd59f5bffce6d046cfdf132f9a7d b/fuzz/corpora/conf/846c8f10459bfd59f5bffce6d046cfdf132f9a7d
-new file mode 100644
-index 0000000..b8855ef
-Binary files /dev/null and b/fuzz/corpora/conf/846c8f10459bfd59f5bffce6d046cfdf132f9a7d differ
-diff --git a/fuzz/corpora/conf/84909f4887762b02eb4926303731b12e52b429f2 b/fuzz/corpora/conf/84909f4887762b02eb4926303731b12e52b429f2
-new file mode 100644
-index 0000000..9e4b992
-Binary files /dev/null and b/fuzz/corpora/conf/84909f4887762b02eb4926303731b12e52b429f2 differ
-diff --git a/fuzz/corpora/conf/870938e9641f2387c5b1391b2c82b7d7ad4c1d9d b/fuzz/corpora/conf/870938e9641f2387c5b1391b2c82b7d7ad4c1d9d
-new file mode 100644
-index 0000000..6c950d3
-Binary files /dev/null and b/fuzz/corpora/conf/870938e9641f2387c5b1391b2c82b7d7ad4c1d9d differ
-diff --git a/fuzz/corpora/conf/871931f6c9e58e2cc547301bf70f0b61a4e68699 b/fuzz/corpora/conf/871931f6c9e58e2cc547301bf70f0b61a4e68699
-new file mode 100644
-index 0000000..e11b453
-Binary files /dev/null and b/fuzz/corpora/conf/871931f6c9e58e2cc547301bf70f0b61a4e68699 differ
-diff --git a/fuzz/corpora/conf/8752518811ab23974effe02c38218b72ee974a64 b/fuzz/corpora/conf/8752518811ab23974effe02c38218b72ee974a64
-new file mode 100644
-index 0000000..abeb052
-Binary files /dev/null and b/fuzz/corpora/conf/8752518811ab23974effe02c38218b72ee974a64 differ
-diff --git a/fuzz/corpora/conf/87fa4341a14e6672fae8b24a0bd5de52be582799 b/fuzz/corpora/conf/87fa4341a14e6672fae8b24a0bd5de52be582799
-new file mode 100644
-index 0000000..44189fc
-Binary files /dev/null and b/fuzz/corpora/conf/87fa4341a14e6672fae8b24a0bd5de52be582799 differ
-diff --git a/fuzz/corpora/conf/881fd16f16bed72d4c0daee67aee66a2fdc4b77c b/fuzz/corpora/conf/881fd16f16bed72d4c0daee67aee66a2fdc4b77c
-new file mode 100644
-index 0000000..edddf9b
-Binary files /dev/null and b/fuzz/corpora/conf/881fd16f16bed72d4c0daee67aee66a2fdc4b77c differ
-diff --git a/fuzz/corpora/conf/89764fc4308e3d4e6f307bd4039ba83c2e193935 b/fuzz/corpora/conf/89764fc4308e3d4e6f307bd4039ba83c2e193935
-new file mode 100644
-index 0000000..3821918
-Binary files /dev/null and b/fuzz/corpora/conf/89764fc4308e3d4e6f307bd4039ba83c2e193935 differ
-diff --git a/fuzz/corpora/conf/8b1b25dae4d2b129c88927f4bec1e257f1f8cb68 b/fuzz/corpora/conf/8b1b25dae4d2b129c88927f4bec1e257f1f8cb68
-new file mode 100644
-index 0000000..5b6f362
-Binary files /dev/null and b/fuzz/corpora/conf/8b1b25dae4d2b129c88927f4bec1e257f1f8cb68 differ
-diff --git a/fuzz/corpora/conf/8baa7501533645e5b16d3eb704f442883de2f70b b/fuzz/corpora/conf/8baa7501533645e5b16d3eb704f442883de2f70b
-new file mode 100644
-index 0000000..67790b9
-Binary files /dev/null and b/fuzz/corpora/conf/8baa7501533645e5b16d3eb704f442883de2f70b differ
-diff --git a/fuzz/corpora/conf/8dd350bec61c3da42c28ab04869385a2bdd8614a b/fuzz/corpora/conf/8dd350bec61c3da42c28ab04869385a2bdd8614a
-new file mode 100644
-index 0000000..4784a9b
-Binary files /dev/null and b/fuzz/corpora/conf/8dd350bec61c3da42c28ab04869385a2bdd8614a differ
-diff --git a/fuzz/corpora/conf/8eac397fe0fbd47d624785dfde2b6617d7240e3c b/fuzz/corpora/conf/8eac397fe0fbd47d624785dfde2b6617d7240e3c
-new file mode 100644
-index 0000000..600fa59
-Binary files /dev/null and b/fuzz/corpora/conf/8eac397fe0fbd47d624785dfde2b6617d7240e3c differ
-diff --git a/fuzz/corpora/conf/8ef3dedc082532ce62063e2b9bd124e7c7878e95 b/fuzz/corpora/conf/8ef3dedc082532ce62063e2b9bd124e7c7878e95
-new file mode 100644
-index 0000000..ff26919
-Binary files /dev/null and b/fuzz/corpora/conf/8ef3dedc082532ce62063e2b9bd124e7c7878e95 differ
-diff --git a/fuzz/corpora/conf/8f402c6ca56faf0af9eb22595008a283d487d5c5 b/fuzz/corpora/conf/8f402c6ca56faf0af9eb22595008a283d487d5c5
-new file mode 100644
-index 0000000..95a6ab7
-Binary files /dev/null and b/fuzz/corpora/conf/8f402c6ca56faf0af9eb22595008a283d487d5c5 differ
-diff --git a/fuzz/corpora/conf/90f7796d512840082e997dfc8560bbdc589db441 b/fuzz/corpora/conf/90f7796d512840082e997dfc8560bbdc589db441
-new file mode 100644
-index 0000000..9600c7c
-Binary files /dev/null and b/fuzz/corpora/conf/90f7796d512840082e997dfc8560bbdc589db441 differ
-diff --git a/fuzz/corpora/conf/912a335eefeac23e4079f2f74bec398466e581a6 b/fuzz/corpora/conf/912a335eefeac23e4079f2f74bec398466e581a6
-new file mode 100644
-index 0000000..9967744
-Binary files /dev/null and b/fuzz/corpora/conf/912a335eefeac23e4079f2f74bec398466e581a6 differ
-diff --git a/fuzz/corpora/conf/9142e5d26f499780d2240d2c23843f2b3a55f058 b/fuzz/corpora/conf/9142e5d26f499780d2240d2c23843f2b3a55f058
-new file mode 100644
-index 0000000..7d62326
-Binary files /dev/null and b/fuzz/corpora/conf/9142e5d26f499780d2240d2c23843f2b3a55f058 differ
-diff --git a/fuzz/corpora/conf/9550b31643f4babcc42b52c1d5a802ee7c0d95e9 b/fuzz/corpora/conf/9550b31643f4babcc42b52c1d5a802ee7c0d95e9
-new file mode 100644
-index 0000000..20ad8e4
-Binary files /dev/null and b/fuzz/corpora/conf/9550b31643f4babcc42b52c1d5a802ee7c0d95e9 differ
-diff --git a/fuzz/corpora/conf/97726879f908ab85357bf2135ac91805386947b4 b/fuzz/corpora/conf/97726879f908ab85357bf2135ac91805386947b4
-new file mode 100644
-index 0000000..3ace819
-Binary files /dev/null and b/fuzz/corpora/conf/97726879f908ab85357bf2135ac91805386947b4 differ
-diff --git a/fuzz/corpora/conf/97f7e229043ca9c91cc3b5e09a370ce26dee5075 b/fuzz/corpora/conf/97f7e229043ca9c91cc3b5e09a370ce26dee5075
-new file mode 100644
-index 0000000..b12987e
-Binary files /dev/null and b/fuzz/corpora/conf/97f7e229043ca9c91cc3b5e09a370ce26dee5075 differ
-diff --git a/fuzz/corpora/conf/98b9cc9368017a2fddaafe876ba0566f9928e0ab b/fuzz/corpora/conf/98b9cc9368017a2fddaafe876ba0566f9928e0ab
-new file mode 100644
-index 0000000..f1c37b0
-Binary files /dev/null and b/fuzz/corpora/conf/98b9cc9368017a2fddaafe876ba0566f9928e0ab differ
-diff --git a/fuzz/corpora/conf/98be96bea6428a2ab7db5dc20f3cdf9b9621c10f b/fuzz/corpora/conf/98be96bea6428a2ab7db5dc20f3cdf9b9621c10f
-new file mode 100644
-index 0000000..c132678
-Binary files /dev/null and b/fuzz/corpora/conf/98be96bea6428a2ab7db5dc20f3cdf9b9621c10f differ
-diff --git a/fuzz/corpora/conf/992a1d4132ab9d6b4926fe7714fd152de87fb22c b/fuzz/corpora/conf/992a1d4132ab9d6b4926fe7714fd152de87fb22c
-new file mode 100644
-index 0000000..0868ae5
-Binary files /dev/null and b/fuzz/corpora/conf/992a1d4132ab9d6b4926fe7714fd152de87fb22c differ
-diff --git a/fuzz/corpora/conf/99ef6e39e35be679d5d9e8f89e1fb302747f502c b/fuzz/corpora/conf/99ef6e39e35be679d5d9e8f89e1fb302747f502c
-new file mode 100644
-index 0000000..58c478a
-Binary files /dev/null and b/fuzz/corpora/conf/99ef6e39e35be679d5d9e8f89e1fb302747f502c differ
-diff --git a/fuzz/corpora/conf/9a390db3e36257903a44e64ae3d5e932706ef0a1 b/fuzz/corpora/conf/9a390db3e36257903a44e64ae3d5e932706ef0a1
-new file mode 100644
-index 0000000..30f18be
-Binary files /dev/null and b/fuzz/corpora/conf/9a390db3e36257903a44e64ae3d5e932706ef0a1 differ
-diff --git a/fuzz/corpora/conf/9b6b45a6cdeed4481761928cfb8a71b0674a156b b/fuzz/corpora/conf/9b6b45a6cdeed4481761928cfb8a71b0674a156b
-new file mode 100644
-index 0000000..e38b27c
-Binary files /dev/null and b/fuzz/corpora/conf/9b6b45a6cdeed4481761928cfb8a71b0674a156b differ
-diff --git a/fuzz/corpora/conf/9c57b38417fdde3e92126857475da5b3ed4e2b1d b/fuzz/corpora/conf/9c57b38417fdde3e92126857475da5b3ed4e2b1d
-new file mode 100644
-index 0000000..57c1933
-Binary files /dev/null and b/fuzz/corpora/conf/9c57b38417fdde3e92126857475da5b3ed4e2b1d differ
-diff --git a/fuzz/corpora/conf/9c9e56db906233386d60f972d6883da1d73a02b1 b/fuzz/corpora/conf/9c9e56db906233386d60f972d6883da1d73a02b1
-new file mode 100644
-index 0000000..97bda9d
-Binary files /dev/null and b/fuzz/corpora/conf/9c9e56db906233386d60f972d6883da1d73a02b1 differ
-diff --git a/fuzz/corpora/conf/9ceebe3ba73b0ba1f9ef410319a184336d70c270 b/fuzz/corpora/conf/9ceebe3ba73b0ba1f9ef410319a184336d70c270
-new file mode 100644
-index 0000000..ecd8681
-Binary files /dev/null and b/fuzz/corpora/conf/9ceebe3ba73b0ba1f9ef410319a184336d70c270 differ
-diff --git a/fuzz/corpora/conf/a010727da617830d365ad089c092269eb755059e b/fuzz/corpora/conf/a010727da617830d365ad089c092269eb755059e
-new file mode 100644
-index 0000000..e39ddd8
-Binary files /dev/null and b/fuzz/corpora/conf/a010727da617830d365ad089c092269eb755059e differ
-diff --git a/fuzz/corpora/conf/a0b5d4304cbcbb5816438a8a4247f5fb8dd63cdc b/fuzz/corpora/conf/a0b5d4304cbcbb5816438a8a4247f5fb8dd63cdc
-new file mode 100644
-index 0000000..51d33e6
-Binary files /dev/null and b/fuzz/corpora/conf/a0b5d4304cbcbb5816438a8a4247f5fb8dd63cdc differ
-diff --git a/fuzz/corpora/conf/a1f2fcfbbd4be92e3168649b882e8d41add184d6 b/fuzz/corpora/conf/a1f2fcfbbd4be92e3168649b882e8d41add184d6
-new file mode 100644
-index 0000000..40bf662
-Binary files /dev/null and b/fuzz/corpora/conf/a1f2fcfbbd4be92e3168649b882e8d41add184d6 differ
-diff --git a/fuzz/corpora/conf/a2371200959ce74cb39e846f6c97577dde61a101 b/fuzz/corpora/conf/a2371200959ce74cb39e846f6c97577dde61a101
-new file mode 100644
-index 0000000..76af9e6
-Binary files /dev/null and b/fuzz/corpora/conf/a2371200959ce74cb39e846f6c97577dde61a101 differ
-diff --git a/fuzz/corpora/conf/a23c85d5dcc418e54bf7b3e76717aea7c58873df b/fuzz/corpora/conf/a23c85d5dcc418e54bf7b3e76717aea7c58873df
-new file mode 100644
-index 0000000..d66ef45
-Binary files /dev/null and b/fuzz/corpora/conf/a23c85d5dcc418e54bf7b3e76717aea7c58873df differ
-diff --git a/fuzz/corpora/conf/a3139cac94f5e3b722cfc5d52e788837d4b0c920 b/fuzz/corpora/conf/a3139cac94f5e3b722cfc5d52e788837d4b0c920
-new file mode 100644
-index 0000000..b4c678f
-Binary files /dev/null and b/fuzz/corpora/conf/a3139cac94f5e3b722cfc5d52e788837d4b0c920 differ
-diff --git a/fuzz/corpora/conf/a525caba82fd976ff9e0592b7d7185df3cffa1fd b/fuzz/corpora/conf/a525caba82fd976ff9e0592b7d7185df3cffa1fd
-new file mode 100644
-index 0000000..7d1f8a3
-Binary files /dev/null and b/fuzz/corpora/conf/a525caba82fd976ff9e0592b7d7185df3cffa1fd differ
-diff --git a/fuzz/corpora/conf/a8bf03d9fe07017a8629ec7c33be02dce87276b9 b/fuzz/corpora/conf/a8bf03d9fe07017a8629ec7c33be02dce87276b9
-new file mode 100644
-index 0000000..9099b85
-Binary files /dev/null and b/fuzz/corpora/conf/a8bf03d9fe07017a8629ec7c33be02dce87276b9 differ
-diff --git a/fuzz/corpora/conf/a9c39177c19839d3a4d905b8ae4ce390727d1ea0 b/fuzz/corpora/conf/a9c39177c19839d3a4d905b8ae4ce390727d1ea0
-new file mode 100644
-index 0000000..8c322a7
-Binary files /dev/null and b/fuzz/corpora/conf/a9c39177c19839d3a4d905b8ae4ce390727d1ea0 differ
-diff --git a/fuzz/corpora/conf/aa2b8e735c2ffc22b64650fd7e420bda9d02278a b/fuzz/corpora/conf/aa2b8e735c2ffc22b64650fd7e420bda9d02278a
-new file mode 100644
-index 0000000..7a11283
-Binary files /dev/null and b/fuzz/corpora/conf/aa2b8e735c2ffc22b64650fd7e420bda9d02278a differ
-diff --git a/fuzz/corpora/conf/aa9f87e3a327c2d20b82f50cfee62ae652e8cd8b b/fuzz/corpora/conf/aa9f87e3a327c2d20b82f50cfee62ae652e8cd8b
-new file mode 100644
-index 0000000..96472f3
-Binary files /dev/null and b/fuzz/corpora/conf/aa9f87e3a327c2d20b82f50cfee62ae652e8cd8b differ
-diff --git a/fuzz/corpora/conf/aaa3a69a807f93701f189d513b1d65862a57a1a7 b/fuzz/corpora/conf/aaa3a69a807f93701f189d513b1d65862a57a1a7
-new file mode 100644
-index 0000000..6a8bec8
-Binary files /dev/null and b/fuzz/corpora/conf/aaa3a69a807f93701f189d513b1d65862a57a1a7 differ
-diff --git a/fuzz/corpora/conf/abc2ea3c3e206c8e5134d69a8b11f590ee81c6d1 b/fuzz/corpora/conf/abc2ea3c3e206c8e5134d69a8b11f590ee81c6d1
-new file mode 100644
-index 0000000..6609e25
-Binary files /dev/null and b/fuzz/corpora/conf/abc2ea3c3e206c8e5134d69a8b11f590ee81c6d1 differ
-diff --git a/fuzz/corpora/conf/acbe61ca7553944c0c658129483c4fd5cd7be8ae b/fuzz/corpora/conf/acbe61ca7553944c0c658129483c4fd5cd7be8ae
-new file mode 100644
-index 0000000..45c8184
-Binary files /dev/null and b/fuzz/corpora/conf/acbe61ca7553944c0c658129483c4fd5cd7be8ae differ
-diff --git a/fuzz/corpora/conf/adb9319118f7e01c24d702820038b497facf18f8 b/fuzz/corpora/conf/adb9319118f7e01c24d702820038b497facf18f8
-new file mode 100644
-index 0000000..ef67676
-Binary files /dev/null and b/fuzz/corpora/conf/adb9319118f7e01c24d702820038b497facf18f8 differ
-diff --git a/fuzz/corpora/conf/aeccb9e3d3138740a2fc2dee0c2474ecfb200904 b/fuzz/corpora/conf/aeccb9e3d3138740a2fc2dee0c2474ecfb200904
-new file mode 100644
-index 0000000..abe3fc1
-Binary files /dev/null and b/fuzz/corpora/conf/aeccb9e3d3138740a2fc2dee0c2474ecfb200904 differ
-diff --git a/fuzz/corpora/conf/b0f06ff41181e12d89b44d81fd5c030d8d5e087e b/fuzz/corpora/conf/b0f06ff41181e12d89b44d81fd5c030d8d5e087e
-new file mode 100644
-index 0000000..755ddda
-Binary files /dev/null and b/fuzz/corpora/conf/b0f06ff41181e12d89b44d81fd5c030d8d5e087e differ
-diff --git a/fuzz/corpora/conf/b4a63fc7b62826aeee463beaf29f5773d342f8ac b/fuzz/corpora/conf/b4a63fc7b62826aeee463beaf29f5773d342f8ac
-new file mode 100644
-index 0000000..c07b969
-Binary files /dev/null and b/fuzz/corpora/conf/b4a63fc7b62826aeee463beaf29f5773d342f8ac differ
-diff --git a/fuzz/corpora/conf/b4ee157ca414e52dc118dfc874ddcb2f6e58642c b/fuzz/corpora/conf/b4ee157ca414e52dc118dfc874ddcb2f6e58642c
-new file mode 100644
-index 0000000..39f27b0
-Binary files /dev/null and b/fuzz/corpora/conf/b4ee157ca414e52dc118dfc874ddcb2f6e58642c differ
-diff --git a/fuzz/corpora/conf/b57cc7629c8ab28e0c3a2684a0d6bd77d1a5fa21 b/fuzz/corpora/conf/b57cc7629c8ab28e0c3a2684a0d6bd77d1a5fa21
-new file mode 100644
-index 0000000..990b9bc
-Binary files /dev/null and b/fuzz/corpora/conf/b57cc7629c8ab28e0c3a2684a0d6bd77d1a5fa21 differ
-diff --git a/fuzz/corpora/conf/b7cb7a3ff3a75ed0e308dc125f0c9e89f8b39941 b/fuzz/corpora/conf/b7cb7a3ff3a75ed0e308dc125f0c9e89f8b39941
-new file mode 100644
-index 0000000..ec2c35f
-Binary files /dev/null and b/fuzz/corpora/conf/b7cb7a3ff3a75ed0e308dc125f0c9e89f8b39941 differ
-diff --git a/fuzz/corpora/conf/b8eb2255eb1d75a04634728bd40e2c170236e016 b/fuzz/corpora/conf/b8eb2255eb1d75a04634728bd40e2c170236e016
-new file mode 100644
-index 0000000..b26fdf4
-Binary files /dev/null and b/fuzz/corpora/conf/b8eb2255eb1d75a04634728bd40e2c170236e016 differ
-diff --git a/fuzz/corpora/conf/b95e7ca2baf215e140bd4f8493f55fa09256d975 b/fuzz/corpora/conf/b95e7ca2baf215e140bd4f8493f55fa09256d975
-new file mode 100644
-index 0000000..84c2b6a
-Binary files /dev/null and b/fuzz/corpora/conf/b95e7ca2baf215e140bd4f8493f55fa09256d975 differ
-diff --git a/fuzz/corpora/conf/ba1580299c94c696b5f35d12cf1fbdaca271f0d3 b/fuzz/corpora/conf/ba1580299c94c696b5f35d12cf1fbdaca271f0d3
-new file mode 100644
-index 0000000..188fd53
-Binary files /dev/null and b/fuzz/corpora/conf/ba1580299c94c696b5f35d12cf1fbdaca271f0d3 differ
-diff --git a/fuzz/corpora/conf/bafd7ad1287780eda3f1c1467b0aefede4c00d44 b/fuzz/corpora/conf/bafd7ad1287780eda3f1c1467b0aefede4c00d44
-new file mode 100644
-index 0000000..e9ba9e1
-Binary files /dev/null and b/fuzz/corpora/conf/bafd7ad1287780eda3f1c1467b0aefede4c00d44 differ
-diff --git a/fuzz/corpora/conf/bcbb6d0dff89387931c8766d7a48684cf3f03d43 b/fuzz/corpora/conf/bcbb6d0dff89387931c8766d7a48684cf3f03d43
-new file mode 100644
-index 0000000..745fee9
-Binary files /dev/null and b/fuzz/corpora/conf/bcbb6d0dff89387931c8766d7a48684cf3f03d43 differ
-diff --git a/fuzz/corpora/conf/bed2977f4e308333b5c4ec87688266039dc907df b/fuzz/corpora/conf/bed2977f4e308333b5c4ec87688266039dc907df
-new file mode 100644
-index 0000000..4bf7806
-Binary files /dev/null and b/fuzz/corpora/conf/bed2977f4e308333b5c4ec87688266039dc907df differ
-diff --git a/fuzz/corpora/conf/bfb326e7aa0df5ef957f925f31d66206e18b2e3e b/fuzz/corpora/conf/bfb326e7aa0df5ef957f925f31d66206e18b2e3e
-new file mode 100644
-index 0000000..676817c
-Binary files /dev/null and b/fuzz/corpora/conf/bfb326e7aa0df5ef957f925f31d66206e18b2e3e differ
-diff --git a/fuzz/corpora/conf/c44ec749619d6dd4f4e9c76b06bc2e4b0bee7aa1 b/fuzz/corpora/conf/c44ec749619d6dd4f4e9c76b06bc2e4b0bee7aa1
-new file mode 100644
-index 0000000..2797b86
-Binary files /dev/null and b/fuzz/corpora/conf/c44ec749619d6dd4f4e9c76b06bc2e4b0bee7aa1 differ
-diff --git a/fuzz/corpora/conf/c65602bb37160c00abf041d1aac1f4f53d24d5a5 b/fuzz/corpora/conf/c65602bb37160c00abf041d1aac1f4f53d24d5a5
-new file mode 100644
-index 0000000..9f1ac06
-Binary files /dev/null and b/fuzz/corpora/conf/c65602bb37160c00abf041d1aac1f4f53d24d5a5 differ
-diff --git a/fuzz/corpora/conf/c66f787b184283a1aaf49e4829c597a5ccbdc1cb b/fuzz/corpora/conf/c66f787b184283a1aaf49e4829c597a5ccbdc1cb
-new file mode 100644
-index 0000000..7b42a6f
-Binary files /dev/null and b/fuzz/corpora/conf/c66f787b184283a1aaf49e4829c597a5ccbdc1cb differ
-diff --git a/fuzz/corpora/conf/c91760d6340b79fc01a0bc223f22b167cf664cb1 b/fuzz/corpora/conf/c91760d6340b79fc01a0bc223f22b167cf664cb1
-new file mode 100644
-index 0000000..96f434b
-Binary files /dev/null and b/fuzz/corpora/conf/c91760d6340b79fc01a0bc223f22b167cf664cb1 differ
-diff --git a/fuzz/corpora/conf/c97e80076776df8ab0f6551eae940c7851e7245a b/fuzz/corpora/conf/c97e80076776df8ab0f6551eae940c7851e7245a
-new file mode 100644
-index 0000000..142e3ef
-Binary files /dev/null and b/fuzz/corpora/conf/c97e80076776df8ab0f6551eae940c7851e7245a differ
-diff --git a/fuzz/corpora/conf/c98227d1cb0e4747ac0f91413a572b4c452b4f61 b/fuzz/corpora/conf/c98227d1cb0e4747ac0f91413a572b4c452b4f61
-new file mode 100644
-index 0000000..934d3d9
-Binary files /dev/null and b/fuzz/corpora/conf/c98227d1cb0e4747ac0f91413a572b4c452b4f61 differ
-diff --git a/fuzz/corpora/conf/cb1494c5154997649183e46688b9759da5fad42b b/fuzz/corpora/conf/cb1494c5154997649183e46688b9759da5fad42b
-new file mode 100644
-index 0000000..b4d6df2
-Binary files /dev/null and b/fuzz/corpora/conf/cb1494c5154997649183e46688b9759da5fad42b differ
-diff --git a/fuzz/corpora/conf/cc2d3520b7510fadc44d18fb9b1d769687470994 b/fuzz/corpora/conf/cc2d3520b7510fadc44d18fb9b1d769687470994
-new file mode 100644
-index 0000000..899bb5e
-Binary files /dev/null and b/fuzz/corpora/conf/cc2d3520b7510fadc44d18fb9b1d769687470994 differ
-diff --git a/fuzz/corpora/conf/cc3f202d0871f1b36e33f3b08c0b96f7ab3ab633 b/fuzz/corpora/conf/cc3f202d0871f1b36e33f3b08c0b96f7ab3ab633
-new file mode 100644
-index 0000000..5c26dcc
-Binary files /dev/null and b/fuzz/corpora/conf/cc3f202d0871f1b36e33f3b08c0b96f7ab3ab633 differ
-diff --git a/fuzz/corpora/conf/cd0a5a47144c4e7ab62ce0b43690a4eafcc5ffa7 b/fuzz/corpora/conf/cd0a5a47144c4e7ab62ce0b43690a4eafcc5ffa7
-new file mode 100644
-index 0000000..2afeb7f
-Binary files /dev/null and b/fuzz/corpora/conf/cd0a5a47144c4e7ab62ce0b43690a4eafcc5ffa7 differ
-diff --git a/fuzz/corpora/conf/cdecf521f7c7876d9b07cb6c04aa901d20a6f234 b/fuzz/corpora/conf/cdecf521f7c7876d9b07cb6c04aa901d20a6f234
-new file mode 100644
-index 0000000..69f66b5
-Binary files /dev/null and b/fuzz/corpora/conf/cdecf521f7c7876d9b07cb6c04aa901d20a6f234 differ
-diff --git a/fuzz/corpora/conf/cf009d29d63b4afd898fecd32ec55b3ca3f1d86c b/fuzz/corpora/conf/cf009d29d63b4afd898fecd32ec55b3ca3f1d86c
-new file mode 100644
-index 0000000..0bbedb6
-Binary files /dev/null and b/fuzz/corpora/conf/cf009d29d63b4afd898fecd32ec55b3ca3f1d86c differ
-diff --git a/fuzz/corpora/conf/cf33f672d0a9f23c0d2343b1ef8dfed14c1ac1d9 b/fuzz/corpora/conf/cf33f672d0a9f23c0d2343b1ef8dfed14c1ac1d9
-new file mode 100644
-index 0000000..9ca3aab
-Binary files /dev/null and b/fuzz/corpora/conf/cf33f672d0a9f23c0d2343b1ef8dfed14c1ac1d9 differ
-diff --git a/fuzz/corpora/conf/cf5125354d626ab782f3783196850473d41cc2eb b/fuzz/corpora/conf/cf5125354d626ab782f3783196850473d41cc2eb
-new file mode 100644
-index 0000000..7dbe7dd
-Binary files /dev/null and b/fuzz/corpora/conf/cf5125354d626ab782f3783196850473d41cc2eb differ
-diff --git a/fuzz/corpora/conf/cf772f067a3872fcdd1272e18c40bd3e0e954572 b/fuzz/corpora/conf/cf772f067a3872fcdd1272e18c40bd3e0e954572
-new file mode 100644
-index 0000000..52d41d1
-Binary files /dev/null and b/fuzz/corpora/conf/cf772f067a3872fcdd1272e18c40bd3e0e954572 differ
-diff --git a/fuzz/corpora/conf/cfdd04d741257e6dd5c18cb23ac7fca60a944f6b b/fuzz/corpora/conf/cfdd04d741257e6dd5c18cb23ac7fca60a944f6b
-new file mode 100644
-index 0000000..92638ec
-Binary files /dev/null and b/fuzz/corpora/conf/cfdd04d741257e6dd5c18cb23ac7fca60a944f6b differ
-diff --git a/fuzz/corpora/conf/d09122c3030f33f4896bd4a6b820b8d472ab10bb b/fuzz/corpora/conf/d09122c3030f33f4896bd4a6b820b8d472ab10bb
-new file mode 100644
-index 0000000..bd3f633
-Binary files /dev/null and b/fuzz/corpora/conf/d09122c3030f33f4896bd4a6b820b8d472ab10bb differ
-diff --git a/fuzz/corpora/conf/d123ad11a86cc0f5ceb9aa3d117ec902e15857fb b/fuzz/corpora/conf/d123ad11a86cc0f5ceb9aa3d117ec902e15857fb
-new file mode 100644
-index 0000000..4cf60d5
-Binary files /dev/null and b/fuzz/corpora/conf/d123ad11a86cc0f5ceb9aa3d117ec902e15857fb differ
-diff --git a/fuzz/corpora/conf/d440a8895f240e5d9031b06e9352e4a3a76e04fc b/fuzz/corpora/conf/d440a8895f240e5d9031b06e9352e4a3a76e04fc
-new file mode 100644
-index 0000000..68f5480
-Binary files /dev/null and b/fuzz/corpora/conf/d440a8895f240e5d9031b06e9352e4a3a76e04fc differ
-diff --git a/fuzz/corpora/conf/d537869d65fa5d80c81deec73dfc9558ee8a257e b/fuzz/corpora/conf/d537869d65fa5d80c81deec73dfc9558ee8a257e
-new file mode 100644
-index 0000000..a366a5e
-Binary files /dev/null and b/fuzz/corpora/conf/d537869d65fa5d80c81deec73dfc9558ee8a257e differ
-diff --git a/fuzz/corpora/conf/d579e70768f3384771716436a35b4fc165c2cd2c b/fuzz/corpora/conf/d579e70768f3384771716436a35b4fc165c2cd2c
-new file mode 100644
-index 0000000..64e1dc8
-Binary files /dev/null and b/fuzz/corpora/conf/d579e70768f3384771716436a35b4fc165c2cd2c differ
-diff --git a/fuzz/corpora/conf/d6d0dc412a9b64966118516ac9d174bfd9576c5a b/fuzz/corpora/conf/d6d0dc412a9b64966118516ac9d174bfd9576c5a
-new file mode 100644
-index 0000000..176c225
-Binary files /dev/null and b/fuzz/corpora/conf/d6d0dc412a9b64966118516ac9d174bfd9576c5a differ
-diff --git a/fuzz/corpora/conf/d80ab759b8c782658beae04ae904c1239efd99fe b/fuzz/corpora/conf/d80ab759b8c782658beae04ae904c1239efd99fe
-new file mode 100644
-index 0000000..209c3f3
-Binary files /dev/null and b/fuzz/corpora/conf/d80ab759b8c782658beae04ae904c1239efd99fe differ
-diff --git a/fuzz/corpora/conf/d9816eb8dc4127850a18e1ea2853f04b40010ee3 b/fuzz/corpora/conf/d9816eb8dc4127850a18e1ea2853f04b40010ee3
-new file mode 100644
-index 0000000..144d111
-Binary files /dev/null and b/fuzz/corpora/conf/d9816eb8dc4127850a18e1ea2853f04b40010ee3 differ
-diff --git a/fuzz/corpora/conf/db54f027f58cbb10e7ec5db3d3cbf09ee2b3f5be b/fuzz/corpora/conf/db54f027f58cbb10e7ec5db3d3cbf09ee2b3f5be
-new file mode 100644
-index 0000000..c4a50c4
-Binary files /dev/null and b/fuzz/corpora/conf/db54f027f58cbb10e7ec5db3d3cbf09ee2b3f5be differ
-diff --git a/fuzz/corpora/conf/db87e25062aec29e8256cc57f76283393edc4eb9 b/fuzz/corpora/conf/db87e25062aec29e8256cc57f76283393edc4eb9
-new file mode 100644
-index 0000000..c2316b5
-Binary files /dev/null and b/fuzz/corpora/conf/db87e25062aec29e8256cc57f76283393edc4eb9 differ
-diff --git a/fuzz/corpora/conf/dbb87028ac6abc4544dec3743bd87bee3255831a b/fuzz/corpora/conf/dbb87028ac6abc4544dec3743bd87bee3255831a
-new file mode 100644
-index 0000000..ac3e674
-Binary files /dev/null and b/fuzz/corpora/conf/dbb87028ac6abc4544dec3743bd87bee3255831a differ
-diff --git a/fuzz/corpora/conf/dd42b5e743e22e25963935492d1ac67aa074483d b/fuzz/corpora/conf/dd42b5e743e22e25963935492d1ac67aa074483d
-new file mode 100644
-index 0000000..2474a2a
-Binary files /dev/null and b/fuzz/corpora/conf/dd42b5e743e22e25963935492d1ac67aa074483d differ
-diff --git a/fuzz/corpora/conf/e1996cfb7a3dd03e1ea52d34eec90f487075c396 b/fuzz/corpora/conf/e1996cfb7a3dd03e1ea52d34eec90f487075c396
-new file mode 100644
-index 0000000..fc74436
-Binary files /dev/null and b/fuzz/corpora/conf/e1996cfb7a3dd03e1ea52d34eec90f487075c396 differ
-diff --git a/fuzz/corpora/conf/e2e5b9e7f5d3d9b3d3fea4601e66fc1db067dbe7 b/fuzz/corpora/conf/e2e5b9e7f5d3d9b3d3fea4601e66fc1db067dbe7
-new file mode 100644
-index 0000000..360a9e8
-Binary files /dev/null and b/fuzz/corpora/conf/e2e5b9e7f5d3d9b3d3fea4601e66fc1db067dbe7 differ
-diff --git a/fuzz/corpora/conf/e4bb472cf4dcb1d8a555661a2a6bac3a8360b826 b/fuzz/corpora/conf/e4bb472cf4dcb1d8a555661a2a6bac3a8360b826
-new file mode 100644
-index 0000000..2a3d48e
-Binary files /dev/null and b/fuzz/corpora/conf/e4bb472cf4dcb1d8a555661a2a6bac3a8360b826 differ
-diff --git a/fuzz/corpora/conf/e53054b516bd051e210c09119f4aa8707e063c91 b/fuzz/corpora/conf/e53054b516bd051e210c09119f4aa8707e063c91
-new file mode 100644
-index 0000000..3a987f2
-Binary files /dev/null and b/fuzz/corpora/conf/e53054b516bd051e210c09119f4aa8707e063c91 differ
-diff --git a/fuzz/corpora/conf/e593aee956a74713e78b363092c17948ecafe5a7 b/fuzz/corpora/conf/e593aee956a74713e78b363092c17948ecafe5a7
-new file mode 100644
-index 0000000..49dd68a
-Binary files /dev/null and b/fuzz/corpora/conf/e593aee956a74713e78b363092c17948ecafe5a7 differ
-diff --git a/fuzz/corpora/conf/e8f7de3d48c5f3f6474ad86ee6f23612bd352376 b/fuzz/corpora/conf/e8f7de3d48c5f3f6474ad86ee6f23612bd352376
-new file mode 100644
-index 0000000..823ce9c
-Binary files /dev/null and b/fuzz/corpora/conf/e8f7de3d48c5f3f6474ad86ee6f23612bd352376 differ
-diff --git a/fuzz/corpora/conf/e9197a55ea4a9d27eb2d6116a74ea18aae61ef16 b/fuzz/corpora/conf/e9197a55ea4a9d27eb2d6116a74ea18aae61ef16
-new file mode 100644
-index 0000000..923d41f
-Binary files /dev/null and b/fuzz/corpora/conf/e9197a55ea4a9d27eb2d6116a74ea18aae61ef16 differ
-diff --git a/fuzz/corpora/conf/e925b1f89ef44ad20358082c6150c4f104ddb8e0 b/fuzz/corpora/conf/e925b1f89ef44ad20358082c6150c4f104ddb8e0
-new file mode 100644
-index 0000000..e0c7ca5
-Binary files /dev/null and b/fuzz/corpora/conf/e925b1f89ef44ad20358082c6150c4f104ddb8e0 differ
-diff --git a/fuzz/corpora/conf/ea1fc46400dd2e98ac17d63e60410c7acfa129de b/fuzz/corpora/conf/ea1fc46400dd2e98ac17d63e60410c7acfa129de
-new file mode 100644
-index 0000000..6139ec9
-Binary files /dev/null and b/fuzz/corpora/conf/ea1fc46400dd2e98ac17d63e60410c7acfa129de differ
-diff --git a/fuzz/corpora/conf/eb28f35b84ae5e1dbf77daf8899d994863c3f641 b/fuzz/corpora/conf/eb28f35b84ae5e1dbf77daf8899d994863c3f641
-new file mode 100644
-index 0000000..825ac2d
-Binary files /dev/null and b/fuzz/corpora/conf/eb28f35b84ae5e1dbf77daf8899d994863c3f641 differ
-diff --git a/fuzz/corpora/conf/ec0f773bb9681f296a06fd86bfd02e2dee7c2688 b/fuzz/corpora/conf/ec0f773bb9681f296a06fd86bfd02e2dee7c2688
-new file mode 100644
-index 0000000..978dbf1
-Binary files /dev/null and b/fuzz/corpora/conf/ec0f773bb9681f296a06fd86bfd02e2dee7c2688 differ
-diff --git a/fuzz/corpora/conf/edb270450fa97d63d5a637074e59cb2b229d01bd b/fuzz/corpora/conf/edb270450fa97d63d5a637074e59cb2b229d01bd
-new file mode 100644
-index 0000000..ea82af4
-Binary files /dev/null and b/fuzz/corpora/conf/edb270450fa97d63d5a637074e59cb2b229d01bd differ
-diff --git a/fuzz/corpora/conf/eeba4c0e1e3c86edce7d070d3b2ef4c3a34dc2d8 b/fuzz/corpora/conf/eeba4c0e1e3c86edce7d070d3b2ef4c3a34dc2d8
-new file mode 100644
-index 0000000..3dc621b
-Binary files /dev/null and b/fuzz/corpora/conf/eeba4c0e1e3c86edce7d070d3b2ef4c3a34dc2d8 differ
-diff --git a/fuzz/corpora/conf/eececa30b66fdb137936cc508ed1e55aee0d7c36 b/fuzz/corpora/conf/eececa30b66fdb137936cc508ed1e55aee0d7c36
-new file mode 100644
-index 0000000..65a23fd
-Binary files /dev/null and b/fuzz/corpora/conf/eececa30b66fdb137936cc508ed1e55aee0d7c36 differ
-diff --git a/fuzz/corpora/conf/f08254978ad9d3c7b9eb27124efffec8feb53d3c b/fuzz/corpora/conf/f08254978ad9d3c7b9eb27124efffec8feb53d3c
-new file mode 100644
-index 0000000..c9dd4a3
-Binary files /dev/null and b/fuzz/corpora/conf/f08254978ad9d3c7b9eb27124efffec8feb53d3c differ
-diff --git a/fuzz/corpora/conf/f0dee9660c3ddb54c4c865d7223cdfe9bc56f4c9 b/fuzz/corpora/conf/f0dee9660c3ddb54c4c865d7223cdfe9bc56f4c9
-new file mode 100644
-index 0000000..74d301d
-Binary files /dev/null and b/fuzz/corpora/conf/f0dee9660c3ddb54c4c865d7223cdfe9bc56f4c9 differ
-diff --git a/fuzz/corpora/conf/f3a8121e88caf942b2dcac606bc385a13c18850a b/fuzz/corpora/conf/f3a8121e88caf942b2dcac606bc385a13c18850a
-new file mode 100644
-index 0000000..6a445fd
-Binary files /dev/null and b/fuzz/corpora/conf/f3a8121e88caf942b2dcac606bc385a13c18850a differ
-diff --git a/fuzz/corpora/conf/f3f388fcf146d2bcafcfc96e6a8218668d501014 b/fuzz/corpora/conf/f3f388fcf146d2bcafcfc96e6a8218668d501014
-new file mode 100644
-index 0000000..66b6e31
-Binary files /dev/null and b/fuzz/corpora/conf/f3f388fcf146d2bcafcfc96e6a8218668d501014 differ
-diff --git a/fuzz/corpora/conf/f5f5f78d95d53a2256356c3f7d479fec3a2927d6 b/fuzz/corpora/conf/f5f5f78d95d53a2256356c3f7d479fec3a2927d6
-new file mode 100644
-index 0000000..bde49b4
-Binary files /dev/null and b/fuzz/corpora/conf/f5f5f78d95d53a2256356c3f7d479fec3a2927d6 differ
-diff --git a/fuzz/corpora/conf/f66396c9abf4c94d631fd99c65ad36f85d665d80 b/fuzz/corpora/conf/f66396c9abf4c94d631fd99c65ad36f85d665d80
-new file mode 100644
-index 0000000..07070eb
-Binary files /dev/null and b/fuzz/corpora/conf/f66396c9abf4c94d631fd99c65ad36f85d665d80 differ
-diff --git a/fuzz/corpora/conf/f73524921de0d86388da453d5c78cc3ef25985bb b/fuzz/corpora/conf/f73524921de0d86388da453d5c78cc3ef25985bb
-new file mode 100644
-index 0000000..1639112
-Binary files /dev/null and b/fuzz/corpora/conf/f73524921de0d86388da453d5c78cc3ef25985bb differ
-diff --git a/fuzz/corpora/conf/f78ca9d423edf24c1b509373867ea0aa5d841a61 b/fuzz/corpora/conf/f78ca9d423edf24c1b509373867ea0aa5d841a61
-new file mode 100644
-index 0000000..e30c713
-Binary files /dev/null and b/fuzz/corpora/conf/f78ca9d423edf24c1b509373867ea0aa5d841a61 differ
-diff --git a/fuzz/corpora/conf/f9b49fe6e611d05a851f1cdaaf14de2d4db4953a b/fuzz/corpora/conf/f9b49fe6e611d05a851f1cdaaf14de2d4db4953a
-new file mode 100644
-index 0000000..1ce24ce
-Binary files /dev/null and b/fuzz/corpora/conf/f9b49fe6e611d05a851f1cdaaf14de2d4db4953a differ
-diff --git a/fuzz/corpora/conf/f9b9b5d90f5bbfd0f24f9f236d6e4eeb881e65af b/fuzz/corpora/conf/f9b9b5d90f5bbfd0f24f9f236d6e4eeb881e65af
-new file mode 100644
-index 0000000..abfc80d
-Binary files /dev/null and b/fuzz/corpora/conf/f9b9b5d90f5bbfd0f24f9f236d6e4eeb881e65af differ
-diff --git a/fuzz/corpora/conf/fa31b2321b6bcf6cc34604b96a731623a9d12c53 b/fuzz/corpora/conf/fa31b2321b6bcf6cc34604b96a731623a9d12c53
-new file mode 100644
-index 0000000..f915510
-Binary files /dev/null and b/fuzz/corpora/conf/fa31b2321b6bcf6cc34604b96a731623a9d12c53 differ
-diff --git a/fuzz/corpora/conf/fd15a2492c5b5215a29489db423b414cdc41a16b b/fuzz/corpora/conf/fd15a2492c5b5215a29489db423b414cdc41a16b
-new file mode 100644
-index 0000000..9b1c82a
-Binary files /dev/null and b/fuzz/corpora/conf/fd15a2492c5b5215a29489db423b414cdc41a16b differ
-diff --git a/fuzz/corpora/conf/fde02f8a28ee8eeb78c6845f699613030637550d b/fuzz/corpora/conf/fde02f8a28ee8eeb78c6845f699613030637550d
-new file mode 100644
-index 0000000..ed390b1
-Binary files /dev/null and b/fuzz/corpora/conf/fde02f8a28ee8eeb78c6845f699613030637550d differ
-diff --git a/fuzz/corpora/conf/fdf04fc6b41fe9e852f737ade70f3ec56a0014ee b/fuzz/corpora/conf/fdf04fc6b41fe9e852f737ade70f3ec56a0014ee
-new file mode 100644
-index 0000000..0adfeaa
-Binary files /dev/null and b/fuzz/corpora/conf/fdf04fc6b41fe9e852f737ade70f3ec56a0014ee differ
-diff --git a/fuzz/corpora/crl/006837abf283c1dc7a8cd828f15c76a04dae1e69 b/fuzz/corpora/crl/006837abf283c1dc7a8cd828f15c76a04dae1e69
-new file mode 100644
-index 0000000..56a6c16
-Binary files /dev/null and b/fuzz/corpora/crl/006837abf283c1dc7a8cd828f15c76a04dae1e69 differ
-diff --git a/fuzz/corpora/crl/0271791aaf4470d9dd8a7e73a276bcf89656d28f b/fuzz/corpora/crl/0271791aaf4470d9dd8a7e73a276bcf89656d28f
-new file mode 100644
-index 0000000..c8fe35a
-Binary files /dev/null and b/fuzz/corpora/crl/0271791aaf4470d9dd8a7e73a276bcf89656d28f differ
-diff --git a/fuzz/corpora/crl/033e3973c4e1f4eb94860a814bccb5a7fa69f992 b/fuzz/corpora/crl/033e3973c4e1f4eb94860a814bccb5a7fa69f992
-new file mode 100644
-index 0000000..b234e1b
-Binary files /dev/null and b/fuzz/corpora/crl/033e3973c4e1f4eb94860a814bccb5a7fa69f992 differ
-diff --git a/fuzz/corpora/crl/03b23fad5e45c9c6c3e4c9f01fe9f921111e968a b/fuzz/corpora/crl/03b23fad5e45c9c6c3e4c9f01fe9f921111e968a
-new file mode 100644
-index 0000000..19661ee
-Binary files /dev/null and b/fuzz/corpora/crl/03b23fad5e45c9c6c3e4c9f01fe9f921111e968a differ
-diff --git a/fuzz/corpora/crl/03f308d20986ae70cfef84e25abec9401b780b93 b/fuzz/corpora/crl/03f308d20986ae70cfef84e25abec9401b780b93
-new file mode 100644
-index 0000000..9a6a911
-Binary files /dev/null and b/fuzz/corpora/crl/03f308d20986ae70cfef84e25abec9401b780b93 differ
-diff --git a/fuzz/corpora/crl/0427211c2c66fd8f878de01478ff220d67241104 b/fuzz/corpora/crl/0427211c2c66fd8f878de01478ff220d67241104
-new file mode 100644
-index 0000000..56c20c7
-Binary files /dev/null and b/fuzz/corpora/crl/0427211c2c66fd8f878de01478ff220d67241104 differ
-diff --git a/fuzz/corpora/crl/043fe4d78e826deb41c8b7da8bedee849a758670 b/fuzz/corpora/crl/043fe4d78e826deb41c8b7da8bedee849a758670
-new file mode 100644
-index 0000000..3aa43f2
-Binary files /dev/null and b/fuzz/corpora/crl/043fe4d78e826deb41c8b7da8bedee849a758670 differ
-diff --git a/fuzz/corpora/crl/04b0f5f9c1dba2d7a8a5740a85369c4a33c08163 b/fuzz/corpora/crl/04b0f5f9c1dba2d7a8a5740a85369c4a33c08163
-new file mode 100644
-index 0000000..9a2bcd0
-Binary files /dev/null and b/fuzz/corpora/crl/04b0f5f9c1dba2d7a8a5740a85369c4a33c08163 differ
-diff --git a/fuzz/corpora/crl/057b0698fd7a02fdd46e34ddbb34a023854246a6 b/fuzz/corpora/crl/057b0698fd7a02fdd46e34ddbb34a023854246a6
-new file mode 100644
-index 0000000..205df7d
-Binary files /dev/null and b/fuzz/corpora/crl/057b0698fd7a02fdd46e34ddbb34a023854246a6 differ
-diff --git a/fuzz/corpora/crl/075f71fc201530c9eb1a9b813afc7d74d18c989b b/fuzz/corpora/crl/075f71fc201530c9eb1a9b813afc7d74d18c989b
-new file mode 100644
-index 0000000..8083ab0
-Binary files /dev/null and b/fuzz/corpora/crl/075f71fc201530c9eb1a9b813afc7d74d18c989b differ
-diff --git a/fuzz/corpora/crl/0784e298b4eff0ed2d867b4dc4069a4d0d16e10a b/fuzz/corpora/crl/0784e298b4eff0ed2d867b4dc4069a4d0d16e10a
-new file mode 100644
-index 0000000..64e3b1a
-Binary files /dev/null and b/fuzz/corpora/crl/0784e298b4eff0ed2d867b4dc4069a4d0d16e10a differ
-diff --git a/fuzz/corpora/crl/07eb363a10cefd0bdb7612450830090e7eae585b b/fuzz/corpora/crl/07eb363a10cefd0bdb7612450830090e7eae585b
-new file mode 100644
-index 0000000..1ac72a7
-Binary files /dev/null and b/fuzz/corpora/crl/07eb363a10cefd0bdb7612450830090e7eae585b differ
-diff --git a/fuzz/corpora/crl/0986878474de377d637a8bc65c6616a6b7bf2faa b/fuzz/corpora/crl/0986878474de377d637a8bc65c6616a6b7bf2faa
-new file mode 100644
-index 0000000..b655dae
-Binary files /dev/null and b/fuzz/corpora/crl/0986878474de377d637a8bc65c6616a6b7bf2faa differ
-diff --git a/fuzz/corpora/crl/09acda81cc290dd019e6602fc8c150bde6fa866a b/fuzz/corpora/crl/09acda81cc290dd019e6602fc8c150bde6fa866a
-new file mode 100644
-index 0000000..cecaa43
-Binary files /dev/null and b/fuzz/corpora/crl/09acda81cc290dd019e6602fc8c150bde6fa866a differ
-diff --git a/fuzz/corpora/crl/09cf29fe5b9c31b272780c9ef81fb3847fdc084d b/fuzz/corpora/crl/09cf29fe5b9c31b272780c9ef81fb3847fdc084d
-new file mode 100644
-index 0000000..c4f422b
-Binary files /dev/null and b/fuzz/corpora/crl/09cf29fe5b9c31b272780c9ef81fb3847fdc084d differ
-diff --git a/fuzz/corpora/crl/09d254a9f5f6c07c40154f130b0d1872c662cefb b/fuzz/corpora/crl/09d254a9f5f6c07c40154f130b0d1872c662cefb
-new file mode 100644
-index 0000000..b7bbb8e
-Binary files /dev/null and b/fuzz/corpora/crl/09d254a9f5f6c07c40154f130b0d1872c662cefb differ
-diff --git a/fuzz/corpora/crl/0b3e7d7465db30c1fb97ca0e6a6234a465759c0e b/fuzz/corpora/crl/0b3e7d7465db30c1fb97ca0e6a6234a465759c0e
-new file mode 100644
-index 0000000..1311a77
-Binary files /dev/null and b/fuzz/corpora/crl/0b3e7d7465db30c1fb97ca0e6a6234a465759c0e differ
-diff --git a/fuzz/corpora/crl/0c2d1c94c0655bd4e9adacb3b4d2826196e9cbf8 b/fuzz/corpora/crl/0c2d1c94c0655bd4e9adacb3b4d2826196e9cbf8
-new file mode 100644
-index 0000000..8925d01
-Binary files /dev/null and b/fuzz/corpora/crl/0c2d1c94c0655bd4e9adacb3b4d2826196e9cbf8 differ
-diff --git a/fuzz/corpora/crl/0c5a4aec9b9fcd52e73c4178016478ef304640e0 b/fuzz/corpora/crl/0c5a4aec9b9fcd52e73c4178016478ef304640e0
-new file mode 100644
-index 0000000..a8436f0
-Binary files /dev/null and b/fuzz/corpora/crl/0c5a4aec9b9fcd52e73c4178016478ef304640e0 differ
-diff --git a/fuzz/corpora/crl/0c6094b7a741dee6ac83983a55793d0ece9e6ff8 b/fuzz/corpora/crl/0c6094b7a741dee6ac83983a55793d0ece9e6ff8
-new file mode 100644
-index 0000000..7a770b2
-Binary files /dev/null and b/fuzz/corpora/crl/0c6094b7a741dee6ac83983a55793d0ece9e6ff8 differ
-diff --git a/fuzz/corpora/crl/0ca99d4d76c895ad281a0069b97bd8905a25410a b/fuzz/corpora/crl/0ca99d4d76c895ad281a0069b97bd8905a25410a
-new file mode 100644
-index 0000000..59b3091
-Binary files /dev/null and b/fuzz/corpora/crl/0ca99d4d76c895ad281a0069b97bd8905a25410a differ
-diff --git a/fuzz/corpora/crl/0cf1b9e3f80ecc4bf9191279c7bdd5835dae8ec6 b/fuzz/corpora/crl/0cf1b9e3f80ecc4bf9191279c7bdd5835dae8ec6
-new file mode 100644
-index 0000000..22f09af
-Binary files /dev/null and b/fuzz/corpora/crl/0cf1b9e3f80ecc4bf9191279c7bdd5835dae8ec6 differ
-diff --git a/fuzz/corpora/crl/0d7c173e3a43b9626f4ea09cab78899c2db6227d b/fuzz/corpora/crl/0d7c173e3a43b9626f4ea09cab78899c2db6227d
-new file mode 100644
-index 0000000..a147e5e
-Binary files /dev/null and b/fuzz/corpora/crl/0d7c173e3a43b9626f4ea09cab78899c2db6227d differ
-diff --git a/fuzz/corpora/crl/0dfb4d8586c328e7f9e76cf77495544693c545b8 b/fuzz/corpora/crl/0dfb4d8586c328e7f9e76cf77495544693c545b8
-new file mode 100644
-index 0000000..15f91d2
-Binary files /dev/null and b/fuzz/corpora/crl/0dfb4d8586c328e7f9e76cf77495544693c545b8 differ
-diff --git a/fuzz/corpora/crl/0e3660fda361674c1c6bd1e4d0342da86fa0c57a b/fuzz/corpora/crl/0e3660fda361674c1c6bd1e4d0342da86fa0c57a
-new file mode 100644
-index 0000000..718fd94
-Binary files /dev/null and b/fuzz/corpora/crl/0e3660fda361674c1c6bd1e4d0342da86fa0c57a differ
-diff --git a/fuzz/corpora/crl/0e9e4de5e0e4627b1ae265214fb39f7db72d6944 b/fuzz/corpora/crl/0e9e4de5e0e4627b1ae265214fb39f7db72d6944
-new file mode 100644
-index 0000000..130f20d
-Binary files /dev/null and b/fuzz/corpora/crl/0e9e4de5e0e4627b1ae265214fb39f7db72d6944 differ
-diff --git a/fuzz/corpora/crl/0eff5714e4af891821ca29a4f94e07a1872517b5 b/fuzz/corpora/crl/0eff5714e4af891821ca29a4f94e07a1872517b5
-new file mode 100644
-index 0000000..222d11e
-Binary files /dev/null and b/fuzz/corpora/crl/0eff5714e4af891821ca29a4f94e07a1872517b5 differ
-diff --git a/fuzz/corpora/crl/0fbc73a53cb4f5558bd4966e94ac476f20cb6b15 b/fuzz/corpora/crl/0fbc73a53cb4f5558bd4966e94ac476f20cb6b15
-new file mode 100644
-index 0000000..d3a3f19
-Binary files /dev/null and b/fuzz/corpora/crl/0fbc73a53cb4f5558bd4966e94ac476f20cb6b15 differ
-diff --git a/fuzz/corpora/crl/0fcfb04963bb59bfdc99c7b9ed516b5dc1fc124f b/fuzz/corpora/crl/0fcfb04963bb59bfdc99c7b9ed516b5dc1fc124f
-new file mode 100644
-index 0000000..01f01e4
-Binary files /dev/null and b/fuzz/corpora/crl/0fcfb04963bb59bfdc99c7b9ed516b5dc1fc124f differ
-diff --git a/fuzz/corpora/crl/0fdf99236affc7c937529356bbb71cffd90e0e5d b/fuzz/corpora/crl/0fdf99236affc7c937529356bbb71cffd90e0e5d
-new file mode 100644
-index 0000000..2facbbb
-Binary files /dev/null and b/fuzz/corpora/crl/0fdf99236affc7c937529356bbb71cffd90e0e5d differ
-diff --git a/fuzz/corpora/crl/0ff143418b00992fb9543a6e44c4da26cfd7f6ab b/fuzz/corpora/crl/0ff143418b00992fb9543a6e44c4da26cfd7f6ab
-new file mode 100644
-index 0000000..78aabe6
-Binary files /dev/null and b/fuzz/corpora/crl/0ff143418b00992fb9543a6e44c4da26cfd7f6ab differ
-diff --git a/fuzz/corpora/crl/10ae139fca4cdc87410765e4d65cf035d1d070bd b/fuzz/corpora/crl/10ae139fca4cdc87410765e4d65cf035d1d070bd
-new file mode 100644
-index 0000000..cca5e29
-Binary files /dev/null and b/fuzz/corpora/crl/10ae139fca4cdc87410765e4d65cf035d1d070bd differ
-diff --git a/fuzz/corpora/crl/10d19f1de2500b3ed848d21f60c8dcebe6c894fa b/fuzz/corpora/crl/10d19f1de2500b3ed848d21f60c8dcebe6c894fa
-new file mode 100644
-index 0000000..95b7ecc
-Binary files /dev/null and b/fuzz/corpora/crl/10d19f1de2500b3ed848d21f60c8dcebe6c894fa differ
-diff --git a/fuzz/corpora/crl/10ef958f5ed129a370de66684368b6ae3f624617 b/fuzz/corpora/crl/10ef958f5ed129a370de66684368b6ae3f624617
-new file mode 100644
-index 0000000..6f1de1c
-Binary files /dev/null and b/fuzz/corpora/crl/10ef958f5ed129a370de66684368b6ae3f624617 differ
-diff --git a/fuzz/corpora/crl/11238d9e4c07cdd673a0564c3a23b85fcf5a946e b/fuzz/corpora/crl/11238d9e4c07cdd673a0564c3a23b85fcf5a946e
-new file mode 100644
-index 0000000..7c54052
-Binary files /dev/null and b/fuzz/corpora/crl/11238d9e4c07cdd673a0564c3a23b85fcf5a946e differ
-diff --git a/fuzz/corpora/crl/1204bf4dafb294d06062ab2dcc5eb31c5a99da1f b/fuzz/corpora/crl/1204bf4dafb294d06062ab2dcc5eb31c5a99da1f
-new file mode 100644
-index 0000000..44fd800
-Binary files /dev/null and b/fuzz/corpora/crl/1204bf4dafb294d06062ab2dcc5eb31c5a99da1f differ
-diff --git a/fuzz/corpora/crl/1213160c305349995539a98dd7e171501c9accee b/fuzz/corpora/crl/1213160c305349995539a98dd7e171501c9accee
-new file mode 100644
-index 0000000..3aa80bb
-Binary files /dev/null and b/fuzz/corpora/crl/1213160c305349995539a98dd7e171501c9accee differ
-diff --git a/fuzz/corpora/crl/1288cb8fda4f29acb2f9b9485a2eba08140a0a45 b/fuzz/corpora/crl/1288cb8fda4f29acb2f9b9485a2eba08140a0a45
-new file mode 100644
-index 0000000..a581bb2
-Binary files /dev/null and b/fuzz/corpora/crl/1288cb8fda4f29acb2f9b9485a2eba08140a0a45 differ
-diff --git a/fuzz/corpora/crl/12b253cdeb7cb20633e69ecb6e559db68668000e b/fuzz/corpora/crl/12b253cdeb7cb20633e69ecb6e559db68668000e
-new file mode 100644
-index 0000000..9610f58
-Binary files /dev/null and b/fuzz/corpora/crl/12b253cdeb7cb20633e69ecb6e559db68668000e differ
-diff --git a/fuzz/corpora/crl/12e22f5a0c0fbb60478aceac473582f8b3924554 b/fuzz/corpora/crl/12e22f5a0c0fbb60478aceac473582f8b3924554
-new file mode 100644
-index 0000000..6f2d126
-Binary files /dev/null and b/fuzz/corpora/crl/12e22f5a0c0fbb60478aceac473582f8b3924554 differ
-diff --git a/fuzz/corpora/crl/130f90689ad32a8dd824132ae1c42658f548acb0 b/fuzz/corpora/crl/130f90689ad32a8dd824132ae1c42658f548acb0
-new file mode 100644
-index 0000000..935223e
-Binary files /dev/null and b/fuzz/corpora/crl/130f90689ad32a8dd824132ae1c42658f548acb0 differ
-diff --git a/fuzz/corpora/crl/13cabb64c78543f65ed63f1fa659e37a6fc0600c b/fuzz/corpora/crl/13cabb64c78543f65ed63f1fa659e37a6fc0600c
-new file mode 100644
-index 0000000..f583f23
-Binary files /dev/null and b/fuzz/corpora/crl/13cabb64c78543f65ed63f1fa659e37a6fc0600c differ
-diff --git a/fuzz/corpora/crl/157ab9b35e077788bf3062b738dbc4bd9592d84d b/fuzz/corpora/crl/157ab9b35e077788bf3062b738dbc4bd9592d84d
-new file mode 100644
-index 0000000..d91593c
-Binary files /dev/null and b/fuzz/corpora/crl/157ab9b35e077788bf3062b738dbc4bd9592d84d differ
-diff --git a/fuzz/corpora/crl/1640fb0e0fbbcb367986677f22c44b3dd43e8545 b/fuzz/corpora/crl/1640fb0e0fbbcb367986677f22c44b3dd43e8545
-new file mode 100644
-index 0000000..90f3525
-Binary files /dev/null and b/fuzz/corpora/crl/1640fb0e0fbbcb367986677f22c44b3dd43e8545 differ
-diff --git a/fuzz/corpora/crl/165f409b9305254bae6ba5810a74a9b2c1dc842d b/fuzz/corpora/crl/165f409b9305254bae6ba5810a74a9b2c1dc842d
-new file mode 100644
-index 0000000..9aeec7a
-Binary files /dev/null and b/fuzz/corpora/crl/165f409b9305254bae6ba5810a74a9b2c1dc842d differ
-diff --git a/fuzz/corpora/crl/169853e6e4a0fadd1370023c84e7b7ea1704d544 b/fuzz/corpora/crl/169853e6e4a0fadd1370023c84e7b7ea1704d544
-new file mode 100644
-index 0000000..8ecd2a2
-Binary files /dev/null and b/fuzz/corpora/crl/169853e6e4a0fadd1370023c84e7b7ea1704d544 differ
-diff --git a/fuzz/corpora/crl/16c3b70612735ff5ba633d1740da9a9fcba39027 b/fuzz/corpora/crl/16c3b70612735ff5ba633d1740da9a9fcba39027
-new file mode 100644
-index 0000000..d150115
-Binary files /dev/null and b/fuzz/corpora/crl/16c3b70612735ff5ba633d1740da9a9fcba39027 differ
-diff --git a/fuzz/corpora/crl/173529411f87a3a716998bde256d7c68b6336402 b/fuzz/corpora/crl/173529411f87a3a716998bde256d7c68b6336402
-new file mode 100644
-index 0000000..5e84cc0
-Binary files /dev/null and b/fuzz/corpora/crl/173529411f87a3a716998bde256d7c68b6336402 differ
-diff --git a/fuzz/corpora/crl/1753875334ab9d82e1de2dc84aa29da080ab3cac b/fuzz/corpora/crl/1753875334ab9d82e1de2dc84aa29da080ab3cac
-new file mode 100644
-index 0000000..ad81323
-Binary files /dev/null and b/fuzz/corpora/crl/1753875334ab9d82e1de2dc84aa29da080ab3cac differ
-diff --git a/fuzz/corpora/crl/180f3e5560ff0821cf46245de4c67ddc2ca1d0b3 b/fuzz/corpora/crl/180f3e5560ff0821cf46245de4c67ddc2ca1d0b3
-new file mode 100644
-index 0000000..4401e8d
-Binary files /dev/null and b/fuzz/corpora/crl/180f3e5560ff0821cf46245de4c67ddc2ca1d0b3 differ
-diff --git a/fuzz/corpora/crl/18b2ffbb35215689182a81e0d72c8dd7029eb07b b/fuzz/corpora/crl/18b2ffbb35215689182a81e0d72c8dd7029eb07b
-new file mode 100644
-index 0000000..7dda17c
-Binary files /dev/null and b/fuzz/corpora/crl/18b2ffbb35215689182a81e0d72c8dd7029eb07b differ
-diff --git a/fuzz/corpora/crl/194b17a4f66ce3f3c96df040951ac0718d003db4 b/fuzz/corpora/crl/194b17a4f66ce3f3c96df040951ac0718d003db4
-new file mode 100644
-index 0000000..74966f7
-Binary files /dev/null and b/fuzz/corpora/crl/194b17a4f66ce3f3c96df040951ac0718d003db4 differ
-diff --git a/fuzz/corpora/crl/1a45a6101cf243a7c97f3588a0c8f0afbe9a0a60 b/fuzz/corpora/crl/1a45a6101cf243a7c97f3588a0c8f0afbe9a0a60
-new file mode 100644
-index 0000000..ac23a3c
-Binary files /dev/null and b/fuzz/corpora/crl/1a45a6101cf243a7c97f3588a0c8f0afbe9a0a60 differ
-diff --git a/fuzz/corpora/crl/1a5bc8f9c689f659ca5883771a158bc6326d539e b/fuzz/corpora/crl/1a5bc8f9c689f659ca5883771a158bc6326d539e
-new file mode 100644
-index 0000000..f26a2a6
-Binary files /dev/null and b/fuzz/corpora/crl/1a5bc8f9c689f659ca5883771a158bc6326d539e differ
-diff --git a/fuzz/corpora/crl/1a87cdda72d4faa4356b135718626d386f2f468e b/fuzz/corpora/crl/1a87cdda72d4faa4356b135718626d386f2f468e
-new file mode 100644
-index 0000000..ea619c2
-Binary files /dev/null and b/fuzz/corpora/crl/1a87cdda72d4faa4356b135718626d386f2f468e differ
-diff --git a/fuzz/corpora/crl/1b069097aa9f07709a95102c710a45cebd37ae66 b/fuzz/corpora/crl/1b069097aa9f07709a95102c710a45cebd37ae66
-new file mode 100644
-index 0000000..c46cbdd
-Binary files /dev/null and b/fuzz/corpora/crl/1b069097aa9f07709a95102c710a45cebd37ae66 differ
-diff --git a/fuzz/corpora/crl/1c07a92a2f04718cfa44c1b6a74932fe1d00f1a4 b/fuzz/corpora/crl/1c07a92a2f04718cfa44c1b6a74932fe1d00f1a4
-new file mode 100644
-index 0000000..1aed965
-Binary files /dev/null and b/fuzz/corpora/crl/1c07a92a2f04718cfa44c1b6a74932fe1d00f1a4 differ
-diff --git a/fuzz/corpora/crl/1db1960d0b652d6c827e51468d6949da4c65b832 b/fuzz/corpora/crl/1db1960d0b652d6c827e51468d6949da4c65b832
-new file mode 100644
-index 0000000..d44280b
-Binary files /dev/null and b/fuzz/corpora/crl/1db1960d0b652d6c827e51468d6949da4c65b832 differ
-diff --git a/fuzz/corpora/crl/1e5f957d456153bcdde71fa567822b8a9355932c b/fuzz/corpora/crl/1e5f957d456153bcdde71fa567822b8a9355932c
-new file mode 100644
-index 0000000..7d9f0b1
-Binary files /dev/null and b/fuzz/corpora/crl/1e5f957d456153bcdde71fa567822b8a9355932c differ
-diff --git a/fuzz/corpora/crl/1effc5034bdbfd794e3978a5d701e9a2b7a12e9c b/fuzz/corpora/crl/1effc5034bdbfd794e3978a5d701e9a2b7a12e9c
-new file mode 100644
-index 0000000..0d49c9b
-Binary files /dev/null and b/fuzz/corpora/crl/1effc5034bdbfd794e3978a5d701e9a2b7a12e9c differ
-diff --git a/fuzz/corpora/crl/21bab90d830cef539e26c2e8854b7107230dd65f b/fuzz/corpora/crl/21bab90d830cef539e26c2e8854b7107230dd65f
-new file mode 100644
-index 0000000..09feffa
-Binary files /dev/null and b/fuzz/corpora/crl/21bab90d830cef539e26c2e8854b7107230dd65f differ
-diff --git a/fuzz/corpora/crl/21ec9eefda5ffff325866be010344f0de7d23465 b/fuzz/corpora/crl/21ec9eefda5ffff325866be010344f0de7d23465
-new file mode 100644
-index 0000000..c73779a
-Binary files /dev/null and b/fuzz/corpora/crl/21ec9eefda5ffff325866be010344f0de7d23465 differ
-diff --git a/fuzz/corpora/crl/227fc452d5baa3648212091b2528c7fb7b1a7645 b/fuzz/corpora/crl/227fc452d5baa3648212091b2528c7fb7b1a7645
-new file mode 100644
-index 0000000..dfafe59
-Binary files /dev/null and b/fuzz/corpora/crl/227fc452d5baa3648212091b2528c7fb7b1a7645 differ
-diff --git a/fuzz/corpora/crl/22cca15f0f96660d7e035489e425fc55241fa7a4 b/fuzz/corpora/crl/22cca15f0f96660d7e035489e425fc55241fa7a4
-new file mode 100644
-index 0000000..48b624a
-Binary files /dev/null and b/fuzz/corpora/crl/22cca15f0f96660d7e035489e425fc55241fa7a4 differ
-diff --git a/fuzz/corpora/crl/22eefc3026a889e6f77d7557909acf9ce8fea4f5 b/fuzz/corpora/crl/22eefc3026a889e6f77d7557909acf9ce8fea4f5
-new file mode 100644
-index 0000000..223950e
-Binary files /dev/null and b/fuzz/corpora/crl/22eefc3026a889e6f77d7557909acf9ce8fea4f5 differ
-diff --git a/fuzz/corpora/crl/2305d65855afcb3f8114ebfbeb90cdac7ac5c5d8 b/fuzz/corpora/crl/2305d65855afcb3f8114ebfbeb90cdac7ac5c5d8
-new file mode 100644
-index 0000000..0cfa006
-Binary files /dev/null and b/fuzz/corpora/crl/2305d65855afcb3f8114ebfbeb90cdac7ac5c5d8 differ
-diff --git a/fuzz/corpora/crl/231e48cc0a2ed1793d78ee8654c62e5e8bf9b4b9 b/fuzz/corpora/crl/231e48cc0a2ed1793d78ee8654c62e5e8bf9b4b9
-new file mode 100644
-index 0000000..4360067
-Binary files /dev/null and b/fuzz/corpora/crl/231e48cc0a2ed1793d78ee8654c62e5e8bf9b4b9 differ
-diff --git a/fuzz/corpora/crl/2468b610458ecd274477746e8e7fdda8a5f99729 b/fuzz/corpora/crl/2468b610458ecd274477746e8e7fdda8a5f99729
-new file mode 100644
-index 0000000..883b323
-Binary files /dev/null and b/fuzz/corpora/crl/2468b610458ecd274477746e8e7fdda8a5f99729 differ
-diff --git a/fuzz/corpora/crl/24cf8490237af81e76b2b9fe8a849807f6826e53 b/fuzz/corpora/crl/24cf8490237af81e76b2b9fe8a849807f6826e53
-new file mode 100644
-index 0000000..2844d17
-Binary files /dev/null and b/fuzz/corpora/crl/24cf8490237af81e76b2b9fe8a849807f6826e53 differ
-diff --git a/fuzz/corpora/crl/2562cb63678ca6af2038b4933c8643e761a8d5bd b/fuzz/corpora/crl/2562cb63678ca6af2038b4933c8643e761a8d5bd
-new file mode 100644
-index 0000000..bbdcbed
-Binary files /dev/null and b/fuzz/corpora/crl/2562cb63678ca6af2038b4933c8643e761a8d5bd differ
-diff --git a/fuzz/corpora/crl/25e8f10b3085e836893fc1d04af9911b36915f9d b/fuzz/corpora/crl/25e8f10b3085e836893fc1d04af9911b36915f9d
-new file mode 100644
-index 0000000..66fdd41
-Binary files /dev/null and b/fuzz/corpora/crl/25e8f10b3085e836893fc1d04af9911b36915f9d differ
-diff --git a/fuzz/corpora/crl/26748c095583b2c5a05d2fe8c7a62fe244fc5df8 b/fuzz/corpora/crl/26748c095583b2c5a05d2fe8c7a62fe244fc5df8
-new file mode 100644
-index 0000000..b7ad179
-Binary files /dev/null and b/fuzz/corpora/crl/26748c095583b2c5a05d2fe8c7a62fe244fc5df8 differ
-diff --git a/fuzz/corpora/crl/26eb38c92c544ce570a8223e1c83d597415b55a1 b/fuzz/corpora/crl/26eb38c92c544ce570a8223e1c83d597415b55a1
-new file mode 100644
-index 0000000..1b0afa9
-Binary files /dev/null and b/fuzz/corpora/crl/26eb38c92c544ce570a8223e1c83d597415b55a1 differ
-diff --git a/fuzz/corpora/crl/278db8318b8d895ebed98de9b393073174b99d19 b/fuzz/corpora/crl/278db8318b8d895ebed98de9b393073174b99d19
-new file mode 100644
-index 0000000..c8ecaf2
-Binary files /dev/null and b/fuzz/corpora/crl/278db8318b8d895ebed98de9b393073174b99d19 differ
-diff --git a/fuzz/corpora/crl/27dec9d38101e3df9bbe9891242ea53835c8d8e3 b/fuzz/corpora/crl/27dec9d38101e3df9bbe9891242ea53835c8d8e3
-new file mode 100644
-index 0000000..0e7b9de
-Binary files /dev/null and b/fuzz/corpora/crl/27dec9d38101e3df9bbe9891242ea53835c8d8e3 differ
-diff --git a/fuzz/corpora/crl/280011cbc094ba7c41b4e678f7391fda38df0e56 b/fuzz/corpora/crl/280011cbc094ba7c41b4e678f7391fda38df0e56
-new file mode 100644
-index 0000000..eb8569e
-Binary files /dev/null and b/fuzz/corpora/crl/280011cbc094ba7c41b4e678f7391fda38df0e56 differ
-diff --git a/fuzz/corpora/crl/2801400255b642b9257d05d31e162b12d381bc6a b/fuzz/corpora/crl/2801400255b642b9257d05d31e162b12d381bc6a
-new file mode 100644
-index 0000000..1201db5
-Binary files /dev/null and b/fuzz/corpora/crl/2801400255b642b9257d05d31e162b12d381bc6a differ
-diff --git a/fuzz/corpora/crl/280b820a2571cb4420f50048e603dea577a3f169 b/fuzz/corpora/crl/280b820a2571cb4420f50048e603dea577a3f169
-new file mode 100644
-index 0000000..26bdaea
-Binary files /dev/null and b/fuzz/corpora/crl/280b820a2571cb4420f50048e603dea577a3f169 differ
-diff --git a/fuzz/corpora/crl/2845b57940ff2a41d94850876bdff14ce1af60af b/fuzz/corpora/crl/2845b57940ff2a41d94850876bdff14ce1af60af
-new file mode 100644
-index 0000000..20d1c12
-Binary files /dev/null and b/fuzz/corpora/crl/2845b57940ff2a41d94850876bdff14ce1af60af differ
-diff --git a/fuzz/corpora/crl/28606ba70ca79ab36d5d001a9d2de61abc36a87d b/fuzz/corpora/crl/28606ba70ca79ab36d5d001a9d2de61abc36a87d
-new file mode 100644
-index 0000000..0930f5b
-Binary files /dev/null and b/fuzz/corpora/crl/28606ba70ca79ab36d5d001a9d2de61abc36a87d differ
-diff --git a/fuzz/corpora/crl/2931709aef558ac8932d67e6d2232389f865a267 b/fuzz/corpora/crl/2931709aef558ac8932d67e6d2232389f865a267
-new file mode 100644
-index 0000000..8915c16
-Binary files /dev/null and b/fuzz/corpora/crl/2931709aef558ac8932d67e6d2232389f865a267 differ
-diff --git a/fuzz/corpora/crl/29513c3d00dedafca91adcb8e4b4210e4e138a22 b/fuzz/corpora/crl/29513c3d00dedafca91adcb8e4b4210e4e138a22
-new file mode 100644
-index 0000000..527aa8c
-Binary files /dev/null and b/fuzz/corpora/crl/29513c3d00dedafca91adcb8e4b4210e4e138a22 differ
-diff --git a/fuzz/corpora/crl/29dd5dcfaa008ace8355feff2d5ac286fad80ea1 b/fuzz/corpora/crl/29dd5dcfaa008ace8355feff2d5ac286fad80ea1
-new file mode 100644
-index 0000000..bc97e61
-Binary files /dev/null and b/fuzz/corpora/crl/29dd5dcfaa008ace8355feff2d5ac286fad80ea1 differ
-diff --git a/fuzz/corpora/crl/2a578da8956d8faefee211031d4916d8d13e2887 b/fuzz/corpora/crl/2a578da8956d8faefee211031d4916d8d13e2887
-new file mode 100644
-index 0000000..d16a1c9
-Binary files /dev/null and b/fuzz/corpora/crl/2a578da8956d8faefee211031d4916d8d13e2887 differ
-diff --git a/fuzz/corpora/crl/2a77db3dd64728c0b59ab593d95f68dbc0c3707b b/fuzz/corpora/crl/2a77db3dd64728c0b59ab593d95f68dbc0c3707b
-new file mode 100644
-index 0000000..87cd2ee
-Binary files /dev/null and b/fuzz/corpora/crl/2a77db3dd64728c0b59ab593d95f68dbc0c3707b differ
-diff --git a/fuzz/corpora/crl/2b6ecede6350f0121d64aac259a1cb91cc9e6bf8 b/fuzz/corpora/crl/2b6ecede6350f0121d64aac259a1cb91cc9e6bf8
-new file mode 100644
-index 0000000..7ce5335
-Binary files /dev/null and b/fuzz/corpora/crl/2b6ecede6350f0121d64aac259a1cb91cc9e6bf8 differ
-diff --git a/fuzz/corpora/crl/2c0a7a185e77ae4938ca891b3f457eb39753f446 b/fuzz/corpora/crl/2c0a7a185e77ae4938ca891b3f457eb39753f446
-new file mode 100644
-index 0000000..9a2231f
-Binary files /dev/null and b/fuzz/corpora/crl/2c0a7a185e77ae4938ca891b3f457eb39753f446 differ
-diff --git a/fuzz/corpora/crl/2ca74f6eb8e4ae4a32334a7e455e67419e7075f5 b/fuzz/corpora/crl/2ca74f6eb8e4ae4a32334a7e455e67419e7075f5
-new file mode 100644
-index 0000000..4fbeee2
-Binary files /dev/null and b/fuzz/corpora/crl/2ca74f6eb8e4ae4a32334a7e455e67419e7075f5 differ
-diff --git a/fuzz/corpora/crl/2cf70302dcfc7fe61a8b453748c5abdf311f0bbd b/fuzz/corpora/crl/2cf70302dcfc7fe61a8b453748c5abdf311f0bbd
-new file mode 100644
-index 0000000..283daaf
-Binary files /dev/null and b/fuzz/corpora/crl/2cf70302dcfc7fe61a8b453748c5abdf311f0bbd differ
-diff --git a/fuzz/corpora/crl/2cfc5d982cb09964383b0ecf184182ab263a355b b/fuzz/corpora/crl/2cfc5d982cb09964383b0ecf184182ab263a355b
-new file mode 100644
-index 0000000..38f0eb4
-Binary files /dev/null and b/fuzz/corpora/crl/2cfc5d982cb09964383b0ecf184182ab263a355b differ
-diff --git a/fuzz/corpora/crl/2d4d812eb441023b2b6047a7286434d4c578fef4 b/fuzz/corpora/crl/2d4d812eb441023b2b6047a7286434d4c578fef4
-new file mode 100644
-index 0000000..46b1387
-Binary files /dev/null and b/fuzz/corpora/crl/2d4d812eb441023b2b6047a7286434d4c578fef4 differ
-diff --git a/fuzz/corpora/crl/2d6964028a6701e70af1b4ff87ff4422467aa442 b/fuzz/corpora/crl/2d6964028a6701e70af1b4ff87ff4422467aa442
-new file mode 100644
-index 0000000..5f4bc7e
-Binary files /dev/null and b/fuzz/corpora/crl/2d6964028a6701e70af1b4ff87ff4422467aa442 differ
-diff --git a/fuzz/corpora/crl/2d7a525dead44e2560e32847522347ffd2146f91 b/fuzz/corpora/crl/2d7a525dead44e2560e32847522347ffd2146f91
-new file mode 100644
-index 0000000..07260e7
-Binary files /dev/null and b/fuzz/corpora/crl/2d7a525dead44e2560e32847522347ffd2146f91 differ
-diff --git a/fuzz/corpora/crl/2df72e3f3ae3bc89176afa2ac8d64e149eced7be b/fuzz/corpora/crl/2df72e3f3ae3bc89176afa2ac8d64e149eced7be
-new file mode 100644
-index 0000000..934d85c
-Binary files /dev/null and b/fuzz/corpora/crl/2df72e3f3ae3bc89176afa2ac8d64e149eced7be differ
-diff --git a/fuzz/corpora/crl/2e4685262f5eac525b7e9eb4cb430d0f52ac7a1b b/fuzz/corpora/crl/2e4685262f5eac525b7e9eb4cb430d0f52ac7a1b
-new file mode 100644
-index 0000000..39865f7
-Binary files /dev/null and b/fuzz/corpora/crl/2e4685262f5eac525b7e9eb4cb430d0f52ac7a1b differ
-diff --git a/fuzz/corpora/crl/2f270e61d86f8a2f2cf7afacf967cd5f8f0a1b5d b/fuzz/corpora/crl/2f270e61d86f8a2f2cf7afacf967cd5f8f0a1b5d
-new file mode 100644
-index 0000000..2334f90
-Binary files /dev/null and b/fuzz/corpora/crl/2f270e61d86f8a2f2cf7afacf967cd5f8f0a1b5d differ
-diff --git a/fuzz/corpora/crl/2f32f5e10929774a5eeb2770d7b3eab9f6bf6ee2 b/fuzz/corpora/crl/2f32f5e10929774a5eeb2770d7b3eab9f6bf6ee2
-new file mode 100644
-index 0000000..a108485
-Binary files /dev/null and b/fuzz/corpora/crl/2f32f5e10929774a5eeb2770d7b3eab9f6bf6ee2 differ
-diff --git a/fuzz/corpora/crl/2fb1a00547d555aafecb3351f36050e87f2f9456 b/fuzz/corpora/crl/2fb1a00547d555aafecb3351f36050e87f2f9456
-new file mode 100644
-index 0000000..2781105
-Binary files /dev/null and b/fuzz/corpora/crl/2fb1a00547d555aafecb3351f36050e87f2f9456 differ
-diff --git a/fuzz/corpora/crl/2fdd0e2df212914ab2b943c34b70494bfa2be342 b/fuzz/corpora/crl/2fdd0e2df212914ab2b943c34b70494bfa2be342
-new file mode 100644
-index 0000000..9df904e
-Binary files /dev/null and b/fuzz/corpora/crl/2fdd0e2df212914ab2b943c34b70494bfa2be342 differ
-diff --git a/fuzz/corpora/crl/310f179d61612021f4c0aaf2fd4e92f1eb246940 b/fuzz/corpora/crl/310f179d61612021f4c0aaf2fd4e92f1eb246940
-new file mode 100644
-index 0000000..28b4370
-Binary files /dev/null and b/fuzz/corpora/crl/310f179d61612021f4c0aaf2fd4e92f1eb246940 differ
-diff --git a/fuzz/corpora/crl/311a713a439d9cd620f7a5857672d5bc65df4e19 b/fuzz/corpora/crl/311a713a439d9cd620f7a5857672d5bc65df4e19
-new file mode 100644
-index 0000000..827b715
-Binary files /dev/null and b/fuzz/corpora/crl/311a713a439d9cd620f7a5857672d5bc65df4e19 differ
-diff --git a/fuzz/corpora/crl/316c624b43acd44977d92a72f6ccdb12293fbb6f b/fuzz/corpora/crl/316c624b43acd44977d92a72f6ccdb12293fbb6f
-new file mode 100644
-index 0000000..fb036d1
-Binary files /dev/null and b/fuzz/corpora/crl/316c624b43acd44977d92a72f6ccdb12293fbb6f differ
-diff --git a/fuzz/corpora/crl/3368887ba68c596e23f69520fb78a0d3adb1ea20 b/fuzz/corpora/crl/3368887ba68c596e23f69520fb78a0d3adb1ea20
-new file mode 100644
-index 0000000..7f4f75a
-Binary files /dev/null and b/fuzz/corpora/crl/3368887ba68c596e23f69520fb78a0d3adb1ea20 differ
-diff --git a/fuzz/corpora/crl/34389ccc97b4dacca77a3c8359644115707688af b/fuzz/corpora/crl/34389ccc97b4dacca77a3c8359644115707688af
-new file mode 100644
-index 0000000..41f6123
-Binary files /dev/null and b/fuzz/corpora/crl/34389ccc97b4dacca77a3c8359644115707688af differ
-diff --git a/fuzz/corpora/crl/3449439e19f1fae21502dad2eebae25bbe33710f b/fuzz/corpora/crl/3449439e19f1fae21502dad2eebae25bbe33710f
-new file mode 100644
-index 0000000..87b64ee
-Binary files /dev/null and b/fuzz/corpora/crl/3449439e19f1fae21502dad2eebae25bbe33710f differ
-diff --git a/fuzz/corpora/crl/34691f8b0436eca2028f6dc9780dea6bfc6b49d8 b/fuzz/corpora/crl/34691f8b0436eca2028f6dc9780dea6bfc6b49d8
-new file mode 100644
-index 0000000..9a992ad
-Binary files /dev/null and b/fuzz/corpora/crl/34691f8b0436eca2028f6dc9780dea6bfc6b49d8 differ
-diff --git a/fuzz/corpora/crl/347171eaf30bb2d236a0ac96e376728926203063 b/fuzz/corpora/crl/347171eaf30bb2d236a0ac96e376728926203063
-new file mode 100644
-index 0000000..6971803
-Binary files /dev/null and b/fuzz/corpora/crl/347171eaf30bb2d236a0ac96e376728926203063 differ
-diff --git a/fuzz/corpora/crl/348e087e3eb99f5d51551cc86905cddb1313ee60 b/fuzz/corpora/crl/348e087e3eb99f5d51551cc86905cddb1313ee60
-new file mode 100644
-index 0000000..d214326
-Binary files /dev/null and b/fuzz/corpora/crl/348e087e3eb99f5d51551cc86905cddb1313ee60 differ
-diff --git a/fuzz/corpora/crl/3493744836f5f5424e0799b42764cd70dfb8296f b/fuzz/corpora/crl/3493744836f5f5424e0799b42764cd70dfb8296f
-new file mode 100644
-index 0000000..b008e3b
-Binary files /dev/null and b/fuzz/corpora/crl/3493744836f5f5424e0799b42764cd70dfb8296f differ
-diff --git a/fuzz/corpora/crl/34dd5e815368f10bce4ac092c2c667134226abca b/fuzz/corpora/crl/34dd5e815368f10bce4ac092c2c667134226abca
-new file mode 100644
-index 0000000..90950c0
-Binary files /dev/null and b/fuzz/corpora/crl/34dd5e815368f10bce4ac092c2c667134226abca differ
-diff --git a/fuzz/corpora/crl/3511326b46c76d66269b4505bd1e0585fc0ecce0 b/fuzz/corpora/crl/3511326b46c76d66269b4505bd1e0585fc0ecce0
-new file mode 100644
-index 0000000..31aee5e
-Binary files /dev/null and b/fuzz/corpora/crl/3511326b46c76d66269b4505bd1e0585fc0ecce0 differ
-diff --git a/fuzz/corpora/crl/35c5a98ad872fe3e8e2409883190d9a56af579b2 b/fuzz/corpora/crl/35c5a98ad872fe3e8e2409883190d9a56af579b2
-new file mode 100644
-index 0000000..ec87905
-Binary files /dev/null and b/fuzz/corpora/crl/35c5a98ad872fe3e8e2409883190d9a56af579b2 differ
-diff --git a/fuzz/corpora/crl/35dd0cf880fd0ba14d9b3ce97835076426806fb8 b/fuzz/corpora/crl/35dd0cf880fd0ba14d9b3ce97835076426806fb8
-new file mode 100644
-index 0000000..c91cd70
-Binary files /dev/null and b/fuzz/corpora/crl/35dd0cf880fd0ba14d9b3ce97835076426806fb8 differ
-diff --git a/fuzz/corpora/crl/3667e0aa4e9d3d61ece533840d0c1190cfa206ec b/fuzz/corpora/crl/3667e0aa4e9d3d61ece533840d0c1190cfa206ec
-new file mode 100644
-index 0000000..b647d52
-Binary files /dev/null and b/fuzz/corpora/crl/3667e0aa4e9d3d61ece533840d0c1190cfa206ec differ
-diff --git a/fuzz/corpora/crl/3675f36488839dd335a71d22a3befafbcd306d79 b/fuzz/corpora/crl/3675f36488839dd335a71d22a3befafbcd306d79
-new file mode 100644
-index 0000000..689eba0
-Binary files /dev/null and b/fuzz/corpora/crl/3675f36488839dd335a71d22a3befafbcd306d79 differ
-diff --git a/fuzz/corpora/crl/36c4dbe5b2a9556de5a5fb8146bc2ea0f562e1ec b/fuzz/corpora/crl/36c4dbe5b2a9556de5a5fb8146bc2ea0f562e1ec
-new file mode 100644
-index 0000000..3a1554b
-Binary files /dev/null and b/fuzz/corpora/crl/36c4dbe5b2a9556de5a5fb8146bc2ea0f562e1ec differ
-diff --git a/fuzz/corpora/crl/36dddca29d992d56f77d3b926b0bea0f3895aef4 b/fuzz/corpora/crl/36dddca29d992d56f77d3b926b0bea0f3895aef4
-new file mode 100644
-index 0000000..12087e2
-Binary files /dev/null and b/fuzz/corpora/crl/36dddca29d992d56f77d3b926b0bea0f3895aef4 differ
-diff --git a/fuzz/corpora/crl/380ce41402e855090920b63e1f62ad2b58de2449 b/fuzz/corpora/crl/380ce41402e855090920b63e1f62ad2b58de2449
-new file mode 100644
-index 0000000..afb274f
-Binary files /dev/null and b/fuzz/corpora/crl/380ce41402e855090920b63e1f62ad2b58de2449 differ
-diff --git a/fuzz/corpora/crl/382cf7b45d11f9d0420198e880b63d3d0186d5e2 b/fuzz/corpora/crl/382cf7b45d11f9d0420198e880b63d3d0186d5e2
-new file mode 100644
-index 0000000..a2463e0
-Binary files /dev/null and b/fuzz/corpora/crl/382cf7b45d11f9d0420198e880b63d3d0186d5e2 differ
-diff --git a/fuzz/corpora/crl/39e26929ddd47f61663f7dc5332b8ca4879f8fb2 b/fuzz/corpora/crl/39e26929ddd47f61663f7dc5332b8ca4879f8fb2
-new file mode 100644
-index 0000000..4ce676b
-Binary files /dev/null and b/fuzz/corpora/crl/39e26929ddd47f61663f7dc5332b8ca4879f8fb2 differ
-diff --git a/fuzz/corpora/crl/39e30f45a89bc5aa771eefd2825f03d6056659a8 b/fuzz/corpora/crl/39e30f45a89bc5aa771eefd2825f03d6056659a8
-new file mode 100644
-index 0000000..e598fb4
-Binary files /dev/null and b/fuzz/corpora/crl/39e30f45a89bc5aa771eefd2825f03d6056659a8 differ
-diff --git a/fuzz/corpora/crl/3bd703c04a3e6e27f6caaf45febd045a06dad749 b/fuzz/corpora/crl/3bd703c04a3e6e27f6caaf45febd045a06dad749
-new file mode 100644
-index 0000000..4751563
-Binary files /dev/null and b/fuzz/corpora/crl/3bd703c04a3e6e27f6caaf45febd045a06dad749 differ
-diff --git a/fuzz/corpora/crl/3bf3d385e9bd24bc43f765e0cb4a7bbb3f4f56c3 b/fuzz/corpora/crl/3bf3d385e9bd24bc43f765e0cb4a7bbb3f4f56c3
-new file mode 100644
-index 0000000..c5eeb0d
-Binary files /dev/null and b/fuzz/corpora/crl/3bf3d385e9bd24bc43f765e0cb4a7bbb3f4f56c3 differ
-diff --git a/fuzz/corpora/crl/3dea6c4ce48508b2f216e75205489f7091265ad5 b/fuzz/corpora/crl/3dea6c4ce48508b2f216e75205489f7091265ad5
-new file mode 100644
-index 0000000..7b1c17d
-Binary files /dev/null and b/fuzz/corpora/crl/3dea6c4ce48508b2f216e75205489f7091265ad5 differ
-diff --git a/fuzz/corpora/crl/3e639a8e6003c8c082e66f4daf7ce79d8949d7fa b/fuzz/corpora/crl/3e639a8e6003c8c082e66f4daf7ce79d8949d7fa
-new file mode 100644
-index 0000000..9585be5
-Binary files /dev/null and b/fuzz/corpora/crl/3e639a8e6003c8c082e66f4daf7ce79d8949d7fa differ
-diff --git a/fuzz/corpora/crl/3e7192aded243b8785b622bad1cf05386914d31d b/fuzz/corpora/crl/3e7192aded243b8785b622bad1cf05386914d31d
-new file mode 100644
-index 0000000..94eaebd
-Binary files /dev/null and b/fuzz/corpora/crl/3e7192aded243b8785b622bad1cf05386914d31d differ
-diff --git a/fuzz/corpora/crl/3f1b12e63641370cbe504becc3c03ed2da66eb1e b/fuzz/corpora/crl/3f1b12e63641370cbe504becc3c03ed2da66eb1e
-new file mode 100644
-index 0000000..ab1cb31
-Binary files /dev/null and b/fuzz/corpora/crl/3f1b12e63641370cbe504becc3c03ed2da66eb1e differ
-diff --git a/fuzz/corpora/crl/3f26907b12df99de2da0a872c3ddd366348cbf70 b/fuzz/corpora/crl/3f26907b12df99de2da0a872c3ddd366348cbf70
-new file mode 100644
-index 0000000..4dfd143
-Binary files /dev/null and b/fuzz/corpora/crl/3f26907b12df99de2da0a872c3ddd366348cbf70 differ
-diff --git a/fuzz/corpora/crl/3f7812280043dc0e356a02fa61528841a3fd1bd2 b/fuzz/corpora/crl/3f7812280043dc0e356a02fa61528841a3fd1bd2
-new file mode 100644
-index 0000000..6dc3fce
-Binary files /dev/null and b/fuzz/corpora/crl/3f7812280043dc0e356a02fa61528841a3fd1bd2 differ
-diff --git a/fuzz/corpora/crl/3fa1d698b6494af820f9297034792e035867fe76 b/fuzz/corpora/crl/3fa1d698b6494af820f9297034792e035867fe76
-new file mode 100644
-index 0000000..2c223e4
-Binary files /dev/null and b/fuzz/corpora/crl/3fa1d698b6494af820f9297034792e035867fe76 differ
-diff --git a/fuzz/corpora/crl/3fae7dd374eb55cb81d1098b19818c126f95790d b/fuzz/corpora/crl/3fae7dd374eb55cb81d1098b19818c126f95790d
-new file mode 100644
-index 0000000..8e600fd
-Binary files /dev/null and b/fuzz/corpora/crl/3fae7dd374eb55cb81d1098b19818c126f95790d differ
-diff --git a/fuzz/corpora/crl/402baf29194619b796d224786069955735730a15 b/fuzz/corpora/crl/402baf29194619b796d224786069955735730a15
-new file mode 100644
-index 0000000..599e7cb
-Binary files /dev/null and b/fuzz/corpora/crl/402baf29194619b796d224786069955735730a15 differ
-diff --git a/fuzz/corpora/crl/407087545a01b8fe6481a240674860d238b27f11 b/fuzz/corpora/crl/407087545a01b8fe6481a240674860d238b27f11
-new file mode 100644
-index 0000000..dbfc624
-Binary files /dev/null and b/fuzz/corpora/crl/407087545a01b8fe6481a240674860d238b27f11 differ
-diff --git a/fuzz/corpora/crl/41672330b7b5cd15183732052448fad9bf350946 b/fuzz/corpora/crl/41672330b7b5cd15183732052448fad9bf350946
-new file mode 100644
-index 0000000..916c58d
-Binary files /dev/null and b/fuzz/corpora/crl/41672330b7b5cd15183732052448fad9bf350946 differ
-diff --git a/fuzz/corpora/crl/42239614a3b10c5791e70b1524f334bdb341514f b/fuzz/corpora/crl/42239614a3b10c5791e70b1524f334bdb341514f
-new file mode 100644
-index 0000000..11a23af
-Binary files /dev/null and b/fuzz/corpora/crl/42239614a3b10c5791e70b1524f334bdb341514f differ
-diff --git a/fuzz/corpora/crl/424ea3c40ae4cb389766d197177ac59bb2fdc5fe b/fuzz/corpora/crl/424ea3c40ae4cb389766d197177ac59bb2fdc5fe
-new file mode 100644
-index 0000000..725b51b
-Binary files /dev/null and b/fuzz/corpora/crl/424ea3c40ae4cb389766d197177ac59bb2fdc5fe differ
-diff --git a/fuzz/corpora/crl/436213f9f94a0fefa128a581371cba2396683d35 b/fuzz/corpora/crl/436213f9f94a0fefa128a581371cba2396683d35
-new file mode 100644
-index 0000000..4eccea4
-Binary files /dev/null and b/fuzz/corpora/crl/436213f9f94a0fefa128a581371cba2396683d35 differ
-diff --git a/fuzz/corpora/crl/439cb73aad98157c9865657ba286b63e19e515bb b/fuzz/corpora/crl/439cb73aad98157c9865657ba286b63e19e515bb
-new file mode 100644
-index 0000000..061160d
-Binary files /dev/null and b/fuzz/corpora/crl/439cb73aad98157c9865657ba286b63e19e515bb differ
-diff --git a/fuzz/corpora/crl/44533e589c78824f4f28d0e70d3f17724fcbbba0 b/fuzz/corpora/crl/44533e589c78824f4f28d0e70d3f17724fcbbba0
-new file mode 100644
-index 0000000..f5e043a
-Binary files /dev/null and b/fuzz/corpora/crl/44533e589c78824f4f28d0e70d3f17724fcbbba0 differ
-diff --git a/fuzz/corpora/crl/45e4deb186e64b96f09785b6241ba9f90f0e66a9 b/fuzz/corpora/crl/45e4deb186e64b96f09785b6241ba9f90f0e66a9
-new file mode 100644
-index 0000000..fbe5da5
-Binary files /dev/null and b/fuzz/corpora/crl/45e4deb186e64b96f09785b6241ba9f90f0e66a9 differ
-diff --git a/fuzz/corpora/crl/46082ca7a0f78a3b4eb4ea590a8f088b423383af b/fuzz/corpora/crl/46082ca7a0f78a3b4eb4ea590a8f088b423383af
-new file mode 100644
-index 0000000..9141b1f
-Binary files /dev/null and b/fuzz/corpora/crl/46082ca7a0f78a3b4eb4ea590a8f088b423383af differ
-diff --git a/fuzz/corpora/crl/47a337fd9f7c2997925e3515e39cab0dc87fa4e9 b/fuzz/corpora/crl/47a337fd9f7c2997925e3515e39cab0dc87fa4e9
-new file mode 100644
-index 0000000..b21fd21
-Binary files /dev/null and b/fuzz/corpora/crl/47a337fd9f7c2997925e3515e39cab0dc87fa4e9 differ
-diff --git a/fuzz/corpora/crl/483c040e5e696cf5d985f59a544eeccfc2d48470 b/fuzz/corpora/crl/483c040e5e696cf5d985f59a544eeccfc2d48470
-new file mode 100644
-index 0000000..901b6ec
-Binary files /dev/null and b/fuzz/corpora/crl/483c040e5e696cf5d985f59a544eeccfc2d48470 differ
-diff --git a/fuzz/corpora/crl/48949cb0d098926c4470bc39f253ae72e8067d25 b/fuzz/corpora/crl/48949cb0d098926c4470bc39f253ae72e8067d25
-new file mode 100644
-index 0000000..2bb38c0
-Binary files /dev/null and b/fuzz/corpora/crl/48949cb0d098926c4470bc39f253ae72e8067d25 differ
-diff --git a/fuzz/corpora/crl/49858f9dfe30f31bb9f6836c9fb0bdf06b3c3a2c b/fuzz/corpora/crl/49858f9dfe30f31bb9f6836c9fb0bdf06b3c3a2c
-new file mode 100644
-index 0000000..182872b
-Binary files /dev/null and b/fuzz/corpora/crl/49858f9dfe30f31bb9f6836c9fb0bdf06b3c3a2c differ
-diff --git a/fuzz/corpora/crl/49fdaac9700faed9cbbf77f4d71f5222cda01698 b/fuzz/corpora/crl/49fdaac9700faed9cbbf77f4d71f5222cda01698
-new file mode 100644
-index 0000000..a401d53
-Binary files /dev/null and b/fuzz/corpora/crl/49fdaac9700faed9cbbf77f4d71f5222cda01698 differ
-diff --git a/fuzz/corpora/crl/4a47daecf968115b0cb014affb63da31ad8e1abe b/fuzz/corpora/crl/4a47daecf968115b0cb014affb63da31ad8e1abe
-new file mode 100644
-index 0000000..8e6680e
-Binary files /dev/null and b/fuzz/corpora/crl/4a47daecf968115b0cb014affb63da31ad8e1abe differ
-diff --git a/fuzz/corpora/crl/4ae99e9fbc808e7cb4a7458dd64c93de45774afe b/fuzz/corpora/crl/4ae99e9fbc808e7cb4a7458dd64c93de45774afe
-new file mode 100644
-index 0000000..71464a5
-Binary files /dev/null and b/fuzz/corpora/crl/4ae99e9fbc808e7cb4a7458dd64c93de45774afe differ
-diff --git a/fuzz/corpora/crl/4b0810d02acafb4b86174fb7a2613f9310d89a28 b/fuzz/corpora/crl/4b0810d02acafb4b86174fb7a2613f9310d89a28
-new file mode 100644
-index 0000000..7822124
-Binary files /dev/null and b/fuzz/corpora/crl/4b0810d02acafb4b86174fb7a2613f9310d89a28 differ
-diff --git a/fuzz/corpora/crl/4b904a636411b25fdebf5e526077349243dad215 b/fuzz/corpora/crl/4b904a636411b25fdebf5e526077349243dad215
-new file mode 100644
-index 0000000..1abeb1b
-Binary files /dev/null and b/fuzz/corpora/crl/4b904a636411b25fdebf5e526077349243dad215 differ
-diff --git a/fuzz/corpora/crl/4baa071e14d1d48d2b85630cd8596f155b395ea8 b/fuzz/corpora/crl/4baa071e14d1d48d2b85630cd8596f155b395ea8
-new file mode 100644
-index 0000000..c212289
-Binary files /dev/null and b/fuzz/corpora/crl/4baa071e14d1d48d2b85630cd8596f155b395ea8 differ
-diff --git a/fuzz/corpora/crl/4cd7ea58c54cce992f1c8978d64c4d5cdeabd1d4 b/fuzz/corpora/crl/4cd7ea58c54cce992f1c8978d64c4d5cdeabd1d4
-new file mode 100644
-index 0000000..7e4b9ca
-Binary files /dev/null and b/fuzz/corpora/crl/4cd7ea58c54cce992f1c8978d64c4d5cdeabd1d4 differ
-diff --git a/fuzz/corpora/crl/4ce4f63a2c1b5ae78c5c5939185e9693fbbea159 b/fuzz/corpora/crl/4ce4f63a2c1b5ae78c5c5939185e9693fbbea159
-new file mode 100644
-index 0000000..d12df89
-Binary files /dev/null and b/fuzz/corpora/crl/4ce4f63a2c1b5ae78c5c5939185e9693fbbea159 differ
-diff --git a/fuzz/corpora/crl/4d61fe262f72df2d37d870b3e54bf9cac334d4d0 b/fuzz/corpora/crl/4d61fe262f72df2d37d870b3e54bf9cac334d4d0
-new file mode 100644
-index 0000000..d54ae44
-Binary files /dev/null and b/fuzz/corpora/crl/4d61fe262f72df2d37d870b3e54bf9cac334d4d0 differ
-diff --git a/fuzz/corpora/crl/4e18b1c6ec8bacc76c028484e3b28b4f08bfc5e5 b/fuzz/corpora/crl/4e18b1c6ec8bacc76c028484e3b28b4f08bfc5e5
-new file mode 100644
-index 0000000..7bf16ad
-Binary files /dev/null and b/fuzz/corpora/crl/4e18b1c6ec8bacc76c028484e3b28b4f08bfc5e5 differ
-diff --git a/fuzz/corpora/crl/4e367de156059d724754b3bf9985330bb08f2bb8 b/fuzz/corpora/crl/4e367de156059d724754b3bf9985330bb08f2bb8
-new file mode 100644
-index 0000000..75a7220
-Binary files /dev/null and b/fuzz/corpora/crl/4e367de156059d724754b3bf9985330bb08f2bb8 differ
-diff --git a/fuzz/corpora/crl/4e3e5e91d2f3e2e15470fca719747ba053ecdf9b b/fuzz/corpora/crl/4e3e5e91d2f3e2e15470fca719747ba053ecdf9b
-new file mode 100644
-index 0000000..f19573f
-Binary files /dev/null and b/fuzz/corpora/crl/4e3e5e91d2f3e2e15470fca719747ba053ecdf9b differ
-diff --git a/fuzz/corpora/crl/4e654279eb3b499d4ce3632d0b50a8bb0e7b236c b/fuzz/corpora/crl/4e654279eb3b499d4ce3632d0b50a8bb0e7b236c
-new file mode 100644
-index 0000000..75b20ed
-Binary files /dev/null and b/fuzz/corpora/crl/4e654279eb3b499d4ce3632d0b50a8bb0e7b236c differ
-diff --git a/fuzz/corpora/crl/4fdc6f064419ae8f9eff2f29c6a5e32a744a1bf9 b/fuzz/corpora/crl/4fdc6f064419ae8f9eff2f29c6a5e32a744a1bf9
-new file mode 100644
-index 0000000..587e74b
-Binary files /dev/null and b/fuzz/corpora/crl/4fdc6f064419ae8f9eff2f29c6a5e32a744a1bf9 differ
-diff --git a/fuzz/corpora/crl/4fe14f88a5c8168ea97005fc16d0ced8db3e3191 b/fuzz/corpora/crl/4fe14f88a5c8168ea97005fc16d0ced8db3e3191
-new file mode 100644
-index 0000000..371f00b
-Binary files /dev/null and b/fuzz/corpora/crl/4fe14f88a5c8168ea97005fc16d0ced8db3e3191 differ
-diff --git a/fuzz/corpora/crl/50350f105f97f0bb411334294afd3cabc7584f3c b/fuzz/corpora/crl/50350f105f97f0bb411334294afd3cabc7584f3c
-new file mode 100644
-index 0000000..3a99686
-Binary files /dev/null and b/fuzz/corpora/crl/50350f105f97f0bb411334294afd3cabc7584f3c differ
-diff --git a/fuzz/corpora/crl/50a65ae9f2b947d607b1205fe590ef3fba26dd3b b/fuzz/corpora/crl/50a65ae9f2b947d607b1205fe590ef3fba26dd3b
-new file mode 100644
-index 0000000..4555ece
-Binary files /dev/null and b/fuzz/corpora/crl/50a65ae9f2b947d607b1205fe590ef3fba26dd3b differ
-diff --git a/fuzz/corpora/crl/51108169ecf2dfb1f21f1fd6830e745afa41baef b/fuzz/corpora/crl/51108169ecf2dfb1f21f1fd6830e745afa41baef
-new file mode 100644
-index 0000000..cc2f240
-Binary files /dev/null and b/fuzz/corpora/crl/51108169ecf2dfb1f21f1fd6830e745afa41baef differ
-diff --git a/fuzz/corpora/crl/51c1095f6e83698a0958cd42f38001bc4f65ec9e b/fuzz/corpora/crl/51c1095f6e83698a0958cd42f38001bc4f65ec9e
-new file mode 100644
-index 0000000..ddf7bcc
-Binary files /dev/null and b/fuzz/corpora/crl/51c1095f6e83698a0958cd42f38001bc4f65ec9e differ
-diff --git a/fuzz/corpora/crl/51c370858932cd6484148d1ac441aeefa7c736b6 b/fuzz/corpora/crl/51c370858932cd6484148d1ac441aeefa7c736b6
-new file mode 100644
-index 0000000..1889441
-Binary files /dev/null and b/fuzz/corpora/crl/51c370858932cd6484148d1ac441aeefa7c736b6 differ
-diff --git a/fuzz/corpora/crl/53b1aa6549696dac32b88dd7a91581a025965ca7 b/fuzz/corpora/crl/53b1aa6549696dac32b88dd7a91581a025965ca7
-new file mode 100644
-index 0000000..c6f8e34
-Binary files /dev/null and b/fuzz/corpora/crl/53b1aa6549696dac32b88dd7a91581a025965ca7 differ
-diff --git a/fuzz/corpora/crl/53d3be3c870d4da99e7eecda6d1c13c14d351472 b/fuzz/corpora/crl/53d3be3c870d4da99e7eecda6d1c13c14d351472
-new file mode 100644
-index 0000000..363f4ce
-Binary files /dev/null and b/fuzz/corpora/crl/53d3be3c870d4da99e7eecda6d1c13c14d351472 differ
-diff --git a/fuzz/corpora/crl/5432dc9b746de8ae989aa2576a8fc0753da80a8e b/fuzz/corpora/crl/5432dc9b746de8ae989aa2576a8fc0753da80a8e
-new file mode 100644
-index 0000000..163897b
-Binary files /dev/null and b/fuzz/corpora/crl/5432dc9b746de8ae989aa2576a8fc0753da80a8e differ
-diff --git a/fuzz/corpora/crl/5695ee7de7d1fe305238a6551532d7e7db01986b b/fuzz/corpora/crl/5695ee7de7d1fe305238a6551532d7e7db01986b
-new file mode 100644
-index 0000000..2266be4
-Binary files /dev/null and b/fuzz/corpora/crl/5695ee7de7d1fe305238a6551532d7e7db01986b differ
-diff --git a/fuzz/corpora/crl/56dc255891b45d27462dbec70266ae279dc0ecc3 b/fuzz/corpora/crl/56dc255891b45d27462dbec70266ae279dc0ecc3
-new file mode 100644
-index 0000000..1e2dd7f
-Binary files /dev/null and b/fuzz/corpora/crl/56dc255891b45d27462dbec70266ae279dc0ecc3 differ
-diff --git a/fuzz/corpora/crl/5750eb715b4aa0dcbb45e6c3174fb4a4e977bed1 b/fuzz/corpora/crl/5750eb715b4aa0dcbb45e6c3174fb4a4e977bed1
-new file mode 100644
-index 0000000..32502b2
-Binary files /dev/null and b/fuzz/corpora/crl/5750eb715b4aa0dcbb45e6c3174fb4a4e977bed1 differ
-diff --git a/fuzz/corpora/crl/57a8b2150e2ebb67cbf5e12d48a4160736e022cf b/fuzz/corpora/crl/57a8b2150e2ebb67cbf5e12d48a4160736e022cf
-new file mode 100644
-index 0000000..4f7ebcd
-Binary files /dev/null and b/fuzz/corpora/crl/57a8b2150e2ebb67cbf5e12d48a4160736e022cf differ
-diff --git a/fuzz/corpora/crl/582ba4b3f10f6191da7fc87ee6aabc2b3baacd2d b/fuzz/corpora/crl/582ba4b3f10f6191da7fc87ee6aabc2b3baacd2d
-new file mode 100644
-index 0000000..6f62b29
-Binary files /dev/null and b/fuzz/corpora/crl/582ba4b3f10f6191da7fc87ee6aabc2b3baacd2d differ
-diff --git a/fuzz/corpora/crl/585b06df2c379062400b843f5da6ff53abe51c35 b/fuzz/corpora/crl/585b06df2c379062400b843f5da6ff53abe51c35
-new file mode 100644
-index 0000000..f22d2ad
-Binary files /dev/null and b/fuzz/corpora/crl/585b06df2c379062400b843f5da6ff53abe51c35 differ
-diff --git a/fuzz/corpora/crl/588b72d8548dba138df51a9280fd168addb64d8a b/fuzz/corpora/crl/588b72d8548dba138df51a9280fd168addb64d8a
-new file mode 100644
-index 0000000..fb86665
-Binary files /dev/null and b/fuzz/corpora/crl/588b72d8548dba138df51a9280fd168addb64d8a differ
-diff --git a/fuzz/corpora/crl/58936640790fa015f4e633c752dbab71c2ca8c8f b/fuzz/corpora/crl/58936640790fa015f4e633c752dbab71c2ca8c8f
-new file mode 100644
-index 0000000..c436475
-Binary files /dev/null and b/fuzz/corpora/crl/58936640790fa015f4e633c752dbab71c2ca8c8f differ
-diff --git a/fuzz/corpora/crl/58b85b0dbd3560a22c9662079bdcf6d38ecd289b b/fuzz/corpora/crl/58b85b0dbd3560a22c9662079bdcf6d38ecd289b
-new file mode 100644
-index 0000000..be03592
-Binary files /dev/null and b/fuzz/corpora/crl/58b85b0dbd3560a22c9662079bdcf6d38ecd289b differ
-diff --git a/fuzz/corpora/crl/5a6ce9022fdea84bbf3aa9526b3604f3ef11d841 b/fuzz/corpora/crl/5a6ce9022fdea84bbf3aa9526b3604f3ef11d841
-new file mode 100644
-index 0000000..faa4b3d
-Binary files /dev/null and b/fuzz/corpora/crl/5a6ce9022fdea84bbf3aa9526b3604f3ef11d841 differ
-diff --git a/fuzz/corpora/crl/5af6b97e2d78b9762f8d52d191e0288c7bc48b19 b/fuzz/corpora/crl/5af6b97e2d78b9762f8d52d191e0288c7bc48b19
-new file mode 100644
-index 0000000..0288e33
-Binary files /dev/null and b/fuzz/corpora/crl/5af6b97e2d78b9762f8d52d191e0288c7bc48b19 differ
-diff --git a/fuzz/corpora/crl/5b00e10c7eae023dd7512a4764ffce8fa5ea85f6 b/fuzz/corpora/crl/5b00e10c7eae023dd7512a4764ffce8fa5ea85f6
-new file mode 100644
-index 0000000..2b16e02
-Binary files /dev/null and b/fuzz/corpora/crl/5b00e10c7eae023dd7512a4764ffce8fa5ea85f6 differ
-diff --git a/fuzz/corpora/crl/5b1c79d57395adbcd744853a563b149e0bc3e8ae b/fuzz/corpora/crl/5b1c79d57395adbcd744853a563b149e0bc3e8ae
-new file mode 100644
-index 0000000..b85498d
-Binary files /dev/null and b/fuzz/corpora/crl/5b1c79d57395adbcd744853a563b149e0bc3e8ae differ
-diff --git a/fuzz/corpora/crl/5b1db4060dbe3c6e377783dbeb98aa8c6d1fe03f b/fuzz/corpora/crl/5b1db4060dbe3c6e377783dbeb98aa8c6d1fe03f
-new file mode 100644
-index 0000000..8206a8b
-Binary files /dev/null and b/fuzz/corpora/crl/5b1db4060dbe3c6e377783dbeb98aa8c6d1fe03f differ
-diff --git a/fuzz/corpora/crl/5b9a775a7774ccb43581c3cca1c71b567d481e6b b/fuzz/corpora/crl/5b9a775a7774ccb43581c3cca1c71b567d481e6b
-new file mode 100644
-index 0000000..4d37478
-Binary files /dev/null and b/fuzz/corpora/crl/5b9a775a7774ccb43581c3cca1c71b567d481e6b differ
-diff --git a/fuzz/corpora/crl/5bab61eb53176449e25c2c82f172b82cb13ffb9d b/fuzz/corpora/crl/5bab61eb53176449e25c2c82f172b82cb13ffb9d
-new file mode 100644
-index 0000000..0d758c9
-Binary files /dev/null and b/fuzz/corpora/crl/5bab61eb53176449e25c2c82f172b82cb13ffb9d differ
-diff --git a/fuzz/corpora/crl/5bd7fd198d050f8e69f643ac59f8f60dc45189d6 b/fuzz/corpora/crl/5bd7fd198d050f8e69f643ac59f8f60dc45189d6
-new file mode 100644
-index 0000000..1d30dfe
-Binary files /dev/null and b/fuzz/corpora/crl/5bd7fd198d050f8e69f643ac59f8f60dc45189d6 differ
-diff --git a/fuzz/corpora/crl/5bdec94e9b5e70e9ab720b91286b7f3d00147f50 b/fuzz/corpora/crl/5bdec94e9b5e70e9ab720b91286b7f3d00147f50
-new file mode 100644
-index 0000000..e4a8889
-Binary files /dev/null and b/fuzz/corpora/crl/5bdec94e9b5e70e9ab720b91286b7f3d00147f50 differ
-diff --git a/fuzz/corpora/crl/5c5601a479a2d75a22e0274570a943ae32083960 b/fuzz/corpora/crl/5c5601a479a2d75a22e0274570a943ae32083960
-new file mode 100644
-index 0000000..ed6d5e9
-Binary files /dev/null and b/fuzz/corpora/crl/5c5601a479a2d75a22e0274570a943ae32083960 differ
-diff --git a/fuzz/corpora/crl/5c736f6aa737601d6e3574c21d8cd3425378fb9e b/fuzz/corpora/crl/5c736f6aa737601d6e3574c21d8cd3425378fb9e
-new file mode 100644
-index 0000000..b617260
-Binary files /dev/null and b/fuzz/corpora/crl/5c736f6aa737601d6e3574c21d8cd3425378fb9e differ
-diff --git a/fuzz/corpora/crl/5d308f0df0c3a0280aa05e31ee6dc81c22f147ee b/fuzz/corpora/crl/5d308f0df0c3a0280aa05e31ee6dc81c22f147ee
-new file mode 100644
-index 0000000..ea3e3ae
-Binary files /dev/null and b/fuzz/corpora/crl/5d308f0df0c3a0280aa05e31ee6dc81c22f147ee differ
-diff --git a/fuzz/corpora/crl/5d88980c72a84f870198582896eb7d01ae4c1206 b/fuzz/corpora/crl/5d88980c72a84f870198582896eb7d01ae4c1206
-new file mode 100644
-index 0000000..ba91b46
-Binary files /dev/null and b/fuzz/corpora/crl/5d88980c72a84f870198582896eb7d01ae4c1206 differ
-diff --git a/fuzz/corpora/crl/5dbdb27364bec11fc5efd854d554705565c219fa b/fuzz/corpora/crl/5dbdb27364bec11fc5efd854d554705565c219fa
-new file mode 100644
-index 0000000..e96aa61
-Binary files /dev/null and b/fuzz/corpora/crl/5dbdb27364bec11fc5efd854d554705565c219fa differ
-diff --git a/fuzz/corpora/crl/5ea4fb47f04fea19ff251727652e57ac54ac1d37 b/fuzz/corpora/crl/5ea4fb47f04fea19ff251727652e57ac54ac1d37
-new file mode 100644
-index 0000000..8a75459
-Binary files /dev/null and b/fuzz/corpora/crl/5ea4fb47f04fea19ff251727652e57ac54ac1d37 differ
-diff --git a/fuzz/corpora/crl/5f2ebfcac46ddcd8e46a2b35e394602c2865cbf8 b/fuzz/corpora/crl/5f2ebfcac46ddcd8e46a2b35e394602c2865cbf8
-new file mode 100644
-index 0000000..e13890e
-Binary files /dev/null and b/fuzz/corpora/crl/5f2ebfcac46ddcd8e46a2b35e394602c2865cbf8 differ
-diff --git a/fuzz/corpora/crl/5ff699115a66ebc1a3a05327b0d56a7333db09ee b/fuzz/corpora/crl/5ff699115a66ebc1a3a05327b0d56a7333db09ee
-new file mode 100644
-index 0000000..b9baeb3
-Binary files /dev/null and b/fuzz/corpora/crl/5ff699115a66ebc1a3a05327b0d56a7333db09ee differ
-diff --git a/fuzz/corpora/crl/60088a52ca9d1d51e3d98f43005f6f9453fa2eba b/fuzz/corpora/crl/60088a52ca9d1d51e3d98f43005f6f9453fa2eba
-new file mode 100644
-index 0000000..608e86e
-Binary files /dev/null and b/fuzz/corpora/crl/60088a52ca9d1d51e3d98f43005f6f9453fa2eba differ
-diff --git a/fuzz/corpora/crl/6033d702f671aa595fe4d19135e88b3c7231f27d b/fuzz/corpora/crl/6033d702f671aa595fe4d19135e88b3c7231f27d
-new file mode 100644
-index 0000000..d93f6ee
-Binary files /dev/null and b/fuzz/corpora/crl/6033d702f671aa595fe4d19135e88b3c7231f27d differ
-diff --git a/fuzz/corpora/crl/6065fa4b10c1f21e184db1925234c656f19c94d3 b/fuzz/corpora/crl/6065fa4b10c1f21e184db1925234c656f19c94d3
-new file mode 100644
-index 0000000..08e24cc
-Binary files /dev/null and b/fuzz/corpora/crl/6065fa4b10c1f21e184db1925234c656f19c94d3 differ
-diff --git a/fuzz/corpora/crl/609618b06619341c603fca576849cba65ab99380 b/fuzz/corpora/crl/609618b06619341c603fca576849cba65ab99380
-new file mode 100644
-index 0000000..ef022fb
-Binary files /dev/null and b/fuzz/corpora/crl/609618b06619341c603fca576849cba65ab99380 differ
-diff --git a/fuzz/corpora/crl/60b4bbae2622c3b84480e6ecada59d09f4d4cc21 b/fuzz/corpora/crl/60b4bbae2622c3b84480e6ecada59d09f4d4cc21
-new file mode 100644
-index 0000000..9b7bf58
-Binary files /dev/null and b/fuzz/corpora/crl/60b4bbae2622c3b84480e6ecada59d09f4d4cc21 differ
-diff --git a/fuzz/corpora/crl/614cfbf3c666a6531602fc153e1550790674b138 b/fuzz/corpora/crl/614cfbf3c666a6531602fc153e1550790674b138
-new file mode 100644
-index 0000000..e8d7676
-Binary files /dev/null and b/fuzz/corpora/crl/614cfbf3c666a6531602fc153e1550790674b138 differ
-diff --git a/fuzz/corpora/crl/6156ab999759e91390988baf66f4ba2b840b33c5 b/fuzz/corpora/crl/6156ab999759e91390988baf66f4ba2b840b33c5
-new file mode 100644
-index 0000000..70f1401
-Binary files /dev/null and b/fuzz/corpora/crl/6156ab999759e91390988baf66f4ba2b840b33c5 differ
-diff --git a/fuzz/corpora/crl/615a7f31efd5bfedcb481cad6ce56afa549014e0 b/fuzz/corpora/crl/615a7f31efd5bfedcb481cad6ce56afa549014e0
-new file mode 100644
-index 0000000..6dfac9c
-Binary files /dev/null and b/fuzz/corpora/crl/615a7f31efd5bfedcb481cad6ce56afa549014e0 differ
-diff --git a/fuzz/corpora/crl/61dde9e752df788f8d86f7d48f0a87efef0c0e79 b/fuzz/corpora/crl/61dde9e752df788f8d86f7d48f0a87efef0c0e79
-new file mode 100644
-index 0000000..8d9f608
-Binary files /dev/null and b/fuzz/corpora/crl/61dde9e752df788f8d86f7d48f0a87efef0c0e79 differ
-diff --git a/fuzz/corpora/crl/622018992549bf7683cdd0253e53b4b405ecff32 b/fuzz/corpora/crl/622018992549bf7683cdd0253e53b4b405ecff32
-new file mode 100644
-index 0000000..6a656b2
-Binary files /dev/null and b/fuzz/corpora/crl/622018992549bf7683cdd0253e53b4b405ecff32 differ
-diff --git a/fuzz/corpora/crl/62b44de3557137d1ef7bea89d36e2d746c23ac3b b/fuzz/corpora/crl/62b44de3557137d1ef7bea89d36e2d746c23ac3b
-new file mode 100644
-index 0000000..7363f90
-Binary files /dev/null and b/fuzz/corpora/crl/62b44de3557137d1ef7bea89d36e2d746c23ac3b differ
-diff --git a/fuzz/corpora/crl/636bb5e5c0838f7b85cf34d1094abae59f4303eb b/fuzz/corpora/crl/636bb5e5c0838f7b85cf34d1094abae59f4303eb
-new file mode 100644
-index 0000000..403346f
-Binary files /dev/null and b/fuzz/corpora/crl/636bb5e5c0838f7b85cf34d1094abae59f4303eb differ
-diff --git a/fuzz/corpora/crl/638241ebf3d412b01b252f42e57b4cc22ab35338 b/fuzz/corpora/crl/638241ebf3d412b01b252f42e57b4cc22ab35338
-new file mode 100644
-index 0000000..096a029
-Binary files /dev/null and b/fuzz/corpora/crl/638241ebf3d412b01b252f42e57b4cc22ab35338 differ
-diff --git a/fuzz/corpora/crl/63dec38997b3d6795f5b8c00e4d5086100e17da7 b/fuzz/corpora/crl/63dec38997b3d6795f5b8c00e4d5086100e17da7
-new file mode 100644
-index 0000000..72a8c9e
-Binary files /dev/null and b/fuzz/corpora/crl/63dec38997b3d6795f5b8c00e4d5086100e17da7 differ
-diff --git a/fuzz/corpora/crl/63f34c8d057dc84df6596e540d99a0d8d0058c00 b/fuzz/corpora/crl/63f34c8d057dc84df6596e540d99a0d8d0058c00
-new file mode 100644
-index 0000000..9a16f53
-Binary files /dev/null and b/fuzz/corpora/crl/63f34c8d057dc84df6596e540d99a0d8d0058c00 differ
-diff --git a/fuzz/corpora/crl/658d735df1f1f4c375f52b42c66a668cffa82a15 b/fuzz/corpora/crl/658d735df1f1f4c375f52b42c66a668cffa82a15
-new file mode 100644
-index 0000000..656952c
-Binary files /dev/null and b/fuzz/corpora/crl/658d735df1f1f4c375f52b42c66a668cffa82a15 differ
-diff --git a/fuzz/corpora/crl/65f35cf2db77d1a8c223fbf89c012d979d7d9767 b/fuzz/corpora/crl/65f35cf2db77d1a8c223fbf89c012d979d7d9767
-new file mode 100644
-index 0000000..eaa04d0
-Binary files /dev/null and b/fuzz/corpora/crl/65f35cf2db77d1a8c223fbf89c012d979d7d9767 differ
-diff --git a/fuzz/corpora/crl/6739e3e8295c657ccf333dd88a07eada3c136f04 b/fuzz/corpora/crl/6739e3e8295c657ccf333dd88a07eada3c136f04
-new file mode 100644
-index 0000000..e42bd92
-Binary files /dev/null and b/fuzz/corpora/crl/6739e3e8295c657ccf333dd88a07eada3c136f04 differ
-diff --git a/fuzz/corpora/crl/674e1a629c91ae397dfc3ad27f3f11b93de7f4f5 b/fuzz/corpora/crl/674e1a629c91ae397dfc3ad27f3f11b93de7f4f5
-new file mode 100644
-index 0000000..c77db27
-Binary files /dev/null and b/fuzz/corpora/crl/674e1a629c91ae397dfc3ad27f3f11b93de7f4f5 differ
-diff --git a/fuzz/corpora/crl/67591a53bed61aacea3f5036d514e5e0656a4989 b/fuzz/corpora/crl/67591a53bed61aacea3f5036d514e5e0656a4989
-new file mode 100644
-index 0000000..36a02db
-Binary files /dev/null and b/fuzz/corpora/crl/67591a53bed61aacea3f5036d514e5e0656a4989 differ
-diff --git a/fuzz/corpora/crl/67bf8a2be89006562be0965406e2a217610ad5fd b/fuzz/corpora/crl/67bf8a2be89006562be0965406e2a217610ad5fd
-new file mode 100644
-index 0000000..710e451
-Binary files /dev/null and b/fuzz/corpora/crl/67bf8a2be89006562be0965406e2a217610ad5fd differ
-diff --git a/fuzz/corpora/crl/680b42859bf70ac2436ec6b3c52c687e7dea81df b/fuzz/corpora/crl/680b42859bf70ac2436ec6b3c52c687e7dea81df
-new file mode 100644
-index 0000000..2fdcd49
-Binary files /dev/null and b/fuzz/corpora/crl/680b42859bf70ac2436ec6b3c52c687e7dea81df differ
-diff --git a/fuzz/corpora/crl/68297819dc1add7222f7e0f0b6578e4dd233c9a2 b/fuzz/corpora/crl/68297819dc1add7222f7e0f0b6578e4dd233c9a2
-new file mode 100644
-index 0000000..32ca9c6
-Binary files /dev/null and b/fuzz/corpora/crl/68297819dc1add7222f7e0f0b6578e4dd233c9a2 differ
-diff --git a/fuzz/corpora/crl/68380fd9adeaf79ded754fdb2cbb0b60b58ffbfe b/fuzz/corpora/crl/68380fd9adeaf79ded754fdb2cbb0b60b58ffbfe
-new file mode 100644
-index 0000000..37a21a4
-Binary files /dev/null and b/fuzz/corpora/crl/68380fd9adeaf79ded754fdb2cbb0b60b58ffbfe differ
-diff --git a/fuzz/corpora/crl/6848cc488ee585e83bc855a1a9c5e1f973cafeeb b/fuzz/corpora/crl/6848cc488ee585e83bc855a1a9c5e1f973cafeeb
-new file mode 100644
-index 0000000..95773ca
-Binary files /dev/null and b/fuzz/corpora/crl/6848cc488ee585e83bc855a1a9c5e1f973cafeeb differ
-diff --git a/fuzz/corpora/crl/686012b70657a4cc7c535feef1ddbb00c26e4c4b b/fuzz/corpora/crl/686012b70657a4cc7c535feef1ddbb00c26e4c4b
-new file mode 100644
-index 0000000..59919dd
-Binary files /dev/null and b/fuzz/corpora/crl/686012b70657a4cc7c535feef1ddbb00c26e4c4b differ
-diff --git a/fuzz/corpora/crl/6883e8fa877178b5d02a4956ebb27bff7e7ff336 b/fuzz/corpora/crl/6883e8fa877178b5d02a4956ebb27bff7e7ff336
-new file mode 100644
-index 0000000..5ab6d75
-Binary files /dev/null and b/fuzz/corpora/crl/6883e8fa877178b5d02a4956ebb27bff7e7ff336 differ
-diff --git a/fuzz/corpora/crl/68da66fbebc03f0ce0de841effa1e1d5fab24be4 b/fuzz/corpora/crl/68da66fbebc03f0ce0de841effa1e1d5fab24be4
-new file mode 100644
-index 0000000..861835a
-Binary files /dev/null and b/fuzz/corpora/crl/68da66fbebc03f0ce0de841effa1e1d5fab24be4 differ
-diff --git a/fuzz/corpora/crl/6937a1d3f2a7017f8c2251e16e282fe244fa9bc5 b/fuzz/corpora/crl/6937a1d3f2a7017f8c2251e16e282fe244fa9bc5
-new file mode 100644
-index 0000000..21ac5e2
-Binary files /dev/null and b/fuzz/corpora/crl/6937a1d3f2a7017f8c2251e16e282fe244fa9bc5 differ
-diff --git a/fuzz/corpora/crl/697f2f0a98aa35cc2ae5d9f63e9df69b58e57f13 b/fuzz/corpora/crl/697f2f0a98aa35cc2ae5d9f63e9df69b58e57f13
-new file mode 100644
-index 0000000..93d8086
-Binary files /dev/null and b/fuzz/corpora/crl/697f2f0a98aa35cc2ae5d9f63e9df69b58e57f13 differ
-diff --git a/fuzz/corpora/crl/6a0c9646184a6c476d666a1c22d658641ddd6340 b/fuzz/corpora/crl/6a0c9646184a6c476d666a1c22d658641ddd6340
-new file mode 100644
-index 0000000..f7156b4
-Binary files /dev/null and b/fuzz/corpora/crl/6a0c9646184a6c476d666a1c22d658641ddd6340 differ
-diff --git a/fuzz/corpora/crl/6a1c50471c698a66b893dad100f76069292a54d1 b/fuzz/corpora/crl/6a1c50471c698a66b893dad100f76069292a54d1
-new file mode 100644
-index 0000000..1edb935
-Binary files /dev/null and b/fuzz/corpora/crl/6a1c50471c698a66b893dad100f76069292a54d1 differ
-diff --git a/fuzz/corpora/crl/6af38598d6d048d0b8123aeb1ef230bb4d34cb7c b/fuzz/corpora/crl/6af38598d6d048d0b8123aeb1ef230bb4d34cb7c
-new file mode 100644
-index 0000000..2fa77b5
-Binary files /dev/null and b/fuzz/corpora/crl/6af38598d6d048d0b8123aeb1ef230bb4d34cb7c differ
-diff --git a/fuzz/corpora/crl/6b205568be041988e365a4629a6181036963a43b b/fuzz/corpora/crl/6b205568be041988e365a4629a6181036963a43b
-new file mode 100644
-index 0000000..8df2cca
-Binary files /dev/null and b/fuzz/corpora/crl/6b205568be041988e365a4629a6181036963a43b differ
-diff --git a/fuzz/corpora/crl/6b35868fe792cf582dec1d778579ea9e080cea16 b/fuzz/corpora/crl/6b35868fe792cf582dec1d778579ea9e080cea16
-new file mode 100644
-index 0000000..35167c9
-Binary files /dev/null and b/fuzz/corpora/crl/6b35868fe792cf582dec1d778579ea9e080cea16 differ
-diff --git a/fuzz/corpora/crl/6b5b34001220d66916b6993b17b225375c51e0f5 b/fuzz/corpora/crl/6b5b34001220d66916b6993b17b225375c51e0f5
-new file mode 100644
-index 0000000..4d8d982
-Binary files /dev/null and b/fuzz/corpora/crl/6b5b34001220d66916b6993b17b225375c51e0f5 differ
-diff --git a/fuzz/corpora/crl/6b85661cf540c7d161b8d57d52c999cb5cb0406c b/fuzz/corpora/crl/6b85661cf540c7d161b8d57d52c999cb5cb0406c
-new file mode 100644
-index 0000000..b5f9ddd
-Binary files /dev/null and b/fuzz/corpora/crl/6b85661cf540c7d161b8d57d52c999cb5cb0406c differ
-diff --git a/fuzz/corpora/crl/6c484f685b8fe4e26d0a055cf4d8cd980fba7849 b/fuzz/corpora/crl/6c484f685b8fe4e26d0a055cf4d8cd980fba7849
-new file mode 100644
-index 0000000..8ec3f73
-Binary files /dev/null and b/fuzz/corpora/crl/6c484f685b8fe4e26d0a055cf4d8cd980fba7849 differ
-diff --git a/fuzz/corpora/crl/6d434d35927849337b4fde15fc1a62f1e47ec3e3 b/fuzz/corpora/crl/6d434d35927849337b4fde15fc1a62f1e47ec3e3
-new file mode 100644
-index 0000000..1ac2773
-Binary files /dev/null and b/fuzz/corpora/crl/6d434d35927849337b4fde15fc1a62f1e47ec3e3 differ
-diff --git a/fuzz/corpora/crl/6d4a507099cbb3a7b94154c7a1921bf5b4b22c70 b/fuzz/corpora/crl/6d4a507099cbb3a7b94154c7a1921bf5b4b22c70
-new file mode 100644
-index 0000000..2ac6e0b
-Binary files /dev/null and b/fuzz/corpora/crl/6d4a507099cbb3a7b94154c7a1921bf5b4b22c70 differ
-diff --git a/fuzz/corpora/crl/6d51a028012605703e4428904fa17cee418bff80 b/fuzz/corpora/crl/6d51a028012605703e4428904fa17cee418bff80
-new file mode 100644
-index 0000000..dd9288f
-Binary files /dev/null and b/fuzz/corpora/crl/6d51a028012605703e4428904fa17cee418bff80 differ
-diff --git a/fuzz/corpora/crl/6fe1726d8eb08191182bbcf27b1f67d32f103406 b/fuzz/corpora/crl/6fe1726d8eb08191182bbcf27b1f67d32f103406
-new file mode 100644
-index 0000000..9f7c70d
-Binary files /dev/null and b/fuzz/corpora/crl/6fe1726d8eb08191182bbcf27b1f67d32f103406 differ
-diff --git a/fuzz/corpora/crl/6ffab91e2f72df75f792576c8b5f4835657a94ad b/fuzz/corpora/crl/6ffab91e2f72df75f792576c8b5f4835657a94ad
-new file mode 100644
-index 0000000..aa2e636
-Binary files /dev/null and b/fuzz/corpora/crl/6ffab91e2f72df75f792576c8b5f4835657a94ad differ
-diff --git a/fuzz/corpora/crl/6ffcd4a1916012581533d38765ed2275bb066e0e b/fuzz/corpora/crl/6ffcd4a1916012581533d38765ed2275bb066e0e
-new file mode 100644
-index 0000000..aed02aa
-Binary files /dev/null and b/fuzz/corpora/crl/6ffcd4a1916012581533d38765ed2275bb066e0e differ
-diff --git a/fuzz/corpora/crl/70171fbcd5774489cf914f146e3529e30540ece7 b/fuzz/corpora/crl/70171fbcd5774489cf914f146e3529e30540ece7
-new file mode 100644
-index 0000000..513da45
-Binary files /dev/null and b/fuzz/corpora/crl/70171fbcd5774489cf914f146e3529e30540ece7 differ
-diff --git a/fuzz/corpora/crl/7031491edea2df8cf238aa207bf9475f28a32c79 b/fuzz/corpora/crl/7031491edea2df8cf238aa207bf9475f28a32c79
-new file mode 100644
-index 0000000..e60d51a
-Binary files /dev/null and b/fuzz/corpora/crl/7031491edea2df8cf238aa207bf9475f28a32c79 differ
-diff --git a/fuzz/corpora/crl/704a87da7bbfad4933905923ff6efc01fbd6300f b/fuzz/corpora/crl/704a87da7bbfad4933905923ff6efc01fbd6300f
-new file mode 100644
-index 0000000..8321fad
-Binary files /dev/null and b/fuzz/corpora/crl/704a87da7bbfad4933905923ff6efc01fbd6300f differ
-diff --git a/fuzz/corpora/crl/70929e5bd0873ddf0ebb07c8369234cfbcea7810 b/fuzz/corpora/crl/70929e5bd0873ddf0ebb07c8369234cfbcea7810
-new file mode 100644
-index 0000000..7f35db8
-Binary files /dev/null and b/fuzz/corpora/crl/70929e5bd0873ddf0ebb07c8369234cfbcea7810 differ
-diff --git a/fuzz/corpora/crl/713cfe77c2b125c02067abf8077afdf20c30f0a6 b/fuzz/corpora/crl/713cfe77c2b125c02067abf8077afdf20c30f0a6
-new file mode 100644
-index 0000000..69bf862
-Binary files /dev/null and b/fuzz/corpora/crl/713cfe77c2b125c02067abf8077afdf20c30f0a6 differ
-diff --git a/fuzz/corpora/crl/715d8af58363ae5c3dbe0dde1ac7f27522778e0a b/fuzz/corpora/crl/715d8af58363ae5c3dbe0dde1ac7f27522778e0a
-new file mode 100644
-index 0000000..a2ca5b0
-Binary files /dev/null and b/fuzz/corpora/crl/715d8af58363ae5c3dbe0dde1ac7f27522778e0a differ
-diff --git a/fuzz/corpora/crl/71c342ab087a30664b93719bcbed6f3b1f160345 b/fuzz/corpora/crl/71c342ab087a30664b93719bcbed6f3b1f160345
-new file mode 100644
-index 0000000..dd3ddb2
-Binary files /dev/null and b/fuzz/corpora/crl/71c342ab087a30664b93719bcbed6f3b1f160345 differ
-diff --git a/fuzz/corpora/crl/71f30d6a69c99f34923c3bfff7890a7b04cc0ccb b/fuzz/corpora/crl/71f30d6a69c99f34923c3bfff7890a7b04cc0ccb
-new file mode 100644
-index 0000000..183717a
-Binary files /dev/null and b/fuzz/corpora/crl/71f30d6a69c99f34923c3bfff7890a7b04cc0ccb differ
-diff --git a/fuzz/corpora/crl/725bddf80b384ea23345e4c9a916fc0425796e8b b/fuzz/corpora/crl/725bddf80b384ea23345e4c9a916fc0425796e8b
-new file mode 100644
-index 0000000..f716fa1
-Binary files /dev/null and b/fuzz/corpora/crl/725bddf80b384ea23345e4c9a916fc0425796e8b differ
-diff --git a/fuzz/corpora/crl/72756b64f46f4b5ea9ef1a536ed9836ffd71a8c3 b/fuzz/corpora/crl/72756b64f46f4b5ea9ef1a536ed9836ffd71a8c3
-new file mode 100644
-index 0000000..c522619
-Binary files /dev/null and b/fuzz/corpora/crl/72756b64f46f4b5ea9ef1a536ed9836ffd71a8c3 differ
-diff --git a/fuzz/corpora/crl/7290ba7e50182ab63d375b64ba1988a152672154 b/fuzz/corpora/crl/7290ba7e50182ab63d375b64ba1988a152672154
-new file mode 100644
-index 0000000..632f8e3
-Binary files /dev/null and b/fuzz/corpora/crl/7290ba7e50182ab63d375b64ba1988a152672154 differ
-diff --git a/fuzz/corpora/crl/729c18dbdcfe0faafb02aca9161e04c99a3d61ed b/fuzz/corpora/crl/729c18dbdcfe0faafb02aca9161e04c99a3d61ed
-new file mode 100644
-index 0000000..6359522
-Binary files /dev/null and b/fuzz/corpora/crl/729c18dbdcfe0faafb02aca9161e04c99a3d61ed differ
-diff --git a/fuzz/corpora/crl/72e2e5b33b94918aeb50f752ac9aa2261c73721a b/fuzz/corpora/crl/72e2e5b33b94918aeb50f752ac9aa2261c73721a
-new file mode 100644
-index 0000000..acccb25
-Binary files /dev/null and b/fuzz/corpora/crl/72e2e5b33b94918aeb50f752ac9aa2261c73721a differ
-diff --git a/fuzz/corpora/crl/72fe0f4003bfa89b80f606bbb14bf84416d15736 b/fuzz/corpora/crl/72fe0f4003bfa89b80f606bbb14bf84416d15736
-new file mode 100644
-index 0000000..a2e7989
-Binary files /dev/null and b/fuzz/corpora/crl/72fe0f4003bfa89b80f606bbb14bf84416d15736 differ
-diff --git a/fuzz/corpora/crl/731fab36edafad725e76f2eda1ffde8ce72e8305 b/fuzz/corpora/crl/731fab36edafad725e76f2eda1ffde8ce72e8305
-new file mode 100644
-index 0000000..6c0fa03
-Binary files /dev/null and b/fuzz/corpora/crl/731fab36edafad725e76f2eda1ffde8ce72e8305 differ
-diff --git a/fuzz/corpora/crl/732e64b25806cfb83caddc0671863dc79185f4ea b/fuzz/corpora/crl/732e64b25806cfb83caddc0671863dc79185f4ea
-new file mode 100644
-index 0000000..674be2e
-Binary files /dev/null and b/fuzz/corpora/crl/732e64b25806cfb83caddc0671863dc79185f4ea differ
-diff --git a/fuzz/corpora/crl/73b9d405419139cfd67c8f96bb04145207561750 b/fuzz/corpora/crl/73b9d405419139cfd67c8f96bb04145207561750
-new file mode 100644
-index 0000000..0ebd9ec
-Binary files /dev/null and b/fuzz/corpora/crl/73b9d405419139cfd67c8f96bb04145207561750 differ
-diff --git a/fuzz/corpora/crl/73da2059b27c92c3d7bbd71cb62c381399bce721 b/fuzz/corpora/crl/73da2059b27c92c3d7bbd71cb62c381399bce721
-new file mode 100644
-index 0000000..f7cd122
-Binary files /dev/null and b/fuzz/corpora/crl/73da2059b27c92c3d7bbd71cb62c381399bce721 differ
-diff --git a/fuzz/corpora/crl/73e89884ec73ee613af8ee2b57761aa101f5d7e1 b/fuzz/corpora/crl/73e89884ec73ee613af8ee2b57761aa101f5d7e1
-new file mode 100644
-index 0000000..1667167
-Binary files /dev/null and b/fuzz/corpora/crl/73e89884ec73ee613af8ee2b57761aa101f5d7e1 differ
-diff --git a/fuzz/corpora/crl/74a2d894475e2770a78ac1054893494a589fdc1e b/fuzz/corpora/crl/74a2d894475e2770a78ac1054893494a589fdc1e
-new file mode 100644
-index 0000000..a6c7c79
-Binary files /dev/null and b/fuzz/corpora/crl/74a2d894475e2770a78ac1054893494a589fdc1e differ
-diff --git a/fuzz/corpora/crl/755e0acce5d81d52c2a471ca83df6f90b3ffb7b2 b/fuzz/corpora/crl/755e0acce5d81d52c2a471ca83df6f90b3ffb7b2
-new file mode 100644
-index 0000000..b9997f7
-Binary files /dev/null and b/fuzz/corpora/crl/755e0acce5d81d52c2a471ca83df6f90b3ffb7b2 differ
-diff --git a/fuzz/corpora/crl/7561c9723ef4db242c695e2df9557d17cc58326f b/fuzz/corpora/crl/7561c9723ef4db242c695e2df9557d17cc58326f
-new file mode 100644
-index 0000000..3133d0e
-Binary files /dev/null and b/fuzz/corpora/crl/7561c9723ef4db242c695e2df9557d17cc58326f differ
-diff --git a/fuzz/corpora/crl/757442f2d998e9d151d8742f780f94cb0bdada26 b/fuzz/corpora/crl/757442f2d998e9d151d8742f780f94cb0bdada26
-new file mode 100644
-index 0000000..c44ad8a
-Binary files /dev/null and b/fuzz/corpora/crl/757442f2d998e9d151d8742f780f94cb0bdada26 differ
-diff --git a/fuzz/corpora/crl/75afcefeb6a5e8855d2dcb6deb349a3d2a12045c b/fuzz/corpora/crl/75afcefeb6a5e8855d2dcb6deb349a3d2a12045c
-new file mode 100644
-index 0000000..f0b872a
-Binary files /dev/null and b/fuzz/corpora/crl/75afcefeb6a5e8855d2dcb6deb349a3d2a12045c differ
-diff --git a/fuzz/corpora/crl/75d34ab632a8786a53d09099df4acb54ebc10b7c b/fuzz/corpora/crl/75d34ab632a8786a53d09099df4acb54ebc10b7c
-new file mode 100644
-index 0000000..b0d7cff
-Binary files /dev/null and b/fuzz/corpora/crl/75d34ab632a8786a53d09099df4acb54ebc10b7c differ
-diff --git a/fuzz/corpora/crl/75fc631a86fe5fc4e793c43d35e96d572d517368 b/fuzz/corpora/crl/75fc631a86fe5fc4e793c43d35e96d572d517368
-new file mode 100644
-index 0000000..c42ea86
-Binary files /dev/null and b/fuzz/corpora/crl/75fc631a86fe5fc4e793c43d35e96d572d517368 differ
-diff --git a/fuzz/corpora/crl/772bbcca0123e5e6d0a375434ef34f6b50e9f233 b/fuzz/corpora/crl/772bbcca0123e5e6d0a375434ef34f6b50e9f233
-new file mode 100644
-index 0000000..0d0d87d
-Binary files /dev/null and b/fuzz/corpora/crl/772bbcca0123e5e6d0a375434ef34f6b50e9f233 differ
-diff --git a/fuzz/corpora/crl/7839bf2c39c1615f4a0dce0423a007f567ee3065 b/fuzz/corpora/crl/7839bf2c39c1615f4a0dce0423a007f567ee3065
-new file mode 100644
-index 0000000..0e4f394
-Binary files /dev/null and b/fuzz/corpora/crl/7839bf2c39c1615f4a0dce0423a007f567ee3065 differ
-diff --git a/fuzz/corpora/crl/78558f5837253a7786bf7f8469859a8f368f3d96 b/fuzz/corpora/crl/78558f5837253a7786bf7f8469859a8f368f3d96
-new file mode 100644
-index 0000000..77366d7
-Binary files /dev/null and b/fuzz/corpora/crl/78558f5837253a7786bf7f8469859a8f368f3d96 differ
-diff --git a/fuzz/corpora/crl/78c0e3d2d2a657a561187ac30d5fdbd36663708b b/fuzz/corpora/crl/78c0e3d2d2a657a561187ac30d5fdbd36663708b
-new file mode 100644
-index 0000000..958066b
-Binary files /dev/null and b/fuzz/corpora/crl/78c0e3d2d2a657a561187ac30d5fdbd36663708b differ
-diff --git a/fuzz/corpora/crl/790ffc01dba7f4f90fa4ff4982306366fb6615e5 b/fuzz/corpora/crl/790ffc01dba7f4f90fa4ff4982306366fb6615e5
-new file mode 100644
-index 0000000..3219230
-Binary files /dev/null and b/fuzz/corpora/crl/790ffc01dba7f4f90fa4ff4982306366fb6615e5 differ
-diff --git a/fuzz/corpora/crl/79341515d4908129c16475abb3d15d88a123d701 b/fuzz/corpora/crl/79341515d4908129c16475abb3d15d88a123d701
-new file mode 100644
-index 0000000..60cff7f
-Binary files /dev/null and b/fuzz/corpora/crl/79341515d4908129c16475abb3d15d88a123d701 differ
-diff --git a/fuzz/corpora/crl/794c40ba683cc4b3319fc43a54dfc51b54b29020 b/fuzz/corpora/crl/794c40ba683cc4b3319fc43a54dfc51b54b29020
-new file mode 100644
-index 0000000..a8cb418
-Binary files /dev/null and b/fuzz/corpora/crl/794c40ba683cc4b3319fc43a54dfc51b54b29020 differ
-diff --git a/fuzz/corpora/crl/7ab3f00de4370969ab49433c0b384dd9459b931e b/fuzz/corpora/crl/7ab3f00de4370969ab49433c0b384dd9459b931e
-new file mode 100644
-index 0000000..ab94fa0
-Binary files /dev/null and b/fuzz/corpora/crl/7ab3f00de4370969ab49433c0b384dd9459b931e differ
-diff --git a/fuzz/corpora/crl/7b3678849faeb8f8e4d04309621a4114dc7c77e1 b/fuzz/corpora/crl/7b3678849faeb8f8e4d04309621a4114dc7c77e1
-new file mode 100644
-index 0000000..42a526b
-Binary files /dev/null and b/fuzz/corpora/crl/7b3678849faeb8f8e4d04309621a4114dc7c77e1 differ
-diff --git a/fuzz/corpora/crl/7b3fe328885b45c52581f930f034865fa674e271 b/fuzz/corpora/crl/7b3fe328885b45c52581f930f034865fa674e271
-new file mode 100644
-index 0000000..79af835
-Binary files /dev/null and b/fuzz/corpora/crl/7b3fe328885b45c52581f930f034865fa674e271 differ
-diff --git a/fuzz/corpora/crl/7b66e404d9650ee52fcbfe7602bcb27e84ef5c73 b/fuzz/corpora/crl/7b66e404d9650ee52fcbfe7602bcb27e84ef5c73
-new file mode 100644
-index 0000000..40d776f
-Binary files /dev/null and b/fuzz/corpora/crl/7b66e404d9650ee52fcbfe7602bcb27e84ef5c73 differ
-diff --git a/fuzz/corpora/crl/7b766597780ed9360b712dd912a01d76f726d04b b/fuzz/corpora/crl/7b766597780ed9360b712dd912a01d76f726d04b
-new file mode 100644
-index 0000000..a3443c4
-Binary files /dev/null and b/fuzz/corpora/crl/7b766597780ed9360b712dd912a01d76f726d04b differ
-diff --git a/fuzz/corpora/crl/7b9d945ea09033c49fe32fd91ce74ee9906e26a1 b/fuzz/corpora/crl/7b9d945ea09033c49fe32fd91ce74ee9906e26a1
-new file mode 100644
-index 0000000..c089e88
-Binary files /dev/null and b/fuzz/corpora/crl/7b9d945ea09033c49fe32fd91ce74ee9906e26a1 differ
-diff --git a/fuzz/corpora/crl/7c471571be57aa164939f16c8446c5e4054a8021 b/fuzz/corpora/crl/7c471571be57aa164939f16c8446c5e4054a8021
-new file mode 100644
-index 0000000..9f0981a
-Binary files /dev/null and b/fuzz/corpora/crl/7c471571be57aa164939f16c8446c5e4054a8021 differ
-diff --git a/fuzz/corpora/crl/7c49786e60a122afca231878f9dc5d7ed57b4d24 b/fuzz/corpora/crl/7c49786e60a122afca231878f9dc5d7ed57b4d24
-new file mode 100644
-index 0000000..04104b1
-Binary files /dev/null and b/fuzz/corpora/crl/7c49786e60a122afca231878f9dc5d7ed57b4d24 differ
-diff --git a/fuzz/corpora/crl/7c629f19a9a0342f38fcf019f99a66896678955f b/fuzz/corpora/crl/7c629f19a9a0342f38fcf019f99a66896678955f
-new file mode 100644
-index 0000000..af8a36e
-Binary files /dev/null and b/fuzz/corpora/crl/7c629f19a9a0342f38fcf019f99a66896678955f differ
-diff --git a/fuzz/corpora/crl/7ca9a58e698d23df06cf089f48b30a8aa98124af b/fuzz/corpora/crl/7ca9a58e698d23df06cf089f48b30a8aa98124af
-new file mode 100644
-index 0000000..88fe0d3
-Binary files /dev/null and b/fuzz/corpora/crl/7ca9a58e698d23df06cf089f48b30a8aa98124af differ
-diff --git a/fuzz/corpora/crl/7cbe2537f799455526b2fd7aadb7cd904022342c b/fuzz/corpora/crl/7cbe2537f799455526b2fd7aadb7cd904022342c
-new file mode 100644
-index 0000000..6275099
-Binary files /dev/null and b/fuzz/corpora/crl/7cbe2537f799455526b2fd7aadb7cd904022342c differ
-diff --git a/fuzz/corpora/crl/7d3295794603cb8ca49e28eef7e1eb596807d479 b/fuzz/corpora/crl/7d3295794603cb8ca49e28eef7e1eb596807d479
-new file mode 100644
-index 0000000..c4923de
-Binary files /dev/null and b/fuzz/corpora/crl/7d3295794603cb8ca49e28eef7e1eb596807d479 differ
-diff --git a/fuzz/corpora/crl/7d8b32d52c3d0cecc43ac2b7b9d1fa4bdb466c8c b/fuzz/corpora/crl/7d8b32d52c3d0cecc43ac2b7b9d1fa4bdb466c8c
-new file mode 100644
-index 0000000..204266b
-Binary files /dev/null and b/fuzz/corpora/crl/7d8b32d52c3d0cecc43ac2b7b9d1fa4bdb466c8c differ
-diff --git a/fuzz/corpora/crl/7de29fc222d8968c6639ad010e8bc264d9029b3c b/fuzz/corpora/crl/7de29fc222d8968c6639ad010e8bc264d9029b3c
-new file mode 100644
-index 0000000..661f171
-Binary files /dev/null and b/fuzz/corpora/crl/7de29fc222d8968c6639ad010e8bc264d9029b3c differ
-diff --git a/fuzz/corpora/crl/7ef18003c3ca816eac1ee47bcefb00729ce7ec4a b/fuzz/corpora/crl/7ef18003c3ca816eac1ee47bcefb00729ce7ec4a
-new file mode 100644
-index 0000000..4a4594d
-Binary files /dev/null and b/fuzz/corpora/crl/7ef18003c3ca816eac1ee47bcefb00729ce7ec4a differ
-diff --git a/fuzz/corpora/crl/7f2be4cb96fc33401aac837bd7027a87a6683e03 b/fuzz/corpora/crl/7f2be4cb96fc33401aac837bd7027a87a6683e03
-new file mode 100644
-index 0000000..d401e19
-Binary files /dev/null and b/fuzz/corpora/crl/7f2be4cb96fc33401aac837bd7027a87a6683e03 differ
-diff --git a/fuzz/corpora/crl/7f80db363c80bb64008cba70fac1d88d47ade374 b/fuzz/corpora/crl/7f80db363c80bb64008cba70fac1d88d47ade374
-new file mode 100644
-index 0000000..e6b9f96
-Binary files /dev/null and b/fuzz/corpora/crl/7f80db363c80bb64008cba70fac1d88d47ade374 differ
-diff --git a/fuzz/corpora/crl/7f8fd278cb8967a3656958bdc0822c1c373ea30f b/fuzz/corpora/crl/7f8fd278cb8967a3656958bdc0822c1c373ea30f
-new file mode 100644
-index 0000000..9c9ee9d
-Binary files /dev/null and b/fuzz/corpora/crl/7f8fd278cb8967a3656958bdc0822c1c373ea30f differ
-diff --git a/fuzz/corpora/crl/7fe729b1cdab6b1c609c04f5c27080997dc4c438 b/fuzz/corpora/crl/7fe729b1cdab6b1c609c04f5c27080997dc4c438
-new file mode 100644
-index 0000000..d8b6613
-Binary files /dev/null and b/fuzz/corpora/crl/7fe729b1cdab6b1c609c04f5c27080997dc4c438 differ
-diff --git a/fuzz/corpora/crl/803e4dbde1d42b974bb2f22fb0a54f49aceda5e6 b/fuzz/corpora/crl/803e4dbde1d42b974bb2f22fb0a54f49aceda5e6
-new file mode 100644
-index 0000000..0788ef4
-Binary files /dev/null and b/fuzz/corpora/crl/803e4dbde1d42b974bb2f22fb0a54f49aceda5e6 differ
-diff --git a/fuzz/corpora/crl/804df838be923719f1c77a62abf2ba4cd95bbff2 b/fuzz/corpora/crl/804df838be923719f1c77a62abf2ba4cd95bbff2
-new file mode 100644
-index 0000000..8ed6903
-Binary files /dev/null and b/fuzz/corpora/crl/804df838be923719f1c77a62abf2ba4cd95bbff2 differ
-diff --git a/fuzz/corpora/crl/80d6fe393e5b554a770730476452d36828d31da2 b/fuzz/corpora/crl/80d6fe393e5b554a770730476452d36828d31da2
-new file mode 100644
-index 0000000..f60aa31
-Binary files /dev/null and b/fuzz/corpora/crl/80d6fe393e5b554a770730476452d36828d31da2 differ
-diff --git a/fuzz/corpora/crl/813b926f6f64a52fe899f1921e05e406da672a0e b/fuzz/corpora/crl/813b926f6f64a52fe899f1921e05e406da672a0e
-new file mode 100644
-index 0000000..9125c21
-Binary files /dev/null and b/fuzz/corpora/crl/813b926f6f64a52fe899f1921e05e406da672a0e differ
-diff --git a/fuzz/corpora/crl/825a1f9ff41790cb72d10b50cfbd5cbe3b667a66 b/fuzz/corpora/crl/825a1f9ff41790cb72d10b50cfbd5cbe3b667a66
-new file mode 100644
-index 0000000..2708635
-Binary files /dev/null and b/fuzz/corpora/crl/825a1f9ff41790cb72d10b50cfbd5cbe3b667a66 differ
-diff --git a/fuzz/corpora/crl/8279ba0ab019b5595462b0fe306cf3c076cffe29 b/fuzz/corpora/crl/8279ba0ab019b5595462b0fe306cf3c076cffe29
-new file mode 100644
-index 0000000..884941d
-Binary files /dev/null and b/fuzz/corpora/crl/8279ba0ab019b5595462b0fe306cf3c076cffe29 differ
-diff --git a/fuzz/corpora/crl/8397133fb30c351262af4ae9577d6233a96804b0 b/fuzz/corpora/crl/8397133fb30c351262af4ae9577d6233a96804b0
-new file mode 100644
-index 0000000..29f3b53
-Binary files /dev/null and b/fuzz/corpora/crl/8397133fb30c351262af4ae9577d6233a96804b0 differ
-diff --git a/fuzz/corpora/crl/8425c568c3511957a93bf6615fcb083acc7c5a51 b/fuzz/corpora/crl/8425c568c3511957a93bf6615fcb083acc7c5a51
-new file mode 100644
-index 0000000..9ceb57f
-Binary files /dev/null and b/fuzz/corpora/crl/8425c568c3511957a93bf6615fcb083acc7c5a51 differ
-diff --git a/fuzz/corpora/crl/844822551c9d0774bc109a5fddbf4f6668b71191 b/fuzz/corpora/crl/844822551c9d0774bc109a5fddbf4f6668b71191
-new file mode 100644
-index 0000000..f2c6b71
-Binary files /dev/null and b/fuzz/corpora/crl/844822551c9d0774bc109a5fddbf4f6668b71191 differ
-diff --git a/fuzz/corpora/crl/844c0af9ecad36fc5a9f37f2aebb4eb56f6bd921 b/fuzz/corpora/crl/844c0af9ecad36fc5a9f37f2aebb4eb56f6bd921
-new file mode 100644
-index 0000000..2b0deea
-Binary files /dev/null and b/fuzz/corpora/crl/844c0af9ecad36fc5a9f37f2aebb4eb56f6bd921 differ
-diff --git a/fuzz/corpora/crl/8475ef438f80ed4aefb3119b855cbcbb54152bd3 b/fuzz/corpora/crl/8475ef438f80ed4aefb3119b855cbcbb54152bd3
-new file mode 100644
-index 0000000..77d7c1e
-Binary files /dev/null and b/fuzz/corpora/crl/8475ef438f80ed4aefb3119b855cbcbb54152bd3 differ
-diff --git a/fuzz/corpora/crl/84aca5ac33e3330904a5fa0a5c66449e1862bc6a b/fuzz/corpora/crl/84aca5ac33e3330904a5fa0a5c66449e1862bc6a
-new file mode 100644
-index 0000000..319b847
-Binary files /dev/null and b/fuzz/corpora/crl/84aca5ac33e3330904a5fa0a5c66449e1862bc6a differ
-diff --git a/fuzz/corpora/crl/85ed0bf37d73468ff55b006b8beefb3b2c12807e b/fuzz/corpora/crl/85ed0bf37d73468ff55b006b8beefb3b2c12807e
-new file mode 100644
-index 0000000..fee5d8f
-Binary files /dev/null and b/fuzz/corpora/crl/85ed0bf37d73468ff55b006b8beefb3b2c12807e differ
-diff --git a/fuzz/corpora/crl/863f9756d164606316bc662c1dfa0f5dfe20d3f4 b/fuzz/corpora/crl/863f9756d164606316bc662c1dfa0f5dfe20d3f4
-new file mode 100644
-index 0000000..4c8c465
-Binary files /dev/null and b/fuzz/corpora/crl/863f9756d164606316bc662c1dfa0f5dfe20d3f4 differ
-diff --git a/fuzz/corpora/crl/864934f5ba07e2fc676d4cf6604442b3e5364c3b b/fuzz/corpora/crl/864934f5ba07e2fc676d4cf6604442b3e5364c3b
-new file mode 100644
-index 0000000..5a233e7
-Binary files /dev/null and b/fuzz/corpora/crl/864934f5ba07e2fc676d4cf6604442b3e5364c3b differ
-diff --git a/fuzz/corpora/crl/86854aeaffff84078468e8dbb68c875a80d2cc4a b/fuzz/corpora/crl/86854aeaffff84078468e8dbb68c875a80d2cc4a
-new file mode 100644
-index 0000000..9e0bd8d
-Binary files /dev/null and b/fuzz/corpora/crl/86854aeaffff84078468e8dbb68c875a80d2cc4a differ
-diff --git a/fuzz/corpora/crl/87425f1b81d2d59501b1c2aea5eabd571c474290 b/fuzz/corpora/crl/87425f1b81d2d59501b1c2aea5eabd571c474290
-new file mode 100644
-index 0000000..b3b8b97
-Binary files /dev/null and b/fuzz/corpora/crl/87425f1b81d2d59501b1c2aea5eabd571c474290 differ
-diff --git a/fuzz/corpora/crl/874d8990ab50420afc4f42cff68cbcf75d9f0db6 b/fuzz/corpora/crl/874d8990ab50420afc4f42cff68cbcf75d9f0db6
-new file mode 100644
-index 0000000..47e02cc
-Binary files /dev/null and b/fuzz/corpora/crl/874d8990ab50420afc4f42cff68cbcf75d9f0db6 differ
-diff --git a/fuzz/corpora/crl/882fe895608787672ec0da956f2df6835f21f3e7 b/fuzz/corpora/crl/882fe895608787672ec0da956f2df6835f21f3e7
-new file mode 100644
-index 0000000..07b8b28
-Binary files /dev/null and b/fuzz/corpora/crl/882fe895608787672ec0da956f2df6835f21f3e7 differ
-diff --git a/fuzz/corpora/crl/887c64fedd6a9bab4ef1f64968d9802087558896 b/fuzz/corpora/crl/887c64fedd6a9bab4ef1f64968d9802087558896
-new file mode 100644
-index 0000000..fc86b8f
-Binary files /dev/null and b/fuzz/corpora/crl/887c64fedd6a9bab4ef1f64968d9802087558896 differ
-diff --git a/fuzz/corpora/crl/8966577c17ea53e5810c622a0a8a366af57ad9eb b/fuzz/corpora/crl/8966577c17ea53e5810c622a0a8a366af57ad9eb
-new file mode 100644
-index 0000000..f9f6058
-Binary files /dev/null and b/fuzz/corpora/crl/8966577c17ea53e5810c622a0a8a366af57ad9eb differ
-diff --git a/fuzz/corpora/crl/8aa8af23be00d13e552756bcf0a78c416d5ec294 b/fuzz/corpora/crl/8aa8af23be00d13e552756bcf0a78c416d5ec294
-new file mode 100644
-index 0000000..f2e6d4f
-Binary files /dev/null and b/fuzz/corpora/crl/8aa8af23be00d13e552756bcf0a78c416d5ec294 differ
-diff --git a/fuzz/corpora/crl/8acf8245fb816208c06c8f224e5858f15dc0f9f4 b/fuzz/corpora/crl/8acf8245fb816208c06c8f224e5858f15dc0f9f4
-new file mode 100644
-index 0000000..160f125
-Binary files /dev/null and b/fuzz/corpora/crl/8acf8245fb816208c06c8f224e5858f15dc0f9f4 differ
-diff --git a/fuzz/corpora/crl/8b03f231fbfeed009c5e8dc5f5c37716532d9ecd b/fuzz/corpora/crl/8b03f231fbfeed009c5e8dc5f5c37716532d9ecd
-new file mode 100644
-index 0000000..0e859ca
-Binary files /dev/null and b/fuzz/corpora/crl/8b03f231fbfeed009c5e8dc5f5c37716532d9ecd differ
-diff --git a/fuzz/corpora/crl/8ba5174987d93067993cdcb44713cb857b026d86 b/fuzz/corpora/crl/8ba5174987d93067993cdcb44713cb857b026d86
-new file mode 100644
-index 0000000..3555872
-Binary files /dev/null and b/fuzz/corpora/crl/8ba5174987d93067993cdcb44713cb857b026d86 differ
-diff --git a/fuzz/corpora/crl/8bb6208bb25a5c7cf9973b221c48e69e2167c3f9 b/fuzz/corpora/crl/8bb6208bb25a5c7cf9973b221c48e69e2167c3f9
-new file mode 100644
-index 0000000..2bac868
-Binary files /dev/null and b/fuzz/corpora/crl/8bb6208bb25a5c7cf9973b221c48e69e2167c3f9 differ
-diff --git a/fuzz/corpora/crl/8c2d8d0003e8e09353f3fb9d682a9e756ae6fb4a b/fuzz/corpora/crl/8c2d8d0003e8e09353f3fb9d682a9e756ae6fb4a
-new file mode 100644
-index 0000000..c37e783
-Binary files /dev/null and b/fuzz/corpora/crl/8c2d8d0003e8e09353f3fb9d682a9e756ae6fb4a differ
-diff --git a/fuzz/corpora/crl/8c6a6efdfd95eb95163c119efc7c84a7d81aa1f0 b/fuzz/corpora/crl/8c6a6efdfd95eb95163c119efc7c84a7d81aa1f0
-new file mode 100644
-index 0000000..c0a3e26
-Binary files /dev/null and b/fuzz/corpora/crl/8c6a6efdfd95eb95163c119efc7c84a7d81aa1f0 differ
-diff --git a/fuzz/corpora/crl/8cb0f783f64f2fbba5fca6a2bba70b9a01b4ff36 b/fuzz/corpora/crl/8cb0f783f64f2fbba5fca6a2bba70b9a01b4ff36
-new file mode 100644
-index 0000000..b44eb64
-Binary files /dev/null and b/fuzz/corpora/crl/8cb0f783f64f2fbba5fca6a2bba70b9a01b4ff36 differ
-diff --git a/fuzz/corpora/crl/8cb412f87365b0e021ac10c761000af59df72a92 b/fuzz/corpora/crl/8cb412f87365b0e021ac10c761000af59df72a92
-new file mode 100644
-index 0000000..ad02753
-Binary files /dev/null and b/fuzz/corpora/crl/8cb412f87365b0e021ac10c761000af59df72a92 differ
-diff --git a/fuzz/corpora/crl/8d6922bdec5570999c768983184b8bf877c4281d b/fuzz/corpora/crl/8d6922bdec5570999c768983184b8bf877c4281d
-new file mode 100644
-index 0000000..a0fc668
-Binary files /dev/null and b/fuzz/corpora/crl/8d6922bdec5570999c768983184b8bf877c4281d differ
-diff --git a/fuzz/corpora/crl/8d8774731fdb354270588bb6cf1694cbf82f73bc b/fuzz/corpora/crl/8d8774731fdb354270588bb6cf1694cbf82f73bc
-new file mode 100644
-index 0000000..a44a6d6
-Binary files /dev/null and b/fuzz/corpora/crl/8d8774731fdb354270588bb6cf1694cbf82f73bc differ
-diff --git a/fuzz/corpora/crl/8d9fdf73dd63090fabf41112d3da1d51791d918d b/fuzz/corpora/crl/8d9fdf73dd63090fabf41112d3da1d51791d918d
-new file mode 100644
-index 0000000..b04d96a
-Binary files /dev/null and b/fuzz/corpora/crl/8d9fdf73dd63090fabf41112d3da1d51791d918d differ
-diff --git a/fuzz/corpora/crl/8db149228f8543782b023ff187b4a0c80d235f2a b/fuzz/corpora/crl/8db149228f8543782b023ff187b4a0c80d235f2a
-new file mode 100644
-index 0000000..f7e472f
-Binary files /dev/null and b/fuzz/corpora/crl/8db149228f8543782b023ff187b4a0c80d235f2a differ
-diff --git a/fuzz/corpora/crl/8e6b22fe9f2d3830cc1e967565ebb829cd61591c b/fuzz/corpora/crl/8e6b22fe9f2d3830cc1e967565ebb829cd61591c
-new file mode 100644
-index 0000000..814e250
-Binary files /dev/null and b/fuzz/corpora/crl/8e6b22fe9f2d3830cc1e967565ebb829cd61591c differ
-diff --git a/fuzz/corpora/crl/8ebfed13981dfb699e70d1c1df6b313e31aa0782 b/fuzz/corpora/crl/8ebfed13981dfb699e70d1c1df6b313e31aa0782
-new file mode 100644
-index 0000000..8f3d128
-Binary files /dev/null and b/fuzz/corpora/crl/8ebfed13981dfb699e70d1c1df6b313e31aa0782 differ
-diff --git a/fuzz/corpora/crl/8f2976191a57e11d3e8a283b6d0e1cf1ede8b772 b/fuzz/corpora/crl/8f2976191a57e11d3e8a283b6d0e1cf1ede8b772
-new file mode 100644
-index 0000000..30d3b8a
-Binary files /dev/null and b/fuzz/corpora/crl/8f2976191a57e11d3e8a283b6d0e1cf1ede8b772 differ
-diff --git a/fuzz/corpora/crl/8fde3ad6ac32809f7ce323ca5635b196108550ac b/fuzz/corpora/crl/8fde3ad6ac32809f7ce323ca5635b196108550ac
-new file mode 100644
-index 0000000..737d5b0
-Binary files /dev/null and b/fuzz/corpora/crl/8fde3ad6ac32809f7ce323ca5635b196108550ac differ
-diff --git a/fuzz/corpora/crl/90135405d11b89800720bfc85deb4c43b9c82e91 b/fuzz/corpora/crl/90135405d11b89800720bfc85deb4c43b9c82e91
-new file mode 100644
-index 0000000..5ba6e10
-Binary files /dev/null and b/fuzz/corpora/crl/90135405d11b89800720bfc85deb4c43b9c82e91 differ
-diff --git a/fuzz/corpora/crl/9019fd8e67ac040e8219e6bb0f26a424d8b5ede1 b/fuzz/corpora/crl/9019fd8e67ac040e8219e6bb0f26a424d8b5ede1
-new file mode 100644
-index 0000000..cc893d3
-Binary files /dev/null and b/fuzz/corpora/crl/9019fd8e67ac040e8219e6bb0f26a424d8b5ede1 differ
-diff --git a/fuzz/corpora/crl/90382f7ab13d3a40dd1fa4e46eb3ecaf829c471f b/fuzz/corpora/crl/90382f7ab13d3a40dd1fa4e46eb3ecaf829c471f
-new file mode 100644
-index 0000000..a2a0533
-Binary files /dev/null and b/fuzz/corpora/crl/90382f7ab13d3a40dd1fa4e46eb3ecaf829c471f differ
-diff --git a/fuzz/corpora/crl/907b50d218920001a0101e721523122bd743c47a b/fuzz/corpora/crl/907b50d218920001a0101e721523122bd743c47a
-new file mode 100644
-index 0000000..fe970f7
-Binary files /dev/null and b/fuzz/corpora/crl/907b50d218920001a0101e721523122bd743c47a differ
-diff --git a/fuzz/corpora/crl/91ef97771f6432cfdf5c5f77582af357dc2f1b4f b/fuzz/corpora/crl/91ef97771f6432cfdf5c5f77582af357dc2f1b4f
-new file mode 100644
-index 0000000..61d0fa9
-Binary files /dev/null and b/fuzz/corpora/crl/91ef97771f6432cfdf5c5f77582af357dc2f1b4f differ
-diff --git a/fuzz/corpora/crl/924e2e4784c457a02f518b8456a6fbd25fa95adb b/fuzz/corpora/crl/924e2e4784c457a02f518b8456a6fbd25fa95adb
-new file mode 100644
-index 0000000..2685821
-Binary files /dev/null and b/fuzz/corpora/crl/924e2e4784c457a02f518b8456a6fbd25fa95adb differ
-diff --git a/fuzz/corpora/crl/926a802833ca47d63fb7a04be7471beaaa090945 b/fuzz/corpora/crl/926a802833ca47d63fb7a04be7471beaaa090945
-new file mode 100644
-index 0000000..250f4f2
-Binary files /dev/null and b/fuzz/corpora/crl/926a802833ca47d63fb7a04be7471beaaa090945 differ
-diff --git a/fuzz/corpora/crl/927bce5e806d2e4ff7e573f22f8df6e26502a018 b/fuzz/corpora/crl/927bce5e806d2e4ff7e573f22f8df6e26502a018
-new file mode 100644
-index 0000000..fc379d6
-Binary files /dev/null and b/fuzz/corpora/crl/927bce5e806d2e4ff7e573f22f8df6e26502a018 differ
-diff --git a/fuzz/corpora/crl/927f6fe0e32c26cf53f4470eea443c8e897b1fe6 b/fuzz/corpora/crl/927f6fe0e32c26cf53f4470eea443c8e897b1fe6
-new file mode 100644
-index 0000000..b390562
-Binary files /dev/null and b/fuzz/corpora/crl/927f6fe0e32c26cf53f4470eea443c8e897b1fe6 differ
-diff --git a/fuzz/corpora/crl/92ea8ea92ade551de6a2ded47b3142a569994250 b/fuzz/corpora/crl/92ea8ea92ade551de6a2ded47b3142a569994250
-new file mode 100644
-index 0000000..4e319ec
-Binary files /dev/null and b/fuzz/corpora/crl/92ea8ea92ade551de6a2ded47b3142a569994250 differ
-diff --git a/fuzz/corpora/crl/9311b06eea99bf381c035cc899279b1313d71931 b/fuzz/corpora/crl/9311b06eea99bf381c035cc899279b1313d71931
-new file mode 100644
-index 0000000..158e4f3
-Binary files /dev/null and b/fuzz/corpora/crl/9311b06eea99bf381c035cc899279b1313d71931 differ
-diff --git a/fuzz/corpora/crl/93169f83f0234bb5eb29bc6e42a971655e869cdb b/fuzz/corpora/crl/93169f83f0234bb5eb29bc6e42a971655e869cdb
-new file mode 100644
-index 0000000..3dbb8e5
-Binary files /dev/null and b/fuzz/corpora/crl/93169f83f0234bb5eb29bc6e42a971655e869cdb differ
-diff --git a/fuzz/corpora/crl/932223a99e06c1db71669204c8f75ce978c0e8f5 b/fuzz/corpora/crl/932223a99e06c1db71669204c8f75ce978c0e8f5
-new file mode 100644
-index 0000000..202f842
-Binary files /dev/null and b/fuzz/corpora/crl/932223a99e06c1db71669204c8f75ce978c0e8f5 differ
-diff --git a/fuzz/corpora/crl/93e112f7c5f87068e18c25439a4ca3b1b6a2e818 b/fuzz/corpora/crl/93e112f7c5f87068e18c25439a4ca3b1b6a2e818
-new file mode 100644
-index 0000000..b1569a8
-Binary files /dev/null and b/fuzz/corpora/crl/93e112f7c5f87068e18c25439a4ca3b1b6a2e818 differ
-diff --git a/fuzz/corpora/crl/93fd51c1dc4d71ff239e18aa62e887297b2e3f25 b/fuzz/corpora/crl/93fd51c1dc4d71ff239e18aa62e887297b2e3f25
-new file mode 100644
-index 0000000..8d44e4e
-Binary files /dev/null and b/fuzz/corpora/crl/93fd51c1dc4d71ff239e18aa62e887297b2e3f25 differ
-diff --git a/fuzz/corpora/crl/9413399a3f21eff2c2230e20c7cebbde54436c38 b/fuzz/corpora/crl/9413399a3f21eff2c2230e20c7cebbde54436c38
-new file mode 100644
-index 0000000..2538172
-Binary files /dev/null and b/fuzz/corpora/crl/9413399a3f21eff2c2230e20c7cebbde54436c38 differ
-diff --git a/fuzz/corpora/crl/9433b155fbcd6e4bd79d9c584bf7c9ef09a9875b b/fuzz/corpora/crl/9433b155fbcd6e4bd79d9c584bf7c9ef09a9875b
-new file mode 100644
-index 0000000..a85e2ea
-Binary files /dev/null and b/fuzz/corpora/crl/9433b155fbcd6e4bd79d9c584bf7c9ef09a9875b differ
-diff --git a/fuzz/corpora/crl/946d30e22f28e031bf366a7a3ca587e473a8bff4 b/fuzz/corpora/crl/946d30e22f28e031bf366a7a3ca587e473a8bff4
-new file mode 100644
-index 0000000..c35e687
-Binary files /dev/null and b/fuzz/corpora/crl/946d30e22f28e031bf366a7a3ca587e473a8bff4 differ
-diff --git a/fuzz/corpora/crl/949d2b1356983aa2ab6dce0eca4c4f0ed9b5adb5 b/fuzz/corpora/crl/949d2b1356983aa2ab6dce0eca4c4f0ed9b5adb5
-new file mode 100644
-index 0000000..ae68c22
-Binary files /dev/null and b/fuzz/corpora/crl/949d2b1356983aa2ab6dce0eca4c4f0ed9b5adb5 differ
-diff --git a/fuzz/corpora/crl/94e1ad819675d38e9aa79298d8067fc9eb3bda12 b/fuzz/corpora/crl/94e1ad819675d38e9aa79298d8067fc9eb3bda12
-new file mode 100644
-index 0000000..6439a5f
-Binary files /dev/null and b/fuzz/corpora/crl/94e1ad819675d38e9aa79298d8067fc9eb3bda12 differ
-diff --git a/fuzz/corpora/crl/94ef57d148905e18130b4d61cd81b1922a9e1329 b/fuzz/corpora/crl/94ef57d148905e18130b4d61cd81b1922a9e1329
-new file mode 100644
-index 0000000..ec25704
-Binary files /dev/null and b/fuzz/corpora/crl/94ef57d148905e18130b4d61cd81b1922a9e1329 differ
-diff --git a/fuzz/corpora/crl/9533d34938b8ccf46e429bdbe8d33f94ad9c25ce b/fuzz/corpora/crl/9533d34938b8ccf46e429bdbe8d33f94ad9c25ce
-new file mode 100644
-index 0000000..5417e3f
-Binary files /dev/null and b/fuzz/corpora/crl/9533d34938b8ccf46e429bdbe8d33f94ad9c25ce differ
-diff --git a/fuzz/corpora/crl/956763749024d79a66921f12f0bee09149c2b981 b/fuzz/corpora/crl/956763749024d79a66921f12f0bee09149c2b981
-new file mode 100644
-index 0000000..0526664
-Binary files /dev/null and b/fuzz/corpora/crl/956763749024d79a66921f12f0bee09149c2b981 differ
-diff --git a/fuzz/corpora/crl/95ae794899a46a3cfae1ee8feeee0bd955082c57 b/fuzz/corpora/crl/95ae794899a46a3cfae1ee8feeee0bd955082c57
-new file mode 100644
-index 0000000..8b2c567
-Binary files /dev/null and b/fuzz/corpora/crl/95ae794899a46a3cfae1ee8feeee0bd955082c57 differ
-diff --git a/fuzz/corpora/crl/95c3a992ebca07803d9155e5d9fd687cfa79b0db b/fuzz/corpora/crl/95c3a992ebca07803d9155e5d9fd687cfa79b0db
-new file mode 100644
-index 0000000..f6cce3d
-Binary files /dev/null and b/fuzz/corpora/crl/95c3a992ebca07803d9155e5d9fd687cfa79b0db differ
-diff --git a/fuzz/corpora/crl/95f9d3ebbc8d1be2aafac634dccf3799dce33f2a b/fuzz/corpora/crl/95f9d3ebbc8d1be2aafac634dccf3799dce33f2a
-new file mode 100644
-index 0000000..911e9f3
-Binary files /dev/null and b/fuzz/corpora/crl/95f9d3ebbc8d1be2aafac634dccf3799dce33f2a differ
-diff --git a/fuzz/corpora/crl/96026fe90f19305a73b45bbf6f82f08825008bbf b/fuzz/corpora/crl/96026fe90f19305a73b45bbf6f82f08825008bbf
-new file mode 100644
-index 0000000..1e77bc5
-Binary files /dev/null and b/fuzz/corpora/crl/96026fe90f19305a73b45bbf6f82f08825008bbf differ
-diff --git a/fuzz/corpora/crl/9687201a1f5f577fa48b2d836b62c90a662e2c58 b/fuzz/corpora/crl/9687201a1f5f577fa48b2d836b62c90a662e2c58
-new file mode 100644
-index 0000000..0532762
-Binary files /dev/null and b/fuzz/corpora/crl/9687201a1f5f577fa48b2d836b62c90a662e2c58 differ
-diff --git a/fuzz/corpora/crl/96ddfdeb43e0cc292f7fbe1fe457c72532e7232c b/fuzz/corpora/crl/96ddfdeb43e0cc292f7fbe1fe457c72532e7232c
-new file mode 100644
-index 0000000..e9c0fd3
-Binary files /dev/null and b/fuzz/corpora/crl/96ddfdeb43e0cc292f7fbe1fe457c72532e7232c differ
-diff --git a/fuzz/corpora/crl/96e2ecc673f8812aa6cc4c675a5d43fc7bee970b b/fuzz/corpora/crl/96e2ecc673f8812aa6cc4c675a5d43fc7bee970b
-new file mode 100644
-index 0000000..a46c866
-Binary files /dev/null and b/fuzz/corpora/crl/96e2ecc673f8812aa6cc4c675a5d43fc7bee970b differ
-diff --git a/fuzz/corpora/crl/97229d1abbca21f12cc8cac0f889b265c90e5a81 b/fuzz/corpora/crl/97229d1abbca21f12cc8cac0f889b265c90e5a81
-new file mode 100644
-index 0000000..66f2b9b
-Binary files /dev/null and b/fuzz/corpora/crl/97229d1abbca21f12cc8cac0f889b265c90e5a81 differ
-diff --git a/fuzz/corpora/crl/984784c17e38da7e803a7af37b12b1727ee443df b/fuzz/corpora/crl/984784c17e38da7e803a7af37b12b1727ee443df
-new file mode 100644
-index 0000000..84cfe79
-Binary files /dev/null and b/fuzz/corpora/crl/984784c17e38da7e803a7af37b12b1727ee443df differ
-diff --git a/fuzz/corpora/crl/98d1599ea80381aa5ef283fcfbb87e88ffe91177 b/fuzz/corpora/crl/98d1599ea80381aa5ef283fcfbb87e88ffe91177
-new file mode 100644
-index 0000000..4d94b2f
-Binary files /dev/null and b/fuzz/corpora/crl/98d1599ea80381aa5ef283fcfbb87e88ffe91177 differ
-diff --git a/fuzz/corpora/crl/99497d83574ce13df85bdb6428e373d37288c1bb b/fuzz/corpora/crl/99497d83574ce13df85bdb6428e373d37288c1bb
-new file mode 100644
-index 0000000..4d3f3c6
-Binary files /dev/null and b/fuzz/corpora/crl/99497d83574ce13df85bdb6428e373d37288c1bb differ
-diff --git a/fuzz/corpora/crl/99c54d3b44ed209224f65280bcf2fdf3e55e91a7 b/fuzz/corpora/crl/99c54d3b44ed209224f65280bcf2fdf3e55e91a7
-new file mode 100644
-index 0000000..e0bfa6f
-Binary files /dev/null and b/fuzz/corpora/crl/99c54d3b44ed209224f65280bcf2fdf3e55e91a7 differ
-diff --git a/fuzz/corpora/crl/99e49724e0ccbc1a5e2c245e852dea0f21acdec6 b/fuzz/corpora/crl/99e49724e0ccbc1a5e2c245e852dea0f21acdec6
-new file mode 100644
-index 0000000..0a21bcd
-Binary files /dev/null and b/fuzz/corpora/crl/99e49724e0ccbc1a5e2c245e852dea0f21acdec6 differ
-diff --git a/fuzz/corpora/crl/9a6169e8dd90964f42dc84cb0e15071d23ef290e b/fuzz/corpora/crl/9a6169e8dd90964f42dc84cb0e15071d23ef290e
-new file mode 100644
-index 0000000..adbc935
-Binary files /dev/null and b/fuzz/corpora/crl/9a6169e8dd90964f42dc84cb0e15071d23ef290e differ
-diff --git a/fuzz/corpora/crl/9a85c0eecd0b0257184f4973caff94b879306180 b/fuzz/corpora/crl/9a85c0eecd0b0257184f4973caff94b879306180
-new file mode 100644
-index 0000000..254c460
-Binary files /dev/null and b/fuzz/corpora/crl/9a85c0eecd0b0257184f4973caff94b879306180 differ
-diff --git a/fuzz/corpora/crl/9c1bccc7b87d9f8099535e74d884b56c0d803856 b/fuzz/corpora/crl/9c1bccc7b87d9f8099535e74d884b56c0d803856
-new file mode 100644
-index 0000000..3b17996
-Binary files /dev/null and b/fuzz/corpora/crl/9c1bccc7b87d9f8099535e74d884b56c0d803856 differ
-diff --git a/fuzz/corpora/crl/9c5da7d46dd589af3420a0f316dc552aba432e5a b/fuzz/corpora/crl/9c5da7d46dd589af3420a0f316dc552aba432e5a
-new file mode 100644
-index 0000000..809b6ae
-Binary files /dev/null and b/fuzz/corpora/crl/9c5da7d46dd589af3420a0f316dc552aba432e5a differ
-diff --git a/fuzz/corpora/crl/9cbe1264e223ca3b9af35b35957f99e21004abe4 b/fuzz/corpora/crl/9cbe1264e223ca3b9af35b35957f99e21004abe4
-new file mode 100644
-index 0000000..ce57442
-Binary files /dev/null and b/fuzz/corpora/crl/9cbe1264e223ca3b9af35b35957f99e21004abe4 differ
-diff --git a/fuzz/corpora/crl/9cde9c121996bc737abb8761c8b37a860490b3f5 b/fuzz/corpora/crl/9cde9c121996bc737abb8761c8b37a860490b3f5
-new file mode 100644
-index 0000000..1658ce3
-Binary files /dev/null and b/fuzz/corpora/crl/9cde9c121996bc737abb8761c8b37a860490b3f5 differ
-diff --git a/fuzz/corpora/crl/9ce11494a2bec38780e750ac49bf28f8b9fb8d49 b/fuzz/corpora/crl/9ce11494a2bec38780e750ac49bf28f8b9fb8d49
-new file mode 100644
-index 0000000..69ec041
-Binary files /dev/null and b/fuzz/corpora/crl/9ce11494a2bec38780e750ac49bf28f8b9fb8d49 differ
-diff --git a/fuzz/corpora/crl/9e145380fa1e1f47ff8354c919ff0faf9dfa5a98 b/fuzz/corpora/crl/9e145380fa1e1f47ff8354c919ff0faf9dfa5a98
-new file mode 100644
-index 0000000..bcb6431
-Binary files /dev/null and b/fuzz/corpora/crl/9e145380fa1e1f47ff8354c919ff0faf9dfa5a98 differ
-diff --git a/fuzz/corpora/crl/9e9511bdb7b647b9e2c9f3bbd5efda0ba1244a5f b/fuzz/corpora/crl/9e9511bdb7b647b9e2c9f3bbd5efda0ba1244a5f
-new file mode 100644
-index 0000000..bf33a4e
-Binary files /dev/null and b/fuzz/corpora/crl/9e9511bdb7b647b9e2c9f3bbd5efda0ba1244a5f differ
-diff --git a/fuzz/corpora/crl/a063c3f7a0356cf6ff2a58b07c1ea670b3f4f372 b/fuzz/corpora/crl/a063c3f7a0356cf6ff2a58b07c1ea670b3f4f372
-new file mode 100644
-index 0000000..a162842
-Binary files /dev/null and b/fuzz/corpora/crl/a063c3f7a0356cf6ff2a58b07c1ea670b3f4f372 differ
-diff --git a/fuzz/corpora/crl/a09f48799ebebc965fd7428aaebf846391a1068d b/fuzz/corpora/crl/a09f48799ebebc965fd7428aaebf846391a1068d
-new file mode 100644
-index 0000000..e102c9d
-Binary files /dev/null and b/fuzz/corpora/crl/a09f48799ebebc965fd7428aaebf846391a1068d differ
-diff --git a/fuzz/corpora/crl/a173e42b18bb8e5caff4665d071d07ec8932b646 b/fuzz/corpora/crl/a173e42b18bb8e5caff4665d071d07ec8932b646
-new file mode 100644
-index 0000000..5db0daf
-Binary files /dev/null and b/fuzz/corpora/crl/a173e42b18bb8e5caff4665d071d07ec8932b646 differ
-diff --git a/fuzz/corpora/crl/a1cb2a0e51fc00b195561ce82fd459371b5ea813 b/fuzz/corpora/crl/a1cb2a0e51fc00b195561ce82fd459371b5ea813
-new file mode 100644
-index 0000000..ff7b91a
-Binary files /dev/null and b/fuzz/corpora/crl/a1cb2a0e51fc00b195561ce82fd459371b5ea813 differ
-diff --git a/fuzz/corpora/crl/a216235842377e85a8b23c1756948801b1adde9d b/fuzz/corpora/crl/a216235842377e85a8b23c1756948801b1adde9d
-new file mode 100644
-index 0000000..f54d8df
-Binary files /dev/null and b/fuzz/corpora/crl/a216235842377e85a8b23c1756948801b1adde9d differ
-diff --git a/fuzz/corpora/crl/a285e8ac8670749a4d773e6abbea700ed31a31d3 b/fuzz/corpora/crl/a285e8ac8670749a4d773e6abbea700ed31a31d3
-new file mode 100644
-index 0000000..244cf1d
-Binary files /dev/null and b/fuzz/corpora/crl/a285e8ac8670749a4d773e6abbea700ed31a31d3 differ
-diff --git a/fuzz/corpora/crl/a36f9d7c0aa3ef9ecd3c382c7f74fa6f01dbf7a0 b/fuzz/corpora/crl/a36f9d7c0aa3ef9ecd3c382c7f74fa6f01dbf7a0
-new file mode 100644
-index 0000000..b8e93ea
-Binary files /dev/null and b/fuzz/corpora/crl/a36f9d7c0aa3ef9ecd3c382c7f74fa6f01dbf7a0 differ
-diff --git a/fuzz/corpora/crl/a3b3d458eecc18600ad5b5abb7f11bf8e6f0372a b/fuzz/corpora/crl/a3b3d458eecc18600ad5b5abb7f11bf8e6f0372a
-new file mode 100644
-index 0000000..d4e2aec
-Binary files /dev/null and b/fuzz/corpora/crl/a3b3d458eecc18600ad5b5abb7f11bf8e6f0372a differ
-diff --git a/fuzz/corpora/crl/a4c0c049db5e56e7a27918fa85c46941f5136f30 b/fuzz/corpora/crl/a4c0c049db5e56e7a27918fa85c46941f5136f30
-new file mode 100644
-index 0000000..68daa0b
-Binary files /dev/null and b/fuzz/corpora/crl/a4c0c049db5e56e7a27918fa85c46941f5136f30 differ
-diff --git a/fuzz/corpora/crl/a4ca4955c6c9942f602c13e6faf5496c5f098d81 b/fuzz/corpora/crl/a4ca4955c6c9942f602c13e6faf5496c5f098d81
-new file mode 100644
-index 0000000..7703393
-Binary files /dev/null and b/fuzz/corpora/crl/a4ca4955c6c9942f602c13e6faf5496c5f098d81 differ
-diff --git a/fuzz/corpora/crl/a4d9452f57020e9b254d7d750a8c03cbf89b7726 b/fuzz/corpora/crl/a4d9452f57020e9b254d7d750a8c03cbf89b7726
-new file mode 100644
-index 0000000..5c6d7a2
-Binary files /dev/null and b/fuzz/corpora/crl/a4d9452f57020e9b254d7d750a8c03cbf89b7726 differ
-diff --git a/fuzz/corpora/crl/a4e1378b8690d88eb5cc2718768189637f918513 b/fuzz/corpora/crl/a4e1378b8690d88eb5cc2718768189637f918513
-new file mode 100644
-index 0000000..78f240b
-Binary files /dev/null and b/fuzz/corpora/crl/a4e1378b8690d88eb5cc2718768189637f918513 differ
-diff --git a/fuzz/corpora/crl/a50970f5250baaf4a8edf9322e64ac1e7ae0863a b/fuzz/corpora/crl/a50970f5250baaf4a8edf9322e64ac1e7ae0863a
-new file mode 100644
-index 0000000..825b3ec
-Binary files /dev/null and b/fuzz/corpora/crl/a50970f5250baaf4a8edf9322e64ac1e7ae0863a differ
-diff --git a/fuzz/corpora/crl/a5c1e9962e3bb1180de6acbc7f05bd97666cb313 b/fuzz/corpora/crl/a5c1e9962e3bb1180de6acbc7f05bd97666cb313
-new file mode 100644
-index 0000000..2d664d9
-Binary files /dev/null and b/fuzz/corpora/crl/a5c1e9962e3bb1180de6acbc7f05bd97666cb313 differ
-diff --git a/fuzz/corpora/crl/a60e7688558c61ea2111a3d24803abe58a83a26f b/fuzz/corpora/crl/a60e7688558c61ea2111a3d24803abe58a83a26f
-new file mode 100644
-index 0000000..abc417e
-Binary files /dev/null and b/fuzz/corpora/crl/a60e7688558c61ea2111a3d24803abe58a83a26f differ
-diff --git a/fuzz/corpora/crl/a6cecc1f15aa334938f6d51bb2428a5ed0ec0739 b/fuzz/corpora/crl/a6cecc1f15aa334938f6d51bb2428a5ed0ec0739
-new file mode 100644
-index 0000000..6cf30a8
-Binary files /dev/null and b/fuzz/corpora/crl/a6cecc1f15aa334938f6d51bb2428a5ed0ec0739 differ
-diff --git a/fuzz/corpora/crl/a6f1e28f82d6969d2b821d5184dcdfacf137ad9b b/fuzz/corpora/crl/a6f1e28f82d6969d2b821d5184dcdfacf137ad9b
-new file mode 100644
-index 0000000..f0e467c
-Binary files /dev/null and b/fuzz/corpora/crl/a6f1e28f82d6969d2b821d5184dcdfacf137ad9b differ
-diff --git a/fuzz/corpora/crl/a74f9cfee132e9e28e2885e75ddcba6125311821 b/fuzz/corpora/crl/a74f9cfee132e9e28e2885e75ddcba6125311821
-new file mode 100644
-index 0000000..8dee827
-Binary files /dev/null and b/fuzz/corpora/crl/a74f9cfee132e9e28e2885e75ddcba6125311821 differ
-diff --git a/fuzz/corpora/crl/a75950b7a6dc9f4c3824a61cff4b43b6628d3b61 b/fuzz/corpora/crl/a75950b7a6dc9f4c3824a61cff4b43b6628d3b61
-new file mode 100644
-index 0000000..1fb0f8d
-Binary files /dev/null and b/fuzz/corpora/crl/a75950b7a6dc9f4c3824a61cff4b43b6628d3b61 differ
-diff --git a/fuzz/corpora/crl/a7a43e11b1924a91f91c0a85ff244cc070b4f559 b/fuzz/corpora/crl/a7a43e11b1924a91f91c0a85ff244cc070b4f559
-new file mode 100644
-index 0000000..1d6f6e4
-Binary files /dev/null and b/fuzz/corpora/crl/a7a43e11b1924a91f91c0a85ff244cc070b4f559 differ
-diff --git a/fuzz/corpora/crl/a804b3ea00c53e77ea0ce531a10e474d80915b2e b/fuzz/corpora/crl/a804b3ea00c53e77ea0ce531a10e474d80915b2e
-new file mode 100644
-index 0000000..ccc9950
-Binary files /dev/null and b/fuzz/corpora/crl/a804b3ea00c53e77ea0ce531a10e474d80915b2e differ
-diff --git a/fuzz/corpora/crl/a86f8a8f5af11055b6ac521bf8493fbbbebce861 b/fuzz/corpora/crl/a86f8a8f5af11055b6ac521bf8493fbbbebce861
-new file mode 100644
-index 0000000..dbbb98b
-Binary files /dev/null and b/fuzz/corpora/crl/a86f8a8f5af11055b6ac521bf8493fbbbebce861 differ
-diff --git a/fuzz/corpora/crl/a87c93937e6c8f2fda0b2a1524832aa9f60bf0e8 b/fuzz/corpora/crl/a87c93937e6c8f2fda0b2a1524832aa9f60bf0e8
-new file mode 100644
-index 0000000..3c3324c
-Binary files /dev/null and b/fuzz/corpora/crl/a87c93937e6c8f2fda0b2a1524832aa9f60bf0e8 differ
-diff --git a/fuzz/corpora/crl/a8c7ffdc52f6bd09ba83b443ed15f12ab94fd30e b/fuzz/corpora/crl/a8c7ffdc52f6bd09ba83b443ed15f12ab94fd30e
-new file mode 100644
-index 0000000..c906aef
-Binary files /dev/null and b/fuzz/corpora/crl/a8c7ffdc52f6bd09ba83b443ed15f12ab94fd30e differ
-diff --git a/fuzz/corpora/crl/a8d789dd64af913072cad29b81ebb8fd66597f1e b/fuzz/corpora/crl/a8d789dd64af913072cad29b81ebb8fd66597f1e
-new file mode 100644
-index 0000000..88839c4
-Binary files /dev/null and b/fuzz/corpora/crl/a8d789dd64af913072cad29b81ebb8fd66597f1e differ
-diff --git a/fuzz/corpora/crl/a903a1ce0f1a290b91c7a8df2e8b6066bf99ce57 b/fuzz/corpora/crl/a903a1ce0f1a290b91c7a8df2e8b6066bf99ce57
-new file mode 100644
-index 0000000..46d8029
-Binary files /dev/null and b/fuzz/corpora/crl/a903a1ce0f1a290b91c7a8df2e8b6066bf99ce57 differ
-diff --git a/fuzz/corpora/crl/a942fe1f9531bb095859d49434e01bf6c71d15e5 b/fuzz/corpora/crl/a942fe1f9531bb095859d49434e01bf6c71d15e5
-new file mode 100644
-index 0000000..cce68e5
-Binary files /dev/null and b/fuzz/corpora/crl/a942fe1f9531bb095859d49434e01bf6c71d15e5 differ
-diff --git a/fuzz/corpora/crl/a990ebcd8f72f97560582196d72192af916b7fd5 b/fuzz/corpora/crl/a990ebcd8f72f97560582196d72192af916b7fd5
-new file mode 100644
-index 0000000..4e2fd81
-Binary files /dev/null and b/fuzz/corpora/crl/a990ebcd8f72f97560582196d72192af916b7fd5 differ
-diff --git a/fuzz/corpora/crl/aa768cd1a0bba3ee22dae8567de94d4e31f3eff3 b/fuzz/corpora/crl/aa768cd1a0bba3ee22dae8567de94d4e31f3eff3
-new file mode 100644
-index 0000000..d560c90
-Binary files /dev/null and b/fuzz/corpora/crl/aa768cd1a0bba3ee22dae8567de94d4e31f3eff3 differ
-diff --git a/fuzz/corpora/crl/aaa50414a98c80765432fa6840adcd13978895b5 b/fuzz/corpora/crl/aaa50414a98c80765432fa6840adcd13978895b5
-new file mode 100644
-index 0000000..cd2b337
-Binary files /dev/null and b/fuzz/corpora/crl/aaa50414a98c80765432fa6840adcd13978895b5 differ
-diff --git a/fuzz/corpora/crl/aad4b1b00d49e7576c84db0606e16621028b70fd b/fuzz/corpora/crl/aad4b1b00d49e7576c84db0606e16621028b70fd
-new file mode 100644
-index 0000000..6d76df0
-Binary files /dev/null and b/fuzz/corpora/crl/aad4b1b00d49e7576c84db0606e16621028b70fd differ
-diff --git a/fuzz/corpora/crl/ab019b6b207dae98ffb8c53e5624445eb51b07f1 b/fuzz/corpora/crl/ab019b6b207dae98ffb8c53e5624445eb51b07f1
-new file mode 100644
-index 0000000..45ad5b2
-Binary files /dev/null and b/fuzz/corpora/crl/ab019b6b207dae98ffb8c53e5624445eb51b07f1 differ
-diff --git a/fuzz/corpora/crl/ab0e2145e6e82c0a0707e7dba523a28c0589803a b/fuzz/corpora/crl/ab0e2145e6e82c0a0707e7dba523a28c0589803a
-new file mode 100644
-index 0000000..6eeb7d0
-Binary files /dev/null and b/fuzz/corpora/crl/ab0e2145e6e82c0a0707e7dba523a28c0589803a differ
-diff --git a/fuzz/corpora/crl/ab6a30041682db50dd28068f75f0d099bf5e3689 b/fuzz/corpora/crl/ab6a30041682db50dd28068f75f0d099bf5e3689
-new file mode 100644
-index 0000000..51ed440
-Binary files /dev/null and b/fuzz/corpora/crl/ab6a30041682db50dd28068f75f0d099bf5e3689 differ
-diff --git a/fuzz/corpora/crl/abbd9287761526f070bb78e836c0ed5f6b3b491a b/fuzz/corpora/crl/abbd9287761526f070bb78e836c0ed5f6b3b491a
-new file mode 100644
-index 0000000..e4d45b4
-Binary files /dev/null and b/fuzz/corpora/crl/abbd9287761526f070bb78e836c0ed5f6b3b491a differ
-diff --git a/fuzz/corpora/crl/abc0dc26a9ad3bdc42fb80ec597e24e9593cc0ea b/fuzz/corpora/crl/abc0dc26a9ad3bdc42fb80ec597e24e9593cc0ea
-new file mode 100644
-index 0000000..c78b2ce
-Binary files /dev/null and b/fuzz/corpora/crl/abc0dc26a9ad3bdc42fb80ec597e24e9593cc0ea differ
-diff --git a/fuzz/corpora/crl/abc64acc4e57f9daa35ab1cd483aa5d54c3e22a5 b/fuzz/corpora/crl/abc64acc4e57f9daa35ab1cd483aa5d54c3e22a5
-new file mode 100644
-index 0000000..0a569f5
-Binary files /dev/null and b/fuzz/corpora/crl/abc64acc4e57f9daa35ab1cd483aa5d54c3e22a5 differ
-diff --git a/fuzz/corpora/crl/ac1af3832967a067998d4ec6163d21ac84788c44 b/fuzz/corpora/crl/ac1af3832967a067998d4ec6163d21ac84788c44
-new file mode 100644
-index 0000000..7b7c3a8
-Binary files /dev/null and b/fuzz/corpora/crl/ac1af3832967a067998d4ec6163d21ac84788c44 differ
-diff --git a/fuzz/corpora/crl/acc9cfd921cb148a56e36dec5b41d2d934935354 b/fuzz/corpora/crl/acc9cfd921cb148a56e36dec5b41d2d934935354
-new file mode 100644
-index 0000000..0e52b06
-Binary files /dev/null and b/fuzz/corpora/crl/acc9cfd921cb148a56e36dec5b41d2d934935354 differ
-diff --git a/fuzz/corpora/crl/ae536429c41525f67249d81ba85a76a48f04a0c4 b/fuzz/corpora/crl/ae536429c41525f67249d81ba85a76a48f04a0c4
-new file mode 100644
-index 0000000..28f5628
-Binary files /dev/null and b/fuzz/corpora/crl/ae536429c41525f67249d81ba85a76a48f04a0c4 differ
-diff --git a/fuzz/corpora/crl/ae7eb55676d92c677a17e8f594bc88ce658d5d5a b/fuzz/corpora/crl/ae7eb55676d92c677a17e8f594bc88ce658d5d5a
-new file mode 100644
-index 0000000..45fc4e1
-Binary files /dev/null and b/fuzz/corpora/crl/ae7eb55676d92c677a17e8f594bc88ce658d5d5a differ
-diff --git a/fuzz/corpora/crl/aeb89e7ab543fe0973cbbe0d9f1ed4a1c5d4dab7 b/fuzz/corpora/crl/aeb89e7ab543fe0973cbbe0d9f1ed4a1c5d4dab7
-new file mode 100644
-index 0000000..dfda42b
-Binary files /dev/null and b/fuzz/corpora/crl/aeb89e7ab543fe0973cbbe0d9f1ed4a1c5d4dab7 differ
-diff --git a/fuzz/corpora/crl/aed6b61bc1008d8390410a6c75d4914bd04acc92 b/fuzz/corpora/crl/aed6b61bc1008d8390410a6c75d4914bd04acc92
-new file mode 100644
-index 0000000..22ebc03
-Binary files /dev/null and b/fuzz/corpora/crl/aed6b61bc1008d8390410a6c75d4914bd04acc92 differ
-diff --git a/fuzz/corpora/crl/af6339cbaa9ed04baa58b4fc777061d970f88b66 b/fuzz/corpora/crl/af6339cbaa9ed04baa58b4fc777061d970f88b66
-new file mode 100644
-index 0000000..be4d902
-Binary files /dev/null and b/fuzz/corpora/crl/af6339cbaa9ed04baa58b4fc777061d970f88b66 differ
-diff --git a/fuzz/corpora/crl/afb9ada23f8cdc85b381ad62d7cfaae9ffc46fee b/fuzz/corpora/crl/afb9ada23f8cdc85b381ad62d7cfaae9ffc46fee
-new file mode 100644
-index 0000000..8a24533
-Binary files /dev/null and b/fuzz/corpora/crl/afb9ada23f8cdc85b381ad62d7cfaae9ffc46fee differ
-diff --git a/fuzz/corpora/crl/afd2b6f35c8a59bedf9d0f71161151959524c731 b/fuzz/corpora/crl/afd2b6f35c8a59bedf9d0f71161151959524c731
-new file mode 100644
-index 0000000..f7c610e
-Binary files /dev/null and b/fuzz/corpora/crl/afd2b6f35c8a59bedf9d0f71161151959524c731 differ
-diff --git a/fuzz/corpora/crl/b026396ac679309e58ddc8f4dff0b69b7d4e11a0 b/fuzz/corpora/crl/b026396ac679309e58ddc8f4dff0b69b7d4e11a0
-new file mode 100644
-index 0000000..fba50b1
-Binary files /dev/null and b/fuzz/corpora/crl/b026396ac679309e58ddc8f4dff0b69b7d4e11a0 differ
-diff --git a/fuzz/corpora/crl/b0b89639a6e72346875e6de665259f480b72a7c9 b/fuzz/corpora/crl/b0b89639a6e72346875e6de665259f480b72a7c9
-new file mode 100644
-index 0000000..3d6b628
-Binary files /dev/null and b/fuzz/corpora/crl/b0b89639a6e72346875e6de665259f480b72a7c9 differ
-diff --git a/fuzz/corpora/crl/b0f765b5c5dc39f37688564ea60b82e724ba37f6 b/fuzz/corpora/crl/b0f765b5c5dc39f37688564ea60b82e724ba37f6
-new file mode 100644
-index 0000000..4df2a6d
-Binary files /dev/null and b/fuzz/corpora/crl/b0f765b5c5dc39f37688564ea60b82e724ba37f6 differ
-diff --git a/fuzz/corpora/crl/b1dc7b083703db8f6c5386a23096eee6b3213ac9 b/fuzz/corpora/crl/b1dc7b083703db8f6c5386a23096eee6b3213ac9
-new file mode 100644
-index 0000000..fc5a9d1
-Binary files /dev/null and b/fuzz/corpora/crl/b1dc7b083703db8f6c5386a23096eee6b3213ac9 differ
-diff --git a/fuzz/corpora/crl/b1fa953dbd62fc3c9fcefc6fce22c2d074bf4805 b/fuzz/corpora/crl/b1fa953dbd62fc3c9fcefc6fce22c2d074bf4805
-new file mode 100644
-index 0000000..3f970be
-Binary files /dev/null and b/fuzz/corpora/crl/b1fa953dbd62fc3c9fcefc6fce22c2d074bf4805 differ
-diff --git a/fuzz/corpora/crl/b2883db9623c689c8fa41776c310a02a3d4b01d7 b/fuzz/corpora/crl/b2883db9623c689c8fa41776c310a02a3d4b01d7
-new file mode 100644
-index 0000000..c86a620
-Binary files /dev/null and b/fuzz/corpora/crl/b2883db9623c689c8fa41776c310a02a3d4b01d7 differ
-diff --git a/fuzz/corpora/crl/b2ba633dc1524b8e5817e215e85aa3d38c0f1329 b/fuzz/corpora/crl/b2ba633dc1524b8e5817e215e85aa3d38c0f1329
-new file mode 100644
-index 0000000..2a3c0e0
-Binary files /dev/null and b/fuzz/corpora/crl/b2ba633dc1524b8e5817e215e85aa3d38c0f1329 differ
-diff --git a/fuzz/corpora/crl/b2d9f196082ac030a25d862f6f09ceb0eb86d705 b/fuzz/corpora/crl/b2d9f196082ac030a25d862f6f09ceb0eb86d705
-new file mode 100644
-index 0000000..dc18c4b
-Binary files /dev/null and b/fuzz/corpora/crl/b2d9f196082ac030a25d862f6f09ceb0eb86d705 differ
-diff --git a/fuzz/corpora/crl/b2e5342ee20eee873433987bd060c5d519aafb1f b/fuzz/corpora/crl/b2e5342ee20eee873433987bd060c5d519aafb1f
-new file mode 100644
-index 0000000..a115057
-Binary files /dev/null and b/fuzz/corpora/crl/b2e5342ee20eee873433987bd060c5d519aafb1f differ
-diff --git a/fuzz/corpora/crl/b31da5e6f3aaccc6a0d94b04c6522c06850072d6 b/fuzz/corpora/crl/b31da5e6f3aaccc6a0d94b04c6522c06850072d6
-new file mode 100644
-index 0000000..e962986
-Binary files /dev/null and b/fuzz/corpora/crl/b31da5e6f3aaccc6a0d94b04c6522c06850072d6 differ
-diff --git a/fuzz/corpora/crl/b36f54e82aab2e2295797d4104c900dab21cfdf6 b/fuzz/corpora/crl/b36f54e82aab2e2295797d4104c900dab21cfdf6
-new file mode 100644
-index 0000000..d301fe7
-Binary files /dev/null and b/fuzz/corpora/crl/b36f54e82aab2e2295797d4104c900dab21cfdf6 differ
-diff --git a/fuzz/corpora/crl/b410893c3dae4a860c0e1e41143b24c66a399d8c b/fuzz/corpora/crl/b410893c3dae4a860c0e1e41143b24c66a399d8c
-new file mode 100644
-index 0000000..b32aed1
-Binary files /dev/null and b/fuzz/corpora/crl/b410893c3dae4a860c0e1e41143b24c66a399d8c differ
-diff --git a/fuzz/corpora/crl/b442cb276cd18f06e6d77b98f9223823c15a2d47 b/fuzz/corpora/crl/b442cb276cd18f06e6d77b98f9223823c15a2d47
-new file mode 100644
-index 0000000..e3ce968
-Binary files /dev/null and b/fuzz/corpora/crl/b442cb276cd18f06e6d77b98f9223823c15a2d47 differ
-diff --git a/fuzz/corpora/crl/b4a7ad1caf7ec9fe7465f40ebb60d9e3563c48dd b/fuzz/corpora/crl/b4a7ad1caf7ec9fe7465f40ebb60d9e3563c48dd
-new file mode 100644
-index 0000000..fe20132
-Binary files /dev/null and b/fuzz/corpora/crl/b4a7ad1caf7ec9fe7465f40ebb60d9e3563c48dd differ
-diff --git a/fuzz/corpora/crl/b4bb5ac8ba062e1f8f98617da337dfeab0442d16 b/fuzz/corpora/crl/b4bb5ac8ba062e1f8f98617da337dfeab0442d16
-new file mode 100644
-index 0000000..ecc8f0b
-Binary files /dev/null and b/fuzz/corpora/crl/b4bb5ac8ba062e1f8f98617da337dfeab0442d16 differ
-diff --git a/fuzz/corpora/crl/b4d25c2b9d8a7bbe658e814fb5e2f69efa633887 b/fuzz/corpora/crl/b4d25c2b9d8a7bbe658e814fb5e2f69efa633887
-new file mode 100644
-index 0000000..b02a1a7
-Binary files /dev/null and b/fuzz/corpora/crl/b4d25c2b9d8a7bbe658e814fb5e2f69efa633887 differ
-diff --git a/fuzz/corpora/crl/b4d894317b7606870e288ac29ce507936817830c b/fuzz/corpora/crl/b4d894317b7606870e288ac29ce507936817830c
-new file mode 100644
-index 0000000..de4342d
-Binary files /dev/null and b/fuzz/corpora/crl/b4d894317b7606870e288ac29ce507936817830c differ
-diff --git a/fuzz/corpora/crl/b50c444ff52ff487e0807490adb1a21bc4c64f14 b/fuzz/corpora/crl/b50c444ff52ff487e0807490adb1a21bc4c64f14
-new file mode 100644
-index 0000000..05409dd
-Binary files /dev/null and b/fuzz/corpora/crl/b50c444ff52ff487e0807490adb1a21bc4c64f14 differ
-diff --git a/fuzz/corpora/crl/b6297afe94b7c31d51607340300c6e27c181acea b/fuzz/corpora/crl/b6297afe94b7c31d51607340300c6e27c181acea
-new file mode 100644
-index 0000000..b7c5dcd
-Binary files /dev/null and b/fuzz/corpora/crl/b6297afe94b7c31d51607340300c6e27c181acea differ
-diff --git a/fuzz/corpora/crl/b63bab91985d5776ced990a2f5fb175b1189239b b/fuzz/corpora/crl/b63bab91985d5776ced990a2f5fb175b1189239b
-new file mode 100644
-index 0000000..ad28dc6
-Binary files /dev/null and b/fuzz/corpora/crl/b63bab91985d5776ced990a2f5fb175b1189239b differ
-diff --git a/fuzz/corpora/crl/b63e8cec52411df9037ca09938f0079bf894827c b/fuzz/corpora/crl/b63e8cec52411df9037ca09938f0079bf894827c
-new file mode 100644
-index 0000000..a2d2481
-Binary files /dev/null and b/fuzz/corpora/crl/b63e8cec52411df9037ca09938f0079bf894827c differ
-diff --git a/fuzz/corpora/crl/b69f006d4fbac5e44a85ca0614e70777906ba388 b/fuzz/corpora/crl/b69f006d4fbac5e44a85ca0614e70777906ba388
-new file mode 100644
-index 0000000..6a140c8
-Binary files /dev/null and b/fuzz/corpora/crl/b69f006d4fbac5e44a85ca0614e70777906ba388 differ
-diff --git a/fuzz/corpora/crl/b6f7da2c32971d7499de7f190d7fb2712d34f6dd b/fuzz/corpora/crl/b6f7da2c32971d7499de7f190d7fb2712d34f6dd
-new file mode 100644
-index 0000000..cfec6e3
-Binary files /dev/null and b/fuzz/corpora/crl/b6f7da2c32971d7499de7f190d7fb2712d34f6dd differ
-diff --git a/fuzz/corpora/crl/b7300456bfb4fc79a6c8316ad79c4ce2f58523bd b/fuzz/corpora/crl/b7300456bfb4fc79a6c8316ad79c4ce2f58523bd
-new file mode 100644
-index 0000000..0bd4db5
-Binary files /dev/null and b/fuzz/corpora/crl/b7300456bfb4fc79a6c8316ad79c4ce2f58523bd differ
-diff --git a/fuzz/corpora/crl/b7506c230a1f208eeee0a2bc65bea328450e81f2 b/fuzz/corpora/crl/b7506c230a1f208eeee0a2bc65bea328450e81f2
-new file mode 100644
-index 0000000..b02273f
-Binary files /dev/null and b/fuzz/corpora/crl/b7506c230a1f208eeee0a2bc65bea328450e81f2 differ
-diff --git a/fuzz/corpora/crl/b852912077720aac60a5f44538f510e890c11036 b/fuzz/corpora/crl/b852912077720aac60a5f44538f510e890c11036
-new file mode 100644
-index 0000000..033c535
-Binary files /dev/null and b/fuzz/corpora/crl/b852912077720aac60a5f44538f510e890c11036 differ
-diff --git a/fuzz/corpora/crl/b8856084ac49506cd1f74d42930dc156173043ad b/fuzz/corpora/crl/b8856084ac49506cd1f74d42930dc156173043ad
-new file mode 100644
-index 0000000..3e86739
-Binary files /dev/null and b/fuzz/corpora/crl/b8856084ac49506cd1f74d42930dc156173043ad differ
-diff --git a/fuzz/corpora/crl/b8b37bad49ccf03a18b2a5f4a423ca68385d3a8c b/fuzz/corpora/crl/b8b37bad49ccf03a18b2a5f4a423ca68385d3a8c
-new file mode 100644
-index 0000000..125083e
-Binary files /dev/null and b/fuzz/corpora/crl/b8b37bad49ccf03a18b2a5f4a423ca68385d3a8c differ
-diff --git a/fuzz/corpora/crl/b916370b207d6bfe9e92d9096a0856480ecc828a b/fuzz/corpora/crl/b916370b207d6bfe9e92d9096a0856480ecc828a
-new file mode 100644
-index 0000000..3d23572
-Binary files /dev/null and b/fuzz/corpora/crl/b916370b207d6bfe9e92d9096a0856480ecc828a differ
-diff --git a/fuzz/corpora/crl/b94ed3c77faf3ac69b2300900b04b24b9b515a28 b/fuzz/corpora/crl/b94ed3c77faf3ac69b2300900b04b24b9b515a28
-new file mode 100644
-index 0000000..89635b2
-Binary files /dev/null and b/fuzz/corpora/crl/b94ed3c77faf3ac69b2300900b04b24b9b515a28 differ
-diff --git a/fuzz/corpora/crl/b95fce108db89fc115ab60d98bbb381b19f2cdc0 b/fuzz/corpora/crl/b95fce108db89fc115ab60d98bbb381b19f2cdc0
-new file mode 100644
-index 0000000..6aea38b
-Binary files /dev/null and b/fuzz/corpora/crl/b95fce108db89fc115ab60d98bbb381b19f2cdc0 differ
-diff --git a/fuzz/corpora/crl/b9c74ba5501d75902a119e94fb32217d9bfdb691 b/fuzz/corpora/crl/b9c74ba5501d75902a119e94fb32217d9bfdb691
-new file mode 100644
-index 0000000..517e31a
-Binary files /dev/null and b/fuzz/corpora/crl/b9c74ba5501d75902a119e94fb32217d9bfdb691 differ
-diff --git a/fuzz/corpora/crl/b9dde3ed44926874b6c29033cd7aabb1fc303827 b/fuzz/corpora/crl/b9dde3ed44926874b6c29033cd7aabb1fc303827
-new file mode 100644
-index 0000000..ae4bdfe
-Binary files /dev/null and b/fuzz/corpora/crl/b9dde3ed44926874b6c29033cd7aabb1fc303827 differ
-diff --git a/fuzz/corpora/crl/b9fc376a5c92c8e95ab3b5cce01afb9fe2d1d5f2 b/fuzz/corpora/crl/b9fc376a5c92c8e95ab3b5cce01afb9fe2d1d5f2
-new file mode 100644
-index 0000000..51f74ba
-Binary files /dev/null and b/fuzz/corpora/crl/b9fc376a5c92c8e95ab3b5cce01afb9fe2d1d5f2 differ
-diff --git a/fuzz/corpora/crl/ba0340a3d8561a49b48580d4b25c4a09fd211ce2 b/fuzz/corpora/crl/ba0340a3d8561a49b48580d4b25c4a09fd211ce2
-new file mode 100644
-index 0000000..eb10966
-Binary files /dev/null and b/fuzz/corpora/crl/ba0340a3d8561a49b48580d4b25c4a09fd211ce2 differ
-diff --git a/fuzz/corpora/crl/ba167ab828ed3f0d4e737df7b1c5e28a77579e72 b/fuzz/corpora/crl/ba167ab828ed3f0d4e737df7b1c5e28a77579e72
-new file mode 100644
-index 0000000..e38f318
-Binary files /dev/null and b/fuzz/corpora/crl/ba167ab828ed3f0d4e737df7b1c5e28a77579e72 differ
-diff --git a/fuzz/corpora/crl/ba537a668c0b079e66d790432596ef58139a695f b/fuzz/corpora/crl/ba537a668c0b079e66d790432596ef58139a695f
-new file mode 100644
-index 0000000..c5648e3
-Binary files /dev/null and b/fuzz/corpora/crl/ba537a668c0b079e66d790432596ef58139a695f differ
-diff --git a/fuzz/corpora/crl/ba5ce74c440ad59f535f87f78951779fbe3a81e4 b/fuzz/corpora/crl/ba5ce74c440ad59f535f87f78951779fbe3a81e4
-new file mode 100644
-index 0000000..c7004b0
-Binary files /dev/null and b/fuzz/corpora/crl/ba5ce74c440ad59f535f87f78951779fbe3a81e4 differ
-diff --git a/fuzz/corpora/crl/babaa91cc85837311c18080fc19d2a6600eb4b15 b/fuzz/corpora/crl/babaa91cc85837311c18080fc19d2a6600eb4b15
-new file mode 100644
-index 0000000..3895405
-Binary files /dev/null and b/fuzz/corpora/crl/babaa91cc85837311c18080fc19d2a6600eb4b15 differ
-diff --git a/fuzz/corpora/crl/bb19ba8f977a5e01f50169662be1280e7c6c8f6c b/fuzz/corpora/crl/bb19ba8f977a5e01f50169662be1280e7c6c8f6c
-new file mode 100644
-index 0000000..f4cffa9
-Binary files /dev/null and b/fuzz/corpora/crl/bb19ba8f977a5e01f50169662be1280e7c6c8f6c differ
-diff --git a/fuzz/corpora/crl/bb3922649835a2f941a6e9d42d36feec396d1b9d b/fuzz/corpora/crl/bb3922649835a2f941a6e9d42d36feec396d1b9d
-new file mode 100644
-index 0000000..1e7bef9
-Binary files /dev/null and b/fuzz/corpora/crl/bb3922649835a2f941a6e9d42d36feec396d1b9d differ
-diff --git a/fuzz/corpora/crl/bbf487fe53f4fb157c11d3f76f26162bc6f62c20 b/fuzz/corpora/crl/bbf487fe53f4fb157c11d3f76f26162bc6f62c20
-new file mode 100644
-index 0000000..33aa7ce
-Binary files /dev/null and b/fuzz/corpora/crl/bbf487fe53f4fb157c11d3f76f26162bc6f62c20 differ
-diff --git a/fuzz/corpora/crl/bbfc05b0851cfa7b0cbd04cd33234fe08a0007f3 b/fuzz/corpora/crl/bbfc05b0851cfa7b0cbd04cd33234fe08a0007f3
-new file mode 100644
-index 0000000..5cf0d85
-Binary files /dev/null and b/fuzz/corpora/crl/bbfc05b0851cfa7b0cbd04cd33234fe08a0007f3 differ
-diff --git a/fuzz/corpora/crl/bc0b04b58c3a0aa1e494be04ced881dedaab0ef7 b/fuzz/corpora/crl/bc0b04b58c3a0aa1e494be04ced881dedaab0ef7
-new file mode 100644
-index 0000000..4070481
-Binary files /dev/null and b/fuzz/corpora/crl/bc0b04b58c3a0aa1e494be04ced881dedaab0ef7 differ
-diff --git a/fuzz/corpora/crl/bc56c8d5adf1e0a1bff98e886428c51c29a08f77 b/fuzz/corpora/crl/bc56c8d5adf1e0a1bff98e886428c51c29a08f77
-new file mode 100644
-index 0000000..4a14a75
-Binary files /dev/null and b/fuzz/corpora/crl/bc56c8d5adf1e0a1bff98e886428c51c29a08f77 differ
-diff --git a/fuzz/corpora/crl/bc7e7530a1a49ffcb689ce9d4d82816238074d85 b/fuzz/corpora/crl/bc7e7530a1a49ffcb689ce9d4d82816238074d85
-new file mode 100644
-index 0000000..f6eddc9
-Binary files /dev/null and b/fuzz/corpora/crl/bc7e7530a1a49ffcb689ce9d4d82816238074d85 differ
-diff --git a/fuzz/corpora/crl/bcd340c0c483ca4228ce4f85327c999dd354b5b9 b/fuzz/corpora/crl/bcd340c0c483ca4228ce4f85327c999dd354b5b9
-new file mode 100644
-index 0000000..eb619f6
-Binary files /dev/null and b/fuzz/corpora/crl/bcd340c0c483ca4228ce4f85327c999dd354b5b9 differ
-diff --git a/fuzz/corpora/crl/bce7b86b7867fadae9b6772b55a8ad31bc1b277b b/fuzz/corpora/crl/bce7b86b7867fadae9b6772b55a8ad31bc1b277b
-new file mode 100644
-index 0000000..c910ed1
-Binary files /dev/null and b/fuzz/corpora/crl/bce7b86b7867fadae9b6772b55a8ad31bc1b277b differ
-diff --git a/fuzz/corpora/crl/bced40ad9fcf4a943fdafe4cc17faab711e06e64 b/fuzz/corpora/crl/bced40ad9fcf4a943fdafe4cc17faab711e06e64
-new file mode 100644
-index 0000000..4d4c6ed
-Binary files /dev/null and b/fuzz/corpora/crl/bced40ad9fcf4a943fdafe4cc17faab711e06e64 differ
-diff --git a/fuzz/corpora/crl/bcf95f277823641503efde6c6822579884c6968d b/fuzz/corpora/crl/bcf95f277823641503efde6c6822579884c6968d
-new file mode 100644
-index 0000000..a5dd7ea
-Binary files /dev/null and b/fuzz/corpora/crl/bcf95f277823641503efde6c6822579884c6968d differ
-diff --git a/fuzz/corpora/crl/bd068110f3116876e2064e66ecff3be6393e0c80 b/fuzz/corpora/crl/bd068110f3116876e2064e66ecff3be6393e0c80
-new file mode 100644
-index 0000000..e753dc3
-Binary files /dev/null and b/fuzz/corpora/crl/bd068110f3116876e2064e66ecff3be6393e0c80 differ
-diff --git a/fuzz/corpora/crl/bd083e2c2dbc1fe5cb8b96abf4754e1814af8de7 b/fuzz/corpora/crl/bd083e2c2dbc1fe5cb8b96abf4754e1814af8de7
-new file mode 100644
-index 0000000..63df8ee
-Binary files /dev/null and b/fuzz/corpora/crl/bd083e2c2dbc1fe5cb8b96abf4754e1814af8de7 differ
-diff --git a/fuzz/corpora/crl/be60efcdecaac183a12139e5891e9243fd966d83 b/fuzz/corpora/crl/be60efcdecaac183a12139e5891e9243fd966d83
-new file mode 100644
-index 0000000..b7e70c1
-Binary files /dev/null and b/fuzz/corpora/crl/be60efcdecaac183a12139e5891e9243fd966d83 differ
-diff --git a/fuzz/corpora/crl/bfb78ebd408b4d411f61eba60fdf768835268ce0 b/fuzz/corpora/crl/bfb78ebd408b4d411f61eba60fdf768835268ce0
-new file mode 100644
-index 0000000..b63de7f
-Binary files /dev/null and b/fuzz/corpora/crl/bfb78ebd408b4d411f61eba60fdf768835268ce0 differ
-diff --git a/fuzz/corpora/crl/c0e2410544a5b46d61155b32b68fee14612c51ad b/fuzz/corpora/crl/c0e2410544a5b46d61155b32b68fee14612c51ad
-new file mode 100644
-index 0000000..bef4b00
-Binary files /dev/null and b/fuzz/corpora/crl/c0e2410544a5b46d61155b32b68fee14612c51ad differ
-diff --git a/fuzz/corpora/crl/c0fd44447ee74d84c548f9869e48f0f992a50f43 b/fuzz/corpora/crl/c0fd44447ee74d84c548f9869e48f0f992a50f43
-new file mode 100644
-index 0000000..b6a8d72
-Binary files /dev/null and b/fuzz/corpora/crl/c0fd44447ee74d84c548f9869e48f0f992a50f43 differ
-diff --git a/fuzz/corpora/crl/c17734e4e2ff4908b0dc52090e264b31668f055b b/fuzz/corpora/crl/c17734e4e2ff4908b0dc52090e264b31668f055b
-new file mode 100644
-index 0000000..5cb962f
-Binary files /dev/null and b/fuzz/corpora/crl/c17734e4e2ff4908b0dc52090e264b31668f055b differ
-diff --git a/fuzz/corpora/crl/c1cae1583b3b3ef53d2e21b61a3d1dd6aff143f7 b/fuzz/corpora/crl/c1cae1583b3b3ef53d2e21b61a3d1dd6aff143f7
-new file mode 100644
-index 0000000..6fc681a
-Binary files /dev/null and b/fuzz/corpora/crl/c1cae1583b3b3ef53d2e21b61a3d1dd6aff143f7 differ
-diff --git a/fuzz/corpora/crl/c262ae8ffc8cf26f6c31e310af82d07095065cde b/fuzz/corpora/crl/c262ae8ffc8cf26f6c31e310af82d07095065cde
-new file mode 100644
-index 0000000..f46c8ed
-Binary files /dev/null and b/fuzz/corpora/crl/c262ae8ffc8cf26f6c31e310af82d07095065cde differ
-diff --git a/fuzz/corpora/crl/c2810bda5f89035c90a7c361bb627bd501ab286c b/fuzz/corpora/crl/c2810bda5f89035c90a7c361bb627bd501ab286c
-new file mode 100644
-index 0000000..e99f90c
-Binary files /dev/null and b/fuzz/corpora/crl/c2810bda5f89035c90a7c361bb627bd501ab286c differ
-diff --git a/fuzz/corpora/crl/c2a25e6ba379eb4c7ebe37b47bb5210b13a4bf6b b/fuzz/corpora/crl/c2a25e6ba379eb4c7ebe37b47bb5210b13a4bf6b
-new file mode 100644
-index 0000000..b743570
-Binary files /dev/null and b/fuzz/corpora/crl/c2a25e6ba379eb4c7ebe37b47bb5210b13a4bf6b differ
-diff --git a/fuzz/corpora/crl/c2b0445e032a48565918c89950af869889836116 b/fuzz/corpora/crl/c2b0445e032a48565918c89950af869889836116
-new file mode 100644
-index 0000000..12dfa8d
-Binary files /dev/null and b/fuzz/corpora/crl/c2b0445e032a48565918c89950af869889836116 differ
-diff --git a/fuzz/corpora/crl/c2dd44f16a7858fbc8b8ceb6ab0348346c56508f b/fuzz/corpora/crl/c2dd44f16a7858fbc8b8ceb6ab0348346c56508f
-new file mode 100644
-index 0000000..86ba593
-Binary files /dev/null and b/fuzz/corpora/crl/c2dd44f16a7858fbc8b8ceb6ab0348346c56508f differ
-diff --git a/fuzz/corpora/crl/c2dfb0170ee0b6f8c75792faa868aeb8ee12958e b/fuzz/corpora/crl/c2dfb0170ee0b6f8c75792faa868aeb8ee12958e
-new file mode 100644
-index 0000000..a06cf7b
-Binary files /dev/null and b/fuzz/corpora/crl/c2dfb0170ee0b6f8c75792faa868aeb8ee12958e differ
-diff --git a/fuzz/corpora/crl/c313bcf4ebd4f470d44f193018ab56130ea45c13 b/fuzz/corpora/crl/c313bcf4ebd4f470d44f193018ab56130ea45c13
-new file mode 100644
-index 0000000..30f4c8d
-Binary files /dev/null and b/fuzz/corpora/crl/c313bcf4ebd4f470d44f193018ab56130ea45c13 differ
-diff --git a/fuzz/corpora/crl/c3a6df5caf6442106dd8ef51309785d6fd9e096e b/fuzz/corpora/crl/c3a6df5caf6442106dd8ef51309785d6fd9e096e
-new file mode 100644
-index 0000000..73d40c7
-Binary files /dev/null and b/fuzz/corpora/crl/c3a6df5caf6442106dd8ef51309785d6fd9e096e differ
-diff --git a/fuzz/corpora/crl/c3d4cbc2e896b143eda4a271eb1ed6c9546a0fbd b/fuzz/corpora/crl/c3d4cbc2e896b143eda4a271eb1ed6c9546a0fbd
-new file mode 100644
-index 0000000..206767a
-Binary files /dev/null and b/fuzz/corpora/crl/c3d4cbc2e896b143eda4a271eb1ed6c9546a0fbd differ
-diff --git a/fuzz/corpora/crl/c3ea41d4ac5adfe41b1e78045fa5aaab6d1d7619 b/fuzz/corpora/crl/c3ea41d4ac5adfe41b1e78045fa5aaab6d1d7619
-new file mode 100644
-index 0000000..fbd725a
-Binary files /dev/null and b/fuzz/corpora/crl/c3ea41d4ac5adfe41b1e78045fa5aaab6d1d7619 differ
-diff --git a/fuzz/corpora/crl/c4537d50deb1b0f32d0afd1b8e2a176f74892f1a b/fuzz/corpora/crl/c4537d50deb1b0f32d0afd1b8e2a176f74892f1a
-new file mode 100644
-index 0000000..b7d6c9a
-Binary files /dev/null and b/fuzz/corpora/crl/c4537d50deb1b0f32d0afd1b8e2a176f74892f1a differ
-diff --git a/fuzz/corpora/crl/c457643b0a1c11a264c6a5dba50a677cfdeadc13 b/fuzz/corpora/crl/c457643b0a1c11a264c6a5dba50a677cfdeadc13
-new file mode 100644
-index 0000000..498ecde
-Binary files /dev/null and b/fuzz/corpora/crl/c457643b0a1c11a264c6a5dba50a677cfdeadc13 differ
-diff --git a/fuzz/corpora/crl/c4ca6bb0b187305aa5b69926b258b25a14d733b1 b/fuzz/corpora/crl/c4ca6bb0b187305aa5b69926b258b25a14d733b1
-new file mode 100644
-index 0000000..6fe08f6
-Binary files /dev/null and b/fuzz/corpora/crl/c4ca6bb0b187305aa5b69926b258b25a14d733b1 differ
-diff --git a/fuzz/corpora/crl/c4e2d61a43dfe13fa4b69bb44cab80b10e1ca762 b/fuzz/corpora/crl/c4e2d61a43dfe13fa4b69bb44cab80b10e1ca762
-new file mode 100644
-index 0000000..020a4c0
-Binary files /dev/null and b/fuzz/corpora/crl/c4e2d61a43dfe13fa4b69bb44cab80b10e1ca762 differ
-diff --git a/fuzz/corpora/crl/c602546ca66d82f6988eb2028f39e6bb7afbf636 b/fuzz/corpora/crl/c602546ca66d82f6988eb2028f39e6bb7afbf636
-new file mode 100644
-index 0000000..942ebfa
-Binary files /dev/null and b/fuzz/corpora/crl/c602546ca66d82f6988eb2028f39e6bb7afbf636 differ
-diff --git a/fuzz/corpora/crl/c672dae15311d3aa1a2b7b6f92330ddae15f57e4 b/fuzz/corpora/crl/c672dae15311d3aa1a2b7b6f92330ddae15f57e4
-new file mode 100644
-index 0000000..e8e1b2a
-Binary files /dev/null and b/fuzz/corpora/crl/c672dae15311d3aa1a2b7b6f92330ddae15f57e4 differ
-diff --git a/fuzz/corpora/crl/c67b95168e971f3b03a88003600cc9970682496a b/fuzz/corpora/crl/c67b95168e971f3b03a88003600cc9970682496a
-new file mode 100644
-index 0000000..901ef40
-Binary files /dev/null and b/fuzz/corpora/crl/c67b95168e971f3b03a88003600cc9970682496a differ
-diff --git a/fuzz/corpora/crl/c68cfc4722f79385dac7c7c5003c4fd5c5610468 b/fuzz/corpora/crl/c68cfc4722f79385dac7c7c5003c4fd5c5610468
-new file mode 100644
-index 0000000..e95cc12
-Binary files /dev/null and b/fuzz/corpora/crl/c68cfc4722f79385dac7c7c5003c4fd5c5610468 differ
-diff --git a/fuzz/corpora/crl/c6a4485a4527bbb69e554666a3b01de414650f3a b/fuzz/corpora/crl/c6a4485a4527bbb69e554666a3b01de414650f3a
-new file mode 100644
-index 0000000..da13b7d
-Binary files /dev/null and b/fuzz/corpora/crl/c6a4485a4527bbb69e554666a3b01de414650f3a differ
-diff --git a/fuzz/corpora/crl/c704729bf399a938114d5720e97d9d63c9c797e7 b/fuzz/corpora/crl/c704729bf399a938114d5720e97d9d63c9c797e7
-new file mode 100644
-index 0000000..c4ec97e
-Binary files /dev/null and b/fuzz/corpora/crl/c704729bf399a938114d5720e97d9d63c9c797e7 differ
-diff --git a/fuzz/corpora/crl/c741610867f749444cd14fbb877082ecb2ae2184 b/fuzz/corpora/crl/c741610867f749444cd14fbb877082ecb2ae2184
-new file mode 100644
-index 0000000..cd4b6c5
-Binary files /dev/null and b/fuzz/corpora/crl/c741610867f749444cd14fbb877082ecb2ae2184 differ
-diff --git a/fuzz/corpora/crl/c787ac1ef2fff18420330c9bf1499d0b505e3467 b/fuzz/corpora/crl/c787ac1ef2fff18420330c9bf1499d0b505e3467
-new file mode 100644
-index 0000000..da54dc1
-Binary files /dev/null and b/fuzz/corpora/crl/c787ac1ef2fff18420330c9bf1499d0b505e3467 differ
-diff --git a/fuzz/corpora/crl/c80144d931bb739ccd7e211e741b2535ba9666e6 b/fuzz/corpora/crl/c80144d931bb739ccd7e211e741b2535ba9666e6
-new file mode 100644
-index 0000000..82e364d
-Binary files /dev/null and b/fuzz/corpora/crl/c80144d931bb739ccd7e211e741b2535ba9666e6 differ
-diff --git a/fuzz/corpora/crl/c83922c49e88208ab13bf0d95f50aac579ecf876 b/fuzz/corpora/crl/c83922c49e88208ab13bf0d95f50aac579ecf876
-new file mode 100644
-index 0000000..62e8816
-Binary files /dev/null and b/fuzz/corpora/crl/c83922c49e88208ab13bf0d95f50aac579ecf876 differ
-diff --git a/fuzz/corpora/crl/c869c5ff77dfe4b76293e7b39e64083ce51760a3 b/fuzz/corpora/crl/c869c5ff77dfe4b76293e7b39e64083ce51760a3
-new file mode 100644
-index 0000000..bb7357f
-Binary files /dev/null and b/fuzz/corpora/crl/c869c5ff77dfe4b76293e7b39e64083ce51760a3 differ
-diff --git a/fuzz/corpora/crl/c86ccce5d63b7ef60dbe2bdfea0a1996ce8df51a b/fuzz/corpora/crl/c86ccce5d63b7ef60dbe2bdfea0a1996ce8df51a
-new file mode 100644
-index 0000000..209cac8
-Binary files /dev/null and b/fuzz/corpora/crl/c86ccce5d63b7ef60dbe2bdfea0a1996ce8df51a differ
-diff --git a/fuzz/corpora/crl/c893eaf866b1cd2dfccd05e29b7a0f230d11e098 b/fuzz/corpora/crl/c893eaf866b1cd2dfccd05e29b7a0f230d11e098
-new file mode 100644
-index 0000000..eab1674
-Binary files /dev/null and b/fuzz/corpora/crl/c893eaf866b1cd2dfccd05e29b7a0f230d11e098 differ
-diff --git a/fuzz/corpora/crl/c8c766c644cc61e0f4c003c2af58da0e720496c1 b/fuzz/corpora/crl/c8c766c644cc61e0f4c003c2af58da0e720496c1
-new file mode 100644
-index 0000000..5c57a2d
-Binary files /dev/null and b/fuzz/corpora/crl/c8c766c644cc61e0f4c003c2af58da0e720496c1 differ
-diff --git a/fuzz/corpora/crl/c8f411b4ebefb4f42987be3ece4968f4c0a777b7 b/fuzz/corpora/crl/c8f411b4ebefb4f42987be3ece4968f4c0a777b7
-new file mode 100644
-index 0000000..9c20395
-Binary files /dev/null and b/fuzz/corpora/crl/c8f411b4ebefb4f42987be3ece4968f4c0a777b7 differ
-diff --git a/fuzz/corpora/crl/c91609e6349755874eead192643e7d061f015899 b/fuzz/corpora/crl/c91609e6349755874eead192643e7d061f015899
-new file mode 100644
-index 0000000..f8e9732
-Binary files /dev/null and b/fuzz/corpora/crl/c91609e6349755874eead192643e7d061f015899 differ
-diff --git a/fuzz/corpora/crl/c99ae56a4ce09b00ca07c35f0c901c5df41915de b/fuzz/corpora/crl/c99ae56a4ce09b00ca07c35f0c901c5df41915de
-new file mode 100644
-index 0000000..33f49d3
-Binary files /dev/null and b/fuzz/corpora/crl/c99ae56a4ce09b00ca07c35f0c901c5df41915de differ
-diff --git a/fuzz/corpora/crl/cab931de0528e505c7a44103c1ebe68873da72fe b/fuzz/corpora/crl/cab931de0528e505c7a44103c1ebe68873da72fe
-new file mode 100644
-index 0000000..32f948e
-Binary files /dev/null and b/fuzz/corpora/crl/cab931de0528e505c7a44103c1ebe68873da72fe differ
-diff --git a/fuzz/corpora/crl/cabc5a80268250bfe4249abae20b44ed7431afc0 b/fuzz/corpora/crl/cabc5a80268250bfe4249abae20b44ed7431afc0
-new file mode 100644
-index 0000000..22d5002
-Binary files /dev/null and b/fuzz/corpora/crl/cabc5a80268250bfe4249abae20b44ed7431afc0 differ
-diff --git a/fuzz/corpora/crl/cad19e928406373948daa0b4308b8e9eae5aca98 b/fuzz/corpora/crl/cad19e928406373948daa0b4308b8e9eae5aca98
-new file mode 100644
-index 0000000..5443c47
-Binary files /dev/null and b/fuzz/corpora/crl/cad19e928406373948daa0b4308b8e9eae5aca98 differ
-diff --git a/fuzz/corpora/crl/cb38dd5b0497a0c7aab8a2b3a7ce29e62b7985dd b/fuzz/corpora/crl/cb38dd5b0497a0c7aab8a2b3a7ce29e62b7985dd
-new file mode 100644
-index 0000000..f5256fd
-Binary files /dev/null and b/fuzz/corpora/crl/cb38dd5b0497a0c7aab8a2b3a7ce29e62b7985dd differ
-diff --git a/fuzz/corpora/crl/cb3d2ba2f075b5748965789e4f540e55fcf46d23 b/fuzz/corpora/crl/cb3d2ba2f075b5748965789e4f540e55fcf46d23
-new file mode 100644
-index 0000000..8b97c0e
-Binary files /dev/null and b/fuzz/corpora/crl/cb3d2ba2f075b5748965789e4f540e55fcf46d23 differ
-diff --git a/fuzz/corpora/crl/cbc6abd5b4d5d2062121ebc39047c0d308290afc b/fuzz/corpora/crl/cbc6abd5b4d5d2062121ebc39047c0d308290afc
-new file mode 100644
-index 0000000..fb6498e
-Binary files /dev/null and b/fuzz/corpora/crl/cbc6abd5b4d5d2062121ebc39047c0d308290afc differ
-diff --git a/fuzz/corpora/crl/cbdca64107a9ef3ae63a1d04651adcb64c30aec6 b/fuzz/corpora/crl/cbdca64107a9ef3ae63a1d04651adcb64c30aec6
-new file mode 100644
-index 0000000..d13e889
-Binary files /dev/null and b/fuzz/corpora/crl/cbdca64107a9ef3ae63a1d04651adcb64c30aec6 differ
-diff --git a/fuzz/corpora/crl/cc4bcd6284ca2e8019d1a008b23d16bbab453582 b/fuzz/corpora/crl/cc4bcd6284ca2e8019d1a008b23d16bbab453582
-new file mode 100644
-index 0000000..2ee3a8d
-Binary files /dev/null and b/fuzz/corpora/crl/cc4bcd6284ca2e8019d1a008b23d16bbab453582 differ
-diff --git a/fuzz/corpora/crl/cc4df8f46f24d9a2d946f4f065dbee7def6082fc b/fuzz/corpora/crl/cc4df8f46f24d9a2d946f4f065dbee7def6082fc
-new file mode 100644
-index 0000000..8b7e743
-Binary files /dev/null and b/fuzz/corpora/crl/cc4df8f46f24d9a2d946f4f065dbee7def6082fc differ
-diff --git a/fuzz/corpora/crl/cd11ad7f905a9235538d0f6f7a23d9b7f50a3841 b/fuzz/corpora/crl/cd11ad7f905a9235538d0f6f7a23d9b7f50a3841
-new file mode 100644
-index 0000000..01c9d9d
-Binary files /dev/null and b/fuzz/corpora/crl/cd11ad7f905a9235538d0f6f7a23d9b7f50a3841 differ
-diff --git a/fuzz/corpora/crl/cda8739c51e41660270d1950eb39b301e374af87 b/fuzz/corpora/crl/cda8739c51e41660270d1950eb39b301e374af87
-new file mode 100644
-index 0000000..3829320
-Binary files /dev/null and b/fuzz/corpora/crl/cda8739c51e41660270d1950eb39b301e374af87 differ
-diff --git a/fuzz/corpora/crl/cdf9c0e3ed5e65f6e50109b0be27951f44be5591 b/fuzz/corpora/crl/cdf9c0e3ed5e65f6e50109b0be27951f44be5591
-new file mode 100644
-index 0000000..637851e
-Binary files /dev/null and b/fuzz/corpora/crl/cdf9c0e3ed5e65f6e50109b0be27951f44be5591 differ
-diff --git a/fuzz/corpora/crl/cf779242507395deec463c69703e210050ae217a b/fuzz/corpora/crl/cf779242507395deec463c69703e210050ae217a
-new file mode 100644
-index 0000000..1e77abd
-Binary files /dev/null and b/fuzz/corpora/crl/cf779242507395deec463c69703e210050ae217a differ
-diff --git a/fuzz/corpora/crl/cfefdbcb0c16cb38e846e93e62d6dbb9e5929e28 b/fuzz/corpora/crl/cfefdbcb0c16cb38e846e93e62d6dbb9e5929e28
-new file mode 100644
-index 0000000..b07d4de
-Binary files /dev/null and b/fuzz/corpora/crl/cfefdbcb0c16cb38e846e93e62d6dbb9e5929e28 differ
-diff --git a/fuzz/corpora/crl/d06044beb96178e65c98e9e72bc9afd7bd649d24 b/fuzz/corpora/crl/d06044beb96178e65c98e9e72bc9afd7bd649d24
-new file mode 100644
-index 0000000..19b7a03
-Binary files /dev/null and b/fuzz/corpora/crl/d06044beb96178e65c98e9e72bc9afd7bd649d24 differ
-diff --git a/fuzz/corpora/crl/d0d082ed65d383521de03d1ad5b77df8aed77360 b/fuzz/corpora/crl/d0d082ed65d383521de03d1ad5b77df8aed77360
-new file mode 100644
-index 0000000..1445701
-Binary files /dev/null and b/fuzz/corpora/crl/d0d082ed65d383521de03d1ad5b77df8aed77360 differ
-diff --git a/fuzz/corpora/crl/d16031224cb2b282165ab36caebb6efc2fc6f3d8 b/fuzz/corpora/crl/d16031224cb2b282165ab36caebb6efc2fc6f3d8
-new file mode 100644
-index 0000000..0c9a720
-Binary files /dev/null and b/fuzz/corpora/crl/d16031224cb2b282165ab36caebb6efc2fc6f3d8 differ
-diff --git a/fuzz/corpora/crl/d17617d42ab2623e6852da97c7ee0efcc4248910 b/fuzz/corpora/crl/d17617d42ab2623e6852da97c7ee0efcc4248910
-new file mode 100644
-index 0000000..4712cf7
-Binary files /dev/null and b/fuzz/corpora/crl/d17617d42ab2623e6852da97c7ee0efcc4248910 differ
-diff --git a/fuzz/corpora/crl/d195adafefaa4e9fcdecf02c2cbe1471bb1e564f b/fuzz/corpora/crl/d195adafefaa4e9fcdecf02c2cbe1471bb1e564f
-new file mode 100644
-index 0000000..a9a823f
-Binary files /dev/null and b/fuzz/corpora/crl/d195adafefaa4e9fcdecf02c2cbe1471bb1e564f differ
-diff --git a/fuzz/corpora/crl/d1aaa312d56196bb451b99b1e5746d113815e757 b/fuzz/corpora/crl/d1aaa312d56196bb451b99b1e5746d113815e757
-new file mode 100644
-index 0000000..b9e0555
-Binary files /dev/null and b/fuzz/corpora/crl/d1aaa312d56196bb451b99b1e5746d113815e757 differ
-diff --git a/fuzz/corpora/crl/d1d9a84f72bec26862d4e27c39d0ffb7d7d685ac b/fuzz/corpora/crl/d1d9a84f72bec26862d4e27c39d0ffb7d7d685ac
-new file mode 100644
-index 0000000..d1cb2d0
-Binary files /dev/null and b/fuzz/corpora/crl/d1d9a84f72bec26862d4e27c39d0ffb7d7d685ac differ
-diff --git a/fuzz/corpora/crl/d24bf32d1e341c958d421725c57d0844ab785a9b b/fuzz/corpora/crl/d24bf32d1e341c958d421725c57d0844ab785a9b
-new file mode 100644
-index 0000000..e14839c
-Binary files /dev/null and b/fuzz/corpora/crl/d24bf32d1e341c958d421725c57d0844ab785a9b differ
-diff --git a/fuzz/corpora/crl/d296c64f700a9099722d08603cec856096f0fff0 b/fuzz/corpora/crl/d296c64f700a9099722d08603cec856096f0fff0
-new file mode 100644
-index 0000000..f1c60aa
-Binary files /dev/null and b/fuzz/corpora/crl/d296c64f700a9099722d08603cec856096f0fff0 differ
-diff --git a/fuzz/corpora/crl/d2c2de1132c0797f9d36f608606d0de633d00c1b b/fuzz/corpora/crl/d2c2de1132c0797f9d36f608606d0de633d00c1b
-new file mode 100644
-index 0000000..b7b37aa
-Binary files /dev/null and b/fuzz/corpora/crl/d2c2de1132c0797f9d36f608606d0de633d00c1b differ
-diff --git a/fuzz/corpora/crl/d2e139bce64bfb47a577a912e70537fcd1c39186 b/fuzz/corpora/crl/d2e139bce64bfb47a577a912e70537fcd1c39186
-new file mode 100644
-index 0000000..185f541
-Binary files /dev/null and b/fuzz/corpora/crl/d2e139bce64bfb47a577a912e70537fcd1c39186 differ
-diff --git a/fuzz/corpora/crl/d33a9635f608c80b6e2c7a0e2bab825eff6bb704 b/fuzz/corpora/crl/d33a9635f608c80b6e2c7a0e2bab825eff6bb704
-new file mode 100644
-index 0000000..4ac22cd
-Binary files /dev/null and b/fuzz/corpora/crl/d33a9635f608c80b6e2c7a0e2bab825eff6bb704 differ
-diff --git a/fuzz/corpora/crl/d3e7acd4596d06728a404d0ddfa779483bed8dad b/fuzz/corpora/crl/d3e7acd4596d06728a404d0ddfa779483bed8dad
-new file mode 100644
-index 0000000..e656956
-Binary files /dev/null and b/fuzz/corpora/crl/d3e7acd4596d06728a404d0ddfa779483bed8dad differ
-diff --git a/fuzz/corpora/crl/d4685b88fa469c799a627d2a20802ea1fc0ccc78 b/fuzz/corpora/crl/d4685b88fa469c799a627d2a20802ea1fc0ccc78
-new file mode 100644
-index 0000000..482f7a4
-Binary files /dev/null and b/fuzz/corpora/crl/d4685b88fa469c799a627d2a20802ea1fc0ccc78 differ
-diff --git a/fuzz/corpora/crl/d4cbaf8f7f9032a35e5d3ae484c6e2ab1d72d975 b/fuzz/corpora/crl/d4cbaf8f7f9032a35e5d3ae484c6e2ab1d72d975
-new file mode 100644
-index 0000000..8a61b0c
-Binary files /dev/null and b/fuzz/corpora/crl/d4cbaf8f7f9032a35e5d3ae484c6e2ab1d72d975 differ
-diff --git a/fuzz/corpora/crl/d4e95ffb6d381416bea7548da7cb0312dc9ed8f5 b/fuzz/corpora/crl/d4e95ffb6d381416bea7548da7cb0312dc9ed8f5
-new file mode 100644
-index 0000000..2de2462
-Binary files /dev/null and b/fuzz/corpora/crl/d4e95ffb6d381416bea7548da7cb0312dc9ed8f5 differ
-diff --git a/fuzz/corpora/crl/d520fd03a527cf58c0f8e7bb6ade9bb8e2e6259f b/fuzz/corpora/crl/d520fd03a527cf58c0f8e7bb6ade9bb8e2e6259f
-new file mode 100644
-index 0000000..bf18bbd
-Binary files /dev/null and b/fuzz/corpora/crl/d520fd03a527cf58c0f8e7bb6ade9bb8e2e6259f differ
-diff --git a/fuzz/corpora/crl/d5655383e633a69f975e786079bb6c65260763f0 b/fuzz/corpora/crl/d5655383e633a69f975e786079bb6c65260763f0
-new file mode 100644
-index 0000000..7082d92
-Binary files /dev/null and b/fuzz/corpora/crl/d5655383e633a69f975e786079bb6c65260763f0 differ
-diff --git a/fuzz/corpora/crl/d57eede1a95c36d027c889bd2c96644fb834560a b/fuzz/corpora/crl/d57eede1a95c36d027c889bd2c96644fb834560a
-new file mode 100644
-index 0000000..d464f16
-Binary files /dev/null and b/fuzz/corpora/crl/d57eede1a95c36d027c889bd2c96644fb834560a differ
-diff --git a/fuzz/corpora/crl/d64c4a8fbe0166fd40bdf23c98cfdb520aca522b b/fuzz/corpora/crl/d64c4a8fbe0166fd40bdf23c98cfdb520aca522b
-new file mode 100644
-index 0000000..0d00418
-Binary files /dev/null and b/fuzz/corpora/crl/d64c4a8fbe0166fd40bdf23c98cfdb520aca522b differ
-diff --git a/fuzz/corpora/crl/d65173855f26cc237d433dcfcb00cc7363217d93 b/fuzz/corpora/crl/d65173855f26cc237d433dcfcb00cc7363217d93
-new file mode 100644
-index 0000000..32cebae
-Binary files /dev/null and b/fuzz/corpora/crl/d65173855f26cc237d433dcfcb00cc7363217d93 differ
-diff --git a/fuzz/corpora/crl/d6cca863d572241dfb9d3d00734ad37dadf239cf b/fuzz/corpora/crl/d6cca863d572241dfb9d3d00734ad37dadf239cf
-new file mode 100644
-index 0000000..78190a1
-Binary files /dev/null and b/fuzz/corpora/crl/d6cca863d572241dfb9d3d00734ad37dadf239cf differ
-diff --git a/fuzz/corpora/crl/d7085d1e274d38f357b0ad8a890983705701056b b/fuzz/corpora/crl/d7085d1e274d38f357b0ad8a890983705701056b
-new file mode 100644
-index 0000000..c8667e2
-Binary files /dev/null and b/fuzz/corpora/crl/d7085d1e274d38f357b0ad8a890983705701056b differ
-diff --git a/fuzz/corpora/crl/d70c0708e27a85b33101f7efd2b4d82fece53cca b/fuzz/corpora/crl/d70c0708e27a85b33101f7efd2b4d82fece53cca
-new file mode 100644
-index 0000000..a4f92d4
-Binary files /dev/null and b/fuzz/corpora/crl/d70c0708e27a85b33101f7efd2b4d82fece53cca differ
-diff --git a/fuzz/corpora/crl/d75bb0a1b4473c18d331a4cd5fc4902c7a7e6995 b/fuzz/corpora/crl/d75bb0a1b4473c18d331a4cd5fc4902c7a7e6995
-new file mode 100644
-index 0000000..792d936
-Binary files /dev/null and b/fuzz/corpora/crl/d75bb0a1b4473c18d331a4cd5fc4902c7a7e6995 differ
-diff --git a/fuzz/corpora/crl/d765ad57f5b4a4fc7f7b2a0f8346e491b5997820 b/fuzz/corpora/crl/d765ad57f5b4a4fc7f7b2a0f8346e491b5997820
-new file mode 100644
-index 0000000..b5d207b
-Binary files /dev/null and b/fuzz/corpora/crl/d765ad57f5b4a4fc7f7b2a0f8346e491b5997820 differ
-diff --git a/fuzz/corpora/crl/d7a4ee8f3329cf2753719350e23b6a56355dc1cd b/fuzz/corpora/crl/d7a4ee8f3329cf2753719350e23b6a56355dc1cd
-new file mode 100644
-index 0000000..33c2c07
-Binary files /dev/null and b/fuzz/corpora/crl/d7a4ee8f3329cf2753719350e23b6a56355dc1cd differ
-diff --git a/fuzz/corpora/crl/d7d86e02713901a2da9384952c3f38d21ec9375a b/fuzz/corpora/crl/d7d86e02713901a2da9384952c3f38d21ec9375a
-new file mode 100644
-index 0000000..57b13af
-Binary files /dev/null and b/fuzz/corpora/crl/d7d86e02713901a2da9384952c3f38d21ec9375a differ
-diff --git a/fuzz/corpora/crl/d83b12b4c82d46b65fc4bb0d558b1c5fcfa88a3c b/fuzz/corpora/crl/d83b12b4c82d46b65fc4bb0d558b1c5fcfa88a3c
-new file mode 100644
-index 0000000..79e5221
-Binary files /dev/null and b/fuzz/corpora/crl/d83b12b4c82d46b65fc4bb0d558b1c5fcfa88a3c differ
-diff --git a/fuzz/corpora/crl/d8731e0be6bdff2852af9b627329c49b22533bc0 b/fuzz/corpora/crl/d8731e0be6bdff2852af9b627329c49b22533bc0
-new file mode 100644
-index 0000000..e777d3b
-Binary files /dev/null and b/fuzz/corpora/crl/d8731e0be6bdff2852af9b627329c49b22533bc0 differ
-diff --git a/fuzz/corpora/crl/d8b79d06a671bd660b920db3fb406b7e7b098a42 b/fuzz/corpora/crl/d8b79d06a671bd660b920db3fb406b7e7b098a42
-new file mode 100644
-index 0000000..71cf35b
-Binary files /dev/null and b/fuzz/corpora/crl/d8b79d06a671bd660b920db3fb406b7e7b098a42 differ
-diff --git a/fuzz/corpora/crl/d9b59b9a644cfb20c7c66b4615503061ebaee050 b/fuzz/corpora/crl/d9b59b9a644cfb20c7c66b4615503061ebaee050
-new file mode 100644
-index 0000000..61abe1a
-Binary files /dev/null and b/fuzz/corpora/crl/d9b59b9a644cfb20c7c66b4615503061ebaee050 differ
-diff --git a/fuzz/corpora/crl/d9de4e2ac95f45c5f67e8aafabf3b47eb720733b b/fuzz/corpora/crl/d9de4e2ac95f45c5f67e8aafabf3b47eb720733b
-new file mode 100644
-index 0000000..421e5af
-Binary files /dev/null and b/fuzz/corpora/crl/d9de4e2ac95f45c5f67e8aafabf3b47eb720733b differ
-diff --git a/fuzz/corpora/crl/da2d787ee05a01a9f74f91544aa708c2fdeebb46 b/fuzz/corpora/crl/da2d787ee05a01a9f74f91544aa708c2fdeebb46
-new file mode 100644
-index 0000000..da943aa
-Binary files /dev/null and b/fuzz/corpora/crl/da2d787ee05a01a9f74f91544aa708c2fdeebb46 differ
-diff --git a/fuzz/corpora/crl/da2f59ea5e58bb2a7b14f0592e5fd5c3c1506153 b/fuzz/corpora/crl/da2f59ea5e58bb2a7b14f0592e5fd5c3c1506153
-new file mode 100644
-index 0000000..674d05e
-Binary files /dev/null and b/fuzz/corpora/crl/da2f59ea5e58bb2a7b14f0592e5fd5c3c1506153 differ
-diff --git a/fuzz/corpora/crl/da5670355ce667d720ffdcd928a47ce219f919fc b/fuzz/corpora/crl/da5670355ce667d720ffdcd928a47ce219f919fc
-new file mode 100644
-index 0000000..993910b
-Binary files /dev/null and b/fuzz/corpora/crl/da5670355ce667d720ffdcd928a47ce219f919fc differ
-diff --git a/fuzz/corpora/crl/da608764fe85eca103d1c1874b5af6f4c698bc09 b/fuzz/corpora/crl/da608764fe85eca103d1c1874b5af6f4c698bc09
-new file mode 100644
-index 0000000..ac57fd6
-Binary files /dev/null and b/fuzz/corpora/crl/da608764fe85eca103d1c1874b5af6f4c698bc09 differ
-diff --git a/fuzz/corpora/crl/da6761272de057a898e0c2651bb7a5bd913bff25 b/fuzz/corpora/crl/da6761272de057a898e0c2651bb7a5bd913bff25
-new file mode 100644
-index 0000000..7f1905d
-Binary files /dev/null and b/fuzz/corpora/crl/da6761272de057a898e0c2651bb7a5bd913bff25 differ
-diff --git a/fuzz/corpora/crl/dab87220c8987ba790bf032e911878eddef3bbcc b/fuzz/corpora/crl/dab87220c8987ba790bf032e911878eddef3bbcc
-new file mode 100644
-index 0000000..b64cd9f
-Binary files /dev/null and b/fuzz/corpora/crl/dab87220c8987ba790bf032e911878eddef3bbcc differ
-diff --git a/fuzz/corpora/crl/db4da97d975c1c51ee353ecd9fdb0057e0b50947 b/fuzz/corpora/crl/db4da97d975c1c51ee353ecd9fdb0057e0b50947
-new file mode 100644
-index 0000000..f9ca792
-Binary files /dev/null and b/fuzz/corpora/crl/db4da97d975c1c51ee353ecd9fdb0057e0b50947 differ
-diff --git a/fuzz/corpora/crl/db657267f7bddb159fecc44d5c7bf9b146a431b2 b/fuzz/corpora/crl/db657267f7bddb159fecc44d5c7bf9b146a431b2
-new file mode 100644
-index 0000000..f7bbf5c
-Binary files /dev/null and b/fuzz/corpora/crl/db657267f7bddb159fecc44d5c7bf9b146a431b2 differ
-diff --git a/fuzz/corpora/crl/db6b508022932000a0c56af8a118a3f324150a0e b/fuzz/corpora/crl/db6b508022932000a0c56af8a118a3f324150a0e
-new file mode 100644
-index 0000000..6526f13
-Binary files /dev/null and b/fuzz/corpora/crl/db6b508022932000a0c56af8a118a3f324150a0e differ
-diff --git a/fuzz/corpora/crl/db6fb1b0d862e9bf9a4d52190ff9407062be4e20 b/fuzz/corpora/crl/db6fb1b0d862e9bf9a4d52190ff9407062be4e20
-new file mode 100644
-index 0000000..39e9556
-Binary files /dev/null and b/fuzz/corpora/crl/db6fb1b0d862e9bf9a4d52190ff9407062be4e20 differ
-diff --git a/fuzz/corpora/crl/db9856fe2000097deeebca382c01d434c005644d b/fuzz/corpora/crl/db9856fe2000097deeebca382c01d434c005644d
-new file mode 100644
-index 0000000..c4139e2
-Binary files /dev/null and b/fuzz/corpora/crl/db9856fe2000097deeebca382c01d434c005644d differ
-diff --git a/fuzz/corpora/crl/dc12e0dda640aa609f6740f71f42311f52ee47f9 b/fuzz/corpora/crl/dc12e0dda640aa609f6740f71f42311f52ee47f9
-new file mode 100644
-index 0000000..ded53e3
-Binary files /dev/null and b/fuzz/corpora/crl/dc12e0dda640aa609f6740f71f42311f52ee47f9 differ
-diff --git a/fuzz/corpora/crl/dc1431f9b1d7ce5b971bbc2a80e5a435262ddccf b/fuzz/corpora/crl/dc1431f9b1d7ce5b971bbc2a80e5a435262ddccf
-new file mode 100644
-index 0000000..1b35d51
-Binary files /dev/null and b/fuzz/corpora/crl/dc1431f9b1d7ce5b971bbc2a80e5a435262ddccf differ
-diff --git a/fuzz/corpora/crl/dc4c3a9f0272ed612484169b435ded0e4e366740 b/fuzz/corpora/crl/dc4c3a9f0272ed612484169b435ded0e4e366740
-new file mode 100644
-index 0000000..d249c1b
-Binary files /dev/null and b/fuzz/corpora/crl/dc4c3a9f0272ed612484169b435ded0e4e366740 differ
-diff --git a/fuzz/corpora/crl/dc559978d6c8a43488e8c67cac2d223eb6e1d2d0 b/fuzz/corpora/crl/dc559978d6c8a43488e8c67cac2d223eb6e1d2d0
-new file mode 100644
-index 0000000..9ba965b
-Binary files /dev/null and b/fuzz/corpora/crl/dc559978d6c8a43488e8c67cac2d223eb6e1d2d0 differ
-diff --git a/fuzz/corpora/crl/dc5955ec62ed43b534986f18950d3940a9c7d371 b/fuzz/corpora/crl/dc5955ec62ed43b534986f18950d3940a9c7d371
-new file mode 100644
-index 0000000..7b25cbe
-Binary files /dev/null and b/fuzz/corpora/crl/dc5955ec62ed43b534986f18950d3940a9c7d371 differ
-diff --git a/fuzz/corpora/crl/dc62aa58d1c7754a0f6318e2ab0bdc3de81b42ce b/fuzz/corpora/crl/dc62aa58d1c7754a0f6318e2ab0bdc3de81b42ce
-new file mode 100644
-index 0000000..2a02c7a
-Binary files /dev/null and b/fuzz/corpora/crl/dc62aa58d1c7754a0f6318e2ab0bdc3de81b42ce differ
-diff --git a/fuzz/corpora/crl/dc92f9ea6e811b9fee5c81959e233b4cddde39d9 b/fuzz/corpora/crl/dc92f9ea6e811b9fee5c81959e233b4cddde39d9
-new file mode 100644
-index 0000000..e16b044
-Binary files /dev/null and b/fuzz/corpora/crl/dc92f9ea6e811b9fee5c81959e233b4cddde39d9 differ
-diff --git a/fuzz/corpora/crl/dce8cfe64cb1dcdc07b3b5a75ffb39060ac363ff b/fuzz/corpora/crl/dce8cfe64cb1dcdc07b3b5a75ffb39060ac363ff
-new file mode 100644
-index 0000000..e957e84
-Binary files /dev/null and b/fuzz/corpora/crl/dce8cfe64cb1dcdc07b3b5a75ffb39060ac363ff differ
-diff --git a/fuzz/corpora/crl/dd08ac28e839408fd4aa16acb99b341b36a0b2a8 b/fuzz/corpora/crl/dd08ac28e839408fd4aa16acb99b341b36a0b2a8
-new file mode 100644
-index 0000000..aea8608
-Binary files /dev/null and b/fuzz/corpora/crl/dd08ac28e839408fd4aa16acb99b341b36a0b2a8 differ
-diff --git a/fuzz/corpora/crl/dd1e3947ed0927eefc1500665813da68a92df4ee b/fuzz/corpora/crl/dd1e3947ed0927eefc1500665813da68a92df4ee
-new file mode 100644
-index 0000000..0147b5b
-Binary files /dev/null and b/fuzz/corpora/crl/dd1e3947ed0927eefc1500665813da68a92df4ee differ
-diff --git a/fuzz/corpora/crl/dd458921852920c090b35f2b9b31b2872bb788bc b/fuzz/corpora/crl/dd458921852920c090b35f2b9b31b2872bb788bc
-new file mode 100644
-index 0000000..0417a26
-Binary files /dev/null and b/fuzz/corpora/crl/dd458921852920c090b35f2b9b31b2872bb788bc differ
-diff --git a/fuzz/corpora/crl/dd47131cb925b145a1121503b7ef3b1fa0a8a611 b/fuzz/corpora/crl/dd47131cb925b145a1121503b7ef3b1fa0a8a611
-new file mode 100644
-index 0000000..5d1d18c
-Binary files /dev/null and b/fuzz/corpora/crl/dd47131cb925b145a1121503b7ef3b1fa0a8a611 differ
-diff --git a/fuzz/corpora/crl/dd4a3d316f86e8502281756ac907d119e71bc58e b/fuzz/corpora/crl/dd4a3d316f86e8502281756ac907d119e71bc58e
-new file mode 100644
-index 0000000..b8718f8
-Binary files /dev/null and b/fuzz/corpora/crl/dd4a3d316f86e8502281756ac907d119e71bc58e differ
-diff --git a/fuzz/corpora/crl/dd918086c7064bceb96316c1fc630a8a180dad57 b/fuzz/corpora/crl/dd918086c7064bceb96316c1fc630a8a180dad57
-new file mode 100644
-index 0000000..0fc4912
-Binary files /dev/null and b/fuzz/corpora/crl/dd918086c7064bceb96316c1fc630a8a180dad57 differ
-diff --git a/fuzz/corpora/crl/dda3c35cdd4d9d782238376279fb3d6b5f8ffe17 b/fuzz/corpora/crl/dda3c35cdd4d9d782238376279fb3d6b5f8ffe17
-new file mode 100644
-index 0000000..b862bc1
-Binary files /dev/null and b/fuzz/corpora/crl/dda3c35cdd4d9d782238376279fb3d6b5f8ffe17 differ
-diff --git a/fuzz/corpora/crl/ddacea689252d994d128d90bdd9c990f78ba70c9 b/fuzz/corpora/crl/ddacea689252d994d128d90bdd9c990f78ba70c9
-new file mode 100644
-index 0000000..ee4970a
-Binary files /dev/null and b/fuzz/corpora/crl/ddacea689252d994d128d90bdd9c990f78ba70c9 differ
-diff --git a/fuzz/corpora/crl/ddbb38f145e4cf7c3fe913bc5e252bb25a8d6934 b/fuzz/corpora/crl/ddbb38f145e4cf7c3fe913bc5e252bb25a8d6934
-new file mode 100644
-index 0000000..b4076ed
-Binary files /dev/null and b/fuzz/corpora/crl/ddbb38f145e4cf7c3fe913bc5e252bb25a8d6934 differ
-diff --git a/fuzz/corpora/crl/de18849c87a1eeefc2edf5d678c6e4eac6da72e4 b/fuzz/corpora/crl/de18849c87a1eeefc2edf5d678c6e4eac6da72e4
-new file mode 100644
-index 0000000..c2113d1
-Binary files /dev/null and b/fuzz/corpora/crl/de18849c87a1eeefc2edf5d678c6e4eac6da72e4 differ
-diff --git a/fuzz/corpora/crl/de2d78faba9dd42b0284d7e7a4a600b404c1c22c b/fuzz/corpora/crl/de2d78faba9dd42b0284d7e7a4a600b404c1c22c
-new file mode 100644
-index 0000000..1abbc1f
-Binary files /dev/null and b/fuzz/corpora/crl/de2d78faba9dd42b0284d7e7a4a600b404c1c22c differ
-diff --git a/fuzz/corpora/crl/de4b58dc1abe0e224fcafdeff129f39d974cb21f b/fuzz/corpora/crl/de4b58dc1abe0e224fcafdeff129f39d974cb21f
-new file mode 100644
-index 0000000..9d0f54c
-Binary files /dev/null and b/fuzz/corpora/crl/de4b58dc1abe0e224fcafdeff129f39d974cb21f differ
-diff --git a/fuzz/corpora/crl/deb729763fb1f6ed8fc3422d8e783a492c40d3f0 b/fuzz/corpora/crl/deb729763fb1f6ed8fc3422d8e783a492c40d3f0
-new file mode 100644
-index 0000000..290299f
-Binary files /dev/null and b/fuzz/corpora/crl/deb729763fb1f6ed8fc3422d8e783a492c40d3f0 differ
-diff --git a/fuzz/corpora/crl/decf9590bcfeffc7de599e862925daf94feb4f0a b/fuzz/corpora/crl/decf9590bcfeffc7de599e862925daf94feb4f0a
-new file mode 100644
-index 0000000..c82ec67
-Binary files /dev/null and b/fuzz/corpora/crl/decf9590bcfeffc7de599e862925daf94feb4f0a differ
-diff --git a/fuzz/corpora/crl/df21abc52344994e9b761505c7d1cfa6627bca09 b/fuzz/corpora/crl/df21abc52344994e9b761505c7d1cfa6627bca09
-new file mode 100644
-index 0000000..03283ee
-Binary files /dev/null and b/fuzz/corpora/crl/df21abc52344994e9b761505c7d1cfa6627bca09 differ
-diff --git a/fuzz/corpora/crl/df330aaf0b141bc734d7c107ab730ea9fc81bf2f b/fuzz/corpora/crl/df330aaf0b141bc734d7c107ab730ea9fc81bf2f
-new file mode 100644
-index 0000000..bb860ab
-Binary files /dev/null and b/fuzz/corpora/crl/df330aaf0b141bc734d7c107ab730ea9fc81bf2f differ
-diff --git a/fuzz/corpora/crl/df64b49554dba3431373ad10cd6bbd5d634a3f0e b/fuzz/corpora/crl/df64b49554dba3431373ad10cd6bbd5d634a3f0e
-new file mode 100644
-index 0000000..989cca4
-Binary files /dev/null and b/fuzz/corpora/crl/df64b49554dba3431373ad10cd6bbd5d634a3f0e differ
-diff --git a/fuzz/corpora/crl/df8a584c6cc41d301eb06dc67d825fd945c31865 b/fuzz/corpora/crl/df8a584c6cc41d301eb06dc67d825fd945c31865
-new file mode 100644
-index 0000000..b334ef7
-Binary files /dev/null and b/fuzz/corpora/crl/df8a584c6cc41d301eb06dc67d825fd945c31865 differ
-diff --git a/fuzz/corpora/crl/dfd5859d28678d77374086696d776858f273a6c2 b/fuzz/corpora/crl/dfd5859d28678d77374086696d776858f273a6c2
-new file mode 100644
-index 0000000..2545554
-Binary files /dev/null and b/fuzz/corpora/crl/dfd5859d28678d77374086696d776858f273a6c2 differ
-diff --git a/fuzz/corpora/crl/dfe847a96ca2f43468e1c393eab6e1f9737e0abc b/fuzz/corpora/crl/dfe847a96ca2f43468e1c393eab6e1f9737e0abc
-new file mode 100644
-index 0000000..c67f6dd
-Binary files /dev/null and b/fuzz/corpora/crl/dfe847a96ca2f43468e1c393eab6e1f9737e0abc differ
-diff --git a/fuzz/corpora/crl/e036e5b2fd5e21b4788a201ffcbd9b303efb7f46 b/fuzz/corpora/crl/e036e5b2fd5e21b4788a201ffcbd9b303efb7f46
-new file mode 100644
-index 0000000..4a17398
-Binary files /dev/null and b/fuzz/corpora/crl/e036e5b2fd5e21b4788a201ffcbd9b303efb7f46 differ
-diff --git a/fuzz/corpora/crl/e1511d44021efc1616767ab55b39d1d15f66521e b/fuzz/corpora/crl/e1511d44021efc1616767ab55b39d1d15f66521e
-new file mode 100644
-index 0000000..8d650fa
-Binary files /dev/null and b/fuzz/corpora/crl/e1511d44021efc1616767ab55b39d1d15f66521e differ
-diff --git a/fuzz/corpora/crl/e2bbfc9a31dc53a013bc84209079c4d00e6d4323 b/fuzz/corpora/crl/e2bbfc9a31dc53a013bc84209079c4d00e6d4323
-new file mode 100644
-index 0000000..11d08fe
-Binary files /dev/null and b/fuzz/corpora/crl/e2bbfc9a31dc53a013bc84209079c4d00e6d4323 differ
-diff --git a/fuzz/corpora/crl/e2ce95a669fa47ef2704c23855bee22e03eb6b73 b/fuzz/corpora/crl/e2ce95a669fa47ef2704c23855bee22e03eb6b73
-new file mode 100644
-index 0000000..996890f
-Binary files /dev/null and b/fuzz/corpora/crl/e2ce95a669fa47ef2704c23855bee22e03eb6b73 differ
-diff --git a/fuzz/corpora/crl/e2db102edd7157d6aec27905775c16d5d0e09d08 b/fuzz/corpora/crl/e2db102edd7157d6aec27905775c16d5d0e09d08
-new file mode 100644
-index 0000000..d598ac1
-Binary files /dev/null and b/fuzz/corpora/crl/e2db102edd7157d6aec27905775c16d5d0e09d08 differ
-diff --git a/fuzz/corpora/crl/e3844cbc09abc4a075dc68bbbc422c57af5fbfc6 b/fuzz/corpora/crl/e3844cbc09abc4a075dc68bbbc422c57af5fbfc6
-new file mode 100644
-index 0000000..a58a9fd
-Binary files /dev/null and b/fuzz/corpora/crl/e3844cbc09abc4a075dc68bbbc422c57af5fbfc6 differ
-diff --git a/fuzz/corpora/crl/e3b9d1f2070e9e5c7c805c16b85c9b2549e37c95 b/fuzz/corpora/crl/e3b9d1f2070e9e5c7c805c16b85c9b2549e37c95
-new file mode 100644
-index 0000000..bcec19c
-Binary files /dev/null and b/fuzz/corpora/crl/e3b9d1f2070e9e5c7c805c16b85c9b2549e37c95 differ
-diff --git a/fuzz/corpora/crl/e3c1e2979765c9259a862f1801fbd9a30f7b0d98 b/fuzz/corpora/crl/e3c1e2979765c9259a862f1801fbd9a30f7b0d98
-new file mode 100644
-index 0000000..7892cae
-Binary files /dev/null and b/fuzz/corpora/crl/e3c1e2979765c9259a862f1801fbd9a30f7b0d98 differ
-diff --git a/fuzz/corpora/crl/e45d444f19379de6d649c9d0b26b68495d044679 b/fuzz/corpora/crl/e45d444f19379de6d649c9d0b26b68495d044679
-new file mode 100644
-index 0000000..77d8add
-Binary files /dev/null and b/fuzz/corpora/crl/e45d444f19379de6d649c9d0b26b68495d044679 differ
-diff --git a/fuzz/corpora/crl/e47b7ed7e8451982e78d0a7ef8a09a13f5d73130 b/fuzz/corpora/crl/e47b7ed7e8451982e78d0a7ef8a09a13f5d73130
-new file mode 100644
-index 0000000..7f7f178
-Binary files /dev/null and b/fuzz/corpora/crl/e47b7ed7e8451982e78d0a7ef8a09a13f5d73130 differ
-diff --git a/fuzz/corpora/crl/e483fb02ea45b5a976662003f409b5b9ab90c5e9 b/fuzz/corpora/crl/e483fb02ea45b5a976662003f409b5b9ab90c5e9
-new file mode 100644
-index 0000000..608ef17
-Binary files /dev/null and b/fuzz/corpora/crl/e483fb02ea45b5a976662003f409b5b9ab90c5e9 differ
-diff --git a/fuzz/corpora/crl/e4ac2057cec22cb023ef9c17d8df17c8b6045141 b/fuzz/corpora/crl/e4ac2057cec22cb023ef9c17d8df17c8b6045141
-new file mode 100644
-index 0000000..59bd15c
-Binary files /dev/null and b/fuzz/corpora/crl/e4ac2057cec22cb023ef9c17d8df17c8b6045141 differ
-diff --git a/fuzz/corpora/crl/e4d2d4d235b91fefcd97765d67ffd52a66b26ec6 b/fuzz/corpora/crl/e4d2d4d235b91fefcd97765d67ffd52a66b26ec6
-new file mode 100644
-index 0000000..100a594
-Binary files /dev/null and b/fuzz/corpora/crl/e4d2d4d235b91fefcd97765d67ffd52a66b26ec6 differ
-diff --git a/fuzz/corpora/crl/e4e7557d2b20b3c9dea1e104c9cef65b131abae3 b/fuzz/corpora/crl/e4e7557d2b20b3c9dea1e104c9cef65b131abae3
-new file mode 100644
-index 0000000..61e0080
-Binary files /dev/null and b/fuzz/corpora/crl/e4e7557d2b20b3c9dea1e104c9cef65b131abae3 differ
-diff --git a/fuzz/corpora/crl/e4f81e1e0f955241a0787727a4b53caea4526453 b/fuzz/corpora/crl/e4f81e1e0f955241a0787727a4b53caea4526453
-new file mode 100644
-index 0000000..4176781
-Binary files /dev/null and b/fuzz/corpora/crl/e4f81e1e0f955241a0787727a4b53caea4526453 differ
-diff --git a/fuzz/corpora/crl/e67faa12b5c8861dd4f22b765d696d11a34f17f0 b/fuzz/corpora/crl/e67faa12b5c8861dd4f22b765d696d11a34f17f0
-new file mode 100644
-index 0000000..0bc91e3
-Binary files /dev/null and b/fuzz/corpora/crl/e67faa12b5c8861dd4f22b765d696d11a34f17f0 differ
-diff --git a/fuzz/corpora/crl/e6df4bea1296e97857ec73cf3304f63c0bb33f30 b/fuzz/corpora/crl/e6df4bea1296e97857ec73cf3304f63c0bb33f30
-new file mode 100644
-index 0000000..ea5553e
-Binary files /dev/null and b/fuzz/corpora/crl/e6df4bea1296e97857ec73cf3304f63c0bb33f30 differ
-diff --git a/fuzz/corpora/crl/e6ed35df98a065090f714071bfa9d4df76dbe580 b/fuzz/corpora/crl/e6ed35df98a065090f714071bfa9d4df76dbe580
-new file mode 100644
-index 0000000..c2ea201
-Binary files /dev/null and b/fuzz/corpora/crl/e6ed35df98a065090f714071bfa9d4df76dbe580 differ
-diff --git a/fuzz/corpora/crl/e752a63a2abfddf6a9115f5d989cbcfe6b724086 b/fuzz/corpora/crl/e752a63a2abfddf6a9115f5d989cbcfe6b724086
-new file mode 100644
-index 0000000..aa4815e
-Binary files /dev/null and b/fuzz/corpora/crl/e752a63a2abfddf6a9115f5d989cbcfe6b724086 differ
-diff --git a/fuzz/corpora/crl/e7a8233ce913bb904a55bd4053f94d4cd10958dc b/fuzz/corpora/crl/e7a8233ce913bb904a55bd4053f94d4cd10958dc
-new file mode 100644
-index 0000000..6efdcdf
-Binary files /dev/null and b/fuzz/corpora/crl/e7a8233ce913bb904a55bd4053f94d4cd10958dc differ
-diff --git a/fuzz/corpora/crl/e8311fdc7503f4b18b722fe2220d466ba40c24a0 b/fuzz/corpora/crl/e8311fdc7503f4b18b722fe2220d466ba40c24a0
-new file mode 100644
-index 0000000..ed35405
-Binary files /dev/null and b/fuzz/corpora/crl/e8311fdc7503f4b18b722fe2220d466ba40c24a0 differ
-diff --git a/fuzz/corpora/crl/e8387c584cc0d780c17d6bd22bd4b3e59a9780ba b/fuzz/corpora/crl/e8387c584cc0d780c17d6bd22bd4b3e59a9780ba
-new file mode 100644
-index 0000000..7ff66cb
-Binary files /dev/null and b/fuzz/corpora/crl/e8387c584cc0d780c17d6bd22bd4b3e59a9780ba differ
-diff --git a/fuzz/corpora/crl/e86fe8a5023611516675b0f22518533340cda91d b/fuzz/corpora/crl/e86fe8a5023611516675b0f22518533340cda91d
-new file mode 100644
-index 0000000..9e79e85
-Binary files /dev/null and b/fuzz/corpora/crl/e86fe8a5023611516675b0f22518533340cda91d differ
-diff --git a/fuzz/corpora/crl/e875fee60490d51733ac82dbb9781d38aa9034ee b/fuzz/corpora/crl/e875fee60490d51733ac82dbb9781d38aa9034ee
-new file mode 100644
-index 0000000..6a29329
-Binary files /dev/null and b/fuzz/corpora/crl/e875fee60490d51733ac82dbb9781d38aa9034ee differ
-diff --git a/fuzz/corpora/crl/e910fee9dbb4be570224c0d63f411a74b343207f b/fuzz/corpora/crl/e910fee9dbb4be570224c0d63f411a74b343207f
-new file mode 100644
-index 0000000..579a6f0
-Binary files /dev/null and b/fuzz/corpora/crl/e910fee9dbb4be570224c0d63f411a74b343207f differ
-diff --git a/fuzz/corpora/crl/e95c4884c6f3c79722a1bc7e533e49179a8e4a32 b/fuzz/corpora/crl/e95c4884c6f3c79722a1bc7e533e49179a8e4a32
-new file mode 100644
-index 0000000..20a7f99
-Binary files /dev/null and b/fuzz/corpora/crl/e95c4884c6f3c79722a1bc7e533e49179a8e4a32 differ
-diff --git a/fuzz/corpora/crl/e973812da507a7d4252dc7aa8edf955469c26fd1 b/fuzz/corpora/crl/e973812da507a7d4252dc7aa8edf955469c26fd1
-new file mode 100644
-index 0000000..b0de223
-Binary files /dev/null and b/fuzz/corpora/crl/e973812da507a7d4252dc7aa8edf955469c26fd1 differ
-diff --git a/fuzz/corpora/crl/e97d7d92d0cb31d56a3f901727975830af933845 b/fuzz/corpora/crl/e97d7d92d0cb31d56a3f901727975830af933845
-new file mode 100644
-index 0000000..eff4d9c
-Binary files /dev/null and b/fuzz/corpora/crl/e97d7d92d0cb31d56a3f901727975830af933845 differ
-diff --git a/fuzz/corpora/crl/e99185f504f4584536a23fd3603216842a5bbb8b b/fuzz/corpora/crl/e99185f504f4584536a23fd3603216842a5bbb8b
-new file mode 100644
-index 0000000..890157c
-Binary files /dev/null and b/fuzz/corpora/crl/e99185f504f4584536a23fd3603216842a5bbb8b differ
-diff --git a/fuzz/corpora/crl/e99bb0a2da04ad17c49dabe100f925beadb8d96a b/fuzz/corpora/crl/e99bb0a2da04ad17c49dabe100f925beadb8d96a
-new file mode 100644
-index 0000000..93497aa
-Binary files /dev/null and b/fuzz/corpora/crl/e99bb0a2da04ad17c49dabe100f925beadb8d96a differ
-diff --git a/fuzz/corpora/crl/e9ff0fe50367a7c0e191526438d24c5d4b5b6441 b/fuzz/corpora/crl/e9ff0fe50367a7c0e191526438d24c5d4b5b6441
-new file mode 100644
-index 0000000..2fa7f02
-Binary files /dev/null and b/fuzz/corpora/crl/e9ff0fe50367a7c0e191526438d24c5d4b5b6441 differ
-diff --git a/fuzz/corpora/crl/ea27669c7f73c94afa7020f5cd62346d1172f441 b/fuzz/corpora/crl/ea27669c7f73c94afa7020f5cd62346d1172f441
-new file mode 100644
-index 0000000..8347ae3
-Binary files /dev/null and b/fuzz/corpora/crl/ea27669c7f73c94afa7020f5cd62346d1172f441 differ
-diff --git a/fuzz/corpora/crl/ea425a7e39a603ae47dbcd05138a45e5d1d1f5aa b/fuzz/corpora/crl/ea425a7e39a603ae47dbcd05138a45e5d1d1f5aa
-new file mode 100644
-index 0000000..61f56c4
-Binary files /dev/null and b/fuzz/corpora/crl/ea425a7e39a603ae47dbcd05138a45e5d1d1f5aa differ
-diff --git a/fuzz/corpora/crl/ea895dd7daf4537af34e21aa90cb1a60492c5e07 b/fuzz/corpora/crl/ea895dd7daf4537af34e21aa90cb1a60492c5e07
-new file mode 100644
-index 0000000..67c220e
-Binary files /dev/null and b/fuzz/corpora/crl/ea895dd7daf4537af34e21aa90cb1a60492c5e07 differ
-diff --git a/fuzz/corpora/crl/eb0bd036d8b55be4818b2022b6f86c9976883abc b/fuzz/corpora/crl/eb0bd036d8b55be4818b2022b6f86c9976883abc
-new file mode 100644
-index 0000000..8309257
-Binary files /dev/null and b/fuzz/corpora/crl/eb0bd036d8b55be4818b2022b6f86c9976883abc differ
-diff --git a/fuzz/corpora/crl/eb37cea76a5b4c19d5ed7d9e73dd94566f70adf6 b/fuzz/corpora/crl/eb37cea76a5b4c19d5ed7d9e73dd94566f70adf6
-new file mode 100644
-index 0000000..bdca1bd
-Binary files /dev/null and b/fuzz/corpora/crl/eb37cea76a5b4c19d5ed7d9e73dd94566f70adf6 differ
-diff --git a/fuzz/corpora/crl/eb9727efc52f22e9a3ffe4523292fd3e82171062 b/fuzz/corpora/crl/eb9727efc52f22e9a3ffe4523292fd3e82171062
-new file mode 100644
-index 0000000..9295dfb
-Binary files /dev/null and b/fuzz/corpora/crl/eb9727efc52f22e9a3ffe4523292fd3e82171062 differ
-diff --git a/fuzz/corpora/crl/ebc9d496f805b686bdbc1ffc396c34880da4589b b/fuzz/corpora/crl/ebc9d496f805b686bdbc1ffc396c34880da4589b
-new file mode 100644
-index 0000000..3e841ef
-Binary files /dev/null and b/fuzz/corpora/crl/ebc9d496f805b686bdbc1ffc396c34880da4589b differ
-diff --git a/fuzz/corpora/crl/ebf7f4932cf43d47fe22c46097a5771894b6cccc b/fuzz/corpora/crl/ebf7f4932cf43d47fe22c46097a5771894b6cccc
-new file mode 100644
-index 0000000..5cf6e7d
-Binary files /dev/null and b/fuzz/corpora/crl/ebf7f4932cf43d47fe22c46097a5771894b6cccc differ
-diff --git a/fuzz/corpora/crl/ec003410dd75e441b2c0c2aadc198a1a753058a8 b/fuzz/corpora/crl/ec003410dd75e441b2c0c2aadc198a1a753058a8
-new file mode 100644
-index 0000000..1c0200a
-Binary files /dev/null and b/fuzz/corpora/crl/ec003410dd75e441b2c0c2aadc198a1a753058a8 differ
-diff --git a/fuzz/corpora/crl/ec295bc752cd8adaddaa02b074301c829d66dfdf b/fuzz/corpora/crl/ec295bc752cd8adaddaa02b074301c829d66dfdf
-new file mode 100644
-index 0000000..4b6dc8f
-Binary files /dev/null and b/fuzz/corpora/crl/ec295bc752cd8adaddaa02b074301c829d66dfdf differ
-diff --git a/fuzz/corpora/crl/ecd8ee551ebe0c2fce87380e354d0445f140f9f4 b/fuzz/corpora/crl/ecd8ee551ebe0c2fce87380e354d0445f140f9f4
-new file mode 100644
-index 0000000..e35b336
-Binary files /dev/null and b/fuzz/corpora/crl/ecd8ee551ebe0c2fce87380e354d0445f140f9f4 differ
-diff --git a/fuzz/corpora/crl/ed297272eee9a47c69e3438607f61a77d77232d7 b/fuzz/corpora/crl/ed297272eee9a47c69e3438607f61a77d77232d7
-new file mode 100644
-index 0000000..db48275
-Binary files /dev/null and b/fuzz/corpora/crl/ed297272eee9a47c69e3438607f61a77d77232d7 differ
-diff --git a/fuzz/corpora/crl/ed973d69d46868724298a989fc62a6783c959603 b/fuzz/corpora/crl/ed973d69d46868724298a989fc62a6783c959603
-new file mode 100644
-index 0000000..f9e97a3
-Binary files /dev/null and b/fuzz/corpora/crl/ed973d69d46868724298a989fc62a6783c959603 differ
-diff --git a/fuzz/corpora/crl/edcde1da41ae74debec40bf85b6a13c9320fcf0b b/fuzz/corpora/crl/edcde1da41ae74debec40bf85b6a13c9320fcf0b
-new file mode 100644
-index 0000000..6ae46a4
-Binary files /dev/null and b/fuzz/corpora/crl/edcde1da41ae74debec40bf85b6a13c9320fcf0b differ
-diff --git a/fuzz/corpora/crl/ede0180229a7150cbc0fab2613e3c12a15ba746f b/fuzz/corpora/crl/ede0180229a7150cbc0fab2613e3c12a15ba746f
-new file mode 100644
-index 0000000..4b060c5
-Binary files /dev/null and b/fuzz/corpora/crl/ede0180229a7150cbc0fab2613e3c12a15ba746f differ
-diff --git a/fuzz/corpora/crl/ede64ba3d5a7b389351ba4abe3df829d791c88f8 b/fuzz/corpora/crl/ede64ba3d5a7b389351ba4abe3df829d791c88f8
-new file mode 100644
-index 0000000..84821c1
-Binary files /dev/null and b/fuzz/corpora/crl/ede64ba3d5a7b389351ba4abe3df829d791c88f8 differ
-diff --git a/fuzz/corpora/crl/edebe1622e00210e52a4141d3040679119625fd1 b/fuzz/corpora/crl/edebe1622e00210e52a4141d3040679119625fd1
-new file mode 100644
-index 0000000..407577f
-Binary files /dev/null and b/fuzz/corpora/crl/edebe1622e00210e52a4141d3040679119625fd1 differ
-diff --git a/fuzz/corpora/crl/ededfe82ae926d0e6fd60dc24dfd8e68911f2001 b/fuzz/corpora/crl/ededfe82ae926d0e6fd60dc24dfd8e68911f2001
-new file mode 100644
-index 0000000..330f24c
-Binary files /dev/null and b/fuzz/corpora/crl/ededfe82ae926d0e6fd60dc24dfd8e68911f2001 differ
-diff --git a/fuzz/corpora/crl/ee299dafed06ff8a71e46e3d12284e38e796dbd1 b/fuzz/corpora/crl/ee299dafed06ff8a71e46e3d12284e38e796dbd1
-new file mode 100644
-index 0000000..af022e4
-Binary files /dev/null and b/fuzz/corpora/crl/ee299dafed06ff8a71e46e3d12284e38e796dbd1 differ
-diff --git a/fuzz/corpora/crl/ee465da3292d24941e9fde2df5d77f9dc6ce2974 b/fuzz/corpora/crl/ee465da3292d24941e9fde2df5d77f9dc6ce2974
-new file mode 100644
-index 0000000..454351c
-Binary files /dev/null and b/fuzz/corpora/crl/ee465da3292d24941e9fde2df5d77f9dc6ce2974 differ
-diff --git a/fuzz/corpora/crl/ee6eef5727e1a27eb2e715270e0b28a563d49b0c b/fuzz/corpora/crl/ee6eef5727e1a27eb2e715270e0b28a563d49b0c
-new file mode 100644
-index 0000000..d387140
-Binary files /dev/null and b/fuzz/corpora/crl/ee6eef5727e1a27eb2e715270e0b28a563d49b0c differ
-diff --git a/fuzz/corpora/crl/ee7d98ece551f5f920dadc86c8f2e70e3d980114 b/fuzz/corpora/crl/ee7d98ece551f5f920dadc86c8f2e70e3d980114
-new file mode 100644
-index 0000000..50db8aa
-Binary files /dev/null and b/fuzz/corpora/crl/ee7d98ece551f5f920dadc86c8f2e70e3d980114 differ
-diff --git a/fuzz/corpora/crl/eea9e61972e688a46f6ae448662263b30a9d0249 b/fuzz/corpora/crl/eea9e61972e688a46f6ae448662263b30a9d0249
-new file mode 100644
-index 0000000..ae460ca
-Binary files /dev/null and b/fuzz/corpora/crl/eea9e61972e688a46f6ae448662263b30a9d0249 differ
-diff --git a/fuzz/corpora/crl/ef16969306452d0e6a62e9ec58b29c72e00fd466 b/fuzz/corpora/crl/ef16969306452d0e6a62e9ec58b29c72e00fd466
-new file mode 100644
-index 0000000..4d0c4e6
-Binary files /dev/null and b/fuzz/corpora/crl/ef16969306452d0e6a62e9ec58b29c72e00fd466 differ
-diff --git a/fuzz/corpora/crl/ef5e7a6040583b1a0de8a1d729d10ac0ccc08243 b/fuzz/corpora/crl/ef5e7a6040583b1a0de8a1d729d10ac0ccc08243
-new file mode 100644
-index 0000000..f5177df
-Binary files /dev/null and b/fuzz/corpora/crl/ef5e7a6040583b1a0de8a1d729d10ac0ccc08243 differ
-diff --git a/fuzz/corpora/crl/ef7d2a22d0eaf256328b560d7ad92d7995efa930 b/fuzz/corpora/crl/ef7d2a22d0eaf256328b560d7ad92d7995efa930
-new file mode 100644
-index 0000000..a52a7bc
-Binary files /dev/null and b/fuzz/corpora/crl/ef7d2a22d0eaf256328b560d7ad92d7995efa930 differ
-diff --git a/fuzz/corpora/crl/ef892870fb12286f4191319918ded6112bf3013f b/fuzz/corpora/crl/ef892870fb12286f4191319918ded6112bf3013f
-new file mode 100644
-index 0000000..3dd579c
-Binary files /dev/null and b/fuzz/corpora/crl/ef892870fb12286f4191319918ded6112bf3013f differ
-diff --git a/fuzz/corpora/crl/efd600b6f14fc22dd7fb73111c8fe25fcdb74515 b/fuzz/corpora/crl/efd600b6f14fc22dd7fb73111c8fe25fcdb74515
-new file mode 100644
-index 0000000..e830bc8
-Binary files /dev/null and b/fuzz/corpora/crl/efd600b6f14fc22dd7fb73111c8fe25fcdb74515 differ
-diff --git a/fuzz/corpora/crl/efdaf4c6bfba70f4df344f58336f4f78d1994186 b/fuzz/corpora/crl/efdaf4c6bfba70f4df344f58336f4f78d1994186
-new file mode 100644
-index 0000000..443ec71
-Binary files /dev/null and b/fuzz/corpora/crl/efdaf4c6bfba70f4df344f58336f4f78d1994186 differ
-diff --git a/fuzz/corpora/crl/f000a42b5c4968d0ca0dc2fe82539d48af4b159a b/fuzz/corpora/crl/f000a42b5c4968d0ca0dc2fe82539d48af4b159a
-new file mode 100644
-index 0000000..5615f61
-Binary files /dev/null and b/fuzz/corpora/crl/f000a42b5c4968d0ca0dc2fe82539d48af4b159a differ
-diff --git a/fuzz/corpora/crl/f01473d24862be402b2962720b1426fcf0778800 b/fuzz/corpora/crl/f01473d24862be402b2962720b1426fcf0778800
-new file mode 100644
-index 0000000..8643378
-Binary files /dev/null and b/fuzz/corpora/crl/f01473d24862be402b2962720b1426fcf0778800 differ
-diff --git a/fuzz/corpora/crl/f019b1949e8af0369cdd0aea85d8e3f0b4e96e58 b/fuzz/corpora/crl/f019b1949e8af0369cdd0aea85d8e3f0b4e96e58
-new file mode 100644
-index 0000000..7762c46
-Binary files /dev/null and b/fuzz/corpora/crl/f019b1949e8af0369cdd0aea85d8e3f0b4e96e58 differ
-diff --git a/fuzz/corpora/crl/f065f80ee47581f4e7def701861633319791a1e2 b/fuzz/corpora/crl/f065f80ee47581f4e7def701861633319791a1e2
-new file mode 100644
-index 0000000..f555268
-Binary files /dev/null and b/fuzz/corpora/crl/f065f80ee47581f4e7def701861633319791a1e2 differ
-diff --git a/fuzz/corpora/crl/f16280a1ea743081b67587757747523e1f42077e b/fuzz/corpora/crl/f16280a1ea743081b67587757747523e1f42077e
-new file mode 100644
-index 0000000..23fc6bb
-Binary files /dev/null and b/fuzz/corpora/crl/f16280a1ea743081b67587757747523e1f42077e differ
-diff --git a/fuzz/corpora/crl/f16cc36049605b9f1b8c8f935713befc92041096 b/fuzz/corpora/crl/f16cc36049605b9f1b8c8f935713befc92041096
-new file mode 100644
-index 0000000..308ed7d
-Binary files /dev/null and b/fuzz/corpora/crl/f16cc36049605b9f1b8c8f935713befc92041096 differ
-diff --git a/fuzz/corpora/crl/f195c68faf558fed54541c12cef6098a426aa69a b/fuzz/corpora/crl/f195c68faf558fed54541c12cef6098a426aa69a
-new file mode 100644
-index 0000000..c039f34
-Binary files /dev/null and b/fuzz/corpora/crl/f195c68faf558fed54541c12cef6098a426aa69a differ
-diff --git a/fuzz/corpora/crl/f1a6be0a27ad87afa0751210d98a21bc320d8c84 b/fuzz/corpora/crl/f1a6be0a27ad87afa0751210d98a21bc320d8c84
-new file mode 100644
-index 0000000..f91ee79
-Binary files /dev/null and b/fuzz/corpora/crl/f1a6be0a27ad87afa0751210d98a21bc320d8c84 differ
-diff --git a/fuzz/corpora/crl/f1e0d44d83733337a2dcf37c89c64f73a343efea b/fuzz/corpora/crl/f1e0d44d83733337a2dcf37c89c64f73a343efea
-new file mode 100644
-index 0000000..365f431
-Binary files /dev/null and b/fuzz/corpora/crl/f1e0d44d83733337a2dcf37c89c64f73a343efea differ
-diff --git a/fuzz/corpora/crl/f21b799cba5f77b5de06f355827dcd80cd17674e b/fuzz/corpora/crl/f21b799cba5f77b5de06f355827dcd80cd17674e
-new file mode 100644
-index 0000000..7079a02
-Binary files /dev/null and b/fuzz/corpora/crl/f21b799cba5f77b5de06f355827dcd80cd17674e differ
-diff --git a/fuzz/corpora/crl/f23263a9847c50a3c40006019c0dbc2b0daab63a b/fuzz/corpora/crl/f23263a9847c50a3c40006019c0dbc2b0daab63a
-new file mode 100644
-index 0000000..fb3e643
-Binary files /dev/null and b/fuzz/corpora/crl/f23263a9847c50a3c40006019c0dbc2b0daab63a differ
-diff --git a/fuzz/corpora/crl/f2a03f8e10edffe6af2ac23657a7ae30179dfe39 b/fuzz/corpora/crl/f2a03f8e10edffe6af2ac23657a7ae30179dfe39
-new file mode 100644
-index 0000000..eeb3e39
-Binary files /dev/null and b/fuzz/corpora/crl/f2a03f8e10edffe6af2ac23657a7ae30179dfe39 differ
-diff --git a/fuzz/corpora/crl/f32fd96177ca17bd24ccf54cdde0e7368feda717 b/fuzz/corpora/crl/f32fd96177ca17bd24ccf54cdde0e7368feda717
-new file mode 100644
-index 0000000..2a7869b
-Binary files /dev/null and b/fuzz/corpora/crl/f32fd96177ca17bd24ccf54cdde0e7368feda717 differ
-diff --git a/fuzz/corpora/crl/f33a1b74c53abb03f784fe2e7fe2c855a716fb6b b/fuzz/corpora/crl/f33a1b74c53abb03f784fe2e7fe2c855a716fb6b
-new file mode 100644
-index 0000000..7f146b9
-Binary files /dev/null and b/fuzz/corpora/crl/f33a1b74c53abb03f784fe2e7fe2c855a716fb6b differ
-diff --git a/fuzz/corpora/crl/f3b2e9931d0ecea39fab78c0dc64d9e6a0aaac90 b/fuzz/corpora/crl/f3b2e9931d0ecea39fab78c0dc64d9e6a0aaac90
-new file mode 100644
-index 0000000..26b2bd5
-Binary files /dev/null and b/fuzz/corpora/crl/f3b2e9931d0ecea39fab78c0dc64d9e6a0aaac90 differ
-diff --git a/fuzz/corpora/crl/f403cf94b6444a1191e7329d9551f47d5a97dd15 b/fuzz/corpora/crl/f403cf94b6444a1191e7329d9551f47d5a97dd15
-new file mode 100644
-index 0000000..3487d10
-Binary files /dev/null and b/fuzz/corpora/crl/f403cf94b6444a1191e7329d9551f47d5a97dd15 differ
-diff --git a/fuzz/corpora/crl/f497141ad62625edee34b11da1212981233d4a4c b/fuzz/corpora/crl/f497141ad62625edee34b11da1212981233d4a4c
-new file mode 100644
-index 0000000..9c286e7
-Binary files /dev/null and b/fuzz/corpora/crl/f497141ad62625edee34b11da1212981233d4a4c differ
-diff --git a/fuzz/corpora/crl/f4ce73f41fca2efa1d85b46de4b0a832b493a0d2 b/fuzz/corpora/crl/f4ce73f41fca2efa1d85b46de4b0a832b493a0d2
-new file mode 100644
-index 0000000..7a7aac9
-Binary files /dev/null and b/fuzz/corpora/crl/f4ce73f41fca2efa1d85b46de4b0a832b493a0d2 differ
-diff --git a/fuzz/corpora/crl/f5cf3633c96ec774379fb510d7c9f714dac2ab24 b/fuzz/corpora/crl/f5cf3633c96ec774379fb510d7c9f714dac2ab24
-new file mode 100644
-index 0000000..6780804
-Binary files /dev/null and b/fuzz/corpora/crl/f5cf3633c96ec774379fb510d7c9f714dac2ab24 differ
-diff --git a/fuzz/corpora/crl/f66eb6cf37f6093fe6e8251a313d00fd9fc4de71 b/fuzz/corpora/crl/f66eb6cf37f6093fe6e8251a313d00fd9fc4de71
-new file mode 100644
-index 0000000..f7d56b9
-Binary files /dev/null and b/fuzz/corpora/crl/f66eb6cf37f6093fe6e8251a313d00fd9fc4de71 differ
-diff --git a/fuzz/corpora/crl/f678cb77ceb21e213e5d63ba926a9cf4a037d863 b/fuzz/corpora/crl/f678cb77ceb21e213e5d63ba926a9cf4a037d863
-new file mode 100644
-index 0000000..7d04e0c
-Binary files /dev/null and b/fuzz/corpora/crl/f678cb77ceb21e213e5d63ba926a9cf4a037d863 differ
-diff --git a/fuzz/corpora/crl/f680947ab21b475cf63f08d01f2fdcd8bace1f05 b/fuzz/corpora/crl/f680947ab21b475cf63f08d01f2fdcd8bace1f05
-new file mode 100644
-index 0000000..cc64c81
-Binary files /dev/null and b/fuzz/corpora/crl/f680947ab21b475cf63f08d01f2fdcd8bace1f05 differ
-diff --git a/fuzz/corpora/crl/f6a561d464743f0dccb68e1d497a7b46431c434c b/fuzz/corpora/crl/f6a561d464743f0dccb68e1d497a7b46431c434c
-new file mode 100644
-index 0000000..0f0a1d7
-Binary files /dev/null and b/fuzz/corpora/crl/f6a561d464743f0dccb68e1d497a7b46431c434c differ
-diff --git a/fuzz/corpora/crl/f6cf3ffe352e80f12db51be51f446f6359de6a49 b/fuzz/corpora/crl/f6cf3ffe352e80f12db51be51f446f6359de6a49
-new file mode 100644
-index 0000000..c673208
-Binary files /dev/null and b/fuzz/corpora/crl/f6cf3ffe352e80f12db51be51f446f6359de6a49 differ
-diff --git a/fuzz/corpora/crl/f74ff5e0db07126f74aa1008a8ff859a208ec8db b/fuzz/corpora/crl/f74ff5e0db07126f74aa1008a8ff859a208ec8db
-new file mode 100644
-index 0000000..d6ff43e
-Binary files /dev/null and b/fuzz/corpora/crl/f74ff5e0db07126f74aa1008a8ff859a208ec8db differ
-diff --git a/fuzz/corpora/crl/f77ac369fe6843e4063118498442587feafd65c7 b/fuzz/corpora/crl/f77ac369fe6843e4063118498442587feafd65c7
-new file mode 100644
-index 0000000..4c59e1d
-Binary files /dev/null and b/fuzz/corpora/crl/f77ac369fe6843e4063118498442587feafd65c7 differ
-diff --git a/fuzz/corpora/crl/f78ebfc6cecf8f2a39a8ca13fed4f71a7139ffb9 b/fuzz/corpora/crl/f78ebfc6cecf8f2a39a8ca13fed4f71a7139ffb9
-new file mode 100644
-index 0000000..4e342bb
-Binary files /dev/null and b/fuzz/corpora/crl/f78ebfc6cecf8f2a39a8ca13fed4f71a7139ffb9 differ
-diff --git a/fuzz/corpora/crl/f7a49b3140651759d7a92d0083a4c12632fc94c2 b/fuzz/corpora/crl/f7a49b3140651759d7a92d0083a4c12632fc94c2
-new file mode 100644
-index 0000000..1ca9c70
-Binary files /dev/null and b/fuzz/corpora/crl/f7a49b3140651759d7a92d0083a4c12632fc94c2 differ
-diff --git a/fuzz/corpora/crl/f7b2e7a8e8f339c0e28a0c6425402d9b546978e3 b/fuzz/corpora/crl/f7b2e7a8e8f339c0e28a0c6425402d9b546978e3
-new file mode 100644
-index 0000000..944d4fb
-Binary files /dev/null and b/fuzz/corpora/crl/f7b2e7a8e8f339c0e28a0c6425402d9b546978e3 differ
-diff --git a/fuzz/corpora/crl/f7c8dcc7d356e3bbf9561ed1c997165830490c13 b/fuzz/corpora/crl/f7c8dcc7d356e3bbf9561ed1c997165830490c13
-new file mode 100644
-index 0000000..26882b3
-Binary files /dev/null and b/fuzz/corpora/crl/f7c8dcc7d356e3bbf9561ed1c997165830490c13 differ
-diff --git a/fuzz/corpora/crl/f7ef38a3775e09f6cff4101b6b785cecacac57f0 b/fuzz/corpora/crl/f7ef38a3775e09f6cff4101b6b785cecacac57f0
-new file mode 100644
-index 0000000..b2951fe
-Binary files /dev/null and b/fuzz/corpora/crl/f7ef38a3775e09f6cff4101b6b785cecacac57f0 differ
-diff --git a/fuzz/corpora/crl/f84aad592e1a2f9d1fed59c196bced04be52e570 b/fuzz/corpora/crl/f84aad592e1a2f9d1fed59c196bced04be52e570
-new file mode 100644
-index 0000000..1e08fcf
-Binary files /dev/null and b/fuzz/corpora/crl/f84aad592e1a2f9d1fed59c196bced04be52e570 differ
-diff --git a/fuzz/corpora/crl/f87a082fcd46854d18c9d0de2ad5835db4a9b73b b/fuzz/corpora/crl/f87a082fcd46854d18c9d0de2ad5835db4a9b73b
-new file mode 100644
-index 0000000..7d6fa88
-Binary files /dev/null and b/fuzz/corpora/crl/f87a082fcd46854d18c9d0de2ad5835db4a9b73b differ
-diff --git a/fuzz/corpora/crl/f8dbd1842e2095d59a9064986910df31f25d3f63 b/fuzz/corpora/crl/f8dbd1842e2095d59a9064986910df31f25d3f63
-new file mode 100644
-index 0000000..bd3b905
-Binary files /dev/null and b/fuzz/corpora/crl/f8dbd1842e2095d59a9064986910df31f25d3f63 differ
-diff --git a/fuzz/corpora/crl/f8f4ca245cd0101027f7b827ff8a7faca36f6c1e b/fuzz/corpora/crl/f8f4ca245cd0101027f7b827ff8a7faca36f6c1e
-new file mode 100644
-index 0000000..c790846
-Binary files /dev/null and b/fuzz/corpora/crl/f8f4ca245cd0101027f7b827ff8a7faca36f6c1e differ
-diff --git a/fuzz/corpora/crl/f9081ac178dd1c459582d5d6346e28bf48e75858 b/fuzz/corpora/crl/f9081ac178dd1c459582d5d6346e28bf48e75858
-new file mode 100644
-index 0000000..9ff4a20
-Binary files /dev/null and b/fuzz/corpora/crl/f9081ac178dd1c459582d5d6346e28bf48e75858 differ
-diff --git a/fuzz/corpora/crl/f93585752aa37ef0e38382c3f702733f372ea6bf b/fuzz/corpora/crl/f93585752aa37ef0e38382c3f702733f372ea6bf
-new file mode 100644
-index 0000000..10edc96
-Binary files /dev/null and b/fuzz/corpora/crl/f93585752aa37ef0e38382c3f702733f372ea6bf differ
-diff --git a/fuzz/corpora/crl/f96138334c80e7e496c6b34a034edb0ae5823a61 b/fuzz/corpora/crl/f96138334c80e7e496c6b34a034edb0ae5823a61
-new file mode 100644
-index 0000000..ae4a39b
-Binary files /dev/null and b/fuzz/corpora/crl/f96138334c80e7e496c6b34a034edb0ae5823a61 differ
-diff --git a/fuzz/corpora/crl/f9edd84d17d4d891dd300353d484b5f80652d2b3 b/fuzz/corpora/crl/f9edd84d17d4d891dd300353d484b5f80652d2b3
-new file mode 100644
-index 0000000..1fdcfa5
-Binary files /dev/null and b/fuzz/corpora/crl/f9edd84d17d4d891dd300353d484b5f80652d2b3 differ
-diff --git a/fuzz/corpora/crl/fab6ea46898dbcc5fb42c5c22f7dbf9ce8e89390 b/fuzz/corpora/crl/fab6ea46898dbcc5fb42c5c22f7dbf9ce8e89390
-new file mode 100644
-index 0000000..1b46d77
-Binary files /dev/null and b/fuzz/corpora/crl/fab6ea46898dbcc5fb42c5c22f7dbf9ce8e89390 differ
-diff --git a/fuzz/corpora/crl/fb13c0880d13a5dc7dec5e39591468fff4422a78 b/fuzz/corpora/crl/fb13c0880d13a5dc7dec5e39591468fff4422a78
-new file mode 100644
-index 0000000..abca137
-Binary files /dev/null and b/fuzz/corpora/crl/fb13c0880d13a5dc7dec5e39591468fff4422a78 differ
-diff --git a/fuzz/corpora/crl/fb46407262957f485fcdc48256d1f9255cb157c0 b/fuzz/corpora/crl/fb46407262957f485fcdc48256d1f9255cb157c0
-new file mode 100644
-index 0000000..b956772
-Binary files /dev/null and b/fuzz/corpora/crl/fb46407262957f485fcdc48256d1f9255cb157c0 differ
-diff --git a/fuzz/corpora/crl/fb841046c8ad7e2ae8c1a17c449a96646dfbbe83 b/fuzz/corpora/crl/fb841046c8ad7e2ae8c1a17c449a96646dfbbe83
-new file mode 100644
-index 0000000..a378d35
-Binary files /dev/null and b/fuzz/corpora/crl/fb841046c8ad7e2ae8c1a17c449a96646dfbbe83 differ
-diff --git a/fuzz/corpora/crl/fb8e2dede9a6f66a3ddfc759a43b0003453f12dd b/fuzz/corpora/crl/fb8e2dede9a6f66a3ddfc759a43b0003453f12dd
-new file mode 100644
-index 0000000..bb67fee
-Binary files /dev/null and b/fuzz/corpora/crl/fb8e2dede9a6f66a3ddfc759a43b0003453f12dd differ
-diff --git a/fuzz/corpora/crl/fba3c398adc96204ada5b232d98567dbc6eaae10 b/fuzz/corpora/crl/fba3c398adc96204ada5b232d98567dbc6eaae10
-new file mode 100644
-index 0000000..b4b59cc
-Binary files /dev/null and b/fuzz/corpora/crl/fba3c398adc96204ada5b232d98567dbc6eaae10 differ
-diff --git a/fuzz/corpora/crl/fbdb6bc03b6b073aac45e4e98ab7d0926629fa10 b/fuzz/corpora/crl/fbdb6bc03b6b073aac45e4e98ab7d0926629fa10
-new file mode 100644
-index 0000000..24b73d3
-Binary files /dev/null and b/fuzz/corpora/crl/fbdb6bc03b6b073aac45e4e98ab7d0926629fa10 differ
-diff --git a/fuzz/corpora/crl/fbe6ef17b37b3610dc5270f57af78dc192b19224 b/fuzz/corpora/crl/fbe6ef17b37b3610dc5270f57af78dc192b19224
-new file mode 100644
-index 0000000..b4c4874
-Binary files /dev/null and b/fuzz/corpora/crl/fbe6ef17b37b3610dc5270f57af78dc192b19224 differ
-diff --git a/fuzz/corpora/crl/fbed187bd58f2a6db7a824033b4a4c7cadb18051 b/fuzz/corpora/crl/fbed187bd58f2a6db7a824033b4a4c7cadb18051
-new file mode 100644
-index 0000000..9b7b49a
-Binary files /dev/null and b/fuzz/corpora/crl/fbed187bd58f2a6db7a824033b4a4c7cadb18051 differ
-diff --git a/fuzz/corpora/crl/fc46d055297033bd5f54d699327cffa8eeed153c b/fuzz/corpora/crl/fc46d055297033bd5f54d699327cffa8eeed153c
-new file mode 100644
-index 0000000..3d3f168
-Binary files /dev/null and b/fuzz/corpora/crl/fc46d055297033bd5f54d699327cffa8eeed153c differ
-diff --git a/fuzz/corpora/crl/fc990424b7c08f29ec27398463535d0f7d58517a b/fuzz/corpora/crl/fc990424b7c08f29ec27398463535d0f7d58517a
-new file mode 100644
-index 0000000..d6c2419
-Binary files /dev/null and b/fuzz/corpora/crl/fc990424b7c08f29ec27398463535d0f7d58517a differ
-diff --git a/fuzz/corpora/crl/fd273a12490b5dd68ccdefc99aed6947ec57df6d b/fuzz/corpora/crl/fd273a12490b5dd68ccdefc99aed6947ec57df6d
-new file mode 100644
-index 0000000..85371fd
-Binary files /dev/null and b/fuzz/corpora/crl/fd273a12490b5dd68ccdefc99aed6947ec57df6d differ
-diff --git a/fuzz/corpora/crl/fd2e94c80ca8e0a7624cd2481f8912fc3e654675 b/fuzz/corpora/crl/fd2e94c80ca8e0a7624cd2481f8912fc3e654675
-new file mode 100644
-index 0000000..a5728db
-Binary files /dev/null and b/fuzz/corpora/crl/fd2e94c80ca8e0a7624cd2481f8912fc3e654675 differ
-diff --git a/fuzz/corpora/crl/fd50ce676907084658264e29e50ec12c330c73da b/fuzz/corpora/crl/fd50ce676907084658264e29e50ec12c330c73da
-new file mode 100644
-index 0000000..0dde880
-Binary files /dev/null and b/fuzz/corpora/crl/fd50ce676907084658264e29e50ec12c330c73da differ
-diff --git a/fuzz/corpora/crl/fd7fee57ff6f87e1b56aa23b351774b59834db82 b/fuzz/corpora/crl/fd7fee57ff6f87e1b56aa23b351774b59834db82
-new file mode 100644
-index 0000000..bba8c66
-Binary files /dev/null and b/fuzz/corpora/crl/fd7fee57ff6f87e1b56aa23b351774b59834db82 differ
-diff --git a/fuzz/corpora/crl/fdcdf790cbd04ae508847a1a9ffd36f514a4b476 b/fuzz/corpora/crl/fdcdf790cbd04ae508847a1a9ffd36f514a4b476
-new file mode 100644
-index 0000000..16c41fe
-Binary files /dev/null and b/fuzz/corpora/crl/fdcdf790cbd04ae508847a1a9ffd36f514a4b476 differ
-diff --git a/fuzz/corpora/crl/fead49e7fbd4aa993ebdf196bc37423cb34151df b/fuzz/corpora/crl/fead49e7fbd4aa993ebdf196bc37423cb34151df
-new file mode 100644
-index 0000000..bee82b1
-Binary files /dev/null and b/fuzz/corpora/crl/fead49e7fbd4aa993ebdf196bc37423cb34151df differ
-diff --git a/fuzz/corpora/crl/feae11814eef9a0d9d472ecb60edfaf61c788efe b/fuzz/corpora/crl/feae11814eef9a0d9d472ecb60edfaf61c788efe
-new file mode 100644
-index 0000000..3d80271
-Binary files /dev/null and b/fuzz/corpora/crl/feae11814eef9a0d9d472ecb60edfaf61c788efe differ
-diff --git a/fuzz/corpora/crl/fec1b8d941e7e80267bb2a4c8dc442863e2f549d b/fuzz/corpora/crl/fec1b8d941e7e80267bb2a4c8dc442863e2f549d
-new file mode 100644
-index 0000000..8a9caf6
-Binary files /dev/null and b/fuzz/corpora/crl/fec1b8d941e7e80267bb2a4c8dc442863e2f549d differ
-diff --git a/fuzz/corpora/crl/fed72d9070901eb573626410959707b5263ebea1 b/fuzz/corpora/crl/fed72d9070901eb573626410959707b5263ebea1
-new file mode 100644
-index 0000000..1e4b942
-Binary files /dev/null and b/fuzz/corpora/crl/fed72d9070901eb573626410959707b5263ebea1 differ
-diff --git a/fuzz/corpora/crl/ff81b63dbc6c497b0980312a8f4fbf5e1f3078d3 b/fuzz/corpora/crl/ff81b63dbc6c497b0980312a8f4fbf5e1f3078d3
-new file mode 100644
-index 0000000..c78444f
-Binary files /dev/null and b/fuzz/corpora/crl/ff81b63dbc6c497b0980312a8f4fbf5e1f3078d3 differ
-diff --git a/fuzz/corpora/crl/ff827c3a2c5100413ac6db999787ea29eb90bc43 b/fuzz/corpora/crl/ff827c3a2c5100413ac6db999787ea29eb90bc43
-new file mode 100644
-index 0000000..60b48b0
-Binary files /dev/null and b/fuzz/corpora/crl/ff827c3a2c5100413ac6db999787ea29eb90bc43 differ
-diff --git a/fuzz/corpora/crl/ffde19697135bd863da22f3cce1963b02ce2e7f0 b/fuzz/corpora/crl/ffde19697135bd863da22f3cce1963b02ce2e7f0
-new file mode 100644
-index 0000000..85df983
-Binary files /dev/null and b/fuzz/corpora/crl/ffde19697135bd863da22f3cce1963b02ce2e7f0 differ
-diff --git a/fuzz/corpora/crl/ffe7828cf740b4139ee262400733ff322ca3df5a b/fuzz/corpora/crl/ffe7828cf740b4139ee262400733ff322ca3df5a
-new file mode 100644
-index 0000000..0c8eb17
-Binary files /dev/null and b/fuzz/corpora/crl/ffe7828cf740b4139ee262400733ff322ca3df5a differ
-diff --git a/fuzz/corpora/ct/0193852d95e1c1d20a28394a44ea27b248f103d1 b/fuzz/corpora/ct/0193852d95e1c1d20a28394a44ea27b248f103d1
-new file mode 100644
-index 0000000..5259ffe
-Binary files /dev/null and b/fuzz/corpora/ct/0193852d95e1c1d20a28394a44ea27b248f103d1 differ
-diff --git a/fuzz/corpora/ct/04c430a5cf4f348b0ccf0d3f8de5795604699840 b/fuzz/corpora/ct/04c430a5cf4f348b0ccf0d3f8de5795604699840
-new file mode 100644
-index 0000000..4a1736e
-Binary files /dev/null and b/fuzz/corpora/ct/04c430a5cf4f348b0ccf0d3f8de5795604699840 differ
-diff --git a/fuzz/corpora/ct/0617b9b072e5d7b79f611ab579fd0c3360c18e2c b/fuzz/corpora/ct/0617b9b072e5d7b79f611ab579fd0c3360c18e2c
-new file mode 100644
-index 0000000..a980883
-Binary files /dev/null and b/fuzz/corpora/ct/0617b9b072e5d7b79f611ab579fd0c3360c18e2c differ
-diff --git a/fuzz/corpora/ct/0f61d11e8121cefe69c39ea93bc2034302c64e69 b/fuzz/corpora/ct/0f61d11e8121cefe69c39ea93bc2034302c64e69
-new file mode 100644
-index 0000000..30c9063
-Binary files /dev/null and b/fuzz/corpora/ct/0f61d11e8121cefe69c39ea93bc2034302c64e69 differ
-diff --git a/fuzz/corpora/ct/1149db94c855f243dad494f33b6d986929a7e61a b/fuzz/corpora/ct/1149db94c855f243dad494f33b6d986929a7e61a
-new file mode 100644
-index 0000000..76c2dbd
-Binary files /dev/null and b/fuzz/corpora/ct/1149db94c855f243dad494f33b6d986929a7e61a differ
-diff --git a/fuzz/corpora/ct/114da967be9ef757d2b3be632de722d93accc7fe b/fuzz/corpora/ct/114da967be9ef757d2b3be632de722d93accc7fe
-new file mode 100644
-index 0000000..601f1df
-Binary files /dev/null and b/fuzz/corpora/ct/114da967be9ef757d2b3be632de722d93accc7fe differ
-diff --git a/fuzz/corpora/ct/11a45556e78def7a695284d2755157ee24823da2 b/fuzz/corpora/ct/11a45556e78def7a695284d2755157ee24823da2
-new file mode 100644
-index 0000000..042aefd
-Binary files /dev/null and b/fuzz/corpora/ct/11a45556e78def7a695284d2755157ee24823da2 differ
-diff --git a/fuzz/corpora/ct/15fe7d100d8e902433afee2ba44878eb03c41d9d b/fuzz/corpora/ct/15fe7d100d8e902433afee2ba44878eb03c41d9d
-new file mode 100644
-index 0000000..d9ff82c
-Binary files /dev/null and b/fuzz/corpora/ct/15fe7d100d8e902433afee2ba44878eb03c41d9d differ
-diff --git a/fuzz/corpora/ct/1db2178abf111767715b1a7113d71117ca99bae5 b/fuzz/corpora/ct/1db2178abf111767715b1a7113d71117ca99bae5
-new file mode 100644
-index 0000000..dd9d42c
-Binary files /dev/null and b/fuzz/corpora/ct/1db2178abf111767715b1a7113d71117ca99bae5 differ
-diff --git a/fuzz/corpora/ct/23833462f55515a900e016db2eb943fb474c19f6 b/fuzz/corpora/ct/23833462f55515a900e016db2eb943fb474c19f6
-new file mode 100644
-index 0000000..16e0e90
-Binary files /dev/null and b/fuzz/corpora/ct/23833462f55515a900e016db2eb943fb474c19f6 differ
-diff --git a/fuzz/corpora/ct/23906090c744112e940a24882ebbe3ccca675e76 b/fuzz/corpora/ct/23906090c744112e940a24882ebbe3ccca675e76
-new file mode 100644
-index 0000000..9b8212d
-Binary files /dev/null and b/fuzz/corpora/ct/23906090c744112e940a24882ebbe3ccca675e76 differ
-diff --git a/fuzz/corpora/ct/2cd5efcd2616bd79805b032a014613ca71787ba1 b/fuzz/corpora/ct/2cd5efcd2616bd79805b032a014613ca71787ba1
-new file mode 100644
-index 0000000..eed4b2f
-Binary files /dev/null and b/fuzz/corpora/ct/2cd5efcd2616bd79805b032a014613ca71787ba1 differ
-diff --git a/fuzz/corpora/ct/2e3ec430552d735f1ccfde856ef8ca367900e7a9 b/fuzz/corpora/ct/2e3ec430552d735f1ccfde856ef8ca367900e7a9
-new file mode 100644
-index 0000000..b6af9bb
-Binary files /dev/null and b/fuzz/corpora/ct/2e3ec430552d735f1ccfde856ef8ca367900e7a9 differ
-diff --git a/fuzz/corpora/ct/345bd68388e09b501c9e657174ac839b08490684 b/fuzz/corpora/ct/345bd68388e09b501c9e657174ac839b08490684
-new file mode 100644
-index 0000000..df6b39b
-Binary files /dev/null and b/fuzz/corpora/ct/345bd68388e09b501c9e657174ac839b08490684 differ
-diff --git a/fuzz/corpora/ct/383718912dbec60777065fac104b48ff3efbc5b2 b/fuzz/corpora/ct/383718912dbec60777065fac104b48ff3efbc5b2
-new file mode 100644
-index 0000000..58da6e0
-Binary files /dev/null and b/fuzz/corpora/ct/383718912dbec60777065fac104b48ff3efbc5b2 differ
-diff --git a/fuzz/corpora/ct/383839a73369429b86bb25ab12013952ea9d2c17 b/fuzz/corpora/ct/383839a73369429b86bb25ab12013952ea9d2c17
-new file mode 100644
-index 0000000..5e4b860
-Binary files /dev/null and b/fuzz/corpora/ct/383839a73369429b86bb25ab12013952ea9d2c17 differ
-diff --git a/fuzz/corpora/ct/38638dc4b921d344d874976471de9c68ed6ca0c9 b/fuzz/corpora/ct/38638dc4b921d344d874976471de9c68ed6ca0c9
-new file mode 100644
-index 0000000..1957b26
-Binary files /dev/null and b/fuzz/corpora/ct/38638dc4b921d344d874976471de9c68ed6ca0c9 differ
-diff --git a/fuzz/corpora/ct/3943e407d6b62c32af636dad1cc5a096ef768460 b/fuzz/corpora/ct/3943e407d6b62c32af636dad1cc5a096ef768460
-new file mode 100644
-index 0000000..ae66bf8
-Binary files /dev/null and b/fuzz/corpora/ct/3943e407d6b62c32af636dad1cc5a096ef768460 differ
-diff --git a/fuzz/corpora/ct/3a5f46c359f756a9e4da0676904d7f4781f23ac1 b/fuzz/corpora/ct/3a5f46c359f756a9e4da0676904d7f4781f23ac1
-new file mode 100644
-index 0000000..24eeec7
-Binary files /dev/null and b/fuzz/corpora/ct/3a5f46c359f756a9e4da0676904d7f4781f23ac1 differ
-diff --git a/fuzz/corpora/ct/3c5bf1f96fb020b9a33266a8a0dcd36b114a9aa1 b/fuzz/corpora/ct/3c5bf1f96fb020b9a33266a8a0dcd36b114a9aa1
-new file mode 100644
-index 0000000..0c78611
-Binary files /dev/null and b/fuzz/corpora/ct/3c5bf1f96fb020b9a33266a8a0dcd36b114a9aa1 differ
-diff --git a/fuzz/corpora/ct/3cc0448f6cb4ce214515cecc7b0d1631f5f1a4e6 b/fuzz/corpora/ct/3cc0448f6cb4ce214515cecc7b0d1631f5f1a4e6
-new file mode 100644
-index 0000000..261f9c5
-Binary files /dev/null and b/fuzz/corpora/ct/3cc0448f6cb4ce214515cecc7b0d1631f5f1a4e6 differ
-diff --git a/fuzz/corpora/ct/3e1a4ee4ac4b2842a00de4a4745abf0cede7a3a6 b/fuzz/corpora/ct/3e1a4ee4ac4b2842a00de4a4745abf0cede7a3a6
-new file mode 100644
-index 0000000..daf90cc
-Binary files /dev/null and b/fuzz/corpora/ct/3e1a4ee4ac4b2842a00de4a4745abf0cede7a3a6 differ
-diff --git a/fuzz/corpora/ct/41611d71a3deceb09e206c8b208cc1fef263ccc2 b/fuzz/corpora/ct/41611d71a3deceb09e206c8b208cc1fef263ccc2
-new file mode 100644
-index 0000000..8730853
-Binary files /dev/null and b/fuzz/corpora/ct/41611d71a3deceb09e206c8b208cc1fef263ccc2 differ
-diff --git a/fuzz/corpora/ct/478490e09f1a83365f93d0a9668fa2c17f97e157 b/fuzz/corpora/ct/478490e09f1a83365f93d0a9668fa2c17f97e157
-new file mode 100644
-index 0000000..0291dc2
-Binary files /dev/null and b/fuzz/corpora/ct/478490e09f1a83365f93d0a9668fa2c17f97e157 differ
-diff --git a/fuzz/corpora/ct/47d3b3dabf53393936a5407b5230653a81c3389e b/fuzz/corpora/ct/47d3b3dabf53393936a5407b5230653a81c3389e
-new file mode 100644
-index 0000000..a03791b
-Binary files /dev/null and b/fuzz/corpora/ct/47d3b3dabf53393936a5407b5230653a81c3389e differ
-diff --git a/fuzz/corpora/ct/48eb1df0763854008799f580e6d26bc0cc8ff85d b/fuzz/corpora/ct/48eb1df0763854008799f580e6d26bc0cc8ff85d
-new file mode 100644
-index 0000000..7a467c0
-Binary files /dev/null and b/fuzz/corpora/ct/48eb1df0763854008799f580e6d26bc0cc8ff85d differ
-diff --git a/fuzz/corpora/ct/4e22436534f7ddda6023610945ad3fb84b08d5f2 b/fuzz/corpora/ct/4e22436534f7ddda6023610945ad3fb84b08d5f2
-new file mode 100644
-index 0000000..d825e1a
-Binary files /dev/null and b/fuzz/corpora/ct/4e22436534f7ddda6023610945ad3fb84b08d5f2 differ
-diff --git a/fuzz/corpora/ct/4e4b55208d4de0b8004c93632b8fc913d3691a5c b/fuzz/corpora/ct/4e4b55208d4de0b8004c93632b8fc913d3691a5c
-new file mode 100644
-index 0000000..6ee190f
-Binary files /dev/null and b/fuzz/corpora/ct/4e4b55208d4de0b8004c93632b8fc913d3691a5c differ
-diff --git a/fuzz/corpora/ct/4f38525a2575e95008441cc9243fe00a5727ffa5 b/fuzz/corpora/ct/4f38525a2575e95008441cc9243fe00a5727ffa5
-new file mode 100644
-index 0000000..eb21683
-Binary files /dev/null and b/fuzz/corpora/ct/4f38525a2575e95008441cc9243fe00a5727ffa5 differ
-diff --git a/fuzz/corpora/ct/5093f125861301442a1d774bf7e8848968f2f55a b/fuzz/corpora/ct/5093f125861301442a1d774bf7e8848968f2f55a
-new file mode 100644
-index 0000000..4c04fe0
-Binary files /dev/null and b/fuzz/corpora/ct/5093f125861301442a1d774bf7e8848968f2f55a differ
-diff --git a/fuzz/corpora/ct/5268ee8ceac4a498963f8e6c5030d548aa023b02 b/fuzz/corpora/ct/5268ee8ceac4a498963f8e6c5030d548aa023b02
-new file mode 100644
-index 0000000..cdca38c
-Binary files /dev/null and b/fuzz/corpora/ct/5268ee8ceac4a498963f8e6c5030d548aa023b02 differ
-diff --git a/fuzz/corpora/ct/54b2915dc5fee0faae36a0c9224306fe1e7cfd8e b/fuzz/corpora/ct/54b2915dc5fee0faae36a0c9224306fe1e7cfd8e
-new file mode 100644
-index 0000000..a330a38
-Binary files /dev/null and b/fuzz/corpora/ct/54b2915dc5fee0faae36a0c9224306fe1e7cfd8e differ
-diff --git a/fuzz/corpora/ct/56cbcfd8857da712038369416e3f08a82dc84add b/fuzz/corpora/ct/56cbcfd8857da712038369416e3f08a82dc84add
-new file mode 100644
-index 0000000..3e42d53
-Binary files /dev/null and b/fuzz/corpora/ct/56cbcfd8857da712038369416e3f08a82dc84add differ
-diff --git a/fuzz/corpora/ct/5970c63ec9f09d54d3f7a11c273cf2285bf1fecf b/fuzz/corpora/ct/5970c63ec9f09d54d3f7a11c273cf2285bf1fecf
-new file mode 100644
-index 0000000..cc82347
-Binary files /dev/null and b/fuzz/corpora/ct/5970c63ec9f09d54d3f7a11c273cf2285bf1fecf differ
-diff --git a/fuzz/corpora/ct/5c9715bf09981e24d3046a55bc647670bde9e052 b/fuzz/corpora/ct/5c9715bf09981e24d3046a55bc647670bde9e052
-new file mode 100644
-index 0000000..dda7f85
-Binary files /dev/null and b/fuzz/corpora/ct/5c9715bf09981e24d3046a55bc647670bde9e052 differ
-diff --git a/fuzz/corpora/ct/66a499c710b293fcee8a2307a1cf727ea2eaad35 b/fuzz/corpora/ct/66a499c710b293fcee8a2307a1cf727ea2eaad35
-new file mode 100644
-index 0000000..cce94fb
-Binary files /dev/null and b/fuzz/corpora/ct/66a499c710b293fcee8a2307a1cf727ea2eaad35 differ
-diff --git a/fuzz/corpora/ct/6958a0808003a290b732f5b7cdbd684de38c68d3 b/fuzz/corpora/ct/6958a0808003a290b732f5b7cdbd684de38c68d3
-new file mode 100644
-index 0000000..cfa3e90
-Binary files /dev/null and b/fuzz/corpora/ct/6958a0808003a290b732f5b7cdbd684de38c68d3 differ
-diff --git a/fuzz/corpora/ct/6c7ab7ead2768f4ed744cf75386007648a75f837 b/fuzz/corpora/ct/6c7ab7ead2768f4ed744cf75386007648a75f837
-new file mode 100644
-index 0000000..56f06db
-Binary files /dev/null and b/fuzz/corpora/ct/6c7ab7ead2768f4ed744cf75386007648a75f837 differ
-diff --git a/fuzz/corpora/ct/6de0d4b21c1c02377fa39d5406e1fd0b817be116 b/fuzz/corpora/ct/6de0d4b21c1c02377fa39d5406e1fd0b817be116
-new file mode 100644
-index 0000000..58d2cb2
-Binary files /dev/null and b/fuzz/corpora/ct/6de0d4b21c1c02377fa39d5406e1fd0b817be116 differ
-diff --git a/fuzz/corpora/ct/7575668d9c38b6f71c5510d199f4b8d5a0104381 b/fuzz/corpora/ct/7575668d9c38b6f71c5510d199f4b8d5a0104381
-new file mode 100644
-index 0000000..5c6f6ab
-Binary files /dev/null and b/fuzz/corpora/ct/7575668d9c38b6f71c5510d199f4b8d5a0104381 differ
-diff --git a/fuzz/corpora/ct/79ebf867e288b5d20a62e7fe98b5b18c93b81303 b/fuzz/corpora/ct/79ebf867e288b5d20a62e7fe98b5b18c93b81303
-new file mode 100644
-index 0000000..e886fcc
-Binary files /dev/null and b/fuzz/corpora/ct/79ebf867e288b5d20a62e7fe98b5b18c93b81303 differ
-diff --git a/fuzz/corpora/ct/7cb4ecbdc622d8b7ef7cd51e5cc5a76407ea10ba b/fuzz/corpora/ct/7cb4ecbdc622d8b7ef7cd51e5cc5a76407ea10ba
-new file mode 100644
-index 0000000..bcc0da5
-Binary files /dev/null and b/fuzz/corpora/ct/7cb4ecbdc622d8b7ef7cd51e5cc5a76407ea10ba differ
-diff --git a/fuzz/corpora/ct/7ddd91ab9bc50214c83c52c808624b56b69ac239 b/fuzz/corpora/ct/7ddd91ab9bc50214c83c52c808624b56b69ac239
-new file mode 100644
-index 0000000..845123d
-Binary files /dev/null and b/fuzz/corpora/ct/7ddd91ab9bc50214c83c52c808624b56b69ac239 differ
-diff --git a/fuzz/corpora/ct/808eef4db3bcf9d85a8a4c7d4eeb875d1da7f79e b/fuzz/corpora/ct/808eef4db3bcf9d85a8a4c7d4eeb875d1da7f79e
-new file mode 100644
-index 0000000..d2941f9
-Binary files /dev/null and b/fuzz/corpora/ct/808eef4db3bcf9d85a8a4c7d4eeb875d1da7f79e differ
-diff --git a/fuzz/corpora/ct/80c5e81928388f2798c76a565f3e36865f862140 b/fuzz/corpora/ct/80c5e81928388f2798c76a565f3e36865f862140
-new file mode 100644
-index 0000000..a932c22
-Binary files /dev/null and b/fuzz/corpora/ct/80c5e81928388f2798c76a565f3e36865f862140 differ
-diff --git a/fuzz/corpora/ct/813fff9495b621a86999c2b767b0af0099e17b38 b/fuzz/corpora/ct/813fff9495b621a86999c2b767b0af0099e17b38
-new file mode 100644
-index 0000000..8587502
-Binary files /dev/null and b/fuzz/corpora/ct/813fff9495b621a86999c2b767b0af0099e17b38 differ
-diff --git a/fuzz/corpora/ct/83225d2274afa034da5852d60fcade4a544f53df b/fuzz/corpora/ct/83225d2274afa034da5852d60fcade4a544f53df
-new file mode 100644
-index 0000000..d2bd374
-Binary files /dev/null and b/fuzz/corpora/ct/83225d2274afa034da5852d60fcade4a544f53df differ
-diff --git a/fuzz/corpora/ct/8439c83cf0267a73b6a8f8500c6aa36cb6f19e2a b/fuzz/corpora/ct/8439c83cf0267a73b6a8f8500c6aa36cb6f19e2a
-new file mode 100644
-index 0000000..712ab8f
-Binary files /dev/null and b/fuzz/corpora/ct/8439c83cf0267a73b6a8f8500c6aa36cb6f19e2a differ
-diff --git a/fuzz/corpora/ct/875679a837dae913353af8d2558722a5dc35c23a b/fuzz/corpora/ct/875679a837dae913353af8d2558722a5dc35c23a
-new file mode 100644
-index 0000000..dfe5deb
-Binary files /dev/null and b/fuzz/corpora/ct/875679a837dae913353af8d2558722a5dc35c23a differ
-diff --git a/fuzz/corpora/ct/911581aeaa94dd3a03ca7711db00064b95d39e54 b/fuzz/corpora/ct/911581aeaa94dd3a03ca7711db00064b95d39e54
-new file mode 100644
-index 0000000..117fcc7
-Binary files /dev/null and b/fuzz/corpora/ct/911581aeaa94dd3a03ca7711db00064b95d39e54 differ
-diff --git a/fuzz/corpora/ct/915415ca0821848c91203fde9d2986d1ad973cdf b/fuzz/corpora/ct/915415ca0821848c91203fde9d2986d1ad973cdf
-new file mode 100644
-index 0000000..b826104
-Binary files /dev/null and b/fuzz/corpora/ct/915415ca0821848c91203fde9d2986d1ad973cdf differ
-diff --git a/fuzz/corpora/ct/948b11d1da5d29983285975d58b59e7e9e768adf b/fuzz/corpora/ct/948b11d1da5d29983285975d58b59e7e9e768adf
-new file mode 100644
-index 0000000..bef9a62
-Binary files /dev/null and b/fuzz/corpora/ct/948b11d1da5d29983285975d58b59e7e9e768adf differ
-diff --git a/fuzz/corpora/ct/97e02fb4637f6ffcca0df0dce0e777d284eba4f8 b/fuzz/corpora/ct/97e02fb4637f6ffcca0df0dce0e777d284eba4f8
-new file mode 100644
-index 0000000..2c72052
-Binary files /dev/null and b/fuzz/corpora/ct/97e02fb4637f6ffcca0df0dce0e777d284eba4f8 differ
-diff --git a/fuzz/corpora/ct/a26172c837f9d0698e2651520bad772769edb0d9 b/fuzz/corpora/ct/a26172c837f9d0698e2651520bad772769edb0d9
-new file mode 100644
-index 0000000..108c4b6
-Binary files /dev/null and b/fuzz/corpora/ct/a26172c837f9d0698e2651520bad772769edb0d9 differ
-diff --git a/fuzz/corpora/ct/a4726cc0ba1739824cc957e0149181ed4767d48e b/fuzz/corpora/ct/a4726cc0ba1739824cc957e0149181ed4767d48e
-new file mode 100644
-index 0000000..bb8219c
-Binary files /dev/null and b/fuzz/corpora/ct/a4726cc0ba1739824cc957e0149181ed4767d48e differ
-diff --git a/fuzz/corpora/ct/a945232f71eab8e9f8ac963d0509bc4dfd78eb1c b/fuzz/corpora/ct/a945232f71eab8e9f8ac963d0509bc4dfd78eb1c
-new file mode 100644
-index 0000000..2f6286e
-Binary files /dev/null and b/fuzz/corpora/ct/a945232f71eab8e9f8ac963d0509bc4dfd78eb1c differ
-diff --git a/fuzz/corpora/ct/aafbbfe3458378057a80107e00d7b34968b3eb99 b/fuzz/corpora/ct/aafbbfe3458378057a80107e00d7b34968b3eb99
-new file mode 100644
-index 0000000..82a3da0
-Binary files /dev/null and b/fuzz/corpora/ct/aafbbfe3458378057a80107e00d7b34968b3eb99 differ
-diff --git a/fuzz/corpora/ct/ac8ff901361ef256822d13a0678807a8b90b90ff b/fuzz/corpora/ct/ac8ff901361ef256822d13a0678807a8b90b90ff
-new file mode 100644
-index 0000000..03442be
-Binary files /dev/null and b/fuzz/corpora/ct/ac8ff901361ef256822d13a0678807a8b90b90ff differ
-diff --git a/fuzz/corpora/ct/ad8a1c0f659dfc0207c5079c12bedd98713739d3 b/fuzz/corpora/ct/ad8a1c0f659dfc0207c5079c12bedd98713739d3
-new file mode 100644
-index 0000000..509b4ab
-Binary files /dev/null and b/fuzz/corpora/ct/ad8a1c0f659dfc0207c5079c12bedd98713739d3 differ
-diff --git a/fuzz/corpora/ct/aed36137c6f281161929caa350b88f5b7c46ef73 b/fuzz/corpora/ct/aed36137c6f281161929caa350b88f5b7c46ef73
-new file mode 100644
-index 0000000..e01c704
-Binary files /dev/null and b/fuzz/corpora/ct/aed36137c6f281161929caa350b88f5b7c46ef73 differ
-diff --git a/fuzz/corpora/ct/b3179b50c8a007deace008cc08f83885f176f465 b/fuzz/corpora/ct/b3179b50c8a007deace008cc08f83885f176f465
-new file mode 100644
-index 0000000..b847346
-Binary files /dev/null and b/fuzz/corpora/ct/b3179b50c8a007deace008cc08f83885f176f465 differ
-diff --git a/fuzz/corpora/ct/b8ec0d3444e4f3081a0d643d332dbcf9660bfaaf b/fuzz/corpora/ct/b8ec0d3444e4f3081a0d643d332dbcf9660bfaaf
-new file mode 100644
-index 0000000..9f405ac
-Binary files /dev/null and b/fuzz/corpora/ct/b8ec0d3444e4f3081a0d643d332dbcf9660bfaaf differ
-diff --git a/fuzz/corpora/ct/c23bc56f2e42d1f5eaa0205bcd0800d74e8a1475 b/fuzz/corpora/ct/c23bc56f2e42d1f5eaa0205bcd0800d74e8a1475
-new file mode 100644
-index 0000000..a86e697
-Binary files /dev/null and b/fuzz/corpora/ct/c23bc56f2e42d1f5eaa0205bcd0800d74e8a1475 differ
-diff --git a/fuzz/corpora/ct/c5ea3c4b7b893b82ddd888660f5cf66a3cfe2fe5 b/fuzz/corpora/ct/c5ea3c4b7b893b82ddd888660f5cf66a3cfe2fe5
-new file mode 100644
-index 0000000..52ad7d2
-Binary files /dev/null and b/fuzz/corpora/ct/c5ea3c4b7b893b82ddd888660f5cf66a3cfe2fe5 differ
-diff --git a/fuzz/corpora/ct/cf807a8480723638324d6824d201839957d0e8b5 b/fuzz/corpora/ct/cf807a8480723638324d6824d201839957d0e8b5
-new file mode 100644
-index 0000000..892e580
-Binary files /dev/null and b/fuzz/corpora/ct/cf807a8480723638324d6824d201839957d0e8b5 differ
-diff --git a/fuzz/corpora/ct/d09aebe0ab964f07549a381f32a701f862cb7ec2 b/fuzz/corpora/ct/d09aebe0ab964f07549a381f32a701f862cb7ec2
-new file mode 100644
-index 0000000..4d8941c
-Binary files /dev/null and b/fuzz/corpora/ct/d09aebe0ab964f07549a381f32a701f862cb7ec2 differ
-diff --git a/fuzz/corpora/ct/d411e296a08dfb1f6464adb43f40d9fa1dfc19a7 b/fuzz/corpora/ct/d411e296a08dfb1f6464adb43f40d9fa1dfc19a7
-new file mode 100644
-index 0000000..3e8a9f4
-Binary files /dev/null and b/fuzz/corpora/ct/d411e296a08dfb1f6464adb43f40d9fa1dfc19a7 differ
-diff --git a/fuzz/corpora/ct/d535d1fe255561af7163e1651e5d59c34040bcfd b/fuzz/corpora/ct/d535d1fe255561af7163e1651e5d59c34040bcfd
-new file mode 100644
-index 0000000..fb317ce
-Binary files /dev/null and b/fuzz/corpora/ct/d535d1fe255561af7163e1651e5d59c34040bcfd differ
-diff --git a/fuzz/corpora/ct/d5df69981f86be99724c8478d9023d48562db132 b/fuzz/corpora/ct/d5df69981f86be99724c8478d9023d48562db132
-new file mode 100644
-index 0000000..4f33093
-Binary files /dev/null and b/fuzz/corpora/ct/d5df69981f86be99724c8478d9023d48562db132 differ
-diff --git a/fuzz/corpora/ct/d66a6943f8fd02c70e52fcea161367321ca48680 b/fuzz/corpora/ct/d66a6943f8fd02c70e52fcea161367321ca48680
-new file mode 100644
-index 0000000..48ec642
-Binary files /dev/null and b/fuzz/corpora/ct/d66a6943f8fd02c70e52fcea161367321ca48680 differ
-diff --git a/fuzz/corpora/ct/e1d38f062d750b8f53f6256b40e4ec44f7bf7523 b/fuzz/corpora/ct/e1d38f062d750b8f53f6256b40e4ec44f7bf7523
-new file mode 100644
-index 0000000..77271f1
-Binary files /dev/null and b/fuzz/corpora/ct/e1d38f062d750b8f53f6256b40e4ec44f7bf7523 differ
-diff --git a/fuzz/corpora/ct/e507725d8493607c6f8479ed0ea78fd160d4f145 b/fuzz/corpora/ct/e507725d8493607c6f8479ed0ea78fd160d4f145
-new file mode 100644
-index 0000000..ca61d85
-Binary files /dev/null and b/fuzz/corpora/ct/e507725d8493607c6f8479ed0ea78fd160d4f145 differ
-diff --git a/fuzz/corpora/ct/e8187779c57fa099aa34c62f045a3abb217c720c b/fuzz/corpora/ct/e8187779c57fa099aa34c62f045a3abb217c720c
-new file mode 100644
-index 0000000..4423d9f
-Binary files /dev/null and b/fuzz/corpora/ct/e8187779c57fa099aa34c62f045a3abb217c720c differ
-diff --git a/fuzz/corpora/ct/e8e1b12ff92662955e397d9ee448ccf0ff2b06da b/fuzz/corpora/ct/e8e1b12ff92662955e397d9ee448ccf0ff2b06da
-new file mode 100644
-index 0000000..215a530
-Binary files /dev/null and b/fuzz/corpora/ct/e8e1b12ff92662955e397d9ee448ccf0ff2b06da differ
-diff --git a/fuzz/corpora/ct/e8e379ea844af669a164a9092ac0e66fe59d7986 b/fuzz/corpora/ct/e8e379ea844af669a164a9092ac0e66fe59d7986
-new file mode 100644
-index 0000000..00212c1
-Binary files /dev/null and b/fuzz/corpora/ct/e8e379ea844af669a164a9092ac0e66fe59d7986 differ
-diff --git a/fuzz/corpora/ct/f019422397a6e13ff871b58cd01977f9205d5e76 b/fuzz/corpora/ct/f019422397a6e13ff871b58cd01977f9205d5e76
-new file mode 100644
-index 0000000..ecc98b1
-Binary files /dev/null and b/fuzz/corpora/ct/f019422397a6e13ff871b58cd01977f9205d5e76 differ
-diff --git a/fuzz/corpora/ct/f03c8dc48ee6160ad0b7c237c96d7439ad783fa2 b/fuzz/corpora/ct/f03c8dc48ee6160ad0b7c237c96d7439ad783fa2
-new file mode 100644
-index 0000000..282619a
-Binary files /dev/null and b/fuzz/corpora/ct/f03c8dc48ee6160ad0b7c237c96d7439ad783fa2 differ
-diff --git a/fuzz/corpora/ct/f1d9ba7524b74a3242dc7cba6ebb218d7feac5f6 b/fuzz/corpora/ct/f1d9ba7524b74a3242dc7cba6ebb218d7feac5f6
-new file mode 100644
-index 0000000..5bec4d0
-Binary files /dev/null and b/fuzz/corpora/ct/f1d9ba7524b74a3242dc7cba6ebb218d7feac5f6 differ
-diff --git a/fuzz/corpora/ct/f73ac97ced4eb3f6f653c0429c8ce0e3f044d7c0 b/fuzz/corpora/ct/f73ac97ced4eb3f6f653c0429c8ce0e3f044d7c0
-new file mode 100644
-index 0000000..de5f684
-Binary files /dev/null and b/fuzz/corpora/ct/f73ac97ced4eb3f6f653c0429c8ce0e3f044d7c0 differ
-diff --git a/fuzz/corpora/ct/fc276beaed6f0481e20224efd658a6e9a63ea3c0 b/fuzz/corpora/ct/fc276beaed6f0481e20224efd658a6e9a63ea3c0
-new file mode 100644
-index 0000000..0a7c30e
-Binary files /dev/null and b/fuzz/corpora/ct/fc276beaed6f0481e20224efd658a6e9a63ea3c0 differ
-diff --git a/fuzz/corpora/ct/fe9f6093c7583ad2f0d0336dd20a95b6a203328c b/fuzz/corpora/ct/fe9f6093c7583ad2f0d0336dd20a95b6a203328c
-new file mode 100644
-index 0000000..b598073
-Binary files /dev/null and b/fuzz/corpora/ct/fe9f6093c7583ad2f0d0336dd20a95b6a203328c differ
-diff --git a/fuzz/corpora/ct/ff3350f23fe293e1473f8cc293c9f6d4ec5c49e1 b/fuzz/corpora/ct/ff3350f23fe293e1473f8cc293c9f6d4ec5c49e1
-new file mode 100644
-index 0000000..7b05239
-Binary files /dev/null and b/fuzz/corpora/ct/ff3350f23fe293e1473f8cc293c9f6d4ec5c49e1 differ
-diff --git a/fuzz/corpora/server/00d84822aa5b6fb48752005041e4dbb35415329b b/fuzz/corpora/server/00d84822aa5b6fb48752005041e4dbb35415329b
-new file mode 100644
-index 0000000..d04501b
-Binary files /dev/null and b/fuzz/corpora/server/00d84822aa5b6fb48752005041e4dbb35415329b differ
-diff --git a/fuzz/corpora/server/03a2b738c9650dc2f784940db325d78b05af64e9 b/fuzz/corpora/server/03a2b738c9650dc2f784940db325d78b05af64e9
-new file mode 100644
-index 0000000..71c0936
-Binary files /dev/null and b/fuzz/corpora/server/03a2b738c9650dc2f784940db325d78b05af64e9 differ
-diff --git a/fuzz/corpora/server/05cb9e47e5f09ad3a98a43789a3f6ad0a40fa71c b/fuzz/corpora/server/05cb9e47e5f09ad3a98a43789a3f6ad0a40fa71c
-new file mode 100644
-index 0000000..abb6dcd
-Binary files /dev/null and b/fuzz/corpora/server/05cb9e47e5f09ad3a98a43789a3f6ad0a40fa71c differ
-diff --git a/fuzz/corpora/server/0acc2c1d95cf88788848e8fadfc50c4597b28000 b/fuzz/corpora/server/0acc2c1d95cf88788848e8fadfc50c4597b28000
-new file mode 100644
-index 0000000..f5611d8
-Binary files /dev/null and b/fuzz/corpora/server/0acc2c1d95cf88788848e8fadfc50c4597b28000 differ
-diff --git a/fuzz/corpora/server/0e78f126c2272ca40b1dfc7544c8994d2daf72a0 b/fuzz/corpora/server/0e78f126c2272ca40b1dfc7544c8994d2daf72a0
-new file mode 100644
-index 0000000..753fb85
-Binary files /dev/null and b/fuzz/corpora/server/0e78f126c2272ca40b1dfc7544c8994d2daf72a0 differ
-diff --git a/fuzz/corpora/server/16fa1a2d494abd2bf3c211df08388ab202434c3a b/fuzz/corpora/server/16fa1a2d494abd2bf3c211df08388ab202434c3a
-new file mode 100644
-index 0000000..05c2164
-Binary files /dev/null and b/fuzz/corpora/server/16fa1a2d494abd2bf3c211df08388ab202434c3a differ
-diff --git a/fuzz/corpora/server/1a36089449687faaaad64f48d547bf1e25f6ef7f b/fuzz/corpora/server/1a36089449687faaaad64f48d547bf1e25f6ef7f
-new file mode 100644
-index 0000000..cb3adf7
-Binary files /dev/null and b/fuzz/corpora/server/1a36089449687faaaad64f48d547bf1e25f6ef7f differ
-diff --git a/fuzz/corpora/server/1d4e35f876cadf708fd9383def5d05996938b27f b/fuzz/corpora/server/1d4e35f876cadf708fd9383def5d05996938b27f
-new file mode 100644
-index 0000000..6a92227
-Binary files /dev/null and b/fuzz/corpora/server/1d4e35f876cadf708fd9383def5d05996938b27f differ
-diff --git a/fuzz/corpora/server/1ddeb202fe4f0c0ed555cb4db6065add121da8a4 b/fuzz/corpora/server/1ddeb202fe4f0c0ed555cb4db6065add121da8a4
-new file mode 100644
-index 0000000..5275a91
-Binary files /dev/null and b/fuzz/corpora/server/1ddeb202fe4f0c0ed555cb4db6065add121da8a4 differ
-diff --git a/fuzz/corpora/server/1f354e139279b9421660f235117a88130dea07d3 b/fuzz/corpora/server/1f354e139279b9421660f235117a88130dea07d3
-new file mode 100644
-index 0000000..8c86101
-Binary files /dev/null and b/fuzz/corpora/server/1f354e139279b9421660f235117a88130dea07d3 differ
-diff --git a/fuzz/corpora/server/202162f9f306451d8f053813240d2f3f5ba89293 b/fuzz/corpora/server/202162f9f306451d8f053813240d2f3f5ba89293
-new file mode 100644
-index 0000000..20209fa
-Binary files /dev/null and b/fuzz/corpora/server/202162f9f306451d8f053813240d2f3f5ba89293 differ
-diff --git a/fuzz/corpora/server/278661fa282247156455f1cc68d404f6ea6431dc b/fuzz/corpora/server/278661fa282247156455f1cc68d404f6ea6431dc
-new file mode 100644
-index 0000000..8a8a6c6
-Binary files /dev/null and b/fuzz/corpora/server/278661fa282247156455f1cc68d404f6ea6431dc differ
-diff --git a/fuzz/corpora/server/2e080345b5a3e38f86f00b81ea5d48317ba1e63e b/fuzz/corpora/server/2e080345b5a3e38f86f00b81ea5d48317ba1e63e
-new file mode 100644
-index 0000000..37b0fef
-Binary files /dev/null and b/fuzz/corpora/server/2e080345b5a3e38f86f00b81ea5d48317ba1e63e differ
-diff --git a/fuzz/corpora/server/31567eb87d6450a43b56fc04b252cd17bca55928 b/fuzz/corpora/server/31567eb87d6450a43b56fc04b252cd17bca55928
-new file mode 100644
-index 0000000..819a551
-Binary files /dev/null and b/fuzz/corpora/server/31567eb87d6450a43b56fc04b252cd17bca55928 differ
-diff --git a/fuzz/corpora/server/329fc00b5325b7fbf655d4a1cca68811895c2ede b/fuzz/corpora/server/329fc00b5325b7fbf655d4a1cca68811895c2ede
-new file mode 100644
-index 0000000..b63b3ae
-Binary files /dev/null and b/fuzz/corpora/server/329fc00b5325b7fbf655d4a1cca68811895c2ede differ
-diff --git a/fuzz/corpora/server/3db8911ae75aebc89ade50a6dd23f3b212fc25df b/fuzz/corpora/server/3db8911ae75aebc89ade50a6dd23f3b212fc25df
-new file mode 100644
-index 0000000..b02935c
-Binary files /dev/null and b/fuzz/corpora/server/3db8911ae75aebc89ade50a6dd23f3b212fc25df differ
-diff --git a/fuzz/corpora/server/3f49bcd68e713a4d6470a82f06cfe124b07b812c b/fuzz/corpora/server/3f49bcd68e713a4d6470a82f06cfe124b07b812c
-new file mode 100644
-index 0000000..b360945
-Binary files /dev/null and b/fuzz/corpora/server/3f49bcd68e713a4d6470a82f06cfe124b07b812c differ
-diff --git a/fuzz/corpora/server/3fb838543c3019d83471309c61c8bc2c507a30d4 b/fuzz/corpora/server/3fb838543c3019d83471309c61c8bc2c507a30d4
-new file mode 100644
-index 0000000..60ca909
-Binary files /dev/null and b/fuzz/corpora/server/3fb838543c3019d83471309c61c8bc2c507a30d4 differ
-diff --git a/fuzz/corpora/server/4185e575c03b7d10c0b2d8f51f95b126a7c9ff27 b/fuzz/corpora/server/4185e575c03b7d10c0b2d8f51f95b126a7c9ff27
-new file mode 100644
-index 0000000..ade328a
-Binary files /dev/null and b/fuzz/corpora/server/4185e575c03b7d10c0b2d8f51f95b126a7c9ff27 differ
-diff --git a/fuzz/corpora/server/42b49934137fdb5a258a9d23cd3f1f4df350e5ab b/fuzz/corpora/server/42b49934137fdb5a258a9d23cd3f1f4df350e5ab
-new file mode 100644
-index 0000000..57e66ef
-Binary files /dev/null and b/fuzz/corpora/server/42b49934137fdb5a258a9d23cd3f1f4df350e5ab differ
-diff --git a/fuzz/corpora/server/452a3866c94029fa4f4d19fff220f1696e79820b b/fuzz/corpora/server/452a3866c94029fa4f4d19fff220f1696e79820b
-new file mode 100644
-index 0000000..7b68177
-Binary files /dev/null and b/fuzz/corpora/server/452a3866c94029fa4f4d19fff220f1696e79820b differ
-diff --git a/fuzz/corpora/server/48c3066f502f091bdfc7082655e4f50a4fdd8a29 b/fuzz/corpora/server/48c3066f502f091bdfc7082655e4f50a4fdd8a29
-new file mode 100644
-index 0000000..a5daa32
-Binary files /dev/null and b/fuzz/corpora/server/48c3066f502f091bdfc7082655e4f50a4fdd8a29 differ
-diff --git a/fuzz/corpora/server/4c2d4fca8ba68fa29bcabc1f282570873dc87ae3 b/fuzz/corpora/server/4c2d4fca8ba68fa29bcabc1f282570873dc87ae3
-new file mode 100644
-index 0000000..7948c5f
-Binary files /dev/null and b/fuzz/corpora/server/4c2d4fca8ba68fa29bcabc1f282570873dc87ae3 differ
-diff --git a/fuzz/corpora/server/4c551ab843a0087bd2bda5ca2553259936def6bb b/fuzz/corpora/server/4c551ab843a0087bd2bda5ca2553259936def6bb
-new file mode 100644
-index 0000000..104e731
-Binary files /dev/null and b/fuzz/corpora/server/4c551ab843a0087bd2bda5ca2553259936def6bb differ
-diff --git a/fuzz/corpora/server/555859c6820a2b0b1c689fb32b97a26e537dc423 b/fuzz/corpora/server/555859c6820a2b0b1c689fb32b97a26e537dc423
-new file mode 100644
-index 0000000..a01cbec
-Binary files /dev/null and b/fuzz/corpora/server/555859c6820a2b0b1c689fb32b97a26e537dc423 differ
-diff --git a/fuzz/corpora/server/5bd5e4edc3c1fe3617f0ceb512ef64aa02312eea b/fuzz/corpora/server/5bd5e4edc3c1fe3617f0ceb512ef64aa02312eea
-new file mode 100644
-index 0000000..63d479e
-Binary files /dev/null and b/fuzz/corpora/server/5bd5e4edc3c1fe3617f0ceb512ef64aa02312eea differ
-diff --git a/fuzz/corpora/server/5fb0d03a2cf462fbf42d3e09a63e5720e94dd8fc b/fuzz/corpora/server/5fb0d03a2cf462fbf42d3e09a63e5720e94dd8fc
-new file mode 100644
-index 0000000..6334b0d
-Binary files /dev/null and b/fuzz/corpora/server/5fb0d03a2cf462fbf42d3e09a63e5720e94dd8fc differ
-diff --git a/fuzz/corpora/server/60dd92879d5b6802af3a79ab8c109957cc69b10d b/fuzz/corpora/server/60dd92879d5b6802af3a79ab8c109957cc69b10d
-new file mode 100644
-index 0000000..c74cc03
-Binary files /dev/null and b/fuzz/corpora/server/60dd92879d5b6802af3a79ab8c109957cc69b10d differ
-diff --git a/fuzz/corpora/server/6434e9d3629b10e159ffbaadc201b459389f7dfa b/fuzz/corpora/server/6434e9d3629b10e159ffbaadc201b459389f7dfa
-new file mode 100644
-index 0000000..4691f3d
-Binary files /dev/null and b/fuzz/corpora/server/6434e9d3629b10e159ffbaadc201b459389f7dfa differ
-diff --git a/fuzz/corpora/server/647a54e4ece166f05b4ef2b5164bb50cacb7100e b/fuzz/corpora/server/647a54e4ece166f05b4ef2b5164bb50cacb7100e
-new file mode 100644
-index 0000000..d0459cc
-Binary files /dev/null and b/fuzz/corpora/server/647a54e4ece166f05b4ef2b5164bb50cacb7100e differ
-diff --git a/fuzz/corpora/server/65c7302da031984e824a22a5c89ec888c77f6e34 b/fuzz/corpora/server/65c7302da031984e824a22a5c89ec888c77f6e34
-new file mode 100644
-index 0000000..3689fe6
-Binary files /dev/null and b/fuzz/corpora/server/65c7302da031984e824a22a5c89ec888c77f6e34 differ
-diff --git a/fuzz/corpora/server/6703ba213cbaae9fc31089243ceed2c9c9bf77d9 b/fuzz/corpora/server/6703ba213cbaae9fc31089243ceed2c9c9bf77d9
-new file mode 100644
-index 0000000..47d2e4e
-Binary files /dev/null and b/fuzz/corpora/server/6703ba213cbaae9fc31089243ceed2c9c9bf77d9 differ
-diff --git a/fuzz/corpora/server/67ce0e211ae45b6d69f39f80f3362c0cdad7486b b/fuzz/corpora/server/67ce0e211ae45b6d69f39f80f3362c0cdad7486b
-new file mode 100644
-index 0000000..364f9a3
-Binary files /dev/null and b/fuzz/corpora/server/67ce0e211ae45b6d69f39f80f3362c0cdad7486b differ
-diff --git a/fuzz/corpora/server/6f403d09540861099b00317576af7c48525cb526 b/fuzz/corpora/server/6f403d09540861099b00317576af7c48525cb526
-new file mode 100644
-index 0000000..b8c9faf
-Binary files /dev/null and b/fuzz/corpora/server/6f403d09540861099b00317576af7c48525cb526 differ
-diff --git a/fuzz/corpora/server/6f4fd301492374265b13a1c4f4fd1a1fe5c8a69c b/fuzz/corpora/server/6f4fd301492374265b13a1c4f4fd1a1fe5c8a69c
-new file mode 100644
-index 0000000..1042ebf
-Binary files /dev/null and b/fuzz/corpora/server/6f4fd301492374265b13a1c4f4fd1a1fe5c8a69c differ
-diff --git a/fuzz/corpora/server/71ab7b71ea3f94ab730bfd1b120cdc437abf188b b/fuzz/corpora/server/71ab7b71ea3f94ab730bfd1b120cdc437abf188b
-new file mode 100644
-index 0000000..e6a566b
-Binary files /dev/null and b/fuzz/corpora/server/71ab7b71ea3f94ab730bfd1b120cdc437abf188b differ
-diff --git a/fuzz/corpora/server/7404c4cd1b3e25c2d3928ad84eb83173bc100c01 b/fuzz/corpora/server/7404c4cd1b3e25c2d3928ad84eb83173bc100c01
-new file mode 100644
-index 0000000..056e0dc
-Binary files /dev/null and b/fuzz/corpora/server/7404c4cd1b3e25c2d3928ad84eb83173bc100c01 differ
-diff --git a/fuzz/corpora/server/7bde5e8b01fb87ae67b83943ef391d79101d86c6 b/fuzz/corpora/server/7bde5e8b01fb87ae67b83943ef391d79101d86c6
-new file mode 100644
-index 0000000..cd66a86
-Binary files /dev/null and b/fuzz/corpora/server/7bde5e8b01fb87ae67b83943ef391d79101d86c6 differ
-diff --git a/fuzz/corpora/server/7f8f856f9c4095f0affffd94c6ed755ddc6b0ab7 b/fuzz/corpora/server/7f8f856f9c4095f0affffd94c6ed755ddc6b0ab7
-new file mode 100644
-index 0000000..8cfbf5e
-Binary files /dev/null and b/fuzz/corpora/server/7f8f856f9c4095f0affffd94c6ed755ddc6b0ab7 differ
-diff --git a/fuzz/corpora/server/8048feda962802c604c2d31cd64c7b3485d8b013 b/fuzz/corpora/server/8048feda962802c604c2d31cd64c7b3485d8b013
-new file mode 100644
-index 0000000..798e813
-Binary files /dev/null and b/fuzz/corpora/server/8048feda962802c604c2d31cd64c7b3485d8b013 differ
-diff --git a/fuzz/corpora/server/80e9bca075a47f9ee831d63ff0e5e1e090116864 b/fuzz/corpora/server/80e9bca075a47f9ee831d63ff0e5e1e090116864
-new file mode 100644
-index 0000000..f5b05c8
-Binary files /dev/null and b/fuzz/corpora/server/80e9bca075a47f9ee831d63ff0e5e1e090116864 differ
-diff --git a/fuzz/corpora/server/81fb66262d2a3ab2645581597922afbefb4709ee b/fuzz/corpora/server/81fb66262d2a3ab2645581597922afbefb4709ee
-new file mode 100644
-index 0000000..2d6fa3a
-Binary files /dev/null and b/fuzz/corpora/server/81fb66262d2a3ab2645581597922afbefb4709ee differ
-diff --git a/fuzz/corpora/server/826b5ba931a9d31b8f62eaebcb794842ab4fa272 b/fuzz/corpora/server/826b5ba931a9d31b8f62eaebcb794842ab4fa272
-new file mode 100644
-index 0000000..a0d1ea6
-Binary files /dev/null and b/fuzz/corpora/server/826b5ba931a9d31b8f62eaebcb794842ab4fa272 differ
-diff --git a/fuzz/corpora/server/85da2ddda10d1fd2acafdaa1bbed9d8524ccda6b b/fuzz/corpora/server/85da2ddda10d1fd2acafdaa1bbed9d8524ccda6b
-new file mode 100644
-index 0000000..1b6acbb
-Binary files /dev/null and b/fuzz/corpora/server/85da2ddda10d1fd2acafdaa1bbed9d8524ccda6b differ
-diff --git a/fuzz/corpora/server/884e41730d1243abec8390061fce441d4203d4de b/fuzz/corpora/server/884e41730d1243abec8390061fce441d4203d4de
-new file mode 100644
-index 0000000..b6c4c58
-Binary files /dev/null and b/fuzz/corpora/server/884e41730d1243abec8390061fce441d4203d4de differ
-diff --git a/fuzz/corpora/server/8d1571bfcc6b1d9e2291776435d633ee1e9efc34 b/fuzz/corpora/server/8d1571bfcc6b1d9e2291776435d633ee1e9efc34
-new file mode 100644
-index 0000000..911c0ac
-Binary files /dev/null and b/fuzz/corpora/server/8d1571bfcc6b1d9e2291776435d633ee1e9efc34 differ
-diff --git a/fuzz/corpora/server/9a9f6c51e03fc4e51570f9c65f363a4b6b370e84 b/fuzz/corpora/server/9a9f6c51e03fc4e51570f9c65f363a4b6b370e84
-new file mode 100644
-index 0000000..1c37785
-Binary files /dev/null and b/fuzz/corpora/server/9a9f6c51e03fc4e51570f9c65f363a4b6b370e84 differ
-diff --git a/fuzz/corpora/server/9bc58cf79267d67feda542cabad7ae62a6e60e7f b/fuzz/corpora/server/9bc58cf79267d67feda542cabad7ae62a6e60e7f
-new file mode 100644
-index 0000000..0b6c5b0
-Binary files /dev/null and b/fuzz/corpora/server/9bc58cf79267d67feda542cabad7ae62a6e60e7f differ
-diff --git a/fuzz/corpora/server/abb116c4143eb3be9d6f8fbe91fc2a0e502f0475 b/fuzz/corpora/server/abb116c4143eb3be9d6f8fbe91fc2a0e502f0475
-new file mode 100644
-index 0000000..ca08fde
-Binary files /dev/null and b/fuzz/corpora/server/abb116c4143eb3be9d6f8fbe91fc2a0e502f0475 differ
-diff --git a/fuzz/corpora/server/ad73381d720d12fd4bded78fb48c25f92e21645c b/fuzz/corpora/server/ad73381d720d12fd4bded78fb48c25f92e21645c
-new file mode 100644
-index 0000000..558439c
-Binary files /dev/null and b/fuzz/corpora/server/ad73381d720d12fd4bded78fb48c25f92e21645c differ
-diff --git a/fuzz/corpora/server/b4d864c441c24cbd36276f5ea21e747a057aa8fc b/fuzz/corpora/server/b4d864c441c24cbd36276f5ea21e747a057aa8fc
-new file mode 100644
-index 0000000..42768d6
-Binary files /dev/null and b/fuzz/corpora/server/b4d864c441c24cbd36276f5ea21e747a057aa8fc differ
-diff --git a/fuzz/corpora/server/b6c2977a4b00c916e90d5758d982ae6c75d67200 b/fuzz/corpora/server/b6c2977a4b00c916e90d5758d982ae6c75d67200
-new file mode 100644
-index 0000000..f73d803
-Binary files /dev/null and b/fuzz/corpora/server/b6c2977a4b00c916e90d5758d982ae6c75d67200 differ
-diff --git a/fuzz/corpora/server/bd742ea29dd6c69983df2627e6e6df4ae2f52b6c b/fuzz/corpora/server/bd742ea29dd6c69983df2627e6e6df4ae2f52b6c
-new file mode 100644
-index 0000000..98e7ca9
-Binary files /dev/null and b/fuzz/corpora/server/bd742ea29dd6c69983df2627e6e6df4ae2f52b6c differ
-diff --git a/fuzz/corpora/server/be132fc41e853a231b564a2c77efbd34f86b2e26 b/fuzz/corpora/server/be132fc41e853a231b564a2c77efbd34f86b2e26
-new file mode 100644
-index 0000000..ccaaae2
-Binary files /dev/null and b/fuzz/corpora/server/be132fc41e853a231b564a2c77efbd34f86b2e26 differ
-diff --git a/fuzz/corpora/server/c0a1d768b0695cc7657268572121c511973f36a3 b/fuzz/corpora/server/c0a1d768b0695cc7657268572121c511973f36a3
-new file mode 100644
-index 0000000..09f3dc3
-Binary files /dev/null and b/fuzz/corpora/server/c0a1d768b0695cc7657268572121c511973f36a3 differ
-diff --git a/fuzz/corpora/server/c634eccff951065fe4775ab68e2c34b9044c2388 b/fuzz/corpora/server/c634eccff951065fe4775ab68e2c34b9044c2388
-new file mode 100644
-index 0000000..df3b036
-Binary files /dev/null and b/fuzz/corpora/server/c634eccff951065fe4775ab68e2c34b9044c2388 differ
-diff --git a/fuzz/corpora/server/cb30183a0feee7a77c9c0ac94675b2e40f6a061f b/fuzz/corpora/server/cb30183a0feee7a77c9c0ac94675b2e40f6a061f
-new file mode 100644
-index 0000000..d50fd02
-Binary files /dev/null and b/fuzz/corpora/server/cb30183a0feee7a77c9c0ac94675b2e40f6a061f differ
-diff --git a/fuzz/corpora/server/ccb9ba1720ea08aac679f58664e7ad91f9450de4 b/fuzz/corpora/server/ccb9ba1720ea08aac679f58664e7ad91f9450de4
-new file mode 100644
-index 0000000..64d0e27
-Binary files /dev/null and b/fuzz/corpora/server/ccb9ba1720ea08aac679f58664e7ad91f9450de4 differ
-diff --git a/fuzz/corpora/server/cf03c2f24d9f024b5537f9cfe5e0aeb54550d08a b/fuzz/corpora/server/cf03c2f24d9f024b5537f9cfe5e0aeb54550d08a
-new file mode 100644
-index 0000000..c0f90fc
-Binary files /dev/null and b/fuzz/corpora/server/cf03c2f24d9f024b5537f9cfe5e0aeb54550d08a differ
-diff --git a/fuzz/corpora/server/d035444251bff1cc77ed685b4b817387d9cf473e b/fuzz/corpora/server/d035444251bff1cc77ed685b4b817387d9cf473e
-new file mode 100644
-index 0000000..ffe2e1d
-Binary files /dev/null and b/fuzz/corpora/server/d035444251bff1cc77ed685b4b817387d9cf473e differ
-diff --git a/fuzz/corpora/server/d10d61eb942db78d943faca1880d55971bfe1e44 b/fuzz/corpora/server/d10d61eb942db78d943faca1880d55971bfe1e44
-new file mode 100644
-index 0000000..f21ff88
-Binary files /dev/null and b/fuzz/corpora/server/d10d61eb942db78d943faca1880d55971bfe1e44 differ
-diff --git a/fuzz/corpora/server/d3154759d89ea82c15937fe4162d153790c5ad3a b/fuzz/corpora/server/d3154759d89ea82c15937fe4162d153790c5ad3a
-new file mode 100644
-index 0000000..a314bc9
-Binary files /dev/null and b/fuzz/corpora/server/d3154759d89ea82c15937fe4162d153790c5ad3a differ
-diff --git a/fuzz/corpora/server/e10985e15084a2ad543839a6233546717028940f b/fuzz/corpora/server/e10985e15084a2ad543839a6233546717028940f
-new file mode 100644
-index 0000000..a8f65a4
-Binary files /dev/null and b/fuzz/corpora/server/e10985e15084a2ad543839a6233546717028940f differ
-diff --git a/fuzz/corpora/server/e156eff53c46a7ce07d4b29683ab284280a931d8 b/fuzz/corpora/server/e156eff53c46a7ce07d4b29683ab284280a931d8
-new file mode 100644
-index 0000000..07bed83
-Binary files /dev/null and b/fuzz/corpora/server/e156eff53c46a7ce07d4b29683ab284280a931d8 differ
-diff --git a/fuzz/corpora/server/e2fb2f12f6fe36b4d96b83458a508802cc3b1122 b/fuzz/corpora/server/e2fb2f12f6fe36b4d96b83458a508802cc3b1122
-new file mode 100644
-index 0000000..2b13460
-Binary files /dev/null and b/fuzz/corpora/server/e2fb2f12f6fe36b4d96b83458a508802cc3b1122 differ
-diff --git a/fuzz/corpora/server/e59d84c5523cc452b38d78d4461ebdea0dea22cc b/fuzz/corpora/server/e59d84c5523cc452b38d78d4461ebdea0dea22cc
-new file mode 100644
-index 0000000..3c4bd51
-Binary files /dev/null and b/fuzz/corpora/server/e59d84c5523cc452b38d78d4461ebdea0dea22cc differ
-diff --git a/fuzz/corpora/server/e699cbb6df7876de54a8d3388202a9e76598a1a8 b/fuzz/corpora/server/e699cbb6df7876de54a8d3388202a9e76598a1a8
-new file mode 100644
-index 0000000..b8612d7
-Binary files /dev/null and b/fuzz/corpora/server/e699cbb6df7876de54a8d3388202a9e76598a1a8 differ
-diff --git a/fuzz/corpora/server/e96eb670cd24fbda753fccd2e21c5f6c61d9f9ca b/fuzz/corpora/server/e96eb670cd24fbda753fccd2e21c5f6c61d9f9ca
-new file mode 100644
-index 0000000..af4b9a2
-Binary files /dev/null and b/fuzz/corpora/server/e96eb670cd24fbda753fccd2e21c5f6c61d9f9ca differ
-diff --git a/fuzz/corpora/server/eb2e11be910e605342e2c2b5c844a19109fcb7b0 b/fuzz/corpora/server/eb2e11be910e605342e2c2b5c844a19109fcb7b0
-new file mode 100644
-index 0000000..fbdf219
-Binary files /dev/null and b/fuzz/corpora/server/eb2e11be910e605342e2c2b5c844a19109fcb7b0 differ
-diff --git a/fuzz/corpora/server/eeccdde27cfc417c2f4802ef6a7edf778959a044 b/fuzz/corpora/server/eeccdde27cfc417c2f4802ef6a7edf778959a044
-new file mode 100644
-index 0000000..444992a
-Binary files /dev/null and b/fuzz/corpora/server/eeccdde27cfc417c2f4802ef6a7edf778959a044 differ
-diff --git a/fuzz/corpora/server/f1c677b357abc2556d666bf47790a05d306a292d b/fuzz/corpora/server/f1c677b357abc2556d666bf47790a05d306a292d
-new file mode 100644
-index 0000000..cdb9d1b
-Binary files /dev/null and b/fuzz/corpora/server/f1c677b357abc2556d666bf47790a05d306a292d differ
-diff --git a/fuzz/corpora/server/f72d871c7701796accd3a7ea2ed52eac37a23a10 b/fuzz/corpora/server/f72d871c7701796accd3a7ea2ed52eac37a23a10
-new file mode 100644
-index 0000000..1d9f50d
-Binary files /dev/null and b/fuzz/corpora/server/f72d871c7701796accd3a7ea2ed52eac37a23a10 differ
-diff --git a/fuzz/corpora/server/face440e5722d3ad8a05f4fcb4cff096d5002675 b/fuzz/corpora/server/face440e5722d3ad8a05f4fcb4cff096d5002675
-new file mode 100644
-index 0000000..ce98f6a
-Binary files /dev/null and b/fuzz/corpora/server/face440e5722d3ad8a05f4fcb4cff096d5002675 differ
-diff --git a/fuzz/crl.c b/fuzz/crl.c
-new file mode 100644
-index 0000000..728943f
--- /dev/null
+++ b/fuzz/crl.c
@@ -0,0 +1,35 @@
@@ -152775,12 +149797,9 @@
+ }
+ return 0;
+}
-diff --git a/fuzz/ct.c b/fuzz/ct.c
-new file mode 100644
-index 0000000..5dc47f1
--- /dev/null
+++ b/fuzz/ct.c
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,40 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -152805,13 +149824,22 @@
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ const uint8_t **pp = &buf;
++ unsigned char *der = NULL;
+ STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
-+ SCT_LIST_free(scts);
++ if (scts != NULL) {
++ BIO *bio = BIO_new(BIO_s_null());
++ SCT_LIST_print(scts, bio, 4, "\n", NULL);
++ BIO_free(bio);
++
++ if (i2d_SCT_LIST(scts, &der)) {
++ /* Silence unused result warning */
++ }
++ OPENSSL_free(der);
++
++ SCT_LIST_free(scts);
++ }
+ return 0;
+}
-diff --git a/fuzz/driver.c b/fuzz/driver.c
-new file mode 100644
-index 0000000..c530fed
--- /dev/null
+++ b/fuzz/driver.c
@@ -0,0 +1,52 @@
@@ -152867,9 +149895,6 @@
+#error "Unsupported fuzzer"
+
+#endif
-diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h
-new file mode 100644
-index 0000000..04d605d
--- /dev/null
+++ b/fuzz/fuzzer.h
@@ -0,0 +1,12 @@
@@ -152885,9 +149910,6 @@
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len);
+int FuzzerInitialize(int *argc, char ***argv);
-diff --git a/fuzz/helper.py b/fuzz/helper.py
-new file mode 100755
-index 0000000..f5f9d77
--- /dev/null
+++ b/fuzz/helper.py
@@ -0,0 +1,52 @@
@@ -152943,12 +149965,9 @@
+
+if __name__ == "__main__":
+ main()
-diff --git a/fuzz/server.c b/fuzz/server.c
-new file mode 100644
-index 0000000..34c7734
--- /dev/null
+++ b/fuzz/server.c
-@@ -0,0 +1,243 @@
+@@ -0,0 +1,244 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -152966,6 +149985,7 @@
+
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
++#include <openssl/rsa.h>
+#include "fuzzer.h"
+
+static const uint8_t kCertificateDER[] = {
@@ -153192,12 +150212,9 @@
+ SSL_free(server);
+ return 0;
+}
-diff --git a/fuzz/test-corpus.c b/fuzz/test-corpus.c
-new file mode 100644
-index 0000000..ccad369
--- /dev/null
+++ b/fuzz/test-corpus.c
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -153233,6 +150250,8 @@
+
+ stat(argv[n], &st);
+ f = fopen(argv[n], "rb");
++ if (f == NULL)
++ continue;
+ buf = malloc(st.st_size);
+ s = fread(buf, 1, st.st_size, f);
+ OPENSSL_assert(s == (size_t)st.st_size);
@@ -153242,9 +150261,6 @@
+ }
+ return 0;
+}
-diff --git a/fuzz/x509.c b/fuzz/x509.c
-new file mode 100644
-index 0000000..b2851f1
--- /dev/null
+++ b/fuzz/x509.c
@@ -0,0 +1,36 @@
@@ -153284,8 +150300,6 @@
+ }
+ return 0;
+}
-diff --git a/include/internal/bio.h b/include/internal/bio.h
-index 31fe1aa..3b6a6ac 100644
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@@ -1,55 +1,10 @@
@@ -153350,8 +150364,6 @@
*/
#include <openssl/bio.h>
-diff --git a/include/internal/comp.h b/include/internal/comp.h
-index 34bf147..ac6e38b 100644
--- a/include/internal/comp.h
+++ b/include/internal/comp.h
@@ -1,9 +1,10 @@
@@ -153369,8 +150381,6 @@
*/
#include <openssl/comp.h>
-diff --git a/include/internal/conf.h b/include/internal/conf.h
-index 2d48daf..ada3f92 100644
--- a/include/internal/conf.h
+++ b/include/internal/conf.h
@@ -1,40 +1,10 @@
@@ -153432,14 +150442,14 @@
void openssl_no_config_int(void);
void conf_modules_free_int(void);
-diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h
-index 8141173..d27fb14 100644
--- a/include/internal/constant_time_locl.h
+++ b/include/internal/constant_time_locl.h
@@ -1,46 +1,10 @@
-/*-
- * Utilities for constant-time cryptography.
-- *
++/*
++ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Author: Emilia Kasper (emilia at openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
@@ -153475,9 +150485,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -153489,8 +150497,6 @@
*/
#ifndef HEADER_CONSTANT_TIME_LOCL_H
-diff --git a/include/internal/dane.h b/include/internal/dane.h
-index 1672849..65bf244 100644
--- a/include/internal/dane.h
+++ b/include/internal/dane.h
@@ -1,60 +1,12 @@
@@ -153560,8 +150566,19 @@
#ifndef HEADER_INTERNAL_DANE_H
#define HEADER_INTERNAL_DANE_H
-@@ -121,7 +73,8 @@ struct ssl_dane_st {
+@@ -105,6 +57,7 @@ struct dane_ctx_st {
+ const EVP_MD **mdevp; /* mtype -> digest */
+ uint8_t *mdord; /* mtype -> preference */
+ uint8_t mdmax; /* highest supported mtype */
++ unsigned long flags; /* feature bitmask */
+ };
+
+ /*
+@@ -119,9 +72,11 @@ struct ssl_dane_st {
+ uint32_t umask; /* Usages present */
+ int mdpth; /* Depth of matched cert */
int pdpth; /* Depth of PKIX trust */
++ unsigned long flags; /* feature bitmask */
};
-#define DANETLS_ENABLED(dane) ((dane) != NULL && ((dane)->trecs != NULL))
@@ -153570,8 +150587,6 @@
#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u)
-diff --git a/include/internal/dso.h b/include/internal/dso.h
-index eeb16b1..d371fbe 100644
--- a/include/internal/dso.h
+++ b/include/internal/dso.h
@@ -1,59 +1,10 @@
@@ -153639,12 +150654,13 @@
*/
#ifndef HEADER_DSO_H
-@@ -201,24 +152,18 @@ void *DSO_global_lookup(const char *name);
+@@ -201,24 +152,18 @@ void *DSO_global_lookup(const char *name
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_DSO_strings(void);
+
- void ERR_load_DSO_strings(void);
++int ERR_load_DSO_strings(void);
/* Error codes for the DSO functions. */
@@ -153707,8 +150723,6 @@
-#endif
+# endif
#endif
-diff --git a/include/internal/err.h b/include/internal/err.h
-index de2180b..d46b8bd 100644
--- a/include/internal/err.h
+++ b/include/internal/err.h
@@ -1,58 +1,10 @@
@@ -153775,8 +150789,6 @@
*/
#ifndef INTERNAL_ERR_H
-diff --git a/include/internal/numbers.h b/include/internal/numbers.h
-index da06dab..31931df 100644
--- a/include/internal/numbers.h
+++ b/include/internal/numbers.h
@@ -1,55 +1,10 @@
@@ -153841,8 +150853,6 @@
*/
#ifndef HEADER_NUMBERS_H
-diff --git a/include/internal/o_dir.h b/include/internal/o_dir.h
-index 427b37f..178c2ed 100644
--- a/include/internal/o_dir.h
+++ b/include/internal/o_dir.h
@@ -1,4 +1,13 @@
@@ -153859,8 +150869,6 @@
* Copied from Richard Levitte's (richard at levitte.org) LP library. All
* symbol names have been changed, with permission from the author.
*/
-diff --git a/include/internal/o_str.h b/include/internal/o_str.h
-index 2db3485..86403c9 100644
--- a/include/internal/o_str.h
+++ b/include/internal/o_str.h
@@ -1,59 +1,10 @@
@@ -153937,9 +150945,51 @@
int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
#endif
-diff --git a/include/internal/threads.h b/include/internal/threads.h
-deleted file mode 100644
-index 7897728..0000000
+--- /dev/null
++++ b/include/internal/thread_once.h
+@@ -0,0 +1,42 @@
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <openssl/crypto.h>
++
++#define DEFINE_RUN_ONCE(init) \
++ static int init(void); \
++ int init##_ossl_ret_ = 0; \
++ void init##_ossl_(void) \
++ { \
++ init##_ossl_ret_ = init(); \
++ } \
++ static int init(void)
++#define DECLARE_RUN_ONCE(init) \
++ extern int init##_ossl_ret_; \
++ void init##_ossl_(void);
++
++#define DEFINE_RUN_ONCE_STATIC(init) \
++ static int init(void); \
++ static int init##_ossl_ret_ = 0; \
++ static void init##_ossl_(void) \
++ { \
++ init##_ossl_ret_ = init(); \
++ } \
++ static int init(void)
++
++/*
++ * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
++ * @once: pointer to static object of type CRYPTO_ONCE
++ * @init: function name that was previously given to DEFINE_RUN_ONCE,
++ * DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.
++ *
++ * The return value is 1 on success or 0 in case of error.
++ */
++#define RUN_ONCE(once, init) \
++ (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
--- a/include/internal/threads.h
+++ /dev/null
@@ -1,92 +0,0 @@
@@ -154035,9 +151085,6 @@
-int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
-
-#endif
-diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/include/openssl/__DECC_INCLUDE_EPILOGUE.H
-new file mode 100644
-index 0000000..c350018
--- /dev/null
+++ b/include/openssl/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
@@ -154057,9 +151104,6 @@
+
+/* restore state. Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
-diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/include/openssl/__DECC_INCLUDE_PROLOGUE.H
-new file mode 100644
-index 0000000..9a9c777
--- /dev/null
+++ b/include/openssl/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
@@ -154083,9 +151127,6 @@
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
-diff --git a/include/openssl/__decc_include_epilogue.h b/include/openssl/__decc_include_epilogue.h
-deleted file mode 100644
-index 584384f..0000000
--- a/include/openssl/__decc_include_epilogue.h
+++ /dev/null
@@ -1,7 +0,0 @@
@@ -154096,9 +151137,6 @@
-
-/* restore state. Must correspond to the save in __decc_include_prologue.h */
-#pragma names restore
-diff --git a/include/openssl/__decc_include_prologue.h b/include/openssl/__decc_include_prologue.h
-deleted file mode 100644
-index 455181c..0000000
--- a/include/openssl/__decc_include_prologue.h
+++ /dev/null
@@ -1,11 +0,0 @@
@@ -154113,8 +151151,6 @@
- * followed by a 8 hex char CRC
- */
-#pragma names as_is,shortened
-diff --git a/include/openssl/aes.h b/include/openssl/aes.h
-index ee12540..245c552 100644
--- a/include/openssl/aes.h
+++ b/include/openssl/aes.h
@@ -1,51 +1,10 @@
@@ -154175,8 +151211,6 @@
*/
#ifndef HEADER_AES_H
-diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
-index 4c30a74..ce221a9 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1,58 +1,10 @@
@@ -154244,7 +151278,48 @@
*/
#ifndef HEADER_ASN1_H
-@@ -458,6 +410,11 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+@@ -94,13 +46,11 @@ extern "C" {
+ # define V_ASN1_OTHER -3/* used in ASN1_TYPE */
+ # define V_ASN1_ANY -4/* used in ASN1 template code */
+
+-# define V_ASN1_NEG 0x100/* negative flag */
+-
+ # define V_ASN1_UNDEF -1
++/* ASN.1 tag values */
+ # define V_ASN1_EOC 0
+ # define V_ASN1_BOOLEAN 1 /**/
+ # define V_ASN1_INTEGER 2
+-# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
+ # define V_ASN1_BIT_STRING 3
+ # define V_ASN1_OCTET_STRING 4
+ # define V_ASN1_NULL 5
+@@ -109,7 +59,6 @@ extern "C" {
+ # define V_ASN1_EXTERNAL 8
+ # define V_ASN1_REAL 9
+ # define V_ASN1_ENUMERATED 10
+-# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
+ # define V_ASN1_UTF8STRING 12
+ # define V_ASN1_SEQUENCE 16
+ # define V_ASN1_SET 17
+@@ -127,6 +76,17 @@ extern "C" {
+ # define V_ASN1_GENERALSTRING 27 /**/
+ # define V_ASN1_UNIVERSALSTRING 28 /**/
+ # define V_ASN1_BMPSTRING 30
++
++/*
++ * NB the constants below are used internally by ASN1_INTEGER
++ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
++ * the wire tag values.
++ */
++
++# define V_ASN1_NEG 0x100
++# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
++# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
++
+ /* For use with d2i_ASN1_type_bytes() */
+ # define B_ASN1_NUMERICSTRING 0x0001
+ # define B_ASN1_PRINTABLESTRING 0x0002
+@@ -458,6 +418,11 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (
# define ASN1_STRFLGS_DUMP_DER 0x200
/*
@@ -154256,7 +151331,7 @@
* All the string flags consistent with RFC2253, escaping control characters
* isn't essential in RFC2253 but it is advisable anyway.
*/
-@@ -473,6 +430,8 @@ DEFINE_STACK_OF(ASN1_INTEGER)
+@@ -473,6 +438,8 @@ DEFINE_STACK_OF(ASN1_INTEGER)
DEFINE_STACK_OF(ASN1_GENERALSTRING)
@@ -154265,8 +151340,35 @@
typedef struct asn1_type_st {
int type;
union {
-@@ -594,8 +553,8 @@ int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+@@ -549,7 +516,7 @@ typedef struct BIT_STRING_BITNAME_st {
+ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+-int ASN1_TYPE_get(ASN1_TYPE *a);
++int ASN1_TYPE_get(const ASN1_TYPE *a);
+ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+@@ -559,7 +526,7 @@ void *ASN1_TYPE_unpack_sequence(const AS
+
+ ASN1_OBJECT *ASN1_OBJECT_new(void);
+ void ASN1_OBJECT_free(ASN1_OBJECT *a);
+-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
++int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
+ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length);
+
+@@ -582,7 +549,7 @@ int ASN1_STRING_set(ASN1_STRING *str, co
+ void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+ int ASN1_STRING_length(const ASN1_STRING *x);
+ void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+-int ASN1_STRING_type(ASN1_STRING *x);
++int ASN1_STRING_type(const ASN1_STRING *x);
+ unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+
+ DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+@@ -594,8 +561,8 @@ int ASN1_BIT_STRING_check(const ASN1_BIT
+
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
BIT_STRING_BITNAME *tbl, int indent);
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
@@ -154276,7 +151378,38 @@
BIT_STRING_BITNAME *tbl);
DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-@@ -793,7 +752,7 @@ int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+@@ -665,10 +632,10 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEG
+ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+ int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a);
++int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+ int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
++int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+@@ -756,7 +723,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it
+ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+ # endif
+
+-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
++int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+@@ -785,7 +752,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *fp,
+ int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+ int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
+ int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+-int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int off);
++int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
+ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+ unsigned char *buf, int off);
+ int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+@@ -793,15 +760,15 @@ int ASN1_parse_dump(BIO *bp, const unsig
int dump);
const char *ASN1_tag2str(int tag);
@@ -154285,7 +151418,17 @@
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-@@ -839,8 +798,8 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
++int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
+ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+ unsigned char *data, int len);
+-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
++int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len);
+
+ void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+@@ -839,8 +806,8 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val,
void ASN1_add_oid_module(void);
void ASN1_add_stable_module(void);
@@ -154296,12 +151439,13 @@
int ASN1_str2mask(const char *str, unsigned long *pmask);
/* ASN1 Print flags */
-@@ -907,42 +866,36 @@ int SMIME_text(BIO *in, BIO *out);
+@@ -907,42 +874,36 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_ASN1_strings(void);
+
- void ERR_load_ASN1_strings(void);
++int ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */
@@ -154341,7 +151485,7 @@
# define ASN1_F_ASN1_ITEM_D2I_FP 206
# define ASN1_F_ASN1_ITEM_DUP 191
# define ASN1_F_ASN1_ITEM_EMBED_D2I 120
-@@ -957,12 +910,8 @@ void ERR_load_ASN1_strings(void);
+@@ -957,12 +918,8 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_MBSTRING_NCOPY 122
# define ASN1_F_ASN1_OBJECT_NEW 123
# define ASN1_F_ASN1_OUTPUT_DATA 214
@@ -154354,7 +151498,7 @@
# define ASN1_F_ASN1_SIGN 128
# define ASN1_F_ASN1_STR2TYPE 179
# define ASN1_F_ASN1_STRING_GET_INT64 227
-@@ -975,48 +924,27 @@ void ERR_load_ASN1_strings(void);
+@@ -975,48 +932,27 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_TEMPLATE_NEW 133
# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
# define ASN1_F_ASN1_TIME_ADJ 217
@@ -154403,7 +151547,7 @@
# define ASN1_F_I2D_DSA_PUBKEY 161
# define ASN1_F_I2D_EC_PUBKEY 181
# define ASN1_F_I2D_PRIVATEKEY 163
-@@ -1034,13 +962,11 @@ void ERR_load_ASN1_strings(void);
+@@ -1034,13 +970,11 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_SMIME_READ_ASN1 212
# define ASN1_F_SMIME_TEXT 213
# define ASN1_F_STBL_MODULE_INIT 223
@@ -154417,7 +151561,7 @@
# define ASN1_F_X509_PKEY_NEW 173
/* Reason codes. */
-@@ -1048,10 +974,7 @@ void ERR_load_ASN1_strings(void);
+@@ -1048,10 +982,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_ASN1_PARSE_ERROR 203
# define ASN1_R_ASN1_SIG_PARSE_ERROR 204
# define ASN1_R_AUX_ERROR 100
@@ -154428,7 +151572,7 @@
# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
# define ASN1_R_BN_LIB 105
# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
-@@ -1060,18 +983,14 @@ void ERR_load_ASN1_strings(void);
+@@ -1060,18 +991,14 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_CONTEXT_NOT_INITIALISED 217
# define ASN1_R_DATA_IS_WRONG 109
# define ASN1_R_DECODE_ERROR 110
@@ -154447,7 +151591,7 @@
# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
# define ASN1_R_FIELD_MISSING 121
-@@ -1107,12 +1026,9 @@ void ERR_load_ASN1_strings(void);
+@@ -1107,12 +1034,9 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227
# define ASN1_R_INVALID_SEPARATOR 131
# define ASN1_R_INVALID_STRING_TABLE_VALUE 218
@@ -154460,7 +151604,7 @@
# define ASN1_R_LIST_ERROR 188
# define ASN1_R_MIME_NO_CONTENT_TYPE 206
# define ASN1_R_MIME_PARSE_ERROR 207
-@@ -1127,7 +1043,6 @@ void ERR_load_ASN1_strings(void);
+@@ -1127,7 +1051,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142
# define ASN1_R_NO_CONTENT_TYPE 209
@@ -154468,7 +151612,7 @@
# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210
# define ASN1_R_NO_MULTIPART_BOUNDARY 211
-@@ -1135,7 +1050,6 @@ void ERR_load_ASN1_strings(void);
+@@ -1135,7 +1058,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_NULL_IS_WRONG_LENGTH 144
# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
# define ASN1_R_ODD_NUMBER_OF_CHARS 145
@@ -154476,7 +151620,7 @@
# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
-@@ -1145,7 +1059,6 @@ void ERR_load_ASN1_strings(void);
+@@ -1145,7 +1067,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_STREAMING_NOT_SUPPORTED 202
# define ASN1_R_STRING_TOO_LONG 151
# define ASN1_R_STRING_TOO_SHORT 152
@@ -154484,7 +151628,7 @@
# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
# define ASN1_R_TIME_NOT_ASCII_FORMAT 193
# define ASN1_R_TOO_LARGE 223
-@@ -1153,8 +1066,6 @@ void ERR_load_ASN1_strings(void);
+@@ -1153,8 +1074,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_TOO_SMALL 224
# define ASN1_R_TYPE_NOT_CONSTRUCTED 156
# define ASN1_R_TYPE_NOT_PRIMITIVE 195
@@ -154493,7 +151637,7 @@
# define ASN1_R_UNEXPECTED_EOC 159
# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215
# define ASN1_R_UNKNOWN_FORMAT 160
-@@ -1164,16 +1075,13 @@ void ERR_load_ASN1_strings(void);
+@@ -1164,16 +1083,13 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199
# define ASN1_R_UNKNOWN_TAG 194
# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
@@ -154512,9 +151656,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h
-new file mode 100644
-index 0000000..7ac1782
--- /dev/null
+++ b/include/openssl/asn1_mac.h
@@ -0,0 +1,10 @@
@@ -154528,8 +151669,6 @@
+ */
+
+#error "This file is obsolete; please update your software."
-diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
-index b680dea..ad17bab 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -1,60 +1,12 @@
@@ -154617,8 +151756,20 @@
# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-diff --git a/include/openssl/async.h b/include/openssl/async.h
-index 635855f..160766a 100644
+@@ -700,13 +652,6 @@ struct ASN1_TLC_st {
+ };
+
+ /* Typedefs for ASN1 function pointers */
+-
+-typedef ASN1_VALUE *ASN1_new_func(void);
+-typedef void ASN1_free_func(ASN1_VALUE *a);
+-typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in,
+- long length);
+-typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in);
+-
+ typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it, int tag, int aclass, char opt,
+ ASN1_TLC *ctx);
--- a/include/openssl/async.h
+++ b/include/openssl/async.h
@@ -1,53 +1,10 @@
@@ -154649,12 +151800,12 @@
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
@@ -154680,15 +151831,46 @@
*/
#include <stdlib.h>
-@@ -112,6 +69,7 @@ void ASYNC_unblock_pause(void);
+@@ -56,9 +13,11 @@
+ # define HEADER_ASYNC_H
+
+ #if defined(_WIN32)
+-#include <windows.h>
++# if defined(BASETYPES) || defined(_WINDEF_H)
++/* application has to include <windows.h> to use this */
+ #define OSSL_ASYNC_FD HANDLE
+ #define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE
++# endif
+ #else
+ #define OSSL_ASYNC_FD int
+ #define OSSL_BAD_ASYNC_FD -1
+@@ -80,6 +39,7 @@ typedef struct async_wait_ctx_st ASYNC_W
+ int ASYNC_init_thread(size_t max_size, size_t init_size);
+ void ASYNC_cleanup_thread(void);
+
++#ifdef OSSL_ASYNC_FD
+ ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+ void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+@@ -95,6 +55,7 @@ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC
+ size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+ size_t *numdelfds);
+ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
++#endif
+
+ int ASYNC_is_capable(void);
+
+@@ -112,7 +73,8 @@ void ASYNC_unblock_pause(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_ASYNC_strings(void);
+
- void ERR_load_ASYNC_strings(void);
++int ERR_load_ASYNC_strings(void);
/* Error codes for the ASYNC functions. */
-@@ -125,14 +83,12 @@ void ERR_load_ASYNC_strings(void);
+
+@@ -125,14 +87,12 @@ void ERR_load_ASYNC_strings(void);
# define ASYNC_F_ASYNC_START_JOB 105
/* Reason codes. */
@@ -154705,8 +151887,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/bio.h b/include/openssl/bio.h
-index a168be0..503fbcd 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -1,58 +1,10 @@
@@ -154774,29 +151954,41 @@
*/
#ifndef HEADER_BIO_H
-@@ -284,10 +236,10 @@ void BIO_clear_flags(BIO *b, int flags);
+@@ -135,7 +87,6 @@ extern "C" {
+ # define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */
+ # define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */
+ # define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */
+-/* callback is int cb(BIO *bio,state,ret); */
+ # define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */
+ # define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */
+
+@@ -284,11 +235,10 @@ void BIO_clear_flags(BIO *b, int flags);
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
-+long (*BIO_get_callback(const BIO *b)) (BIO *, int, const char *,
- int, long, long);
- void BIO_set_callback(BIO *b,
+- int, long, long);
+-void BIO_set_callback(BIO *b,
- long (*callback) (struct bio_st *, int, const char *,
-+ long (*callback) (BIO *, int, const char *,
- int, long, long));
+- int, long, long));
++typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
++ long argl, long ret);
++BIO_callback_fn BIO_get_callback(const BIO *b);
++void BIO_set_callback(BIO *b, BIO_callback_fn callback);
char *BIO_get_callback_arg(const BIO *b);
void BIO_set_callback_arg(BIO *b, char *arg);
-@@ -297,7 +249,7 @@ typedef struct bio_method_st BIO_METHOD;
+
+@@ -297,8 +247,7 @@ typedef struct bio_method_st BIO_METHOD;
const char *BIO_method_name(const BIO *b);
int BIO_method_type(const BIO *b);
-typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
-+typedef void bio_info_cb (BIO *, int, const char *, int, long,
- long);
+- long);
++typedef void bio_info_cb(BIO *, int, const char *, int, long, long);
DEFINE_STACK_OF(BIO)
-@@ -400,48 +352,51 @@ struct bio_dgram_sctp_prinfo {
+
+@@ -400,48 +349,51 @@ struct bio_dgram_sctp_prinfo {
# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
# define BIO_get_app_data(s) BIO_get_ex_data(s,0)
@@ -154879,7 +152071,7 @@
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
-@@ -487,11 +442,11 @@ int BIO_read_filename(BIO *b, const char *name);
+@@ -487,11 +439,11 @@ int BIO_read_filename(BIO *b, const char
# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
# define BIO_set_ssl_renegotiate_bytes(b,num) \
@@ -154894,7 +152086,15 @@
/* defined in evp.h */
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-@@ -598,8 +553,7 @@ int BIO_puts(BIO *bp, const char *buf);
+@@ -581,7 +533,6 @@ BIO *BIO_new_file(const char *filename,
+ BIO *BIO_new_fp(FILE *stream, int close_flag);
+ # endif
+ BIO *BIO_new(const BIO_METHOD *type);
+-int BIO_set(BIO *a, const BIO_METHOD *type);
+ int BIO_free(BIO *a);
+ void BIO_set_data(BIO *a, void *ptr);
+ void *BIO_get_data(BIO *a);
+@@ -598,8 +549,7 @@ int BIO_puts(BIO *bp, const char *buf);
int BIO_indent(BIO *b, int indent, int max);
long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
long BIO_callback_ctrl(BIO *b, int cmd,
@@ -154904,7 +152104,7 @@
void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
BIO *BIO_push(BIO *b, BIO *append);
-@@ -624,9 +578,11 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+@@ -624,9 +574,11 @@ long BIO_debug_callback(BIO *bio, int cm
const BIO_METHOD *BIO_s_mem(void);
const BIO_METHOD *BIO_s_secmem(void);
BIO *BIO_new_mem_buf(const void *buf, int len);
@@ -154916,7 +152116,7 @@
const BIO_METHOD *BIO_s_fd(void);
const BIO_METHOD *BIO_s_log(void);
const BIO_METHOD *BIO_s_bio(void);
-@@ -637,14 +593,26 @@ const BIO_METHOD *BIO_f_linebuffer(void);
+@@ -637,14 +589,26 @@ const BIO_METHOD *BIO_f_linebuffer(void)
const BIO_METHOD *BIO_f_nbio_test(void);
# ifndef OPENSSL_NO_DGRAM
const BIO_METHOD *BIO_s_datagram(void);
@@ -154944,7 +152144,7 @@
int BIO_fd_should_retry(int i);
int BIO_fd_non_fatal_error(int error);
-@@ -661,6 +629,7 @@ int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+@@ -661,6 +625,7 @@ int BIO_dump_indent_fp(FILE *fp, const c
int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
int datalen);
@@ -154952,7 +152152,7 @@
BIO_ADDR *BIO_ADDR_new(void);
int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
const void *where, size_t wherelen, unsigned short port);
-@@ -695,9 +664,9 @@ int BIO_sock_error(int sock);
+@@ -695,9 +660,9 @@ int BIO_sock_error(int sock);
int BIO_socket_ioctl(int fd, long type, void *arg);
int BIO_socket_nbio(int fd, int mode);
int BIO_sock_init(void);
@@ -154965,7 +152165,7 @@
int BIO_set_tcp_ndelay(int sock, int turn_on);
DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
-@@ -715,11 +684,11 @@ enum BIO_sock_info_type {
+@@ -715,11 +680,11 @@ enum BIO_sock_info_type {
int BIO_sock_info(int sock,
enum BIO_sock_info_type type, union BIO_sock_info_u *info);
@@ -154982,7 +152182,7 @@
int BIO_socket(int domain, int socktype, int protocol, int options);
int BIO_connect(int sock, const BIO_ADDR *addr, int options);
-@@ -728,22 +697,11 @@ int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options);
+@@ -728,22 +693,11 @@ int BIO_accept_ex(int accept_sock, BIO_A
int BIO_closesocket(int sock);
BIO *BIO_new_socket(int sock, int close_flag);
@@ -155008,15 +152208,17 @@
int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
BIO **bio2, size_t writebuf2);
-@@ -807,6 +765,7 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+@@ -807,7 +761,8 @@ int BIO_meth_set_callback_ctrl(BIO_METHO
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_BIO_strings(void);
+
- void ERR_load_BIO_strings(void);
++int ERR_load_BIO_strings(void);
/* Error codes for the BIO functions. */
-@@ -816,13 +775,11 @@ void ERR_load_BIO_strings(void);
+
+@@ -816,13 +771,11 @@ void ERR_load_BIO_strings(void);
# define BIO_F_ADDR_STRINGS 134
# define BIO_F_BIO_ACCEPT 101
# define BIO_F_BIO_ACCEPT_EX 137
@@ -155031,15 +152233,7 @@
# define BIO_F_BIO_GET_HOST_IP 106
# define BIO_F_BIO_GET_PORT 107
# define BIO_F_BIO_LISTEN 139
-@@ -838,6 +795,7 @@ void ERR_load_BIO_strings(void);
- # define BIO_F_BIO_PARSE_HOSTSERV 136
- # define BIO_F_BIO_PUTS 110
- # define BIO_F_BIO_READ 111
-+# define BIO_F_BIO_SET 143
- # define BIO_F_BIO_SOCKET 140
- # define BIO_F_BIO_SOCKET_NBIO 142
- # define BIO_F_BIO_SOCK_INFO 141
-@@ -851,45 +809,32 @@ void ERR_load_BIO_strings(void);
+@@ -851,45 +804,32 @@ void ERR_load_BIO_strings(void);
# define BIO_F_FILE_CTRL 116
# define BIO_F_FILE_READ 130
# define BIO_F_LINEBUFFER_CTRL 129
@@ -155085,7 +152279,7 @@
# define BIO_R_UNABLE_TO_BIND_SOCKET 117
# define BIO_R_UNABLE_TO_CREATE_SOCKET 118
# define BIO_R_UNABLE_TO_KEEPALIVE 137
-@@ -905,7 +850,7 @@ void ERR_load_BIO_strings(void);
+@@ -905,7 +845,7 @@ void ERR_load_BIO_strings(void);
# define BIO_R_WRITE_TO_READ_ONLY_BIO 126
# define BIO_R_WSASTARTUP 122
@@ -155095,8 +152289,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h
-index 5e0af53..cd3e460 100644
--- a/include/openssl/blowfish.h
+++ b/include/openssl/blowfish.h
@@ -1,58 +1,10 @@
@@ -155164,8 +152356,6 @@
*/
#ifndef HEADER_BLOWFISH_H
-diff --git a/include/openssl/bn.h b/include/openssl/bn.h
-index d4aef37..c4fca99 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -1,112 +1,12 @@
@@ -155288,7 +152478,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -190,7 +90,7 @@ int BN_get_flags(const BIGNUM *b, int n);
+@@ -190,7 +90,7 @@ int BN_get_flags(const BIGNUM *b, int n)
*/
void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
@@ -155297,7 +152487,7 @@
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
BN_GENCB *BN_GENCB_new(void);
-@@ -569,7 +469,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+@@ -569,7 +469,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM
BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
@@ -155306,14 +152496,16 @@
# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
-@@ -587,6 +487,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+@@ -587,7 +487,8 @@ int BN_bntest_rand(BIGNUM *rnd, int bits
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_BN_strings(void);
+
- void ERR_load_BN_strings(void);
++int ERR_load_BN_strings(void);
/* Error codes for the BN functions. */
+
@@ -605,10 +506,8 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_CTX_NEW 106
# define BN_F_BN_CTX_START 129
@@ -155343,8 +152535,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h
-index f5b46dd..e2e1e5d 100644
--- a/include/openssl/buffer.h
+++ b/include/openssl/buffer.h
@@ -1,58 +1,10 @@
@@ -155421,14 +152611,16 @@
struct buf_mem_st {
size_t length; /* current number of bytes */
char *data;
-@@ -106,6 +58,7 @@ void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+@@ -106,7 +58,8 @@ void BUF_reverse(unsigned char *out, con
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_BUF_strings(void);
+
- void ERR_load_BUF_strings(void);
++int ERR_load_BUF_strings(void);
/* Error codes for the BUF functions. */
+
@@ -117,7 +70,7 @@ void ERR_load_BUF_strings(void);
/* Reason codes. */
@@ -155439,8 +152631,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h
-index d05b392..151f3c1 100644
--- a/include/openssl/camellia.h
+++ b/include/openssl/camellia.h
@@ -1,51 +1,10 @@
@@ -155501,8 +152691,6 @@
*/
#ifndef HEADER_CAMELLIA_H
-diff --git a/include/openssl/cast.h b/include/openssl/cast.h
-index c54d3c9..2cc89ae 100644
--- a/include/openssl/cast.h
+++ b/include/openssl/cast.h
@@ -1,58 +1,10 @@
@@ -155570,8 +152758,6 @@
*/
#ifndef HEADER_CAST_H
-diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h
-index a621923..3535a9a 100644
--- a/include/openssl/cmac.h
+++ b/include/openssl/cmac.h
@@ -1,59 +1,17 @@
@@ -155648,8 +152834,6 @@
+
+# endif
#endif
-diff --git a/include/openssl/cms.h b/include/openssl/cms.h
-index 5ae701e..b1252ac 100644
--- a/include/openssl/cms.h
+++ b/include/openssl/cms.h
@@ -1,54 +1,10 @@
@@ -155712,7 +152896,7 @@
*/
#ifndef HEADER_CMS_H
-@@ -117,7 +73,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+@@ -117,7 +73,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentI
# define CMS_KEY_PARAM 0x40000
# define CMS_ASCIICRLF 0x80000
@@ -155721,14 +152905,25 @@
BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-@@ -378,6 +334,7 @@ int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+@@ -188,7 +144,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV
+ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+- unsigned char *id, size_t idlen);
++ const unsigned char *id, size_t idlen);
+ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+ unsigned char *pass, ossl_ssize_t passlen);
+
+@@ -378,7 +334,8 @@ int CMS_SharedInfo_encode(unsigned char
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_CMS_strings(void);
+
- void ERR_load_CMS_strings(void);
++int ERR_load_CMS_strings(void);
/* Error codes for the CMS functions. */
+
@@ -483,7 +440,6 @@ void ERR_load_CMS_strings(void);
# define CMS_R_CTRL_ERROR 110
# define CMS_R_CTRL_FAILURE 111
@@ -155749,8 +152944,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/comp.h b/include/openssl/comp.h
-index d2537f8..520d709 100644
--- a/include/openssl/comp.h
+++ b/include/openssl/comp.h
@@ -1,58 +1,12 @@
@@ -155818,14 +153011,16 @@
#ifndef HEADER_COMP_H
# define HEADER_COMP_H
-@@ -95,6 +49,7 @@ const BIO_METHOD *BIO_f_zlib(void);
+@@ -95,7 +49,8 @@ const BIO_METHOD *BIO_f_zlib(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_COMP_strings(void);
+
- void ERR_load_COMP_strings(void);
++int ERR_load_COMP_strings(void);
/* Error codes for the COMP functions. */
+
@@ -110,9 +65,8 @@ void ERR_load_COMP_strings(void);
# define COMP_R_ZLIB_INFLATE_ERROR 100
# define COMP_R_ZLIB_NOT_SUPPORTED 101
@@ -155838,8 +153033,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/conf.h b/include/openssl/conf.h
-index 5f7f547..147d27b 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -1,58 +1,10 @@
@@ -155907,15 +153100,16 @@
*/
#ifndef HEADER_CONF_H
-@@ -215,6 +167,7 @@ void OPENSSL_load_builtin_modules(void);
+@@ -215,16 +167,15 @@ void OPENSSL_load_builtin_modules(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_CONF_strings(void);
+
- void ERR_load_CONF_strings(void);
++int ERR_load_CONF_strings(void);
/* Error codes for the CONF functions. */
-@@ -222,9 +175,7 @@ void ERR_load_CONF_strings(void);
+
/* Function codes. */
# define CONF_F_CONF_DUMP_FP 104
# define CONF_F_CONF_LOAD 100
@@ -155951,8 +153145,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h
-index fd6f32e..a0275ad 100644
--- a/include/openssl/conf_api.h
+++ b/include/openssl/conf_api.h
@@ -1,58 +1,10 @@
@@ -156020,8 +153212,6 @@
*/
#ifndef HEADER_CONF_API_H
-diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
-index 968b1b3..acdb48b 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -1,112 +1,12 @@
@@ -156144,7 +153334,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-@@ -188,9 +88,6 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+@@ -188,9 +88,6 @@ int CRYPTO_atomic_add(int *val, int amou
# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */
# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */
@@ -156154,7 +153344,7 @@
struct crypto_ex_data_st {
STACK_OF(void) *sk;
};
-@@ -318,12 +215,22 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+@@ -318,12 +215,22 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX
* On the other hand, the locking callbacks are no longer used. Consequently,
* the callback management functions can be safely replaced with no-op macros.
*/
@@ -156178,7 +153368,7 @@
/* This structure is no longer used */
typedef struct crypto_threadid_st {
int dummy;
-@@ -374,7 +281,7 @@ void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+@@ -374,7 +281,7 @@ void *CRYPTO_clear_realloc(void *addr, s
const char *file, int line);
int CRYPTO_secure_malloc_init(size_t sz, int minsize);
@@ -156187,7 +153377,7 @@
void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
void CRYPTO_secure_free(void *ptr, const char *file, int line);
-@@ -409,19 +316,17 @@ void CRYPTO_mem_debug_free(void *addr, int flag,
+@@ -409,19 +316,17 @@ void CRYPTO_mem_debug_free(void *addr, i
# ifndef OPENSSL_NO_STDIO
int CRYPTO_mem_leaks_fp(FILE *);
# endif
@@ -156209,40 +153399,47 @@
int OPENSSL_isservice(void);
int FIPS_mode(void);
-@@ -483,16 +388,50 @@ void OPENSSL_thread_stop(void);
+@@ -482,18 +387,56 @@ void OPENSSL_thread_stop(void);
+
/* Low-level control of initialization */
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
- #ifndef OPENSSL_NO_STDIO
+-#ifndef OPENSSL_NO_STDIO
-void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
- const char *config_file);
+-#endif
++# ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+ const char *config_file);
- #endif
++# endif
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
-+# if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-+typedef unsigned int CRYPTO_ONCE;
-+typedef unsigned int CRYPTO_THREAD_LOCAL;
-+typedef unsigned int CRYPTO_THREAD_ID;
-+
-+# define CRYPTO_ONCE_STATIC_INIT 0
-+# elif defined(OPENSSL_SYS_WINDOWS)
-+# include <windows.h>
++# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
++# if defined(_WIN32)
++# if defined(BASETYPES) || defined(_WINDEF_H)
++/* application has to include <windows.h> in order to use this */
+typedef DWORD CRYPTO_THREAD_LOCAL;
+typedef DWORD CRYPTO_THREAD_ID;
+
+typedef LONG CRYPTO_ONCE;
-+# define CRYPTO_ONCE_STATIC_INIT 0
-+
-+# else
-+# include <pthread.h>
++# define CRYPTO_ONCE_STATIC_INIT 0
++# endif
++# else
++# include <pthread.h>
+typedef pthread_once_t CRYPTO_ONCE;
+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
+typedef pthread_t CRYPTO_THREAD_ID;
+
-+# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
++# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
++# endif
+# endif
+
++# if !defined(CRYPTO_ONCE_STATIC_INIT)
++typedef unsigned int CRYPTO_ONCE;
++typedef unsigned int CRYPTO_THREAD_LOCAL;
++typedef unsigned int CRYPTO_THREAD_ID;
++# define CRYPTO_ONCE_STATIC_INIT 0
++# endif
++
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
@@ -156258,11 +153455,13 @@
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_CRYPTO_strings(void);
+
- void ERR_load_CRYPTO_strings(void);
++int ERR_load_CRYPTO_strings(void);
/* Error codes for the CRYPTO functions. */
-@@ -501,29 +440,21 @@ void ERR_load_CRYPTO_strings(void);
+
+@@ -501,29 +444,21 @@ void ERR_load_CRYPTO_strings(void);
# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110
# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111
# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
@@ -156295,8 +153494,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/ct.h b/include/openssl/ct.h
-index f12ca92..f9586dc 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -1,55 +1,11 @@
@@ -156362,7 +153559,7 @@
#ifndef HEADER_CT_H
# define HEADER_CT_H
-@@ -357,7 +313,7 @@ __owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+@@ -357,7 +313,7 @@ sct_validation_status_t SCT_get_validati
* for data that caller is responsible for freeing (only if function returns
* successfully).
* If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
@@ -156371,7 +153568,7 @@
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
-@@ -384,7 +340,7 @@ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+@@ -384,7 +340,7 @@ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT
* for data that caller is responsible for freeing (only if function returns
* successfully).
* If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
@@ -156380,7 +153577,7 @@
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
-@@ -418,7 +374,7 @@ __owur int i2o_SCT(const SCT *sct, unsigned char **out);
+@@ -418,7 +374,7 @@ STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT
* Parses an SCT in TLS format and returns it.
* If |psct| is not null, it will end up pointing to the parsed SCT. If it
* already points to a non-null pointer, the pointer will be free'd.
@@ -156389,7 +153586,7 @@
* |in| will be advanced to the end of the SCT if parsing succeeds.
* |len| should be the length of the SCT in |in|.
* Returns NULL if an error occurs.
-@@ -439,7 +395,7 @@ __owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+@@ -439,7 +395,7 @@ SCT *o2i_SCT(SCT **psct, const unsigned
/*
* Parses an SCT signature in TLS format and populates the |sct| with it.
@@ -156398,21 +153595,39 @@
* |in| will be advanced to the end of the signature if parsing succeeds.
* |len| should be the length of the signature in |in|.
* Returns the number of bytes parsed, or a negative integer if an error occurs.
-@@ -523,6 +479,7 @@ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+@@ -463,10 +419,11 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, c
+ CTLOG *CTLOG_new_null(void);
+
+ /*
+- * Creates a new CT log instance with the given base64 public_key and |name|.
++ * Creates a new CT |ct_log| instance with the given base64 public_key and |name|.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+-CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name);
++int CTLOG_new_from_base64(CTLOG ** ct_log,
++ const char *pkey_base64, const char *name);
+
+ /*
+ * Deletes a CT log instance and its fields.
+@@ -523,7 +480,8 @@ const CTLOG *CTLOG_STORE_get0_log_by_id(
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_CT_strings(void);
+
- void ERR_load_CT_strings(void);
++int ERR_load_CT_strings(void);
/* Error codes for the CT functions. */
-@@ -532,20 +489,11 @@ void ERR_load_CT_strings(void);
+
+@@ -532,20 +490,13 @@ void ERR_load_CT_strings(void);
# define CT_F_CTLOG_NEW_FROM_BASE64 118
# define CT_F_CTLOG_NEW_FROM_CONF 119
# define CT_F_CTLOG_NEW_NULL 120
-# define CT_F_CTLOG_STORE_GET0_LOG_BY_ID 121
# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122
# define CT_F_CTLOG_STORE_LOAD_FILE 123
++# define CT_F_CTLOG_STORE_LOAD_LOG 130
++# define CT_F_CTLOG_STORE_NEW 131
# define CT_F_CT_BASE64_DECODE 124
-# define CT_F_CT_POLICY_EVAL_CTX_GET0_CERT 130
-# define CT_F_CT_POLICY_EVAL_CTX_GET0_ISSUER 131
@@ -156427,7 +153642,7 @@
# define CT_F_I2O_SCT 107
# define CT_F_I2O_SCT_LIST 108
# define CT_F_I2O_SCT_SIGNATURE 109
-@@ -553,7 +501,6 @@ void ERR_load_CT_strings(void);
+@@ -553,7 +504,6 @@ void ERR_load_CT_strings(void);
# define CT_F_O2I_SCT_LIST 111
# define CT_F_O2I_SCT_SIGNATURE 112
# define CT_F_SCT_CTX_NEW 126
@@ -156435,7 +153650,7 @@
# define CT_F_SCT_NEW 100
# define CT_F_SCT_NEW_FROM_BASE64 127
# define CT_F_SCT_SET0_LOG_ID 101
-@@ -563,8 +510,6 @@ void ERR_load_CT_strings(void);
+@@ -563,8 +513,6 @@ void ERR_load_CT_strings(void);
# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102
# define CT_F_SCT_SET_SIGNATURE_NID 103
# define CT_F_SCT_SET_VERSION 104
@@ -156444,7 +153659,7 @@
# define CT_F_SCT_VERIFY 128
# define CT_F_SCT_VERIFY_V1 129
-@@ -576,21 +521,18 @@ void ERR_load_CT_strings(void);
+@@ -576,21 +524,18 @@ void ERR_load_CT_strings(void);
# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111
# define CT_R_LOG_CONF_MISSING_KEY 112
# define CT_R_LOG_KEY_INVALID 113
@@ -156468,8 +153683,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/des.h b/include/openssl/des.h
-index 633d070..be4abbd 100644
--- a/include/openssl/des.h
+++ b/include/openssl/des.h
@@ -1,58 +1,10 @@
@@ -156546,7 +153759,7 @@
const char *DES_options(void);
void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-@@ -182,10 +132,6 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+@@ -182,10 +132,6 @@ void DES_ede3_ofb64_encrypt(const unsign
long length, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3,
DES_cblock *ivec, int *num);
@@ -156557,7 +153770,7 @@
char *DES_fcrypt(const char *buf, const char *salt, char *ret);
char *DES_crypt(const char *buf, const char *salt);
void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-@@ -218,12 +164,6 @@ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+@@ -218,12 +164,6 @@ void DES_ofb64_encrypt(const unsigned ch
long length, DES_key_schedule *schedule,
DES_cblock *ivec, int *num);
@@ -156570,8 +153783,6 @@
# define DES_fixup_key_parity DES_set_odd_parity
# ifdef __cplusplus
-diff --git a/include/openssl/dh.h b/include/openssl/dh.h
-index d78bac9..a574e18 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -1,58 +1,10 @@
@@ -156660,7 +153871,7 @@
* result is compliant.
*/
-@@ -193,9 +151,11 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+@@ -193,9 +151,11 @@ int DH_KDF_X9_42(unsigned char *out, siz
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
# endif
@@ -156674,14 +153885,16 @@
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
-@@ -335,6 +295,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
+@@ -335,7 +295,8 @@ int DH_meth_set_generate_params(DH_METHO
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_DH_strings(void);
+
- void ERR_load_DH_strings(void);
++int ERR_load_DH_strings(void);
/* Error codes for the DH functions. */
+
@@ -346,6 +307,9 @@ void ERR_load_DH_strings(void);
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
@@ -156720,8 +153933,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
-index 1b04584..3b1e1a6 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -1,58 +1,10 @@
@@ -156836,7 +154047,7 @@
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
-@@ -247,16 +202,17 @@ int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+@@ -247,16 +202,17 @@ int (*DSA_meth_get_verify(const DSA_METH
int DSA_meth_set_verify(DSA_METHOD *dsam,
int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
@@ -156861,12 +154072,13 @@
const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
-@@ -276,20 +232,21 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+@@ -276,20 +232,21 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_DSA_strings(void);
+
- void ERR_load_DSA_strings(void);
++int ERR_load_DSA_strings(void);
/* Error codes for the DSA functions. */
@@ -156886,7 +154098,7 @@
# define DSA_F_DSA_NEW_METHOD 103
# define DSA_F_DSA_PARAM_DECODE 119
# define DSA_F_DSA_PRINT_FP 105
-@@ -299,34 +256,25 @@ void ERR_load_DSA_strings(void);
+@@ -299,34 +256,26 @@ void ERR_load_DSA_strings(void);
# define DSA_F_DSA_PUB_ENCODE 118
# define DSA_F_DSA_SIGN 106
# define DSA_F_DSA_SIGN_SETUP 107
@@ -156894,6 +154106,7 @@
-# define DSA_F_DSA_SIG_PRINT 123
-# define DSA_F_DSA_VERIFY 108
-# define DSA_F_I2D_DSA_SIG 111
++# define DSA_F_DSA_SIG_NEW 102
# define DSA_F_OLD_DSA_PRIV_DECODE 122
# define DSA_F_PKEY_DSA_CTRL 120
# define DSA_F_PKEY_DSA_KEYGEN 121
@@ -156923,8 +154136,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
-index 16df652..f4769f8 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -1,59 +1,10 @@
@@ -156992,8 +154203,6 @@
*/
#ifndef HEADER_DTLS1_H
-diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
-index bbd6116..99ea347 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -1,55 +1,10 @@
@@ -157095,8 +154304,6 @@
#ifdef __cplusplus
}
#endif
-diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h
-index e75b609..aa01285 100644
--- a/include/openssl/ebcdic.h
+++ b/include/openssl/ebcdic.h
@@ -1,8 +1,16 @@
@@ -157117,8 +154324,6 @@
#ifdef __cplusplus
extern "C" {
-diff --git a/include/openssl/ec.h b/include/openssl/ec.h
-index 892239d..0e50296 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1,59 +1,12 @@
@@ -157187,7 +154392,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -127,7 +80,6 @@ const EC_METHOD *EC_GFp_mont_method(void);
+@@ -127,7 +80,6 @@ const EC_METHOD *EC_GFp_mont_method(void
const EC_METHOD *EC_GFp_nist_method(void);
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
@@ -157195,7 +154400,7 @@
/** Returns 64-bit optimized methods for nistp224
* \return EC_METHOD object
*/
-@@ -142,7 +94,6 @@ const EC_METHOD *EC_GFp_nistp256_method(void);
+@@ -142,7 +94,6 @@ const EC_METHOD *EC_GFp_nistp256_method(
* \return EC_METHOD object
*/
const EC_METHOD *EC_GFp_nistp521_method(void);
@@ -157203,7 +154408,7 @@
# endif
# ifndef OPENSSL_NO_EC2M
-@@ -222,7 +173,7 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+@@ -222,7 +173,7 @@ const EC_POINT *EC_GROUP_get0_generator(
/** Returns the montgomery data for order(Generator)
* \param group EC_GROUP object
@@ -157212,7 +154417,7 @@
*/
BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
-@@ -238,14 +189,12 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+@@ -238,14 +189,12 @@ int EC_GROUP_get_order(const EC_GROUP *g
* \param group EC_GROUP object
* \return the group order
*/
@@ -157228,7 +154433,7 @@
int EC_GROUP_order_bits(const EC_GROUP *group);
/** Gets the cofactor of a EC_GROUP
-@@ -261,7 +210,6 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+@@ -261,7 +210,6 @@ int EC_GROUP_get_cofactor(const EC_GROUP
* \param group EC_GROUP object
* \return the group cofactor
*/
@@ -157236,7 +154441,7 @@
const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
/** Sets the name of a EC_GROUP object
-@@ -356,7 +304,7 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+@@ -356,7 +304,7 @@ int EC_GROUP_check_discriminant(const EC
* \param a first EC_GROUP object
* \param b second EC_GROUP object
* \param ctx BN_CTX object (optional)
@@ -157254,7 +154459,7 @@
* nitems EC_builtin_curve structures are filled with the data of the first
* nitems internal groups
*/
-@@ -688,7 +636,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+@@ -688,7 +636,7 @@ int EC_POINT_is_at_infinity(const EC_GRO
* \param group underlying EC_GROUP object
* \param point EC_POINT object to check
* \param ctx BN_CTX object (optional)
@@ -157263,7 +154468,7 @@
*/
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx);
-@@ -698,7 +646,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+@@ -698,7 +646,7 @@ int EC_POINT_is_on_curve(const EC_GROUP
* \param a first EC_POINT object
* \param b second EC_POINT object
* \param ctx BN_CTX object (optional)
@@ -157272,7 +154477,7 @@
*/
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
BN_CTX *ctx);
-@@ -707,11 +655,11 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+@@ -707,11 +655,11 @@ int EC_POINT_make_affine(const EC_GROUP
int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
EC_POINT *points[], BN_CTX *ctx);
@@ -157295,7 +154500,16 @@
* necessary NIST PKV tests.
* \param key the EC_KEY object
* \param x public key x coordinate
-@@ -1125,7 +1073,14 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+@@ -958,7 +906,7 @@ int EC_KEY_oct2key(EC_KEY *key, const un
+ * \return 1 on success and 0 if an error occurred
+ */
+
+-int EC_KEY_oct2priv(EC_KEY *key, unsigned char *buf, size_t len);
++int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+
+ /** Encodes a EC_KEY private key to an octet string
+ * \param key key to encode
+@@ -1125,7 +1073,14 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig
* \param pr pointer to BIGNUM pointer for r (may be NULL)
* \param ps pointer to BIGNUM pointer for s (may be NULL)
*/
@@ -157311,7 +154525,7 @@
/** Computes the ECDSA signature of the given hash value using
* the supplied private key and returns the created signature.
-@@ -1142,7 +1097,7 @@ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+@@ -1142,7 +1097,7 @@ ECDSA_SIG *ECDSA_do_sign(const unsigned
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param kinv BIGNUM with a pre-computed inverse k (optional)
@@ -157320,7 +154534,7 @@
* see ECDSA_sign_setup
* \param eckey EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
-@@ -1193,7 +1148,7 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+@@ -1193,7 +1148,7 @@ int ECDSA_sign(int type, const unsigned
* \param sig buffer to hold the DER encoded signature
* \param siglen pointer to the length of the returned signature
* \param kinv BIGNUM with a pre-computed inverse k (optional)
@@ -157329,12 +154543,13 @@
* see ECDSA_sign_setup
* \param eckey EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
-@@ -1404,13 +1359,13 @@ void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
+@@ -1404,13 +1359,13 @@ void EC_KEY_METHOD_get_verify(EC_KEY_MET
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_EC_strings(void);
+
- void ERR_load_EC_strings(void);
++int ERR_load_EC_strings(void);
/* Error codes for the EC functions. */
@@ -157344,7 +154559,15 @@
# define EC_F_D2I_ECPARAMETERS 144
# define EC_F_D2I_ECPKPARAMETERS 145
# define EC_F_D2I_ECPRIVATEKEY 146
-@@ -1440,17 +1395,8 @@ void ERR_load_EC_strings(void);
+@@ -1423,6 +1378,7 @@ void ERR_load_EC_strings(void);
+ # define EC_F_ECDSA_DO_VERIFY 252
+ # define EC_F_ECDSA_SIGN_EX 254
+ # define EC_F_ECDSA_SIGN_SETUP 248
++# define EC_F_ECDSA_SIG_NEW 265
+ # define EC_F_ECDSA_VERIFY 253
+ # define EC_F_ECKEY_PARAM2TYPE 223
+ # define EC_F_ECKEY_PARAM_DECODE 212
+@@ -1440,17 +1396,8 @@ void ERR_load_EC_strings(void);
# define EC_F_ECP_NISTZ256_POINTS_MUL 241
# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244
# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242
@@ -157362,7 +154585,7 @@
# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208
# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159
# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195
-@@ -1465,7 +1411,6 @@ void ERR_load_EC_strings(void);
+@@ -1465,7 +1412,6 @@ void ERR_load_EC_strings(void);
# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209
# define EC_F_EC_GFP_MONT_FIELD_SQR 132
# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189
@@ -157370,7 +154593,7 @@
# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225
# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228
# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
-@@ -1480,29 +1425,21 @@ void ERR_load_EC_strings(void);
+@@ -1480,29 +1426,21 @@ void ERR_load_EC_strings(void);
# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202
# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165
# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166
@@ -157400,7 +154623,7 @@
# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193
# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194
# define EC_F_EC_GROUP_NEW 108
-@@ -1510,10 +1447,8 @@ void ERR_load_EC_strings(void);
+@@ -1510,10 +1448,8 @@ void ERR_load_EC_strings(void);
# define EC_F_EC_GROUP_NEW_FROM_DATA 175
# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263
# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264
@@ -157411,7 +154634,7 @@
# define EC_F_EC_GROUP_SET_GENERATOR 111
# define EC_F_EC_KEY_CHECK_KEY 177
# define EC_F_EC_KEY_COPY 178
-@@ -1540,7 +1475,6 @@ void ERR_load_EC_strings(void);
+@@ -1540,7 +1476,6 @@ void ERR_load_EC_strings(void);
# define EC_F_EC_POINT_IS_AT_INFINITY 118
# define EC_F_EC_POINT_IS_ON_CURVE 119
# define EC_F_EC_POINT_MAKE_AFFINE 120
@@ -157419,7 +154642,7 @@
# define EC_F_EC_POINT_NEW 121
# define EC_F_EC_POINT_OCT2POINT 122
# define EC_F_EC_POINT_POINT2OCT 123
-@@ -1550,7 +1484,6 @@ void ERR_load_EC_strings(void);
+@@ -1550,7 +1485,6 @@ void ERR_load_EC_strings(void);
# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125
# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
# define EC_F_EC_POINT_SET_TO_INFINITY 127
@@ -157427,7 +154650,7 @@
# define EC_F_EC_PRE_COMP_NEW 196
# define EC_F_EC_WNAF_MUL 187
# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188
-@@ -1575,7 +1508,6 @@ void ERR_load_EC_strings(void);
+@@ -1575,7 +1509,6 @@ void ERR_load_EC_strings(void);
/* Reason codes. */
# define EC_R_ASN1_ERROR 115
@@ -157435,7 +154658,7 @@
# define EC_R_BAD_SIGNATURE 156
# define EC_R_BIGNUM_OUT_OF_RANGE 144
# define EC_R_BUFFER_TOO_SMALL 100
-@@ -1605,17 +1537,14 @@ void ERR_load_EC_strings(void);
+@@ -1605,17 +1538,14 @@ void ERR_load_EC_strings(void);
# define EC_R_INVALID_PENTANOMIAL_BASIS 132
# define EC_R_INVALID_PRIVATE_KEY 123
# define EC_R_INVALID_TRINOMIAL_BASIS 137
@@ -157453,7 +154676,7 @@
# define EC_R_NO_PARAMETERS_SET 139
# define EC_R_NO_PRIVATE_VALUE 154
# define EC_R_OPERATION_NOT_SUPPORTED 152
-@@ -1636,9 +1565,8 @@ void ERR_load_EC_strings(void);
+@@ -1636,9 +1566,8 @@ void ERR_load_EC_strings(void);
# define EC_R_WRONG_CURVE_PARAMETERS 145
# define EC_R_WRONG_ORDER 130
@@ -157465,8 +154688,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h
-index 6a4a7b1..681f3d5 100644
--- a/include/openssl/ecdh.h
+++ b/include/openssl/ecdh.h
@@ -1 +1,10 @@
@@ -157480,8 +154701,6 @@
+ */
+
#include <openssl/ec.h>
-diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h
-index 6a4a7b1..681f3d5 100644
--- a/include/openssl/ecdsa.h
+++ b/include/openssl/ecdsa.h
@@ -1 +1,10 @@
@@ -157495,8 +154714,6 @@
+ */
+
#include <openssl/ec.h>
-diff --git a/include/openssl/engine.h b/include/openssl/engine.h
-index 3123ad3..e9d3ab2 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -1,60 +1,12 @@
@@ -157566,15 +154783,55 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-@@ -802,6 +754,7 @@ void ENGINE_setup_bsd_cryptodev(void);
+@@ -744,7 +696,7 @@ typedef unsigned long (*dynamic_v_check_
+ # define IMPLEMENT_DYNAMIC_CHECK_FN() \
+ OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
+ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+- if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
++ if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+ return 0; }
+
+ /*
+@@ -772,13 +724,13 @@ typedef int (*dynamic_bind_engine) (ENGI
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+ OPENSSL_EXPORT \
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+- if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+- CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
+- fns->mem_fns.realloc_fn, \
+- fns->mem_fns.free_fn); \
++ if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
++ CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
++ fns->mem_fns.realloc_fn, \
++ fns->mem_fns.free_fn); \
+ skip_cbs: \
+- if(!fn(e,id)) return 0; \
+- return 1; }
++ if (!fn(e, id)) return 0; \
++ return 1; }
+
+ /*
+ * If the loading application (or library) and the loaded ENGINE library
+@@ -794,7 +746,7 @@ typedef int (*dynamic_bind_engine) (ENGI
+ void *ENGINE_get_static_state(void);
+
+ # if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-void ENGINE_setup_bsd_cryptodev(void);
++DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
+ # endif
+
+ /* BEGIN ERROR CODES */
+@@ -802,7 +754,8 @@ void ENGINE_setup_bsd_cryptodev(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_ENGINE_strings(void);
+
- void ERR_load_ENGINE_strings(void);
++int ERR_load_ENGINE_strings(void);
/* Error codes for the ENGINE functions. */
-@@ -818,9 +771,7 @@ void ERR_load_ENGINE_strings(void);
+
+@@ -818,10 +771,10 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_F_ENGINE_CTRL_CMD 178
# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
# define ENGINE_F_ENGINE_FINISH 107
@@ -157582,10 +154839,16 @@
# define ENGINE_F_ENGINE_GET_CIPHER 185
-# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
# define ENGINE_F_ENGINE_GET_DIGEST 186
++# define ENGINE_F_ENGINE_GET_FIRST 195
++# define ENGINE_F_ENGINE_GET_LAST 196
# define ENGINE_F_ENGINE_GET_NEXT 115
# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
-@@ -835,17 +786,14 @@ void ERR_load_ENGINE_strings(void);
+ # define ENGINE_F_ENGINE_GET_PKEY_METH 192
+@@ -833,19 +786,17 @@ void ERR_load_ENGINE_strings(void);
+ # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
+ # define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
# define ENGINE_F_ENGINE_NEW 122
++# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197
# define ENGINE_F_ENGINE_REMOVE 123
# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
-# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
@@ -157602,7 +154865,7 @@
/* Reason codes. */
# define ENGINE_R_ALREADY_LOADED 100
-@@ -855,8 +803,6 @@ void ERR_load_ENGINE_strings(void);
+@@ -855,8 +806,6 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
# define ENGINE_R_CONFLICTING_ENGINE_ID 103
# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
@@ -157611,7 +154874,7 @@
# define ENGINE_R_DSO_FAILURE 104
# define ENGINE_R_DSO_NOT_FOUND 132
# define ENGINE_R_ENGINES_SECTION_ERROR 148
-@@ -866,7 +812,6 @@ void ERR_load_ENGINE_strings(void);
+@@ -866,7 +815,6 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
# define ENGINE_R_FINISH_FAILED 106
@@ -157619,7 +154882,7 @@
# define ENGINE_R_ID_OR_NAME_MISSING 108
# define ENGINE_R_INIT_FAILED 109
# define ENGINE_R_INTERNAL_LIST_ERROR 110
-@@ -882,17 +827,13 @@ void ERR_load_ENGINE_strings(void);
+@@ -882,17 +830,13 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_R_NO_LOAD_FUNCTION 125
# define ENGINE_R_NO_REFERENCE 130
# define ENGINE_R_NO_SUCH_ENGINE 116
@@ -157639,8 +154902,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/err.h b/include/openssl/err.h
-index ccf2ff7..9dcd27e 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -1,111 +1,10 @@
@@ -157814,6 +155075,19 @@
/*
* 99 is the maximum possible ERR_R_... code, higher values are reserved for
+@@ -349,9 +231,9 @@ void ERR_print_errors_fp(FILE *fp);
+ void ERR_print_errors(BIO *bp);
+ void ERR_add_error_data(int num, ...);
+ void ERR_add_error_vdata(int num, va_list args);
+-void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+-void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
+-void ERR_load_ERR_strings(void);
++int ERR_load_strings(int lib, ERR_STRING_DATA str[]);
++int ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
++int ERR_load_ERR_strings(void);
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ # define ERR_load_crypto_strings() \
@@ -359,9 +241,8 @@ void ERR_load_ERR_strings(void);
# define ERR_free_strings() while(0) continue
#endif
@@ -157826,8 +155100,6 @@
ERR_STATE *ERR_get_state(void);
LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 250730f..207d772 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1,58 +1,10 @@
@@ -157895,8 +155167,41 @@
*/
#ifndef HEADER_ENVELOPE_H
-@@ -658,8 +610,8 @@ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+@@ -548,22 +500,22 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+ # define EVP_MD_CTX_create() EVP_MD_CTX_new()
+ # define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx))
+ # define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+-/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
++__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+ void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+ void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+-/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
++__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+ ENGINE *impl);
+-/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
++__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+ size_t cnt);
+-/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
++__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+-/*__owur*/ int EVP_Digest(const void *data, size_t count,
++__owur int EVP_Digest(const void *data, size_t count,
+ unsigned char *md, unsigned int *size,
+ const EVP_MD *type, ENGINE *impl);
+
+-/*__owur*/ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+-/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
++__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
++__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ __owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+
+@@ -656,10 +608,11 @@ int EVP_CIPHER_CTX_test_flags(const EVP_
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
++int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
@@ -157906,7 +155211,7 @@
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-@@ -949,6 +901,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
+@@ -949,6 +902,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, in
int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
void *EVP_PKEY_get0(const EVP_PKEY *pkey);
@@ -157914,7 +155219,7 @@
# ifndef OPENSSL_NO_RSA
struct rsa_st;
-@@ -976,7 +929,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+@@ -976,7 +930,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(E
# endif
EVP_PKEY *EVP_PKEY_new(void);
@@ -157923,12 +155228,13 @@
void EVP_PKEY_free(EVP_PKEY *pkey);
EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
-@@ -1486,28 +1439,20 @@ void EVP_add_alg_module(void);
+@@ -1486,28 +1440,20 @@ void EVP_add_alg_module(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_EVP_strings(void);
+
- void ERR_load_EVP_strings(void);
++int ERR_load_EVP_strings(void);
/* Error codes for the EVP functions. */
@@ -157953,7 +155259,7 @@
# define EVP_F_EVP_CIPHERINIT_EX 123
# define EVP_F_EVP_CIPHER_CTX_COPY 163
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
-@@ -1539,8 +1484,8 @@ void ERR_load_EVP_strings(void);
+@@ -1539,8 +1485,8 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
# define EVP_F_EVP_PKEY_GET0_DH 119
# define EVP_F_EVP_PKEY_GET0_DSA 120
@@ -157963,7 +155269,7 @@
# define EVP_F_EVP_PKEY_GET0_RSA 121
# define EVP_F_EVP_PKEY_KEYGEN 146
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
-@@ -1553,35 +1498,20 @@ void ERR_load_EVP_strings(void);
+@@ -1553,35 +1499,20 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_VERIFY_INIT 143
# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144
# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145
@@ -157999,7 +155305,7 @@
# define EVP_R_BUFFER_TOO_SMALL 155
# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
# define EVP_R_CIPHER_PARAMETER_ERROR 122
-@@ -1593,15 +1523,12 @@ void ERR_load_EVP_strings(void);
+@@ -1593,15 +1524,12 @@ void ERR_load_EVP_strings(void);
# define EVP_R_DECODE_ERROR 114
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
@@ -158016,7 +155322,7 @@
# define EVP_R_EXPECTING_A_EC_KEY 142
# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
-@@ -1611,7 +1538,6 @@ void ERR_load_EVP_strings(void);
+@@ -1611,7 +1539,6 @@ void ERR_load_EVP_strings(void);
# define EVP_R_INVALID_FIPS_MODE 168
# define EVP_R_INVALID_KEY_LENGTH 130
# define EVP_R_INVALID_OPERATION 148
@@ -158024,7 +155330,7 @@
# define EVP_R_KEYGEN_FAILURE 120
# define EVP_R_MEMORY_LIMIT_EXCEEDED 172
# define EVP_R_MESSAGE_DIGEST_IS_NULL 159
-@@ -1620,18 +1546,13 @@ void ERR_load_EVP_strings(void);
+@@ -1620,18 +1547,13 @@ void ERR_load_EVP_strings(void);
# define EVP_R_NO_CIPHER_SET 131
# define EVP_R_NO_DEFAULT_DIGEST 158
# define EVP_R_NO_DIGEST_SET 139
@@ -158043,7 +155349,7 @@
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-@@ -1647,9 +1568,8 @@ void ERR_load_EVP_strings(void);
+@@ -1647,9 +1569,8 @@ void ERR_load_EVP_strings(void);
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
@@ -158055,8 +155361,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
-index 71d7d65..9f06896 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -1,59 +1,12 @@
@@ -158135,7 +155439,7 @@
HMAC_CTX *HMAC_CTX_new(void);
int HMAC_CTX_reset(HMAC_CTX *ctx);
void HMAC_CTX_free(HMAC_CTX *ctx);
-@@ -87,6 +40,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+@@ -87,6 +40,7 @@ unsigned char *HMAC(const EVP_MD *evp_md
__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
@@ -158143,8 +155447,6 @@
#ifdef __cplusplus
}
-diff --git a/include/openssl/idea.h b/include/openssl/idea.h
-index 65e0b44..4334f3e 100644
--- a/include/openssl/idea.h
+++ b/include/openssl/idea.h
@@ -1,58 +1,10 @@
@@ -158212,7 +155514,7 @@
*/
#ifndef HEADER_IDEA_H
-@@ -93,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+@@ -93,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned c
int *num);
void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
@@ -158221,8 +155523,6 @@
# define idea_options IDEA_options
# define idea_ecb_encrypt IDEA_ecb_encrypt
# define idea_set_encrypt_key IDEA_set_encrypt_key
-diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
-index e61a9a6..3078b56 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -1,54 +1,10 @@
@@ -158285,14 +155585,16 @@
*/
#ifndef HEADER_KDF_H
-@@ -99,6 +55,7 @@ extern "C" {
+@@ -99,7 +55,8 @@ extern "C" {
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_KDF_strings(void);
+
- void ERR_load_KDF_strings(void);
++int ERR_load_KDF_strings(void);
/* Error codes for the KDF functions. */
+
@@ -112,7 +69,7 @@ void ERR_load_KDF_strings(void);
# define KDF_R_MISSING_PARAMETER 101
# define KDF_R_VALUE_MISSING 102
@@ -158303,8 +155605,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
-index 8b8822b..e2ccb65 100644
--- a/include/openssl/lhash.h
+++ b/include/openssl/lhash.h
@@ -1,58 +1,10 @@
@@ -158395,7 +155695,7 @@
/*
* Macros for declaring and implementing type-safe wrappers for LHASH
-@@ -118,62 +66,53 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *);
+@@ -118,62 +66,53 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)
name##_doall_arg(a, b); }
# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
@@ -158499,7 +155799,7 @@
/* Type checking... */
-@@ -186,56 +125,56 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
+@@ -186,56 +125,56 @@ void lh_node_usage_stats_bio(const _LHAS
int (*cfn)(const type *, const type *)) \
{ \
return (LHASH_OF(type) *) \
@@ -158569,7 +155869,7 @@
} \
LHASH_OF(type)
-@@ -251,17 +190,10 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
+@@ -251,17 +190,10 @@ void lh_node_usage_stats_bio(const _LHAS
void (*fn)(cbargtype *, argtype *), \
argtype *arg) \
{ \
@@ -158588,8 +155888,6 @@
DEFINE_LHASH_OF(OPENSSL_STRING);
DEFINE_LHASH_OF(OPENSSL_CSTRING);
-diff --git a/include/openssl/md2.h b/include/openssl/md2.h
-index d77a4fa..7faf8e3 100644
--- a/include/openssl/md2.h
+++ b/include/openssl/md2.h
@@ -1,58 +1,10 @@
@@ -158657,8 +155955,6 @@
*/
#ifndef HEADER_MD2_H
-diff --git a/include/openssl/md4.h b/include/openssl/md4.h
-index b40a839..940e29d 100644
--- a/include/openssl/md4.h
+++ b/include/openssl/md4.h
@@ -1,58 +1,10 @@
@@ -158726,14 +156022,14 @@
*/
#ifndef HEADER_MD4_H
-diff --git a/include/openssl/md5.h b/include/openssl/md5.h
-index 5b34b46..2deb772 100644
--- a/include/openssl/md5.h
+++ b/include/openssl/md5.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -158781,9 +156077,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -158795,8 +156089,6 @@
*/
#ifndef HEADER_MD5_H
-diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h
-index 229b122..aabd2bf 100644
--- a/include/openssl/mdc2.h
+++ b/include/openssl/mdc2.h
@@ -1,58 +1,10 @@
@@ -158872,8 +156164,6 @@
# include <openssl/des.h>
# ifdef __cplusplus
extern "C" {
-diff --git a/include/openssl/modes.h b/include/openssl/modes.h
-index 11bbb68..a04c6a5 100644
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@@ -1,8 +1,10 @@
@@ -158891,8 +156181,6 @@
*/
#include <stddef.h>
-diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
-index 5d7adc7..ebb7963 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1,63 +1,12 @@
@@ -158966,8 +156254,6 @@
*/
#define SN_undef "UNDEF"
-diff --git a/include/openssl/objects.h b/include/openssl/objects.h
-index f8c2f05..4d3de7c 100644
--- a/include/openssl/objects.h
+++ b/include/openssl/objects.h
@@ -1,58 +1,10 @@
@@ -159035,14 +156321,16 @@
*/
#ifndef HEADER_OBJECTS_H
-@@ -1121,6 +1073,7 @@ void OBJ_sigid_free(void);
+@@ -1121,7 +1073,8 @@ void OBJ_sigid_free(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_OBJ_strings(void);
+
- void ERR_load_OBJ_strings(void);
++int ERR_load_OBJ_strings(void);
/* Error codes for the OBJ functions. */
+
@@ -1135,10 +1088,10 @@ void ERR_load_OBJ_strings(void);
# define OBJ_F_OBJ_NID2SN 104
@@ -159057,35 +156345,19 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
-index 546e9bc..7ded752 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -1,75 +1,50 @@
/*
- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project.
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
-+#ifndef HEADER_OCSP_H
-+# define HEADER_OCSP_H
-+
-+#include <openssl/opensslconf.h>
-+
- /*
+- */
+-
+-/*
- * History: This file was transferred to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
-+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
-+ * historical reasons they have OCSP_* names, they can actually be used
-+ * independently of OCSP. E.g. see RFC5280
- */
+- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
@@ -159138,7 +156410,28 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-- *
++ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
+ */
+
+ #ifndef HEADER_OCSP_H
+ # define HEADER_OCSP_H
+
+-# include <openssl/ossl_typ.h>
+-# include <openssl/x509.h>
+-# include <openssl/x509v3.h>
+-# include <openssl/safestack.h>
++#include <openssl/opensslconf.h>
++
++/*
++ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
++ * historical reasons they have OCSP_* names, they can actually be used
++ * independently of OCSP. E.g. see RFC5280
++ */
+/*-
+ * CRLReason ::= ENUMERATED {
+ * unspecified (0),
@@ -159149,7 +156442,7 @@
+ * cessationOfOperation (5),
+ * certificateHold (6),
+ * removeFromCRL (8) }
- */
++ */
+# define OCSP_REVOKED_STATUS_NOSTATUS -1
+# define OCSP_REVOKED_STATUS_UNSPECIFIED 0
+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
@@ -159159,14 +156452,8 @@
+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
-
--#ifndef HEADER_OCSP_H
--# define HEADER_OCSP_H
-
--# include <openssl/ossl_typ.h>
--# include <openssl/x509.h>
--# include <openssl/x509v3.h>
--# include <openssl/safestack.h>
++
++
+# ifndef OPENSSL_NO_OCSP
+
+# include <openssl/ossl_typ.h>
@@ -159181,7 +156468,8 @@
/* Various flags and values */
-# define OCSP_DEFAULT_NONCE_LENGTH 16
--
++# define OCSP_DEFAULT_NONCE_LENGTH 16
+
-# define OCSP_NOCERTS 0x1
-# define OCSP_NOINTERN 0x2
-# define OCSP_NOSIGS 0x4
@@ -159194,8 +156482,6 @@
-# define OCSP_TRUSTOTHER 0x200
-# define OCSP_RESPID_KEY 0x400
-# define OCSP_NOTIME 0x800
-+# define OCSP_DEFAULT_NONCE_LENGTH 16
-+
+# define OCSP_NOCERTS 0x1
+# define OCSP_NOINTERN 0x2
+# define OCSP_NOSIGS 0x4
@@ -159211,7 +156497,7 @@
typedef struct ocsp_cert_id_st OCSP_CERTID;
-@@ -104,26 +79,26 @@ typedef struct ocsp_req_info_st OCSP_REQINFO;
+@@ -104,26 +79,26 @@ typedef struct ocsp_req_info_st OCSP_REQ
typedef struct ocsp_signature_st OCSP_SIGNATURE;
typedef struct ocsp_request_st OCSP_REQUEST;
@@ -159249,7 +156535,7 @@
typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
-@@ -134,75 +109,54 @@ typedef struct ocsp_response_data_st OCSP_RESPDATA;
+@@ -134,75 +109,54 @@ typedef struct ocsp_response_data_st OCS
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
@@ -159341,12 +156627,25 @@
(OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-@@ -392,12 +346,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+@@ -259,6 +213,11 @@ ASN1_OCTET_STRING *OCSP_resp_get0_signat
+ int OCSP_resp_count(OCSP_BASICRESP *bs);
+ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+ ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs);
++const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
++int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
++ const ASN1_OCTET_STRING **pid,
++ const X509_NAME **pname);
++
+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+@@ -392,12 +351,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_OCSP_strings(void);
+
- void ERR_load_OCSP_strings(void);
++int ERR_load_OCSP_strings(void);
/* Error codes for the OCSP functions. */
@@ -159355,7 +156654,7 @@
# define OCSP_F_D2I_OCSP_NONCE 102
# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
# define OCSP_F_OCSP_BASIC_SIGN 104
-@@ -412,13 +366,9 @@ void ERR_load_OCSP_strings(void);
+@@ -412,13 +371,9 @@ void ERR_load_OCSP_strings(void);
# define OCSP_F_OCSP_REQUEST_SIGN 110
# define OCSP_F_OCSP_REQUEST_VERIFY 116
# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
@@ -159369,7 +156668,7 @@
# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
# define OCSP_R_DIGEST_ERR 102
# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
-@@ -428,8 +378,6 @@ void ERR_load_OCSP_strings(void);
+@@ -428,8 +383,6 @@ void ERR_load_OCSP_strings(void);
# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
# define OCSP_R_NOT_BASIC_RESPONSE 104
# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
@@ -159378,7 +156677,7 @@
# define OCSP_R_NO_RESPONSE_DATA 108
# define OCSP_R_NO_REVOKED_TIME 109
# define OCSP_R_NO_SIGNER_KEY 130
-@@ -437,10 +385,8 @@ void ERR_load_OCSP_strings(void);
+@@ -437,10 +390,8 @@ void ERR_load_OCSP_strings(void);
# define OCSP_R_REQUEST_NOT_SIGNED 128
# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
# define OCSP_R_ROOT_CA_NOT_TRUSTED 112
@@ -159389,7 +156688,7 @@
# define OCSP_R_SIGNATURE_FAILURE 117
# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
# define OCSP_R_STATUS_EXPIRED 125
-@@ -450,7 +396,8 @@ void ERR_load_OCSP_strings(void);
+@@ -450,7 +401,8 @@ void ERR_load_OCSP_strings(void);
# define OCSP_R_UNKNOWN_NID 120
# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
@@ -159400,8 +156699,6 @@
+# endif
+# endif
#endif
-diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in
-index 803cc16..bec5bd0 100644
--- a/include/openssl/opensslconf.h.in
+++ b/include/openssl/opensslconf.h.in
@@ -1,5 +1,12 @@
@@ -159417,8 +156714,6 @@
*/
#ifdef __cplusplus
-diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
-index 72d33f9..2dd067f 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -1,3 +1,12 @@
@@ -159449,8 +156744,6 @@
# endif
/*-
-diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
-index 81da792..adc50ed 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -1,55 +1,10 @@
@@ -159515,8 +156808,19 @@
*/
#ifndef HEADER_OPENSSL_TYPES_H
-diff --git a/include/openssl/pem.h b/include/openssl/pem.h
-index 0206fec..6dd76ee 100644
+@@ -108,10 +63,11 @@ typedef struct ASN1_ITEM_st ASN1_ITEM;
+ typedef struct asn1_pctx_st ASN1_PCTX;
+ typedef struct asn1_sctx_st ASN1_SCTX;
+
+-# ifdef OPENSSL_SYS_WIN32
++# ifdef _WIN32
+ # undef X509_NAME
+ # undef X509_EXTENSIONS
+ # undef PKCS7_ISSUER_AND_SERIAL
++# undef PKCS7_SIGNER_INFO
+ # undef OCSP_REQUEST
+ # undef OCSP_RESPONSE
+ # endif
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -1,58 +1,10 @@
@@ -159596,7 +156900,7 @@
int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
char *kstr, int klen,
pem_password_cb *cb, void *u);
-@@ -421,7 +378,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+@@ -421,7 +378,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp,
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u);
@@ -159605,7 +156909,7 @@
int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen,
pem_password_cb *cb, void *u);
-@@ -438,20 +395,22 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+@@ -438,20 +395,22 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *f
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cd,
void *u);
@@ -159630,14 +156934,16 @@
# endif
/* BEGIN ERROR CODES */
-@@ -459,6 +418,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+@@ -459,7 +418,8 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk,
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_PEM_strings(void);
+
- void ERR_load_PEM_strings(void);
++int ERR_load_PEM_strings(void);
/* Error codes for the PEM functions. */
+
@@ -487,9 +447,7 @@ void ERR_load_PEM_strings(void);
# define PEM_F_PEM_ASN1_WRITE_BIO 105
# define PEM_F_PEM_DEF_CALLBACK 100
@@ -159678,8 +156984,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/pem2.h b/include/openssl/pem2.h
-index 84897d5..9cb7472 100644
--- a/include/openssl/pem2.h
+++ b/include/openssl/pem2.h
@@ -1,60 +1,10 @@
@@ -159749,8 +157053,15 @@
*/
#ifdef __cplusplus
-diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
-index 655655a..4c49fb2 100644
+@@ -62,7 +12,7 @@ extern "C" {
+ #endif
+
+ #ifndef HEADER_PEM_H
+-void ERR_load_PEM_strings(void);
++int ERR_load_PEM_strings(void);
+ #endif
+
+ #ifdef __cplusplus
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h
@@ -1,59 +1,10 @@
@@ -159851,8 +157162,9 @@
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_PKCS12_strings(void);
+
- void ERR_load_PKCS12_strings(void);
++int ERR_load_PKCS12_strings(void);
/* Error codes for the PKCS12 functions. */
@@ -159892,8 +157204,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
-index 7ca085e..6148cec 100644
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h
@@ -1,58 +1,10 @@
@@ -159961,21 +157271,26 @@
*/
#ifndef HEADER_PKCS7_H
-@@ -70,7 +22,7 @@ extern "C" {
+@@ -69,12 +21,6 @@
+ extern "C" {
#endif
- # ifdef OPENSSL_SYS_WIN32
+-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 thes are defined in wincrypt.h */
-+/* Under Win32 these are defined in wincrypt.h */
- # undef PKCS7_ISSUER_AND_SERIAL
- # undef PKCS7_SIGNER_INFO
- # endif
-@@ -371,15 +323,13 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
+-# undef PKCS7_ISSUER_AND_SERIAL
+-# undef PKCS7_SIGNER_INFO
+-# endif
+-
+ /*-
+ Encryption_ID DES-CBC
+ Digest_ID MD5
+@@ -371,15 +317,13 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_PKCS7_strings(void);
+
- void ERR_load_PKCS7_strings(void);
++int ERR_load_PKCS7_strings(void);
/* Error codes for the PKCS7 functions. */
@@ -159987,7 +157302,7 @@
# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135
# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
-@@ -393,7 +343,6 @@ void ERR_load_PKCS7_strings(void);
+@@ -393,7 +337,6 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_F_PKCS7_DATADECODE 112
# define PKCS7_F_PKCS7_DATAFINAL 128
# define PKCS7_F_PKCS7_DATAINIT 105
@@ -159995,7 +157310,7 @@
# define PKCS7_F_PKCS7_DATAVERIFY 107
# define PKCS7_F_PKCS7_DECRYPT 114
# define PKCS7_F_PKCS7_DECRYPT_RINFO 133
-@@ -414,8 +363,6 @@ void ERR_load_PKCS7_strings(void);
+@@ -414,8 +357,6 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137
# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
# define PKCS7_F_PKCS7_VERIFY 117
@@ -160004,7 +157319,7 @@
/* Reason codes. */
# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
-@@ -423,46 +370,29 @@ void ERR_load_PKCS7_strings(void);
+@@ -423,46 +364,29 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_R_CIPHER_NOT_INITIALIZED 116
# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
# define PKCS7_R_CTRL_ERROR 152
@@ -160051,7 +157366,7 @@
# define PKCS7_R_SMIME_TEXT_ERROR 129
# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
-@@ -474,7 +404,7 @@ void ERR_load_PKCS7_strings(void);
+@@ -474,7 +398,7 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_R_WRONG_CONTENT_TYPE 113
# define PKCS7_R_WRONG_PKCS7_TYPE 114
@@ -160061,8 +157376,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/rand.h b/include/openssl/rand.h
-index d337ee7..d0f8eab 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -1,58 +1,10 @@
@@ -160130,7 +157443,18 @@
*/
#ifndef HEADER_RAND_H
-@@ -113,41 +65,28 @@ int RAND_egd_bytes(const char *path, int bytes);
+@@ -62,10 +14,6 @@
+ # include <openssl/ossl_typ.h>
+ # include <openssl/e_os2.h>
+
+-# if defined(OPENSSL_SYS_WINDOWS)
+-# include <windows.h>
+-# endif
+-
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+@@ -113,41 +61,29 @@ int RAND_egd_bytes(const char *path, int
# endif
int RAND_poll(void);
@@ -160140,7 +157464,8 @@
-int RAND_event(UINT, WPARAM, LPARAM);
-
-# endif
-+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
++#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
++/* application has to include <windows.h> in order to use these */
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+#endif
@@ -160150,8 +157475,9 @@
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_RAND_strings(void);
+
- void ERR_load_RAND_strings(void);
++int ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -160179,8 +157505,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h
-index 50be22d..585f9e4 100644
--- a/include/openssl/rc2.h
+++ b/include/openssl/rc2.h
@@ -1,58 +1,10 @@
@@ -160248,8 +157572,6 @@
*/
#ifndef HEADER_RC2_H
-diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h
-index a5fdbfb..86803b3 100644
--- a/include/openssl/rc4.h
+++ b/include/openssl/rc4.h
@@ -1,58 +1,10 @@
@@ -160317,14 +157639,14 @@
*/
#ifndef HEADER_RC4_H
-diff --git a/include/openssl/rc5.h b/include/openssl/rc5.h
-index c1ff358..793f88e 100644
--- a/include/openssl/rc5.h
+++ b/include/openssl/rc5.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -160372,9 +157694,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -160386,8 +157706,6 @@
*/
#ifndef HEADER_RC5_H
-diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h
-index 97e5df7..c42026a 100644
--- a/include/openssl/ripemd.h
+++ b/include/openssl/ripemd.h
@@ -1,58 +1,10 @@
@@ -160455,8 +157773,6 @@
*/
#ifndef HEADER_RIPEMD_H
-diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
-index 1698fb3..b9d14e4 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -1,58 +1,10 @@
@@ -160568,7 +157884,7 @@
/* Deprecated version */
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
-@@ -278,9 +226,6 @@ const RSA_METHOD *RSA_get_default_method(void);
+@@ -278,9 +226,6 @@ const RSA_METHOD *RSA_get_default_method
const RSA_METHOD *RSA_get_method(const RSA *rsa);
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
@@ -160582,8 +157898,9 @@
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_RSA_strings(void);
+
- void ERR_load_RSA_strings(void);
++int ERR_load_RSA_strings(void);
/* Error codes for the RSA functions. */
@@ -160664,8 +157981,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h
-index 538774d..7877fd9 100644
--- a/include/openssl/safestack.h
+++ b/include/openssl/safestack.h
@@ -1,56 +1,10 @@
@@ -160908,8 +158223,6 @@
/*
* Similarly, we sometimes use a block of characters, NOT nul-terminated.
-diff --git a/include/openssl/seed.h b/include/openssl/seed.h
-index e643e76..bb97131 100644
--- a/include/openssl/seed.h
+++ b/include/openssl/seed.h
@@ -1,4 +1,13 @@
@@ -160987,14 +158300,14 @@
*/
#ifndef HEADER_SEED_H
-diff --git a/include/openssl/sha.h b/include/openssl/sha.h
-index 27c7cab..6a1eb0d 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -161042,9 +158355,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -161056,8 +158367,6 @@
*/
#ifndef HEADER_SHA_H
-diff --git a/include/openssl/srp.h b/include/openssl/srp.h
-index 37e7678..f2b6ec7 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -1,61 +1,12 @@
@@ -161151,7 +158460,7 @@
} SRP_gN;
DEFINE_STACK_OF(SRP_gN)
-@@ -152,22 +103,23 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+@@ -152,22 +103,23 @@ int SRP_create_verifier_BN(const char *u
# define DB_SRP_MODIF 'v'
/* see srp.c */
@@ -161186,8 +158495,6 @@
# define SRP_MINIMAL_N 1024
-diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
-index da9369e..5ddfa46 100644
--- a/include/openssl/srtp.h
+++ b/include/openssl/srtp.h
@@ -1,112 +1,12 @@
@@ -161310,8 +158617,6 @@
/*
* DTLS code by Eric Rescorla <ekr at rtfm.com>
*
-diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index 44f44bf..d2736e2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1,112 +1,12 @@
@@ -161434,7 +158739,25 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
-@@ -884,6 +784,7 @@ __owur int SSL_extension_supported(unsigned int ext_type);
+@@ -419,7 +319,7 @@ typedef int (*custom_ext_parse_cb) (SSL
+ # define SSL_OP_SINGLE_ECDH_USE 0x0
+ /* Does nothing: retained for compatibility */
+ # define SSL_OP_SINGLE_DH_USE 0x0
+-/* Does nothing: retained for compatibiity */
++/* Does nothing: retained for compatibility */
+ # define SSL_OP_EPHEMERAL_RSA 0x0
+ /*
+ * Set on servers to choose the cipher according to the server's preferences
+@@ -507,7 +407,7 @@ typedef int (*custom_ext_parse_cb) (SSL
+ /* Cert related flags */
+ /*
+ * Many implementations ignore some aspects of the TLS standards such as
+- * enforcing certifcate chain algorithms. When this is set we enforce them.
++ * enforcing certificate chain algorithms. When this is set we enforce them.
+ */
+ # define SSL_CERT_FLAG_TLS_STRICT 0x00000001U
+
+@@ -884,6 +784,7 @@ const char *SSL_get_psk_identity(const S
# define SSL_READING 3
# define SSL_X509_LOOKUP 4
# define SSL_ASYNC_PAUSED 5
@@ -161442,7 +158765,7 @@
/* These will only be used when doing non-blocking IO */
# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
-@@ -891,6 +792,7 @@ __owur int SSL_extension_supported(unsigned int ext_type);
+@@ -891,6 +792,7 @@ const char *SSL_get_psk_identity(const S
# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED)
@@ -161495,7 +158818,7 @@
void SSL_CTX_free(SSL_CTX *);
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-@@ -1473,6 +1390,7 @@ __owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+@@ -1473,6 +1390,7 @@ int SSL_add_dir_cert_subjects_to_stack(S
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
@@ -161503,7 +158826,7 @@
__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
-@@ -1551,7 +1469,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid
+@@ -1551,7 +1469,8 @@ void *SSL_get_default_passwd_cb_userdata
unsigned int sid_ctx_len);
SSL *SSL_new(SSL_CTX *ctx);
@@ -161513,7 +158836,38 @@
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
-@@ -1738,6 +1657,7 @@ __owur int SSL_get_quiet_shutdown(const SSL *ssl);
+@@ -1580,6 +1499,13 @@ void SSL_set_hostflags(SSL *s, unsigned
+ * offline testing in test/danetest.c
+ */
+ SSL_DANE *SSL_get0_dane(SSL *ssl);
++/*
++ * DANE flags
++ */
++unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
++unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
++unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
++unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+ __owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+ __owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+@@ -1613,11 +1539,16 @@ int SSL_set_srp_server_param_pw(SSL *s,
+
+ void SSL_certs_clear(SSL *s);
+ void SSL_free(SSL *ssl);
++# ifdef OSSL_ASYNC_FD
++/*
++ * Windows application developer has to include windows.h to use these.
++ */
+ __owur int SSL_waiting_for_async(SSL *s);
+ __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
+ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
+ size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+ size_t *numdelfds);
++# endif
+ __owur int SSL_accept(SSL *ssl);
+ __owur int SSL_connect(SSL *ssl);
+ __owur int SSL_read(SSL *ssl, void *buf, int num);
+@@ -1738,6 +1669,7 @@ void SSL_set_quiet_shutdown(SSL *ssl, in
void SSL_set_shutdown(SSL *ssl, int mode);
__owur int SSL_get_shutdown(const SSL *ssl);
__owur int SSL_version(const SSL *ssl);
@@ -161521,15 +158875,27 @@
__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
-@@ -2103,6 +2023,7 @@ extern const char SSL_version_str[];
+@@ -1820,8 +1752,8 @@ void *SSL_CTX_get_ex_data(const SSL_CTX
+ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+ void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+- /* NB: the keylength is only applicable when is_export is true */
+ # ifndef OPENSSL_NO_DH
++/* NB: the |keylength| is only applicable when is_export is true */
+ void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength));
+@@ -2103,7 +2035,8 @@ extern const char SSL_version_str[];
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_SSL_strings(void);
+
- void ERR_load_SSL_strings(void);
++int ERR_load_SSL_strings(void);
/* Error codes for the SSL functions. */
-@@ -2117,21 +2038,14 @@ void ERR_load_SSL_strings(void);
+
+@@ -2117,21 +2050,14 @@ void ERR_load_SSL_strings(void);
# define SSL_F_DANE_TLSA_ADD 394
# define SSL_F_DO_DTLS1_WRITE 245
# define SSL_F_DO_SSL3_WRITE 104
@@ -161553,9 +158919,12 @@
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
# define SSL_F_DTLSV1_LISTEN 350
# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371
-@@ -2140,11 +2054,8 @@ void ERR_load_SSL_strings(void);
+@@ -2139,12 +2065,11 @@ void ERR_load_SSL_strings(void);
+ # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
# define SSL_F_OPENSSL_INIT_SSL 342
++# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417
++# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418
# define SSL_F_READ_STATE_MACHINE 352
-# define SSL_F_SSL3_ADD_CERT_TO_BUF 296
-# define SSL_F_SSL3_CALLBACK_CTRL 233
@@ -161565,7 +158934,7 @@
# define SSL_F_SSL3_CTRL 213
# define SSL_F_SSL3_CTX_CTRL 133
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
-@@ -2153,9 +2064,8 @@ void ERR_load_SSL_strings(void);
+@@ -2153,9 +2078,8 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
# define SSL_F_SSL3_GET_RECORD 143
@@ -161576,7 +158945,7 @@
# define SSL_F_SSL3_READ_BYTES 148
# define SSL_F_SSL3_READ_N 149
# define SSL_F_SSL3_SETUP_KEY_BLOCK 157
-@@ -2163,7 +2073,6 @@ void ERR_load_SSL_strings(void);
+@@ -2163,7 +2087,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
# define SSL_F_SSL3_WRITE_BYTES 158
# define SSL_F_SSL3_WRITE_PENDING 159
@@ -161584,7 +158953,7 @@
# define SSL_F_SSL_ADD_CERT_CHAIN 316
# define SSL_F_SSL_ADD_CERT_TO_BUF 319
# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
-@@ -2179,7 +2088,6 @@ void ERR_load_SSL_strings(void);
+@@ -2179,7 +2102,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346
# define SSL_F_SSL_CERT_DUP 221
@@ -161592,7 +158961,7 @@
# define SSL_F_SSL_CERT_NEW 162
# define SSL_F_SSL_CERT_SET0_CHAIN 340
# define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-@@ -2200,10 +2108,8 @@ void ERR_load_SSL_strings(void);
+@@ -2200,10 +2122,8 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396
@@ -161603,7 +158972,7 @@
# define SSL_F_SSL_CTX_USE_CERTIFICATE 171
# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
-@@ -2216,16 +2122,15 @@ void ERR_load_SSL_strings(void);
+@@ -2216,16 +2136,15 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
# define SSL_F_SSL_CTX_USE_SERVERINFO 336
# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337
@@ -161622,7 +158991,7 @@
# define SSL_F_SSL_GET_SIGN_PKEY 183
# define SSL_F_SSL_INIT_WBIO_BUFFER 184
# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
-@@ -2238,8 +2143,6 @@ void ERR_load_SSL_strings(void);
+@@ -2238,8 +2157,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
# define SSL_F_SSL_PEEK 270
@@ -161631,7 +159000,7 @@
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
-@@ -2253,17 +2156,14 @@ void ERR_load_SSL_strings(void);
+@@ -2253,17 +2170,14 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399
# define SSL_F_SSL_SET_FD 192
# define SSL_F_SSL_SET_PKEY 193
@@ -161649,7 +159018,7 @@
# define SSL_F_SSL_UNDEFINED_FUNCTION 197
# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
# define SSL_F_SSL_USE_CERTIFICATE 198
-@@ -2283,12 +2183,9 @@ void ERR_load_SSL_strings(void);
+@@ -2283,17 +2197,20 @@ void ERR_load_SSL_strings(void);
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341
@@ -161662,7 +159031,42 @@
# define SSL_F_TLS1_PRF 284
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
-@@ -2330,43 +2227,23 @@ void ERR_load_SSL_strings(void);
+ # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
+ # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
++# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404
++# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405
++# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406
++# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407
++# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409
++# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410
+ # define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
+ # define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
+ # define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
+@@ -2313,6 +2230,12 @@ void ERR_load_SSL_strings(void);
+ # define SSL_F_TLS_PROCESS_CERT_STATUS 362
+ # define SSL_F_TLS_PROCESS_CERT_VERIFY 379
+ # define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363
++# define SSL_F_TLS_PROCESS_CKE_DHE 411
++# define SSL_F_TLS_PROCESS_CKE_ECDHE 412
++# define SSL_F_TLS_PROCESS_CKE_GOST 413
++# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414
++# define SSL_F_TLS_PROCESS_CKE_RSA 415
++# define SSL_F_TLS_PROCESS_CKE_SRP 416
+ # define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380
+ # define SSL_F_TLS_PROCESS_CLIENT_HELLO 381
+ # define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382
+@@ -2323,6 +2246,10 @@ void ERR_load_SSL_strings(void);
+ # define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367
+ # define SSL_F_TLS_PROCESS_SERVER_DONE 368
+ # define SSL_F_TLS_PROCESS_SERVER_HELLO 369
++# define SSL_F_TLS_PROCESS_SKE_DHE 419
++# define SSL_F_TLS_PROCESS_SKE_ECDHE 420
++# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421
++# define SSL_F_TLS_PROCESS_SKE_SRP 422
+ # define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
+
+ /* Reason codes. */
+@@ -2330,43 +2257,23 @@ void ERR_load_SSL_strings(void);
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143
# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158
@@ -161706,7 +159110,7 @@
# define SSL_R_BAD_SRTP_MKI_VALUE 352
# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
# define SSL_R_BAD_SSL_FILETYPE 124
-@@ -2376,7 +2253,6 @@ void ERR_load_SSL_strings(void);
+@@ -2376,7 +2283,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
# define SSL_R_BN_LIB 130
# define SSL_R_CA_DN_LENGTH_MISMATCH 131
@@ -161714,7 +159118,7 @@
# define SSL_R_CA_KEY_TOO_SMALL 397
# define SSL_R_CA_MD_TOO_WEAK 398
# define SSL_R_CCS_RECEIVED_EARLY 133
-@@ -2416,12 +2292,8 @@ void ERR_load_SSL_strings(void);
+@@ -2416,12 +2322,8 @@ void ERR_load_SSL_strings(void);
# define SSL_R_DIGEST_CHECK_FAILED 149
# define SSL_R_DTLS_MESSAGE_TOO_BIG 334
# define SSL_R_DUPLICATE_COMPRESSION_ID 309
@@ -161727,7 +159131,7 @@
# define SSL_R_EE_KEY_TOO_SMALL 399
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-@@ -2432,8 +2304,6 @@ void ERR_load_SSL_strings(void);
+@@ -2432,8 +2334,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_FAILED_TO_INIT_ASYNC 405
# define SSL_R_FRAGMENTED_CLIENT_HELLO 401
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
@@ -161736,7 +159140,7 @@
# define SSL_R_HTTPS_PROXY_REQUEST 155
# define SSL_R_HTTP_REQUEST 156
# define SSL_R_ILLEGAL_SUITEB_DIGEST 380
-@@ -2445,23 +2315,17 @@ void ERR_load_SSL_strings(void);
+@@ -2445,23 +2345,17 @@ void ERR_load_SSL_strings(void);
# define SSL_R_INVALID_CONFIGURATION_NAME 113
# define SSL_R_INVALID_CT_VALIDATION_TYPE 212
# define SSL_R_INVALID_NULL_CMD_NAME 385
@@ -161760,7 +159164,7 @@
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
# define SSL_R_MISSING_RSA_CERTIFICATE 168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
-@@ -2469,18 +2333,13 @@ void ERR_load_SSL_strings(void);
+@@ -2469,18 +2363,13 @@ void ERR_load_SSL_strings(void);
# define SSL_R_MISSING_SRP_PARAM 358
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
@@ -161779,7 +159183,7 @@
# define SSL_R_NO_COMPRESSION_SPECIFIED 187
# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
# define SSL_R_NO_METHOD_SPECIFIED 188
-@@ -2490,16 +2349,14 @@ void ERR_load_SSL_strings(void);
+@@ -2490,16 +2379,14 @@ void ERR_load_SSL_strings(void);
# define SSL_R_NO_RENEGOTIATION 339
# define SSL_R_NO_REQUIRED_DIGEST 324
# define SSL_R_NO_SHARED_CIPHER 193
@@ -161797,7 +159201,7 @@
# define SSL_R_PACKET_LENGTH_TOO_LONG 198
# define SSL_R_PARSE_TLSEXT 227
# define SSL_R_PATH_TOO_LONG 270
-@@ -2507,7 +2364,6 @@ void ERR_load_SSL_strings(void);
+@@ -2507,7 +2394,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_PEM_NAME_BAD_PREFIX 391
# define SSL_R_PEM_NAME_TOO_SHORT 392
# define SSL_R_PIPELINE_FAILURE 406
@@ -161805,7 +159209,7 @@
# define SSL_R_PROTOCOL_IS_SHUTDOWN 207
# define SSL_R_PSK_IDENTITY_NOT_FOUND 223
# define SSL_R_PSK_NO_CLIENT_CB 224
-@@ -2515,18 +2371,16 @@ void ERR_load_SSL_strings(void);
+@@ -2515,18 +2401,16 @@ void ERR_load_SSL_strings(void);
# define SSL_R_READ_BIO_NOT_SET 211
# define SSL_R_READ_TIMEOUT_EXPIRED 312
# define SSL_R_RECORD_LENGTH_MISMATCH 213
@@ -161825,7 +159229,7 @@
# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
-@@ -2534,11 +2388,9 @@ void ERR_load_SSL_strings(void);
+@@ -2534,11 +2418,20 @@ void ERR_load_SSL_strings(void);
# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
@@ -161834,14 +159238,43 @@
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
-# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
++# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
++# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
++# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
++# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
++# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
++# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
++# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
++# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
++# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
++# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
++# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
-@@ -2552,19 +2404,12 @@ void ERR_load_SSL_strings(void);
+@@ -2552,19 +2445,30 @@ void ERR_load_SSL_strings(void);
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210
-# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
++# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
++# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
++# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
++# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
++# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
++# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
++# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
++# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
++# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
++# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
++# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
++# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
++# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
++# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
++# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
++# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
++# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
++# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
# define SSL_R_TLS_HEARTBEAT_PENDING 366
# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
@@ -161857,7 +159290,7 @@
# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
# define SSL_R_UNEXPECTED_MESSAGE 244
-@@ -2580,13 +2425,10 @@ void ERR_load_SSL_strings(void);
+@@ -2580,13 +2484,10 @@ void ERR_load_SSL_strings(void);
# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
# define SSL_R_UNKNOWN_PKEY_TYPE 251
# define SSL_R_UNKNOWN_PROTOCOL 252
@@ -161871,7 +159304,7 @@
# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
# define SSL_R_UNSUPPORTED_PROTOCOL 258
# define SSL_R_UNSUPPORTED_SSL_VERSION 259
-@@ -2597,7 +2439,6 @@ void ERR_load_SSL_strings(void);
+@@ -2597,7 +2498,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_WRONG_CERTIFICATE_TYPE 383
# define SSL_R_WRONG_CIPHER_RETURNED 261
# define SSL_R_WRONG_CURVE 378
@@ -161879,7 +159312,7 @@
# define SSL_R_WRONG_SIGNATURE_LENGTH 264
# define SSL_R_WRONG_SIGNATURE_SIZE 265
# define SSL_R_WRONG_SIGNATURE_TYPE 370
-@@ -2606,7 +2447,7 @@ void ERR_load_SSL_strings(void);
+@@ -2606,7 +2506,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_X509_LIB 268
# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
@@ -161889,8 +159322,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h
-index e965dd5..5321bd2 100644
--- a/include/openssl/ssl2.h
+++ b/include/openssl/ssl2.h
@@ -1,58 +1,10 @@
@@ -161958,8 +159389,6 @@
*/
#ifndef HEADER_SSL2_H
-diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
-index 6ff00bc..aca1922 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -1,112 +1,12 @@
@@ -162082,8 +159511,6 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
-diff --git a/include/openssl/stack.h b/include/openssl/stack.h
-index 976e6ac..ae47be9 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -1,58 +1,10 @@
@@ -162156,20 +159583,42 @@
#endif
-typedef struct stack_st _STACK; /* Use STACK_OF(...) instead */
+-
+-int sk_num(const _STACK *);
+-void *sk_value(const _STACK *, int);
+-
+-void *sk_set(_STACK *, int, void *);
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
-+
+
+-_STACK *sk_new(int (*cmp) (const void *, const void *));
+-_STACK *sk_new_null(void);
+-void sk_free(_STACK *);
+-void sk_pop_free(_STACK *st, void (*func) (void *));
+-_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
+-int sk_insert(_STACK *sk, void *data, int where);
+-void *sk_delete(_STACK *st, int loc);
+-void *sk_delete_ptr(_STACK *st, void *p);
+-int sk_find(_STACK *st, void *data);
+-int sk_find_ex(_STACK *st, void *data);
+-int sk_push(_STACK *st, void *data);
+-int sk_unshift(_STACK *st, void *data);
+-void *sk_shift(_STACK *st);
+-void *sk_pop(_STACK *st);
+-void sk_zero(_STACK *st);
+-int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
+- (const void *, const void *);
+-_STACK *sk_dup(_STACK *st);
+-void sk_sort(_STACK *st);
+-int sk_is_sorted(const _STACK *st);
+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
+typedef void (*OPENSSL_sk_freefunc)(void *);
+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
+
+int OPENSSL_sk_num(const OPENSSL_STACK *);
+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
-
--int sk_num(const _STACK *);
--void *sk_value(const _STACK *, int);
++
+void *OPENSSL_sk_set(OPENSSL_STACK *, int, void *);
-
--void *sk_set(_STACK *, int, void *);
++
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_new_null(void);
+void OPENSSL_sk_free(OPENSSL_STACK *);
@@ -162189,27 +159638,7 @@
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
+void OPENSSL_sk_sort(OPENSSL_STACK *st);
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
-
--_STACK *sk_new(int (*cmp) (const void *, const void *));
--_STACK *sk_new_null(void);
--void sk_free(_STACK *);
--void sk_pop_free(_STACK *st, void (*func) (void *));
--_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
--int sk_insert(_STACK *sk, void *data, int where);
--void *sk_delete(_STACK *st, int loc);
--void *sk_delete_ptr(_STACK *st, void *p);
--int sk_find(_STACK *st, void *data);
--int sk_find_ex(_STACK *st, void *data);
--int sk_push(_STACK *st, void *data);
--int sk_unshift(_STACK *st, void *data);
--void *sk_shift(_STACK *st);
--void *sk_pop(_STACK *st);
--void sk_zero(_STACK *st);
--int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
-- (const void *, const void *);
--_STACK *sk_dup(_STACK *st);
--void sk_sort(_STACK *st);
--int sk_is_sorted(const _STACK *st);
++
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define _STACK OPENSSL_STACK
+# define sk_num OPENSSL_sk_num
@@ -162238,8 +159667,6 @@
#ifdef __cplusplus
}
-diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h
-index 99a2de5..caf1f1a 100644
--- a/include/openssl/symhacks.h
+++ b/include/openssl/symhacks.h
@@ -1,55 +1,10 @@
@@ -162304,8 +159731,6 @@
*/
#ifndef HEADER_SYMHACKS_H
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index c3344e1..11ad8e5 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1,112 +1,12 @@
@@ -162456,7 +159881,7 @@
# define TLS1_AD_DECRYPTION_FAILED 21
# define TLS1_AD_RECORD_OVERFLOW 22
-@@ -351,6 +252,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+@@ -351,6 +252,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEX
# define SSL_set_tlsext_debug_arg(ssl, arg) \
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
@@ -162466,7 +159891,7 @@
# define SSL_set_tlsext_status_type(ssl, type) \
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-@@ -394,6 +298,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+@@ -394,6 +298,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
@@ -162479,8 +159904,6 @@
# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-diff --git a/include/openssl/ts.h b/include/openssl/ts.h
-index 2e1514e..3fbaf55 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -1,59 +1,10 @@
@@ -162548,8 +159971,29 @@
*/
#ifndef HEADER_TS_H
-@@ -355,7 +306,7 @@ typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
+@@ -76,11 +27,6 @@
+ extern "C" {
+ # endif
+-# ifdef WIN32
+-/* Under Win32 this is defined in wincrypt.h */
+-# undef X509_NAME
+-# endif
+-
+ # include <openssl/x509.h>
+ # include <openssl/x509v3.h>
+
+@@ -210,8 +156,6 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(E
+ const unsigned char **pp, long length);
+ ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+
+-void ERR_load_TS_strings(void);
+-
+ int TS_REQ_set_version(TS_REQ *a, long version);
+ long TS_REQ_get_version(const TS_REQ *a);
+
+@@ -355,7 +299,7 @@ typedef int (*TS_extension_cb) (struct T
+
typedef struct TS_resp_ctx TS_RESP_CTX;
-DEFINE_STACK_OF(EVP_MD)
@@ -162557,12 +160001,13 @@
/* Creates a response context that can be used for generating responses. */
TS_RESP_CTX *TS_RESP_CTX_new(void);
-@@ -585,12 +536,12 @@ int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+@@ -585,12 +529,12 @@ int TS_CONF_set_ess_cert_id_chain(CONF *
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_TS_strings(void);
+
- void ERR_load_TS_strings(void);
++int ERR_load_TS_strings(void);
/* Error codes for the TS functions. */
@@ -162571,7 +160016,7 @@
# define TS_F_DEF_SERIAL_CB 110
# define TS_F_DEF_TIME_CB 111
# define TS_F_ESS_ADD_SIGNING_CERT 112
-@@ -635,7 +586,6 @@ void ERR_load_TS_strings(void);
+@@ -635,7 +579,6 @@ void ERR_load_TS_strings(void);
# define TS_F_TS_RESP_SET_TST_INFO 150
# define TS_F_TS_RESP_SIGN 136
# define TS_F_TS_RESP_VERIFY_SIGNATURE 106
@@ -162579,7 +160024,7 @@
# define TS_F_TS_TST_INFO_SET_ACCURACY 137
# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138
# define TS_F_TS_TST_INFO_SET_NONCE 139
-@@ -655,7 +605,6 @@ void ERR_load_TS_strings(void);
+@@ -655,7 +598,6 @@ void ERR_load_TS_strings(void);
# define TS_R_CERTIFICATE_VERIFY_ERROR 100
# define TS_R_COULD_NOT_SET_ENGINE 127
# define TS_R_COULD_NOT_SET_TIME 115
@@ -162587,7 +160032,7 @@
# define TS_R_DETACHED_CONTENT 134
# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116
# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101
-@@ -688,9 +637,8 @@ void ERR_load_TS_strings(void);
+@@ -688,9 +630,8 @@ void ERR_load_TS_strings(void);
# define TS_R_VAR_LOOKUP_FAILURE 136
# define TS_R_WRONG_CONTENT_TYPE 114
@@ -162599,8 +160044,6 @@
-# endif
-
#endif
-diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h
-index e83e725..0e6c943 100644
--- a/include/openssl/txt_db.h
+++ b/include/openssl/txt_db.h
@@ -1,58 +1,10 @@
@@ -162677,8 +160120,6 @@
void TXT_DB_free(TXT_DB *db);
OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
OPENSSL_STRING *value);
-diff --git a/include/openssl/ui.h b/include/openssl/ui.h
-index 3d1507e..dcebb6e 100644
--- a/include/openssl/ui.h
+++ b/include/openssl/ui.h
@@ -1,79 +1,29 @@
@@ -162774,7 +160215,7 @@
/*
* All the following functions return -1 or NULL on error and in some cases
* (UI_process()) -2 if interrupted or in some other way cancelled. When
-@@ -160,7 +110,7 @@ int UI_dup_error_string(UI *ui, const char *text);
+@@ -160,7 +110,7 @@ int UI_dup_error_string(UI *ui, const ch
* each UI being marked with this flag, or the application might get
* confused.
*/
@@ -162783,7 +160224,7 @@
/*-
* The user of these routines may want to define flags of their own. The core
-@@ -172,7 +122,7 @@ int UI_dup_error_string(UI *ui, const char *text);
+@@ -172,7 +122,7 @@ int UI_dup_error_string(UI *ui, const ch
* #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
*
*/
@@ -162792,7 +160233,7 @@
/*-
* The following function helps construct a prompt. object_desc is a
-@@ -229,7 +179,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
+@@ -229,7 +179,7 @@ int UI_ctrl(UI *ui, int cmd, long i, voi
* OpenSSL error stack before printing any info or added error messages and
* before any prompting.
*/
@@ -162828,15 +160269,16 @@
* instruction)
*/
const char *UI_get0_action_string(UI_STRING *uis);
-@@ -383,6 +333,7 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+@@ -383,14 +333,15 @@ int UI_UTIL_read_pw(char *buf, char *buf
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_UI_strings(void);
+
- void ERR_load_UI_strings(void);
++int ERR_load_UI_strings(void);
/* Error codes for the UI functions. */
-@@ -390,7 +341,7 @@ void ERR_load_UI_strings(void);
+
/* Function codes. */
# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108
# define UI_F_GENERAL_ALLOCATE_PROMPT 109
@@ -162856,8 +160298,6 @@
+# endif
+# endif
#endif
-diff --git a/include/openssl/whrlpool.h b/include/openssl/whrlpool.h
-index bc46035..20ea350 100644
--- a/include/openssl/whrlpool.h
+++ b/include/openssl/whrlpool.h
@@ -1,3 +1,12 @@
@@ -162873,8 +160313,6 @@
#ifndef HEADER_WHRLPOOL_H
# define HEADER_WHRLPOOL_H
-diff --git a/include/openssl/x509.h b/include/openssl/x509.h
-index a36500c..4b7a1f6 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1,59 +1,12 @@
@@ -162944,7 +160382,29 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-@@ -551,6 +504,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+@@ -64,7 +17,7 @@
+ # define HEADER_X509_H
+
+ # include <openssl/e_os2.h>
+-# include <openssl/opensslconf.h>
++# include <openssl/ossl_typ.h>
+ # include <openssl/symhacks.h>
+ # include <openssl/buffer.h>
+ # include <openssl/evp.h>
+@@ -87,12 +40,6 @@
+ extern "C" {
+ #endif
+
+-# ifdef OPENSSL_SYS_WIN32
+-/* Under Win32 these are defined in wincrypt.h */
+-# undef X509_NAME
+-# undef X509_EXTENSIONS
+-# endif
+-
+ # define X509_FILETYPE_PEM 1
+ # define X509_FILETYPE_ASN1 2
+ # define X509_FILETYPE_DEFAULT 3
+@@ -551,6 +498,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP
EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
@@ -162952,7 +160412,7 @@
int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
# ifndef OPENSSL_NO_RSA
-@@ -674,7 +628,7 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+@@ -674,7 +622,7 @@ int X509_set_notBefore(X509 *x, const AS
ASN1_TIME *X509_get_notAfter(X509 *x);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
@@ -162961,7 +160421,16 @@
int X509_get_signature_type(const X509 *x);
/*
* This one is only used so that a binary form can output, as in
-@@ -731,7 +685,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+@@ -685,7 +633,7 @@ STACK_OF(X509_EXTENSION) *X509_get0_exte
+ void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x);
+ X509_ALGOR *X509_get0_tbs_sigalg(X509 *x);
+
+-EVP_PKEY *X509_get0_pubkey(X509 *x);
++EVP_PKEY *X509_get0_pubkey(const X509 *x);
+ EVP_PKEY *X509_get_pubkey(X509 *x);
+ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+ int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
+@@ -731,7 +679,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
@@ -162970,7 +160439,136 @@
long X509_CRL_get_version(X509_CRL *crl);
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
-@@ -1035,17 +989,18 @@ int X509_TRUST_get_count(void);
+@@ -748,14 +696,14 @@ ASN1_INTEGER *X509_REVOKED_get0_serialNu
+ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+ ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *x);
+ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+-STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
++STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+
+ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+ EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
+
+ int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+
+-int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
++int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+ int X509_chain_check_suiteb(int *perror_depth,
+ X509 *x, STACK_OF(X509) *chain,
+ unsigned long flags);
+@@ -806,13 +754,13 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
+ unsigned long cflag);
+ int X509_REQ_print(BIO *bp, X509_REQ *req);
+
+-int X509_NAME_entry_count(X509_NAME *name);
++int X509_NAME_entry_count(const X509_NAME *name);
+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+ char *buf, int len);
+
+ /*
+- * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
++ * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
+ * lastpos, search after that position on.
+ */
+ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+@@ -822,7 +770,7 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X50
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
+ int loc, int set);
+-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
++int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+ unsigned char *bytes, int len, int loc,
+ int set);
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+@@ -839,10 +787,10 @@ int X509_NAME_add_entry_by_txt(X509_NAME
+ const unsigned char *bytes, int len, int loc,
+ int set);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+- ASN1_OBJECT *obj, int type,
++ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes,
+ int len);
+-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
++int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+ const unsigned char *bytes, int len);
+ ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+@@ -864,37 +812,37 @@ X509_EXTENSION *X509v3_delete_ext(STACK_
+ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+ X509_EXTENSION *ex, int loc);
+
+-int X509_get_ext_count(X509 *x);
+-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
+-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
++int X509_get_ext_count(const X509 *x);
++int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
++int X509_get_ext_by_OBJ(const X509 *x, ASN1_OBJECT *obj, int lastpos);
++int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
++X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+ X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
++void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+-int X509_CRL_get_ext_count(X509_CRL *x);
+-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
+-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
++int X509_CRL_get_ext_count(const X509_CRL *x);
++int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
++int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
++int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
++X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
++void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
+ int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+-int X509_REVOKED_get_ext_count(X509_REVOKED *x);
+-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
++int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
++int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
++int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, ASN1_OBJECT *obj,
+ int lastpos);
+-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
++int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
++X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
++void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx);
+ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+@@ -909,7 +857,7 @@ int X509_EXTENSION_set_critical(X509_EXT
+ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+-int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
++int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+
+ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+ int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+@@ -952,7 +900,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB
+ const void *data, int len);
+ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+ void *data);
+-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
++int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
+ ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+@@ -1035,18 +983,19 @@ int X509_TRUST_get_count(void);
X509_TRUST *X509_TRUST_get0(int idx);
int X509_TRUST_get_by_id(int id);
int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
@@ -162989,11 +160587,13 @@
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_X509_strings(void);
+
- void ERR_load_X509_strings(void);
++int ERR_load_X509_strings(void);
/* Error codes for the X509 functions. */
-@@ -1054,6 +1009,7 @@ void ERR_load_X509_strings(void);
+
+@@ -1054,6 +1003,7 @@ void ERR_load_X509_strings(void);
# define X509_F_ADD_CERT_DIR 100
# define X509_F_BUILD_CHAIN 106
# define X509_F_BY_FILE_CTRL 101
@@ -163001,7 +160601,7 @@
# define X509_F_CHECK_POLICY 145
# define X509_F_DANE_I2D 107
# define X509_F_DIR_CTRL 102
-@@ -1082,6 +1038,7 @@ void ERR_load_X509_strings(void);
+@@ -1082,6 +1032,7 @@ void ERR_load_X509_strings(void);
# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
# define X509_F_X509_NAME_ONELINE 116
# define X509_F_X509_NAME_PRINT 117
@@ -163009,7 +160609,7 @@
# define X509_F_X509_PRINT_EX_FP 118
# define X509_F_X509_PUBKEY_DECODE 148
# define X509_F_X509_PUBKEY_GET0 119
-@@ -1096,7 +1053,6 @@ void ERR_load_X509_strings(void);
+@@ -1096,7 +1047,6 @@ void ERR_load_X509_strings(void);
# define X509_F_X509_STORE_CTX_INIT 143
# define X509_F_X509_STORE_CTX_NEW 142
# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
@@ -163017,7 +160617,7 @@
# define X509_F_X509_TO_X509_REQ 126
# define X509_F_X509_TRUST_ADD 133
# define X509_F_X509_TRUST_SET 141
-@@ -1111,7 +1067,6 @@ void ERR_load_X509_strings(void);
+@@ -1111,7 +1061,6 @@ void ERR_load_X509_strings(void);
# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
# define X509_R_CRL_ALREADY_DELTA 127
# define X509_R_CRL_VERIFY_FAILURE 131
@@ -163025,7 +160625,7 @@
# define X509_R_IDP_MISMATCH 128
# define X509_R_INVALID_DIRECTORY 113
# define X509_R_INVALID_FIELD_NAME 119
-@@ -1122,6 +1077,7 @@ void ERR_load_X509_strings(void);
+@@ -1122,6 +1071,7 @@ void ERR_load_X509_strings(void);
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
@@ -163033,7 +160633,7 @@
# define X509_R_NEWER_CRL_NOT_NEWER 132
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_NO_CRL_NUMBER 130
-@@ -1138,7 +1094,7 @@ void ERR_load_X509_strings(void);
+@@ -1138,7 +1088,7 @@ void ERR_load_X509_strings(void);
# define X509_R_WRONG_LOOKUP_TYPE 112
# define X509_R_WRONG_TYPE 122
@@ -163043,8 +160643,6 @@
-#endif
+# endif
#endif
-diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
-index 4bf27e9..4e44e1d 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -1,58 +1,10 @@
@@ -163112,25 +160710,52 @@
*/
#ifndef HEADER_X509_VFY_H
-@@ -104,8 +56,15 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)
+@@ -93,10 +45,14 @@ certificate chain.
+ */
+ typedef enum {
+- X509_LU_RETRY = -1,
+- X509_LU_FAIL, X509_LU_X509, X509_LU_CRL
++ X509_LU_NONE = 0,
++ X509_LU_X509, X509_LU_CRL
+ } X509_LOOKUP_TYPE;
+
++#if OPENSSL_API_COMPAT < 0x10100000L
++#define X509_LU_RETRY -1
++#define X509_LU_FAIL 0
++#endif
+
+ DEFINE_STACK_OF(X509_LOOKUP)
+ DEFINE_STACK_OF(X509_OBJECT)
+@@ -104,8 +60,25 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)
+
int X509_STORE_set_depth(X509_STORE *store, int depth);
-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
-+# define X509_STORE_set_verify_cb_func(ctx,func) \
-+ X509_STORE_set_verify_cb((ctx),(func))
-+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-+typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
++typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
++typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
++ X509_STORE_CTX *ctx, X509 *x);
++typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
++ X509 *x, X509 *issuer);
++typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
++typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
++ X509_CRL **crl, X509 *x);
++typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
++typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
++ X509_CRL *crl, X509 *x);
++typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
++typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
++ X509_NAME *nm);
++typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
++ X509_NAME *nm);
++typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
-+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
-+#define X509_STORE_set_verify_func(ctx, func) \
-+ X509_STORE_set_verify((ctx),(func))
void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
-@@ -199,6 +158,14 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+@@ -199,6 +172,14 @@ void X509_STORE_CTX_set_depth(X509_STORE
# define X509_V_ERR_EE_KEY_TOO_SMALL 66
# define X509_V_ERR_CA_KEY_TOO_SMALL 67
# define X509_V_ERR_CA_MD_TOO_WEAK 68
@@ -163145,7 +160770,7 @@
/* Certificate verify flags */
-@@ -231,7 +198,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+@@ -231,7 +212,7 @@ void X509_STORE_CTX_set_depth(X509_STORE
# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
/* Delta CRL support */
# define X509_V_FLAG_USE_DELTAS 0x2000
@@ -163154,8 +160779,17 @@
# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
/* Use trusted store first */
# define X509_V_FLAG_TRUSTED_FIRST 0x8000
-@@ -270,20 +237,24 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
- int type, X509_NAME *name);
+@@ -264,34 +245,80 @@ void X509_STORE_CTX_set_depth(X509_STORE
+ | X509_V_FLAG_INHIBIT_ANY \
+ | X509_V_FLAG_INHIBIT_MAP)
+
+-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
++int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+ X509_NAME *name);
+ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+- int type, X509_NAME *name);
++ X509_LOOKUP_TYPE type,
++ X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
@@ -163164,11 +160798,13 @@
void X509_OBJECT_free(X509_OBJECT *a);
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
-+int X509_OBJECT_get_type(const X509_OBJECT *a);
++X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
++int X509_STORE_lock(X509_STORE *ctx);
++int X509_STORE_unlock(X509_STORE *ctx);
int X509_STORE_up_ref(X509_STORE *v);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
@@ -163182,12 +160818,54 @@
int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
++void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
++#define X509_STORE_set_verify_func(ctx, func) \
++ X509_STORE_set_verify((ctx),(func))
++X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
void X509_STORE_set_verify_cb(X509_STORE *ctx,
- int (*verify_cb) (int, X509_STORE_CTX *));
-@@ -292,6 +263,10 @@ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
- STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
- *ctx,
- X509_NAME *nm));
+- int (*verify_cb) (int, X509_STORE_CTX *));
+-
+-void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+- STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
+- *ctx,
+- X509_NAME *nm));
++ X509_STORE_CTX_verify_cb verify_cb);
++# define X509_STORE_set_verify_cb_func(ctx,func) \
++ X509_STORE_set_verify_cb((ctx),(func))
++X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx);
++void X509_STORE_set_get_issuer(X509_STORE *ctx,
++ X509_STORE_CTX_get_issuer_fn get_issuer);
++X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx);
++void X509_STORE_set_check_issued(X509_STORE *ctx,
++ X509_STORE_CTX_check_issued_fn check_issued);
++X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx);
++void X509_STORE_set_check_revocation(X509_STORE *ctx,
++ X509_STORE_CTX_check_revocation_fn check_revocation);
++X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx);
++void X509_STORE_set_get_crl(X509_STORE *ctx,
++ X509_STORE_CTX_get_crl_fn get_crl);
++X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx);
++void X509_STORE_set_check_crl(X509_STORE *ctx,
++ X509_STORE_CTX_check_crl_fn check_crl);
++X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx);
++void X509_STORE_set_cert_crl(X509_STORE *ctx,
++ X509_STORE_CTX_cert_crl_fn cert_crl);
++X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx);
++void X509_STORE_set_check_policy(X509_STORE *ctx,
++ X509_STORE_CTX_check_policy_fn check_policy);
++X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx);
++void X509_STORE_set_lookup_certs(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_certs_fn lookup_certs);
++X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);
++void X509_STORE_set_lookup_crls(X509_STORE *ctx,
++ X509_STORE_CTX_lookup_crls_fn lookup_crls);
++#define X509_STORE_set_lookup_crls_cb(ctx, func) \
++ X509_STORE_set_lookup_crls((ctx), (func))
++X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx);
++void X509_STORE_set_cleanup(X509_STORE *ctx,
++ X509_STORE_CTX_cleanup_fn cleanup);
++X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx);
++
+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
@@ -163195,7 +160873,7 @@
X509_STORE_CTX *X509_STORE_CTX_new(void);
-@@ -307,8 +282,6 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+@@ -307,14 +334,29 @@ X509_STORE *X509_STORE_CTX_get0_store(X5
X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
@@ -163204,10 +160882,21 @@
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
X509_STORE_CTX_verify_cb verify);
X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
-@@ -316,6 +289,15 @@ void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
- X509_STORE_CTX_verify verify);
- X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
-
+-void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+- X509_STORE_CTX_verify verify);
+-X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
++X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
++X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
++X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
++X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
++X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
++X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
++X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
++X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
++X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
++X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
++X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
++
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
+# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
@@ -163216,11 +160905,10 @@
+# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
+# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
+#endif
-+
+
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
- X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-@@ -323,10 +305,10 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+@@ -323,10 +365,11 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(voi
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
@@ -163228,14 +160916,39 @@
- X509_OBJECT *ret);
-X509_OBJECT *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, int type,
- X509_NAME *name);
-+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-+ X509_OBJECT *ret);
-+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int type,
++int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
++ X509_NAME *name, X509_OBJECT *ret);
++X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
++ X509_LOOKUP_TYPE type,
+ X509_NAME *name);
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
long argl, char **ret);
-@@ -360,7 +342,9 @@ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
+@@ -338,15 +381,16 @@ int X509_load_cert_crl_file(X509_LOOKUP
+ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+ void X509_LOOKUP_free(X509_LOOKUP *ctx);
+ int X509_LOOKUP_init(X509_LOOKUP *ctx);
+-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+- X509_OBJECT *ret);
+-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+- ASN1_INTEGER *serial, X509_OBJECT *ret);
+-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
++int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ X509_NAME *name, X509_OBJECT *ret);
++int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ X509_NAME *name, ASN1_INTEGER *serial,
++ X509_OBJECT *ret);
++int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+ unsigned char *bytes, int len,
+ X509_OBJECT *ret);
+-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+- X509_OBJECT *ret);
++int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
++ char *str, int len, X509_OBJECT *ret);
+ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+ int X509_STORE_load_locations(X509_STORE *ctx,
+@@ -360,7 +404,9 @@ void *X509_STORE_CTX_get_ex_data(X509_ST
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
@@ -163245,8 +160958,23 @@
X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
-diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
-index c44ebf5..7b0403b 100644
+@@ -376,8 +422,6 @@ int X509_STORE_CTX_purpose_inherit(X509_
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+ time_t t);
+-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+- int (*verify_cb) (int, X509_STORE_CTX *));
+
+ X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
+ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+@@ -392,6 +436,7 @@ int X509_STORE_CTX_set_default(X509_STOR
+ * offline testing in test/danetest.c
+ */
+ void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
++#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
+
+ /* X509_VERIFY_PARAM functions */
+
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -1,60 +1,12 @@
@@ -163316,7 +161044,20 @@
#ifndef HEADER_X509V3_H
# define HEADER_X509V3_H
-@@ -122,8 +74,8 @@ struct v3_ext_method {
+@@ -66,12 +18,6 @@
+ extern "C" {
+ #endif
+
+-# ifdef OPENSSL_SYS_WIN32
+-/* Under Win32 these are defined in wincrypt.h */
+-# undef X509_NAME
+-# undef X509_EXTENSIONS
+-# endif
+-
+ /* Forward reference */
+ struct v3_ext_method;
+ struct v3_ext_ctx;
+@@ -122,8 +68,8 @@ struct v3_ext_method {
};
typedef struct X509V3_CONF_METHOD_st {
@@ -163327,7 +161068,25 @@
void (*free_string) (void *db, char *string);
void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
} X509V3_CONF_METHOD;
-@@ -529,7 +481,7 @@ STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+@@ -503,13 +449,13 @@ DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS
+ DECLARE_ASN1_FUNCTIONS(SXNET)
+ DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
+-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
++int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
++int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+ int userlen);
+-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user,
++int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
+ int userlen);
+
+-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
++ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
+ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+@@ -529,7 +475,7 @@ STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRIN
STACK_OF(CONF_VALUE) *extlist);
char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
@@ -163336,8 +161095,16 @@
STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
GENERAL_NAME *gen,
-@@ -597,8 +549,8 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+@@ -578,6 +524,7 @@ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POIN
+ int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
++int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
+
+ DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+@@ -597,8 +544,8 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, int gen_type, char *value,
@@ -163347,7 +161114,7 @@
# ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
-@@ -610,31 +562,31 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+@@ -610,31 +557,31 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERA
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
@@ -163392,7 +161159,7 @@
STACK_OF(CONF_VALUE) **extlist);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-@@ -642,8 +594,8 @@ void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+@@ -642,8 +589,8 @@ void X509V3_set_nconf(X509V3_CTX *ctx, C
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
# endif
@@ -163403,16 +161170,26 @@
void X509V3_string_free(X509V3_CTX *ctx, char *str);
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-@@ -658,7 +610,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool,
+@@ -657,8 +604,8 @@ int X509V3_add_value_bool(const char *na
+ STACK_OF(CONF_VALUE) **extlist);
int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
STACK_OF(CONF_VALUE) **extlist);
- char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
++char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
ASN1_ENUMERATED *aint);
-@@ -679,7 +631,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+@@ -672,14 +619,14 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_
+ int X509V3_add_standard_extensions(void);
+ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+ void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
++void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ int *idx);
+
+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
@@ -163421,8 +161198,18 @@
/* The new declarations are in crypto.h, but the old ones were here. */
# define hex_to_string OPENSSL_buf2hexstr
# define string_to_hex OPENSSL_hexstr2buf
-@@ -710,16 +662,16 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+@@ -702,6 +649,9 @@ int X509_supported_extension(X509_EXTENS
+ int X509_PURPOSE_set(int *p, int purpose);
+ int X509_check_issued(X509 *issuer, X509 *subject);
+ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
++void X509_set_proxy_flag(X509 *x);
++void X509_set_proxy_pathlen(X509 *x, long l);
++long X509_get_proxy_pathlen(X509 *x);
+ uint32_t X509_get_extension_flags(X509 *x);
+ uint32_t X509_get_key_usage(X509 *x);
+@@ -710,16 +660,16 @@ const ASN1_OCTET_STRING *X509_get0_subje
+
int X509_PURPOSE_get_count(void);
X509_PURPOSE *X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
@@ -163444,7 +161231,7 @@
STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-@@ -758,7 +710,6 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
+@@ -758,7 +708,6 @@ int X509_check_ip_asc(X509 *x, const cha
ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@@ -163452,15 +161239,17 @@
int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
unsigned long chtype);
-@@ -916,6 +867,7 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+@@ -916,7 +865,8 @@ int X509v3_addr_validate_resource_set(ST
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+-void ERR_load_X509V3_strings(void);
+
- void ERR_load_X509V3_strings(void);
++int ERR_load_X509V3_strings(void);
/* Error codes for the X509V3 functions. */
-@@ -928,10 +880,8 @@ void ERR_load_X509V3_strings(void);
+
+@@ -928,10 +878,8 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_COPY_EMAIL 122
# define X509V3_F_COPY_ISSUER 123
# define X509V3_F_DO_DIRNAME 144
@@ -163471,7 +161260,7 @@
# define X509V3_F_GNAMES_FROM_SECTNAME 156
# define X509V3_F_I2S_ASN1_ENUMERATED 121
# define X509V3_F_I2S_ASN1_IA5STRING 149
-@@ -946,7 +896,6 @@ void ERR_load_X509V3_strings(void);
+@@ -946,7 +894,6 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_S2I_ASN1_IA5STRING 100
# define X509V3_F_S2I_ASN1_INTEGER 108
# define X509V3_F_S2I_ASN1_OCTET_STRING 112
@@ -163479,7 +161268,7 @@
# define X509V3_F_S2I_SKEY_ID 115
# define X509V3_F_SET_DIST_POINT_NAME 158
# define X509V3_F_SXNET_ADD_ID_ASC 125
-@@ -976,7 +925,6 @@ void ERR_load_X509V3_strings(void);
+@@ -976,7 +923,6 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_X509V3_ADD_VALUE 105
# define X509V3_F_X509V3_EXT_ADD 104
# define X509V3_F_X509V3_EXT_ADD_ALIAS 106
@@ -163487,7 +161276,7 @@
# define X509V3_F_X509V3_EXT_I2D 136
# define X509V3_F_X509V3_EXT_NCONF 152
# define X509V3_F_X509V3_GET_SECTION 142
-@@ -1036,13 +984,11 @@ void ERR_load_X509V3_strings(void);
+@@ -1036,13 +982,11 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
# define X509V3_R_NO_PUBLIC_KEY 114
# define X509V3_R_NO_SUBJECT_DETAILS 125
@@ -163501,7 +161290,7 @@
# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
# define X509V3_R_SECTION_NOT_FOUND 150
# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
-@@ -1055,7 +1001,7 @@ void ERR_load_X509V3_strings(void);
+@@ -1055,7 +999,7 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_UNSUPPORTED_TYPE 167
# define X509V3_R_USER_TOO_LONG 132
@@ -163511,8 +161300,6 @@
-#endif
+# endif
#endif
-diff --git a/ms/applink.c b/ms/applink.c
-index 8328723..238dbff 100644
--- a/ms/applink.c
+++ b/ms/applink.c
@@ -1,3 +1,12 @@
@@ -163528,8 +161315,6 @@
#define APPLINK_STDIN 1
#define APPLINK_STDOUT 2
#define APPLINK_STDERR 3
-diff --git a/ms/cmp.pl b/ms/cmp.pl
-index 31d7e1e..265ce56 100755
--- a/ms/cmp.pl
+++ b/ms/cmp.pl
@@ -1,4 +1,10 @@
@@ -163544,8 +161329,6 @@
($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
-diff --git a/ms/segrenam.pl b/ms/segrenam.pl
-index 7e64c8e..372444a 100755
--- a/ms/segrenam.pl
+++ b/ms/segrenam.pl
@@ -1,4 +1,10 @@
@@ -163560,8 +161343,6 @@
my $quiet = 1;
-diff --git a/ms/uplink-common.pl b/ms/uplink-common.pl
-index 1d20e6e..e2ab594 100755
--- a/ms/uplink-common.pl
+++ b/ms/uplink-common.pl
@@ -1,5 +1,11 @@
@@ -163577,8 +161358,6 @@
# pull APPLINK_MAX value from applink.c...
$applink_c=$0;
$applink_c=~s|[^/\\]+$||g;
-diff --git a/ms/uplink-ia64.pl b/ms/uplink-ia64.pl
-index 089cd39..0636f13 100755
--- a/ms/uplink-ia64.pl
+++ b/ms/uplink-ia64.pl
@@ -1,4 +1,10 @@
@@ -163593,8 +161372,6 @@
$output = pop;
open STDOUT,">$output";
-diff --git a/ms/uplink-x86.pl b/ms/uplink-x86.pl
-index 4a2f042..e25668e 100755
--- a/ms/uplink-x86.pl
+++ b/ms/uplink-x86.pl
@@ -1,4 +1,10 @@
@@ -163609,8 +161386,6 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC, "${dir}.", "${dir}../crypto/perlasm");
-diff --git a/ms/uplink-x86_64.pl b/ms/uplink-x86_64.pl
-index 0cb0f1b..1f24450 100755
--- a/ms/uplink-x86_64.pl
+++ b/ms/uplink-x86_64.pl
@@ -1,8 +1,14 @@
@@ -163630,8 +161405,6 @@
*STDOUT=*OUT;
push(@INC,"${dir}.");
-diff --git a/ms/uplink.c b/ms/uplink.c
-index 6a5091b..7f7abfb 100644
--- a/ms/uplink.c
+++ b/ms/uplink.c
@@ -1,3 +1,12 @@
@@ -163647,8 +161420,6 @@
#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
# define UNICODE
#endif
-diff --git a/ms/uplink.h b/ms/uplink.h
-index 4881ba7..f6cd038 100644
--- a/ms/uplink.h
+++ b/ms/uplink.h
@@ -1,3 +1,12 @@
@@ -163664,9 +161435,6 @@
#define APPMACROS_ONLY
#include "applink.c"
-diff --git a/openssl.spec b/openssl.spec
-deleted file mode 100644
-index 890fd51..0000000
--- a/openssl.spec
+++ /dev/null
@@ -1,210 +0,0 @@
@@ -163880,17 +161648,11 @@
-- RPM is BuildRoot'ed
-* Tue Feb 10 1998 Khimenko Victor <khim at sch57.msk.ru>
-- all stuff is moved out of /usr/local
-diff --git a/os-dep/haiku.h b/os-dep/haiku.h
-new file mode 100644
-index 0000000..7e908ef
--- /dev/null
+++ b/os-dep/haiku.h
@@ -0,0 +1,2 @@
+#include <sys/select.h>
+#include <sys/time.h>
-diff --git a/ssl/Makefile.in b/ssl/Makefile.in
-deleted file mode 100644
-index 26444ca..0000000
--- a/ssl/Makefile.in
+++ /dev/null
@@ -1,81 +0,0 @@
@@ -163975,8 +161737,6 @@
- statem/.pure statem/.nfs* statem/*.old statem/*.bak statem/fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
-index e3deebc..efe0df9 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -1,58 +1,10 @@
@@ -164044,7 +161804,7 @@
*/
#include <stdio.h>
-@@ -424,10 +376,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
+@@ -424,10 +376,11 @@ static long ssl_ctrl(BIO *b, int cmd, lo
dbs = BIO_get_data(dbio);
SSL_free(dbs->ssl);
dbs->ssl = SSL_dup(ssl);
@@ -164060,8 +161820,6 @@
ret = (dbs->ssl != NULL);
break;
case BIO_C_GET_FD:
-diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
-index 6d75225..a20f30a 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -1,59 +1,10 @@
@@ -164138,7 +161896,7 @@
if (!ssl3_new(s))
return (0);
if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
-@@ -327,7 +278,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
+@@ -327,7 +278,7 @@ struct timeval *dtls1_get_timeout(SSL *s
/*
* If remaining time is less than 15 ms, set it to 0 to prevent issues
@@ -164147,15 +161905,64 @@
*/
if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
memset(timeleft, 0, sizeof(*timeleft));
-@@ -797,7 +748,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
+@@ -482,7 +433,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
+ rbio = SSL_get_rbio(s);
+ wbio = SSL_get_wbio(s);
+
+- if(!rbio || !wbio) {
++ if (!rbio || !wbio) {
+ SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
+ return -1;
+ }
+@@ -536,7 +487,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
+ n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+
+ if (n <= 0) {
+- if(BIO_should_retry(rbio)) {
++ if (BIO_should_retry(rbio)) {
+ /* Non-blocking IO */
+ goto end;
}
+@@ -630,7 +581,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
+ }
+ /* Message sequence number can only be 0 or 1 */
+- if(msgseq > 2) {
++ if (msgseq > 2) {
+ SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
+ goto end;
+ }
+@@ -797,18 +748,18 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
+ }
+
/*
- * This is unneccessary if rbio and wbio are one and the same - but
+ * This is unnecessary if rbio and wbio are one and the same - but
* maybe they're not. We ignore errors here - some BIOs do not
* support this.
*/
+- if(BIO_dgram_get_peer(rbio, tmpclient) > 0) {
++ if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
+ (void)BIO_dgram_set_peer(wbio, tmpclient);
+ }
+ BIO_ADDR_free(tmpclient);
+ tmpclient = NULL;
+
+ if (BIO_write(wbio, buf, reclen) < (int)reclen) {
+- if(BIO_should_retry(wbio)) {
++ if (BIO_should_retry(wbio)) {
+ /*
+ * Non-blocking IO...but we're stateless, so we're just
+ * going to drop this packet.
+@@ -819,7 +770,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
+ }
+
+ if (BIO_flush(wbio) <= 0) {
+- if(BIO_should_retry(wbio)) {
++ if (BIO_should_retry(wbio)) {
+ /*
+ * Non-blocking IO...but we're stateless, so we're just
+ * going to drop this packet.
@@ -887,6 +838,14 @@ static int dtls1_handshake_write(SSL *s)
}
@@ -164171,7 +161978,7 @@
int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
{
unsigned char *pl;
-@@ -898,32 +857,27 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
+@@ -898,32 +857,27 @@ int dtls1_process_heartbeat(SSL *s, unsi
s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT,
p, length, s, s->msg_callback_arg);
@@ -164250,8 +162057,6 @@
s, s->msg_callback_arg);
dtls1_start_timer(s);
-diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c
-index b9342a2..ae7aff6 100644
--- a/ssl/d1_msg.c
+++ b/ssl/d1_msg.c
@@ -1,120 +1,15 @@
@@ -164381,8 +162186,6 @@
int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
{
int i;
-diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
-index f969fb1..94c0127 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -1,112 +1,12 @@
@@ -164505,7 +162308,7 @@
/*
* DTLS code by Eric Rescorla <ekr at rtfm.com>
*
-@@ -181,25 +81,32 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
+@@ -181,25 +81,32 @@ static int ssl_ctx_make_profiles(const c
if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
@@ -164543,8 +162346,6 @@
}
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
-diff --git a/ssl/methods.c b/ssl/methods.c
-index e576502..aeed8c7 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -1,111 +1,10 @@
@@ -164665,8 +162466,6 @@
*/
#include <stdio.h>
-diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
-index fd1f9f4..0ff4ccc 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -1,58 +1,10 @@
@@ -164733,8 +162532,6 @@
*/
#ifndef HEADER_PACKET_LOCL_H
-diff --git a/ssl/pqueue.c b/ssl/pqueue.c
-index d6cef34..b447e1d 100644
--- a/ssl/pqueue.c
+++ b/ssl/pqueue.c
@@ -1,59 +1,10 @@
@@ -164802,8 +162599,6 @@
*/
#include "ssl_locl.h"
-diff --git a/ssl/record/dtls1_bitmap.c b/ssl/record/dtls1_bitmap.c
-index 0fa2985..9dae9b2 100644
--- a/ssl/record/dtls1_bitmap.c
+++ b/ssl/record/dtls1_bitmap.c
@@ -1,115 +1,10 @@
@@ -164927,8 +162722,6 @@
*/
#include "../ssl_locl.h"
-diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
-index 00af44e..cca5721 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1,115 +1,10 @@
@@ -165067,7 +162860,7 @@
if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
return (0);
-@@ -168,7 +62,7 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
+@@ -168,7 +62,7 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYE
pqueue *buffered_app_data;
d = rl->d;
@@ -165076,7 +162869,7 @@
while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA *)item->data;
OPENSSL_free(rdata->rbuf.buf);
-@@ -569,7 +463,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -569,7 +463,7 @@ int dtls1_read_bytes(SSL *s, int type, i
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
if (!peek) {
@@ -165085,7 +162878,7 @@
SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER;
-@@ -666,7 +560,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -666,7 +560,7 @@ int dtls1_read_bytes(SSL *s, int type, i
if (dest_maxlen > 0) {
/*
@@ -165094,7 +162887,7 @@
* fragmented--don't always expect dest_maxlen bytes
*/
if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
-@@ -845,7 +739,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -845,7 +739,7 @@ int dtls1_read_bytes(SSL *s, int type, i
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -165103,8 +162896,6 @@
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
-diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
-index 773a6d6..9461284 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1,111 +1,10 @@
@@ -165235,8 +163026,12 @@
)
# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-@@ -165,11 +63,12 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
- for(pipes = 0; pipes < rl->numwpipes; pipes++)
+@@ -162,14 +60,15 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl
+ rl->wpend_buf = NULL;
+
+ SSL3_BUFFER_clear(&rl->rbuf);
+- for(pipes = 0; pipes < rl->numwpipes; pipes++)
++ for (pipes = 0; pipes < rl->numwpipes; pipes++)
SSL3_BUFFER_clear(&rl->wbuf[pipes]);
rl->numwpipes = 0;
+ rl->numrpipes = 0;
@@ -165249,7 +163044,7 @@
if (rl->d)
DTLS_RECORD_LAYER_clear(rl);
}
-@@ -303,7 +202,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
+@@ -303,7 +202,7 @@ int ssl3_read_n(SSL *s, int n, int max,
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
@@ -165258,7 +163053,7 @@
#endif
if (!extend) {
-@@ -495,7 +394,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+@@ -495,7 +394,7 @@ int ssl3_write_bytes(SSL *s, int type, c
/*
* Depending on platform multi-block can deliver several *times*
* better performance. Downside is that it has to allocate
@@ -165267,7 +163062,7 @@
* compromise is considered worthy.
*/
if (type == SSL3_RT_APPLICATION_DATA &&
-@@ -631,7 +530,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+@@ -631,7 +530,7 @@ int ssl3_write_bytes(SSL *s, int type, c
split_send_fragment = s->split_send_fragment;
/*
* If max_pipelines is 0 then this means "undefined" and we default to
@@ -165276,7 +163071,7 @@
* processing then we also only use 1 pipeline, or if we're not using
* explicit IVs
*/
-@@ -810,10 +709,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+@@ -810,10 +709,10 @@ int do_ssl3_write(SSL *s, int type, cons
/*
* extra fragment would be couple of cipher blocks, which would be
* multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
@@ -165289,7 +163084,7 @@
#endif
outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
-@@ -826,7 +725,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+@@ -826,7 +725,7 @@ int do_ssl3_write(SSL *s, int type, cons
wb = &s->rlayer.wbuf[j];
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
@@ -165298,7 +163093,7 @@
#endif
outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
-@@ -862,7 +761,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+@@ -862,7 +761,7 @@ int do_ssl3_write(SSL *s, int type, cons
*(outbuf[j]++) = (s->version >> 8);
/*
@@ -165307,7 +163102,7 @@
* and record version number > TLS 1.0
*/
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
-@@ -1158,9 +1057,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1158,9 +1057,9 @@ int ssl3_read_bytes(SSL *s, int type, in
goto f_err;
}
}
@@ -165319,7 +163114,7 @@
curr_rec++);
if (curr_rec == num_recs) {
RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
-@@ -1233,11 +1132,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1233,11 +1132,12 @@ int ssl3_read_bytes(SSL *s, int type, in
memcpy(buf, &(rr->data[rr->off]), n);
buf += n;
if (!peek) {
@@ -165333,7 +163128,7 @@
}
}
if (SSL3_RECORD_get_length(rr) == 0
-@@ -1248,6 +1148,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1248,6 +1148,10 @@ int ssl3_read_bytes(SSL *s, int type, in
read_bytes += n;
} while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
&& read_bytes < (unsigned int)len);
@@ -165344,7 +163139,16 @@
if (!peek && curr_rec == num_recs
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0)
-@@ -1328,8 +1232,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1282,7 +1186,7 @@ int ssl3_read_bytes(SSL *s, int type, in
+ goto f_err;
+ }
+
+- if(s->method->version == TLS_ANY_VERSION
++ if (s->method->version == TLS_ANY_VERSION
+ && (s->server || rr->type != SSL3_RT_ALERT)) {
+ /*
+ * If we've got this far and still haven't decided on what version
+@@ -1328,8 +1232,10 @@ int ssl3_read_bytes(SSL *s, int type, in
SSL3_RECORD_add_length(rr, -1);
}
@@ -165356,7 +163160,7 @@
}
}
-@@ -1412,6 +1318,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1412,6 +1318,7 @@ int ssl3_read_bytes(SSL *s, int type, in
(s->session != NULL) && (s->session->cipher != NULL) &&
!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
SSL3_RECORD_set_length(rr, 0);
@@ -165364,7 +163168,7 @@
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
goto start;
}
-@@ -1438,6 +1345,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1438,6 +1345,7 @@ int ssl3_read_bytes(SSL *s, int type, in
if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr;
@@ -165372,7 +163176,7 @@
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
-@@ -1445,7 +1353,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1445,7 +1353,7 @@ int ssl3_read_bytes(SSL *s, int type, in
/*
* This is a warning but we receive it if we requested
* renegotiation and the peer denied it. Terminate with a fatal
@@ -165381,7 +163185,7 @@
* presumably had a good reason and expects it to succeed. In
* future we might have a renegotiation where we don't care if
* the peer refused it where we carry on.
-@@ -1468,7 +1376,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1468,7 +1376,8 @@ int ssl3_read_bytes(SSL *s, int type, in
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -165391,7 +163195,7 @@
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
-@@ -1483,6 +1392,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1483,6 +1392,7 @@ int ssl3_read_bytes(SSL *s, int type, in
* shutdown */
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
@@ -165399,7 +163203,7 @@
return (0);
}
-@@ -1539,6 +1449,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1539,6 +1449,7 @@ int ssl3_read_bytes(SSL *s, int type, in
*/
if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
SSL3_RECORD_set_length(rr, 0);
@@ -165407,8 +163211,6 @@
goto start;
}
al = SSL_AD_UNEXPECTED_MESSAGE;
-diff --git a/ssl/record/record.h b/ssl/record/record.h
-index 6bb941d..9177fb4 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -1,111 +1,10 @@
@@ -165559,8 +163361,6 @@
DTLS_RECORD_LAYER *d;
} RECORD_LAYER;
-diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
-index 81335fa..ff1eb32 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -1,113 +1,11 @@
@@ -165711,8 +163511,6 @@
void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs);
void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs);
-diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
-index 53ae0f4..940b73e 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -1,111 +1,10 @@
@@ -165842,8 +163640,6 @@
b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (SSL_IS_DTLS(s))
-diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
-index 3c28572..d3b2bea 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1,111 +1,10 @@
@@ -166004,6 +163800,15 @@
- SSL2_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
+@@ -386,7 +291,7 @@ int ssl3_get_record(SSL *s)
+ * or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length
+ * and we have that many bytes in s->packet
+ */
+- if(rr[num_recs].rec_version == SSL2_VERSION) {
++ if (rr[num_recs].rec_version == SSL2_VERSION) {
+ rr[num_recs].input =
+ &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
+ } else {
@@ -416,11 +321,16 @@ int ssl3_get_record(SSL *s)
/* decrypt in place in 'rr->input' */
rr[num_recs].data = rr[num_recs].input;
@@ -166049,8 +163854,51 @@
RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
return 1;
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 8df32ba..7cdabbb 100644
+@@ -797,8 +703,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
+ bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
+
+ if (n_recs > 1) {
+- if(!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+- & EVP_CIPH_FLAG_PIPELINE)) {
++ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
++ & EVP_CIPH_FLAG_PIPELINE)) {
+ /*
+ * We shouldn't have been called with pipeline data if the
+ * cipher doesn't support pipelining
+@@ -871,7 +777,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
+ unsigned char *data[SSL_MAX_PIPELINES];
+
+ /* Set the output buffers */
+- for(ctr = 0; ctr < n_recs; ctr++) {
++ for (ctr = 0; ctr < n_recs; ctr++) {
+ data[ctr] = recs[ctr].data;
+ }
+ if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
+@@ -879,7 +785,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
+ SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+ }
+ /* Set the input buffers */
+- for(ctr = 0; ctr < n_recs; ctr++) {
++ for (ctr = 0; ctr < n_recs; ctr++) {
+ data[ctr] = recs[ctr].input;
+ }
+ if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
+@@ -1109,9 +1015,12 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec,
+ return -1;
+ }
+ if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
+- tls_fips_digest_extra(ssl->enc_read_ctx,
+- mac_ctx, rec->input,
+- rec->length, rec->orig_len);
++ if (!tls_fips_digest_extra(ssl->enc_read_ctx,
++ mac_ctx, rec->input,
++ rec->length, rec->orig_len)) {
++ EVP_MD_CTX_free(hmac);
++ return -1;
++ }
+ }
+
+ EVP_MD_CTX_free(hmac);
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -1,55 +1,10 @@
@@ -166115,8 +163963,31 @@
*/
#include "internal/constant_time_locl.h"
-diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
-index 35ef948..b6de38d 100644
+@@ -535,13 +490,13 @@ int ssl3_cbc_digest_record(const EVP_MD_
+ * digesting additional data.
+ */
+
+-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
++int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+ EVP_MD_CTX *mac_ctx, const unsigned char *data,
+ size_t data_len, size_t orig_len)
+ {
+ size_t block_size, digest_pad, blocks_data, blocks_orig;
+ if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
+- return;
++ return 1;
+ block_size = EVP_MD_CTX_block_size(mac_ctx);
+ /*-
+ * We are in FIPS mode if we get this far so we know we have only SHA*
+@@ -571,6 +526,6 @@ void tls_fips_digest_extra(const EVP_CIP
+ * The "data" pointer should always have enough space to perform this
+ * operation as it is large enough for a maximum length TLS buffer.
+ */
+- EVP_DigestSignUpdate(mac_ctx, data,
+- (blocks_orig - blocks_data + 1) * block_size);
++ return EVP_DigestSignUpdate(mac_ctx, data,
++ (blocks_orig - blocks_data + 1) * block_size);
+ }
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -1,112 +1,12 @@
@@ -166239,7 +164110,49 @@
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
-@@ -231,7 +131,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
+@@ -170,23 +70,26 @@ static int ssl3_generate_key_block(SSL *
+ for (j = 0; j < k; j++)
+ buf[j] = c;
+ c++;
+- EVP_DigestInit_ex(s1, EVP_sha1(), NULL);
+- EVP_DigestUpdate(s1, buf, k);
+- EVP_DigestUpdate(s1, s->session->master_key,
+- s->session->master_key_length);
+- EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE);
+- EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE);
+- EVP_DigestFinal_ex(s1, smd, NULL);
+-
+- EVP_DigestInit_ex(m5, EVP_md5(), NULL);
+- EVP_DigestUpdate(m5, s->session->master_key,
+- s->session->master_key_length);
+- EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH);
++ if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
++ || !EVP_DigestUpdate(s1, buf, k)
++ || !EVP_DigestUpdate(s1, s->session->master_key,
++ s->session->master_key_length)
++ || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
++ || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
++ || !EVP_DigestFinal_ex(s1, smd, NULL)
++ || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
++ || !EVP_DigestUpdate(m5, s->session->master_key,
++ s->session->master_key_length)
++ || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH))
++ goto err;
+ if ((int)(i + MD5_DIGEST_LENGTH) > num) {
+- EVP_DigestFinal_ex(m5, smd, NULL);
++ if (!EVP_DigestFinal_ex(m5, smd, NULL))
++ goto err;
+ memcpy(km, smd, (num - i));
+- } else
+- EVP_DigestFinal_ex(m5, km, NULL);
++ } else {
++ if (!EVP_DigestFinal_ex(m5, km, NULL))
++ goto err;
++ }
+
+ km += MD5_DIGEST_LENGTH;
+ }
+@@ -231,7 +134,7 @@ int ssl3_change_cipher_state(SSL *s, int
goto err;
else
/*
@@ -166248,7 +164161,7 @@
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
-@@ -262,7 +162,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
+@@ -262,7 +165,7 @@ int ssl3_change_cipher_state(SSL *s, int
goto err;
else
/*
@@ -166257,7 +164170,7 @@
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
-@@ -426,11 +326,18 @@ void ssl3_cleanup_key_block(SSL *s)
+@@ -426,11 +329,18 @@ void ssl3_cleanup_key_block(SSL *s)
s->s3->tmp.key_block_length = 0;
}
@@ -166278,7 +164191,24 @@
}
/*
-@@ -474,14 +381,13 @@ int ssl3_digest_cached_records(SSL *s, int keep)
+@@ -446,12 +356,13 @@ void ssl3_free_digest_list(SSL *s)
+ s->s3->handshake_dgst = NULL;
+ }
+
+-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
++int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
+ {
+ if (s->s3->handshake_dgst == NULL)
+- BIO_write(s->s3->handshake_buffer, (void *)buf, len);
++ /* Note: this writes to a memory BIO so a failure is a fatal error */
++ return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len;
+ else
+- EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
++ return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+ }
+
+ int ssl3_digest_cached_records(SSL *s, int keep)
+@@ -474,14 +385,13 @@ int ssl3_digest_cached_records(SSL *s, i
}
md = ssl_handshake_md(s);
@@ -166297,7 +164227,7 @@
}
if (keep == 0) {
BIO_free(s->s3->handshake_buffer);
-@@ -509,7 +415,10 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
+@@ -509,7 +419,10 @@ int ssl3_final_finish_mac(SSL *s, const
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -166309,8 +164239,6 @@
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index ef65050..bd831bc 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1,112 +1,12 @@
@@ -166595,7 +164523,7 @@
SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
-@@ -3071,6 +2971,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+@@ -3071,6 +2971,10 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
ret = 1;
break;
@@ -166606,7 +164534,7 @@
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
s->tlsext_status_type = larg;
ret = 1;
-@@ -3395,24 +3299,43 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+@@ -3395,24 +3299,43 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
{
unsigned char *keys = parg;
@@ -166659,7 +164587,7 @@
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
return 1;
-@@ -3487,10 +3410,15 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+@@ -3487,10 +3410,15 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
/* A Thawte special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {
@@ -166687,8 +164615,53 @@
* return WANT_WRITE
*/
return (ret);
-diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
-index 8df1e66..185f0e9 100644
+@@ -3954,7 +3882,10 @@ int ssl3_renegotiate_check(SSL *s)
+ */
+ long ssl_get_algorithm2(SSL *s)
+ {
+- long alg2 = s->s3->tmp.new_cipher->algorithm2;
++ long alg2;
++ if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
++ return -1;
++ alg2 = s->s3->tmp.new_cipher->algorithm2;
+ if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
+ if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+@@ -3991,9 +3922,9 @@ int ssl_fill_hello_random(SSL *s, int se
+ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+ int free_pms)
+ {
+-#ifndef OPENSSL_NO_PSK
+ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ if (alg_k & SSL_PSK) {
++#ifndef OPENSSL_NO_PSK
+ unsigned char *pskpms, *t;
+ size_t psklen = s->s3->tmp.psklen;
+ size_t pskpmslen;
+@@ -4027,15 +3958,19 @@ int ssl_generate_master_secret(SSL *s, u
+ s->session->master_key,
+ pskpms, pskpmslen);
+ OPENSSL_clear_free(pskpms, pskpmslen);
+- } else
++#else
++ /* Should never happen */
++ s->session->master_key_length = 0;
++ goto err;
+ #endif
++ } else {
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key,
+ pms, pmslen);
+-#ifndef OPENSSL_NO_PSK
+- err:
+-#endif
++ }
++
++ err:
+ if (pms) {
+ if (free_pms)
+ OPENSSL_clear_free(pms, pmslen);
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -1,111 +1,10 @@
@@ -166809,7 +164782,7 @@
*/
#define USE_SOCKETS
-@@ -173,7 +72,7 @@ int ssl3_send_alert(SSL *s, int level, int desc)
+@@ -173,7 +72,7 @@ int ssl3_send_alert(SSL *s, int level, i
return -1;
/* If a fatal one, remove from cache */
if ((level == SSL3_AL_FATAL) && (s->session != NULL))
@@ -166818,8 +164791,6 @@
s->s3->alert_dispatch = 1;
s->s3->send_alert[0] = level;
-diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
-index a3bbfe4..67d8e0c 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,59 +1,12 @@
@@ -166889,8 +164860,6 @@
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
-diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
-index 04a4a36..c6e2d09 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,112 +1,12 @@
@@ -167013,16 +164982,40 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
-@@ -127,7 +27,7 @@
+@@ -127,8 +27,9 @@
#include <openssl/x509v3.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
-#include "internal/threads.h"
+#include <openssl/crypto.h>
#include "ssl_locl.h"
++#include "internal/thread_once.h"
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op,
-@@ -367,7 +267,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+ int bits, int nid, void *other,
+@@ -137,17 +38,19 @@ static int ssl_security_default_callback
+ static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
+ static volatile int ssl_x509_store_ctx_idx = -1;
+
+-static void ssl_x509_store_ctx_init(void)
++DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
+ {
+ ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
+ "SSL for verify callback",
+ NULL, NULL, NULL);
++ return ssl_x509_store_ctx_idx >= 0;
+ }
+
+ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+ {
+
+- CRYPTO_THREAD_run_once(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init);
++ if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
++ return -1;
+ return ssl_x509_store_ctx_idx;
+ }
+
+@@ -367,7 +270,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk)
return 0;
@@ -167030,7 +165023,7 @@
for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) {
-@@ -375,6 +274,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+@@ -375,6 +277,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX
return 0;
}
}
@@ -167038,7 +165031,7 @@
cpk->chain = chain;
return 1;
}
-@@ -509,7 +409,9 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
+@@ -509,7 +412,9 @@ int ssl_verify_cert_chain(SSL *s, STACK_
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
@@ -167049,7 +165042,7 @@
/* Verify via DANE if enabled */
if (DANETLS_ENABLED(&s->dane))
-@@ -568,11 +470,16 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+@@ -568,11 +473,16 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STA
X509_NAME *name;
ret = sk_X509_NAME_new_null();
@@ -167068,16 +165061,14 @@
}
}
return (ret);
-@@ -696,14 +603,18 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+@@ -696,14 +606,17 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_
if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
/* Duplicate. */
X509_NAME_free(xn);
+ xn = NULL;
} else {
-- lh_X509_NAME_insert(name_hash, xn);
+ lh_X509_NAME_insert(name_hash, xn);
- sk_X509_NAME_push(ret, xn);
-+ if (!lh_X509_NAME_insert(name_hash, xn))
-+ goto err;
+ if (!sk_X509_NAME_push(ret, xn))
+ goto err;
}
@@ -167089,7 +165080,7 @@
sk_X509_NAME_pop_free(ret, X509_NAME_free);
ret = NULL;
done:
-@@ -754,17 +665,20 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+@@ -754,17 +667,20 @@ int SSL_add_file_cert_subjects_to_stack(
xn = X509_NAME_dup(xn);
if (xn == NULL)
goto err;
@@ -167114,7 +165105,7 @@
done:
BIO_free(in);
X509_free(x);
-@@ -836,19 +750,24 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+@@ -836,19 +752,24 @@ static int ssl_add_cert_to_buf(BUF_MEM *
unsigned char *p;
n = i2d_X509(x, NULL);
@@ -167142,8 +165133,6 @@
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
{
BUF_MEM *buf = s->init_buf;
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index d0d9d88..2fc4309 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1,112 +1,12 @@
@@ -167266,7 +165255,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
-@@ -140,10 +40,11 @@
+@@ -140,11 +40,13 @@
*/
#include <stdio.h>
@@ -167277,9 +165266,50 @@
-#include "internal/threads.h"
+#include <openssl/crypto.h>
#include "ssl_locl.h"
++#include "internal/thread_once.h"
#define SSL_ENC_DES_IDX 0
-@@ -1954,8 +1855,8 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+ #define SSL_ENC_3DES_IDX 1
+@@ -578,7 +480,7 @@ static int sk_comp_cmp(const SSL_COMP *c
+ return ((*a)->id - (*b)->id);
+ }
+
+-static void do_load_builtin_compressions(void)
++DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
+ {
+ SSL_COMP *comp = NULL;
+ COMP_METHOD *method = COMP_zlib();
+@@ -597,12 +499,12 @@ static void do_load_builtin_compressions
+ }
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
++ return 1;
+ }
+
+-static void load_builtin_compressions(void)
++static int load_builtin_compressions(void)
+ {
+- CRYPTO_THREAD_run_once(&ssl_load_builtin_comp_once,
+- do_load_builtin_compressions);
++ return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
+ }
+ #endif
+
+@@ -619,7 +521,12 @@ int ssl_cipher_get_evp(const SSL_SESSION
+ if (comp != NULL) {
+ SSL_COMP ctmp;
+ #ifndef OPENSSL_NO_COMP
+- load_builtin_compressions();
++ if (!load_builtin_compressions()) {
++ /*
++ * Currently don't care, since a failure only means that
++ * ssl_comp_methods is NULL, which is perfectly OK
++ */
++ }
+ #endif
+ *comp = NULL;
+ ctmp.id = s->compress_meth;
+@@ -1954,8 +1861,8 @@ int SSL_COMP_add_compression_method(int
SSL_R_DUPLICATE_COMPRESSION_ID);
return (1);
}
@@ -167290,8 +165320,6 @@
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
-diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
-index fa0e353..890b0af 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -1,58 +1,10 @@
@@ -167367,8 +165395,6 @@
* such as TLSv1.
*/
-diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
-index df98c76..1b1f4bc 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,61 +1,11 @@
@@ -167440,7 +165466,7 @@
*/
#include <stdio.h>
-@@ -78,25 +28,16 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -78,25 +28,16 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_DANE_TLSA_ADD), "dane_tlsa_add"},
{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"},
{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"},
@@ -167469,9 +165495,14 @@
{ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"},
{ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
"dtls_construct_change_cipher_spec"},
-@@ -107,24 +48,22 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -106,25 +47,27 @@ static ERR_STRING_DATA SSL_str_functs[]
+ "dtls_get_reassembled_message"},
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
{ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
++ {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION),
++ "ossl_statem_client_read_transition"},
++ {ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION),
++ "ossl_statem_server_read_transition"},
{ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
- {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
- {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"},
@@ -167499,7 +165530,7 @@
{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"},
{ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"},
{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"},
-@@ -132,12 +71,12 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -132,12 +75,12 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"},
{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"},
{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"},
@@ -167514,7 +165545,7 @@
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
"ssl_add_clienthello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
-@@ -146,7 +85,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -146,7 +89,8 @@ static ERR_STRING_DATA SSL_str_functs[]
"SSL_add_file_cert_subjects_to_stack"},
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
"ssl_add_serverhello_renegotiate_ext"},
@@ -167524,7 +165555,7 @@
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
"ssl_add_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
-@@ -154,7 +94,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -154,7 +98,6 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},
{ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"},
{ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},
@@ -167532,7 +165563,7 @@
{ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},
{ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"},
{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-@@ -162,7 +101,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -162,7 +105,8 @@ static ERR_STRING_DATA SSL_str_functs[]
"ssl_check_serverhello_tlsext"},
{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
"ssl_check_srvr_ecc_cert_and_alg"},
@@ -167542,7 +165573,7 @@
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "ssl_cipher_strength_sort"},
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
-@@ -180,11 +120,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -180,11 +124,9 @@ static ERR_STRING_DATA SSL_str_functs[]
"SSL_CTX_set_client_cert_engine"},
{ERR_FUNC(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK),
"SSL_CTX_set_ct_validation_callback"},
@@ -167554,7 +165585,7 @@
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
"SSL_CTX_use_certificate_ASN1"},
-@@ -205,16 +143,14 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -205,16 +147,15 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO), "SSL_CTX_use_serverinfo"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO_FILE),
"SSL_CTX_use_serverinfo_file"},
@@ -167562,6 +165593,7 @@
{ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"},
{ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"},
{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
++ {ERR_FUNC(SSL_F_SSL_DUP_CA_LIST), "SSL_dup_CA_list"},
{ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"},
- {ERR_FUNC(SSL_F_SSL_GET0_PEER_SCTS), "SSL_get0_peer_scts"},
{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"},
@@ -167572,7 +165604,7 @@
{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"},
{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "ssl_init_wbio_buffer"},
{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-@@ -233,10 +169,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -233,10 +174,6 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
"ssl_parse_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
@@ -167583,7 +165615,7 @@
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
"ssl_scan_clienthello_tlsext"},
-@@ -254,18 +186,16 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -254,18 +191,16 @@ static ERR_STRING_DATA SSL_str_functs[]
"SSL_set_ct_validation_callback"},
{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
{ERR_FUNC(SSL_F_SSL_SET_PKEY), "ssl_set_pkey"},
@@ -167606,7 +165638,7 @@
{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "ssl_undefined_function"},
{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
"ssl_undefined_void_function"},
-@@ -277,8 +207,10 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -277,8 +212,10 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
@@ -167619,7 +165651,7 @@
{ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"},
{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-@@ -287,16 +219,10 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -287,16 +224,10 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
{ERR_FUNC(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS),
"tls1_check_duplicate_extensions"},
@@ -167636,8 +165668,17 @@
{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"},
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
{ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
-@@ -306,7 +232,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -304,9 +235,17 @@ static ERR_STRING_DATA SSL_str_functs[]
+ "tls_client_key_exchange_post_work"},
+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
"tls_construct_certificate_request"},
++ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"},
++ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_ECDHE), "tls_construct_cke_ecdhe"},
++ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_GOST), "tls_construct_cke_gost"},
++ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE),
++ "tls_construct_cke_psk_preamble"},
++ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"},
++ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
"tls_construct_client_certificate"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), "tls_construct_client_hello"},
@@ -167646,7 +165687,7 @@
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),
"tls_construct_client_key_exchange"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),
-@@ -317,7 +244,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -317,7 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[]
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
"tls_construct_server_certificate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
@@ -167656,17 +165697,36 @@
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
"tls_construct_server_key_exchange"},
{ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},
-@@ -348,7 +276,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -334,6 +274,13 @@ static ERR_STRING_DATA SSL_str_functs[]
+ {ERR_FUNC(SSL_F_TLS_PROCESS_CERT_VERIFY), "tls_process_cert_verify"},
+ {ERR_FUNC(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC),
+ "tls_process_change_cipher_spec"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_DHE), "tls_process_cke_dhe"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_ECDHE), "tls_process_cke_ecdhe"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_GOST), "tls_process_cke_gost"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE),
++ "tls_process_cke_psk_preamble"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_RSA), "tls_process_cke_rsa"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_SRP), "tls_process_cke_srp"},
+ {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE),
+ "tls_process_client_certificate"},
+ {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_HELLO), "tls_process_client_hello"},
+@@ -348,7 +295,13 @@ static ERR_STRING_DATA SSL_str_functs[]
"tls_process_server_certificate"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"},
- {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_DHE), "tls_process_ske_dhe"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_ECDHE), "tls_process_ske_ecdhe"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE),
++ "tls_process_ske_psk_preamble"},
++ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_SRP), "tls_process_ske_srp"},
+ {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE),
+ "use_certificate_chain_file"},
{0, NULL}
};
-@@ -360,46 +289,25 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -360,46 +313,25 @@ static ERR_STRING_DATA SSL_str_reasons[]
"at least TLS 1.0 needed in FIPS mode"},
{ERR_REASON(SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
"at least (D)TLS 1.2 needed in Suite B mode"},
@@ -167713,7 +165773,7 @@
{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
"bad srtp protection profile list"},
-@@ -407,14 +315,15 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -407,14 +339,15 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
{ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
{ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
@@ -167732,7 +165792,7 @@
{ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
-@@ -427,7 +336,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -427,7 +360,8 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
"compression id not within private range"},
@@ -167742,7 +165802,7 @@
{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
{ERR_REASON(SSL_R_CONTEXT_NOT_DANE_ENABLED), "context not dane enabled"},
{ERR_REASON(SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
-@@ -439,10 +349,12 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -439,10 +373,12 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
"dane cannot override mtype full"},
{ERR_REASON(SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
@@ -167757,7 +165817,7 @@
{ERR_REASON(SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
"dane tlsa bad digest length"},
{ERR_REASON(SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
-@@ -462,21 +374,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -462,21 +398,14 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
@@ -167781,7 +165841,7 @@
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
"error in received cipher list"},
{ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
-@@ -486,10 +391,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -486,10 +415,6 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
{ERR_REASON(SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"},
{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
@@ -167792,7 +165852,7 @@
{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
{ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
{ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"},
-@@ -504,24 +405,18 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -504,24 +429,18 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE),
"invalid ct validation type"},
{ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
@@ -167817,7 +165877,7 @@
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
"missing ecdsa signing cert"},
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
-@@ -531,18 +426,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -531,18 +450,13 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
@@ -167836,7 +165896,7 @@
{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
"Peer haven't sent GOST certificate, required for selected ciphersuite"},
-@@ -553,19 +443,18 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -553,19 +467,18 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
{ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
@@ -167860,7 +165920,7 @@
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
{ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
{ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
-@@ -574,7 +463,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -574,7 +487,6 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"},
{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
{ERR_REASON(SSL_R_PIPELINE_FAILURE), "pipeline failure"},
@@ -167868,7 +165928,7 @@
{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
-@@ -582,22 +470,20 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -582,22 +494,20 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
@@ -167893,7 +165953,7 @@
{ERR_REASON(SSL_R_SHUTDOWN_WHILE_IN_INIT), "shutdown while in init"},
{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
"signature algorithms error"},
-@@ -610,15 +496,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -610,15 +520,35 @@ static ERR_STRING_DATA SSL_str_reasons[]
"srtp protection profile list too long"},
{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
"srtp unknown protection profile"},
@@ -167906,21 +165966,76 @@
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
- {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
- {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY), "ssl command section empty"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
++ "sslv3 alert bad certificate"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
++ "sslv3 alert bad record mac"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
++ "sslv3 alert certificate expired"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
++ "sslv3 alert certificate revoked"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
++ "sslv3 alert certificate unknown"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
++ "sslv3 alert decompression failure"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
++ "sslv3 alert handshake failure"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
++ "sslv3 alert illegal parameter"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
++ "sslv3 alert no certificate"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
++ "sslv3 alert unexpected message"},
++ {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
++ "sslv3 alert unsupported certificate"},
+ {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY),
+ "ssl command section empty"},
{ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
"ssl command section not found"},
{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
-@@ -638,8 +522,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -638,8 +568,39 @@ static ERR_STRING_DATA SSL_str_reasons[]
"ssl session id has bad length"},
{ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
"ssl session version mismatch"},
- {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),
- "tls client cert req with anon cipher"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
++ "tlsv1 alert access denied"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
++ "tlsv1 alert decryption failed"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
++ "tlsv1 alert decrypt error"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
++ "tlsv1 alert export restriction"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
++ "tlsv1 alert inappropriate fallback"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
++ "tlsv1 alert insufficient security"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
++ "tlsv1 alert internal error"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
++ "tlsv1 alert no renegotiation"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
++ "tlsv1 alert protocol version"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
++ "tlsv1 alert record overflow"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
++ {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
++ "tlsv1 alert user cancelled"},
++ {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
++ "tlsv1 bad certificate hash value"},
++ {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
++ "tlsv1 bad certificate status response"},
++ {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
++ "tlsv1 certificate unobtainable"},
++ {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
++ {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
++ "tlsv1 unsupported extension"},
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
"peer does not accept heartbeats"},
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
-@@ -648,20 +530,10 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -648,20 +609,10 @@ static ERR_STRING_DATA SSL_str_reasons[]
"tls illegal exporter label"},
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
"tls invalid ecpointformat list"},
@@ -167941,7 +166056,7 @@
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
"unable to load ssl3 md5 routines"},
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
-@@ -676,18 +548,16 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -676,18 +627,16 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
{ERR_REASON(SSL_R_UNKNOWN_COMMAND), "unknown command"},
{ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
@@ -167962,7 +166077,7 @@
{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
"unsupported elliptic curve"},
{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
-@@ -699,7 +569,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -699,7 +648,6 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_WRONG_CERTIFICATE_TYPE), "wrong certificate type"},
{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
{ERR_REASON(SSL_R_WRONG_CURVE), "wrong curve"},
@@ -167970,11 +166085,24 @@
{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
-diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
-index 546f5d2..66525de 100644
+@@ -713,7 +661,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
+
+ #endif
+
+-void ERR_load_SSL_strings(void)
++int ERR_load_SSL_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -722,4 +670,5 @@ void ERR_load_SSL_strings(void)
+ ERR_load_strings(0, SSL_str_reasons);
+ }
+ #endif
++ return 1;
+ }
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
-@@ -1,63 +1,14 @@
+@@ -1,68 +1,20 @@
/*
- * Written by Matt Caswell for the OpenSSL project.
- */
@@ -168043,8 +166171,72 @@
#include "internal/err.h"
#include <openssl/crypto.h>
#include <openssl/evp.h>
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 06d9723..08e3673 100644
+ #include <assert.h>
+ #include "ssl_locl.h"
++#include "internal/thread_once.h"
+
+ static int stopped;
+
+@@ -70,7 +22,7 @@ static void ssl_library_stop(void);
+
+ static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT;
+ static int ssl_base_inited = 0;
+-static void ossl_init_ssl_base(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
+ {
+ #ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+@@ -157,11 +109,12 @@ static void ossl_init_ssl_base(void)
+ */
+ OPENSSL_atexit(ssl_library_stop);
+ ssl_base_inited = 1;
++ return 1;
+ }
+
+ static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+ static int ssl_strings_inited = 0;
+-static void ossl_init_load_ssl_strings(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+ {
+ /*
+ * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+@@ -175,12 +128,13 @@ static void ossl_init_load_ssl_strings(v
+ ERR_load_SSL_strings();
+ #endif
+ ssl_strings_inited = 1;
++ return 1;
+ }
+
+-static void ossl_init_no_load_ssl_strings(void)
++DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings)
+ {
+ /* Do nothing in this case */
+- return;
++ return 1;
+ }
+
+ static void ssl_library_stop(void)
+@@ -242,17 +196,15 @@ int OPENSSL_init_ssl(uint64_t opts, cons
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+ return 0;
+
+- if (!CRYPTO_THREAD_run_once(&ssl_base, ossl_init_ssl_base))
++ if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+- && !CRYPTO_THREAD_run_once(&ssl_strings,
+- ossl_init_no_load_ssl_strings))
++ && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
+ return 0;
+
+ if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+- && !CRYPTO_THREAD_run_once(&ssl_strings,
+- ossl_init_load_ssl_strings))
++ && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+ return 0;
+
+ return 1;
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1,115 +1,12 @@
@@ -168169,7 +166361,14 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
-@@ -215,6 +112,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx)
+@@ -211,10 +108,14 @@ static int dane_ctx_enable(struct dane_c
+ int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */
+ size_t i;
+
++ if (dctx->mdevp != NULL)
++ return 1;
++
+ mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
mdord = OPENSSL_zalloc(n * sizeof(*mdord));
if (mdord == NULL || mdevp == NULL) {
@@ -168177,10 +166376,11 @@
OPENSSL_free(mdevp);
SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
return 0;
-@@ -284,10 +182,18 @@ static int ssl_dane_dup(SSL *to, SSL *from)
+@@ -284,10 +185,19 @@ static int ssl_dane_dup(SSL *to, SSL *fr
return 1;
dane_final(&to->dane);
++ to->dane.flags = from->dane.flags;
+ to->dane.dctx = &to->ctx->dane;
+ to->dane.trecs = sk_danetls_record_new_null();
+
@@ -168196,7 +166396,7 @@
if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
t->data, t->dlen) <= 0)
return 0;
-@@ -363,6 +269,7 @@ static int dane_tlsa_add(
+@@ -363,6 +273,7 @@ static int dane_tlsa_add(
const EVP_MD *md = NULL;
int ilen = (int)dlen;
int i;
@@ -168204,7 +166404,7 @@
if (dane->trecs == NULL) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
-@@ -495,8 +402,10 @@ static int dane_tlsa_add(
+@@ -495,8 +406,10 @@ static int dane_tlsa_add(
* The choice of order for the selector is not significant, so we
* use the same descending order for consistency.
*/
@@ -168216,7 +166416,15 @@
if (rec->usage > usage)
continue;
if (rec->usage < usage)
-@@ -681,7 +590,7 @@ SSL *SSL_new(SSL_CTX *ctx)
+@@ -633,6 +546,7 @@ SSL *SSL_new(SSL_CTX *ctx)
+ RECORD_LAYER_init(&s->rlayer, s);
+
+ s->options = ctx->options;
++ s->dane.flags = ctx->dane.flags;
+ s->min_proto_version = ctx->min_proto_version;
+ s->max_proto_version = ctx->max_proto_version;
+ s->mode = ctx->mode;
+@@ -681,7 +595,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_debug_cb = 0;
s->tlsext_debug_arg = NULL;
s->tlsext_ticket_expected = 0;
@@ -168225,7 +166433,7 @@
s->tlsext_status_expected = 0;
s->tlsext_ocsp_ids = NULL;
s->tlsext_ocsp_exts = NULL;
-@@ -739,7 +648,8 @@ SSL *SSL_new(SSL_CTX *ctx)
+@@ -739,7 +653,8 @@ SSL *SSL_new(SSL_CTX *ctx)
if (!SSL_clear(s))
goto err;
@@ -168235,7 +166443,7 @@
#ifndef OPENSSL_NO_PSK
s->psk_client_callback = ctx->psk_client_callback;
-@@ -761,10 +671,21 @@ SSL *SSL_new(SSL_CTX *ctx)
+@@ -761,10 +676,21 @@ SSL *SSL_new(SSL_CTX *ctx)
return NULL;
}
@@ -168259,7 +166467,7 @@
}
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-@@ -830,9 +751,9 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+@@ -830,9 +756,9 @@ int SSL_has_matching_session_id(const SS
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
@@ -168272,7 +166480,30 @@
return (p != NULL);
}
-@@ -900,9 +821,9 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
+@@ -881,6 +807,22 @@ int SSL_CTX_dane_enable(SSL_CTX *ctx)
+ return dane_ctx_enable(&ctx->dane);
+ }
+
++unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
++{
++ unsigned long orig = ctx->dane.flags;
++
++ ctx->dane.flags |= flags;
++ return orig;
++}
++
++unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
++{
++ unsigned long orig = ctx->dane.flags;
++
++ ctx->dane.flags &= ~flags;
++ return orig;
++}
++
+ int SSL_dane_enable(SSL *s, const char *basedomain)
+ {
+ SSL_DANE *dane = &s->dane;
+@@ -900,9 +842,9 @@ int SSL_dane_enable(SSL *s, const char *
* invalid input, set the SNI name first.
*/
if (s->tlsext_hostname == NULL) {
@@ -168284,18 +166515,188 @@
}
}
-@@ -1027,9 +948,9 @@ void SSL_free(SSL *s)
- BIO_free(s->bbio);
- s->bbio = NULL;
- }
+@@ -924,6 +866,22 @@ int SSL_dane_enable(SSL *s, const char *
+ return 1;
+ }
+
++unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
++{
++ unsigned long orig = ssl->dane.flags;
++
++ ssl->dane.flags |= flags;
++ return orig;
++}
++
++unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
++{
++ unsigned long orig = ssl->dane.flags;
++
++ ssl->dane.flags &= ~flags;
++ return orig;
++}
++
+ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+ {
+ SSL_DANE *dane = &s->dane;
+@@ -1019,17 +977,11 @@ void SSL_free(SSL *s)
+ dane_final(&s->dane);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+- if (s->bbio != NULL) {
+- /* If the buffering BIO is in place, pop it off */
+- if (s->bbio == s->wbio) {
+- s->wbio = BIO_pop(s->wbio);
+- }
+- BIO_free(s->bbio);
+- s->bbio = NULL;
+- }
- BIO_free_all(s->rbio);
++ ssl_free_wbio_buffer(s);
++
if (s->wbio != s->rbio)
BIO_free_all(s->wbio);
+ BIO_free_all(s->rbio);
BUF_MEM_free(s->init_buf);
-@@ -1503,6 +1424,9 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+@@ -1103,15 +1055,16 @@ void SSL_set_wbio(SSL *s, BIO *wbio)
+ /*
+ * If the output buffering BIO is still in place, remove it
+ */
+- if (s->bbio != NULL) {
+- if (s->wbio == s->bbio) {
+- s->wbio = BIO_next(s->wbio);
+- BIO_set_next(s->bbio, NULL);
+- }
+- }
++ if (s->bbio != NULL)
++ s->wbio = BIO_pop(s->wbio);
++
+ if (s->wbio != wbio && s->rbio != s->wbio)
+ BIO_free_all(s->wbio);
+ s->wbio = wbio;
++
++ /* Re-attach |bbio| to the new |wbio|. */
++ if (s->bbio != NULL)
++ s->wbio = BIO_push(s->bbio, s->wbio);
+ }
+
+ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+@@ -1122,17 +1075,24 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO
+
+ BIO *SSL_get_rbio(const SSL *s)
+ {
+- return (s->rbio);
++ return s->rbio;
+ }
+
+ BIO *SSL_get_wbio(const SSL *s)
+ {
+- return (s->wbio);
++ if (s->bbio != NULL) {
++ /*
++ * If |bbio| is active, the true caller-configured BIO is its
++ * |next_bio|.
++ */
++ return BIO_next(s->bbio);
++ }
++ return s->wbio;
+ }
+
+ int SSL_get_fd(const SSL *s)
+ {
+- return (SSL_get_rfd(s));
++ return SSL_get_rfd(s);
+ }
+
+ int SSL_get_rfd(const SSL *s)
+@@ -1180,46 +1140,43 @@ int SSL_set_fd(SSL *s, int fd)
+
+ int SSL_set_wfd(SSL *s, int fd)
+ {
+- int ret = 0;
+- BIO *bio = NULL;
++ BIO *rbio = SSL_get_rbio(s);
+
+- if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+- || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
+- bio = BIO_new(BIO_s_socket());
++ if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
++ || (int)BIO_get_fd(rbio, NULL) != fd) {
++ BIO *bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+- goto err;
++ return 0;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+- SSL_set_bio(s, SSL_get_rbio(s), bio);
+- } else
+- SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
+- ret = 1;
+- err:
+- return (ret);
++ SSL_set_wbio(s, bio);
++ } else {
++ SSL_set_wbio(s, rbio);
++ }
++ return 1;
+ }
+
+ int SSL_set_rfd(SSL *s, int fd)
+ {
+- int ret = 0;
+- BIO *bio = NULL;
++ BIO *wbio = SSL_get_wbio(s);
+
+- if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+- || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
+- bio = BIO_new(BIO_s_socket());
++ if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
++ || ((int)BIO_get_fd(wbio, NULL) != fd)) {
++ BIO *bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+- goto err;
++ return 0;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+- SSL_set_bio(s, bio, SSL_get_wbio(s));
+- } else
+- SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
+- ret = 1;
+- err:
+- return (ret);
++ SSL_set_rbio(s, bio);
++ } else {
++ SSL_set_rbio(s, wbio);
++ }
++
++ return 1;
+ }
+ #endif
+
+@@ -1435,7 +1392,7 @@ int SSL_check_private_key(const SSL *ssl
+
+ int SSL_waiting_for_async(SSL *s)
+ {
+- if(s->job)
++ if (s->job)
+ return 1;
+
+ return 0;
+@@ -1494,7 +1451,7 @@ static int ssl_start_async_job(SSL *s, s
+ if (s->waitctx == NULL)
+ return -1;
+ }
+- switch(ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
++ switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
+ sizeof(struct ssl_async_args))) {
+ case ASYNC_ERR:
+ s->rwstate = SSL_NOTHING;
+@@ -1503,6 +1460,9 @@ static int ssl_start_async_job(SSL *s, s
case ASYNC_PAUSE:
s->rwstate = SSL_ASYNC_PAUSED;
return -1;
@@ -168305,7 +166706,43 @@
case ASYNC_FINISH:
s->job = NULL;
return ret;
-@@ -1743,8 +1667,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+@@ -1548,7 +1508,7 @@ int SSL_read(SSL *s, void *buf, int num)
+ return (0);
+ }
+
+- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ args.s = s;
+@@ -1573,7 +1533,7 @@ int SSL_peek(SSL *s, void *buf, int num)
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ return (0);
+ }
+- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ args.s = s;
+@@ -1601,7 +1561,7 @@ int SSL_write(SSL *s, const void *buf, i
+ return (-1);
+ }
+
+- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ args.s = s;
+@@ -1631,7 +1591,7 @@ int SSL_shutdown(SSL *s)
+ }
+
+ if (!SSL_in_init(s)) {
+- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ args.s = s;
+@@ -1743,8 +1703,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg
}
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
@@ -168316,7 +166753,7 @@
return 1;
else
return 0;
-@@ -1862,7 +1786,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+@@ -1862,7 +1822,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd,
return 0;
ctx->max_send_fragment = larg;
if (ctx->max_send_fragment < ctx->split_send_fragment)
@@ -168325,7 +166762,7 @@
return 1;
case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
if ((unsigned int)larg > ctx->max_send_fragment || larg == 0)
-@@ -2117,7 +2041,7 @@ int SSL_get_servername_type(const SSL *s)
+@@ -2117,7 +2077,7 @@ int SSL_get_servername_type(const SSL *s
* is indicated to the callback. In this case, the client application has to
* abort the connection or have a default application level protocol. 2) If
* the server supports NPN, but advertises an empty list then the client
@@ -168334,7 +166771,7 @@
* fallback case was enacted. 3) Otherwise, the client finds the first
* protocol in the server's list that it supports and selects this protocol.
* This is because it's assumed that the server has better information about
-@@ -2429,7 +2353,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2429,7 +2389,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
goto err;
@@ -168344,7 +166781,7 @@
/* No compression for DTLS */
if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
-@@ -2438,10 +2363,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2438,10 +2399,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -168359,7 +166796,7 @@
ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP
-@@ -2479,6 +2404,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2479,6 +2440,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_NO_COMPRESSION;
@@ -168368,7 +166805,7 @@
return ret;
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
-@@ -2487,10 +2414,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2487,10 +2450,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
return NULL;
}
@@ -168387,7 +166824,7 @@
}
void SSL_CTX_free(SSL_CTX *a)
-@@ -2925,56 +2858,61 @@ int SSL_get_error(const SSL *s, int i)
+@@ -2925,56 +2894,65 @@ int SSL_get_error(const SSL *s, int i)
return (SSL_ERROR_SSL);
}
@@ -168447,9 +166884,12 @@
- if (BIO_should_write(bio))
- return (SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
-- /*
++ if (SSL_want_write(s)) {
+ /*
- * See above (SSL_want_read(s) with BIO_should_write(bio))
-- */
++ * Access wbio directly - in order to use the buffered bio if
++ * present
+ */
- return (SSL_ERROR_WANT_READ);
- else if (BIO_should_io_special(bio)) {
- reason = BIO_get_retry_reason(bio);
@@ -168459,8 +166899,7 @@
- return (SSL_ERROR_WANT_ACCEPT);
- else
- return (SSL_ERROR_SYSCALL);
-+ if (SSL_want_write(s)) {
-+ bio = SSL_get_wbio(s);
++ bio = s->wbio;
+ if (BIO_should_write(bio))
+ return (SSL_ERROR_WANT_WRITE);
+ else if (BIO_should_read(bio))
@@ -168496,7 +166935,16 @@
}
if (i == 0) {
-@@ -3135,7 +3073,8 @@ SSL *SSL_dup(SSL *s)
+@@ -3008,7 +2986,7 @@ int SSL_do_handshake(SSL *s)
+ s->method->ssl_renegotiate_check(s);
+
+ if (SSL_in_init(s) || SSL_in_before(s)) {
+- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ args.s = s;
+@@ -3135,7 +3113,8 @@ SSL *SSL_dup(SSL *s)
goto err;
}
@@ -168506,7 +166954,7 @@
ret->version = s->version;
ret->options = s->options;
ret->mode = s->mode;
-@@ -3286,34 +3225,27 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+@@ -3286,34 +3265,25 @@ const COMP_METHOD *SSL_get_current_expan
#endif
}
@@ -168515,42 +166963,62 @@
{
BIO *bbio;
- if (s->bbio == NULL) {
- bbio = BIO_new(BIO_f_buffer());
- if (bbio == NULL)
+- if (s->bbio == NULL) {
+- bbio = BIO_new(BIO_f_buffer());
+- if (bbio == NULL)
- return (0);
-+ return 0;
- s->bbio = bbio;
-+ s->wbio = BIO_push(bbio, s->wbio);
- } else {
- bbio = s->bbio;
+- s->bbio = bbio;
+- } else {
+- bbio = s->bbio;
- if (s->bbio == s->wbio)
- s->wbio = BIO_pop(s->wbio);
-+ (void)BIO_reset(bbio);
- }
+- }
- (void)BIO_reset(bbio);
-/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-+
- if (!BIO_set_read_buffer_size(bbio, 1)) {
- SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+- if (!BIO_set_read_buffer_size(bbio, 1)) {
+- SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
- return (0);
-- }
++ if (s->bbio != NULL) {
++ /* Already buffered. */
++ return 1;
+ }
- if (push) {
- if (s->wbio != bbio)
- s->wbio = BIO_push(bbio, s->wbio);
- } else {
- if (s->wbio == bbio)
- s->wbio = BIO_pop(bbio);
++
++ bbio = BIO_new(BIO_f_buffer());
++ if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
++ BIO_free(bbio);
++ SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+ return 0;
}
- return (1);
++ s->bbio = bbio;
++ s->wbio = BIO_push(bbio, s->wbio);
+
+ return 1;
}
void ssl_free_wbio_buffer(SSL *s)
-@@ -3358,17 +3290,22 @@ void SSL_set_shutdown(SSL *s, int mode)
+@@ -3322,11 +3292,8 @@ void ssl_free_wbio_buffer(SSL *s)
+ if (s->bbio == NULL)
+ return;
+- if (s->bbio == s->wbio) {
+- /* remove buffering */
+- s->wbio = BIO_pop(s->wbio);
+- assert(s->wbio != NULL);
+- }
++ s->wbio = BIO_pop(s->wbio);
++ assert(s->wbio != NULL);
+ BIO_free(s->bbio);
+ s->bbio = NULL;
+ }
+@@ -3358,17 +3325,22 @@ void SSL_set_shutdown(SSL *s, int mode)
+
int SSL_get_shutdown(const SSL *s)
{
- return (s->shutdown);
@@ -168575,7 +167043,7 @@
}
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
-@@ -3709,7 +3646,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
+@@ -3709,7 +3681,7 @@ void SSL_set_not_resumable_session_callb
/*
* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
@@ -168584,7 +167052,7 @@
* If EVP_MD pointer is passed, initializes ctx with this md Returns newly
* allocated ctx;
*/
-@@ -3921,7 +3858,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t or
+@@ -3921,7 +3893,7 @@ static int ct_move_scts(STACK_OF(SCT) **
err:
if (sct != NULL)
sk_SCT_push(src, sct); /* Put the SCT back */
@@ -168593,7 +167061,7 @@
}
/*
-@@ -4179,7 +4116,7 @@ int ssl_validate_ct(SSL *s)
+@@ -4179,7 +4151,7 @@ int ssl_validate_ct(SSL *s)
* value is negative.
*
* XXX: One might well argue that the return value of this function is an
@@ -168602,7 +167070,7 @@
* status of each of the provided SCTs. So long as it correctly separates
* the wheat from the chaff it should return success. Failure in this case
* ought to correspond to an inability to carry out its duties.
-@@ -4195,6 +4132,23 @@ int ssl_validate_ct(SSL *s)
+@@ -4195,6 +4167,23 @@ int ssl_validate_ct(SSL *s)
end:
CT_POLICY_EVAL_CTX_free(ctx);
@@ -168626,8 +167094,6 @@
return ret;
}
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 50e0d39..35fd3fc 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1,112 +1,12 @@
@@ -168760,6 +167226,37 @@
# include <openssl/buffer.h>
# include <openssl/comp.h>
+@@ -238,18 +141,18 @@
+ } \
+ }
+
+-# define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
+- (((unsigned int)(c[1])) )),c+=2)
+-# define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+- c[1]=(unsigned char)(((s) )&0xff)),c+=2)
+-
+-# define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
+- (((unsigned long)(c[1]))<< 8)| \
+- (((unsigned long)(c[2])) )),c+=3)
+-
+-# define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+- c[1]=(unsigned char)(((l)>> 8)&0xff), \
+- c[2]=(unsigned char)(((l) )&0xff)),c+=3)
++# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \
++ (((unsigned int)((c)[1])) )),(c)+=2)
++# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
++ (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2)
++
++# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \
++ (((unsigned long)((c)[1]))<< 8)| \
++ (((unsigned long)((c)[2])) )),(c)+=3)
++
++# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
++ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
++ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3)
+
+ #define DTLS_VERSION_GT(v1, v2) ((v1) < (v2))
+ #define DTLS_VERSION_GE(v1, v2) ((v1) <= (v2))
@@ -453,12 +356,14 @@
# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \
((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
@@ -168821,7 +167318,7 @@
int (*p_ssl3_setup_buffers) (SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s,
-@@ -1948,7 +1859,7 @@ __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+@@ -1948,7 +1859,7 @@ void ssl_load_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
@@ -168830,7 +167327,16 @@
__owur int ssl3_setup_key_block(SSL *s);
__owur int ssl3_change_cipher_state(SSL *s, int which);
void ssl3_cleanup_key_block(SSL *s);
-@@ -2048,7 +1959,7 @@ __owur int dtls1_shutdown(SSL *s);
+@@ -1964,7 +1875,7 @@ int ssl3_renegotiate_check(SSL *ssl);
+ __owur int ssl3_dispatch_alert(SSL *s);
+ __owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+ unsigned char *p);
+-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
++__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+ void ssl3_free_digest_list(SSL *s);
+ __owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
+ __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
+@@ -2048,7 +1959,7 @@ long dtls1_ctrl(SSL *s, int cmd, long la
__owur int dtls1_dispatch_alert(SSL *s);
@@ -168839,8 +167345,28 @@
void ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
-diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c
-index 614e0a7..ac9cc95 100644
+@@ -2093,7 +2004,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_CO
+ __owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
+ void ssl_set_default_md(SSL *s);
+ __owur int tls1_set_server_sigalgs(SSL *s);
+-__owur int ssl_check_clienthello_tlsext_late(SSL *s);
++__owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
+ __owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);
+ __owur int ssl_prepare_clienthello_tlsext(SSL *s);
+ __owur int ssl_prepare_serverhello_tlsext(SSL *s);
+@@ -2174,9 +2085,9 @@ void ssl_set_client_disabled(SSL *s);
+ const unsigned char *mac_secret,
+ unsigned mac_secret_length, char is_sslv3);
+
+-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+- EVP_MD_CTX *mac_ctx, const unsigned char *data,
+- size_t data_len, size_t orig_len);
++__owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
++ EVP_MD_CTX *mac_ctx, const unsigned char *data,
++ size_t data_len, size_t orig_len);
+
+ __owur int srp_generate_server_master_secret(SSL *s);
+ __owur int srp_generate_client_master_secret(SSL *s);
--- a/ssl/ssl_mcnf.c
+++ b/ssl/ssl_mcnf.c
@@ -1,59 +1,10 @@
@@ -168908,7 +167434,7 @@
*/
#include <stdio.h>
-@@ -109,7 +60,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
+@@ -109,7 +60,7 @@ static int ssl_module_init(CONF_IMODULE
STACK_OF(CONF_VALUE) *cmd_lists;
ssl_conf_section = CONF_imodule_get_value(md);
cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
@@ -168917,7 +167443,7 @@
if (cmd_lists == NULL)
SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_SECTION_NOT_FOUND);
else
-@@ -223,7 +174,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
+@@ -223,7 +174,7 @@ static int ssl_do_config(SSL *s, SSL_CTX
if (rv <= 0) {
if (rv == -2)
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
@@ -168926,8 +167452,6 @@
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd,
", arg=", cmd->arg);
-diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
-index 00bf887..aad65ea 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1,58 +1,10 @@
@@ -168995,7 +167519,23 @@
*/
#include <stdio.h>
-@@ -831,7 +783,7 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
+@@ -158,6 +110,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA
+ RSA_up_ref(rsa);
+ if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+ RSA_free(rsa);
++ EVP_PKEY_free(pkey);
+ return 0;
+ }
+
+@@ -500,6 +453,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *c
+ RSA_up_ref(rsa);
+ if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+ RSA_free(rsa);
++ EVP_PKEY_free(pkey);
+ return 0;
+ }
+
+@@ -831,7 +785,7 @@ static int serverinfo_srv_add_cb(SSL *s,
return 0; /* No extension found, don't send extension */
return 1; /* Send extension */
}
@@ -169004,7 +167544,7 @@
* extension */
}
-@@ -860,12 +812,26 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo,
+@@ -860,12 +814,26 @@ static int serverinfo_process_buffer(con
/* Register callbacks for extensions */
ext_type = (serverinfo[0] << 8) + serverinfo[1];
@@ -169037,7 +167577,7 @@
serverinfo += 2;
serverinfo_length -= 2;
-@@ -926,6 +892,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+@@ -926,6 +894,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx,
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
{
unsigned char *serverinfo = NULL;
@@ -169045,7 +167585,7 @@
size_t serverinfo_length = 0;
unsigned char *extension = 0;
long extension_length = 0;
-@@ -985,12 +952,13 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+@@ -985,12 +954,13 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX
goto end;
}
/* Append the decoded extension to the serverinfo buffer */
@@ -169061,8 +167601,6 @@
memcpy(serverinfo + serverinfo_length, extension, extension_length);
serverinfo_length += extension_length;
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index d5b7fe3..41abe44 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -1,112 +1,12 @@
@@ -169199,7 +167737,25 @@
return ss;
}
-@@ -431,13 +334,13 @@ int ssl_get_new_session(SSL *s, int session)
+@@ -271,7 +174,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION
+ }
+ #endif
+
+- if(src->ciphers != NULL) {
++ if (src->ciphers != NULL) {
+ dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+ if (dest->ciphers == NULL)
+ goto err;
+@@ -307,7 +210,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION
+
+ if (ticket != 0) {
+ dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
+- if(dest->tlsext_tick == NULL)
++ if (dest->tlsext_tick == NULL)
+ goto err;
+ } else {
+ dest->tlsext_tick_lifetime_hint = 0;
+@@ -431,13 +334,13 @@ int ssl_get_new_session(SSL *s, int sess
* Note that:
* (a) ssl_get_prev_session() does lookahead into the
* ClientHello extensions to find the session ticket.
@@ -169216,7 +167772,7 @@
* ServerHello extensions, and before recording the session
* ID received from the server, so this block is a noop.
*/
-@@ -456,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session)
+@@ -456,6 +359,7 @@ int ssl_get_new_session(SSL *s, int sess
CRYPTO_THREAD_unlock(s->session_ctx->lock);
CRYPTO_THREAD_unlock(s->lock);
/* Choose a session ID */
@@ -169224,7 +167780,7 @@
tmp = ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
/* The callback failed */
-@@ -568,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
+@@ -568,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const P
SSL_SESSION data;
size_t local_len;
data.ssl_version = s->version;
@@ -169232,6 +167788,28 @@
if (!PACKET_copy_all(session_id, data.session_id,
sizeof(data.session_id),
&local_len)) {
+@@ -803,16 +708,16 @@ static int remove_session_lock(SSL_CTX *
+ r = lh_SSL_SESSION_delete(ctx->sessions, c);
+ SSL_SESSION_list_remove(ctx, c);
+ }
++ c->not_resumable = 1;
+
+ if (lck)
+ CRYPTO_THREAD_unlock(ctx->lock);
+
+- if (ret) {
+- r->not_resumable = 1;
+- if (ctx->remove_session_cb != NULL)
+- ctx->remove_session_cb(ctx, r);
++ if (ret)
+ SSL_SESSION_free(r);
+- }
++
++ if (ctx->remove_session_cb != NULL)
++ ctx->remove_session_cb(ctx, c);
+ } else
+ ret = 0;
+ return (ret);
@@ -871,28 +776,20 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss)
int SSL_set_session(SSL *s, SSL_SESSION *session)
@@ -169272,7 +167850,7 @@
}
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
-@@ -925,6 +822,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+@@ -925,6 +822,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s
return (t);
}
@@ -169284,7 +167862,7 @@
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
{
return s->tlsext_hostname;
-@@ -1074,10 +976,10 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+@@ -1074,10 +976,10 @@ void SSL_CTX_flush_sessions(SSL_CTX *s,
return;
tp.time = t;
CRYPTO_THREAD_write_lock(s->lock);
@@ -169307,8 +167885,6 @@
return (1);
} else
return (0);
-diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
-index 240dfdf..1928bd2 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -1,59 +1,12 @@
@@ -169378,14 +167954,23 @@
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
-diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
-index b2c6bf7..df7c74b 100644
+@@ -382,6 +335,8 @@ const char *SSL_alert_desc_string_long(i
+ return "bad certificate hash value";
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ return "unknown PSK identity";
++ case TLS1_AD_NO_APPLICATION_PROTOCOL:
++ return "no application protocol";
+ default:
+ return "unknown";
+ }
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -1,59 +1,12 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -169433,9 +168018,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -169449,7 +168032,16 @@
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
-@@ -238,7 +191,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
+@@ -175,7 +128,7 @@ int SSL_SESSION_print(BIO *bp, const SSL
+ if (x->tlsext_tick) {
+ if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
+ goto err;
+- if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4)
++ if (BIO_dump_indent(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
+ <= 0)
+ goto err;
+ }
+@@ -238,7 +191,7 @@ int SSL_SESSION_print_keylog(BIO *bp, co
/*
* the RSA prefix is required by the format's definition although there's
@@ -169458,8 +168050,6 @@
* the cipher suite is based on RSA
*/
if (BIO_puts(bp, "RSA ") <= 0)
-diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c
-index 335cf0d..09e76d1 100644
--- a/ssl/ssl_utst.c
+++ b/ssl/ssl_utst.c
@@ -1,55 +1,10 @@
@@ -169523,8 +168113,6 @@
*/
#include "ssl_locl.h"
-diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
-index 08ae21a..28483e7 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -1,58 +1,10 @@
@@ -169591,7 +168179,7 @@
*/
#include <openssl/rand.h>
-@@ -368,19 +320,23 @@ static int state_machine(SSL *s, int server)
+@@ -368,19 +320,23 @@ static int state_machine(SSL *s, int ser
*/
s->s3->change_cipher_spec = 0;
@@ -169625,17 +168213,54 @@
}
if (server) {
-@@ -548,7 +504,6 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
- while(1) {
- switch(st->read_state) {
+@@ -424,8 +380,8 @@ static int state_machine(SSL *s, int ser
+ st->read_state_first_init = 1;
+ }
+
+- while(st->state != MSG_FLOW_FINISHED) {
+- if(st->state == MSG_FLOW_READING) {
++ while (st->state != MSG_FLOW_FINISHED) {
++ if (st->state == MSG_FLOW_READING) {
+ ssret = read_state_machine(s);
+ if (ssret == SUB_STATE_FINISHED) {
+ st->state = MSG_FLOW_WRITING;
+@@ -528,7 +484,7 @@ static SUB_STATE_RETURN read_state_machi
+
+ cb = get_callback(s);
+
+- if(s->server) {
++ if (s->server) {
+ transition = ossl_statem_server_read_transition;
+ process_message = ossl_statem_server_process_message;
+ max_message_size = ossl_statem_server_max_message_size;
+@@ -545,10 +501,9 @@ static SUB_STATE_RETURN read_state_machi
+ st->read_state_first_init = 0;
+ }
+
+- while(1) {
+- switch(st->read_state) {
++ while (1) {
++ switch (st->read_state) {
case READ_STATE_HEADER:
- s->init_num = 0;
/* Get the state the peer wants to move to */
if (SSL_IS_DTLS(s)) {
/*
-@@ -607,6 +562,10 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
+@@ -575,9 +530,8 @@ static SUB_STATE_RETURN read_state_machi
+ * Validate that we are allowed to move to the new state and move
+ * to that state if so
+ */
+- if(!transition(s, mt)) {
+- ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
+- SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);
++ if (!transition(s, mt)) {
++ ossl_statem_set_error(s);
return SUB_STATE_ERROR;
}
+
+@@ -607,6 +561,10 @@ static SUB_STATE_RETURN read_state_machi
+ return SUB_STATE_ERROR;
+ }
ret = process_message(s, &pkt);
+
+ /* Discard the packet data */
@@ -169644,8 +168269,71 @@
if (ret == MSG_PROCESS_ERROR) {
return SUB_STATE_ERROR;
}
-diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
-index 263a395..e2aef15 100644
+@@ -628,7 +586,7 @@ static SUB_STATE_RETURN read_state_machi
+
+ case READ_STATE_POST_PROCESS:
+ st->read_state_work = post_process_message(s, st->read_state_work);
+- switch(st->read_state_work) {
++ switch (st->read_state_work) {
+ default:
+ return SUB_STATE_ERROR;
+
+@@ -725,7 +683,7 @@ static SUB_STATE_RETURN write_state_mach
+
+ cb = get_callback(s);
+
+- if(s->server) {
++ if (s->server) {
+ transition = ossl_statem_server_write_transition;
+ pre_work = ossl_statem_server_pre_work;
+ post_work = ossl_statem_server_post_work;
+@@ -737,8 +695,8 @@ static SUB_STATE_RETURN write_state_mach
+ construct_message = ossl_statem_client_construct_message;
+ }
+
+- while(1) {
+- switch(st->write_state) {
++ while (1) {
++ switch (st->write_state) {
+ case WRITE_STATE_TRANSITION:
+ if (cb != NULL) {
+ /* Notify callback of an impending state change */
+@@ -747,7 +705,7 @@ static SUB_STATE_RETURN write_state_mach
+ else
+ cb(s, SSL_CB_CONNECT_LOOP, 1);
+ }
+- switch(transition(s)) {
++ switch (transition(s)) {
+ case WRITE_TRAN_CONTINUE:
+ st->write_state = WRITE_STATE_PRE_WORK;
+ st->write_state_work = WORK_MORE_A;
+@@ -763,7 +721,7 @@ static SUB_STATE_RETURN write_state_mach
+ break;
+
+ case WRITE_STATE_PRE_WORK:
+- switch(st->write_state_work = pre_work(s, st->write_state_work)) {
++ switch (st->write_state_work = pre_work(s, st->write_state_work)) {
+ default:
+ return SUB_STATE_ERROR;
+
+@@ -774,7 +732,7 @@ static SUB_STATE_RETURN write_state_mach
+ case WORK_FINISHED_STOP:
+ return SUB_STATE_END_HANDSHAKE;
+ }
+- if(construct_message(s) == 0)
++ if (construct_message(s) == 0)
+ return SUB_STATE_ERROR;
+
+ /* Fall through */
+@@ -792,7 +750,7 @@ static SUB_STATE_RETURN write_state_mach
+ /* Fall through */
+
+ case WRITE_STATE_POST_WORK:
+- switch(st->write_state_work = post_work(s, st->write_state_work)) {
++ switch (st->write_state_work = post_work(s, st->write_state_work)) {
+ default:
+ return SUB_STATE_ERROR;
+
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -1,60 +1,15 @@
@@ -169716,8 +168404,6 @@
* non-state machine code should need to use these *
* *
*****************************************************************************/
-diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
-index 5b53b86..9fae190 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1,112 +1,12 @@
@@ -169840,7 +168526,51 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -341,9 +241,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
+@@ -190,7 +90,6 @@ static ossl_inline int cert_req_allowed(
+ * Return values are:
+ * 1: Yes
+ * 0: No
+- * -1: Error
+ */
+ static int key_exchange_expected(SSL *s)
+ {
+@@ -274,8 +173,6 @@ int ossl_statem_client_read_transition(S
+ }
+ } else {
+ ske_expected = key_exchange_expected(s);
+- if (ske_expected < 0)
+- return 0;
+ /* SKE is optional for some PSK ciphersuites */
+ if (ske_expected
+ || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+@@ -309,8 +206,6 @@ int ossl_statem_client_read_transition(S
+
+ case TLS_ST_CR_CERT_STATUS:
+ ske_expected = key_exchange_expected(s);
+- if (ske_expected < 0)
+- return 0;
+ /* SKE is optional for some PSK ciphersuites */
+ if (ske_expected
+ || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+@@ -319,7 +214,7 @@ int ossl_statem_client_read_transition(S
+ st->hand_state = TLS_ST_CR_KEY_EXCH;
+ return 1;
+ }
+- return 0;
++ goto err;
+ }
+ /* Fall through */
+
+@@ -329,7 +224,7 @@ int ossl_statem_client_read_transition(S
+ st->hand_state = TLS_ST_CR_CERT_REQ;
+ return 1;
+ }
+- return 0;
++ goto err;
+ }
+ /* Fall through */
+
+@@ -341,9 +236,11 @@ int ossl_statem_client_read_transition(S
break;
case TLS_ST_CW_FINISHED:
@@ -169855,7 +168585,18 @@
} else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
st->hand_state = TLS_ST_CR_CHANGE;
return 1;
-@@ -489,7 +391,10 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
+@@ -368,7 +265,10 @@ int ossl_statem_client_read_transition(S
+ break;
+ }
+
++ err:
+ /* No valid transition found */
++ ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
++ SSLerr(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
+ return 0;
+ }
+
+@@ -489,13 +389,13 @@ WORK_STATE ossl_statem_client_pre_work(S
s->shutdown = 0;
if (SSL_IS_DTLS(s)) {
/* every DTLS ClientHello resets Finished MAC */
@@ -169867,7 +168608,13 @@
}
break;
-@@ -535,20 +440,9 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+- case TLS_ST_CW_CERT:
+- return tls_prepare_client_certificate(s, wst);
+-
+ case TLS_ST_CW_CHANGE:
+ if (SSL_IS_DTLS(s)) {
+ if (s->hit) {
+@@ -535,20 +435,9 @@ WORK_STATE ossl_statem_client_post_work(
switch(st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
@@ -169890,7 +168637,17 @@
if (SSL_IS_DTLS(s)) {
/* Treat the next message as the first packet */
s->first_packet = 1;
-@@ -870,7 +764,7 @@ int tls_construct_client_hello(SSL *s)
+@@ -771,6 +660,9 @@ WORK_STATE ossl_statem_client_post_proce
+ OSSL_STATEM *st = &s->statem;
+
+ switch(st->hand_state) {
++ case TLS_ST_CR_CERT_REQ:
++ return tls_prepare_client_certificate(s, wst);
++
+ #ifndef OPENSSL_NO_SCTP
+ case TLS_ST_CR_SRVR_DONE:
+ /* We only get here if we are using SCTP and we are renegotiating */
+@@ -870,7 +762,7 @@ int tls_construct_client_hello(SSL *s)
* 1. Client hello indicates TLS 1.2
* 2. Server hello says TLS 1.0
* 3. RSA encrypted premaster secret uses 1.2.
@@ -169899,7 +168656,7 @@
* 5. Server sends hello request to renegotiate.
* 6. Client hello indicates TLS v1.0 as we now
* know that is maximum server supports.
-@@ -1122,6 +1016,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+@@ -1122,6 +1014,7 @@ MSG_PROCESS_RETURN tls_process_server_he
* overwritten if the server refuses resumption.
*/
if (s->session->session_id_length > 0) {
@@ -169907,7 +168664,7 @@
if (!ssl_get_new_session(s, 0)) {
goto f_err;
}
-@@ -1350,7 +1245,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+@@ -1350,7 +1243,7 @@ MSG_PROCESS_RETURN tls_process_server_ce
s->session->peer_chain = sk;
/*
* Inconsistency alert: cert_chain does include the peer's certificate,
@@ -169916,122 +168673,1567 @@
*/
x = sk_X509_value(sk, 0);
sk = NULL;
-@@ -1525,9 +1420,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
- #ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
- PACKET prime, generator, pub_key;
-+ EVP_PKEY *peer_tmp = NULL;
+@@ -1409,276 +1302,319 @@ MSG_PROCESS_RETURN tls_process_server_ce
+ return ret;
+ }
+-MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
++static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
+ {
+- EVP_MD_CTX *md_ctx;
+- int al, j;
+- long alg_k, alg_a;
+- EVP_PKEY *pkey = NULL;
+- const EVP_MD *md = NULL;
+-#ifndef OPENSSL_NO_RSA
+- RSA *rsa = NULL;
+-#endif
+-#ifndef OPENSSL_NO_EC
+- EVP_PKEY_CTX *pctx = NULL;
++#ifndef OPENSSL_NO_PSK
++ PACKET psk_identity_hint;
++
++ /* PSK ciphersuites are preceded by an identity hint */
++
++ if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH);
++ return 0;
++ }
++
++ /*
++ * Store PSK identity hint for later use, hint is used in
++ * tls_construct_client_key_exchange. Assume that the maximum length of
++ * a PSK identity hint can be as long as the maximum length of a PSK
++ * identity.
++ */
++ if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG);
++ return 0;
++ }
++
++ if (PACKET_remaining(&psk_identity_hint) == 0) {
++ OPENSSL_free(s->session->psk_identity_hint);
++ s->session->psk_identity_hint = NULL;
++ } else if (!PACKET_strndup(&psk_identity_hint,
++ &s->session->psk_identity_hint)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
++ }
++
++ return 1;
++#else
++ SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
+- PACKET save_param_start, signature;
++}
+
+- md_ctx = EVP_MD_CTX_new();
+- if (md_ctx == NULL) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+- goto f_err;
++static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
++{
++#ifndef OPENSSL_NO_SRP
++ PACKET prime, generator, salt, server_pub;
++
++ if (!PACKET_get_length_prefixed_2(pkt, &prime)
++ || !PACKET_get_length_prefixed_2(pkt, &generator)
++ || !PACKET_get_length_prefixed_1(pkt, &salt)
++ || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_LENGTH_MISMATCH);
++ return 0;
+ }
+
+- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
++ if ((s->srp_ctx.N =
++ BN_bin2bn(PACKET_data(&prime),
++ PACKET_remaining(&prime), NULL)) == NULL
++ || (s->srp_ctx.g =
++ BN_bin2bn(PACKET_data(&generator),
++ PACKET_remaining(&generator), NULL)) == NULL
++ || (s->srp_ctx.s =
++ BN_bin2bn(PACKET_data(&salt),
++ PACKET_remaining(&salt), NULL)) == NULL
++ || (s->srp_ctx.B =
++ BN_bin2bn(PACKET_data(&server_pub),
++ PACKET_remaining(&server_pub), NULL)) == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB);
++ return 0;
++ }
+
+- save_param_start = *pkt;
++ if (!srp_verify_server_param(s, al)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
++ return 0;
++ }
+
+-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+- EVP_PKEY_free(s->s3->peer_tmp);
+- s->s3->peer_tmp = NULL;
++ /* We must check if there is a certificate */
++ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS))
++ *pkey = X509_get0_pubkey(s->session->peer);
++
++ return 1;
++#else
++ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
++}
+
+- alg_a = s->s3->tmp.new_cipher->algorithm_auth;
++static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
++{
++#ifndef OPENSSL_NO_DH
++ PACKET prime, generator, pub_key;
++ EVP_PKEY *peer_tmp = NULL;
+
+- al = SSL_AD_DECODE_ERROR;
++ DH *dh = NULL;
++ BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
+
+-#ifndef OPENSSL_NO_PSK
+- /* PSK ciphersuites are preceded by an identity hint */
+- if (alg_k & SSL_PSK) {
+- PACKET psk_identity_hint;
+- if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
++ if (!PACKET_get_length_prefixed_2(pkt, &prime)
++ || !PACKET_get_length_prefixed_2(pkt, &generator)
++ || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_LENGTH_MISMATCH);
++ return 0;
++ }
+
+- /*
+- * Store PSK identity hint for later use, hint is used in
+- * ssl3_send_client_key_exchange. Assume that the maximum length of
+- * a PSK identity hint can be as long as the maximum length of a PSK
+- * identity.
+- */
+- if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);
+- goto f_err;
+- }
++ peer_tmp = EVP_PKEY_new();
++ dh = DH_new();
+
+- if (PACKET_remaining(&psk_identity_hint) == 0) {
+- OPENSSL_free(s->session->psk_identity_hint);
+- s->session->psk_identity_hint = NULL;
+- } else if (!PACKET_strndup(&psk_identity_hint,
+- &s->session->psk_identity_hint)) {
+- al = SSL_AD_INTERNAL_ERROR;
+- goto f_err;
+- }
++ if (peer_tmp == NULL || dh == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_MALLOC_FAILURE);
++ goto err;
+ }
+
+- /* Nothing else to do for plain PSK or RSAPSK */
+- if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
+- } else
+-#endif /* !OPENSSL_NO_PSK */
+- /*
+- * Dummy "if" to ensure sane C code in the event of various OPENSSL_NO_*
+- * options
+- */
+- if (0) {
++ p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
++ g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator),
++ NULL);
++ bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
++ NULL);
++ if (p == NULL || g == NULL || bnpub_key == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
++ goto err;
+ }
+-#ifndef OPENSSL_NO_SRP
+- else if (alg_k & SSL_kSRP) {
+- PACKET prime, generator, salt, server_pub;
+- if (!PACKET_get_length_prefixed_2(pkt, &prime)
+- || !PACKET_get_length_prefixed_2(pkt, &generator)
+- || !PACKET_get_length_prefixed_1(pkt, &salt)
+- || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
+
+- if ((s->srp_ctx.N =
+- BN_bin2bn(PACKET_data(&prime),
+- PACKET_remaining(&prime), NULL)) == NULL
+- || (s->srp_ctx.g =
+- BN_bin2bn(PACKET_data(&generator),
+- PACKET_remaining(&generator), NULL)) == NULL
+- || (s->srp_ctx.s =
+- BN_bin2bn(PACKET_data(&salt),
+- PACKET_remaining(&salt), NULL)) == NULL
+- || (s->srp_ctx.B =
+- BN_bin2bn(PACKET_data(&server_pub),
+- PACKET_remaining(&server_pub), NULL)) == NULL) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
+- goto err;
+- }
++ if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);
++ goto err;
++ }
+
+- if (!srp_verify_server_param(s, &al)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS);
+- goto f_err;
+- }
++ if (!DH_set0_pqg(dh, p, NULL, g)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
++ goto err;
++ }
++ p = g = NULL;
+
+-/* We must check if there is a certificate */
+- if (alg_a & (SSL_aRSA|SSL_aDSS))
+- pkey = X509_get0_pubkey(s->session->peer);
++ if (!DH_set0_key(dh, bnpub_key, NULL)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
++ goto err;
+ }
+-#endif /* !OPENSSL_NO_SRP */
+-#ifndef OPENSSL_NO_DH
+- else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+- PACKET prime, generator, pub_key;
++ bnpub_key = NULL;
+
- DH *dh;
- BIGNUM *p, *g, *bnpub_key;
-+ DH *dh = NULL;
-+ BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
++ if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_DH_KEY_TOO_SMALL);
++ goto err;
++ }
- if (!PACKET_get_length_prefixed_2(pkt, &prime)
- || !PACKET_get_length_prefixed_2(pkt, &generator)
-@@ -1536,19 +1432,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
- goto f_err;
- }
+- if (!PACKET_get_length_prefixed_2(pkt, &prime)
+- || !PACKET_get_length_prefixed_2(pkt, &generator)
+- || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
++ if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB);
++ goto err;
++ }
- s->s3->peer_tmp = EVP_PKEY_new();
-+ peer_tmp = EVP_PKEY_new();
- dh = DH_new();
+- dh = DH_new();
++ s->s3->peer_tmp = peer_tmp;
- if (s->s3->peer_tmp == NULL || dh == NULL) {
-+ if (peer_tmp == NULL || dh == NULL) {
-+ al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- DH_free(dh);
- goto err;
- }
--
++ /*
++ * FIXME: This makes assumptions about which ciphersuites come with
++ * public keys. We should have a less ad-hoc way of doing this
++ */
++ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS))
++ *pkey = X509_get0_pubkey(s->session->peer);
++ /* else anonymous DH, so no certificate or pkey. */
+
- if (EVP_PKEY_assign_DH(s->s3->peer_tmp, dh) == 0) {
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
- DH_free(dh);
- goto err;
-+ goto dherr;
- }
+- }
++ return 1;
- p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
-@@ -1558,39 +1448,53 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
- NULL);
- if (p == NULL || g == NULL || bnpub_key == NULL) {
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
+- p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
+- g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator),
+- NULL);
+- bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
+- NULL);
+- if (p == NULL || g == NULL || bnpub_key == NULL) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
- BN_free(p);
- BN_free(g);
- BN_free(bnpub_key);
- goto err;
-+ goto dherr;
- }
+- }
++ err:
++ BN_free(p);
++ BN_free(g);
++ BN_free(bnpub_key);
++ DH_free(dh);
++ EVP_PKEY_free(peer_tmp);
- if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) {
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE);
+- if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE);
- BN_free(p);
- BN_free(g);
- BN_free(bnpub_key);
- goto f_err;
-+ goto dherr;
- }
+- }
++ return 0;
++#else
++ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
++#endif
++}
- if (!DH_set0_pqg(dh, p, NULL, g)) {
-+ al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
+- if (!DH_set0_pqg(dh, p, NULL, g)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
- BN_free(p);
- BN_free(g);
- BN_free(bnpub_key);
- goto err;
-+ goto dherr;
- }
+- }
++static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
++{
++#ifndef OPENSSL_NO_EC
++ PACKET encoded_pt;
++ const unsigned char *ecparams;
++ int curve_nid;
++ EVP_PKEY_CTX *pctx = NULL;
- if (!DH_set0_key(dh, bnpub_key, NULL)) {
-+ al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
+- if (!DH_set0_key(dh, bnpub_key, NULL)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
- BN_free(bnpub_key);
- goto err;
-+ goto dherr;
+- }
++ /*
++ * Extract elliptic curve parameters and the server's ephemeral ECDH
++ * public key. For now we only support named (not generic) curves and
++ * ECParameters in this case is just three bytes.
++ */
++ if (!PACKET_get_bytes(pkt, &ecparams, 3)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_TOO_SHORT);
++ return 0;
++ }
++ /*
++ * Check curve is one of our preferences, if not server has sent an
++ * invalid curve. ECParameters is 3 bytes.
++ */
++ if (!tls1_check_curve(s, ecparams, 3)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_WRONG_CURVE);
++ return 0;
++ }
+
+- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
+- goto f_err;
+- }
+- if (alg_a & (SSL_aRSA|SSL_aDSS))
+- pkey = X509_get0_pubkey(s->session->peer);
+- /* else anonymous DH, so no certificate or pkey. */
++ curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2));
++ if (curve_nid == 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
++ SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
++ return 0;
+ }
+-#endif /* !OPENSSL_NO_DH */
+
+-#ifndef OPENSSL_NO_EC
+- else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+- PACKET encoded_pt;
+- const unsigned char *ecparams;
+- int curve_nid;
++ /* Set up EVP_PKEY with named curve as parameters */
++ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
++ if (pctx == NULL
++ || EVP_PKEY_paramgen_init(pctx) <= 0
++ || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
++ || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
++ EVP_PKEY_CTX_free(pctx);
++ return 0;
++ }
++ EVP_PKEY_CTX_free(pctx);
++ pctx = NULL;
+
+- /*
+- * Extract elliptic curve parameters and the server's ephemeral ECDH
+- * public key. For now we only support named (not generic) curves and
+- * ECParameters in this case is just three bytes.
+- */
+- if (!PACKET_get_bytes(pkt, &ecparams, 3)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+- goto f_err;
+- }
+- /*
+- * Check curve is one of our preferences, if not server has sent an
+- * invalid curve. ECParameters is 3 bytes.
+- */
+- if (!tls1_check_curve(s, ecparams, 3)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
+- goto f_err;
+- }
++ if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH);
++ return 0;
++ }
+
+- curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2));
+- if (curve_nid == 0) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+- SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+- goto f_err;
+- }
++ if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp),
++ PACKET_data(&encoded_pt),
++ PACKET_remaining(&encoded_pt), NULL) == 0) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_BAD_ECPOINT);
++ return 0;
++ }
+
+- /* Set up EVP_PKEY with named curve as parameters */
+- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+- if (pctx == NULL
+- || EVP_PKEY_paramgen_init(pctx) <= 0
+- || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
+- || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+- goto f_err;
+- }
+- EVP_PKEY_CTX_free(pctx);
+- pctx = NULL;
++ /*
++ * The ECC/TLS specification does not mention the use of DSA to sign
++ * ECParameters in the server key exchange message. We do support RSA
++ * and ECDSA.
++ */
++ if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
++ *pkey = X509_get0_pubkey(s->session->peer);
++ else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
++ *pkey = X509_get0_pubkey(s->session->peer);
++ /* else anonymous ECDH, so no certificate or pkey. */
+
+- if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
++ return 1;
++#else
++ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
++#endif
++}
+
+- if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp),
+- PACKET_data(&encoded_pt),
+- PACKET_remaining(&encoded_pt), NULL) == 0) {
+- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
+- goto f_err;
+- }
++MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
++{
++ int al = -1;
++ long alg_k;
++ EVP_PKEY *pkey = NULL;
++ PACKET save_param_start, signature;
+
+- /*
+- * The ECC/TLS specification does not mention the use of DSA to sign
+- * ECParameters in the server key exchange message. We do support RSA
+- * and ECDSA.
+- */
+- if (0) ;
+-# ifndef OPENSSL_NO_RSA
+- else if (alg_a & SSL_aRSA)
+- pkey = X509_get0_pubkey(s->session->peer);
+-# endif
+-# ifndef OPENSSL_NO_EC
+- else if (alg_a & SSL_aECDSA)
+- pkey = X509_get0_pubkey(s->session->peer);
+-# endif
+- /* else anonymous ECDH, so no certificate or pkey. */
++ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
++
++ save_param_start = *pkt;
++
++ EVP_PKEY_free(s->s3->peer_tmp);
++ s->s3->peer_tmp = NULL;
++
++ if (alg_k & SSL_PSK) {
++ if (!tls_process_ske_psk_preamble(s, pkt, &al))
++ goto err;
++ }
++
++ /* Nothing else to do for plain PSK or RSAPSK */
++ if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
++ } else if (alg_k & SSL_kSRP) {
++ if (!tls_process_ske_srp(s, pkt, &pkey, &al))
++ goto err;
++ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
++ if (!tls_process_ske_dhe(s, pkt, &pkey, &al))
++ goto err;
++ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
++ if (!tls_process_ske_ecdhe(s, pkt, &pkey, &al))
++ goto err;
+ } else if (alg_k) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+- goto f_err;
++ goto err;
+ }
+-#endif /* !OPENSSL_NO_EC */
+
+ /* if it was signed, check the signature */
+ if (pkey != NULL) {
+ PACKET params;
++ int maxsig;
++ const EVP_MD *md = NULL;
++ EVP_MD_CTX *md_ctx;
++
+ /*
+ * |pkt| now points to the beginning of the signature, so the difference
+ * equals the length of the parameters.
+@@ -1688,21 +1624,24 @@ MSG_PROCESS_RETURN tls_process_key_excha
+ PACKET_remaining(pkt))) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
++ goto err;
}
- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
+ if (SSL_USE_SIGALGS(s)) {
+ const unsigned char *sigalgs;
+ int rv;
+ if (!PACKET_get_bytes(pkt, &sigalgs, 2)) {
++ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+- goto f_err;
++ goto err;
+ }
+ rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey);
+- if (rv == -1)
++ if (rv == -1) {
++ al = SSL_AD_INTERNAL_ERROR;
++ goto err;
++ } else if (rv == 0) {
++ al = SSL_AD_DECODE_ERROR;
+ goto err;
+- else if (rv == 0) {
+- goto f_err;
+ }
+ #ifdef SSL_DEBUG
+ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+@@ -1715,23 +1654,34 @@ MSG_PROCESS_RETURN tls_process_key_excha
+
+ if (!PACKET_get_length_prefixed_2(pkt, &signature)
+ || PACKET_remaining(pkt) != 0) {
++ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
- goto f_err;
-+ goto dherr;
++ goto err;
}
-+
-+ if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
+- j = EVP_PKEY_size(pkey);
+- if (j < 0) {
++ maxsig = EVP_PKEY_size(pkey);
++ if (maxsig < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
-+ goto dherr;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
++ goto err;
+ }
+
+ /*
+ * Check signature length
+ */
+- if (PACKET_remaining(&signature) > (size_t)j) {
++ if (PACKET_remaining(&signature) > (size_t)maxsig) {
+ /* wrong packet length */
++ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
+- goto f_err;
++ goto err;
+ }
+
-+ s->s3->peer_tmp = peer_tmp;
++ md_ctx = EVP_MD_CTX_new();
++ if (md_ctx == NULL) {
++ al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
++ goto err;
+ }
+
-+ goto dhend;
-+ dherr:
-+ BN_free(p);
-+ BN_free(g);
-+ BN_free(bnpub_key);
-+ DH_free(dh);
-+ EVP_PKEY_free(peer_tmp);
-+ goto f_err;
-+ dhend:
-+ /*
-+ * FIXME: This makes assumptions about which ciphersuites come with
-+ * public keys. We should have a less ad-hoc way of doing this
-+ */
- if (alg_a & (SSL_aRSA|SSL_aDSS))
- pkey = X509_get0_pubkey(s->session->peer);
- /* else anonymous DH, so no certificate or pkey. */
-@@ -2274,7 +2178,7 @@ psk_err:
- #ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
- DH *dh_clnt = NULL;
+ if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
+ || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+@@ -1739,44 +1689,46 @@ MSG_PROCESS_RETURN tls_process_key_excha
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_VerifyUpdate(md_ctx, PACKET_data(¶ms),
+ PACKET_remaining(¶ms)) <= 0) {
++ EVP_MD_CTX_free(md_ctx);
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+- goto f_err;
++ goto err;
+ }
+ if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
+ PACKET_remaining(&signature), pkey) <= 0) {
+ /* bad signature */
++ EVP_MD_CTX_free(md_ctx);
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+- goto f_err;
++ goto err;
+ }
++ EVP_MD_CTX_free(md_ctx);
+ } else {
+ /* aNULL, aSRP or PSK do not need public keys */
+- if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_PSK)) {
++ if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
++ && !(alg_k & SSL_PSK)) {
+ /* Might be wrong key type, check it */
+- if (ssl3_check_cert_and_algorithm(s))
++ if (ssl3_check_cert_and_algorithm(s)) {
+ /* Otherwise this shouldn't happen */
++ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
++ } else {
++ al = SSL_AD_DECODE_ERROR;
++ }
+ goto err;
+ }
+ /* still data left over */
+ if (PACKET_remaining(pkt) != 0) {
++ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
+- goto f_err;
++ goto err;
+ }
+ }
+- EVP_MD_CTX_free(md_ctx);
++
+ return MSG_PROCESS_CONTINUE_READING;
+- f_err:
+- ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+-#ifndef OPENSSL_NO_RSA
+- RSA_free(rsa);
+-#endif
+-#ifndef OPENSSL_NO_EC
+- EVP_PKEY_CTX_free(pctx);
+-#endif
+- EVP_MD_CTX_free(md_ctx);
++ if (al != -1)
++ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ ossl_statem_set_error(s);
+ return MSG_PROCESS_ERROR;
+ }
+@@ -1893,7 +1845,7 @@ MSG_PROCESS_RETURN tls_process_certifica
+ s->s3->tmp.ca_names = ca_sk;
+ ca_sk = NULL;
+
+- ret = MSG_PROCESS_CONTINUE_READING;
++ ret = MSG_PROCESS_CONTINUE_PROCESSING;
+ goto done;
+ err:
+ ossl_statem_set_error(s);
+@@ -1935,16 +1887,9 @@ MSG_PROCESS_RETURN tls_process_new_sessi
+ */
+ if (i & SSL_SESS_CACHE_CLIENT) {
+ /*
+- * Remove the old session from the cache
++ * Remove the old session from the cache. We carry on if this fails
+ */
+- if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+- if (s->session_ctx->remove_session_cb != NULL)
+- s->session_ctx->remove_session_cb(s->session_ctx,
+- s->session);
+- } else {
+- /* We carry on if this fails */
+- SSL_CTX_remove_session(s->session_ctx, s->session);
+- }
++ SSL_CTX_remove_session(s->session_ctx, s->session);
+ }
+
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+@@ -1984,9 +1929,12 @@ MSG_PROCESS_RETURN tls_process_new_sessi
+ * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+ * SHA256 is disabled) hash of the ticket.
+ */
+- EVP_Digest(s->session->tlsext_tick, ticklen,
+- s->session->session_id, &s->session->session_id_length,
+- EVP_sha256(), NULL);
++ if (!EVP_Digest(s->session->tlsext_tick, ticklen,
++ s->session->session_id, &s->session->session_id_length,
++ EVP_sha256(), NULL)) {
++ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
++ goto err;
++ }
+ return MSG_PROCESS_CONTINUE_READING;
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+@@ -2105,426 +2053,483 @@ MSG_PROCESS_RETURN tls_process_server_do
+ return MSG_PROCESS_FINISHED_READING;
+ }
+
+-int tls_construct_client_key_exchange(SSL *s)
++static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
++ size_t *pskhdrlen, int *al)
+ {
+- unsigned char *p;
+- int n;
+ #ifndef OPENSSL_NO_PSK
+- size_t pskhdrlen = 0;
++ int ret = 0;
++ /*
++ * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
++ * \0-terminated identity. The last byte is for us for simulating
++ * strnlen.
++ */
++ char identity[PSK_MAX_IDENTITY_LEN + 1];
++ size_t identitylen = 0;
++ unsigned char psk[PSK_MAX_PSK_LEN];
++ unsigned char *tmppsk = NULL;
++ char *tmpidentity = NULL;
++ size_t psklen = 0;
++
++ if (s->psk_client_callback == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_CLIENT_CB);
++ *al = SSL_AD_INTERNAL_ERROR;
++ goto err;
++ }
++
++ memset(identity, 0, sizeof(identity));
++
++ psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
++ identity, sizeof(identity) - 1,
++ psk, sizeof(psk));
++
++ if (psklen > PSK_MAX_PSK_LEN) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ goto err;
++ } else if (psklen == 0) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
++ SSL_R_PSK_IDENTITY_NOT_FOUND);
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ goto err;
++ }
++
++ identitylen = strlen(identity);
++ if (identitylen > PSK_MAX_IDENTITY_LEN) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ goto err;
++ }
++
++ tmppsk = OPENSSL_memdup(psk, psklen);
++ tmpidentity = OPENSSL_strdup(identity);
++ if (tmppsk == NULL || tmpidentity == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
++ *al = SSL_AD_INTERNAL_ERROR;
++ goto err;
++ }
++
++ OPENSSL_free(s->s3->tmp.psk);
++ s->s3->tmp.psk = tmppsk;
++ s->s3->tmp.psklen = psklen;
++ tmppsk = NULL;
++ OPENSSL_free(s->session->psk_identity);
++ s->session->psk_identity = tmpidentity;
++ tmpidentity = NULL;
++ s2n(identitylen, *p);
++ memcpy(*p, identity, identitylen);
++ *pskhdrlen = 2 + identitylen;
++ *p += identitylen;
++
++ ret = 1;
++
++ err:
++ OPENSSL_cleanse(psk, psklen);
++ OPENSSL_cleanse(identity, sizeof(identity));
++ OPENSSL_clear_free(tmppsk, psklen);
++ OPENSSL_clear_free(tmpidentity, identitylen);
++
++ return ret;
++#else
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
+- unsigned long alg_k;
++}
++
++static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
++{
+ #ifndef OPENSSL_NO_RSA
+ unsigned char *q;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
+-#endif
+-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+- EVP_PKEY *ckey = NULL, *skey = NULL;
+-#endif
+-#ifndef OPENSSL_NO_EC
+- unsigned char *encodedPoint = NULL;
+- int encoded_pt_len = 0;
+-#endif
++ size_t enclen;
+ unsigned char *pms = NULL;
+ size_t pmslen = 0;
+- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+-
+- p = ssl_handshake_start(s);
+
+-
+-#ifndef OPENSSL_NO_PSK
+- if (alg_k & SSL_PSK) {
+- int psk_err = 1;
++ if (s->session->peer == NULL) {
+ /*
+- * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+- * \0-terminated identity. The last byte is for us for simulating
+- * strnlen.
++ * We should always have a server certificate with SSL_kRSA.
+ */
+- char identity[PSK_MAX_IDENTITY_LEN + 1];
+- size_t identitylen;
+- unsigned char psk[PSK_MAX_PSK_LEN];
+- size_t psklen;
+-
+- if (s->psk_client_callback == NULL) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- SSL_R_PSK_NO_CLIENT_CB);
+- goto err;
+- }
+-
+- memset(identity, 0, sizeof(identity));
+-
+- psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
+- identity, sizeof(identity) - 1,
+- psk, sizeof(psk));
+-
+- if (psklen > PSK_MAX_PSK_LEN) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto psk_err;
+- } else if (psklen == 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- SSL_R_PSK_IDENTITY_NOT_FOUND);
+- goto psk_err;
+- }
+- OPENSSL_free(s->s3->tmp.psk);
+- s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+- OPENSSL_cleanse(psk, psklen);
+-
+- if (s->s3->tmp.psk == NULL) {
+- OPENSSL_cleanse(identity, sizeof(identity));
+- goto memerr;
+- }
+-
+- s->s3->tmp.psklen = psklen;
+- identitylen = strlen(identity);
+- if (identitylen > PSK_MAX_IDENTITY_LEN) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto psk_err;
+- }
+- OPENSSL_free(s->session->psk_identity);
+- s->session->psk_identity = OPENSSL_strdup(identity);
+- if (s->session->psk_identity == NULL) {
+- OPENSSL_cleanse(identity, sizeof(identity));
+- goto memerr;
+- }
+-
+- s2n(identitylen, p);
+- memcpy(p, identity, identitylen);
+- pskhdrlen = 2 + identitylen;
+- p += identitylen;
+- psk_err = 0;
+-psk_err:
+- OPENSSL_cleanse(identity, sizeof(identity));
+- if (psk_err != 0) {
+- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+- goto err;
+- }
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
++ return 0;
+ }
+- if (alg_k & SSL_kPSK) {
+- n = 0;
+- } else
+-#endif
+
+- /* Fool emacs indentation */
+- if (0) {
++ pkey = X509_get0_pubkey(s->session->peer);
++ if (EVP_PKEY_get0_RSA(pkey) == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
++ return 0;
+ }
+-#ifndef OPENSSL_NO_RSA
+- else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+- size_t enclen;
+- pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+- pms = OPENSSL_malloc(pmslen);
+- if (pms == NULL)
+- goto memerr;
+
+- if (s->session->peer == NULL) {
+- /*
+- * We should always have a server certificate with SSL_kRSA.
+- */
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
+-
+- pkey = X509_get0_pubkey(s->session->peer);
+- if (EVP_PKEY_get0_RSA(pkey) == NULL) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
++ pmslen = SSL_MAX_MASTER_KEY_LENGTH;
++ pms = OPENSSL_malloc(pmslen);
++ if (pms == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
++ }
+
+- pms[0] = s->client_version >> 8;
+- pms[1] = s->client_version & 0xff;
+- if (RAND_bytes(pms + 2, pmslen - 2) <= 0)
+- goto err;
++ pms[0] = s->client_version >> 8;
++ pms[1] = s->client_version & 0xff;
++ if (RAND_bytes(pms + 2, pmslen - 2) <= 0) {
++ goto err;
++ }
+
+- q = p;
+- /* Fix buf for TLS and beyond */
+- if (s->version > SSL3_VERSION)
+- p += 2;
+- pctx = EVP_PKEY_CTX_new(pkey, NULL);
+- if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
+- || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_EVP_LIB);
+- goto err;
+- }
+- if (EVP_PKEY_encrypt(pctx, p, &enclen, pms, pmslen) <= 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- SSL_R_BAD_RSA_ENCRYPT);
+- goto err;
+- }
+- n = enclen;
+- EVP_PKEY_CTX_free(pctx);
+- pctx = NULL;
++ q = *p;
++ /* Fix buf for TLS and beyond */
++ if (s->version > SSL3_VERSION)
++ *p += 2;
++ pctx = EVP_PKEY_CTX_new(pkey, NULL);
++ if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
++ || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB);
++ goto err;
++ }
++ if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT);
++ goto err;
++ }
++ *len = enclen;
++ EVP_PKEY_CTX_free(pctx);
++ pctx = NULL;
+ # ifdef PKCS1_CHECK
+- if (s->options & SSL_OP_PKCS1_CHECK_1)
+- p[1]++;
+- if (s->options & SSL_OP_PKCS1_CHECK_2)
+- tmp_buf[0] = 0x70;
++ if (s->options & SSL_OP_PKCS1_CHECK_1)
++ (*p)[1]++;
++ if (s->options & SSL_OP_PKCS1_CHECK_2)
++ tmp_buf[0] = 0x70;
+ # endif
+
+- /* Fix buf for TLS and beyond */
+- if (s->version > SSL3_VERSION) {
+- s2n(n, q);
+- n += 2;
+- }
++ /* Fix buf for TLS and beyond */
++ if (s->version > SSL3_VERSION) {
++ s2n(*len, q);
++ *len += 2;
+ }
++
++ s->s3->tmp.pms = pms;
++ s->s3->tmp.pmslen = pmslen;
++
++ return 1;
++ err:
++ OPENSSL_clear_free(pms, pmslen);
++ EVP_PKEY_CTX_free(pctx);
++
++ return 0;
++#else
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
+-#ifndef OPENSSL_NO_DH
+- else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+- DH *dh_clnt = NULL;
- BIGNUM *pub_key;
-+ const BIGNUM *pub_key;
- skey = s->s3->peer_tmp;
- if (skey == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-@@ -2538,6 +2442,9 @@ int tls_client_key_exchange_post_work(SSL *s)
+- skey = s->s3->peer_tmp;
+- if (skey == NULL) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
+- ckey = ssl_generate_pkey(skey, NID_undef);
+- dh_clnt = EVP_PKEY_get0_DH(ckey);
++}
+
+- if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
++static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
++{
++#ifndef OPENSSL_NO_DH
++ DH *dh_clnt = NULL;
++ const BIGNUM *pub_key;
++ EVP_PKEY *ckey = NULL, *skey = NULL;
+
++ skey = s->s3->peer_tmp;
++ if (skey == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ ckey = ssl_generate_pkey(skey, NID_undef);
++ dh_clnt = EVP_PKEY_get0_DH(ckey);
+
+- /* send off the data */
+- DH_get0_key(dh_clnt, &pub_key, NULL);
+- n = BN_num_bytes(pub_key);
+- s2n(n, p);
+- BN_bn2bin(pub_key, p);
+- n += 2;
++ if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
+ EVP_PKEY_free(ckey);
+- ckey = NULL;
++ return 0;
+ }
++
++ /* send off the data */
++ DH_get0_key(dh_clnt, &pub_key, NULL);
++ *len = BN_num_bytes(pub_key);
++ s2n(*len, *p);
++ BN_bn2bin(pub_key, *p);
++ *len += 2;
++ EVP_PKEY_free(ckey);
++
++ return 1;
++#else
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
++}
+
++static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
++{
+ #ifndef OPENSSL_NO_EC
+- else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
++ unsigned char *encodedPoint = NULL;
++ int encoded_pt_len = 0;
++ EVP_PKEY *ckey = NULL, *skey = NULL;
+
+- skey = s->s3->peer_tmp;
+- if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
++ skey = s->s3->peer_tmp;
++ if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
+
+- ckey = ssl_generate_pkey(skey, NID_undef);
++ ckey = ssl_generate_pkey(skey, NID_undef);
+
+- if (ssl_derive(s, ckey, skey) == 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
+- goto err;
+- }
++ if (ssl_derive(s, ckey, skey) == 0) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB);
++ goto err;
++ }
+
+- /* Generate encoding of client key */
+- encoded_pt_len = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(ckey),
+- POINT_CONVERSION_UNCOMPRESSED,
+- &encodedPoint, NULL);
++ /* Generate encoding of client key */
++ encoded_pt_len = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(ckey),
++ POINT_CONVERSION_UNCOMPRESSED,
++ &encodedPoint, NULL);
+
+- if (encoded_pt_len == 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+- goto err;
+- }
++ if (encoded_pt_len == 0) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EC_LIB);
++ goto err;
++ }
+
+- EVP_PKEY_free(ckey);
+- ckey = NULL;
++ EVP_PKEY_free(ckey);
++ ckey = NULL;
+
+- n = encoded_pt_len;
++ *len = encoded_pt_len;
+
+- *p = n; /* length of encoded point */
+- /* Encoded point will be copied here */
+- p += 1;
+- /* copy the point */
+- memcpy(p, encodedPoint, n);
+- /* increment n to account for length field */
+- n += 1;
++ /* length of encoded point */
++ **p = *len;
++ *p += 1;
++ /* copy the point */
++ memcpy(*p, encodedPoint, *len);
++ /* increment len to account for length field */
++ *len += 1;
+
+- /* Free allocated memory */
+- OPENSSL_free(encodedPoint);
+- }
+-#endif /* !OPENSSL_NO_EC */
++ OPENSSL_free(encodedPoint);
++
++ return 1;
++ err:
++ EVP_PKEY_free(ckey);
++ return 0;
++#else
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
++#endif
++}
++
++static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
++{
+ #ifndef OPENSSL_NO_GOST
+- else if (alg_k & SSL_kGOST) {
+- /* GOST key exchange message creation */
+- EVP_PKEY_CTX *pkey_ctx;
+- X509 *peer_cert;
+- size_t msglen;
+- unsigned int md_len;
+- unsigned char shared_ukm[32], tmp[256];
+- EVP_MD_CTX *ukm_hash;
+- int dgst_nid = NID_id_GostR3411_94;
+- if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
+- dgst_nid = NID_id_GostR3411_2012_256;
+-
+-
+- pmslen = 32;
+- pms = OPENSSL_malloc(pmslen);
+- if (pms == NULL)
+- goto memerr;
++ /* GOST key exchange message creation */
++ EVP_PKEY_CTX *pkey_ctx = NULL;
++ X509 *peer_cert;
++ size_t msglen;
++ unsigned int md_len;
++ unsigned char shared_ukm[32], tmp[256];
++ EVP_MD_CTX *ukm_hash = NULL;
++ int dgst_nid = NID_id_GostR3411_94;
++ unsigned char *pms = NULL;
++ size_t pmslen = 0;
+
+- /*
+- * Get server sertificate PKEY and create ctx from it
+- */
+- peer_cert = s->session->peer;
+- if (!peer_cert) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+- goto err;
+- }
++ if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
++ dgst_nid = NID_id_GostR3411_2012_256;
+
+- pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+- if (pkey_ctx == NULL) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
+- /*
+- * If we have send a certificate, and certificate key
+- * parameters match those of server certificate, use
+- * certificate key for key exchange
+- */
++ /*
++ * Get server sertificate PKEY and create ctx from it
++ */
++ peer_cert = s->session->peer;
++ if (!peer_cert) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST,
++ SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
++ return 0;
++ }
++
++ pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
++ if (pkey_ctx == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++ /*
++ * If we have send a certificate, and certificate key
++ * parameters match those of server certificate, use
++ * certificate key for key exchange
++ */
+
+- /* Otherwise, generate ephemeral key pair */
++ /* Otherwise, generate ephemeral key pair */
++ pmslen = 32;
++ pms = OPENSSL_malloc(pmslen);
++ if (pms == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
+
+- if (pkey_ctx == NULL
+- || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+- /* Generate session key */
+- || RAND_bytes(pms, pmslen) <= 0) {
+- EVP_PKEY_CTX_free(pkey_ctx);
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- };
+- /*
+- * If we have client certificate, use its secret as peer key
+- */
+- if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
+- if (EVP_PKEY_derive_set_peer
+- (pkey_ctx, s->cert->key->privatekey) <= 0) {
+- /*
+- * If there was an error - just ignore it. Ephemeral key
+- * * would be used
+- */
+- ERR_clear_error();
+- }
+- }
+- /*
+- * Compute shared IV and store it in algorithm-specific context
+- * data
+- */
+- ukm_hash = EVP_MD_CTX_new();
+- if (EVP_DigestInit(ukm_hash,
+- EVP_get_digestbynid(dgst_nid)) <= 0
+- || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+- SSL3_RANDOM_SIZE) <= 0
+- || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+- SSL3_RANDOM_SIZE) <= 0
+- || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+- EVP_MD_CTX_free(ukm_hash);
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
+- EVP_MD_CTX_free(ukm_hash);
+- if (EVP_PKEY_CTX_ctrl
+- (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
+- shared_ukm) < 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- SSL_R_LIBRARY_BUG);
+- goto err;
+- }
+- /* Make GOST keytransport blob message */
+- /*
+- * Encapsulate it into sequence
+- */
+- *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
+- msglen = 255;
+- if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- SSL_R_LIBRARY_BUG);
+- goto err;
+- }
+- if (msglen >= 0x80) {
+- *(p++) = 0x81;
+- *(p++) = msglen & 0xff;
+- n = msglen + 3;
+- } else {
+- *(p++) = msglen & 0xff;
+- n = msglen + 2;
+- }
+- memcpy(p, tmp, msglen);
+- /* Check if pubkey from client certificate was used */
+- if (EVP_PKEY_CTX_ctrl
+- (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
+- /* Set flag "skip certificate verify" */
+- s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
++ if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
++ /* Generate session key */
++ || RAND_bytes(pms, pmslen) <= 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ goto err;
++ };
++ /*
++ * If we have client certificate, use its secret as peer key
++ */
++ if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
++ if (EVP_PKEY_derive_set_peer
++ (pkey_ctx, s->cert->key->privatekey) <= 0) {
++ /*
++ * If there was an error - just ignore it. Ephemeral key
++ * * would be used
++ */
++ ERR_clear_error();
+ }
+- EVP_PKEY_CTX_free(pkey_ctx);
+-
+ }
++ /*
++ * Compute shared IV and store it in algorithm-specific context
++ * data
++ */
++ ukm_hash = EVP_MD_CTX_new();
++ if (ukm_hash == NULL
++ || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
++ || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
++ SSL3_RANDOM_SIZE) <= 0
++ || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
++ SSL3_RANDOM_SIZE) <= 0
++ || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ EVP_MD_CTX_free(ukm_hash);
++ ukm_hash = NULL;
++ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
++ EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
++ goto err;
++ }
++ /* Make GOST keytransport blob message */
++ /*
++ * Encapsulate it into sequence
++ */
++ *((*p)++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
++ msglen = 255;
++ if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
++ goto err;
++ }
++ if (msglen >= 0x80) {
++ *((*p)++) = 0x81;
++ *((*p)++) = msglen & 0xff;
++ *len = msglen + 3;
++ } else {
++ *((*p)++) = msglen & 0xff;
++ *len = msglen + 2;
++ }
++ memcpy(*p, tmp, msglen);
++ /* Check if pubkey from client certificate was used */
++ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
++ NULL) > 0) {
++ /* Set flag "skip certificate verify" */
++ s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
++ }
++ EVP_PKEY_CTX_free(pkey_ctx);
++ s->s3->tmp.pms = pms;
++ s->s3->tmp.pmslen = pmslen;
++
++ return 1;
++ err:
++ EVP_PKEY_CTX_free(pkey_ctx);
++ OPENSSL_clear_free(pms, pmslen);
++ EVP_MD_CTX_free(ukm_hash);
++ return 0;
++#else
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
++}
++
++static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
++{
+ #ifndef OPENSSL_NO_SRP
+- else if (alg_k & SSL_kSRP) {
+- if (s->srp_ctx.A != NULL) {
+- /* send off the data */
+- n = BN_num_bytes(s->srp_ctx.A);
+- s2n(n, p);
+- BN_bn2bin(s->srp_ctx.A, p);
+- n += 2;
+- } else {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
+- OPENSSL_free(s->session->srp_username);
+- s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+- if (s->session->srp_username == NULL) {
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+- ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
++ if (s->srp_ctx.A != NULL) {
++ /* send off the data */
++ *len = BN_num_bytes(s->srp_ctx.A);
++ s2n(*len, *p);
++ BN_bn2bin(s->srp_ctx.A, *p);
++ *len += 2;
++ } else {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ OPENSSL_free(s->session->srp_username);
++ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
++ if (s->session->srp_username == NULL) {
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE);
++ return 0;
+ }
++
++ return 1;
++#else
++ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
+ #endif
+- else {
++}
++
++int tls_construct_client_key_exchange(SSL *s)
++{
++ unsigned char *p;
++ int len;
++ size_t pskhdrlen = 0;
++ unsigned long alg_k;
++ int al = -1;
++
++ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
++
++ p = ssl_handshake_start(s);
++
++ if ((alg_k & SSL_PSK)
++ && !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
++ goto err;
++
++ if (alg_k & SSL_kPSK) {
++ len = 0;
++ } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
++ if (!tls_construct_cke_rsa(s, &p, &len, &al))
++ goto err;
++ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
++ if (!tls_construct_cke_dhe(s, &p, &len, &al))
++ goto err;
++ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
++ if (!tls_construct_cke_ecdhe(s, &p, &len, &al))
++ goto err;
++ } else if (alg_k & SSL_kGOST) {
++ if (!tls_construct_cke_gost(s, &p, &len, &al))
++ goto err;
++ } else if (alg_k & SSL_kSRP) {
++ if (!tls_construct_cke_srp(s, &p, &len, &al))
++ goto err;
++ } else {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+-#ifndef OPENSSL_NO_PSK
+- n += pskhdrlen;
+-#endif
++ len += pskhdrlen;
+
+- if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) {
++ if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, len)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+- if (pms != NULL) {
+- s->s3->tmp.pms = pms;
+- s->s3->tmp.pmslen = pmslen;
+- }
+-
+ return 1;
+- memerr:
+- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ err:
+- OPENSSL_clear_free(pms, pmslen);
++ if (al != -1)
++ ssl3_send_alert(s, SSL3_AL_FATAL, al);
++ OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+ s->s3->tmp.pms = NULL;
+-#ifndef OPENSSL_NO_RSA
+- EVP_PKEY_CTX_free(pctx);
+-#endif
+-#ifndef OPENSSL_NO_EC
+- OPENSSL_free(encodedPoint);
+-#endif
+-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+- EVP_PKEY_free(ckey);
+-#endif
+ #ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
+@@ -2538,6 +2543,9 @@ int tls_client_key_exchange_post_work(SS
unsigned char *pms = NULL;
size_t pmslen = 0;
@@ -170041,7 +170243,7 @@
#ifndef OPENSSL_NO_SRP
/* Check for SRP */
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-@@ -2549,8 +2456,6 @@ int tls_client_key_exchange_post_work(SSL *s)
+@@ -2549,8 +2557,6 @@ int tls_client_key_exchange_post_work(SS
return 1;
}
#endif
@@ -170050,7 +170252,7 @@
if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-@@ -2560,8 +2465,13 @@ int tls_client_key_exchange_post_work(SSL *s)
+@@ -2560,8 +2566,13 @@ int tls_client_key_exchange_post_work(SS
if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
@@ -170064,8 +170266,6 @@
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s)) {
-diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
-index a3090ef..946dee0 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1,115 +1,10 @@
@@ -170209,7 +170409,54 @@
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
-@@ -1022,7 +917,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
+@@ -287,7 +182,7 @@ int dtls1_do_write(SSL *s, int type)
+ }
+ }
+
+- used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
++ used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH
+ + mac_size + blocksize;
+ if (s->d1->mtu > used_len)
+ curr_mtu = s->d1->mtu - used_len;
+@@ -298,7 +193,7 @@ int dtls1_do_write(SSL *s, int type)
+ /*
+ * grr.. we could get an error if MTU picked was wrong
+ */
+- ret = BIO_flush(SSL_get_wbio(s));
++ ret = BIO_flush(s->wbio);
+ if (ret <= 0) {
+ s->rwstate = SSL_WRITING;
+ return ret;
+@@ -399,7 +294,8 @@ int dtls1_do_write(SSL *s, int type)
+ xlen = ret - DTLS1_HM_HEADER_LENGTH;
+ }
+
+- ssl3_finish_mac(s, p, xlen);
++ if (!ssl3_finish_mac(s, p, xlen))
++ return -1;
+ }
+
+ if (ret == s->init_num) {
+@@ -480,7 +376,8 @@ int dtls_get_message(SSL *s, int *mt, un
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
+
+- ssl3_finish_mac(s, p, msg_len);
++ if (!ssl3_finish_mac(s, p, msg_len))
++ return 0;
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ p, msg_len, s, s->msg_callback_arg);
+@@ -831,7 +728,7 @@ static int dtls_get_reassembled_message(
+ *len = i;
+ return 0;
+ }
+- if(recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
++ if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ if (wire[0] != SSL3_MT_CCS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+@@ -1022,7 +919,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
int dtls1_read_failed(SSL *s, int code)
{
if (code > 0) {
@@ -170218,7 +170465,7 @@
return 1;
}
-@@ -1079,10 +974,8 @@ int dtls1_retransmit_buffered_messages(SSL *s)
+@@ -1079,10 +976,8 @@ int dtls1_retransmit_buffered_messages(S
dtls1_get_queue_priority
(frag->msg_header.seq,
frag->msg_header.is_ccs),
@@ -170230,7 +170477,7 @@
}
return 1;
-@@ -1174,7 +1067,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
+@@ -1174,7 +1069,7 @@ dtls1_retransmit_message(SSL *s, unsigne
item = pqueue_find(s->d1->sent_messages, seq64be);
if (item == NULL) {
@@ -170239,8 +170486,15 @@
*found = 0;
return 0;
}
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 8fcc232..aab4e76 100644
+@@ -1225,7 +1120,7 @@ dtls1_retransmit_message(SSL *s, unsigne
+
+ s->d1->retransmitting = 0;
+
+- (void)BIO_flush(SSL_get_wbio(s));
++ (void)BIO_flush(s->wbio);
+ return ret;
+ }
+
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1,112 +1,12 @@
@@ -170371,7 +170625,20 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
-@@ -454,6 +353,16 @@ int tls_get_message_header(SSL *s, int *mt)
+@@ -141,8 +40,10 @@ int ssl3_do_write(SSL *s, int type)
+ * should not be done for 'Hello Request's, but in that case we'll
+ * ignore the result anyway
+ */
+- ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
+- ret);
++ if (!ssl3_finish_mac(s,
++ (unsigned char *)&s->init_buf->data[s->init_off],
++ ret))
++ return -1;
+
+ if (ret == s->init_num) {
+ if (s->msg_callback)
+@@ -454,6 +355,16 @@ int tls_get_message_header(SSL *s, int *
return 0;
}
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
@@ -170388,7 +170655,57 @@
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = i - 1;
s->s3->tmp.message_size = i;
-@@ -648,6 +557,13 @@ int ssl_verify_alarm_type(long type)
+@@ -490,15 +401,14 @@ int tls_get_message_header(SSL *s, int *
+ *mt = *p;
+ s->s3->tmp.message_type = *(p++);
+
+- if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
++ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+ /*
+ * Only happens with SSLv3+ in an SSLv2 backward compatible
+ * ClientHello
++ *
++ * Total message size is the remaining record bytes to read
++ * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
+ */
+- /*
+- * Total message size is the remaining record bytes to read
+- * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
+- */
+ l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+ + SSL3_HM_HEADER_LENGTH;
+ if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
+@@ -571,14 +481,25 @@ int tls_get_message_body(SSL *s, unsigne
+ #endif
+
+ /* Feed this message into MAC computation. */
+- if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
++ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
++ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
++ s->init_num)) {
++ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
++ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
++ *len = 0;
++ return 0;
++ }
+ if (s->msg_callback)
+ s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
+ (size_t)s->init_num, s, s->msg_callback_arg);
+ } else {
+- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+- s->init_num + SSL3_HM_HEADER_LENGTH);
++ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
++ s->init_num + SSL3_HM_HEADER_LENGTH)) {
++ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
++ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
++ *len = 0;
++ return 0;
++ }
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+ (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+@@ -648,6 +569,13 @@ int ssl_verify_alarm_type(long type)
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_CERT_UNTRUSTED:
case X509_V_ERR_CERT_REJECTED:
@@ -170402,7 +170719,7 @@
al = SSL_AD_BAD_CERTIFICATE;
break;
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-@@ -661,7 +577,10 @@ int ssl_verify_alarm_type(long type)
+@@ -661,7 +589,10 @@ int ssl_verify_alarm_type(long type)
case X509_V_ERR_CERT_REVOKED:
al = SSL_AD_CERTIFICATE_REVOKED;
break;
@@ -170413,7 +170730,7 @@
al = SSL_AD_INTERNAL_ERROR;
break;
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-@@ -1055,7 +974,7 @@ int ssl_choose_client_version(SSL *s, int version)
+@@ -1055,7 +986,7 @@ int ssl_choose_client_version(SSL *s, in
* or FIPS_mode() constraints and any floor imposed by the security level here,
* so we don't advertise the wrong protocol version to only reject the outcome later.
*
@@ -170422,8 +170739,6 @@
* TLS 1.1 is disabled, but the security level, Suite-B and/or MinProtocol
* only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
*
-diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
-index 57b7c37..9f7ec88 100644
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -1,55 +1,10 @@
@@ -170488,8 +170803,6 @@
*/
/*****************************************************************************
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index 38fa945..773591c 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1,112 +1,12 @@
@@ -170612,7 +170925,62 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -368,7 +268,7 @@ static int send_certificate_request(SSL *s)
+@@ -181,7 +81,7 @@ int ossl_statem_server_read_transition(S
+ {
+ OSSL_STATEM *st = &s->statem;
+
+- switch(st->hand_state) {
++ switch (st->hand_state) {
+ case TLS_ST_BEFORE:
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ if (mt == SSL3_MT_CLIENT_HELLO) {
+@@ -201,13 +101,29 @@ int ossl_statem_server_read_transition(S
+ * b) We are running SSL3 (in TLS1.0+ the client must return a 0
+ * list if we requested a certificate)
+ */
+- if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE
+- && (!s->s3->tmp.cert_request
+- || (!((s->verify_mode & SSL_VERIFY_PEER) &&
+- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+- && (s->version == SSL3_VERSION)))) {
+- st->hand_state = TLS_ST_SR_KEY_EXCH;
+- return 1;
++ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
++ if (s->s3->tmp.cert_request) {
++ if (s->version == SSL3_VERSION) {
++ if ((s->verify_mode & SSL_VERIFY_PEER)
++ && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
++ /*
++ * This isn't an unexpected message as such - we're just
++ * not going to accept it because we require a client
++ * cert.
++ */
++ ssl3_send_alert(s, SSL3_AL_FATAL,
++ SSL3_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
++ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
++ return 0;
++ }
++ st->hand_state = TLS_ST_SR_KEY_EXCH;
++ return 1;
++ }
++ } else {
++ st->hand_state = TLS_ST_SR_KEY_EXCH;
++ return 1;
++ }
+ } else if (s->s3->tmp.cert_request) {
+ if (mt == SSL3_MT_CERTIFICATE) {
+ st->hand_state = TLS_ST_SR_CERT;
+@@ -297,6 +213,8 @@ int ossl_statem_server_read_transition(S
+ }
+
+ /* No valid transition found */
++ ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
++ SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
+ return 0;
+ }
+
+@@ -368,7 +286,7 @@ static int send_certificate_request(SSL
&& (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
/*
* ... except when the application insists on
@@ -170621,8 +170989,223 @@
* this for SSL 3)
*/
|| (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-@@ -596,15 +496,20 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+@@ -393,113 +311,113 @@ WRITE_TRAN ossl_statem_server_write_tran
+ {
+ OSSL_STATEM *st = &s->statem;
+
+- switch(st->hand_state) {
+- case TLS_ST_BEFORE:
+- /* Just go straight to trying to read from the client */;
+- return WRITE_TRAN_FINISHED;
+-
+- case TLS_ST_OK:
+- /* We must be trying to renegotiate */
+- st->hand_state = TLS_ST_SW_HELLO_REQ;
+- return WRITE_TRAN_CONTINUE;
+-
+- case TLS_ST_SW_HELLO_REQ:
+- st->hand_state = TLS_ST_OK;
+- ossl_statem_set_in_init(s, 0);
+- return WRITE_TRAN_CONTINUE;
++ switch (st->hand_state) {
++ case TLS_ST_BEFORE:
++ /* Just go straight to trying to read from the client */;
++ return WRITE_TRAN_FINISHED;
+
+- case TLS_ST_SR_CLNT_HELLO:
+- if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
+- && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
+- st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
+- else
+- st->hand_state = TLS_ST_SW_SRVR_HELLO;
+- return WRITE_TRAN_CONTINUE;
++ case TLS_ST_OK:
++ /* We must be trying to renegotiate */
++ st->hand_state = TLS_ST_SW_HELLO_REQ;
++ return WRITE_TRAN_CONTINUE;
+
+- case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+- return WRITE_TRAN_FINISHED;
++ case TLS_ST_SW_HELLO_REQ:
++ st->hand_state = TLS_ST_OK;
++ ossl_statem_set_in_init(s, 0);
++ return WRITE_TRAN_CONTINUE;
+
+- case TLS_ST_SW_SRVR_HELLO:
+- if (s->hit) {
+- if (s->tlsext_ticket_expected)
+- st->hand_state = TLS_ST_SW_SESSION_TICKET;
+- else
+- st->hand_state = TLS_ST_SW_CHANGE;
+- } else {
+- /* Check if it is anon DH or anon ECDH, */
+- /* normal PSK or SRP */
+- if (!(s->s3->tmp.new_cipher->algorithm_auth &
+- (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+- st->hand_state = TLS_ST_SW_CERT;
+- } else if (send_server_key_exchange(s)) {
+- st->hand_state = TLS_ST_SW_KEY_EXCH;
+- } else if (send_certificate_request(s)) {
+- st->hand_state = TLS_ST_SW_CERT_REQ;
+- } else {
+- st->hand_state = TLS_ST_SW_SRVR_DONE;
+- }
+- }
+- return WRITE_TRAN_CONTINUE;
++ case TLS_ST_SR_CLNT_HELLO:
++ if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
++ && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
++ st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
++ else
++ st->hand_state = TLS_ST_SW_SRVR_HELLO;
++ return WRITE_TRAN_CONTINUE;
+
+- case TLS_ST_SW_CERT:
+- if (s->tlsext_status_expected) {
+- st->hand_state = TLS_ST_SW_CERT_STATUS;
+- return WRITE_TRAN_CONTINUE;
+- }
+- /* Fall through */
++ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
++ return WRITE_TRAN_FINISHED;
+
+- case TLS_ST_SW_CERT_STATUS:
+- if (send_server_key_exchange(s)) {
++ case TLS_ST_SW_SRVR_HELLO:
++ if (s->hit) {
++ if (s->tlsext_ticket_expected)
++ st->hand_state = TLS_ST_SW_SESSION_TICKET;
++ else
++ st->hand_state = TLS_ST_SW_CHANGE;
++ } else {
++ /* Check if it is anon DH or anon ECDH, */
++ /* normal PSK or SRP */
++ if (!(s->s3->tmp.new_cipher->algorithm_auth &
++ (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
++ st->hand_state = TLS_ST_SW_CERT;
++ } else if (send_server_key_exchange(s)) {
+ st->hand_state = TLS_ST_SW_KEY_EXCH;
+- return WRITE_TRAN_CONTINUE;
+- }
+- /* Fall through */
+-
+- case TLS_ST_SW_KEY_EXCH:
+- if (send_certificate_request(s)) {
++ } else if (send_certificate_request(s)) {
+ st->hand_state = TLS_ST_SW_CERT_REQ;
+- return WRITE_TRAN_CONTINUE;
++ } else {
++ st->hand_state = TLS_ST_SW_SRVR_DONE;
+ }
+- /* Fall through */
++ }
++ return WRITE_TRAN_CONTINUE;
+
+- case TLS_ST_SW_CERT_REQ:
+- st->hand_state = TLS_ST_SW_SRVR_DONE;
++ case TLS_ST_SW_CERT:
++ if (s->tlsext_status_expected) {
++ st->hand_state = TLS_ST_SW_CERT_STATUS;
+ return WRITE_TRAN_CONTINUE;
++ }
++ /* Fall through */
+
+- case TLS_ST_SW_SRVR_DONE:
+- return WRITE_TRAN_FINISHED;
+-
+- case TLS_ST_SR_FINISHED:
+- if (s->hit) {
+- st->hand_state = TLS_ST_OK;
+- ossl_statem_set_in_init(s, 0);
+- return WRITE_TRAN_CONTINUE;
+- } else if (s->tlsext_ticket_expected) {
+- st->hand_state = TLS_ST_SW_SESSION_TICKET;
+- } else {
+- st->hand_state = TLS_ST_SW_CHANGE;
+- }
++ case TLS_ST_SW_CERT_STATUS:
++ if (send_server_key_exchange(s)) {
++ st->hand_state = TLS_ST_SW_KEY_EXCH;
+ return WRITE_TRAN_CONTINUE;
++ }
++ /* Fall through */
+
+- case TLS_ST_SW_SESSION_TICKET:
+- st->hand_state = TLS_ST_SW_CHANGE;
++ case TLS_ST_SW_KEY_EXCH:
++ if (send_certificate_request(s)) {
++ st->hand_state = TLS_ST_SW_CERT_REQ;
+ return WRITE_TRAN_CONTINUE;
++ }
++ /* Fall through */
+
+- case TLS_ST_SW_CHANGE:
+- st->hand_state = TLS_ST_SW_FINISHED;
+- return WRITE_TRAN_CONTINUE;
++ case TLS_ST_SW_CERT_REQ:
++ st->hand_state = TLS_ST_SW_SRVR_DONE;
++ return WRITE_TRAN_CONTINUE;
+
+- case TLS_ST_SW_FINISHED:
+- if (s->hit) {
+- return WRITE_TRAN_FINISHED;
+- }
++ case TLS_ST_SW_SRVR_DONE:
++ return WRITE_TRAN_FINISHED;
++
++ case TLS_ST_SR_FINISHED:
++ if (s->hit) {
+ st->hand_state = TLS_ST_OK;
+ ossl_statem_set_in_init(s, 0);
+ return WRITE_TRAN_CONTINUE;
++ } else if (s->tlsext_ticket_expected) {
++ st->hand_state = TLS_ST_SW_SESSION_TICKET;
++ } else {
++ st->hand_state = TLS_ST_SW_CHANGE;
++ }
++ return WRITE_TRAN_CONTINUE;
+
+- default:
+- /* Shouldn't happen */
+- return WRITE_TRAN_ERROR;
++ case TLS_ST_SW_SESSION_TICKET:
++ st->hand_state = TLS_ST_SW_CHANGE;
++ return WRITE_TRAN_CONTINUE;
++
++ case TLS_ST_SW_CHANGE:
++ st->hand_state = TLS_ST_SW_FINISHED;
++ return WRITE_TRAN_CONTINUE;
++
++ case TLS_ST_SW_FINISHED:
++ if (s->hit) {
++ return WRITE_TRAN_FINISHED;
++ }
++ st->hand_state = TLS_ST_OK;
++ ossl_statem_set_in_init(s, 0);
++ return WRITE_TRAN_CONTINUE;
++
++ default:
++ /* Shouldn't happen */
++ return WRITE_TRAN_ERROR;
+ }
+ }
+
+@@ -511,7 +429,7 @@ WORK_STATE ossl_statem_server_pre_work(S
+ {
+ OSSL_STATEM *st = &s->statem;
+
+- switch(st->hand_state) {
++ switch (st->hand_state) {
case TLS_ST_SW_HELLO_REQ:
+ s->shutdown = 0;
+ if (SSL_IS_DTLS(s))
+@@ -592,19 +510,24 @@ WORK_STATE ossl_statem_server_post_work(
+
+ s->init_num = 0;
+
+- switch(st->hand_state) {
++ switch (st->hand_state) {
+ case TLS_ST_SW_HELLO_REQ:
if (statem_flush(s) != 1)
return WORK_MORE_A;
- ssl3_init_finished_mac(s);
@@ -170645,7 +171228,16 @@
/*
* The next message should be another ClientHello which we need to
* treat like it was the first packet
-@@ -747,6 +652,23 @@ int ossl_statem_server_construct_message(SSL *s)
+@@ -698,7 +621,7 @@ int ossl_statem_server_construct_message
+ {
+ OSSL_STATEM *st = &s->statem;
+
+- switch(st->hand_state) {
++ switch (st->hand_state) {
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ return dtls_construct_hello_verify_request(s);
+
+@@ -747,6 +670,23 @@ int ossl_statem_server_construct_message
return 0;
}
@@ -170669,16 +171261,37 @@
#define CLIENT_KEY_EXCH_MAX_LENGTH 2048
#define NEXT_PROTO_MAX_LENGTH 514
-@@ -760,7 +682,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s)
+@@ -758,9 +698,9 @@ unsigned long ossl_statem_server_max_mes
+ {
+ OSSL_STATEM *st = &s->statem;
- switch(st->hand_state) {
+- switch(st->hand_state) {
++ switch (st->hand_state) {
case TLS_ST_SR_CLNT_HELLO:
- return SSL3_RT_MAX_PLAIN_LENGTH;
+ return CLIENT_HELLO_MAX_LENGTH;
case TLS_ST_SR_CERT:
return s->max_cert_list;
-@@ -971,6 +893,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+@@ -797,7 +737,7 @@ MSG_PROCESS_RETURN ossl_statem_server_pr
+ {
+ OSSL_STATEM *st = &s->statem;
+
+- switch(st->hand_state) {
++ switch (st->hand_state) {
+ case TLS_ST_SR_CLNT_HELLO:
+ return tls_process_client_hello(s, pkt);
+
+@@ -837,7 +777,7 @@ WORK_STATE ossl_statem_server_post_proce
+ {
+ OSSL_STATEM *st = &s->statem;
+
+- switch(st->hand_state) {
++ switch (st->hand_state) {
+ case TLS_ST_SR_CLNT_HELLO:
+ return tls_post_process_client_hello(s, wst);
+
+@@ -971,6 +911,7 @@ MSG_PROCESS_RETURN tls_process_client_he
/* |cookie| will only be initialized for DTLS. */
PACKET session_id, cipher_suites, compression, extensions, cookie;
int is_v2_record;
@@ -170686,8 +171299,17 @@
is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
-@@ -1096,19 +1019,20 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+@@ -1027,7 +968,7 @@ MSG_PROCESS_RETURN tls_process_client_he
+ * use version from inside client hello, not from record header (may
+ * differ: see RFC 2246, Appendix E, second paragraph)
+ */
+- if(!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) {
++ if (!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
+@@ -1096,19 +1037,20 @@ MSG_PROCESS_RETURN tls_process_client_he
+ goto f_err;
}
- /* Load the client random */
@@ -170710,7 +171332,7 @@
PACKET_null_init(&extensions);
} else {
/* Regular ClientHello. */
-@@ -1376,7 +1300,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+@@ -1376,7 +1318,7 @@ MSG_PROCESS_RETURN tls_process_client_he
if (k >= complen) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
@@ -170719,7 +171341,24 @@
goto f_err;
}
} else if (s->hit)
-@@ -1678,7 +1602,7 @@ int tls_construct_server_key_exchange(SSL *s)
+@@ -1512,7 +1454,7 @@ WORK_STATE tls_post_process_client_hello
+
+ /* Handles TLS extensions that we couldn't check earlier */
+ if (s->version >= SSL3_VERSION) {
+- if (ssl_check_clienthello_tlsext_late(s) <= 0) {
++ if (!ssl_check_clienthello_tlsext_late(s, &al)) {
+ SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_CLIENTHELLO_TLSEXT);
+ goto f_err;
+@@ -1666,6 +1608,7 @@ int tls_construct_server_key_exchange(SS
+ {
+ #ifndef OPENSSL_NO_DH
+ EVP_PKEY *pkdh = NULL;
++ int j;
+ #endif
+ #ifndef OPENSSL_NO_EC
+ unsigned char *encodedPoint = NULL;
+@@ -1678,7 +1621,7 @@ int tls_construct_server_key_exchange(SS
int al, i;
unsigned long type;
int n;
@@ -170728,7 +171367,24 @@
int nr[4], kn;
BUF_MEM *buf;
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
-@@ -1868,6 +1792,11 @@ int tls_construct_server_key_exchange(SSL *s)
+@@ -1857,6 +1800,16 @@ int tls_construct_server_key_exchange(SS
+ n += 1 + nr[i];
+ else
+ #endif
++#ifndef OPENSSL_NO_DH
++ /*
++ * for interoperability with some versions of the Microsoft TLS
++ * stack, we need to zero pad the DHE pub key to the same length
++ * as the prime, so use the length of the prime here
++ */
++ if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK)))
++ n += 2 + nr[0];
++ else
++#endif
+ n += 2 + nr[i];
+ }
+
+@@ -1868,6 +1821,11 @@ int tls_construct_server_key_exchange(SS
goto f_err;
}
kn = EVP_PKEY_size(pkey);
@@ -170740,144 +171396,1081 @@
} else {
pkey = NULL;
kn = 0;
-@@ -2079,7 +2008,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- EVP_PKEY *ckey = NULL;
+@@ -1883,10 +1841,19 @@ int tls_construct_server_key_exchange(SS
+ if (type & SSL_PSK) {
+ /* copy PSK identity hint */
+ if (s->cert->psk_identity_hint) {
+- s2n(strlen(s->cert->psk_identity_hint), p);
+- strncpy((char *)p, s->cert->psk_identity_hint,
+- strlen(s->cert->psk_identity_hint));
+- p += strlen(s->cert->psk_identity_hint);
++ size_t len = strlen(s->cert->psk_identity_hint);
++ if (len > PSK_MAX_IDENTITY_LEN) {
++ /*
++ * Should not happen - we already checked this when we set
++ * the identity hint
++ */
++ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
++ ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ s2n(len, p);
++ memcpy(p, s->cert->psk_identity_hint, len);
++ p += len;
+ } else {
+ s2n(0, p);
+ }
+@@ -1900,6 +1867,20 @@ int tls_construct_server_key_exchange(SS
+ p++;
+ } else
#endif
++#ifndef OPENSSL_NO_DH
++ /*
++ * for interoperability with some versions of the Microsoft TLS
++ * stack, we need to zero pad the DHE pub key to the same length
++ * as the prime
++ */
++ if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
++ s2n(nr[0], p);
++ for (j = 0; j < (nr[0] - nr[2]); ++j) {
++ *p = 0;
++ ++p;
++ }
++ } else
++#endif
+ s2n(nr[i], p);
+ BN_bn2bin(r[i], p);
+ p += nr[i];
+@@ -2068,505 +2049,565 @@ int tls_construct_certificate_request(SS
+ return 0;
+ }
+
+-MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
++static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
+ {
+- int al;
+- unsigned long alg_k;
+-#ifndef OPENSSL_NO_RSA
+- RSA *rsa = NULL;
+-#endif
+-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+- EVP_PKEY *ckey = NULL;
++#ifndef OPENSSL_NO_PSK
++ unsigned char psk[PSK_MAX_PSK_LEN];
++ size_t psklen;
++ PACKET psk_identity;
++
++ if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH);
++ return 0;
++ }
++ if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG);
++ return 0;
++ }
++ if (s->psk_server_callback == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
++ SSL_R_PSK_NO_SERVER_CB);
++ return 0;
++ }
++
++ if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++
++ psklen = s->psk_server_callback(s, s->session->psk_identity,
++ psk, sizeof(psk));
++
++ if (psklen > PSK_MAX_PSK_LEN) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ return 0;
++ } else if (psklen == 0) {
++ /*
++ * PSK related to the given identity not found
++ */
++ *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
++ SSL_R_PSK_IDENTITY_NOT_FOUND);
++ return 0;
++ }
++
++ OPENSSL_free(s->s3->tmp.psk);
++ s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
++ OPENSSL_cleanse(psk, psklen);
++
++ if (s->s3->tmp.psk == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++
++ s->s3->tmp.psklen = psklen;
++
++ return 1;
++#else
++ /* Should never happen */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
++ return 0;
+ #endif
++}
++
++
++static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
++{
++#ifndef OPENSSL_NO_RSA
++ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
++ int decrypt_len;
++ unsigned char decrypt_good, version_good;
++ size_t j, padding_len;
PACKET enc_premaster;
- const unsigned char *data;
++ RSA *rsa = NULL;
unsigned char *rsa_decrypt = NULL;
++ int ret = 0;
- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-@@ -2164,7 +2092,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
- int decrypt_len;
- unsigned char decrypt_good, version_good;
-- size_t j;
-+ size_t j, padding_len;
+- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+-
+-#ifndef OPENSSL_NO_PSK
+- /* For PSK parse and retrieve identity, obtain PSK key */
+- if (alg_k & SSL_PSK) {
+- unsigned char psk[PSK_MAX_PSK_LEN];
+- size_t psklen;
+- PACKET psk_identity;
++ rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
++ if (rsa == NULL) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_MISSING_RSA_CERTIFICATE);
++ return 0;
++ }
- /* FIX THIS UP EAY EAY EAY EAY */
- rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
-@@ -2221,17 +2149,37 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- goto err;
+- if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
+- if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_DATA_LENGTH_TOO_LONG);
+- goto f_err;
+- }
+- if (s->psk_server_callback == NULL) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_PSK_NO_SERVER_CB);
+- goto f_err;
++ /* SSLv3 and pre-standard DTLS omit the length bytes. */
++ if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
++ enc_premaster = *pkt;
++ } else {
++ if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
++ || PACKET_remaining(pkt) != 0) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_LENGTH_MISMATCH);
++ return 0;
}
++ }
-+ /*
-+ * Decrypt with no padding. PKCS#1 padding will be removed as part of
-+ * the timing-sensitive code below.
-+ */
- decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
- PACKET_data(&enc_premaster),
+- if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- al = SSL_AD_INTERNAL_ERROR;
+- goto f_err;
+- }
++ /*
++ * We want to be sure that the plaintext buffer size makes it safe to
++ * iterate over the entire size of a premaster secret
++ * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
++ * their ciphertext cannot accommodate a premaster secret anyway.
++ */
++ if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, RSA_R_KEY_SIZE_TOO_SMALL);
++ return 0;
++ }
+
+- psklen = s->psk_server_callback(s, s->session->psk_identity,
+- psk, sizeof(psk));
++ rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
++ if (rsa_decrypt == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
+
+- if (psklen > PSK_MAX_PSK_LEN) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
+- } else if (psklen == 0) {
+- /*
+- * PSK related to the given identity not found
+- */
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_PSK_IDENTITY_NOT_FOUND);
+- al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+- goto f_err;
+- }
++ /*
++ * We must not leak whether a decryption failure occurs because of
++ * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
++ * section 7.4.7.1). The code follows that advice of the TLS RFC and
++ * generates a random premaster secret for the case that the decrypt
++ * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
++ */
++
++ if (RAND_bytes(rand_premaster_secret,
++ sizeof(rand_premaster_secret)) <= 0)
++ goto err;
+
+- OPENSSL_free(s->s3->tmp.psk);
+- s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+- OPENSSL_cleanse(psk, psklen);
++ /*
++ * Decrypt with no padding. PKCS#1 padding will be removed as part of
++ * the timing-sensitive code below.
++ */
++ decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
++ PACKET_data(&enc_premaster),
++ rsa_decrypt, rsa, RSA_NO_PADDING);
++ if (decrypt_len < 0)
++ goto err;
+
+- if (s->s3->tmp.psk == NULL) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+- goto f_err;
+- }
++ /* Check the padding. See RFC 3447, section 7.2.2. */
+
+- s->s3->tmp.psklen = psklen;
++ /*
++ * The smallest padded premaster is 11 bytes of overhead. Small keys
++ * are publicly invalid, so this may return immediately. This ensures
++ * PS is at least 8 bytes.
++ */
++ if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
++ *al = SSL_AD_DECRYPT_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_DECRYPTION_FAILED);
++ goto err;
+ }
+- if (alg_k & SSL_kPSK) {
+- /* Identity extracted earlier: should be nothing left */
+- if (PACKET_remaining(pkt) != 0) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
+- /* PSK handled by ssl_generate_master_secret */
+- if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
+- }
+- } else
+-#endif
+-#ifndef OPENSSL_NO_RSA
+- if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+- unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+- int decrypt_len;
+- unsigned char decrypt_good, version_good;
+- size_t j;
+-
+- /* FIX THIS UP EAY EAY EAY EAY */
+- rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+- if (rsa == NULL) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_MISSING_RSA_CERTIFICATE);
+- goto f_err;
+- }
+
+- /* SSLv3 and pre-standard DTLS omit the length bytes. */
+- if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+- enc_premaster = *pkt;
+- } else {
+- if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
+- || PACKET_remaining(pkt) != 0) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
+- }
++ padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
++ decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
++ constant_time_eq_int_8(rsa_decrypt[1], 2);
++ for (j = 2; j < padding_len - 1; j++) {
++ decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
++ }
++ decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
+
+- /*
+- * We want to be sure that the plaintext buffer size makes it safe to
+- * iterate over the entire size of a premaster secret
+- * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
+- * their ciphertext cannot accommodate a premaster secret anyway.
+- */
+- if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- RSA_R_KEY_SIZE_TOO_SMALL);
+- goto f_err;
+- }
++ /*
++ * If the version in the decrypted pre-master secret is correct then
++ * version_good will be 0xff, otherwise it'll be zero. The
++ * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
++ * (http://eprint.iacr.org/2003/052/) exploits the version number
++ * check as a "bad version oracle". Thus version checks are done in
++ * constant time and are treated like any other decryption error.
++ */
++ version_good =
++ constant_time_eq_8(rsa_decrypt[padding_len],
++ (unsigned)(s->client_version >> 8));
++ version_good &=
++ constant_time_eq_8(rsa_decrypt[padding_len + 1],
++ (unsigned)(s->client_version & 0xff));
+
+- rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
+- if (rsa_decrypt == NULL) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+- goto f_err;
+- }
++ /*
++ * The premaster secret must contain the same version number as the
++ * ClientHello to detect version rollback attacks (strangely, the
++ * protocol does not offer such protection for DH ciphersuites).
++ * However, buggy clients exist that send the negotiated protocol
++ * version instead if the server does not support the requested
++ * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
++ * clients.
++ */
++ if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
++ unsigned char workaround_good;
++ workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
++ (unsigned)(s->version >> 8));
++ workaround_good &=
++ constant_time_eq_8(rsa_decrypt[padding_len + 1],
++ (unsigned)(s->version & 0xff));
++ version_good |= workaround_good;
++ }
+
+- /*
+- * We must not leak whether a decryption failure occurs because of
+- * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+- * section 7.4.7.1). The code follows that advice of the TLS RFC and
+- * generates a random premaster secret for the case that the decrypt
+- * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+- */
++ /*
++ * Both decryption and version must be good for decrypt_good to
++ * remain non-zero (0xff).
++ */
++ decrypt_good &= version_good;
+
+- if (RAND_bytes(rand_premaster_secret,
+- sizeof(rand_premaster_secret)) <= 0) {
+- goto err;
+- }
++ /*
++ * Now copy rand_premaster_secret over from p using
++ * decrypt_good_mask. If decryption failed, then p does not
++ * contain valid plaintext, however, a check above guarantees
++ * it is still sufficiently large to read from.
++ */
++ for (j = 0; j < sizeof(rand_premaster_secret); j++) {
++ rsa_decrypt[padding_len + j] =
++ constant_time_select_8(decrypt_good,
++ rsa_decrypt[padding_len + j],
++ rand_premaster_secret[j]);
++ }
+
+- decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
+- PACKET_data(&enc_premaster),
- rsa_decrypt, rsa, RSA_PKCS1_PADDING);
- ERR_clear_error();
-+ rsa_decrypt, rsa, RSA_NO_PADDING);
-+ if (decrypt_len < 0) {
-+ goto err;
-+ }
-+
-+ /* Check the padding. See RFC 3447, section 7.2.2. */
++ if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
++ sizeof(rand_premaster_secret), 0)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
- /*
+- /*
- * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
- * be 0xff if so and zero otherwise.
-+ * The smallest padded premaster is 11 bytes of overhead. Small keys
-+ * are publicly invalid, so this may return immediately. This ensures
-+ * PS is at least 8 bytes.
- */
+- */
- decrypt_good =
- constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
-+ if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
-+ al = SSL_AD_DECRYPT_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED);
-+ goto f_err;
-+ }
-+
-+ padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
-+ decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
-+ constant_time_eq_int_8(rsa_decrypt[1], 2);
-+ for (j = 2; j < padding_len - 1; j++) {
-+ decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
-+ }
-+ decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
++ ret = 1;
++ err:
++ OPENSSL_free(rsa_decrypt);
++ return ret;
++#else
++ /* Should never happen */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR);
++ return 0;
++#endif
++}
- /*
- * If the version in the decrypted pre-master secret is correct then
-@@ -2242,10 +2190,10 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- * constant time and are treated like any other decryption error.
- */
- version_good =
+- /*
+- * If the version in the decrypted pre-master secret is correct then
+- * version_good will be 0xff, otherwise it'll be zero. The
+- * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+- * (http://eprint.iacr.org/2003/052/) exploits the version number
+- * check as a "bad version oracle". Thus version checks are done in
+- * constant time and are treated like any other decryption error.
+- */
+- version_good =
- constant_time_eq_8(rsa_decrypt[0],
-+ constant_time_eq_8(rsa_decrypt[padding_len],
- (unsigned)(s->client_version >> 8));
- version_good &=
+- (unsigned)(s->client_version >> 8));
+- version_good &=
- constant_time_eq_8(rsa_decrypt[1],
-+ constant_time_eq_8(rsa_decrypt[padding_len + 1],
- (unsigned)(s->client_version & 0xff));
+- (unsigned)(s->client_version & 0xff));
++static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
++{
++#ifndef OPENSSL_NO_DH
++ EVP_PKEY *skey = NULL;
++ DH *cdh;
++ unsigned int i;
++ BIGNUM *pub_key;
++ const unsigned char *data;
++ EVP_PKEY *ckey = NULL;
++ int ret = 0;
- /*
-@@ -2259,10 +2207,10 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- */
- if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
- unsigned char workaround_good;
+- /*
+- * The premaster secret must contain the same version number as the
+- * ClientHello to detect version rollback attacks (strangely, the
+- * protocol does not offer such protection for DH ciphersuites).
+- * However, buggy clients exist that send the negotiated protocol
+- * version instead if the server does not support the requested
+- * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+- * clients.
+- */
+- if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+- unsigned char workaround_good;
- workaround_good =
- constant_time_eq_8(rsa_decrypt[0], (unsigned)(s->version >> 8));
-+ workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
-+ (unsigned)(s->version >> 8));
- workaround_good &=
+- workaround_good &=
- constant_time_eq_8(rsa_decrypt[1],
-+ constant_time_eq_8(rsa_decrypt[padding_len + 1],
- (unsigned)(s->version & 0xff));
- version_good |= workaround_good;
- }
-@@ -2280,12 +2228,13 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- * it is still sufficiently large to read from.
- */
- for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+- (unsigned)(s->version & 0xff));
+- version_good |= workaround_good;
+- }
++ if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
++ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
++ goto err;
++ }
++ skey = s->s3->tmp.pkey;
++ if (skey == NULL) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY);
++ goto err;
++ }
+
+- /*
+- * Both decryption and version must be good for decrypt_good to
+- * remain non-zero (0xff).
+- */
+- decrypt_good &= version_good;
++ if (PACKET_remaining(pkt) == 0L) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY);
++ goto err;
++ }
++ if (!PACKET_get_bytes(pkt, &data, i)) {
++ /* We already checked we have enough data */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ ckey = EVP_PKEY_new();
++ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_BN_LIB);
++ goto err;
++ }
++ cdh = EVP_PKEY_get0_DH(ckey);
++ pub_key = BN_bin2bn(data, i, NULL);
+
+- /*
+- * Now copy rand_premaster_secret over from p using
+- * decrypt_good_mask. If decryption failed, then p does not
+- * contain valid plaintext, however, a check above guarantees
+- * it is still sufficiently large to read from.
+- */
+- for (j = 0; j < sizeof(rand_premaster_secret); j++) {
- rsa_decrypt[j] =
- constant_time_select_8(decrypt_good, rsa_decrypt[j],
-+ rsa_decrypt[padding_len + j] =
-+ constant_time_select_8(decrypt_good,
-+ rsa_decrypt[padding_len + j],
- rand_premaster_secret[j]);
- }
+- rand_premaster_secret[j]);
+- }
++ if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
++ if (pub_key != NULL)
++ BN_free(pub_key);
++ goto err;
++ }
- if (!ssl_generate_master_secret(s, rsa_decrypt,
-+ if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
- sizeof(rand_premaster_secret), 0)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-@@ -2301,6 +2250,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- DH *cdh;
+- sizeof(rand_premaster_secret), 0)) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
+- }
+- OPENSSL_free(rsa_decrypt);
+- rsa_decrypt = NULL;
+- } else
++ if (ssl_derive(s, skey, ckey) == 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ ret = 1;
++ EVP_PKEY_free(s->s3->tmp.pkey);
++ s->s3->tmp.pkey = NULL;
++ err:
++ EVP_PKEY_free(ckey);
++ return ret;
++#else
++ /* Should never happen */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
++ return 0;
+ #endif
+-#ifndef OPENSSL_NO_DH
+- if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+- EVP_PKEY *skey = NULL;
+- DH *cdh;
++}
++
++static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
++{
++#ifndef OPENSSL_NO_EC
++ EVP_PKEY *skey = s->s3->tmp.pkey;
++ EVP_PKEY *ckey = NULL;
++ int ret = 0;
++
++ if (PACKET_remaining(pkt) == 0L) {
++ /* We don't support ECDH client auth */
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_MISSING_TMP_ECDH_KEY);
++ goto err;
++ } else {
unsigned int i;
- BIGNUM *pub_key;
+- BIGNUM *pub_key;
+ const unsigned char *data;
- if (!PACKET_get_net_2(pkt, &i)) {
- if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-@@ -2378,6 +2328,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- goto f_err;
- } else {
- unsigned int i;
-+ const unsigned char *data;
+- if (!PACKET_get_net_2(pkt, &i)) {
+- if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+- goto f_err;
+- }
+- i = 0;
+- }
+- if (PACKET_remaining(pkt) != i) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+- goto err;
+- }
+- skey = s->s3->tmp.pkey;
+- if (skey == NULL) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_MISSING_TMP_DH_KEY);
+- goto f_err;
+- }
++ /*
++ * Get client's public key from encoded point in the
++ * ClientKeyExchange message.
++ */
- /*
- * Get client's public key from encoded point in the
-@@ -2425,6 +2376,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- #ifndef OPENSSL_NO_SRP
- if (alg_k & SSL_kSRP) {
- unsigned int i;
-+ const unsigned char *data;
+- if (PACKET_remaining(pkt) == 0L) {
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_MISSING_TMP_DH_KEY);
+- goto f_err;
+- }
+- if (!PACKET_get_bytes(pkt, &data, i)) {
+- /* We already checked we have enough data */
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- ERR_R_INTERNAL_ERROR);
+- goto f_err;
++ /* Get encoded point length */
++ if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
++ || PACKET_remaining(pkt) != 0) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH);
++ goto err;
+ }
+ ckey = EVP_PKEY_new();
+- if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
++ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
++ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
+ goto err;
+ }
+- cdh = EVP_PKEY_get0_DH(ckey);
+- pub_key = BN_bin2bn(data, i, NULL);
+-
+- if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- if (pub_key != NULL)
+- BN_free(pub_key);
++ if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
++ NULL) == 0) {
++ *al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
+ goto err;
+ }
++ }
- if (!PACKET_get_net_2(pkt, &i)
- || !PACKET_get_bytes(pkt, &data, i)) {
-@@ -2467,6 +2419,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
- int Ttag, Tclass;
- long Tlen;
- long sess_key_len;
-+ const unsigned char *data;
+- if (ssl_derive(s, skey, ckey) == 0) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
+- }
++ if (ssl_derive(s, skey, ckey) == 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
- /* Get our certificate private key */
- alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-@@ -2909,7 +2862,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+- EVP_PKEY_free(ckey);
+- ckey = NULL;
+- EVP_PKEY_free(s->s3->tmp.pkey);
+- s->s3->tmp.pkey = NULL;
++ ret = 1;
++ EVP_PKEY_free(s->s3->tmp.pkey);
++ s->s3->tmp.pkey = NULL;
++ err:
++ EVP_PKEY_free(ckey);
+
+- } else
++ return ret;
++#else
++ /* Should never happen */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
++ return 0;
+ #endif
++}
+
+-#ifndef OPENSSL_NO_EC
+- if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+- EVP_PKEY *skey = s->s3->tmp.pkey;
++static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
++{
++#ifndef OPENSSL_NO_SRP
++ unsigned int i;
++ const unsigned char *data;
+
+- if (PACKET_remaining(pkt) == 0L) {
+- /* We don't support ECDH client auth */
+- al = SSL_AD_HANDSHAKE_FAILURE;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_MISSING_TMP_ECDH_KEY);
+- goto f_err;
+- } else {
+- unsigned int i;
++ if (!PACKET_get_net_2(pkt, &i)
++ || !PACKET_get_bytes(pkt, &data, i)) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH);
++ return 0;
++ }
++ if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
++ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB);
++ return 0;
++ }
++ if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
++ || BN_is_zero(s->srp_ctx.A)) {
++ *al = SSL_AD_ILLEGAL_PARAMETER;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
++ return 0;
++ }
++ OPENSSL_free(s->session->srp_username);
++ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
++ if (s->session->srp_username == NULL) {
++ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
+
+- /*
+- * Get client's public key from encoded point in the
+- * ClientKeyExchange message.
+- */
++ if (!srp_generate_server_master_secret(s)) {
++ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
+
+- /* Get encoded point length */
+- if (!PACKET_get_1(pkt, &i)) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_LENGTH_MISMATCH);
+- goto f_err;
+- }
+- if (!PACKET_get_bytes(pkt, &data, i)
+- || PACKET_remaining(pkt) != 0) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+- goto err;
+- }
+- ckey = EVP_PKEY_new();
+- if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
+- goto err;
+- }
+- if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
+- NULL) == 0) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+- goto err;
+- }
+- }
++ return 1;
++#else
++ /* Should never happen */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR);
++ return 0;
++#endif
++}
+
+- if (ssl_derive(s, skey, ckey) == 0) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
++static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
++{
++#ifndef OPENSSL_NO_GOST
++ EVP_PKEY_CTX *pkey_ctx;
++ EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
++ unsigned char premaster_secret[32];
++ const unsigned char *start;
++ size_t outlen = 32, inlen;
++ unsigned long alg_a;
++ int Ttag, Tclass;
++ long Tlen;
++ long sess_key_len;
++ const unsigned char *data;
++ int ret = 0;
++
++ /* Get our certificate private key */
++ alg_a = s->s3->tmp.new_cipher->algorithm_auth;
++ if (alg_a & SSL_aGOST12) {
++ /*
++ * New GOST ciphersuites have SSL_aGOST01 bit too
++ */
++ pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
++ if (pk == NULL) {
++ pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
++ }
++ if (pk == NULL) {
++ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+ }
++ } else if (alg_a & SSL_aGOST01) {
++ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
++ }
+
+- EVP_PKEY_free(ckey);
+- ckey = NULL;
+- EVP_PKEY_free(s->s3->tmp.pkey);
+- s->s3->tmp.pkey = NULL;
++ pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
++ if (pkey_ctx == NULL) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++ if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ /*
++ * If client certificate is present and is of the same type, maybe
++ * use it for key exchange. Don't mind errors from
++ * EVP_PKEY_derive_set_peer, because it is completely valid to use a
++ * client certificate for authorization only.
++ */
++ client_pub_pkey = X509_get0_pubkey(s->session->peer);
++ if (client_pub_pkey) {
++ if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
++ ERR_clear_error();
++ }
++ /* Decrypt session key */
++ sess_key_len = PACKET_remaining(pkt);
++ if (!PACKET_get_bytes(pkt, &data, sess_key_len)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ if (ASN1_get_object ((const unsigned char **)&data, &Tlen, &Ttag,
++ &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
++ || Ttag != V_ASN1_SEQUENCE
++ || Tclass != V_ASN1_UNIVERSAL) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
++ goto err;
++ }
++ start = data;
++ inlen = Tlen;
++ if (EVP_PKEY_decrypt
++ (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
++ *al = SSL_AD_DECODE_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
++ goto err;
++ }
++ /* Generate master secret */
++ if (!ssl_generate_master_secret(s, premaster_secret,
++ sizeof(premaster_secret), 0)) {
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ /* Check if pubkey from client certificate was used */
++ if (EVP_PKEY_CTX_ctrl
++ (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
++ s->statem.no_cert_verify = 1;
+
+- return MSG_PROCESS_CONTINUE_PROCESSING;
+- } else
++ ret = 1;
++ err:
++ EVP_PKEY_CTX_free(pkey_ctx);
++ return ret;
++#else
++ /* Should never happen */
++ *al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
++ return 0;
+ #endif
+-#ifndef OPENSSL_NO_SRP
+- if (alg_k & SSL_kSRP) {
+- unsigned int i;
++}
+
+- if (!PACKET_get_net_2(pkt, &i)
+- || !PACKET_get_bytes(pkt, &data, i)) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BAD_SRP_A_LENGTH);
+- goto f_err;
+- }
+- if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
+- goto err;
+- }
+- if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
+- || BN_is_zero(s->srp_ctx.A)) {
+- al = SSL_AD_ILLEGAL_PARAMETER;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_BAD_SRP_PARAMETERS);
+- goto f_err;
+- }
+- OPENSSL_free(s->session->srp_username);
+- s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+- if (s->session->srp_username == NULL) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
++MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
++{
++ int al = -1;
++ unsigned long alg_k;
+
+- if (!srp_generate_server_master_secret(s)) {
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto err;
+- }
+- } else
+-#endif /* OPENSSL_NO_SRP */
+-#ifndef OPENSSL_NO_GOST
+- if (alg_k & SSL_kGOST) {
+- EVP_PKEY_CTX *pkey_ctx;
+- EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+- unsigned char premaster_secret[32];
+- const unsigned char *start;
+- size_t outlen = 32, inlen;
+- unsigned long alg_a;
+- int Ttag, Tclass;
+- long Tlen;
+- long sess_key_len;
+-
+- /* Get our certificate private key */
+- alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+- if (alg_a & SSL_aGOST12) {
+- /*
+- * New GOST ciphersuites have SSL_aGOST01 bit too
+- */
+- pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
+- if (pk == NULL) {
+- pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
+- }
+- if (pk == NULL) {
+- pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+- }
+- } else if (alg_a & SSL_aGOST01) {
+- pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+- }
++ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+- pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+- if (pkey_ctx == NULL) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+- goto f_err;
+- }
+- if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto f_err;
+- }
+- /*
+- * If client certificate is present and is of the same type, maybe
+- * use it for key exchange. Don't mind errors from
+- * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+- * client certificate for authorization only.
+- */
+- client_pub_pkey = X509_get0_pubkey(s->session->peer);
+- if (client_pub_pkey) {
+- if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+- ERR_clear_error();
+- }
+- /* Decrypt session key */
+- sess_key_len = PACKET_remaining(pkt);
+- if (!PACKET_get_bytes(pkt, &data, sess_key_len)) {
+- al = SSL_AD_INTERNAL_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto gerr;
++ /* For PSK parse and retrieve identity, obtain PSK key */
++ if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt, &al))
++ goto err;
++
++ if (alg_k & SSL_kPSK) {
++ /* Identity extracted earlier: should be nothing left */
++ if (PACKET_remaining(pkt) != 0) {
++ al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
++ goto err;
+ }
+- if (ASN1_get_object ((const unsigned char **)&data, &Tlen, &Ttag,
+- &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
+- || Ttag != V_ASN1_SEQUENCE
+- || Tclass != V_ASN1_UNIVERSAL) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_DECRYPTION_FAILED);
+- goto gerr;
+- }
+- start = data;
+- inlen = Tlen;
+- if (EVP_PKEY_decrypt
+- (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
+- al = SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+- SSL_R_DECRYPTION_FAILED);
+- goto gerr;
+- }
+- /* Generate master secret */
+- if (!ssl_generate_master_secret(s, premaster_secret,
+- sizeof(premaster_secret), 0)) {
++ /* PSK handled by ssl_generate_master_secret */
++ if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+- goto gerr;
++ goto err;
+ }
+- /* Check if pubkey from client certificate was used */
+- if (EVP_PKEY_CTX_ctrl
+- (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+- s->statem.no_cert_verify = 1;
+-
+- EVP_PKEY_CTX_free(pkey_ctx);
+- return MSG_PROCESS_CONTINUE_PROCESSING;
+- gerr:
+- EVP_PKEY_CTX_free(pkey_ctx);
+- goto f_err;
+- } else
+-#endif
+- {
++ } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
++ if (!tls_process_cke_rsa(s, pkt, &al))
++ goto err;
++ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
++ if (!tls_process_cke_dhe(s, pkt, &al))
++ goto err;
++ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
++ if (!tls_process_cke_ecdhe(s, pkt, &al))
++ goto err;
++ } else if (alg_k & SSL_kSRP) {
++ if (!tls_process_cke_srp(s, pkt, &al))
++ goto err;
++ } else if (alg_k & SSL_kGOST) {
++ if (!tls_process_cke_gost(s, pkt, &al))
++ goto err;
++ } else {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
+- goto f_err;
++ goto err;
+ }
+
+ return MSG_PROCESS_CONTINUE_PROCESSING;
+- f_err:
+- ssl3_send_alert(s, SSL3_AL_FATAL, al);
+-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SRP)
+ err:
+-#endif
+-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+- EVP_PKEY_free(ckey);
+-#endif
+- OPENSSL_free(rsa_decrypt);
++ if (al != -1)
++ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ #ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
+@@ -2621,17 +2662,16 @@ WORK_STATE tls_post_process_client_key_e
+ }
+ #endif
+
+- if (s->statem.no_cert_verify) {
+- /* No certificate verify so we no longer need the handshake_buffer */
+- BIO_free(s->s3->handshake_buffer);
+- s->s3->handshake_buffer = NULL;
++ if (s->statem.no_cert_verify || !s->session->peer) {
++ /* No certificate verify or no peer certificate so we no longer need the
++ * handshake_buffer
++ */
++ if (!ssl3_digest_cached_records(s, 0)) {
++ ossl_statem_set_error(s);
++ return WORK_ERROR;
++ }
+ return WORK_FINISHED_CONTINUE;
+ } else {
+- if (!s->session->peer) {
+- /* No peer certificate so we no longer need the handshake_buffer */
+- BIO_free(s->s3->handshake_buffer);
+- return WORK_FINISHED_CONTINUE;
+- }
+ if (!s->s3->handshake_buffer) {
+ SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+@@ -2909,7 +2949,7 @@ MSG_PROCESS_RETURN tls_process_client_ce
s->session->peer_chain = sk;
/*
* Inconsistency alert: cert_chain does *not* include the peer's own
@@ -170886,7 +172479,7 @@
*/
sk = NULL;
ret = MSG_PROCESS_CONTINUE_READING;
-@@ -2956,7 +2909,8 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -2956,7 +2996,8 @@ int tls_construct_new_session_ticket(SSL
unsigned int hlen;
SSL_CTX *tctx = s->initial_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -170896,7 +172489,7 @@
/* get session encoding length */
slen_full = i2d_SSL_SESSION(s->session, NULL);
-@@ -3006,13 +2960,14 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -3006,13 +3047,14 @@ int tls_construct_new_session_ticket(SSL
* Grow buffer if need be: the length calculation is as
* follows handshake_header_length +
* 4 (ticket lifetime hint) + 2 (ticket length) +
@@ -170916,7 +172509,7 @@
goto err;
p = ssl_handshake_start(s);
-@@ -3021,18 +2976,38 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -3021,18 +3063,38 @@ int tls_construct_new_session_ticket(SSL
* all the work otherwise use generated values from parent ctx.
*/
if (tctx->tlsext_ticket_key_cb) {
@@ -170960,7 +172553,7 @@
}
/*
-@@ -3046,11 +3021,11 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -3046,11 +3108,11 @@ int tls_construct_new_session_ticket(SSL
p += 2;
/* Output key name */
macstart = p;
@@ -170976,8 +172569,15 @@
/* Encrypt session data */
if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
goto err;
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 6e56441..124a53c 100644
+@@ -3194,7 +3256,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe
+
+ if ((skp == NULL) || (*skp == NULL)) {
+ sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
+- if(sk == NULL) {
++ if (sk == NULL) {
+ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ *al = SSL_AD_INTERNAL_ERROR;
+ return NULL;
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1,112 +1,12 @@
@@ -171100,7 +172700,7 @@
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
-@@ -241,7 +141,7 @@ int tls1_change_cipher_state(SSL *s, int which)
+@@ -241,7 +141,7 @@ int tls1_change_cipher_state(SSL *s, int
goto err;
else
/*
@@ -171109,8 +172709,6 @@
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
-diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
-index 3bbe1fd..2db949d 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -1,55 +1,10 @@
@@ -171175,7 +172773,7 @@
*/
/* Custom extension utility functions */
-@@ -205,7 +160,7 @@ static int custom_ext_meth_add(custom_ext_methods *exts,
+@@ -205,7 +160,7 @@ static int custom_ext_meth_add(custom_ex
void *add_arg,
custom_ext_parse_cb parse_cb, void *parse_arg)
{
@@ -171184,7 +172782,7 @@
/*
* Check application error: if add_cb is not set free_cb will never be
* called.
-@@ -225,15 +180,17 @@ static int custom_ext_meth_add(custom_ext_methods *exts,
+@@ -225,15 +180,17 @@ static int custom_ext_meth_add(custom_ex
/* Search for duplicate */
if (custom_ext_find(exts, ext_type))
return 0;
@@ -171206,8 +172804,6 @@
meth = exts->meths + exts->meths_count;
memset(meth, 0, sizeof(*meth));
meth->parse_cb = parse_cb;
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 9f6cef3..e938d87 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1,111 +1,10 @@
@@ -171338,7 +172934,7 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "ssl_locl.h"
-@@ -767,7 +667,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+@@ -767,7 +667,7 @@ static int tls1_check_cert_param(SSL *s,
# ifndef OPENSSL_NO_EC
/*
@@ -171347,7 +172943,7 @@
* @s: SSL connection
* @cid: Cipher ID we're considering using
*
-@@ -1179,7 +1079,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+@@ -1179,7 +1079,7 @@ unsigned char *ssl_add_clienthello_tlsex
/*-
* check for enough space.
@@ -171356,7 +172952,7 @@
* 2 for servernamelist length
* 1 for the hostname type
* 2 for hostname length
-@@ -1217,7 +1117,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+@@ -1217,7 +1117,7 @@ unsigned char *ssl_add_clienthello_tlsex
/*-
* check for enough space.
@@ -171365,7 +172961,7 @@
* 1 for the srp user identity
* + srp user identity length
*/
-@@ -1329,7 +1229,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+@@ -1329,7 +1229,7 @@ unsigned char *ssl_add_clienthello_tlsex
}
skip_ext:
@@ -171374,7 +172970,7 @@
size_t salglen;
const unsigned char *salg;
unsigned char *etmp;
-@@ -1414,7 +1314,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+@@ -1414,7 +1314,7 @@ unsigned char *ssl_add_clienthello_tlsex
#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
/*
@@ -171383,7 +172979,7 @@
* for Next Protocol Negotiation
*/
if (limit - ret - 4 < 0)
-@@ -1466,10 +1366,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+@@ -1466,10 +1366,8 @@ unsigned char *ssl_add_clienthello_tlsex
/* Add custom TLS Extensions to ClientHello */
if (!custom_ext_add(s, 0, &ret, limit, al))
return NULL;
@@ -171394,7 +172990,7 @@
#ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) {
s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
-@@ -1603,6 +1501,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+@@ -1603,6 +1501,9 @@ unsigned char *ssl_add_serverhello_tlsex
return NULL;
s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(0, ret);
@@ -171404,7 +173000,7 @@
}
if (s->tlsext_status_expected) {
-@@ -1696,7 +1597,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+@@ -1696,7 +1597,6 @@ unsigned char *ssl_add_serverhello_tlsex
#endif
if (!custom_ext_add(s, 1, &ret, limit, al))
return NULL;
@@ -171412,7 +173008,7 @@
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
/*
* Don't use encrypt_then_mac if AEAD or RC4 might want to disable
-@@ -1712,7 +1612,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+@@ -1712,7 +1612,6 @@ unsigned char *ssl_add_serverhello_tlsex
s2n(0, ret);
}
}
@@ -171420,7 +173016,37 @@
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s2n(TLSEXT_TYPE_extended_master_secret, ret);
s2n(0, ret);
-@@ -1925,9 +1824,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -1779,11 +1678,10 @@ static int tls1_alpn_handle_client_hello
+
+ /*
+ * Process the ALPN extension in a ClientHello.
+- * ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
+ * al: a pointer to the alert value to send in the event of a failure.
+- * returns 1 on success, 0
++ * returns 1 on success, 0 on error.
+ */
+-static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
++static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
+ {
+ const unsigned char *selected = NULL;
+ unsigned char selected_len = 0;
+@@ -1799,7 +1697,6 @@ static int tls1_alpn_handle_client_hello
+ s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+ if (s->s3->alpn_selected == NULL) {
+ *al = SSL_AD_INTERNAL_ERROR;
+- *ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ return 0;
+ }
+ s->s3->alpn_selected_len = selected_len;
+@@ -1809,7 +1706,6 @@ static int tls1_alpn_handle_client_hello
+ #endif
+ } else {
+ *al = SSL_AD_NO_APPLICATION_PROTOCOL;
+- *ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ return 0;
+ }
+ }
+@@ -1925,9 +1821,7 @@ static int ssl_scan_clienthello_tlsext(S
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
@@ -171430,7 +173056,7 @@
#ifndef OPENSSL_NO_SRP
OPENSSL_free(s->srp_ctx.login);
-@@ -2004,7 +1901,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2004,7 +1898,7 @@ static int ssl_scan_clienthello_tlsext(S
/*
* Although the server_name extension was intended to be
* extensible to new name types, RFC 4366 defined the
@@ -171439,7 +173065,7 @@
* such.
* RFC 6066 corrected the mistake but adding new name types
* is nevertheless no longer feasible, so act as if no other
-@@ -2235,7 +2132,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2235,7 +2129,7 @@ static int ssl_scan_clienthello_tlsext(S
*
* s->new_session will be set on renegotiation, but we
* probably shouldn't rely that it couldn't be set on
@@ -171448,7 +173074,7 @@
* there's some other reason to disallow resuming an
* earlier session -- the current code won't be doing
* anything like that, but this might change).
-@@ -2264,10 +2161,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2264,10 +2158,8 @@ static int ssl_scan_clienthello_tlsext(S
return 0;
}
#endif
@@ -171459,7 +173085,7 @@
/*
* Note: extended master secret extension handled in
* tls_check_serverhello_tlsext_early()
-@@ -2337,11 +2232,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt)
+@@ -2337,11 +2229,11 @@ int ssl_parse_clienthello_tlsext(SSL *s,
*/
static char ssl_next_proto_validate(PACKET *pkt)
{
@@ -171474,7 +173100,7 @@
return 0;
}
-@@ -2367,9 +2262,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2367,9 +2259,7 @@ static int ssl_scan_serverhello_tlsext(S
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
#endif
@@ -171484,7 +173110,7 @@
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
-@@ -2581,14 +2474,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2581,14 +2471,12 @@ static int ssl_scan_serverhello_tlsext(S
return 0;
}
#endif
@@ -171499,7 +173125,7 @@
else if (type == TLSEXT_TYPE_extended_master_secret) {
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit)
-@@ -2629,8 +2520,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2629,8 +2517,7 @@ static int ssl_scan_serverhello_tlsext(S
* an attack we should *always* see RI even on initial server hello
* because the client doesn't see any renegotiation during an attack.
* However this would mean we could not connect to any server which
@@ -171509,7 +173135,7 @@
*/
if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-@@ -2737,7 +2627,8 @@ int tls1_set_server_sigalgs(SSL *s)
+@@ -2737,7 +2624,8 @@ int tls1_set_server_sigalgs(SSL *s)
{
int al;
size_t i;
@@ -171519,7 +173145,7 @@
OPENSSL_free(s->cert->shared_sigalgs);
s->cert->shared_sigalgs = NULL;
s->cert->shared_sigalgslen = 0;
-@@ -2757,7 +2648,7 @@ int tls1_set_server_sigalgs(SSL *s)
+@@ -2757,7 +2645,7 @@ int tls1_set_server_sigalgs(SSL *s)
/* Fatal error is no shared signature algorithms */
if (!s->cert->shared_sigalgs) {
SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
@@ -171528,7 +173154,110 @@
al = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
-@@ -3075,7 +2966,7 @@ end:
+@@ -2770,10 +2658,13 @@ int tls1_set_server_sigalgs(SSL *s)
+ return 0;
+ }
+
+-int ssl_check_clienthello_tlsext_late(SSL *s)
++/*
++ * Upon success, returns 1.
++ * Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
++ */
++int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
+ {
+- int ret = SSL_TLSEXT_ERR_OK;
+- int al = SSL_AD_INTERNAL_ERROR;
++ s->tlsext_status_expected = 0;
+
+ /*
+ * If status request then ask callback what to do. Note: this must be
+@@ -2782,58 +2673,41 @@ int ssl_check_clienthello_tlsext_late(SS
+ * influence which certificate is sent
+ */
+ if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
+- int r;
++ int ret;
+ CERT_PKEY *certpkey;
+ certpkey = ssl_get_server_send_pkey(s);
+ /* If no certificate can't return certificate status */
+- if (certpkey == NULL) {
+- s->tlsext_status_expected = 0;
+- return 1;
+- }
+- /*
+- * Set current certificate to one we will use so SSL_get_certificate
+- * et al can pick it up.
+- */
+- s->cert->key = certpkey;
+- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+- switch (r) {
+- /* We don't want to send a status request response */
+- case SSL_TLSEXT_ERR_NOACK:
+- s->tlsext_status_expected = 0;
+- break;
+- /* status request response should be sent */
+- case SSL_TLSEXT_ERR_OK:
+- if (s->tlsext_ocsp_resp)
+- s->tlsext_status_expected = 1;
+- else
++ if (certpkey != NULL) {
++ /*
++ * Set current certificate to one we will use so SSL_get_certificate
++ * et al can pick it up.
++ */
++ s->cert->key = certpkey;
++ ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
++ switch (ret) {
++ /* We don't want to send a status request response */
++ case SSL_TLSEXT_ERR_NOACK:
+ s->tlsext_status_expected = 0;
+- break;
+- /* something bad happened */
+- case SSL_TLSEXT_ERR_ALERT_FATAL:
+- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+- al = SSL_AD_INTERNAL_ERROR;
+- goto err;
++ break;
++ /* status request response should be sent */
++ case SSL_TLSEXT_ERR_OK:
++ if (s->tlsext_ocsp_resp)
++ s->tlsext_status_expected = 1;
++ break;
++ /* something bad happened */
++ case SSL_TLSEXT_ERR_ALERT_FATAL:
++ default:
++ *al = SSL_AD_INTERNAL_ERROR;
++ return 0;
++ }
+ }
+- } else
+- s->tlsext_status_expected = 0;
+-
+- if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
+- goto err;
+ }
+
+- err:
+- switch (ret) {
+- case SSL_TLSEXT_ERR_ALERT_FATAL:
+- ssl3_send_alert(s, SSL3_AL_FATAL, al);
+- return -1;
+-
+- case SSL_TLSEXT_ERR_ALERT_WARNING:
+- ssl3_send_alert(s, SSL3_AL_WARNING, al);
+- return 1;
+-
+- default:
+- return 1;
++ if (!tls1_alpn_handle_client_hello_late(s, al)) {
++ return 0;
+ }
++
++ return 1;
+ }
+
+ int ssl_check_serverhello_tlsext(SSL *s)
+@@ -3075,7 +2949,7 @@ int tls_check_serverhello_tlsext_early(S
* tls_decrypt_ticket attempts to decrypt a session ticket.
*
* etick: points to the body of the session ticket extension.
@@ -171537,7 +173266,7 @@
* sess_id: points at the session ID.
* sesslen: the length of the session ID.
* psess: (output) on return, if a ticket was decrypted, then this is set to
-@@ -3126,15 +3017,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+@@ -3126,15 +3000,17 @@ static int tls_decrypt_ticket(SSL *s, co
renew_ticket = 1;
} else {
/* Check key name matches */
@@ -171559,7 +173288,7 @@
goto err;
}
}
-@@ -3711,7 +3604,7 @@ static int sig_cb(const char *elem, int len, void *arg)
+@@ -3711,7 +3587,7 @@ static int sig_cb(const char *elem, int
}
/*
@@ -171568,8 +173297,6 @@
* form sig+hash e.g. RSA+SHA512:DSA+SHA512
*/
int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
-diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c
-index 5c0d825..15a4e27 100644
--- a/ssl/t1_reneg.c
+++ b/ssl/t1_reneg.c
@@ -1,112 +1,12 @@
@@ -171692,8 +173419,6 @@
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index cb22d49..562ac09 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1,55 +1,10 @@
@@ -171767,8 +173492,24 @@
{TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
{TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
-diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
-index cf5ccdc..08e22df 100644
+@@ -771,7 +728,7 @@ static int ssl_print_extension(BIO *bio,
+ break;
+
+ default:
+- BIO_dump_indent(bio, (char *)ext, extlen, indent + 2);
++ BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
+ }
+ return 1;
+ }
+@@ -1300,7 +1257,7 @@ static int ssl_print_handshake(BIO *bio,
+ default:
+ BIO_indent(bio, indent + 2, 80);
+ BIO_puts(bio, "Unsupported, hex dump follows:\n");
+- BIO_dump_indent(bio, (char *)msg, msglen, indent + 4);
++ BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
+ }
+ return 1;
+ }
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -1,60 +1,10 @@
@@ -171837,8 +173578,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/test/CAss.cnf b/test/CAss.cnf
-index 336e82f..b20a242 100644
--- a/test/CAss.cnf
+++ b/test/CAss.cnf
@@ -71,6 +71,6 @@ emailAddress = optional
@@ -171849,9 +173588,6 @@
+basicConstraints = critical,CA:true,pathlen:1
keyUsage = cRLSign, keyCertSign
issuerAltName=issuer:copy
-diff --git a/test/Makefile.in b/test/Makefile.in
-deleted file mode 100644
-index cefcd72..0000000
--- a/test/Makefile.in
+++ /dev/null
@@ -1,410 +0,0 @@
@@ -172265,11 +174001,9 @@
- handshake_helper.o"; $(BUILD_CMD)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/test/README.ssltest.md b/test/README.ssltest.md
-index b65a0d7..ea90efc 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
-@@ -59,6 +59,31 @@ The test section supports the following options:
+@@ -59,6 +59,49 @@ First, give your test a name. The names
* Protocol - expected negotiated protocol. One of
SSLv3, TLSv1, TLSv1.1, TLSv1.2.
@@ -172296,24 +174030,52 @@
+ - Ignore - do not check for a session ticket (default)
+ - Yes - a session ticket is expected
+ - No - a session ticket is not expected
-+ - Broken - a special test case where the session ticket callback does not initialize crypto
++ - Broken - a special test case where the session ticket callback does not
++ initialize crypto
+
++* HandshakeMode - which handshake flavour to test:
++ - Simple - plain handshake (default)
++ - Resume - test resumption
++ - (Renegotiate - test renegotiation, not yet implemented)
++
++* ResumptionExpected - whether or not resumption is expected (Resume mode only)
++ - Yes - resumed handshake
++ - No - full handshake (default)
++
++When HandshakeMode is Resume or Renegotiate, the original handshake is expected
++to succeed. All configured test expectations are verified against the second handshake.
++
++* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol,
++ ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol -
++ NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list,
++ and a callback with the recommended behaviour will be installed automatically.
++
## Configuring the client and server
The client and server configurations can be any valid `SSL_CTX`
-@@ -73,6 +98,10 @@ server => {
+@@ -73,6 +116,22 @@ server => {
}
```
-+A server2 section may optionally be defined to configure a secondary
-+context that is selected via the ServerName test option. If the server2
-+section is not configured, then the configuration matches server.
++The following sections may optionally be defined:
+
++* server2 - this section configures a secondary context that is selected via the
++ ServerName test option. This context is used whenever a ServerNameCallback is
++ specified. If the server2 section is not present, then the configuration
++ matches server.
++* resume_server - this section configures the client to resume its session
++ against a different server. This context is used whenever HandshakeMode is
++ Resume. If the resume_server section is not present, then the configuration
++ matches server.
++* resume_client - this section configures the client to resume its session with
++ a different configuration. In practice this may occur when, for example,
++ upgraded clients reuse sessions persisted on disk. This context is used
++ whenever HandshakeMode is Resume. If the resume_client section is not present,
++ then the configuration matches client.
++
### Default server and client configurations
The default server certificate and CA files are added to the configurations
-diff --git a/test/aborttest.c b/test/aborttest.c
-index 98aeddf..ba5055e 100644
--- a/test/aborttest.c
+++ b/test/aborttest.c
@@ -1,11 +1,10 @@
@@ -172331,8 +174093,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/test/afalgtest.c b/test/afalgtest.c
-index 80aa1e7..7fc03ba 100644
--- a/test/afalgtest.c
+++ b/test/afalgtest.c
@@ -1,56 +1,12 @@
@@ -172415,9 +174175,6 @@
}
if (test_afalg_aes_128_cbc(e) == 0) {
-diff --git a/test/asynciotest.c b/test/asynciotest.c
-new file mode 100644
-index 0000000..de67cce
--- /dev/null
+++ b/test/asynciotest.c
@@ -0,0 +1,308 @@
@@ -172729,11 +174486,9 @@
+
+ return err;
+}
-diff --git a/test/asynctest.c b/test/asynctest.c
-index 4694fda..6728058 100644
--- a/test/asynctest.c
+++ b/test/asynctest.c
-@@ -1,58 +1,10 @@
+@@ -1,60 +1,16 @@
/*
- * Written by Matt Caswell for the OpenSSL project.
- */
@@ -172796,9 +174551,22 @@
+ * https://www.openssl.org/source/license.html
*/
++#ifdef _WIN32
++# include <windows.h>
++#endif
++
#include <stdio.h>
-diff --git a/test/bftest.c b/test/bftest.c
-index b5e6c51..eb8d8a6 100644
+ #include <string.h>
+ #include <openssl/async.h>
+@@ -100,7 +56,7 @@ static int waitfd(void *args)
+ waitctx = ASYNC_get_wait_ctx(job);
+ if (waitctx == NULL)
+ return 0;
+- if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
++ if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
+ return 0;
+ ASYNC_pause_job();
+
--- a/test/bftest.c
+++ b/test/bftest.c
@@ -1,58 +1,10 @@
@@ -172875,9 +174643,6 @@
"abcdefghijklmnopqrstuvwxyz",
"Who is John Galt?"
};
-diff --git a/test/bioprinttest.c b/test/bioprinttest.c
-new file mode 100644
-index 0000000..b2d2622
--- /dev/null
+++ b/test/bioprinttest.c
@@ -0,0 +1,225 @@
@@ -173106,8 +174871,6 @@
+}
+
+
-diff --git a/test/bntest.c b/test/bntest.c
-index 1ba9032..763a8c2 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -1,59 +1,12 @@
@@ -173177,7 +174940,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -551,7 +504,7 @@ static void print_word(BIO *bp, BN_ULONG w)
+@@ -551,7 +504,7 @@ static void print_word(BIO *bp, BN_ULONG
int test_div_word(BIO *bp)
{
BIGNUM *a, *b;
@@ -173201,15 +174964,19 @@
if (bp != NULL) {
if (!results) {
BN_print(bp, a);
-diff --git a/test/build.info b/test/build.info
-index 4fd4d99..aac8693 100644
--- a/test/build.info
+++ b/test/build.info
-@@ -1,4 +1,3 @@
+@@ -1,8 +1,7 @@
-{- use File::Spec::Functions qw/catdir rel2abs/; -}
IF[{- !$disabled{tests} -}]
- PROGRAMS=\
+- PROGRAMS=\
++ PROGRAMS_NO_INST=\
aborttest \
+- nptest bntest \
++ sanitytest bntest \
+ ectest ecdsatest ecdhtest gmdifftest pbelutest ideatest \
+ md2test md4test md5test \
+ hmactest wp_test \
@@ -11,230 +10,281 @@ IF[{- !$disabled{tests} -}]
mdc2test rmdtest \
randtest dhtest enginetest casttest \
@@ -173229,10 +174996,12 @@
+ INCLUDE[aborttest]=../include
DEPEND[aborttest]=../libcrypto
- SOURCE[nptest]=nptest.c
+- SOURCE[nptest]=nptest.c
- INCLUDE[nptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[nptest]=../include
- DEPEND[nptest]=../libcrypto
+- DEPEND[nptest]=../libcrypto
++ SOURCE[sanitytest]=sanitytest.c
++ INCLUDE[sanitytest]=../include
++ DEPEND[sanitytest]=../libcrypto
SOURCE[bntest]=bntest.c
- INCLUDE[bntest]={- rel2abs(catdir($builddir,"../crypto/include")) -} {- rel2abs(catdir($builddir,"../include")) -} .. ../crypto/include ../include
@@ -173537,7 +175306,7 @@
+ next if grep { $_ eq lc("$name.h") } @nogo_headers;
+ $OUT .= <<"_____";
+
-+ PROGRAMS=buildtest_$name
++ PROGRAMS_NO_INST=buildtest_$name
+ GENERATE[buildtest_$name.c]=generate_buildtest.pl $name
+ SOURCE[buildtest_$name]=buildtest_$name.c
+ INCLUDE[buildtest_$name]=../include
@@ -173550,8 +175319,6 @@
+ INCLUDE[sslapitest]=../include
+ DEPEND[sslapitest]=../libcrypto ../libssl
ENDIF
-diff --git a/test/casttest.c b/test/casttest.c
-index 79472d8..c2a0ab5 100644
--- a/test/casttest.c
+++ b/test/casttest.c
@@ -1,58 +1,10 @@
@@ -173619,10 +175386,172 @@
*/
#include <stdio.h>
-diff --git a/test/certs/bad-pc3-cert.pem b/test/certs/bad-pc3-cert.pem
-new file mode 100644
-index 0000000..f8e76ff
--- /dev/null
++++ b/test/certs/alt1-cert.pem
+@@ -0,0 +1,22 @@
++-----BEGIN CERTIFICATE-----
++MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh
++BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
++Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k
++LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa
++3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY
++Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK
++gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp
++xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA
++YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH
++xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw
++HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV
++HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y
++Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py
++8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni
++ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2
++Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ
++Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT
++P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L
++vRlTFVjv65nn
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/alt1-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40
++2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa
++2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5
++ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A
++qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF
++wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta
++h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j
++IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF
++geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM
++szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu
++w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c
++55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4
++AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8
++hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf
++FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg
++s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/
++0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ
++iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6
++65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr
++cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+
++AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr
++g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo
++dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd
++LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV
++g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3
++sXJAoFllBNfAK3aanFOR1Q==
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/alt2-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDVjCCAj6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCUxIzAh
++BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAyMIIBIjANBgkqhkiG9w0B
++AQEFAAOCAQ8AMIIBCgKCAQEAw+bG1zr36IgcElBxX1vFcfq1NhdwjzUWlYt88oVr
++Zbn2cKzOZWTA2ft8slJf5b5AgWWuJ1Ph1EdX9evBvUE3qVUPDpJQ7UNBMvScqL8J
++pCjWBcRK9WWguV6MTqF8dJnadup7qfN0i6IWquA4yDEcJDQR4j0BjoAEsQgkASYi
++maYN5W7PW5swj7AR4K0W5Cwy+KF4+UXKkHPCmYUlbBa6lXZRp3uwU/gXT0fmLz3W
++O8eT1PdoPnbRVFIKPhZrHcNAORti4xr4Cn8IEhTaqxIQnCjSCjhksoOuoojhW0qR
++s9t1lTDxyBX5Uz6smanEyCQ6TQFOdMj4m8ULNYTSZbGYcwIDAQABo4GcMIGZMB0G
++A1UdDgQWBBT4YmD7D7JsE8BJzNs/5cIpbtZxhjAfBgNVHSMEGDAWgBS6A5+dBiSk
++V+Zz+vU6Cfm6hcyp+jAJBgNVHRMEAjAAMEwGA1UdEQRFMEOCEHd3dy5hbnl0aGlu
++Zy5vcmeCDWFueS5vdGhlci5jb22BDW90aGVyQGJhZC5vcmeBEWFueUBzb21ldGhp
++bmcuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBaH8qg41pSXo2ViEsZWVyUmB7QwVVW
++bWeR191XTQPfPNEDFmUzzeBllMUedF4HyD36v7Flpo/LdPdXQnZQ/eyKalztFHgm
++uePN5DNdS5xn9aqiKNF5pkO9WDhhYuwLRM50JeiyvKk2NvNx9oDFUQ7G6jEJu/r9
++rd+8PCUa0SK1dDPJ9dpGrfsAYwk8kST5/JfyDMrocsijOu3v1uGTttMQ0h0A6w6g
++EW8p77dVS/a2S3wJo9EiFHhnrAN493cwSXgBZUhKoKOri2u6XKV2D3g8N6bp22Ut
++S5wx0pC8o3wW5upPsDAnEUt9kJJgVkS0FfCEHhHZ8iQyuwX15Yft2Qsj
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/alt2-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD5sbXOvfoiBwS
++UHFfW8Vx+rU2F3CPNRaVi3zyhWtlufZwrM5lZMDZ+3yyUl/lvkCBZa4nU+HUR1f1
++68G9QTepVQ8OklDtQ0Ey9JyovwmkKNYFxEr1ZaC5XoxOoXx0mdp26nup83SLohaq
++4DjIMRwkNBHiPQGOgASxCCQBJiKZpg3lbs9bmzCPsBHgrRbkLDL4oXj5RcqQc8KZ
++hSVsFrqVdlGne7BT+BdPR+YvPdY7x5PU92g+dtFUUgo+Fmsdw0A5G2LjGvgKfwgS
++FNqrEhCcKNIKOGSyg66iiOFbSpGz23WVMPHIFflTPqyZqcTIJDpNAU50yPibxQs1
++hNJlsZhzAgMBAAECggEAfuMureALDTmD/TTPijV1+TKrRyL9jDSVsT1NLATRIG3I
++OwkjErek1kw3Y4VJihSl0Wpb2CtT3dxsE+Slc4EXnX1zqDuLYXKre2bHReGfTA4L
++Omb/Kl2uMgMUnCWq6BdzUozklpsTRRIy3nEnNjvg/24em0xqgrNW1pfwQjJCPQQX
++5ZLma+msDjT0BW2V7cnVh76A8qjDVRvJzKGRseVZEh+8Uke+SIKKLi1qICcK6MmX
++1TpGs/Yy+GaXk7HajmKEYEEDSRdS9sqFnvqkf1TsbHrZQqKdtWuXtIvss1ap7y1c
++PL5Y1z0/zf5WXV9nV3Yjd7F1tTN6S4sY7exOgNenmQKBgQDtkElQSwPHI3GCddfp
++Eo79w0K0N+PkkQTXkP/3566xTCg78xGU1HW0aw8jabVsSpHC2uD0dBJbkQ0iBa24
++VOwwGUUy8ZME14M0ToCDm2vXTR8oOw05DBcM4RwQQdGVxdnwScUJnDzefJEUyx57
++3HO4QWu+h4nBqp5CTk+Y5gu4ZQKBgQDTGsgtIcdQevWay4nXKp+kcUYJy2zmCnBO
++RFryyvdSSr3Tf7eeEZTicBiBp20fzppHc8/hdWnaF8+jlRx/hYY0M6hO2DEvXg78
++BbkqxwGV3dOZXEVusy8CPCQuRfQNY8XhQ195VyFdfsRKZ1dKD7C1Gky7dXgA26Ms
++KdWarvuD9wKBgQCi/h0fBujnp6zIqtvhoQcUmvTYO4STnOAqmuTUjVQxdyQfxazp
++ZUAA8ndnf66nRx5tB8nSTxUNWB8fma/QSgvnEF+HDXImn0r5B2drZKaACPz4mFOB
++MYdbIdQkX1RSI3ZdQ+/5oQWuTN8p2hbnOqD26YPoLIxaoRqGOb6pFCU0dQKBgDUm
+++CHM8HdGDlLkTpd7ZuirkJvkuU2OcUpzkYayLeVtZjA7ZwsImDkPSkxS0HoCtfup
++oDy/KGC+QAyK/brp7ql0HDuF2ZR4lUNFWaL4qmCGksF5Zw4BVaO1atKv0EwSw/78
++zKwrkP4ObfPh4yuFmdNvhMRqRkXJB2OWQO8Kgc9vAoGBALXo6IGSM6TtHoNrnEwi
++LozF+eV6ZmYb1miBEBVOyCDl0BVx+6n3iNt17v2EmWLcFYS4ZE+AF9EuRfxuDv+V
++ZSK8sQKka0YgQmLPIoBXksZGwTUYBaO1ojFKuVzrE0ATnbVzuu5wHLZeyK2soCQF
++slY5WVhO5Oo2YTGB7Wxzs4Ut
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/alt3-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
++IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowVDEj
++MCEGA1UECgwaR29vZCBOQyBUZXN0IENlcnRpZmljYXRlIDMxGDAWBgNVBAMMD3d3
++dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN
++AQEBBQADggEPADCCAQoCggEBANF68Ty4b18vK4fqVqJMIbwj/mLnF+WA6lvrzEE2
++79mtKLn6jHAjXWJCJ8U+ib23dRf7K3F3qJcQF3sEZpY3VgbmBMZe6mQ1A4Kfza3k
++Wm+D2vNy8BTh8esu3P9TsD89679qUaZ2/85RykFmnV8NdJnAgFEQ+NZuBeQck2Ya
++cZiYyjNCfWEnSsvmO66M99VXzzD9kkpEUXpe2GbLfzE1iP+79sFGGFHYAvmTmhKY
++DFIEJqKY56bnYBlFtQFTWGqjDe8irV8vFJ+VoXR73DXq/J/k9UvwytwDtsJMeRsj
++O61UpbBDV+QipZeGC6cXtRzxPDsxz0BAXQeWQl7F4xavc78CAwEAAaOBjTCBijAd
++BgNVHQ4EFgQU0K7Prr9eRi5yL/vKPFPpfIBCRUwwHwYDVR0jBBgwFoAU8FOJh91W
++GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADA9BgNVHREENjA0gg93d3cub2suZ29v
++ZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG
++9w0BAQsFAAOCAQEAfJyYbBQfCHNwPeKi1/OYZA5CLOzktiiR8Uh/1YQLb80jNtcn
++f4zZOHURqd4mLDrKNnQ7MVqlj+CC3oN4c/L58yQqLm1fbTKXgH6t6OGgg2IL3Aet
++XWbHOg0arknwyOKY5jjVkzbZthZ9EaS0QTlN8eULHV3nwImlfc5IFDetzIvPJkz9
++82fYuUO5jeCB4vjKBX5Ha7rvg/6rnNX71vA3++JrFc0PRFoJvnQ6GQTtBSZE4dFK
++TOH5jE60bjDUL48jl267HLF5RklGuQRgZ3XfIU8JqDtEQuWJTWHc3NPEl2GOJO86
++QDfXLy4+TUfWsoAEuoVeOvR5zitzy3Wqcm3Idw==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/alt3-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRevE8uG9fLyuH
++6laiTCG8I/5i5xflgOpb68xBNu/ZrSi5+oxwI11iQifFPom9t3UX+ytxd6iXEBd7
++BGaWN1YG5gTGXupkNQOCn82t5Fpvg9rzcvAU4fHrLtz/U7A/Peu/alGmdv/OUcpB
++Zp1fDXSZwIBREPjWbgXkHJNmGnGYmMozQn1hJ0rL5juujPfVV88w/ZJKRFF6Xthm
++y38xNYj/u/bBRhhR2AL5k5oSmAxSBCaimOem52AZRbUBU1hqow3vIq1fLxSflaF0
++e9w16vyf5PVL8MrcA7bCTHkbIzutVKWwQ1fkIqWXhgunF7Uc8Tw7Mc9AQF0HlkJe
++xeMWr3O/AgMBAAECggEBAJFEuNZq8JEJnR58G+gg86QNMfRUXfYCGIP2WYdAGcTS
++mFOgtJNvcusZBYt7evndp44h2FavrHJV7nKY8qtpZHcUPGt0lwc23GBRgcj9etmq
++jsQVCPjyV1nI/ejymF7DCiGMEWNnUq45ehEwoCGyqxGUtWeCZY4Obndqea1s2SoA
++SIwrP74kSP+cjcOb+KEg5jF5aT0Mzo9ipQuuoxLzjXJhtQuyDYOulq4g/jalMewk
++GLgRgbzrEDK8/DMVu35rNJ+CHWHowo+1G4lLY4DhajPMXMqb0dgR1JlFF5qyBoTN
++CJXq4mpuf4ApEd61MTCm0FoqSm/AprSAIISCqapytQECgYEA/ND+C9ZnOOtTxgqI
++nuq2r1yGFlNnbovcfiU3vrceUvmN+ne1tBtXSTNB4H95AUuoBeVAeYApBKxc0c9K
++5Pnwp5NdPbana2cfuorzJrIHM09RP/obDP8VTnNJeO7wd+00Cx5ZnV5g8UcicebH
++hbjfsc/lkd8G8YCIx+DBigzjIO8CgYEA1B4/JjCOuzM7Ag3y+XIIl3Ud4n15uog1
++5tDD1y3xWzZbL7fh0APf4mT8cTTU0ms4i9Rnpraw8ds9EfhMDXxJBs+LO6Ivw5RY
++RxWoAB1YTPU+T8EuTzZzIp/jrWTgsvLkjNq25W/lbZLO1n8ofFMgAAbWsN0J40ZN
++70Sib/JAOjECgYBSiJvXG3h5QYIIzhmJ39Ah8Y+orDPBCBHEcLwBG+Dfb67lDL2Z
++/a8CK6Se+J51SNCilBP3VlqNtwNaT1UA6YOiAV7YLc/8JR9bk88LW+Uz3/oDa8/2
++7zNyd/qNa1u/mwV5d8ADuvLk8bcR/ig2xILqlpc4htnKb463ye0E924SqwKBgHKL
++OtKmmgzg51Z+rdyiBZ20MsUhuOBPubvAtGC4gIMe4TLte1VXIkkg+2kufFZ8a/am
++ZqqSMQ8JsvrHOFp36P9yh99V/7D/pIQOX8BgGFTGgjWTPiysXJQv/0SdGvHHVD/z
++w5w2RpBbHLKbzAMG6FrbVof/dN10E5XHXGhTSvehAoGAHA6WgpPFp7iJBoC13NrZ
++q3DKluiytegvljyDW5hOlRGqdWp7551EGYLnWtc4bSHboIf89Iz4mW/hyYr7frzE
++A3Ksob4NIUCGMFJGSyTuK7eyhAxlVZbzqepZ+YftfTvW3iVXkxXx6kEgdzwPrNMx
++DXwfc6G23PX5tUayTZqKC+g=
++-----END PRIVATE KEY-----
+--- /dev/null
+++ b/test/certs/bad-pc3-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
@@ -173646,9 +175575,6 @@
++5pNH71k8zqVR2z0fC4oiv8TNsDn2g07wCCcQmzg8JHsP5p/hyUg51RqrQJhAbaf
+eUmD8lyBBdfcia2UqJM=
+-----END CERTIFICATE-----
-diff --git a/test/certs/bad-pc3-key.pem b/test/certs/bad-pc3-key.pem
-new file mode 100644
-index 0000000..8ddee57
--- /dev/null
+++ b/test/certs/bad-pc3-key.pem
@@ -0,0 +1,28 @@
@@ -173680,9 +175606,6 @@
+CkO/JSH7lgVXT1zsf0ZYojaZWLhVTNHa3PO6R0FtyC0h7MtHV9aquPNCeiQDkwbT
+RBV8wc0Stpj+QEShPIS9gEQVNA==
+-----END PRIVATE KEY-----
-diff --git a/test/certs/bad-pc4-cert.pem b/test/certs/bad-pc4-cert.pem
-new file mode 100644
-index 0000000..5e47992
--- /dev/null
+++ b/test/certs/bad-pc4-cert.pem
@@ -0,0 +1,21 @@
@@ -173707,9 +175630,6 @@
+ByFwvFeG0lrtvcx3RhvlJQYixUPME6TcNOAWJARJ0qiO1PCufFDlOSjq8GjtxGbc
+JjMc3GfdaieMM8afXWQPflfLw/Jb1rPOKpikva05ZMI=
+-----END CERTIFICATE-----
-diff --git a/test/certs/bad-pc4-key.pem b/test/certs/bad-pc4-key.pem
-new file mode 100644
-index 0000000..49406bc
--- /dev/null
+++ b/test/certs/bad-pc4-key.pem
@@ -0,0 +1,28 @@
@@ -173741,9 +175661,6 @@
+Z1OgtiraQtSG7BeSMRLJ2aCM8+JotvYMjRauiC00jXZCsusyJ1mLqgWlHu+YORVE
+9fO6/M0yLLz4mk5z2gdrP9MA
+-----END PRIVATE KEY-----
-diff --git a/test/certs/bad-pc6-cert.pem b/test/certs/bad-pc6-cert.pem
-new file mode 100644
-index 0000000..d529091
--- /dev/null
+++ b/test/certs/bad-pc6-cert.pem
@@ -0,0 +1,21 @@
@@ -173768,9 +175685,6 @@
+08rvhIi9X/yQKFD1o5kvbTi5//zcCx0RbMVZRFcrFUD+PNwt7QLpFrMs4u08aok4
+/QzS0G+801JZa1zoUMnnNPNGlfybvANVbovUCc2h
+-----END CERTIFICATE-----
-diff --git a/test/certs/bad-pc6-key.pem b/test/certs/bad-pc6-key.pem
-new file mode 100644
-index 0000000..ef7541c
--- /dev/null
+++ b/test/certs/bad-pc6-key.pem
@@ -0,0 +1,28 @@
@@ -173802,10 +175716,557 @@
+/1B7W5euucM8JYxSGAicqKX7iYV6Ikz0l21Slw6fy+e1U4gIDfZPgx56iV7yVoGc
+IywUjiA/G1N3M5WBVqBl3K8=
+-----END PRIVATE KEY-----
-diff --git a/test/certs/ee-client-chain.pem b/test/certs/ee-client-chain.pem
-new file mode 100644
-index 0000000..27652fa
--- /dev/null
++++ b/test/certs/badalt1-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
++BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDMwggEiMA0GCSqGSIb3DQEB
++AQUAA4IBDwAwggEKAoIBAQCiqb6LYFYj1uPeIVuzuDL1bfV8+xlrws67I+9yVDiH
++slYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYfLhF3LQUvXyON0LkjkZseXVFLNokD
++BXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByCIVUOpiXBbq5FtsuLhquHK0yAsY1g
++JYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn69+s3nGx9QheboiDVTWqynxDQn2W5
++ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdnsAJ/pN2Yc3ri53OPodTkmrRha31N4
++8TA7st35XepAk4vZnSq7cml+85xs8Az/OZDSHH1EV5sDAgMBAAGjgZMwgZAwHQYD
++VR0OBBYEFOI3TVHkhEPOWw3mh25Ri85AMqJmMB8GA1UdIwQYMBaAFAjRm/nm1WRw
++oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwQwYDVR0RBDwwOoIMd3d3Lmdvb2Qub3Jn
++ggxhbnkuZ29vZC5jb22BDm90aGVyQGdvb2Qub3JngQxhbnlAZ29vZC5jb20wDQYJ
++KoZIhvcNAQELBQADggEBAGpxmDDbqtgDry35nKv2pTDMHW9Yqv80ZQmy61kQiatN
++vJzxdb+admW+CNXHHqsAeRr6ai2aQkn2bJrMkGuosNrkVOg43Qw7k45nIK4jUgUc
++dcH7vVp+8isjSYXo2fIxulhE8N8fhhMVAQrhQywkdJW98fDlq+lHqUAEHJ7vNtlb
++4LssY78+hq1ftjYiItAybc8peU3iDjUl+TTk0ZLTX6E9XE0xRYV9berAyTIUDSIE
++GpzEtsBqZlTdkvZOfsTs4s4tpkOoZQ1aHniCk8fQ+/nI3CS9EHuWqt/s573rCRl4
++HfiXnUmwyOm6IKzBLsbgxlByfI7fAS1Nm/hLhgtglfk=
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt1-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC8n4gY4wOae4Sg
++pyqOZf4bg5JDa/NvzZV/g6PawamFQJIAjf41ylZ5Cjdi9+2H9CuFZ4e3im9L6Hu4
++2ihsTeLmxtIabr2w0bFxTW5ZQ/NogfyNGgdcSqUrQLF8nSqE2NJ88sNVyrMQPLMk
++LllqvVFhXEBntFfZSXKIz2sA6LIeC/t8UReznRfAKF5lJoBjjDXJLOYmgz44rxqq
++L7m84ABJYD119LXRc8N5XfEvC7ff61ZrBOrmxtwZY8FJWODsS/CC+RBN8nnt8rh8
++ICyfh/2gA4x6Mwt6dVMax2dw4u/esgbokjQ16wvFGjWKzufdSPa3Tk7hrhvRC38h
++8jAqpxtZAgMBAAECggEADW9fhkZFL2+01qyRf2sMWnFYray2vjPqfhamSSKaLH+Y
++5qk2fiZXWm+72jTGmnRt1Sa2qAAYRVPd3CDN2EkD7GQk+vUAVePZu7REM99/KuZ3
++UqWT+KLoeNg2zCV1rdizxWqVNzsk3fc021Lh05SAg2rKu5hA2Z09pzj+6iWo6jLY
++0pFml3LgNjYy7VQ1V8978vtaVhVYklOiAT4dfNirt42F1NBGgaRCLhOlROOJYPz1
++LCjSlKzF2T6e/4hNvxQXGt2yJ1fq9dIj9h2XaGBbyPhiy7gUvMNC46LB66kOkPwL
++4rX7OGAEgr/vHpZvPiCVALK7dm92Z87+yem92UrDwQKBgQDzj+HvgfxDsezpZUHh
++rFEobTx98XOtCDDn9uS1dODGB+DaRROzybqfcf1D3ayWoS0ucajoOsv+/brq5FsA
++f7aNMbSTZNIIqjOyioWAz/4Jqupcr3RFczaVG+mX+OPHq1WnvCWfD/yNI8MSy+FO
++b7LdO7idN12M9HNurZGmO0Jv9QKBgQDGQW0efsO55DN/Ve6QdLeqSjVvXhmDKv9i
++6bBu8zQQWD5hFqirDl8144VY1SqTua3N+QfX0DX0QAxqkVeG9O2sNERumElWaBm+
++MnOKW/IklXIK7shmjtAzarRD0cX/8di0Wwv0qZfL6iU8tkmh89kNyUE6tHbmpeUj
++fVeO0G3TVQKBgCWAkw5Y2mnl/I+XasR/zuNFppnR0rji2PzulBqoi2+SiPmyxyzY
++s+aXG6MWf9uVp6pOD+7qFr0FfoFqdeSmxYoKDD7huEFjS6CDGblSzU/ZxEpPLbz/
++13iwGpCu3wvAgujX3IcYZA+rYP8E64UzR7wu1OdIPhxVC20QRqvs1fb9AoGAPCgy
++IiS44zkZXzQF9ZNU/7kQycA14ZU0dSEPxjrJu4PrOa6Uc4Mi5Mkq9y+Hgde/o1ZD
++SPsGxByDJ/r+IhdD3xLlCOHwruVbmljYsk0ABpXKSwL1kBkZl+By3nlSqT0LUn6l
++/BFR3DAqKGfvo9LIM+SzhEqqIYaJJuGrpcwc5xkCgYBu0Q1goQd3me/U1KCIRYN1
++u0f8H1uav2zGp9818PvLny6tMa83Kfam/zT8zGIOBEty530jPFWDnky+CLAm6qYL
++ANLPHiCErO+3n15C80porioSFnUL7QY/5uRfTwDjcgCjGQgDiL1RhwZJurmFgwM3
++RBPODQ6vGkTdrJOJr2AWCA==
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt10-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDiTCCAnGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
++IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowVDEj
++MCEGA1UECgwaQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTAxGDAWBgNVBAMMD3d3
++dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN
++AQEBBQADggEPADCCAQoCggEBAM273Y+gNkheA8Ifd/zsmibA0KmeuEKGZsLvv4Vl
++HXABoOtYli7wkfyZPexHgUUdNe6Tu9de7nYDCx/iWoSdrcKl+/5BBiFcLY72Buqk
++DF2vmC+un8z4ykHa+dqJ2KaL7j8uLsiSPCOk9+tM+bvCYv4o1wPBsoDmPg50yvXp
++RVR7487cN29h4BnZC1BMXuwUzEexpYCy7i2GQTI4DrQ+oN1OsIUbHS9qQxrfx+vG
++TYpeZOkR2Mb6OtPEHCGpCsxNCDzhPAmlH6jaxT2kCkhuAWkqkhHLTuga3kmXuH2r
++OBOpq9TRhC2kPipcuOcIdnhexovcODVJ0X0prkS3P10K3fcCAwEAAaOBnjCBmzAd
++BgNVHQ4EFgQUmGUQRhEili5u8F+d8jSgSLailgUwHwYDVR0jBBgwFoAU8FOJh91W
++GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADBOBgNVHREERzBFgg93d3cub2suZ29v
++ZC5jb22CD2JhZC5vay5nb29kLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2Qu
++Y29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBZ4RTnIR7Tgv4rq1Qx7pbx3Hlw
++Y68L0Nt/8GaFZK0pOrKHuY6HUcUOSabtchcm/CYF1ZowKT5KGWmR8X1WzgHe9Aay
++4njzcnTu66hc1osZdH2lF1+lkNA+HLvzNNcBu0XwqzCs2f/yp4uznuHZKvX45y4L
++x5TUh570LVUnnoosdTmzicZdXcw0nzikbueNAFSrZFLPt+lH/t1P7d+gNj6hAOYi
++6Ac+JEjSAPXZOzbNrf56SC77cvkkFrYONjXgrJfNpZHMCNj1M3bqileTYIV5Leyh
++PgoXCRyteMyNjwTih90SZPq4dLPx3Mf/WNG2/hXIkC1AvFXpp/u0iuwlw7AO
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt10-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNu92PoDZIXgPC
++H3f87JomwNCpnrhChmbC77+FZR1wAaDrWJYu8JH8mT3sR4FFHTXuk7vXXu52Awsf
++4lqEna3Cpfv+QQYhXC2O9gbqpAxdr5gvrp/M+MpB2vnaidimi+4/Li7IkjwjpPfr
++TPm7wmL+KNcDwbKA5j4OdMr16UVUe+PO3DdvYeAZ2QtQTF7sFMxHsaWAsu4thkEy
++OA60PqDdTrCFGx0vakMa38frxk2KXmTpEdjG+jrTxBwhqQrMTQg84TwJpR+o2sU9
++pApIbgFpKpIRy07oGt5Jl7h9qzgTqavU0YQtpD4qXLjnCHZ4XsaL3Dg1SdF9Ka5E
++tz9dCt33AgMBAAECggEBAJzXPb+C2h8tXRwetXCiR5qHoAvPrpU4tRqjf5SIU3rS
++IwWIEWZTjFfP039Pu+Mes8Df63HzM0PQaiiyfWNgedlMhOF+XNgN18WHFhrHWY4K
++kbC4Jacze63c7GGIeRvuzYBpCs1pfmOGHmLJ2hEjzigIpnJ8tkLCREjtDNWQMoSG
++V5LznbgZ9S/2KjyvTW5ff6m4GQH3BShPPkFDICgQTulwdZT/Y8SDKx5+qX2RAtjY
++RguaaNSKQnOHroF+FPNPMUsK5gLZLWIdIECTi6YHaba1BThKzeKFKtQ0lWI5ebxg
++R4kzEPFJmEHbNplxUHSkY4ZIsWK9m09Sn72IrmVY6fECgYEA9e4+w2x/YLtnfwYT
++tVj+kR5MRTn6t+gOR7o6lsWGvkFqwSi0syfN8D6u3KeoYORUUY7ISCFJgIag5Y5V
++Hp8T23O4rRcWuoAmolxNyvYiUYsVdflDbAZFKMSvrAv3XlRRf0vJYXym32k8KAhx
++1qo1zTl7THWM/skv/SF+VMItnO0CgYEA1ihKz8LbtPcbsOaivJX7cXVf1AuRty6F
++lKX8QIGg0ppq/EFkZDWg7+OCVneO53bFVDDqKoiM4Dq9+aA6Dgx4fjFof8rUaCet
++H/isEkjcvEmG2a71PU/moamDuZDu8yRodUl4zyjqthQgc2n6ryV/ZIU8vNZmjpIr
++EhITW8/mbfMCgYEA7UMjpDA5l55VlDPNscihGGpNlQABxYmItWSSf8EjZMwB7UaT
++RsChKyWeV90cUhYWzvRcf1I18lxwP+eYcUlxw+eaBMvgrp9SJpO8rZHWvCrd0opf
++pIlMEa/n96k3xva8BX6dU4MKD0IculajVUGzVEIflT1XgLuio6i7k5Qeo2UCgYA3
++I8SvXbKIE5/Tmm6IM+27tsbnp9rq2VWXgm1Chp3L2+pz7LpWeuBnI6LpdHsc6Z3B
++IZ8JOINdMIK9hR2thFR52WrYjHbIIn8W3kYfpxb+e8f2wG9wS+RL94NtAf4kKFmk
++6TfrztMv8lqwnLbo5bS5QvzyehmJ1+SzEGhfmVXxNQKBgQCULij+SMWsFC/gPJHh
++BCnx12Dx9t5+qE4vrjtNumCCnj9i0nRPludbWapRfHyfe0WlhpnnHo2OTFcl3qna
++wBln8Km2CWNsX/QeosZBPr5KAakfD+l8LieK350t7yE1LEboYCZkBNCG2gJXIyTs
++o5DsYNoxX/IWq2EbB6qQ3Cys6w==
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt2-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDSjCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
++BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDIwggEiMA0GCSqGSIb3DQEB
++AQUAA4IBDwAwggEKAoIBAQCy5dZH9k2pwH5jw7iWD1TwOIqtmkNBOGDDk9jKvovm
++VUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E7/0yqjIesNPVvqzn2wzuii4VsfDn
++qN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQHSOHNgzm108XfpubuqleEy+ykHhX
++bgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHWQDWKE8TiQiGzb0sXWdkXvPt+zGw2
+++C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAkekUzu/dauhHY4aGRoX/EsDTN8K4F
++YtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7CNiSo6WMzAgMBAAGjgZEwgY4wHQYD
++VR0OBBYEFPIaUwk0/m0BQNvG30Cm6oNqQFIXMB8GA1UdIwQYMBaAFLoDn50GJKRX
++5nP69ToJ+bqFzKn6MAkGA1UdEwQCMAAwQQYDVR0RBDowOIIMd3d3Lmdvb2Qub3Jn
++ggthbnkuYmFkLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29tMA0GCSqG
++SIb3DQEBCwUAA4IBAQBjicKVS7UDgLCb15ucoKfnrVGvKUs7XSKfF/xae+c/2xWP
+++jCCqbilW0QhVuAYyK6GgVO9cG3PKhCH/Us2Az0oCzwLXibRHcDSRfrjJJ9uiofc
++f71p9AzAtRMlSwl3UhSLS8xbHLRbniNXi928+1iMoKb8Ua2ZVHzF3s/T3J26EEkR
++D2DtWq+y7ETlTPS/GklldW1x6qzWRgi4IriApX2taccJtFhaZH/Ih0XtnEWkmtOL
++dwsadu9bjbLtUsFBeW/bcRBqZoI/7xbSxVwHVXF2MZwHkdFuq/3eJE9RXVGpy86+
++JXOcEouXyLAVjj9XCWLW8ilVTkYE6EmUvKSF4aON
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt2-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCy5dZH9k2pwH5j
++w7iWD1TwOIqtmkNBOGDDk9jKvovmVUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E
++7/0yqjIesNPVvqzn2wzuii4VsfDnqN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQ
++HSOHNgzm108XfpubuqleEy+ykHhXbgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHW
++QDWKE8TiQiGzb0sXWdkXvPt+zGw2+C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAk
++ekUzu/dauhHY4aGRoX/EsDTN8K4FYtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7C
++NiSo6WMzAgMBAAECggEAe5D7MBt1S0H1Ss1+as/OOFqllwGNYLgjRhOR04BHu2G9
++Idjp0tcQJRBD9aMxEMOQKLkjFLtQ7aYJD8vAFMWv9rjmqKWaYk9QIFd7O2r73dcq
++jTTt0l9gjZLAhMzELO6680M/Nd/MeFf2UV1/E76GrM+dBrphmvAUWjFgabMWHDR0
++vFmZW46MGyDLAmihSYXXtwamYxf4UHYC9QxW2KNu1l+llalrRqzT0tQde93W+lM7
++fZBXgjdLayqdPpYhKd6QkEfVYrgtkuZern+DlIhfQcBwVqj+2gVfO87hFVEb5V2+
++Rt4v6xpL2Um+MvojE1NO353WPDBFMYOmoMjSBL+CoQKBgQDXzk0ke/+ZZoOIWLfd
++z57s9HyoTbiUHNELIhCNjJmpEVMlUn6TSRu8r8s4EciOb9yj4j5dr0p5tdsmP0eL
++KJZyTvNlEsq93azCuzG82Z+963iqq/1msncjvcbnIll8kGwpr38sLAN/qjc11/o1
++gLbWuiztGyTPuFtM/Hy/UvkV4wKBgQDUN78TSEGzuKDtyuZNMCnvSJdXm2p3XMaz
++d52ooRtZ0REH/MGMFW5u1xJxnDflcgnzXRVq8xaw3TMo/3Fx+Op6PGq8zVEwGDBQ
++0WQqBVB/b4Rw21Kf9fMVMtXvOxIsQcdz2583s6Lojr63H4P11fF60EEVmEW2cXs7
++MviuHdt+cQKBgQCpgS0ufwbgYpjlu2mQG8fkrpRLTeCw1YGMkREXXVxEY4s/QXCS
++F1Zl+l5QiAdTeaGAR/BcfZatyp17iTCUqSiiWEjtFrmQMFHGEmqavwStlAqPY9AB
++niPeOu3EFkLbiESs6V+mPlvxJq1+6UlqRNNYDZvEERH05gUwjxEc5fsnqQKBgQCo
++Q2cqJ8GIeVyIDreZ/hVR15G/8cdxysr1o2MLQGpKRb0mQx9HLfr4wWirUfzz3P7M
++ykJgIUwdgdW9rQRLJNztfJf5CSZVZuhwPAYaV0pjMI2nWg7iLAXICh2caI7ZLnKx
++hzJv3OvPTtcipUdhFXg5M4RXVfv4U3QtFRYeIChX0QKBgQDDQ7mGmWkuR++svxXG
++A5ITe+7RBRO8kVhXEGYQbIiuk4fM2ZXWnw/MwMVX3cZRfL2DPVmRa5Xcgs9OLwQD
++hoGqX9LBAkyB1p+ZBqNJaHa86awXR01gWNPW7/GJTp4Q7V4KkGvjIbWVWH/7TpMe
++d6YkymUz7h0qMN/M5nsB5Xg4jg==
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt3-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzAxMTMzNjIzWhgPMjExNjA3MDIxMzM2MjNaMEIxIjAg
++BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW
++DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7
++yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc
++YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy
++esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc
++ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq
++sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T
++I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp
++IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud
++EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv
++b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAZSDs
++XlhVEqGRU5Y/n6EIznEBdDSMSxjrZ62Nf4rWzrQGYT+R9CjUQra9/6wXyjvlTZZO
++w+BP3y0n2vH1TrCP22fA3n4Tw8WoJfq4Sb3x/eSgTlUYAiZvHv6vfugC7y36c7xh
++3dCgKWCDxaAplRsMkXIQXgfCNp360Z+OMMeNpcpVnxnp3LfMKCpsDWUKuWvN1AJE
++mi1VCWQuQIC3vmiZbZc/YKF1kAgUHxCnqHcLtU3GAZUuCVyNrdWXk8IjzjzX+ZpN
++qr/RUVVZ4IYDUUiGLHW2AvpVv9mt+SBspsCDXyiAf5O6xdek+tiTYLmU9uUOmtJ3
++ndvhdtnodLRvtBeJUg==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt3-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiqb6LYFYj1uPe
++IVuzuDL1bfV8+xlrws67I+9yVDiHslYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYf
++LhF3LQUvXyON0LkjkZseXVFLNokDBXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByC
++IVUOpiXBbq5FtsuLhquHK0yAsY1gJYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn6
++9+s3nGx9QheboiDVTWqynxDQn2W5ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdns
++AJ/pN2Yc3ri53OPodTkmrRha31N48TA7st35XepAk4vZnSq7cml+85xs8Az/OZDS
++HH1EV5sDAgMBAAECggEAUIndN2NGo04l2vkHT4/XY1/DWdN1/b4h39TmHOSIbN+m
++9YzBG5JcbKjLgXqEpA/uMqqAa9sv9ZbEDkIgEbLvy0m+79u1n1/bvwgTVTs2UZGn
++oeyyBuB2bp6pF2y/duzHctPdEJvh+w8vYlsgozUuonyruwbL91SBn1aX9Wx0BHMk
++rReJHuLxnGGgUVJzmNqKaGKBpuBaLhpytcIuwkNErDHUfzyxDcpu8IPo70jCafrE
++hlrbs9o8vKcnWF3XZ2LVPdrF0MQeXfvOPc0txiAOU4DQ91gsoZsVsYJCXY4Qw+4S
++ajpxidF6nQDtRtB/aTq+OCMzCVGog6V8Mg7VbA8u4QKBgQDQSHDEBgvPfoA/6Sxp
++uzFV7T0Vgl58oV35EqPFl81cBUSwTElx8ueP4kK00964j47Qe/N5TQOzvH+rxlGQ
++cBgQzG3W83c9HmfHjdx6lSQIruRW/HwqOsJtPcxP3XyxSO73+hqwf3hsOWRq74Lq
++MHcgvWZ1iy/A0smVQu2sDLDk8QKBgQDH7b+FbKSngDZU+9uEYKkPpmhh0qGXVgSX
++1W1BKYxIKd2y6aDOCxZJDTJGNBMpVdOTm1VNrL2J+cF73XOJWaG7KnSbxl/tkrS4
++9hwJ+Ut2VOumFWHEUqp+nxLxwJdCtA2f/YTNqJPLj3GiGJB+xp+dZr4ARn/+P5/N
++DC5G6S3vMwKBgQCreWg1ShEBI9FsTIi/B1kHuAgZJDqr+qIGQ/1G2MI+Jyw0xKmW
++wXc48vseKmvroGzgYZvCWtBYcjDd96kA8/gsJFGtrMWXMOgZ10YUOaLv7ySYJMgI
++cFXPYBhMDDnzLutmhqbgdiFrYBi3HTa3nW0GLEglL5EB+8fwNai8g7pC0QKBgG6A
++su3NGcjW7bDVMASf5HGY+XKwF85spcdCGMv+aeHs+fOMe+vGZv/jglkZKUocfP/F
++yEVRZ8WePNn4kYZl+yVXFvKOl7DY+HiO1vqQRqxVzZWTleEMC95GkBL87t3YZPt8
++BW4iceX+F8GPMDZSFCDMi9HdJZtikTGlPOLGuTPPAoGAAjVUGfbNqnpQv6aDpyWX
++Szd2uA9TzBCkh1hf7x4+E/Wr0leTGgXVez9uNarfpnVfgHTDv+OYK+Qnrq+UEHQr
++9xRAgXLEZWXPbkUakB1o7ZW52MxR6C1zZgitTZYVzeX0EMeWc+1Ujjwe7Qu3L6RN
++kEI6l4ZQL9buxDhqXH1UFbw=
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt4-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMEIxIjAg
++BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW
++DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7
++yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc
++YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy
++esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc
++ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq
++sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T
++I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp
++IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud
++EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv
++b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAiF/+
++jEoLAFll7JZN9PioyP0i7EEYCCVc7omFaKnIV0A9ZfV/TlHBZH/IQKdUXbSPF6eF
++4UwOQbkc2gwYEliNsU+rw5PANBEwPhCGKBIClWhReIzQqY8oTRxKOpq3cHd6hsab
++P3NYRUtinFdoOGlUHQQcql3zYwD/guOvA/zG8sR58ed9Fd0gt3OnSEvUSiR4e9bg
++gbqgSYgagIDcZn4kEJWVHQGj7lA4ot60X3VYk6vWSB/RmWqbmsGxzoNayGWaCw7l
++CuipVdk9yi4eROoQAxWvVBDz+7Q9CF7j1PkDMYB+QwiXwNfGplOMAWv6nQUNJPs5
++dIn/eeha7QWrqG/45A==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt4-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD7yQbYxTDmAxcJ
++zHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gScYYqC96IrJRwt
++g+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXyesNTqmUvUS6u
++XMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37eucymsZucA6pZwG
++iJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrqsjJunJA9U+5y
++++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6TI3GC4vN3U9Lv
++ZrWTj26DAgMBAAECggEAB5KFLTHJBbHkGHxY15xnEM1Y4zsJdE80QGTgOf3ua0Ws
++mDLeA6+EkqmT7xRYlyJbzyQz2Tp/WxLTpR7JmupMcwyUPykCuSRs0zoJDHzGO/dP
++TSOISCBUoacp1+Z+7Zc5EtDUXQjL4D9tyvqpUHKrFZkzp7TaOX6foYxg4TGluZxo
++RDp6qlAOzZJiAcmavgqPpvfgbkNs4cfdh9yu7FDX2Orqa0pQNsPDWp2VyOkDEPiR
++7LTK0OxQiHLdBbLvjiW34eElyJl2tJhCb08JcRrfbYpeS43j0rOcyDJQZX6tkpxK
++BJwgWVwqwuKBlZyGT2inASNeqON1tAGWhz59cWXcyQKBgQD++LSllDv7fOZTRKgC
++e+MGbkCKrPgjUr9NJgcrQhQ+kxE69E3p4iUtj/YTwIc23qxjuZ+jyG1wOFIULRYz
++KjBbuyEugfmcgWtFWeJokl71IHBk1QUT4xlSSMvccs8pTseBCdVWIkPRIc4qeGRB
++3RCPrJmmcvsJ7gnYPFfmKL1tRQKBgQD8zQflPYNLPgGPNaCbFiy0aCNYzvd+4ETz
++3TsKbmITXnq3W2Mf80RctzasFkTxM4Kma2fXbDNt4Z26s2x12FuEg7oaKtGKZBy9
++anmg4u4Cr1lk9BSSqlQeKsqQOp0mI3hyBW6v9CDhgCbMbKT6DgskwZpQjHLPf8UK
++DCfJ2Mq1JwKBgFuy8rVCNLhj2SpFXO9XwvSDHm9BehSqI+cJMDbckw9WMTI0vvjI
++vno+dk/wRDD1sKZFEicDZGihuNNMy9km6TF0gaCKWk1xNjVA+G6HheM/AW0iN6tJ
++V8gCKl9kYyEGFjZQZQuPUziZod4gYl5VtSkW+EOmwqZ1l9DPEwXRzR7JAoGAAu2A
++9Oe0eI+cRwNQ+9rS47f9CM9E0IRaaBSc1W8X1a+Xbj4xtLIFjalVicKsQ7rb/X9q
++8XTAV7pwMDRZwjeiP7Oi2SC70oV8S7lK9VELfp53Q5MMFfLBDKRkOi1jmoh4oaFs
++eb8zDkmEqYNsmbTF7kQLvHkT71FEf+xKHa1UE6sCgYEA+9bRKxPgngVA1qAhwrDM
++jjODdUhrlJZDZ7oAVs/CelAO6sSXZ7Yqyujs2YonuQ9aUiLLA/b3b26XEqW/iMzG
++onhxrQXGlsvqK+V5u+x8yBpBUj9KBw8RXBtdhPEl5iRIeQ17xKRi+9WilOuhwdKJ
++dlpiKXP638lF4t5jvaCy28o=
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt5-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDUTCCAjmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
++BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEB
++AQUAA4IBDwAwggEKAoIBAQCzgx886aURB161wWGRp4rr45Di4KhS/wUUSaHTQo5n
++9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45D05MJVvWsz7M42lA8GLJfKIX90aN
++PMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiAYuoGoT0gjOEqtoxyEu/buXgNMTdt
++lZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206Umsna7uje5tBI3CwYy0OD/XVwnSEx
++OgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//INa6g5ArJy6TCy3IsmE0hCwteaHKB
++jcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3GjdSVbdZ6hNAgMBAAGjgZgwgZUwHQYD
++VR0OBBYEFHecitO/eIltLUNkgT19Gn4TVkc2MB8GA1UdIwQYMBaAFAjRm/nm1WRw
++oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn
++ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEfwAA
++AjANBgkqhkiG9w0BAQsFAAOCAQEAOBZXBSNNAAAaII+l4mMoeXCpvofbaHuNlJur
++G+1uu5ra6VF5Juc5/uBa9zVQa2npe0kKOtx8xcI6QMQW+usphaUEh8t7AgR3efyK
++bsSKPnGxXtCSaYZIEiwFyAFTx1idzZixEfHUHTO+LQUwNTskDGCWK46V1P1wL478
++jXikGqc76DSmOXTc93asCMxCBIbHN7LLJIRhbUpiL2JrBPydzERPVoqiEZ9SWG4p
++DB4T0hHq5FUUnR1Wg7yQoClhyButeB4A2eGwLjhpSeLeXo+w6ENlcm9Lp5rOhbOo
++xqwgz6kUtU6smxWv0HruLT8Pq9hIKuPz6DWG/vIpiSLwz4B25A==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt5-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzgx886aURB161
++wWGRp4rr45Di4KhS/wUUSaHTQo5n9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45
++D05MJVvWsz7M42lA8GLJfKIX90aNPMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiA
++YuoGoT0gjOEqtoxyEu/buXgNMTdtlZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206U
++msna7uje5tBI3CwYy0OD/XVwnSExOgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//I
++Na6g5ArJy6TCy3IsmE0hCwteaHKBjcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3Gjd
++SVbdZ6hNAgMBAAECggEAcNWYiwcptFx3kbNuCsnPLpqp9ZHU++ZEYQ4vY8VQEdTT
++00n4Ep+ttpWe43HxwYJOktKb5Yf5p2j6Sa9vPbm10mx0qwC+pgzza0al9H5/oEN2
+++zxqw6Z2u5d3XmxIiUsGdly6xbeRBZrLq1eBVo1/CLjEx75a5VE151zbMx+egYge
++xETVRushMINQwkMbVUQp6MLX+M5eqEP8c2xyzPVEtxtxpu4yxZWbDuFezModhdvj
++ncV0QTBvlvB5Eg+4CeZiOvgu8ulnNUJsYGvMGCK8b9FwJhpM1CVtmw070CnRL0hx
++6Xrhgw26oAUmxWkvzzXsgwxAZFJMpM5Rg3rwrNDzWQKBgQDnR9FIh24gOK6g9dOx
++i/LVKFZ1V1/HVXTXiBjPHwecNkBXLLlgE46fxSHd1mt1yoHnyp3qOXbCIsqnk0S9
++KyMN0y7YG0P6QHxdrnhhr2zsZaVBEoLXmBn7vp6M50xt/Je4qvOGwkPTrU2Uftil
++qMIexti5oO/tOksmWw0Bm0R0WwKBgQDGsthSr9y1zpACJnu9rdMkwqZoxn8n7CPN
++y2L66WSpCopBKighfvn9ymOkV07TdcY9PEo/Yb5G3jT23trY2GOd6EYTSa0S8yDt
++lslXTzZJGAK+RiMf5zHBwIS800XSBqXCjL+yJ3w0sQd9uRcQr8XjIJLZfbT10sRg
++1jQBMK1WdwKBgQDJdsXXaCGF79ouW/ULs9zT0U9+552HBenB1cvGoEEA0kE5rrvL
++9T1H73CQzTbOZJjEULs+TNAmTCg70Q0Pu4PNhyhHF3kfhQzQjipO7YD0a5aIGJfh
++NZ1srZ9vHgx1wpJnSoLX4GE1AsGRmO0fYOG37X7cNFTLUPwlbSrnO1lmAQKBgHdR
++kJve5X/7wfi4mVgnGQMbLIkAof0cTcfYGeEo5HyqSqmlIiIzOPYRYlKe50QOlnPR
++T5jOHlA6Qb35x5uuHewGPoZ4mMknXR+vi8q1U5kDJSqTvaX71KJP9KXbjTL5MPMq
++SDc4hNqzcBcsXdB0bTXeKrEWTuPLpIeuOd55F64zAoGBAMooy318nDZ0c2Qek3/N
+++SN+cG5tLH7HjbI9C4XBYVbxXHIvg/nSzFRxBbC2ZFetJ27xvweM1J/Clk7d1Lvq
++PM7fcVgcc+ccHNM7KX77k0/J+FJF1uNsj9Rgg2TFveLKbtHfmaZd31k1HIYhSS5E
++a0BZeU4ZpKQJxpf8YbXbPi2Z
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt6-cert.pem
+@@ -0,0 +1,22 @@
++-----BEGIN CERTIFICATE-----
++MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg
++BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy
++Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v
++ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv
++BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
++9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
++7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
++6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
++jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
++1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ
++MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD
++VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v
++cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a
++YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb
++JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB
++2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb
++WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk
++zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By
++GH32QmEN5o5jZQ==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt6-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv
++BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
++9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
++7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
++6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
++jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
++1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3
++UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq
++2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH
++/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp
++rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+
++b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc
++kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9
++x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1
++HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU
++fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec
++hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2
++eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD
++DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE
++48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh
++F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9
++p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb
++iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75
++4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z
++ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo
++R1UfsJugW9Yetsqd9WB6q3ln
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt7-cert.pem
+@@ -0,0 +1,23 @@
++-----BEGIN CERTIFICATE-----
++MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw
++OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj
++AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA
++ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A
++eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
++ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg
++QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9
++GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh
++1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi
++Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf
++UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ
++2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw
++CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv
++bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB
++CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY
++gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az
++uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O
++WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE
++phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex
++IL5WuKFm0XSGKTX8SzyMGErMGeriveL2
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt7-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP
++Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk
++l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7
++dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv
++OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb
++uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3
++3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB
++We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF
++jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA
++mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul
++mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk
++yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH
++NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM
++oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3
++LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET
++GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2
++uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS
++CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF
++M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+
++J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4
++Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3
++t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x
++s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt
++mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8
++M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA
++cZtQWiEyaf026DdR8YBYn6tf
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt8-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
++IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowUDEi
++MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgODEVMBMGA1UEAwwMd3d3
++Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF
++AAOCAQ8AMIIBCgKCAQEAp5T7voqwIiauadaESOe4RMhRVU9tHp5JZlz1yJ7ZYF81
++PJJ9XfERTCJQow3BNRbVeXEyI4mvMMcuFwd5cKqy/gP5yfEV01QbpqACKhIK90Nj
++9fM2QOiYE81FmvQzP6j7QFYt0E6J4kupvj0D8Z2Nri0kXDGe5+hbgLPkZvnh0vvJ
++Ck7AEQ2iqO4Npe4uHoDx3GXNo2Jb6BKNf+nMsJPLo7sqUuZA0/mFDVPNRvKfiq6b
++ObFUdbY/qPVPHk9VBWZuO9etk35G2yTSQ9KiGRNgcoWQAozAyLRx0yECHZEbrZ5J
++JFuPXO/r7saqNuV7L8UpR0Z0SpyXKs7suLGBpYnO/wIDAQABo4GbMIGYMB0GA1Ud
++DgQWBBRkrc1ZEOlR+93o/6EPrgFeM37AsjAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm
++IFVvC/wUFdejsjAJBgNVHRMEAjAAMEsGA1UdEQREMEKCD3d3dy5vay5nb29kLmNv
++bYIMd3d3Lmdvb2QubmV0gQ1nb29kQGdvb2Qub3JngQxhbnlAZ29vZC5jb22HBMCo
++AAEwDQYJKoZIhvcNAQELBQADggEBAJ/gHSUGV0LahCqlFzhi4iP5JTleZlhsqOQd
++S2I6KV24gC+Hz4NHv4XhYv9mqZbivNSpf6+TV+77wcncfmkeAGqYMVXVt8DlJ7co
++NiKJZu3e2InmhLm5b6cYRidPhPEM7qYpxIhjpia1v7U83nNWvwEITmC0H0Qp3Cuf
++dv1EjAyGZsER05jBsy0qqH/64+djqd92zKNKCEaWXkTlC1XE+/PbEb94X8YbQaUn
++/wpvioqQ5rv+Bk2Jss23DDh0zOdWrCbKPc9BfsWCfLZYfOAyn5iH1vNdCVd85ggJ
++YyHBQ4JiF/uqkHZ7iQJ1QinJIJruAsC0BV0S3mdGgGQAmTT3m84=
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt8-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnlPu+irAiJq5p
++1oRI57hEyFFVT20enklmXPXIntlgXzU8kn1d8RFMIlCjDcE1FtV5cTIjia8wxy4X
++B3lwqrL+A/nJ8RXTVBumoAIqEgr3Q2P18zZA6JgTzUWa9DM/qPtAVi3QToniS6m+
++PQPxnY2uLSRcMZ7n6FuAs+Rm+eHS+8kKTsARDaKo7g2l7i4egPHcZc2jYlvoEo1/
++6cywk8ujuypS5kDT+YUNU81G8p+Krps5sVR1tj+o9U8eT1UFZm47162TfkbbJNJD
++0qIZE2ByhZACjMDItHHTIQIdkRutnkkkW49c7+vuxqo25XsvxSlHRnRKnJcqzuy4
++sYGlic7/AgMBAAECggEAEnrYZAOxNqLjWuKABfYfmN4qMeknVFgKKhKYO/5gZEM7
++gKl6z7A0wxuJnuF2a99PvSuhZs/ZFNzyFTIKz0TTpjVUB1Phn0NIJVDBzFffA7NX
++w5iFZBUCKDTbtyG0wRFmW4rlVHJEvEKxvjvGQo+oPwvVVaFXL6Ws6X1s83oc0AIs
++U3NKt8Q69o5pMHUo4Cv8Lgv41J2dfmxqf81FPLPl8NO+E5zV8OKT1AEisYh98P8R
++l7E6qWdPVv8hbqmtpXx2rDvUdooaNZPBczjbb/b6zdqxkR3Weu6xBFKTIJAsb7hi
++QI/DNxRTKnlDt8QFZi37KwkXAtSIQb7rjZ2OVOGfgQKBgQDQs5+u1ufRxi65Vw/8
++lkVjuB0L5+2Z58HlNrB8+iXqh9eovph17Y23ADaCUGEgEUyK3SfA2SFaj0C9nGtf
++SgqI2btQQm53sYq/MDNxKf9f0hJ0K0EK0LVyyl4fmGTSexrz+sEYPmp27/RhFSAR
++f+uccT0lI/V1V8NKkSKAK30zvwKBgQDNj7FK/+ER7e1+gE5CWKEimOPys3hd91Il
++2hNWOzllPtOj5C9qayG18XNYZm0+YqQtYZLhV5REMxY2sNtpfMxtqkjUrZnuaqy0
++thhQQP8BRS7eoyOgZ4lAvizsroAqvM9Hqxu7EMspBVLvKDoyGf+L4QsvWB6A7K9q
++4EjDrx00wQKBgCxh1paG6zuoKq2Nfz/W8SC4uaybgOLW71wAWl3pkICkrM8c4S1K
++/HUrXWwvDciVBTMOvvJ6+mXYywrHpenYxA7ARt5Vkkpv/jKUXIw3QzCsavI7dJSJ
++N90Wfhe3/9DnDx9NdxzhwSBT/SNcK7qs+n0Fc9xfHkb7B/Pmk3CwTurfAoGAKlf7
++MXPcLRFR5skPVeNj7fiInCoUFWco6NsvOIginpR+jDgo/EbtPslp9T/EKSGwqBh9
++ZSXhSNstLD7qM6Sdh8mYDxdjqhUXVnJcN8vru5tAuGPqptQtFcUXA/o+NI+IMz8w
++Cyy+bMjH+LPUqRVp6qqE30/LmMsop19kHcsovQECgYEArGQs1WwBCkKCyjAbUOXF
++m7pTgqrVEA/+ACrB2/4lCNgBwRvo2/b23pceEIekfcfzlJnsy0i73Jbh6OV5yk1N
++Glq+druyWBpK6Ao9emVeLWBJVinSB7WMZ2XPPKEUHVQkYSN0rMuBisEa07lai01E
++RxbCxTFtyUMpmWzDwgiwPbM=
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/badalt9-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
++IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowUDEi
++MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgOTEVMBMGA1UEAwwMd3d3
++Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF
++AAOCAQ8AMIIBCgKCAQEA9Y+SgizcSJ9TIHvJf0k3cnBDWx8xJKurrmpiuvQMl1YY
++lzmI4Qxojr5CRDSvCZh50xtF4CDMXW1MnTtYelFhfSmQ09M6lyfjMF+hrYTFkDMX
++Rz8WhtN6/YP80xuy7NuhsA00/hUJKqsAKT8ggwlf++0e+L0ELiu9dmB46zaxWzr4
++z+DigvrA+O7xrpiD/NscLNK02uIURKPKqlPL5LxUenC9ROFGNAIYJoWzsjxoVD0D
++X4bf0COBRzGlLFUHN4FY8LBwGhTcQ+hvsYn0JbT913daX46BuEkrT2V2plCsFDXz
++TOtKAHEBm/U4slrp1F3CPsXeqdqnB+3Ktaj+UQ5ZRwIDAQABo4GaMIGXMB0GA1Ud
++DgQWBBSauJ1kxBbvxrSyMER4Eh+hEnOo/TAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm
++IFVvC/wUFdejsjAJBgNVHRMEAjAAMEoGA1UdEQRDMEGCDHd3dy5nb29kLmNvbYIO
++b3RoZXIuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA
++ATANBgkqhkiG9w0BAQsFAAOCAQEAGrRJCrSxYLrkJ2MUyaMmJTrhfijIw9ZdYRLx
++lkCeW+i6qIV58JQKZeRQVVRJSUEV9OGWn6/46xZZdZWpJIab0EtoNHlMQoB1xni/
++1D8+gyOdiWy4jgg83arMMulre37T256vOGtNOu7PpDQCoPWCJkb9xuMt3RJrK8N/
++tFYB8TvWATtY/LGzk9Tmm+C7hNxsWx0l+ewxlqdHvpc7xwXuf8u7Ise0JkCDi8NY
++z6BxnUyWJ83G20npGnAWXJoaXNDcY0H75dGni3WcRPTAayboEr4xjR9Xqiu3bzlZ
++eVdPGwLwbgkvj7NDCQDphHl0HseTUToHGJrVj8dbR4lV10gogA==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/badalt9-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1j5KCLNxIn1Mg
++e8l/STdycENbHzEkq6uuamK69AyXVhiXOYjhDGiOvkJENK8JmHnTG0XgIMxdbUyd
++O1h6UWF9KZDT0zqXJ+MwX6GthMWQMxdHPxaG03r9g/zTG7Ls26GwDTT+FQkqqwAp
++PyCDCV/77R74vQQuK712YHjrNrFbOvjP4OKC+sD47vGumIP82xws0rTa4hREo8qq
++U8vkvFR6cL1E4UY0AhgmhbOyPGhUPQNfht/QI4FHMaUsVQc3gVjwsHAaFNxD6G+x
++ifQltP3Xd1pfjoG4SStPZXamUKwUNfNM60oAcQGb9TiyWunUXcI+xd6p2qcH7cq1
++qP5RDllHAgMBAAECggEBAJYazkcOnxUxd0HrCU/qdJ9aqoG//m1ZFxgF5hY76ppz
++wZJnVBmlWSCwgpdo0Pp/nzCBgmQwCFyv3F5ckYgryPkWeHZTr4QImOLQAmesOowb
++/wXJNb7y9UKU9O4jB2usEhko6ZTLTRAs+Ws9MGWJTIgV+ZG5ER4cFLOQ4zl89Es7
++/Z9dQFs4c9SqLfyEY3kbXqSQ2uwbUPvZxk22gEmT1OPJGCLAV/fVIaHlGMwacvDV
++W2xqNd+uhkqm2ym5u/ROKOCg0jNDkbyHvfTaqCuM1um92nV5kE+JdPiZvAF9XYsf
++BDWCaYZW7b97drptp3LOCCptjNAqXc0PH8inVvqbjnkCgYEA/jK6BnXM4lzlLUPt
++Bzec+poqyS6uUjP81Ug5CRP5kr+H9GkpBT3iUIU73S+F6Tg6YpobiSP4vpp5kB1p
++iZxApte404EtVtOd1M08fx1rQVnyc8RjDENvYQk5hefOg3DrJ28iQzN/c+m8tHfb
++OjBp90PFDGSsVvvQjJlwtB5oj+0CgYEA900sE2hBGpm5jXgER7CaahcDnHp9qSlB
++lsQYDTDu751V11iRyUVUqZ8IzmgOu53vXbuCpfuQO0H2aFhbe16fCk223eLPJHWh
++cGl3FUeLi+uwShMiRWAikMSQ/fUxoOfeal+N+VgiGYZtT7u2s1mpm83/mw3J/gaT
++CQI19A67H4MCgYBX7xZZC8EvgTEqYngJahycuF4asFJPT3qkEVLhqA5KzITscMBm
++9sxmTGC0GC97yR6xY1wpKc9vqCJrTzFmEC5xSOjACcy0X4oWxlSqKHQk7Eep8oLN
++CDrsV3OVteXDpHlEb/ZrRtJNN8s2psuoqnzNs5zjt6PCh2PSb3YEaQyE1QKBgQCp
++6VfzLZotkJkwXdly+B/f7FgK1w4nf7UUxT5RMeG4uD0WbEAeLYhx0lbWmiAlP+oK
++WJ73M9RxIm0OXEbeiLB0/9g4s3Dm9/snpQ6wjCuQwyqoemT9jYOyO5vzINgsWaMz
++Ktv9CVTEfNv2AF8S8vPZnLuV6O9znUjA08gGG2jtyQKBgBisaBV0L3zTllp/KxiN
++rFf3u42XibhfTuiyaJtUDQftkvfW727nE4nTZ9Q7uVXuK4xdmihfA0htsMbHX7Jc
++1R6SzJ8x8T/2HXsiHLubqbANWfOYxYxlvmfZ7/Bv1GhBIq4d7A8a/Eyz34j9w/xs
++C34TbBAlm79KVANPHT+CJoR1
++-----END PRIVATE KEY-----
+--- /dev/null
+++ b/test/certs/ee-client-chain.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
@@ -173845,11 +176306,9 @@
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
+-----END CERTIFICATE-----
-diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
-index ec2e374..8863254 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
-@@ -8,7 +8,9 @@
+@@ -8,12 +8,18 @@
# 100 years should be enough for now
#
@@ -173860,7 +176319,16 @@
if [ -z "$OPENSSL_SIGALG" ]; then
OPENSSL_SIGALG=sha256
-@@ -49,17 +51,18 @@ key() {
+ fi
+
++if [ -z "$REQMASK" ]; then
++ REQMASK=utf8only
++fi
++
+ stderr_onerror() {
+ (
+ err=$("$@" >&3 2>&1) || {
+@@ -49,17 +55,18 @@ key() {
fi
}
@@ -173876,13 +176344,13 @@
openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \
- -config <(printf "[req]\n%s\n%s\n[dn]\nCN=%s\n" \
- "prompt = no" "distinguished_name = dn" "${cn}")
-+ -config <(printf "[req]\n%s\n%s\n[dn]\n" \
-+ "prompt = no" "distinguished_name = dn"
++ -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \
++ "$REQMASK" "prompt = no" "distinguished_name = dn"
+ for dn in "$@"; do echo "$dn"; done)
}
req_nocn() {
-@@ -88,12 +91,12 @@ genroot() {
+@@ -88,12 +95,12 @@ genroot() {
local skid="subjectKeyIdentifier = hash"
local akid="authorityKeyIdentifier = keyid"
@@ -173897,7 +176365,7 @@
echo "$csr" |
cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days "${DAYS}"
}
-@@ -107,12 +110,12 @@ genca() {
+@@ -107,12 +114,15 @@ genca() {
local skid="subjectKeyIdentifier = hash"
local akid="authorityKeyIdentifier = keyid"
@@ -173908,11 +176376,14 @@
exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
done
- csr=$(req "$key" "$cn") || return 1
++ if [ -n "$NC" ]; then
++ exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
++ fi
+ csr=$(req "$key" "CN = $cn") || return 1
echo "$csr" |
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
-set_serial 2 -days "${DAYS}"
-@@ -133,12 +136,34 @@ gen_nonbc_ca() {
+@@ -133,12 +143,56 @@ gen_nonbc_ca() {
do
exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
done
@@ -173945,10 +176416,32 @@
+ -set_serial 2 -days "${DAYS}"
+}
+
++# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ...
++#
++# Note: takes csr on stdin, so must be used with $0 req like this:
++#
++# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ...
++geneealt() {
++ local key=$1; shift
++ local cert=$1; shift
++ local cakey=$1; shift
++ local ca=$1; shift
++
++ exts=$(printf "%s\n%s\n%s\n%s\n" \
++ "subjectKeyIdentifier = hash" \
++ "authorityKeyIdentifier = keyid" \
++ "basicConstraints = CA:false" \
++ "subjectAltName = @alts";
++ echo "[alts]";
++ for x in "$@"; do echo $x; done)
++ cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
++ -set_serial 2 -days "${DAYS}"
++}
++
genee() {
local OPTIND=1
local purpose=serverAuth
-@@ -165,7 +190,7 @@ genee() {
+@@ -165,7 +219,7 @@ genee() {
"basicConstraints = CA:false" \
"extendedKeyUsage = $purpose" \
"subjectAltName = @alts" "DNS=${cn}")
@@ -173957,7 +176450,7 @@
echo "$csr" |
cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
-set_serial 2 -days "${DAYS}" "$@"
-@@ -182,7 +207,7 @@ genss() {
+@@ -182,7 +236,7 @@ genss() {
"basicConstraints = CA:false" \
"extendedKeyUsage = serverAuth" \
"subjectAltName = @alts" "DNS=${cn}")
@@ -173966,10 +176459,224 @@
echo "$csr" |
cert "$cert" "$exts" -signkey "${key}.pem" \
-set_serial 1 -days "${DAYS}" "$@"
-diff --git a/test/certs/pathlen.pem b/test/certs/pathlen.pem
-new file mode 100644
-index 0000000..c0ef75e
--- /dev/null
++++ b/test/certs/ncca-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
++IENBMCAXDTE2MDcwMTExMzQwMloYDzIxMTYwNzAyMTEzNDAyWjAVMRMwEQYDVQQD
++DApUZXN0IE5DIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuWS
++Ozk+X7+BorU9o4nDc9jhk+Qajzav6yRFpJFlnxL5I4Az3wQiHFwyDWkR58FKYFLx
++adAahUYRIJioBwUhKEiMyJcT/Lr+lxioQog268nCUosqr5r3iaAQkXj9j49HXIdo
++qD+hbMH/82IqYP7vpJl8yvjRCZQ69KJZOQN4F4rHtUxJYLLmmbeIF02uNNib5hiH
++m3sdn1ic2Cxk1h1mHQqa5fPfKz2NSANKRYVQcOYiFSwroNFbgKo7++N59NGgYY0a
++n5uz+MZh/10+PsRF7WFsxt0TdExv++mN1fFRkBB4fD7fFp+52Qef27lv37X2JT5U
++C2gpXXUWQC8jJIijPwIDAQABo4HUMIHRMB0GA1UdDgQWBBRh7exLM2xCRHrP9Slp
++oxYhlykaqDAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMB
++Af8EBTADAQH/MH4GA1UdHgR3MHWgOzAOggx3d3cuZ29vZC5vcmcwC4IJLmdvb2Qu
++Y29tMA+BDWdvb2RAZ29vZC5vcmcwC4EJQGdvb2QuY29toTYwDYILd3d3LmJhZC5v
++cmcwCoIILmJhZC5jb20wDYELYmFkQGJhZC5vcmcwCoEIQGJhZC5jb20wDQYJKoZI
++hvcNAQELBQADggEBAEFkGH/0mh93mMCWZ1QZOhlK48arnco0wjC5sYcVX5X/PoO1
++2DmHFiyHmHablH4d8uWUt9A63Akt0ogIPL4R0I3nOkUU38A1geXruSJDlDVsH75/
++MT7RVRTqJriVwqX6YlAVj2i0De20BLgyZiN3WaR+nngVC7JjdY+n1qskGByEWrin
++pwDVdFtWBTPDq1Nh9sm3FewrfOws7KQvjf0Pj88PIrNEDZm9SR512eH7EFPMvHJv
++7usU33GL34VRZAYtspQ5EwZbspHXe1FFwdhZLr71gChGeNpDfpqVDQQxhDNor7uQ
++z8L+Xuh7FvhjFgCp1Mnd6VN1q2Pwt5sG8Z3i29Q=
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/ncca-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa5ZI7OT5fv4Gi
++tT2jicNz2OGT5BqPNq/rJEWkkWWfEvkjgDPfBCIcXDINaRHnwUpgUvFp0BqFRhEg
++mKgHBSEoSIzIlxP8uv6XGKhCiDbrycJSiyqvmveJoBCReP2Pj0dch2ioP6Fswf/z
++Yipg/u+kmXzK+NEJlDr0olk5A3gXise1TElgsuaZt4gXTa402JvmGIebex2fWJzY
++LGTWHWYdCprl898rPY1IA0pFhVBw5iIVLCug0VuAqjv743n00aBhjRqfm7P4xmH/
++XT4+xEXtYWzG3RN0TG/76Y3V8VGQEHh8Pt8Wn7nZB5/buW/ftfYlPlQLaClddRZA
++LyMkiKM/AgMBAAECggEAfZqBDKMrkArDvUPIes9gfZU1vm3ul4kZ98wO6Ra519dT
++zVTNOx+n5WVhdPxpd4uGmztG5a3Jg57AjrUbM64WKAtElffkTkD352AoOOMp3eNa
++PwL4lzNLXP890CjTO9FMZZyr4hrO9FkQCrTkdojjnI6V4iUHpQPdFrh7Lz8/553v
++sfbXW0o6jRtnN8jslLs7LQY+n0QQeLuvwrJGJRdQSfubtjTOYzlE/WZJmitJMi2X
++0qnoVK5B91bo3NcdFxstSgv36RL5Txsas8PfXWrFzPxqgjPjlpw1xMrF5bT3rK72
++oPB+/HunqIJc0OHHs2mi38Jea0yBCaJHzniAp2INcQKBgQDLjP5STKvu+SSZGpBp
++T3m+i6hbmo1HzYZBSi9jJiyGB8G50G5rbGJ0c/BgjfkhfRhmJ5Ym4NVVgxQgrMHe
++pFP5L4yDtspFwbRWuuYHoWFupUbqnZfksDHB5xQHFbJPFKBQOKBgM4crDG6PTnYO
++2M+fNlY7IL/QTlJxUHYH07CPGQKBgQDCzytixBLPB/mmIZNhwyK8pyecu6tCEpBi
++QiG/gcaLejXMwGieTiZQ/5sCG+oQWywFXqbPsgQ/gAlXsZ0yZ5GW7TTtsOGksnmt
++W1+bxQQ3Pv99wpg/G71SLdK0em5lAodCT6gccqjbKRj23sRnmL+M2GeEGI5hsNyC
++OFmyYisIFwKBgHLNk8cRLUu8QzMC834h8BVTKWJ4+cQMm/MJB08Rgb0adN37O7vk
++xmbN2T5r9J45suAy5ZIJ7uiq5FhFd5a98gqyEbtcBhtv0+mywfh9wbkpCKVcuwWl
++hnrJfNc+GnJVvNFiDroTdeIGwfiblSRsjjVK7TmuD+FJu1/jtJ5Xe9ZJAoGASHwP
++N5ufJ/ter6r0jL6vsSQ8//twOJBxuq3CouAlwQYC+KFrC+QmK6M/yOQcDmPuGD1k
++sgkZvYrlbwS+ad/Rcyfltr9G5iImVhOWmn4PGINPSzrZrTmkEuzL5q1bYCg1rb23
++3oXnQEylZk3zJFzYgQ6QTb1ZVQ4arjVLYq1WN5cCgYEAxRBqa8ZfwlS5D6bBNgn3
++DDCwz2kZNXG5U3wIw905NNrpUC55W33qcKe9UzoRZEOzuUjq3EL2maMrJULldLGy
++g+elvsZhz7cfmestY2cnbxExqwrTrLWfA8s9Hyl7i9tkfRze5WfhNGc3kwm1qrVG
++5zFZgtb/mTLnvQVIYCX9ks4=
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/ncca1-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDWTCCAkGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
++IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD
++DAxUZXN0IE5DIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
++XjL5JEImsGFW5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rF
++mChzN9/+LA40/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9
++bhxlOk7ADw4e3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgB
++VZfkoxqesnjD1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiO
++XawU1QnkrNPxCSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTq
++fedLPvNw1WPryAumidqTAgMBAAGjgbIwga8wHQYDVR0OBBYEFAjRm/nm1WRwoPFr
++Gp7tUtrd9VBDMB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud
++EwEB/wQFMAMBAf8wXAYDVR0eBFUwU6BRMA6CDHd3dy5nb29kLm9yZzAKgghnb29k
++LmNvbTAPgQ1nb29kQGdvb2Qub3JnMAqBCGdvb2QuY29tMAqHCH8AAAH/////MAqH
++CMCoAAD//wAAMA0GCSqGSIb3DQEBCwUAA4IBAQDRpRo9txGcsPsfBInz2ctvl37p
++a7DcrFTSLltADj+7/80OwYBtdmxiU9OfuETxdq5XbkghlmBGrDswtGHhcoDnSugm
++2n3Ov0YOQHYgStGYEsmXahjZ49Xlh8gzt9NBfzJIm6blBpJo845Z0cbzd1LdCgt/
++ck83nGnLvhIEZ3nFrT2K9vWQ3UkrFMfR3gCZpu/2X3+5UgK9IpGU+crDcGUcpdoz
++YaJka2w7rjw0mvQX8JtVBRt4xGRRAXXL2YA421nIzX7tKLHngYp6V9zu7QE2G5zS
++RewAXU3TERFQi4bF+N9mmwj8z9CYClRH56uFboGGBEGSulsbF5C4DB0p7dbl
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/ncca1-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCXjL5JEImsGFW
++5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rFmChzN9/+LA40
++/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9bhxlOk7ADw4e
++3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgBVZfkoxqesnjD
++1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiOXawU1QnkrNPx
++CSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTqfedLPvNw1WPr
++yAumidqTAgMBAAECggEAcIZCclQYa/eO0tW72ZppdrsEDQWZyK8yn33Y14TZIZnh
++Go9egumcRC/I2gtW/dx8NtqpCFMfvTFaJDnfkdm2KQmba04d9tsk+BgbqPkzD4X+
++UPinBI2OVma2Z+eXfQZ9/7lgfQYtkyjkHuAaLxe59fOxqUK7iIgkrpa+xDc5bvkR
++v3e/ipJ1lrLn7aaQUR87wIkG9hs5UpRHiTd8PgaVavX8SdeXsOChv89owIKya2d3
++HCZiFVPwHrn7FVmDD41sllC78r+qvsyRs1j9aU5hGk8XlslxrYehphCCUHTUWRfM
++Mc6iSzuJyHFj1faOSs64eab5FLWp612S709vcfhSqQKBgQD7ycj2VhoPII6sko+k
++iUS0hzX7qC17cP4RmqGKbyffNW0L5B5+XmqBrw13duSv7O388F9P0+ctxbLgg6ML
++2r0PxkNTNISJim+vWbwMAFevJ9mzsOMRaPZKqx1MghWJzjR2LdPD5x9nHrYi7uUC
++NJe6R6pjtPCSU4yMLgu0IOEm7wKBgQDFnocCLCNiHwaJZ0v1wgSpQmYcE6MOKp+1
++SqOAsWwRtEgMQFoAEC3gGotm0BYF0fwSbM8XFFWqO2NITSV7b8/RkADocvvHWfQN
++d/ETJy3iL1UZgr012jwa91VuhL4XbqON+CAZSgwmVnOhTaXg1imuorHrwR6f1JzT
++F9EQhiqmnQKBgCmsYS2cXJ3KVrLrYwjpi0yR4HZxhG2c6wBA5qHB+ghwkEbaj818
++lQY30fPG4tzXSyCFLFFLEkU6JnwQbYkFwCr/Np9r3s/g8NFF+eDGobykzNx3121H
++QRRks+m40hXH4lj5Bsay1zi7FYw8m/y8daxoNiRgizy8xVNiP5+lnX5TAoGAQ4bJ
++50ohxROI7kanxBBJ+3Q+4/Up0FtsO0yH1h/KJ7qMq/MJTeA5bMxlOfp8q/x2v+0C
++ToaaRxMH99q0phsszhUA2mz/77yjEj8b10mZ+iHmWFM+SDqMM0K0pJEjS2p45LgW
++b83HnQoJdOLNfahwkcXyOfbBeifydoc63wSZalkCgYEA2gNC+Fvtzv/Zm6yj6M2j
++RdU2Ncbi3fAKCiOhTcsXSWi0H7IYi/r8Su48946X7GTLgZIFM4HlGbQaStX5MUbJ
++BjtOyYaUGjzH/7KKiuyuoLVuWWi4llV+Xigc+WSqO5X/DUmjXA9ldbB5/vcDiHk0
++QZ/pla7vZ4cbNPFd2cFHk84=
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/ncca2-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDSDCCAjCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
++IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD
++DAxUZXN0IE5DIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
++Dg3FeyXgtP6MAYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM
++2LATVNS9UHybb/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTl
++OeUAj7Wd+a2paAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqw
++PJd8X8nMtM320ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUn
++CuYevJJwkfiHeg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExV
++mlM6af1eIjgLhKGAd9cZAgMBAAGjgaEwgZ4wHQYDVR0OBBYEFLoDn50GJKRX5nP6
++9ToJ+bqFzKn6MB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud
++EwEB/wQFMAMBAf8wSwYDVR0eBEQwQqFAMA2CC3d3dy5iYWQub3JnMAmCB2JhZC5j
++b20wDYELYmFkQGJhZC5vcmcwCYEHYmFkLmNvbTAKhwgKAAAA/wAAADANBgkqhkiG
++9w0BAQsFAAOCAQEAlqqhiquvukmLApryy5ztoy3bGtF6S6k/MGAZAf1ndxpdhHNX
++vQmjSrFL2IPENwTrPd5T1Muf5C+ZfX/NOf6QWoF3kbD/98K1vfEa6C+3fgsflUQu
++1Tu20ItN2C7VkMawOhItxBXU9nLcIULUJye0dRC+xvh1ECHiLBh45y/fG0bdZGpd
++/NajC+1FwBGI2k62mbW8KGpNDKeJWwcDe4SsMs70Y3JybCj5PNO63JF6db9yZGF3
++2esHfYJ1NQTA9oRsOztlf+PQADQx/HoCJ/BhJSuOcBL/r9uN+YQUtBzG8BKGODE3
++aOrnkbDctDI3zZXUADTidBVxO5HzizGlRGodSQ==
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/ncca2-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8Dg3FeyXgtP6M
++AYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM2LATVNS9UHyb
++b/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTlOeUAj7Wd+a2p
++aAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqwPJd8X8nMtM32
++0ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUnCuYevJJwkfiH
++eg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExVmlM6af1eIjgL
++hKGAd9cZAgMBAAECggEAT1t+5D87lL/MSzi5ljuCOS9u4a6qJK9ZJJzFfv5jjH0D
++yWGYHsuHprMukHj+ei1yls06QG4j+F/mtZFljY2eJMVdrI3bA+ZJRevK3RoEDm0+
++UKSDyc6scIOz2gu9Gv6NYM41nS8H7UpXxo1peGuWaQANK6XR0PO9fDni0Y7+a1vc
++mTbiI5m2mKcYRgLmDBXzTGANszBdgGK9UxHL+Jx+j04ZdcMSg3b/OE1RAZr9zS86
++2CiZgcEVdddXjQ0HufkeG7gozyX7Y4JulLuqLZiROyHiIv+8kXLyLi7MUBFuizKP
++GdmJxGhYfbYVLU5KXsLjf/oakYroatxabonn4HnpoQKBgQD3zhL2dEuyhPwxpGHu
++53hpZmNSbLj7pT441t4WwraoV8SyOb195yeX77IVT1FSctmYi2txXdfe1MAseKcf
++8P7XuWchEnro5dE7sTcZ4M3uLMDsEFPkWyRz3Y+CIg6IjMz0JsByyVVa8f4Kjw9G
++99ceZPd+M16YNwYgj/1GB9HOBwKBgQDCRiIlWz8BPnY6xltQPSC4AXffD4V5pzOo
++/b82y6+aeCvzwZGcXz9ac3fbRkiOKdPa0b+mYm/ZTpO0XIMALkpsQRN5Jnt5UeaP
++J3n7IAS13Gy2gDXuRrllXbbRZI4VPiI7gADzYYpu68sBnJwH2FC0w2l96Gj6woCI
++POoClgfp3wKBgQCMLqWHig5wdM59/rHwBj2V0ngJXrvej4H9gX+tfIT8AnqhIAzU
++Nnmtd8lUSMSGUbZKl0Q2o5HE2rHD9pUEer6PprBygxPIwIl2rS+wkf2s6OBSKoJq
++wiyC5ymRwlZaZNxkma9wv/hrNE40Bu3rhbTJ2vAvEjxG+4mZzhrHDRFg7QKBgGCK
++6b0WsyCzIZ3jpM0jE3ddg2xeEj56ULnSH4vjfMiOn4jq0Kmcy6bvasiVDMlZD+bW
++BR9yG5Mp8UzYDGGyn1lcnYi/Du0jPig1vfCF4NFfUMcAv8xBaTBuecNk7RaxYeGf
++otlPx7OHicKrSP69CJ5L3cisDj9PGQCbBM90L0qRAoGAcXUoDdI+EYBBqxIOXvvl
++ZuSOyNPZHwcPw+918uSpuh1xSn/qGD6EdlsBRIxBGk1ztQDNfhOmpFiPSeCmFzhS
+++IEy2NMVWRoJTaVwN2UzpKfyDRIzs6DWTs8fJARNDWO+lp04skToFRPdY5L6RJhP
++dl0yHofPTNUz2lLmMOhTOw4=
++-----END PRIVATE KEY-----
+--- /dev/null
++++ b/test/certs/ncca3-cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDQzCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
++IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMBkxFzAV
++BgNVBAMMDlRlc3QgTkMgc3ViIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
++CgKCAQEAu6gOQAcNel3NCbWCctR4Y4BqRNPbo6W3HpFyY+204kGimdNZvE2zkpfs
++HR6PB7AHUvq+44+NN/l1J//JkT/9rFVoGDbb/L354US/iBJ3zjBSqeeXvofSmsvf
++6+x6g9W7bFLETJ0mH+vjPQ2f3dS4O4Lc7W3HsldR/WUkesQb3+FsxBph6/84vylM
++oSsScd/2HFD7lrt+Fk1DGqkMI10tl6PozREAxSJgSFLUtr2P15a7wyi4m5LBM4+L
++YKMr/vuj7wFtH2BEwh2iRbJ2wYxxjKV42Hg+6l5XlahVr2rTpK6aP9R8spg+Og/P
++A+d2shD3+q6OkglEyq9rRGa2mRZrwwIDAQABo4GVMIGSMB0GA1UdDgQWBBTwU4mH
++3VYZwBnmIFVvC/wUFdejsjAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQ
++QzAPBgNVHRMBAf8EBTADAQH/MD8GA1UdHgQ4MDagHzAOggx3d3cuZ29vZC5uZXQw
++DYILb2suZ29vZC5jb22hEzARgg9iYWQub2suZ29vZC5jb20wDQYJKoZIhvcNAQEL
++BQADggEBAMIXGpXdI4jpDzPkqJIoDtAC4KQlC8fm8nW/fEgfHiOZgGHsCkjcvpFU
++4yQ/ito9qlV4d4SoWLQijc5eJmTvWQKvHfZNCM9nKWQCY/QDMMePT2UO8RLHjkI3
++V2ARfrFv9NEQ8gd7u0dvsGivacE0vlIS480saVVnda54gOHh5RVe1/mr3EUqnQJr
++RTothfmTcCH104SUBUB92gD9Cgh3NpvRS/sZI1pv3diUyw1QF9qszWfk1NPDan4g
++hX6VBeHQ4n6PbZLhdbUawE1tVyoN7Q7siz/ybNH0Uj68k87q+HOIx99Qtihw6xoj
++UhL2ht4Pmyhy3ACeEI2BTZESEzG/WBI=
++-----END CERTIFICATE-----
+--- /dev/null
++++ b/test/certs/ncca3-key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7qA5ABw16Xc0J
++tYJy1HhjgGpE09ujpbcekXJj7bTiQaKZ01m8TbOSl+wdHo8HsAdS+r7jj403+XUn
++/8mRP/2sVWgYNtv8vfnhRL+IEnfOMFKp55e+h9Kay9/r7HqD1btsUsRMnSYf6+M9
++DZ/d1Lg7gtztbceyV1H9ZSR6xBvf4WzEGmHr/zi/KUyhKxJx3/YcUPuWu34WTUMa
++qQwjXS2Xo+jNEQDFImBIUtS2vY/XlrvDKLibksEzj4tgoyv++6PvAW0fYETCHaJF
++snbBjHGMpXjYeD7qXleVqFWvatOkrpo/1HyymD46D88D53ayEPf6ro6SCUTKr2tE
++ZraZFmvDAgMBAAECggEALp/Lopbd/2gs2FuzpIoruzUdsiodKSS0QbELhc56obiD
++CMsdQY7grex3Kqj8CoHu3+wS34E8Kgsd06lW0HLguR+jNFj1AW/GFPU6zTkhcSZK
++c5Jp/lnKttEuunRP4E+LOJe70/k7jrTSCcpHzRrcB1U1RPyAoEvXwCiQDryI3G+9
++jDw1vUvQTlb3u/0j798N8a13ahi2cepauOrxS/Si0fHt9LxOnaRfVJWyQ5hmyh0j
++MFpAzpqGtI6hlq0HO0Kzu+zFIl9POcrMyAjPdfhIR7zC+pHsyOGXsRpRU0HKHQfC
++ukImc9wZ9xy2/lQVwWJnjksaZfM6qVG5IOkpIUskIQKBgQDtnhkkGo4BlGA/yCY+
++2Vt6dZOBEtJlqBVzL4Us0B5PLqE4L09r5pTil7pep8itM5u5Bn1zio839Q0iUDxc
++omfViJA/y/eJb0trLZXKen8QUcVkBvB4VL4vVPjULcKCpWPNcop2toJDJdDZuSvR
++DQUYvkd22MlBCg3YCVcDGPXisQKBgQDKLIB2sSwTph6XjBPnsC3br11ymSog5RAq
++zXpnBczre1CT7dLixbJP6ISbVJwlDrvFum33r3hEOUDE5BZo2aVyQoZ6tPTmIfkG
++C14xsnvyuGYBTWemd7dyt2rXbvZaq0a3U1IHxt/KQlj99DrSASyfKH0Hk44EZ3dS
++wsi7Vq4KswKBgAr7dKQDii6ugehQwtvCxgSZ7JBZo1nJc/xX5OrWT6BPQmpLXXta
++M+VpJ9b6ID9JFFhv4Vp2u/nVHJ9KYA/T/cKTxj78mVtDxpOUjsjF8pt5fAsMew7E
++s+mSHtIHr2bEaCF1usqT0t9xnv6BHXJTDLpBCSKIEH0uDse+XsQo4ixxAoGAVjgm
++TPf/8R0+HKkrb/pNhEvEUXQKaF7nxyk8EyWBH8fGNGAPOJDRG4zwyIGL2a3v3EJG
++VYPqiUXVXmJbQDnZeeHvEfOMIXzJg49ji1Qv0fJb5iBJnM+fV3frQ5bZzw8OKG6L
++JC/nDo2/AAag8yB3FCUjNRDzVuN9Grlg+6vaq0sCgYEAnpSh/EA1lxKpHFs8dh8l
++qtoKzBZzBFODMp8avJVYUYI3oVjm4CUXKbMdSNgQiFjfWKe6I0vzFxhIBOEI+5JR
++N29VMjeFxgXkD4qmz6qjCZr9tmJiiu3tMJfW13D94U5RKi5OFAzlPxtBLe+sx6nq
++NXMk2XIx1ndW+uWUjtU0EQc=
++-----END PRIVATE KEY-----
+--- /dev/null
+++ b/test/certs/pathlen.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
@@ -173994,9 +176701,6 @@
+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
+CA==
+-----END CERTIFICATE-----
-diff --git a/test/certs/pc1-cert.pem b/test/certs/pc1-cert.pem
-new file mode 100644
-index 0000000..e0a373a
--- /dev/null
+++ b/test/certs/pc1-cert.pem
@@ -0,0 +1,20 @@
@@ -174020,9 +176724,6 @@
+/11HRF2cGE6OKVmPrksI2NVOe0S0BmL2UwIeO1mIoQikJlOlCsa6QHS7KNQKGtrV
+0Z/z5ahapEq7+wlyrw+lsZf+rBKFzwbowl1K2YJva9Q=
+-----END CERTIFICATE-----
-diff --git a/test/certs/pc1-key.pem b/test/certs/pc1-key.pem
-new file mode 100644
-index 0000000..d879dbc
--- /dev/null
+++ b/test/certs/pc1-key.pem
@@ -0,0 +1,28 @@
@@ -174054,9 +176755,6 @@
+6juHCqmKWKwTZPHPdWNVUgMOGVHFjcCgQjuqWYWupl6un/CefXPleImZ/wrXee5w
+f2DAK68puLIhIySfEIjrYh4P
+-----END PRIVATE KEY-----
-diff --git a/test/certs/pc2-cert.pem b/test/certs/pc2-cert.pem
-new file mode 100644
-index 0000000..2913b98
--- /dev/null
+++ b/test/certs/pc2-cert.pem
@@ -0,0 +1,21 @@
@@ -174081,9 +176779,6 @@
+swUADTDhNTValfr2RQswlEPIt5qURe2vsvacQ701cPPwT+fgQj1N/XLFsBGTmnOP
+KpT6Adh+uk8xTHv2BUg+XDRAFOhoLMu1hnloiH14FgY=
+-----END CERTIFICATE-----
-diff --git a/test/certs/pc2-key.pem b/test/certs/pc2-key.pem
-new file mode 100644
-index 0000000..77ab6ff
--- /dev/null
+++ b/test/certs/pc2-key.pem
@@ -0,0 +1,28 @@
@@ -174115,9 +176810,6 @@
+DJIl2/70CRTfosDdSE6DnQk672BhJ4fr6Ln/VyvcATlcv34UYiGsDY3LCf0UTdjd
+GsR6pGtD+3qErri9pbdxDvRC
+-----END PRIVATE KEY-----
-diff --git a/test/certs/pc5-cert.pem b/test/certs/pc5-cert.pem
-new file mode 100644
-index 0000000..8663bdf
--- /dev/null
+++ b/test/certs/pc5-cert.pem
@@ -0,0 +1,21 @@
@@ -174142,9 +176834,6 @@
+wpjsA/omrfXP3opH1ustvMQm9BPkySLRzNbIYHHRJX3Hkhn+EYzMmxv3cH0EEtn6
+taj7Gfsp7TfLpfSgP/Y88EsKhQAWsdFt2tT3FQ==
+-----END CERTIFICATE-----
-diff --git a/test/certs/pc5-key.pem b/test/certs/pc5-key.pem
-new file mode 100644
-index 0000000..1ad0805
--- /dev/null
+++ b/test/certs/pc5-key.pem
@@ -0,0 +1,28 @@
@@ -174176,11 +176865,9 @@
+q6b8GAqWWz4ewe30FKo0ipL1SfsJUTv8lPKIGo8oNk4vsUvv/bLJHpr6+g2d8lCw
+A0i6wzzrXUiXlynYm+VCKhs=
+-----END PRIVATE KEY-----
-diff --git a/test/certs/setup.sh b/test/certs/setup.sh
-index f341046..b8c1086 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
-@@ -86,7 +86,7 @@ openssl x509 -in sroot-cert.pem -trustout \
+@@ -86,7 +86,7 @@ openssl x509 -in sroot-cert.pem -trustou
./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
@@ -174189,7 +176876,7 @@
#
openssl x509 -in ca-cert.pem -trustout \
-addtrust serverAuth -out ca+serverAuth.pem
-@@ -182,3 +182,29 @@ OPENSSL_SIGALG=md5 \
+@@ -182,3 +182,165 @@ OPENSSL_SIGALG=md5 \
# 768-bit leaf key
OPENSSL_KEYBITS=768 \
./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert
@@ -174219,9 +176906,142 @@
+./mkcert.sh req bad-pc6-key "0.CN = server.example" "1.CN = proxy 1" "2.+CN = proxy 6" | \
+ ./mkcert.sh genpc bad-pc6-key bad-pc6-cert pc1-key pc1-cert \
+ "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
-diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
-new file mode 100644
-index 0000000..e892f9d
++
++# Name constraints test certificates.
++
++# NC CA1 only permits the host www.good.org and *.good.com email address
++# good at good.org and *@good.com and IP addresses 127.0.0.1 and
++# 192.168.0.0/16
++
++NC="permitted;DNS:www.good.org, permitted;DNS:good.com,"
++NC="$NC permitted;email:good at good.org, permitted;email:good.com,"
++NC="$NC permitted;IP:127.0.0.1/255.255.255.255, permitted;IP:192.168.0.0/255.255.0.0"
++
++NC=$NC ./mkcert.sh genca "Test NC CA 1" ncca1-key ncca1-cert root-key root-cert
++
++# NC CA2 allows anything apart from hosts www.bad.org and *.bad.com
++# and email addresses bad at bad.org and *@bad.com
++
++NC="excluded;DNS:www.bad.org, excluded;DNS:bad.com,"
++NC="$NC excluded;email:bad at bad.org, excluded;email:bad.com, "
++NC="$NC excluded;IP:10.0.0.0/255.0.0.0"
++
++NC=$NC ./mkcert.sh genca "Test NC CA 2" ncca2-key ncca2-cert root-key root-cert
++
++# Name constraints subordinate CA. Adds www.good.net (which should be
++# disallowed because parent CA doesn't permit it) adds ok.good.com
++# (which should be allowed because parent allows *.good.com
++# and now excludes bad.ok.good.com (allowed in permitted subtrees
++# but explicitly excluded).
++
++NC="permitted;DNS:www.good.net, permitted;DNS:ok.good.com, "
++NC="$NC excluded;DNS:bad.ok.good.com"
++NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
++ ncca1-key ncca1-cert
++
++# all subjectAltNames allowed by CA1.
++
++./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \
++ "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
++ ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
++
++# no subjectAltNames excluded by CA2.
++
++./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \
++ ./mkcert.sh geneealt alt2-key alt2-cert ncca2-key ncca2-cert \
++ "DNS.1 = www.anything.org" "DNS.2 = any.other.com" \
++ "email.1 = other at bad.org" "email.2 = any at something.com"
++
++# hostname other.good.org which is not allowed by CA1.
++
++./mkcert.sh req badalt1-key "O = Bad NC Test Certificate 1" | \
++ ./mkcert.sh geneealt badalt1-key badalt1-cert ncca1-key ncca1-cert \
++ "DNS.1 = other.good.org" "DNS.2 = any.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com"
++
++# any.bad.com is excluded by CA2.
++
++./mkcert.sh req badalt2-key 'O = Bad NC Test Certificate 2' | \
++ ./mkcert.sh geneealt badalt2-key badalt2-cert ncca2-key ncca2-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.bad.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com"
++
++# other at good.org not permitted by CA1
++
++./mkcert.sh req badalt3-key "O = Bad NC Test Certificate 3" | \
++ ./mkcert.sh geneealt badalt3-key badalt1-cert ncca1-key ncca1-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
++ "email.1 = other at good.org" "email.2 = any at good.com"
++
++# all subject alt names OK but subject email address not allowed by CA1.
++
++./mkcert.sh req badalt4-key 'O = Bad NC Test Certificate 4' \
++ "emailAddress = any at other.com" | \
++ ./mkcert.sh geneealt badalt4-key badalt4-cert ncca1-key ncca1-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com"
++
++# IP address not allowed by CA1
++./mkcert.sh req badalt5-key "O = Bad NC Test Certificate 5" | \
++ ./mkcert.sh geneealt badalt5-key badalt5-cert ncca1-key ncca1-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.2"
++
++# all subject alt names OK but subject CN not allowed by CA1.
++./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \
++ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
++ ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
++
++# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING
++REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
++ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
++ ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \
++ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
++
++# all subjectAltNames allowed by chain
++
++./mkcert.sh req alt3-key "O = Good NC Test Certificate 3" \
++ "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \
++ ./mkcert.sh geneealt alt3-key alt3-cert ncca3-key ncca3-cert \
++ "DNS.1 = www.ok.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
++
++# www.good.net allowed by parent CA but not parent of parent
++
++./mkcert.sh req badalt8-key "O = Bad NC Test Certificate 8" \
++ "1.CN=www.good.com" "2.CN=Joe Bloggs" | \
++ ./mkcert.sh geneealt badalt8-key badalt8-cert ncca3-key ncca3-cert \
++ "DNS.1 = www.ok.good.com" "DNS.2 = www.good.net" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
++
++# other.good.com not allowed by parent CA but allowed by parent of parent
++
++./mkcert.sh req badalt9-key "O = Bad NC Test Certificate 9" \
++ "1.CN=www.good.com" "2.CN=Joe Bloggs" | \
++ ./mkcert.sh geneealt badalt9-key badalt9-cert ncca3-key ncca3-cert \
++ "DNS.1 = www.good.com" "DNS.2 = other.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
++
++# www.bad.net excluded by parent CA.
++
++./mkcert.sh req badalt10-key "O = Bad NC Test Certificate 10" \
++ "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \
++ ./mkcert.sh geneealt badalt10-key badalt10-cert ncca3-key ncca3-cert \
++ "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
++ "email.1 = good at good.org" "email.2 = any at good.com" \
++ "IP = 127.0.0.1" "IP = 192.168.0.1"
--- /dev/null
+++ b/test/cipherlist_test.c
@@ -0,0 +1,212 @@
@@ -174437,8 +177257,6 @@
+
+ return result;
+}
-diff --git a/test/clienthellotest.c b/test/clienthellotest.c
-index 71c6650..1f1d44c 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -1,56 +1,10 @@
@@ -174504,8 +177322,6 @@
*/
#include <string.h>
-diff --git a/test/cms-examples.pl b/test/cms-examples.pl
-index 2e95b48..ec1c5fa 100644
--- a/test/cms-examples.pl
+++ b/test/cms-examples.pl
@@ -1,54 +1,10 @@
@@ -174569,8 +177385,6 @@
# Perl script to run tests against S/MIME examples in RFC4134
# Assumes RFC is in current directory and called "rfc4134.txt"
-diff --git a/test/constant_time_test.c b/test/constant_time_test.c
-index faadcb7..3ee6a81 100644
--- a/test/constant_time_test.c
+++ b/test/constant_time_test.c
@@ -1,46 +1,10 @@
@@ -174626,8 +177440,6 @@
*/
#include "internal/constant_time_locl.h"
-diff --git a/test/ct_test.c b/test/ct_test.c
-index 8175d16..8cc97e2 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -1,55 +1,10 @@
@@ -174704,7 +177516,7 @@
/*
* A file to load the expected SCT text from.
* This text will be compared to the actual text output during the test.
-@@ -132,7 +87,7 @@ end:
+@@ -132,7 +87,7 @@ static CT_TEST_FIXTURE set_up(const char
static void tear_down(CT_TEST_FIXTURE fixture)
{
CTLOG_STORE_free(fixture.ctlog_store);
@@ -174713,7 +177525,7 @@
ERR_print_errors_fp(stderr);
}
-@@ -192,7 +147,7 @@ static int read_text_file(const char *dir, const char *file,
+@@ -192,7 +147,7 @@ static int read_text_file(const char *di
return result;
}
@@ -174722,7 +177534,7 @@
const char *expected_output)
{
BIO *text_buffer = NULL;
-@@ -205,7 +160,7 @@ static int compare_sct_printout(SCT *sct,
+@@ -205,7 +160,7 @@ static int compare_sct_printout(SCT *sct
goto end;
}
@@ -174731,7 +177543,7 @@
/* Append null terminator because we're about to use the buffer contents
* as a string. */
-@@ -249,7 +204,8 @@ static int compare_extension_printout(X509_EXTENSION *extension,
+@@ -249,7 +204,8 @@ static int compare_extension_printout(X5
/* Append null terminator because we're about to use the buffer contents
* as a string. */
if (BIO_write(text_buffer, "\0", 1) != 1) {
@@ -174741,7 +177553,7 @@
goto end;
}
-@@ -267,6 +223,51 @@ end:
+@@ -267,6 +223,51 @@ static int compare_extension_printout(X5
return result;
}
@@ -174793,7 +177605,7 @@
static int execute_cert_test(CT_TEST_FIXTURE fixture)
{
int success = 0;
-@@ -275,8 +276,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
+@@ -275,8 +276,8 @@ static int execute_cert_test(CT_TEST_FIX
SCT *sct = NULL;
char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
int sct_text_len = 0;
@@ -174804,7 +177616,7 @@
CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
if (fixture.sct_text_file != NULL) {
-@@ -337,7 +338,6 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
+@@ -337,7 +338,6 @@ static int execute_cert_test(CT_TEST_FIX
}
if (fixture.test_validity) {
@@ -174812,14 +177624,15 @@
int i;
scts = X509V3_EXT_d2i(sct_extension);
-@@ -351,44 +351,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
+@@ -351,44 +351,8 @@ static int execute_cert_test(CT_TEST_FIX
}
}
- are_scts_validated = SCT_LIST_validate(scts, ct_policy_ctx);
- if (are_scts_validated < 0) {
- fprintf(stderr, "Error verifying SCTs\n");
-- goto end;
++ if (!assert_validity(fixture, scts, ct_policy_ctx))
+ goto end;
- } else if (!are_scts_validated) {
- int invalid_sct_count = 0;
- int valid_sct_count = 0;
@@ -174852,13 +177665,12 @@
- fixture.expected_sct_count,
- unverified_sct_count);
- }
-+ if (!assert_validity(fixture, scts, ct_policy_ctx))
- goto end;
+- goto end;
- }
}
} else if (sct_extension != NULL) {
fprintf(stderr,
-@@ -398,33 +362,28 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
+@@ -398,33 +362,28 @@ static int execute_cert_test(CT_TEST_FIX
}
}
@@ -174877,11 +177689,11 @@
- int is_sct_validated = SCT_validate(sct, ct_policy_ctx);
- if (is_sct_validated < 0) {
- fprintf(stderr, "Error validating SCT\n");
+- goto end;
+- } else if (!is_sct_validated) {
+- fprintf(stderr, "SCT failed verification\n");
+ if (!assert_validity(fixture, scts, ct_policy_ctx))
goto end;
-- } else if (!is_sct_validated) {
-- fprintf(stderr, "SCT failed verification\n");
-- goto end;
- }
}
@@ -174903,7 +177715,7 @@
goto end;
}
}
-@@ -436,7 +395,7 @@ end:
+@@ -436,7 +395,7 @@ static int execute_cert_test(CT_TEST_FIX
SCT_LIST_free(scts);
SCT_free(sct);
CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
@@ -174953,36 +177765,6 @@
fixture.sct_dir = ct_dir;
fixture.sct_text_file = "tls1.sct";
EXECUTE_CT_TEST();
-diff --git a/test/d2i-tests/bad-int-pad0.der b/test/d2i-tests/bad-int-pad0.der
-new file mode 100644
-index 0000000..46f6092
-Binary files /dev/null and b/test/d2i-tests/bad-int-pad0.der differ
-diff --git a/test/d2i-tests/bad-int-padminus1.der b/test/d2i-tests/bad-int-padminus1.der
-new file mode 100644
-index 0000000..a4b6bb9
-Binary files /dev/null and b/test/d2i-tests/bad-int-padminus1.der differ
-diff --git a/test/d2i-tests/bad_bio.der b/test/d2i-tests/bad_bio.der
-new file mode 100644
-index 0000000..8681f05
-Binary files /dev/null and b/test/d2i-tests/bad_bio.der differ
-diff --git a/test/d2i-tests/high_tag.der b/test/d2i-tests/high_tag.der
-new file mode 100644
-index 0000000..5c523ec
-Binary files /dev/null and b/test/d2i-tests/high_tag.der differ
-diff --git a/test/d2i-tests/int0.der b/test/d2i-tests/int0.der
-new file mode 100644
-index 0000000..bbfb76b
-Binary files /dev/null and b/test/d2i-tests/int0.der differ
-diff --git a/test/d2i-tests/int1.der b/test/d2i-tests/int1.der
-new file mode 100644
-index 0000000..26dd6b1
-Binary files /dev/null and b/test/d2i-tests/int1.der differ
-diff --git a/test/d2i-tests/intminus1.der b/test/d2i-tests/intminus1.der
-new file mode 100644
-index 0000000..e7c1cea
-Binary files /dev/null and b/test/d2i-tests/intminus1.der differ
-diff --git a/test/d2i_test.c b/test/d2i_test.c
-index 6ffdf55..8c99087 100644
--- a/test/d2i_test.c
+++ b/test/d2i_test.c
@@ -1,11 +1,10 @@
@@ -175038,7 +177820,7 @@
static D2I_TEST_FIXTURE set_up(const char *const test_case_name)
{
D2I_TEST_FIXTURE fixture;
-@@ -43,27 +59,59 @@ static int execute_test(D2I_TEST_FIXTURE fixture)
+@@ -43,27 +59,59 @@ static int execute_test(D2I_TEST_FIXTURE
int ret = 0;
unsigned char buf[2048];
const unsigned char *buf_ptr = buf;
@@ -175074,10 +177856,10 @@
+ ret = 1;
goto err;
+ }
-+
-+ derlen = ASN1_item_i2d(value, &der, item_type);
- ret = 1;
++ derlen = ASN1_item_i2d(value, &der, item_type);
++
+ if (der == NULL || derlen < 0) {
+ if (expected_error == ASN1_ENCODE)
+ ret = 1;
@@ -175106,10 +177888,9 @@
{
int result = 0;
const char *test_type_name;
--
++ const char *expected_error_string;
+
- if (argc != 3)
-+ const char *expected_error_string;
-+
+ size_t i;
+ static ASN1_ITEM_EXP *items[] = {
+ ASN1_ITEM_ref(ASN1_ANY),
@@ -175134,13 +177915,6 @@
test_type_name = argv[1];
- test_file = argv[2];
--
-- if (strcmp(test_type_name, "generalname") == 0) {
-- item_type = ASN1_ITEM_rptr(GENERAL_NAME);
-- } else if (strcmp(test_type_name, "x509") == 0) {
-- item_type = ASN1_ITEM_rptr(X509);
-- } else {
-- fprintf(stderr, "Bad type %s\n", test_type_name);
+ expected_error_string = argv[2];
+ test_file = argv[3];
+
@@ -175167,14 +177941,18 @@
+ break;
+ }
+ }
-+
+
+- if (strcmp(test_type_name, "generalname") == 0) {
+- item_type = ASN1_ITEM_rptr(GENERAL_NAME);
+- } else if (strcmp(test_type_name, "x509") == 0) {
+- item_type = ASN1_ITEM_rptr(X509);
+- } else {
+- fprintf(stderr, "Bad type %s\n", test_type_name);
+ if (expected_error == ASN1_UNKNOWN) {
+ fprintf(stderr, "Unknown expected error %s\n", expected_error_string);
return 1;
}
-diff --git a/test/danetest.c b/test/danetest.c
-index 5bca1aa..d473b12 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -1,50 +1,10 @@
@@ -175243,7 +178021,7 @@
X509_STORE_CTX *store_ctx;
SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-@@ -125,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
+@@ -125,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_
return -1;
if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))
@@ -175255,7 +178033,7 @@
X509_STORE_CTX_set_default(store_ctx,
SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
-@@ -135,12 +96,13 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
+@@ -135,12 +96,13 @@ static int verify_chain(SSL *ssl, STACK_
store_ctx_dane_init(store_ctx, ssl);
if (SSL_get_verify_callback(ssl))
@@ -175270,7 +178048,7 @@
X509_STORE_CTX_free(store_ctx);
return (ret);
-@@ -153,52 +115,52 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
+@@ -153,52 +115,52 @@ static STACK_OF(X509) *load_chain(BIO *f
char *header = 0;
unsigned char *data = 0;
long len;
@@ -175292,7 +178070,9 @@
&& PEM_read_bio(fp, &name, &header, &data, &len);
- ++count) {
- const unsigned char *p = data;
--
++ ++count) {
++ const unsigned char *p = data;
+
- if (strcmp(name, PEM_STRING_X509) == 0
- || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
- || strcmp(name, PEM_STRING_X509_OLD) == 0) {
@@ -175317,9 +178097,6 @@
- OPENSSL_free(name);
- OPENSSL_free(header);
- OPENSSL_free(data);
-+ ++count) {
-+ const unsigned char *p = data;
-+
+ if (strcmp(name, PEM_STRING_X509) == 0
+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
@@ -175356,7 +178133,7 @@
if (count == nelem) {
ERR_clear_error();
return chain;
-@@ -252,19 +214,16 @@ static ossl_ssize_t hexdecode(const char *in, void *result)
+@@ -252,19 +214,16 @@ static ossl_ssize_t hexdecode(const char
return -1;
for (byte = 0; *in; ++in) {
@@ -175380,7 +178157,34 @@
if ((nibble ^= 1) == 0) {
*cp++ = byte;
byte = 0;
-@@ -475,7 +434,7 @@ int main(int argc, char *argv[])
+@@ -370,6 +329,7 @@ static int test_tlsafile(SSL_CTX *ctx, c
+ STACK_OF(X509) *chain;
+ int ntlsa;
+ int ncert;
++ int noncheck;
+ int want;
+ int want_depth;
+ int off;
+@@ -382,7 +342,8 @@ static int test_tlsafile(SSL_CTX *ctx, c
+ continue;
+
+ ++testno;
+- if (sscanf(line, "%d %d %d %d%n", &ntlsa, &ncert, &want, &want_depth, &off) != 4
++ if (sscanf(line, "%d %d %d %d %d%n",
++ &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5
+ || !allws(line + off)) {
+ fprintf(stderr, "Expected tlsa count, cert count and result"
+ " at test %d of %s\n", testno, path);
+@@ -396,6 +357,8 @@ static int test_tlsafile(SSL_CTX *ctx, c
+ SSL_free(ssl);
+ return -1;
+ }
++ if (noncheck)
++ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+
+ for (i = 0; i < ntlsa; ++i) {
+ if ((line = read_to_eol(f)) == NULL || !tlsa_import_rr(ssl, line)) {
+@@ -475,7 +438,7 @@ int main(int argc, char *argv[])
progname = argv[0];
if (argc != 4) {
test_usage();
@@ -175389,7 +178193,7 @@
}
basedomain = argv[1];
CAfile = argv[2];
-@@ -492,10 +451,9 @@ int main(int argc, char *argv[])
+@@ -492,10 +455,9 @@ int main(int argc, char *argv[])
if (f == NULL) {
fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n",
progname, tlsafile, strerror(errno));
@@ -175401,11 +178205,9 @@
ctx = SSL_CTX_new(TLS_client_method());
if (SSL_CTX_dane_enable(ctx) <= 0) {
print_errors();
-diff --git a/test/danetest.in b/test/danetest.in
-index 7db0400..485c986 100644
--- a/test/danetest.in
+++ b/test/danetest.in
-@@ -1,4 +1,12 @@
+@@ -1,7 +1,15 @@
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
@@ -175417,9 +178219,496 @@
+#
# The first line in each block takes the form:
#
- # <TLSA-count> <cert-count> <desired-verify-result> <desired-match-depth>
-diff --git a/test/destest.c b/test/destest.c
-index a544f41..877f71d 100644
+-# <TLSA-count> <cert-count> <desired-verify-result> <desired-match-depth>
++# <TLSA-count> <cert-count> <nonamechecks> <desired-verify-result> <desired-match-depth>
+ #
+ # It is followed by <TLSA-count> lines of the form:
+ #
+@@ -41,7 +49,7 @@
+ ## -- Anonymous and "never valid" leaf certificate DANE-EE(3) tests
+
+ # 1
+-1 1 0 0
++1 1 1 0 0
+ 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365
+ subject=
+ issuer=
+@@ -56,7 +64,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 2
+-1 1 0 0
++1 1 1 0 0
+ 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E
+ subject=
+ issuer=
+@@ -71,7 +79,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 3
+-1 1 0 0
++1 1 1 0 0
+ 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1
+ subject=
+ issuer=
+@@ -86,7 +94,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 4
+-1 1 0 0
++1 1 1 0 0
+ 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3
+ subject=
+ issuer=
+@@ -101,7 +109,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 5
+-1 1 65 -1
++1 1 1 65 -1
+ 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366
+ subject=
+ issuer=
+@@ -116,7 +124,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 6
+-1 1 65 -1
++1 1 1 65 -1
+ 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F
+ subject=
+ issuer=
+@@ -131,7 +139,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 7
+-1 1 65 -1
++1 1 1 65 -1
+ 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2
+ subject=
+ issuer=
+@@ -146,7 +154,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ -----END CERTIFICATE-----
+
+ # 8
+-1 1 65 -1
++1 1 1 65 -1
+ 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4
+ subject=
+ issuer=
+@@ -163,7 +171,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
+ ## -- DANE-?? chain tests --
+
+ # 9
+-1 3 0 0
++1 3 0 0 0
+ 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -210,7 +218,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 10
+-1 3 0 0
++1 3 0 0 0
+ 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -257,7 +265,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 11
+-1 3 0 0
++1 3 0 0 0
+ 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -304,7 +312,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 12
+-1 3 0 0
++1 3 0 0 0
+ 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -351,7 +359,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 13
+-1 3 0 1
++1 3 0 0 1
+ 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -398,7 +406,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 14
+-1 3 0 1
++1 3 0 0 1
+ 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -445,7 +453,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 15
+-1 3 0 1
++1 3 0 0 1
+ 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -492,7 +500,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 16
+-1 3 0 1
++1 3 0 0 1
+ 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -539,7 +547,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 17
+-1 3 0 2
++1 3 0 0 2
+ 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -586,7 +594,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 18
+-1 3 0 2
++1 3 0 0 2
+ 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -633,7 +641,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 19
+-1 3 0 2
++1 3 0 0 2
+ 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -680,7 +688,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 20
+-1 3 0 2
++1 3 0 0 2
+ 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -729,7 +737,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ ## -- PKIX-?? chain tests --
+
+ # 21
+-1 2 0 0
++1 2 0 0 0
+ 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -762,7 +770,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ -----END CERTIFICATE-----
+
+ # 22
+-1 2 0 0
++1 2 0 0 0
+ 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -795,7 +803,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ -----END CERTIFICATE-----
+
+ # 23
+-1 3 0 0
++1 3 0 0 0
+ 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -842,7 +850,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 24
+-1 3 0 0
++1 3 0 0 0
+ 1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -889,7 +897,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 25
+-1 2 0 1
++1 2 0 0 1
+ 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -922,7 +930,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ -----END CERTIFICATE-----
+
+ # 26
+-1 2 0 1
++1 2 0 0 1
+ 0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -955,7 +963,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ -----END CERTIFICATE-----
+
+ # 27
+-1 3 0 1
++1 3 0 0 1
+ 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1002,7 +1010,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 28
+-1 3 0 1
++1 3 0 0 1
+ 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1049,7 +1057,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 29
+-1 2 0 2
++1 2 0 0 2
+ 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1082,7 +1090,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ -----END CERTIFICATE-----
+
+ # 30
+-1 2 0 2
++1 2 0 0 2
+ 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1115,7 +1123,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ -----END CERTIFICATE-----
+
+ # 31
+-1 3 0 2
++1 3 0 0 2
+ 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1162,7 +1170,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+ -----END CERTIFICATE-----
+
+ # 32
+-1 3 0 2
++1 3 0 0 2
+ 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1212,7 +1220,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+
+ # 33
+ # Missing intermediate CA
+-1 1 20 0
++1 1 0 20 0
+ 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1232,7 +1240,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+
+ # 34
+ # Missing PKIX intermediate, provided via DNS
+-2 1 0 0
++2 1 0 0 0
+ 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+ 0 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
+ subject= /CN=example.com
+@@ -1253,7 +1261,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+
+ # 35
+ # Wrong leaf digest
+-1 3 65 -1
++1 3 0 65 -1
+ 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1301,7 +1309,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+
+ # 36
+ # Wrong intermediate digest
+-1 2 65 -1
++1 2 0 65 -1
+ 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1335,7 +1343,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+
+ # 37
+ # Wrong root digest
+-1 2 65 -1
++1 2 0 65 -1
+ 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1371,7 +1379,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+
+ # 38
+ # DANE-EE(3) beats DANE-TA(2)
+-1 3 0 0
++1 3 0 0 0
+ 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+ 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+ subject= /CN=example.com
+@@ -1420,7 +1428,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+
+ # 39
+ # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
+-1 3 0 1
++1 3 0 0 1
+ 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+ 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+ subject= /CN=example.com
+@@ -1469,7 +1477,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+
+ # 40
+ # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
+-1 3 0 2
++1 3 0 0 2
+ 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+ 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+ subject= /CN=example.com
+@@ -1518,7 +1526,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+
+ # 41
+ # DANE-TA(2) depth 2 beats PKIX-EE depth 0
+-1 3 0 2
++1 3 0 0 2
+ 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+ 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+ subject= /CN=example.com
+@@ -1567,7 +1575,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+
+ # 42
+ # DANE-TA(2) Full(0) root "from DNS":
+-1 2 0 2
++1 2 0 0 2
+ 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1601,7 +1609,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+
+ # 43
+ # DANE-TA(2) Full(0) intermediate "from DNS":
+-1 1 0 1
++1 1 0 0 1
+ 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1621,7 +1629,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+
+ # 44
+ # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
+-1 1 0 0
++1 1 0 0 0
+ 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1641,7 +1649,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+
+ # 45
+ # DANE-TA(2) SPKI(1) Full(0) root "from DNS":
+-1 2 0 1
++1 2 0 0 1
+ 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C
+ subject= /CN=example.com
+ issuer= /CN=Issuer CA
+@@ -1676,7 +1684,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+ # 46
+ # Mismatched name "example.org", should still succeed given a
+ # DANE-EE(3) match.
+-1 3 0 0
++1 3 1 0 0
+ 3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270
+ subject= CN = example.org
+ issuer= CN = CA2
+@@ -1725,7 +1733,7 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
+ # 47
+ # Mismatched name "example.org", should fail despite a DANE-TA(2)
+ # match for the intermediate CA.
+-1 3 62 1
++1 3 0 62 1
+ 2 1 1 946af0956378efaba7ee1bbedc17af110ea8de19c079a98e77398724a3708a1f
+ subject= CN = example.org
+ issuer= CN = CA2
+@@ -1774,11 +1782,60 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
+ # 48
+ # Mismatched name "example.org", should fail despite a DANE-TA(2)
+ # match for the root CA.
+-1 3 62 2
++1 3 0 62 2
+ 2 1 1 34474f2fbc39da44dfbd11215bdafadf9507406c04de1f65dbd2a1bc4f2165cc
+ subject= CN = example.org
+ issuer= CN = CA2
+ notBefore=Feb 6 22:39:47 2016 GMT
++notAfter=Feb 7 22:39:47 2116 GMT
++-----BEGIN CERTIFICATE-----
++MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
++MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w
++bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4
++ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID
++z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA
++FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
++BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh
++AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct
++PyDiaL1QKbJ7lnqPQCS1o8xn+RI=
++-----END CERTIFICATE-----
++subject= CN = CA2
++issuer= CN = Root CA2
++notBefore=Feb 6 22:39:13 2016 GMT
++notAfter=Feb 7 22:39:13 2116 GMT
++-----BEGIN CERTIFICATE-----
++MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
++MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD
++Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC
++CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ
++ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb
+++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw
++RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo
++7sfr/jV+rRlZY2iaRv160BWYd82L7g==
++-----END CERTIFICATE-----
++subject= CN = Root CA2
++issuer= CN = Root CA2
++notBefore=Feb 6 22:38:48 2016 GMT
++notAfter=Feb 7 22:38:48 2116 GMT
++-----BEGIN CERTIFICATE-----
++MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
++MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI
++Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl
++sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1
++42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw
++FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
++AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
++fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
++-----END CERTIFICATE-----
++
++# 49
++# Mismatched name "example.org", should fail when name checks
++# are not disabled for DANE-EE(3).
++1 3 0 62 0
++3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270
++subject= CN = example.org
++issuer= CN = CA2
++notBefore=Feb 6 22:39:47 2016 GMT
+ notAfter=Feb 7 22:39:47 2116 GMT
+ -----BEGIN CERTIFICATE-----
+ MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
--- a/test/destest.c
+++ b/test/destest.c
@@ -1,58 +1,10 @@
@@ -175530,8 +178819,6 @@
printf("\n");
return (err);
}
-diff --git a/test/dhtest.c b/test/dhtest.c
-index fb1c2df..2847c5c 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -1,58 +1,10 @@
@@ -175662,8 +178949,6 @@
ERR_print_errors_fp(stderr);
return 0;
err:
-diff --git a/test/dsatest.c b/test/dsatest.c
-index 1945f35..1085422 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -1,58 +1,10 @@
@@ -175754,8 +179039,6 @@
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c
-index 6eb2e5c..cc7e5f7 100644
--- a/test/dtlsv1listentest.c
+++ b/test/dtlsv1listentest.c
@@ -1,58 +1,10 @@
@@ -175822,9 +179105,6 @@
*/
#include <string.h>
-diff --git a/test/dummytest.c b/test/dummytest.c
-deleted file mode 100644
-index 25ce77b..0000000
--- a/test/dummytest.c
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -175885,8 +179165,6 @@
- OPENSSL_free(program);
- return (0);
-}
-diff --git a/test/ecdhtest.c b/test/ecdhtest.c
-index 356f3e9..b327847 100644
--- a/test/ecdhtest.c
+++ b/test/ecdhtest.c
@@ -1,3 +1,12 @@
@@ -175962,8 +179240,6 @@
#include <stdio.h>
#include <stdlib.h>
-diff --git a/test/ecdhtest_cavs.h b/test/ecdhtest_cavs.h
-index 632d02d..fee7011 100644
--- a/test/ecdhtest_cavs.h
+++ b/test/ecdhtest_cavs.h
@@ -1,10 +1,19 @@
@@ -175988,8 +179264,6 @@
* 456068d3f8aad8ac62a03d19ed3173f00ad51f42b51aeab4753c20f30c01cf23 KAS_ECC_CDH_PrimitiveTest.txt
*/
-diff --git a/test/ecdsatest.c b/test/ecdsatest.c
-index f5b753a..538f9df 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -1,59 +1,12 @@
@@ -176058,7 +179332,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -192,7 +145,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+@@ -192,7 +145,7 @@ int x9_62_test_internal(BIO *out, int ni
ECDSA_SIG *signature = NULL;
BIGNUM *r = NULL, *s = NULL;
BIGNUM *kinv = NULL, *rp = NULL;
@@ -176067,7 +179341,7 @@
if (md_ctx == NULL)
goto x962_int_err;
-@@ -227,7 +180,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+@@ -227,7 +180,7 @@ int x9_62_test_internal(BIO *out, int ni
goto x962_int_err;
if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))
goto x962_int_err;
@@ -176163,8 +179437,6 @@
OPENSSL_free(signature);
OPENSSL_free(raw_buf);
OPENSSL_free(curves);
-diff --git a/test/ectest.c b/test/ectest.c
-index bbc7ed0..f7e55c3 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1,59 +1,12 @@
@@ -176429,7 +179701,7 @@
EC_GROUP_free(C2_K163);
EC_GROUP_free(C2_B163);
-@@ -1527,7 +1554,7 @@ static const struct nistp_test_params nistp_tests_params[] = {
+@@ -1527,7 +1554,7 @@ static const struct nistp_test_params ni
static void nistp_single_test(const struct nistp_test_params *test)
{
BN_CTX *ctx;
@@ -176438,7 +179710,7 @@
EC_GROUP *NISTP;
EC_POINT *G, *P, *Q, *Q_CHECK;
-@@ -1542,6 +1569,7 @@ static void nistp_single_test(const struct nistp_test_params *test)
+@@ -1542,6 +1569,7 @@ static void nistp_single_test(const stru
m = BN_new();
n = BN_new();
order = BN_new();
@@ -176446,7 +179718,7 @@
NISTP = EC_GROUP_new(test->meth());
if (!NISTP)
-@@ -1564,6 +1592,14 @@ static void nistp_single_test(const struct nistp_test_params *test)
+@@ -1564,6 +1592,14 @@ static void nistp_single_test(const stru
ABORT;
if (!BN_hex2bn(&y, test->Qy))
ABORT;
@@ -176461,7 +179733,7 @@
if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
ABORT;
if (!BN_hex2bn(&x, test->Gx))
-@@ -1662,6 +1698,7 @@ static void nistp_single_test(const struct nistp_test_params *test)
+@@ -1662,6 +1698,7 @@ static void nistp_single_test(const stru
BN_free(x);
BN_free(y);
BN_free(order);
@@ -176469,8 +179741,6 @@
BN_CTX_free(ctx);
}
-diff --git a/test/enginetest.c b/test/enginetest.c
-index 873b4ea..21cd20a 100644
--- a/test/enginetest.c
+++ b/test/enginetest.c
@@ -1,59 +1,10 @@
@@ -176538,8 +179808,6 @@
*/
#include <stdio.h>
-diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
-index dbcfb7c..9217f3a 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1,69 +1,10 @@
@@ -176618,8 +179886,6 @@
*/
#include <stdio.h>
-diff --git a/test/evp_test.c b/test/evp_test.c
-index 56c821b..f820e25 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1,54 +1,10 @@
@@ -176691,7 +179957,7 @@
/* Expected error value of test */
char *expected_err;
/* Number of tests */
-@@ -364,8 +320,13 @@ static int check_test_error(struct evp_test *t)
+@@ -364,8 +320,13 @@ static int check_test_error(struct evp_t
if (!t->err && !t->expected_err)
return 1;
if (t->err && !t->expected_err) {
@@ -176707,7 +179973,7 @@
print_expected(t);
return 0;
}
-@@ -830,7 +791,8 @@ static int cipher_test_parse(struct evp_test *t, const char *keyword,
+@@ -830,7 +791,8 @@ static int cipher_test_parse(struct evp_
return 0;
}
@@ -176717,7 +179983,7 @@
{
struct cipher_data *cdat = t->data;
unsigned char *in, *out, *tmp = NULL;
-@@ -854,9 +816,31 @@ static int cipher_test_enc(struct evp_test *t, int enc)
+@@ -854,9 +816,31 @@ static int cipher_test_enc(struct evp_te
out = cdat->plaintext;
out_len = cdat->plaintext_len;
}
@@ -176752,7 +180018,7 @@
err = "CIPHERINIT_ERROR";
if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc))
goto err;
-@@ -918,20 +902,20 @@ static int cipher_test_enc(struct evp_test *t, int enc)
+@@ -918,20 +902,20 @@ static int cipher_test_enc(struct evp_te
}
EVP_CIPHER_CTX_set_padding(ctx, 0);
err = "CIPHERUPDATE_ERROR";
@@ -176776,7 +180042,7 @@
goto err;
if (enc && cdat->aead) {
unsigned char rtag[16];
-@@ -961,6 +945,8 @@ static int cipher_test_run(struct evp_test *t)
+@@ -961,6 +945,8 @@ static int cipher_test_run(struct evp_te
{
struct cipher_data *cdat = t->data;
int rv;
@@ -176785,7 +180051,7 @@
if (!cdat->key) {
t->err = "NO_KEY";
return 0;
-@@ -976,24 +962,41 @@ static int cipher_test_run(struct evp_test *t)
+@@ -976,24 +962,41 @@ static int cipher_test_run(struct evp_te
t->err = "NO_TAG";
return 0;
}
@@ -176843,8 +180109,6 @@
return 1;
}
-diff --git a/test/evptests.txt b/test/evptests.txt
-index fb94416..a66a152 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -1,3 +1,12 @@
@@ -176994,8 +180258,6 @@
# AES wrap tests from RFC3394
Cipher = id-aes128-wrap
Key = 000102030405060708090A0B0C0D0E0F
-diff --git a/test/exdatatest.c b/test/exdatatest.c
-index 96105bb..8e35068 100644
--- a/test/exdatatest.c
+++ b/test/exdatatest.c
@@ -1,56 +1,12 @@
@@ -177062,14 +180324,14 @@
#include <stdio.h>
#include <assert.h>
#include <string.h>
-diff --git a/test/exptest.c b/test/exptest.c
-index 6880268..f7df9cf 100644
--- a/test/exptest.c
+++ b/test/exptest.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -177117,9 +180379,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -177131,9 +180391,6 @@
*/
#include <stdio.h>
-diff --git a/test/generate_buildtest.pl b/test/generate_buildtest.pl
-new file mode 100644
-index 0000000..7921021
--- /dev/null
+++ b/test/generate_buildtest.pl
@@ -0,0 +1,27 @@
@@ -177164,8 +180421,6 @@
+ return 0;
+}
+_____
-diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl
-index 713fb3f..7a016d1 100644
--- a/test/generate_ssl_tests.pl
+++ b/test/generate_ssl_tests.pl
@@ -1,5 +1,10 @@
@@ -177181,20 +180436,47 @@
## SSL testcase generator
-@@ -38,6 +43,12 @@ sub print_templates {
+@@ -38,7 +43,39 @@ sub print_templates {
# Add the implicit base configuration.
foreach my $test (@ssltests::tests) {
$test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
-+ # Do not emit an empty "server2" section.
-+ if (defined $test->{"server2"}) {
++ if (defined $test->{"server2"}) {
+ $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
+ } else {
++ if (defined $test->{"test"}->{"ServerNameCallback"}) {
++ # Default is the same as server.
++ $test->{"reuse_server2"} = 1;
++ }
++ # Do not emit an empty/duplicate "server2" section.
+ $test->{"server2"} = { };
+ }
++ if (defined $test->{"resume_server"}) {
++ $test->{"resume_server"} = { (%ssltests::base_server, %{$test->{"resume_server"}}) };
++ } else {
++ if (defined $test->{"test"}->{"HandshakeMode"} &&
++ $test->{"test"}->{"HandshakeMode"} eq "Resume") {
++ # Default is the same as server.
++ $test->{"reuse_resume_server"} = 1;
++ }
++ # Do not emit an empty/duplicate "resume-server" section.
++ $test->{"resume_server"} = { };
++ }
$test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
++ if (defined $test->{"resume_client"}) {
++ $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) };
++ } else {
++ if (defined $test->{"test"}->{"HandshakeMode"} &&
++ $test->{"test"}->{"HandshakeMode"} eq "Resume") {
++ # Default is the same as client.
++ $test->{"reuse_resume_client"} = 1;
++ }
++ # Do not emit an empty/duplicate "resume-client" section.
++ $test->{"resume_client"} = { };
++ }
}
-@@ -87,8 +98,7 @@ sub print_templates {
+ # ssl_test expects to find a
+@@ -87,8 +124,7 @@ sub print_templates {
# Shamelessly copied from Configure.
sub read_config {
my $fname = shift;
@@ -177204,8 +180486,6 @@
local $/ = undef;
my $content = <INPUT>;
close(INPUT);
-diff --git a/test/gmdifftest.c b/test/gmdifftest.c
-index 57c6a3d..73c910d 100644
--- a/test/gmdifftest.c
+++ b/test/gmdifftest.c
@@ -1,55 +1,10 @@
@@ -177270,11 +180550,9 @@
*/
#include <openssl/crypto.h>
-diff --git a/test/handshake_helper.c b/test/handshake_helper.c
-index 4682d45..8a8dab0 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
-@@ -1,16 +1,16 @@
+@@ -1,20 +1,37 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
@@ -177295,7 +180573,28 @@
#include <openssl/ssl.h>
#include "handshake_helper.h"
-@@ -23,11 +23,13 @@
+
++HANDSHAKE_RESULT *HANDSHAKE_RESULT_new()
++{
++ HANDSHAKE_RESULT *ret;
++ ret = OPENSSL_zalloc(sizeof(*ret));
++ OPENSSL_assert(ret != NULL);
++ return ret;
++}
++
++void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
++{
++ OPENSSL_free(result->client_npn_negotiated);
++ OPENSSL_free(result->server_npn_negotiated);
++ OPENSSL_free(result->client_alpn_negotiated);
++ OPENSSL_free(result->server_alpn_negotiated);
++ OPENSSL_free(result);
++}
++
+ /*
+ * Since there appears to be no way to extract the sent/received alert
+ * from the SSL object directly, we use the info callback and stash
+@@ -23,11 +40,29 @@
typedef struct handshake_ex_data {
int alert_sent;
int alert_received;
@@ -177303,6 +180602,22 @@
+ ssl_servername_t servername;
} HANDSHAKE_EX_DATA;
++typedef struct ctx_data {
++ unsigned char *npn_protocols;
++ size_t npn_protocols_len;
++ unsigned char *alpn_protocols;
++ size_t alpn_protocols_len;
++} CTX_DATA;
++
++/* |ctx_data| itself is stack-allocated. */
++static void ctx_data_free_data(CTX_DATA *ctx_data)
++{
++ OPENSSL_free(ctx_data->npn_protocols);
++ ctx_data->npn_protocols = NULL;
++ OPENSSL_free(ctx_data->alpn_protocols);
++ ctx_data->alpn_protocols = NULL;
++}
++
static int ex_data_idx;
-static void info_callback(const SSL *s, int where, int ret)
@@ -177310,12 +180625,11 @@
{
if (where & SSL_CB_ALERT) {
HANDSHAKE_EX_DATA *ex_data =
-@@ -40,6 +42,158 @@ static void info_callback(const SSL *s, int where, int ret)
+@@ -40,22 +75,344 @@ static void info_callback(const SSL *s,
}
}
-+/*
-+ * Select the appropriate server CTX.
++/* Select the appropriate server CTX.
+ * Returns SSL_TLSEXT_ERR_OK if a match was found.
+ * If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
+ * Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
@@ -177387,13 +180701,13 @@
+ return 1;
+}
+
-+static int broken_session_ticket_cb(SSL* s, unsigned char* key_name, unsigned char *iv,
++static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, unsigned char *iv,
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+{
+ return 0;
+}
+
-+static int do_not_call_session_ticket_cb(SSL* s, unsigned char* key_name,
++static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
+ unsigned char *iv,
+ EVP_CIPHER_CTX *ctx,
+ HMAC_CTX *hctx, int enc)
@@ -177404,14 +180718,118 @@
+ return 0;
+}
+
++/* Parse the comma-separated list into TLS format. */
++static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
++{
++ size_t len, i, prefix;
++
++ len = strlen(protos);
++
++ /* Should never have reuse. */
++ OPENSSL_assert(*out == NULL);
++
++ /* Test values are small, so we omit length limit checks. */
++ *out = OPENSSL_malloc(len + 1);
++ OPENSSL_assert(*out != NULL);
++ *outlen = len + 1;
++
++ /*
++ * foo => '3', 'f', 'o', 'o'
++ * foo,bar => '3', 'f', 'o', 'o', '3', 'b', 'a', 'r'
++ */
++ memcpy(*out + 1, protos, len);
++
++ prefix = 0;
++ i = prefix + 1;
++ while (i <= len) {
++ if ((*out)[i] == ',') {
++ OPENSSL_assert(i - 1 - prefix > 0);
++ (*out)[prefix] = i - 1 - prefix;
++ prefix = i;
++ }
++ i++;
++ }
++ OPENSSL_assert(len - prefix > 0);
++ (*out)[prefix] = len - prefix;
++}
++
+/*
++ * The client SHOULD select the first protocol advertised by the server that it
++ * also supports. In the event that the client doesn't support any of server's
++ * protocols, or the server doesn't advertise any, it SHOULD select the first
++ * protocol that it supports.
++ */
++static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen,
++ const unsigned char *in, unsigned int inlen,
++ void *arg)
++{
++ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
++ int ret;
++
++ ret = SSL_select_next_proto(out, outlen, in, inlen,
++ ctx_data->npn_protocols,
++ ctx_data->npn_protocols_len);
++ /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */
++ OPENSSL_assert(ret == OPENSSL_NPN_NEGOTIATED
++ || ret == OPENSSL_NPN_NO_OVERLAP);
++ return SSL_TLSEXT_ERR_OK;
++}
++
++static int server_npn_cb(SSL *s, const unsigned char **data,
++ unsigned int *len, void *arg)
++{
++ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
++ *data = ctx_data->npn_protocols;
++ *len = ctx_data->npn_protocols_len;
++ return SSL_TLSEXT_ERR_OK;
++}
++
++/*
++ * The server SHOULD select the most highly preferred protocol that it supports
++ * and that is also advertised by the client. In the event that the server
++ * supports no protocols that the client advertises, then the server SHALL
++ * respond with a fatal "no_application_protocol" alert.
++ */
++static int server_alpn_cb(SSL *s, const unsigned char **out,
++ unsigned char *outlen, const unsigned char *in,
++ unsigned int inlen, void *arg)
++{
++ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
++ int ret;
++
++ /* SSL_select_next_proto isn't const-correct... */
++ unsigned char *tmp_out;
++
++ /*
++ * The result points either to |in| or to |ctx_data->alpn_protocols|.
++ * The callback is allowed to point to |in| or to a long-lived buffer,
++ * so we can return directly without storing a copy.
++ */
++ ret = SSL_select_next_proto(&tmp_out, outlen,
++ ctx_data->alpn_protocols,
++ ctx_data->alpn_protocols_len, in, inlen);
++
++ *out = tmp_out;
++ /* Unlike NPN, we don't tolerate a mismatch. */
++ return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
++ : SSL_TLSEXT_ERR_NOACK;
++}
++
++
++/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
+ */
+static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+ SSL_CTX *client_ctx,
-+ const SSL_TEST_CTX *test_ctx)
++ const SSL_TEST_CTX *test_ctx,
++ CTX_DATA *server_ctx_data,
++ CTX_DATA *server2_ctx_data,
++ CTX_DATA *client_ctx_data)
+{
++ unsigned char *ticket_keys;
++ size_t ticket_key_len;
++
+ switch (test_ctx->client_verify_callback) {
+ case SSL_TEST_VERIFY_ACCEPT_ALL:
+ SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb,
@@ -177451,12 +180869,64 @@
+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
+ SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
+ }
++ if (test_ctx->server_npn_protocols != NULL) {
++ parse_protos(test_ctx->server_npn_protocols,
++ &server_ctx_data->npn_protocols,
++ &server_ctx_data->npn_protocols_len);
++ SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb,
++ server_ctx_data);
++ }
++ if (test_ctx->server2_npn_protocols != NULL) {
++ parse_protos(test_ctx->server2_npn_protocols,
++ &server2_ctx_data->npn_protocols,
++ &server2_ctx_data->npn_protocols_len);
++ OPENSSL_assert(server2_ctx != NULL);
++ SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
++ server2_ctx_data);
++ }
++ if (test_ctx->client_npn_protocols != NULL) {
++ parse_protos(test_ctx->client_npn_protocols,
++ &client_ctx_data->npn_protocols,
++ &client_ctx_data->npn_protocols_len);
++ SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
++ client_ctx_data);
++ }
++ if (test_ctx->server_alpn_protocols != NULL) {
++ parse_protos(test_ctx->server_alpn_protocols,
++ &server_ctx_data->alpn_protocols,
++ &server_ctx_data->alpn_protocols_len);
++ SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
++ }
++ if (test_ctx->server2_alpn_protocols != NULL) {
++ OPENSSL_assert(server2_ctx != NULL);
++ parse_protos(test_ctx->server2_alpn_protocols,
++ &server2_ctx_data->alpn_protocols,
++ &server2_ctx_data->alpn_protocols_len);
++ SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data);
++ }
++ if (test_ctx->client_alpn_protocols != NULL) {
++ unsigned char *alpn_protos = NULL;
++ size_t alpn_protos_len;
++ parse_protos(test_ctx->client_alpn_protocols,
++ &alpn_protos, &alpn_protos_len);
++ /* Reversed return value convention... */
++ OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
++ alpn_protos_len) == 0);
++ OPENSSL_free(alpn_protos);
++ }
++ /*
++ * Use fixed session ticket keys so that we can decrypt a ticket created with
++ * one CTX in another CTX. Don't address server2 for the moment.
++ */
++ ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0);
++ ticket_keys = OPENSSL_zalloc(ticket_key_len);
++ OPENSSL_assert(ticket_keys != NULL);
++ OPENSSL_assert(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys,
++ ticket_key_len) == 1);
++ OPENSSL_free(ticket_keys);
+}
+
-+/*
-+ * Configure callbacks and other properties that can't be set directly
-+ * in the server/client CONF.
-+ */
++/* Configure per-SSL callbacks and other properties. */
+static void configure_handshake_ssl(SSL *server, SSL *client,
+ const SSL_TEST_CTX *test_ctx)
+{
@@ -177469,36 +180939,110 @@
typedef enum {
PEER_SUCCESS,
PEER_RETRY,
-@@ -139,7 +293,8 @@ static handshake_status_t handshake_status(peer_status_t last_status,
+ PEER_ERROR
+ } peer_status_t;
+
+-static peer_status_t do_handshake_step(SSL *ssl)
++/*
++ * RFC 5246 says:
++ *
++ * Note that as of TLS 1.1,
++ * failure to properly close a connection no longer requires that a
++ * session not be resumed. This is a change from TLS 1.0 to conform
++ * with widespread implementation practice.
++ *
++ * However,
++ * (a) OpenSSL requires that a connection be shutdown for all protocol versions.
++ * (b) We test lower versions, too.
++ * So we just implement shutdown. We do a full bidirectional shutdown so that we
++ * can compare sent and received close_notify alerts and get some test coverage
++ * for SSL_shutdown as a bonus.
++ */
++static peer_status_t do_handshake_step(SSL *ssl, int shutdown)
+ {
+ int ret;
+
+- ret = SSL_do_handshake(ssl);
++ ret = shutdown ? SSL_shutdown(ssl) : SSL_do_handshake(ssl);
+
+ if (ret == 1) {
+ return PEER_SUCCESS;
+ } else if (ret == 0) {
+- return PEER_ERROR;
++ return shutdown ? PEER_RETRY : PEER_ERROR;
+ } else {
+ int error = SSL_get_error(ssl, ret);
+ /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
+@@ -139,24 +496,63 @@ static handshake_status_t handshake_stat
return INTERNAL_ERROR;
}
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
-+HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
-+ SSL_CTX *client_ctx, const SSL_TEST_CTX *test_ctx)
++/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
++static char *dup_str(const unsigned char *in, size_t len)
++{
++ char *ret;
++
++ if(len == 0)
++ return NULL;
++
++ /* Assert that the string does not contain NUL-bytes. */
++ OPENSSL_assert(OPENSSL_strnlen((const char*)(in), len) == len);
++ ret = OPENSSL_strndup((const char*)(in), len);
++ OPENSSL_assert(ret != NULL);
++ return ret;
++}
++
++static HANDSHAKE_RESULT *do_handshake_internal(
++ SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
++ const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in,
++ SSL_SESSION **session_out)
{
SSL *server, *client;
BIO *client_to_server, *server_to_client;
-@@ -148,11 +303,18 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
- int client_turn = 1;
+ HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
+- HANDSHAKE_RESULT ret;
+- int client_turn = 1;
++ CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
++ HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
++ int client_turn = 1, shutdown = 0;
peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
handshake_status_t status = HANDSHAKE_RETRY;
+ unsigned char* tick = NULL;
-+ size_t len = 0;
++ size_t tick_len = 0;
+ SSL_SESSION* sess = NULL;
++ const unsigned char *proto = NULL;
++ /* API dictates unsigned int rather than size_t. */
++ unsigned int proto_len = 0;
+
-+ configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx);
++ memset(&server_ctx_data, 0, sizeof(server_ctx_data));
++ memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
++ memset(&client_ctx_data, 0, sizeof(client_ctx_data));
++
++ configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx,
++ &server_ctx_data, &server2_ctx_data, &client_ctx_data);
server = SSL_new(server_ctx);
client = SSL_new(client_ctx);
OPENSSL_assert(server != NULL && client != NULL);
+ configure_handshake_ssl(server, client, test_ctx);
++ if (session_in != NULL) {
++ /* In case we're testing resumption without tickets. */
++ OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in));
++ OPENSSL_assert(SSL_set_session(client, session_in));
++ }
+
memset(&server_ex_data, 0, sizeof(server_ex_data));
memset(&client_ex_data, 0, sizeof(client_ex_data));
- memset(&ret, 0, sizeof(ret));
-@@ -184,8 +346,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+- memset(&ret, 0, sizeof(ret));
+- ret.result = SSL_TEST_INTERNAL_ERROR;
++
++ ret->result = SSL_TEST_INTERNAL_ERROR;
+
+ client_to_server = BIO_new(BIO_s_mem());
+ server_to_client = BIO_new(BIO_s_mem());
+@@ -184,8 +580,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
OPENSSL_assert(SSL_set_ex_data(client, ex_data_idx,
&client_ex_data) == 1);
@@ -177509,23 +181053,128 @@
/*
* Half-duplex handshake loop.
-@@ -232,6 +394,14 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
- ret.client_alert_received = server_ex_data.alert_received;
- ret.server_protocol = SSL_version(server);
- ret.client_protocol = SSL_version(client);
-+ ret.servername = server_ex_data.servername;
+@@ -197,27 +593,34 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
+ */
+ for(;;) {
+ if (client_turn) {
+- client_status = do_handshake_step(client);
++ client_status = do_handshake_step(client, shutdown);
+ status = handshake_status(client_status, server_status,
+ 1 /* client went last */);
+ } else {
+- server_status = do_handshake_step(server);
++ server_status = do_handshake_step(server, shutdown);
+ status = handshake_status(server_status, client_status,
+ 0 /* server went last */);
+ }
+
+ switch (status) {
+ case HANDSHAKE_SUCCESS:
+- ret.result = SSL_TEST_SUCCESS;
+- goto err;
++ if (shutdown) {
++ ret->result = SSL_TEST_SUCCESS;
++ goto err;
++ } else {
++ client_status = server_status = PEER_RETRY;
++ shutdown = 1;
++ client_turn = 1;
++ break;
++ }
+ case CLIENT_ERROR:
+- ret.result = SSL_TEST_CLIENT_FAIL;
++ ret->result = SSL_TEST_CLIENT_FAIL;
+ goto err;
+ case SERVER_ERROR:
+- ret.result = SSL_TEST_SERVER_FAIL;
++ ret->result = SSL_TEST_SERVER_FAIL;
+ goto err;
+ case INTERNAL_ERROR:
+- ret.result = SSL_TEST_INTERNAL_ERROR;
++ ret->result = SSL_TEST_INTERNAL_ERROR;
+ goto err;
+ case HANDSHAKE_RETRY:
+ /* Continue. */
+@@ -226,14 +629,73 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
+ }
+ }
+ err:
+- ret.server_alert_sent = server_ex_data.alert_sent;
+- ret.server_alert_received = client_ex_data.alert_received;
+- ret.client_alert_sent = client_ex_data.alert_sent;
+- ret.client_alert_received = server_ex_data.alert_received;
+- ret.server_protocol = SSL_version(server);
+- ret.client_protocol = SSL_version(client);
++ ret->server_alert_sent = server_ex_data.alert_sent;
++ ret->server_alert_received = client_ex_data.alert_received;
++ ret->client_alert_sent = client_ex_data.alert_sent;
++ ret->client_alert_received = server_ex_data.alert_received;
++ ret->server_protocol = SSL_version(server);
++ ret->client_protocol = SSL_version(client);
++ ret->servername = server_ex_data.servername;
+ if ((sess = SSL_get0_session(client)) != NULL)
-+ SSL_SESSION_get0_ticket(sess, &tick, &len);
-+ if (tick == NULL || len == 0)
-+ ret.session_ticket = SSL_TEST_SESSION_TICKET_NO;
++ SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
++ if (tick == NULL || tick_len == 0)
++ ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
+ else
-+ ret.session_ticket = SSL_TEST_SESSION_TICKET_YES;
-+ ret.session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
++ ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
++ ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
++
++ SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
++ ret->client_npn_negotiated = dup_str(proto, proto_len);
++
++ SSL_get0_next_proto_negotiated(server, &proto, &proto_len);
++ ret->server_npn_negotiated = dup_str(proto, proto_len);
++
++ SSL_get0_alpn_selected(client, &proto, &proto_len);
++ ret->client_alpn_negotiated = dup_str(proto, proto_len);
++
++ SSL_get0_alpn_selected(server, &proto, &proto_len);
++ ret->server_alpn_negotiated = dup_str(proto, proto_len);
++
++ ret->client_resumed = SSL_session_reused(client);
++ ret->server_resumed = SSL_session_reused(server);
++
++ if (session_out != NULL)
++ *session_out = SSL_get1_session(client);
++
++ ctx_data_free_data(&server_ctx_data);
++ ctx_data_free_data(&server2_ctx_data);
++ ctx_data_free_data(&client_ctx_data);
SSL_free(server);
SSL_free(client);
-diff --git a/test/handshake_helper.h b/test/handshake_helper.h
-index 56dfb19..4a51ad4 100644
+ return ret;
+ }
++
++HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
++ SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
++ SSL_CTX *resume_client_ctx,
++ const SSL_TEST_CTX *test_ctx)
++{
++ HANDSHAKE_RESULT *result;
++ SSL_SESSION *session = NULL;
++
++ result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,
++ test_ctx, NULL, &session);
++ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE)
++ goto end;
++
++ OPENSSL_assert(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME);
++
++ if (result->result != SSL_TEST_SUCCESS) {
++ result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED;
++ return result;
++ }
++
++ HANDSHAKE_RESULT_free(result);
++ /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
++ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
++ test_ctx, session, NULL);
++ end:
++ SSL_SESSION_free(session);
++ return result;
++}
--- a/test/handshake_helper.h
+++ b/test/handshake_helper.h
@@ -1,11 +1,10 @@
@@ -177543,7 +181192,7 @@
*/
#ifndef HEADER_HANDSHAKE_HELPER_H
-@@ -27,9 +26,16 @@ typedef struct handshake_result {
+@@ -27,9 +26,28 @@ typedef struct handshake_result {
/* Negotiated protocol. On success, these should always match. */
int server_protocol;
int client_protocol;
@@ -177553,16 +181202,26 @@
+ ssl_session_ticket_t session_ticket;
+ /* Was this called on the second context? */
+ int session_ticket_do_not_call;
++ char *client_npn_negotiated;
++ char *server_npn_negotiated;
++ char *client_alpn_negotiated;
++ char *server_alpn_negotiated;
++ /* Was the handshake resumed? */
++ int client_resumed;
++ int server_resumed;
} HANDSHAKE_RESULT;
++HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
++void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result);
++
/* Do a handshake and report some information about the result. */
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx);
-+HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
-+ SSL_CTX *client_ctx, const SSL_TEST_CTX *test_ctx);
++HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
++ SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
++ SSL_CTX *resume_client_ctx,
++ const SSL_TEST_CTX *test_ctx);
#endif /* HEADER_HANDSHAKE_HELPER_H */
-diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c
-index 2fda576..906736c 100644
--- a/test/heartbeat_test.c
+++ b/test/heartbeat_test.c
@@ -1,3 +1,12 @@
@@ -177578,7 +181237,7 @@
/*-
* Unit test for TLS heartbeats.
*
-@@ -92,7 +101,7 @@ static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name,
+@@ -92,7 +101,7 @@ static HEARTBEAT_TEST_FIXTURE set_up(con
goto fail;
}
@@ -177587,8 +181246,6 @@
fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
test_case_name);
setup_ok = 0;
-diff --git a/test/hmactest.c b/test/hmactest.c
-index 2ceec5f..a5c6e74 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -1,58 +1,10 @@
@@ -177679,7 +181336,7 @@
if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++;
-@@ -203,6 +160,11 @@ test5:
+@@ -203,6 +160,11 @@ int main(int argc, char *argv[])
}
HMAC_CTX_reset(ctx);
@@ -177691,7 +181348,7 @@
if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++;
-@@ -250,6 +212,11 @@ test5:
+@@ -250,6 +212,11 @@ int main(int argc, char *argv[])
err++;
goto test6;
}
@@ -177703,8 +181360,6 @@
if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n");
err++;
-diff --git a/test/ideatest.c b/test/ideatest.c
-index 0f68ebd..3849670 100644
--- a/test/ideatest.c
+++ b/test/ideatest.c
@@ -1,58 +1,10 @@
@@ -177772,8 +181427,6 @@
*/
#include <stdio.h>
-diff --git a/test/igetest.c b/test/igetest.c
-index aca8f85..1245860 100644
--- a/test/igetest.c
+++ b/test/igetest.c
@@ -1,51 +1,10 @@
@@ -177834,8 +181487,6 @@
*/
#include <openssl/crypto.h>
-diff --git a/test/md2test.c b/test/md2test.c
-index ccf4659..5d94e5f 100644
--- a/test/md2test.c
+++ b/test/md2test.c
@@ -1,58 +1,10 @@
@@ -177903,8 +181554,20 @@
*/
#include <stdio.h>
-diff --git a/test/md4test.c b/test/md4test.c
-index d7168a1..9c2e7fd 100644
+@@ -108,8 +60,11 @@ int main(int argc, char *argv[])
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+- EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
+- NULL);
++ if (!EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
++ NULL)) {
++ printf("EVP Digest error.\n");
++ EXIT(1);
++ }
+ p = pt(md);
+ if (strcmp(p, *R) != 0) {
+ printf("error calculating MD2 on '%s'\n", *P);
--- a/test/md4test.c
+++ b/test/md4test.c
@@ -1,58 +1,10 @@
@@ -177972,8 +181635,19 @@
*/
#include <stdio.h>
-diff --git a/test/md5test.c b/test/md5test.c
-index 2c75890..f39b907 100644
+@@ -104,7 +56,11 @@ int main(int argc, char *argv[])
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL);
++ if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(),
++ NULL)) {
++ printf("EVP Digest error.\n");
++ EXIT(1);
++ }
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating MD4 on '%s'\n", *P);
--- a/test/md5test.c
+++ b/test/md5test.c
@@ -1,58 +1,10 @@
@@ -178041,8 +181715,19 @@
*/
#include <stdio.h>
-diff --git a/test/mdc2test.c b/test/mdc2test.c
-index 2177a0e..dc8dd58 100644
+@@ -104,7 +56,11 @@ int main(int argc, char *argv[])
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), NULL);
++ if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(),
++ NULL)) {
++ printf("EVP Digest error.\n");
++ EXIT(1);
++ }
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating MD5 on '%s'\n", *P);
--- a/test/mdc2test.c
+++ b/test/mdc2test.c
@@ -1,58 +1,10 @@
@@ -178110,7 +181795,12 @@
*/
#include <stdio.h>
-@@ -95,7 +47,7 @@ int main(int argc, char *argv[])
+@@ -91,20 +43,22 @@ static unsigned char pad2[16] = {
+
+ int main(int argc, char *argv[])
+ {
+- int ret = 0;
++ int ret = 1;
unsigned char md[MDC2_DIGEST_LENGTH];
int i;
EVP_MD_CTX *c;
@@ -178119,8 +181809,59 @@
# ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, strlen(text));
-diff --git a/test/memleaktest.c b/test/memleaktest.c
-index f894590..2b23df7 100644
+ # endif
+
+ c = EVP_MD_CTX_new();
+- EVP_DigestInit_ex(c, EVP_mdc2(), NULL);
+- EVP_DigestUpdate(c, (unsigned char *)text, strlen(text));
+- EVP_DigestFinal_ex(c, &(md[0]), NULL);
++ if (c == NULL
++ || !EVP_DigestInit_ex(c, EVP_mdc2(), NULL)
++ || !EVP_DigestUpdate(c, (unsigned char *)text, strlen(text))
++ || !EVP_DigestFinal_ex(c, &(md[0]), NULL))
++ goto err;
+
+ if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+@@ -113,15 +67,18 @@ int main(int argc, char *argv[])
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", pad1[i]);
+ printf(" <- correct\n");
+- ret = 1;
+- } else
++ goto err;
++ } else {
+ printf("pad1 - ok\n");
++ }
+
+- EVP_DigestInit_ex(c, EVP_mdc2(), NULL);
++ if (!EVP_DigestInit_ex(c, EVP_mdc2(), NULL))
++ goto err;
+ /* FIXME: use a ctl function? */
+ ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
+- EVP_DigestUpdate(c, (unsigned char *)text, strlen(text));
+- EVP_DigestFinal_ex(c, &(md[0]), NULL);
++ if (!EVP_DigestUpdate(c, (unsigned char *)text, strlen(text))
++ || !EVP_DigestFinal_ex(c, &(md[0]), NULL))
++ goto err;
+
+ if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+@@ -130,10 +87,12 @@ int main(int argc, char *argv[])
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", pad2[i]);
+ printf(" <- correct\n");
+- ret = 1;
+- } else
++ } else {
+ printf("pad2 - ok\n");
++ ret = 0;
++ }
+
++ err:
+ EVP_MD_CTX_free(c);
+ EXIT(ret);
+ }
--- a/test/memleaktest.c
+++ b/test/memleaktest.c
@@ -1,55 +1,10 @@
@@ -178185,8 +181926,6 @@
*/
#include <stdio.h>
-diff --git a/test/methtest.c b/test/methtest.c
-index efec154..11aa233 100644
--- a/test/methtest.c
+++ b/test/methtest.c
@@ -1,58 +1,10 @@
@@ -178254,11 +181993,9 @@
*/
#include <stdio.h>
-diff --git a/test/nptest.c b/test/nptest.c
-index 9528851..62dd271 100644
--- a/test/nptest.c
-+++ b/test/nptest.c
-@@ -1,58 +1,12 @@
++++ /dev/null
+@@ -1,66 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
- *
@@ -178310,21 +182047,21 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
+- *
+- */
-
- #include <stdio.h>
- #include <string.h>
-
-diff --git a/test/p5_crpt2_test.c b/test/p5_crpt2_test.c
-index da45f70..4a40c26 100644
+-
+-#include <stdio.h>
+-#include <string.h>
+-
+-int main()
+-{
+- char *p = NULL;
+- char bytes[sizeof(p)];
+-
+- memset(bytes, 0, sizeof bytes);
+- return memcmp(&p, bytes, sizeof(bytes)) == 0 ? 0 : 1;
+-}
--- a/test/p5_crpt2_test.c
+++ b/test/p5_crpt2_test.c
@@ -1,50 +1,10 @@
@@ -178393,8 +182130,6 @@
#include <openssl/err.h>
#include <openssl/conf.h>
-diff --git a/test/packettest.c b/test/packettest.c
-index 57ef51b..58fc752 100644
--- a/test/packettest.c
+++ b/test/packettest.c
@@ -1,61 +1,12 @@
@@ -178464,8 +182199,6 @@
#include "../ssl/packet_locl.h"
#define BUF_LEN 255
-diff --git a/test/pbelutest.c b/test/pbelutest.c
-index dafae78..e226d43 100644
--- a/test/pbelutest.c
+++ b/test/pbelutest.c
@@ -1,55 +1,10 @@
@@ -178530,8 +182263,6 @@
*/
#include <openssl/evp.h>
-diff --git a/test/pkits-test.pl b/test/pkits-test.pl
-index 5c6b89f..ae7279c 100644
--- a/test/pkits-test.pl
+++ b/test/pkits-test.pl
@@ -1,54 +1,10 @@
@@ -178595,8 +182326,6 @@
# Perl utility to run PKITS tests for RFC3280 compliance.
-diff --git a/test/r160test.c b/test/r160test.c
-index b99fa3a..06033eb 100644
--- a/test/r160test.c
+++ b/test/r160test.c
@@ -1,56 +1,9 @@
@@ -178663,8 +182392,6 @@
+ * https://www.openssl.org/source/license.html
*/
+
-diff --git a/test/randtest.c b/test/randtest.c
-index dc0e84d..9f7a037 100644
--- a/test/randtest.c
+++ b/test/randtest.c
@@ -1,58 +1,10 @@
@@ -178732,8 +182459,6 @@
*/
#include <stdio.h>
-diff --git a/test/rc2test.c b/test/rc2test.c
-index 3890cf0..2d0a01d 100644
--- a/test/rc2test.c
+++ b/test/rc2test.c
@@ -1,58 +1,10 @@
@@ -178801,8 +182526,6 @@
*/
/*
-diff --git a/test/rc4test.c b/test/rc4test.c
-index 271fcf1..7a77b82 100644
--- a/test/rc4test.c
+++ b/test/rc4test.c
@@ -1,58 +1,10 @@
@@ -178870,8 +182593,6 @@
*/
#include <stdio.h>
-diff --git a/test/rc5test.c b/test/rc5test.c
-index bb66154..6567bcb 100644
--- a/test/rc5test.c
+++ b/test/rc5test.c
@@ -1,58 +1,10 @@
@@ -178939,8 +182660,6 @@
*/
/*
-diff --git a/test/recipes/01-test_abort.t b/test/recipes/01-test_abort.t
-index 4a6cf97..2f121e2 100644
--- a/test/recipes/01-test_abort.t
+++ b/test/recipes/01-test_abort.t
@@ -1,4 +1,11 @@
@@ -178956,18 +182675,14 @@
use OpenSSL::Test;
-diff --git a/test/recipes/01-test_ordinals.t b/test/recipes/01-test_ordinals.t
-index 070181d..473d05b 100755
--- a/test/recipes/01-test_ordinals.t
-+++ b/test/recipes/01-test_ordinals.t
-@@ -1,56 +1,10 @@
++++ /dev/null
+@@ -1,104 +0,0 @@
-#!/usr/bin/perl
-# Written by Matt Caswell for the OpenSSL project.
-# ====================================================================
-# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
+-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
@@ -179016,16 +182731,72 @@
-# This product includes cryptographic software written by Eric Young
-# (eay at cryptsoft.com). This product includes software written by Tim
-# Hudson (tjh at cryptsoft.com).
+-
+-use strict;
+-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+-
+-setup("test_ordinals");
+-
+-plan tests => 2;
+-
+-ok(testordinals(srctop_file("util", "libcrypto.num")), "Test libcrypto.num");
+-ok(testordinals(srctop_file("util", "libssl.num")), "Test libssl.num");
+-
+-sub testordinals
+-{
+- my $filename = shift;
+- my $cnt = 0;
+- my $ret = 1;
+- my $qualifier = "";
+- my $newqual;
+- my $lastfunc = "";
+-
+- open(my $fh, '<', $filename);
+- while (my $line = <$fh>) {
+- my @tokens = split(/(?:\s+|\s*:\s*)/, $line);
+- #Check the line looks sane
+- if ($#tokens < 5 || $#tokens > 6) {
+- print STDERR "Invalid line:\n$line\n";
+- $ret = 0;
+- last;
+- }
+- if ($tokens[3] eq "NOEXIST") {
+- #Ignore this line
+- next;
+- }
+- #Some ordinals can be repeated, e.g. if one is VMS and another is !VMS
+- $newqual = $tokens[4];
+- $newqual =~ s/!//g;
+- if ($cnt > $tokens[1]
+- || ($cnt == $tokens[1] && ($qualifier ne $newqual
+- || $qualifier eq ""))) {
+- print STDERR "Invalid ordinal detected: ".$tokens[1]."\n";
+- $ret = 0;
+- last;
+- }
+- $cnt = $tokens[1];
+- $qualifier = $newqual;
+- $lastfunc = $tokens[0];
+- }
+- close($fh);
+-
+- return $ret;
+-}
+--- /dev/null
++++ b/test/recipes/01-test_sanity.t
+@@ -0,0 +1,12 @@
++#! /usr/bin/env perl
++# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT srctop_file/;
-diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-new file mode 100644
-index 0000000..32827f5
++
++
++use OpenSSL::Test::Simple;
++
++simple_test("test_sanity", "sanitytest");
--- /dev/null
+++ b/test/recipes/01-test_symbol_presence.t
@@ -0,0 +1,115 @@
@@ -179144,8 +182915,67 @@
+ "check that there are no missing symbols in lib$libname.so");
+ }
+}
-diff --git a/test/recipes/05-test_bf.t b/test/recipes/05-test_bf.t
-index 4794bf0..64c9609 100644
+--- /dev/null
++++ b/test/recipes/02-test_ordinals.t
+@@ -0,0 +1,58 @@
++#! /usr/bin/env perl
++# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++use OpenSSL::Test qw/:DEFAULT srctop_file/;
++
++setup("test_ordinals");
++
++plan tests => 2;
++
++ok(testordinals(srctop_file("util", "libcrypto.num")), "Test libcrypto.num");
++ok(testordinals(srctop_file("util", "libssl.num")), "Test libssl.num");
++
++sub testordinals
++{
++ my $filename = shift;
++ my $cnt = 0;
++ my $ret = 1;
++ my $qualifier = "";
++ my $newqual;
++ my $lastfunc = "";
++
++ open(my $fh, '<', $filename);
++ while (my $line = <$fh>) {
++ my @tokens = split(/(?:\s+|\s*:\s*)/, $line);
++ #Check the line looks sane
++ if ($#tokens < 5 || $#tokens > 6) {
++ print STDERR "Invalid line:\n$line\n";
++ $ret = 0;
++ last;
++ }
++ if ($tokens[3] eq "NOEXIST") {
++ #Ignore this line
++ next;
++ }
++ #Some ordinals can be repeated, e.g. if one is VMS and another is !VMS
++ $newqual = $tokens[4];
++ $newqual =~ s/!//g;
++ if ($cnt > $tokens[1]
++ || ($cnt == $tokens[1] && ($qualifier ne $newqual
++ || $qualifier eq ""))) {
++ print STDERR "Invalid ordinal detected: ".$tokens[1]."\n";
++ $ret = 0;
++ last;
++ }
++ $cnt = $tokens[1];
++ $qualifier = $newqual;
++ $lastfunc = $tokens[0];
++ }
++ close($fh);
++
++ return $ret;
++}
--- a/test/recipes/05-test_bf.t
+++ b/test/recipes/05-test_bf.t
@@ -1,4 +1,11 @@
@@ -179161,8 +182991,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_cast.t b/test/recipes/05-test_cast.t
-index 621e1ae..46c61da 100644
--- a/test/recipes/05-test_cast.t
+++ b/test/recipes/05-test_cast.t
@@ -1,4 +1,11 @@
@@ -179178,8 +183006,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_des.t b/test/recipes/05-test_des.t
-index 71de4b4..2e6a32b 100644
--- a/test/recipes/05-test_des.t
+++ b/test/recipes/05-test_des.t
@@ -1,4 +1,11 @@
@@ -179195,12 +183021,9 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_fuzz.t b/test/recipes/05-test_fuzz.t
-new file mode 100755
-index 0000000..ec5c5ad
--- /dev/null
+++ b/test/recipes/05-test_fuzz.t
-@@ -0,0 +1,33 @@
+@@ -0,0 +1,40 @@
+#!/usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -179214,10 +183037,17 @@
+
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
++use OpenSSL::Test::Utils;
+
+setup("test_fuzz");
+
-+my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'cms', 'conf', 'crl', 'ct', 'server', 'x509');
++my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'conf', 'crl', 'server', 'x509');
++if (!disabled("cms")) {
++ push @fuzzers, 'cms';
++}
++if (!disabled("ct")) {
++ push @fuzzers, 'ct';
++}
+plan tests => scalar @fuzzers;
+
+foreach my $f (@fuzzers) {
@@ -179234,8 +183064,6 @@
+ }
+ }
+}
-diff --git a/test/recipes/05-test_hmac.t b/test/recipes/05-test_hmac.t
-index ba7a92b..2059bcc 100644
--- a/test/recipes/05-test_hmac.t
+++ b/test/recipes/05-test_hmac.t
@@ -1,4 +1,11 @@
@@ -179251,8 +183079,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_idea.t b/test/recipes/05-test_idea.t
-index c43ba5c..ca2b767 100644
--- a/test/recipes/05-test_idea.t
+++ b/test/recipes/05-test_idea.t
@@ -1,4 +1,11 @@
@@ -179268,8 +183094,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_md2.t b/test/recipes/05-test_md2.t
-index 2175c5f..8781af0 100644
--- a/test/recipes/05-test_md2.t
+++ b/test/recipes/05-test_md2.t
@@ -1,4 +1,11 @@
@@ -179285,8 +183109,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_md4.t b/test/recipes/05-test_md4.t
-index 2337223..59a815b 100644
--- a/test/recipes/05-test_md4.t
+++ b/test/recipes/05-test_md4.t
@@ -1,4 +1,11 @@
@@ -179302,8 +183124,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_md5.t b/test/recipes/05-test_md5.t
-index e9331e2..3af4d55 100644
--- a/test/recipes/05-test_md5.t
+++ b/test/recipes/05-test_md5.t
@@ -1,4 +1,11 @@
@@ -179319,8 +183139,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_mdc2.t b/test/recipes/05-test_mdc2.t
-index 23e904c..181c90f 100644
--- a/test/recipes/05-test_mdc2.t
+++ b/test/recipes/05-test_mdc2.t
@@ -1,4 +1,11 @@
@@ -179336,8 +183154,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t
-index afa66a6..3b175fa 100644
--- a/test/recipes/05-test_rand.t
+++ b/test/recipes/05-test_rand.t
@@ -1,4 +1,11 @@
@@ -179353,8 +183169,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_rc2.t b/test/recipes/05-test_rc2.t
-index 423b3b7..77d9382 100644
--- a/test/recipes/05-test_rc2.t
+++ b/test/recipes/05-test_rc2.t
@@ -1,4 +1,10 @@
@@ -179369,8 +183183,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_rc4.t b/test/recipes/05-test_rc4.t
-index a16455f..a26c9b8 100644
--- a/test/recipes/05-test_rc4.t
+++ b/test/recipes/05-test_rc4.t
@@ -1,4 +1,10 @@
@@ -179385,8 +183197,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_rc5.t b/test/recipes/05-test_rc5.t
-index 4c5390a..fda0cd2 100644
--- a/test/recipes/05-test_rc5.t
+++ b/test/recipes/05-test_rc5.t
@@ -1,4 +1,11 @@
@@ -179402,8 +183212,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_rmd.t b/test/recipes/05-test_rmd.t
-index 7ad91c4..b1112e1 100644
--- a/test/recipes/05-test_rmd.t
+++ b/test/recipes/05-test_rmd.t
@@ -1,4 +1,11 @@
@@ -179419,8 +183227,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_sha1.t b/test/recipes/05-test_sha1.t
-index 310022e..21bb74e 100644
--- a/test/recipes/05-test_sha1.t
+++ b/test/recipes/05-test_sha1.t
@@ -1,4 +1,11 @@
@@ -179436,8 +183242,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_sha256.t b/test/recipes/05-test_sha256.t
-index 02058c7..071a45c 100644
--- a/test/recipes/05-test_sha256.t
+++ b/test/recipes/05-test_sha256.t
@@ -1,4 +1,11 @@
@@ -179453,8 +183257,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_sha512.t b/test/recipes/05-test_sha512.t
-index 6522ddd..4ce585c 100644
--- a/test/recipes/05-test_sha512.t
+++ b/test/recipes/05-test_sha512.t
@@ -1,4 +1,11 @@
@@ -179470,8 +183272,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/05-test_wp.t b/test/recipes/05-test_wp.t
-index e745f23..a042898 100644
--- a/test/recipes/05-test_wp.t
+++ b/test/recipes/05-test_wp.t
@@ -1,4 +1,11 @@
@@ -179487,8 +183287,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/10-test_bn.t b/test/recipes/10-test_bn.t
-index 7e728f4..13f278e 100644
--- a/test/recipes/10-test_bn.t
+++ b/test/recipes/10-test_bn.t
@@ -1,4 +1,11 @@
@@ -179504,7 +183302,7 @@
use strict;
use warnings;
-@@ -57,7 +64,9 @@ my $init = ok(run(test(["bntest"], stdout => $testresults)), 'initialize');
+@@ -57,7 +64,9 @@ my $init = ok(run(test(["bntest"], stdou
last unless $l;
}
};
@@ -179515,8 +183313,6 @@
sub check_operations {
my $failcount = 0;
-diff --git a/test/recipes/10-test_exp.t b/test/recipes/10-test_exp.t
-index b8083e7..7e999c4 100644
--- a/test/recipes/10-test_exp.t
+++ b/test/recipes/10-test_exp.t
@@ -1,4 +1,11 @@
@@ -179532,8 +183328,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/15-test_dh.t b/test/recipes/15-test_dh.t
-index 35e9564..60cb54c 100644
--- a/test/recipes/15-test_dh.t
+++ b/test/recipes/15-test_dh.t
@@ -1,4 +1,11 @@
@@ -179549,8 +183343,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/15-test_dsa.t b/test/recipes/15-test_dsa.t
-index 22f971c..bf3b0d3 100644
--- a/test/recipes/15-test_dsa.t
+++ b/test/recipes/15-test_dsa.t
@@ -1,4 +1,11 @@
@@ -179566,8 +183358,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
-index 48b8ce8..a1c704a 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -1,4 +1,11 @@
@@ -179583,8 +183373,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/15-test_ecdh.t b/test/recipes/15-test_ecdh.t
-index acccea8..f11cd06 100644
--- a/test/recipes/15-test_ecdh.t
+++ b/test/recipes/15-test_ecdh.t
@@ -1,4 +1,11 @@
@@ -179600,8 +183388,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/15-test_ecdsa.t b/test/recipes/15-test_ecdsa.t
-index 992bb96..82a8559 100644
--- a/test/recipes/15-test_ecdsa.t
+++ b/test/recipes/15-test_ecdsa.t
@@ -1,4 +1,11 @@
@@ -179617,8 +183403,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
-index 42bba1d..07746f4 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -1,4 +1,11 @@
@@ -179634,8 +183418,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t
-index 2efcf70..88a5890 100644
--- a/test/recipes/20-test_enc.t
+++ b/test/recipes/20-test_enc.t
@@ -1,4 +1,11 @@
@@ -179651,8 +183433,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
-index 8650bfc..f708ea8 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -1,4 +1,11 @@
@@ -179668,8 +183448,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/25-test_d2i.t b/test/recipes/25-test_d2i.t
-index a9c259d..77afe3f 100644
--- a/test/recipes/25-test_d2i.t
+++ b/test/recipes/25-test_d2i.t
@@ -1,4 +1,11 @@
@@ -179685,7 +183463,7 @@
use strict;
use warnings;
-@@ -8,12 +15,67 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+@@ -8,12 +15,67 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
setup("test_d2i");
@@ -179756,9 +183534,6 @@
+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
+ srctop_file('test','d2i-tests','bad-int-padminus1.der')])),
+ "Running d2i_test bad-int-padminus1.der INTEGER");
-diff --git a/test/recipes/25-test_gen.t b/test/recipes/25-test_gen.t
-deleted file mode 100644
-index ce4a5ee..0000000
--- a/test/recipes/25-test_gen.t
+++ /dev/null
@@ -1,44 +0,0 @@
@@ -179806,8 +183581,6 @@
- "-verify", "-in", "testreq.pem", "-noout"])),
- "Verifying signature on request");
-};
-diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
-index 6e9b397..724326b 100644
--- a/test/recipes/25-test_pkcs7.t
+++ b/test/recipes/25-test_pkcs7.t
@@ -1,4 +1,11 @@
@@ -179823,8 +183596,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
-index fac9771..bcc1025 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -1,23 +1,56 @@
@@ -179897,8 +183668,6 @@
}
close DATA;
unlink "req-check.err";
-diff --git a/test/recipes/25-test_sid.t b/test/recipes/25-test_sid.t
-index 84444b3..b13cb5c 100644
--- a/test/recipes/25-test_sid.t
+++ b/test/recipes/25-test_sid.t
@@ -1,4 +1,11 @@
@@ -179914,8 +183683,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index e025739..5cc5ce8 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -1,4 +1,11 @@
@@ -179936,11 +183703,11 @@
}
-plan tests => 101;
-+plan tests => 108;
++plan tests => 121;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -215,6 +222,28 @@ ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
+@@ -215,6 +222,28 @@ ok(verify("ee-client", "sslclient", [qw(
ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
"reject direct match with client mistrust");
@@ -179969,8 +183736,51 @@
# Security level tests
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"accept RSA 2048 chain at auth level 2");
-diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
-index 1572a06..98a8d32 100644
+@@ -258,3 +287,44 @@ ok(!verify("ee-cert", "sslserver", ["roo
+ "accept chain with verify_depth 0");
+ ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-verify_depth", "0"),
+ "accept md5 intermediate TA with verify_depth 0");
++
++# Name Constraints tests.
++
++ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints everything permitted");
++
++ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
++ "Name Constraints nothing excluded");
++
++ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
++ "Name Constraints nested test all permitted");
++
++ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints hostname not permitted");
++
++ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
++ "Name Constraints hostname excluded");
++
++ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints email address not permitted");
++
++ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints subject email address not permitted");
++
++ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints IP address not permitted");
++
++ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints CN hostname not permitted");
++
++ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
++ "Name Constraints CN BMPSTRING hostname not permitted");
++
++ok(!verify("badalt8-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
++ "Name constaints nested DNS name not permitted 1");
++
++ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
++ "Name constaints nested DNS name not permitted 2");
++
++ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
++ "Name constaints nested DNS name excluded");
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -1,4 +1,11 @@
@@ -179986,7 +183796,7 @@
use strict;
use warnings;
-@@ -8,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+@@ -8,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
setup("test_x509");
@@ -179995,7 +183805,7 @@
require_ok(srctop_file('test','recipes','tconversion.pl'));
-@@ -21,3 +28,7 @@ subtest 'x509 -- first x.509 v3 certificate' => sub {
+@@ -21,3 +28,7 @@ subtest 'x509 -- first x.509 v3 certific
subtest 'x509 -- second x.509 v3 certificate' => sub {
tconversion("x509", srctop_file("test","v3-cert2.pem"));
};
@@ -180003,8 +183813,6 @@
+subtest 'x509 -- pathlen' => sub {
+ ok(run(test(["v3ext", srctop_file("test/certs", "pathlen.pem")])));
+}
-diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t
-index e28bccb..c8cb67b 100644
--- a/test/recipes/30-test_afalg.t
+++ b/test/recipes/30-test_afalg.t
@@ -1,55 +1,10 @@
@@ -180069,8 +183877,6 @@
use strict;
use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
-diff --git a/test/recipes/30-test_engine.t b/test/recipes/30-test_engine.t
-index c097b6f..03c96cd 100644
--- a/test/recipes/30-test_engine.t
+++ b/test/recipes/30-test_engine.t
@@ -1,4 +1,11 @@
@@ -180086,8 +183892,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
-index 9ee24f4..c277fcd 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -1,4 +1,11 @@
@@ -180103,8 +183907,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t
-index 0f90b21..9a656b0 100644
--- a/test/recipes/30-test_evp_extra.t
+++ b/test/recipes/30-test_evp_extra.t
@@ -1,4 +1,11 @@
@@ -180120,8 +183922,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/30-test_pbelu.t b/test/recipes/30-test_pbelu.t
-index 635fb69..38b2d48 100644
--- a/test/recipes/30-test_pbelu.t
+++ b/test/recipes/30-test_pbelu.t
@@ -1,4 +1,11 @@
@@ -180137,8 +183937,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t
-index dd7f4ac..fa05ca0 100644
--- a/test/recipes/40-test_rehash.t
+++ b/test/recipes/40-test_rehash.t
@@ -1,4 +1,11 @@
@@ -180175,9 +183973,6 @@
my @destfiles = ();
foreach (@sourcefiles) {
copy($_, curdir());
-diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t
-new file mode 100644
-index 0000000..c26f757
--- /dev/null
+++ b/test/recipes/70-test_asyncio.t
@@ -0,0 +1,22 @@
@@ -180203,8 +183998,6 @@
+
+ok(run(test(["asynciotest", srctop_file("apps", "server.pem"),
+ srctop_file("apps", "server.pem")])), "running asynciotest");
-diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t
-index 2032d6d..ef0868f 100644
--- a/test/recipes/70-test_clienthello.t
+++ b/test/recipes/70-test_clienthello.t
@@ -1,4 +1,11 @@
@@ -180220,8 +184013,6 @@
use OpenSSL::Test;
use OpenSSL::Test::Utils;
-diff --git a/test/recipes/70-test_packet.t b/test/recipes/70-test_packet.t
-index b1609d5..9bc6515 100644
--- a/test/recipes/70-test_packet.t
+++ b/test/recipes/70-test_packet.t
@@ -1,4 +1,11 @@
@@ -180237,8 +184028,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t
-index 298f6da..f700f92 100755
--- a/test/recipes/70-test_sslcertstatus.t
+++ b/test/recipes/70-test_sslcertstatus.t
@@ -1,56 +1,10 @@
@@ -180304,7 +184093,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -72,6 +26,9 @@ plan skip_all => "$test_name needs the sock feature enabled"
+@@ -72,6 +26,9 @@ plan skip_all => "$test_name needs the s
plan skip_all => "$test_name needs the ocsp feature enabled"
if disabled("ocsp");
@@ -180331,8 +184120,6 @@
ok(TLSProxy::Message->success, "Missing CertificateStatus message");
sub certstatus_filter
-diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t
-index 7d45ce2..7f69f64 100755
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -1,56 +1,10 @@
@@ -180398,7 +184185,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -69,6 +23,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
+@@ -69,6 +23,9 @@ plan skip_all => "$test_name needs the d
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
@@ -180421,14 +184208,11 @@
ok(TLSProxy::Message->success, "Zero extension length test");
sub extension_filter
-@@ -154,4 +110,3 @@ $proxy->clear();
+@@ -154,4 +110,3 @@ ok(TLSProxy::Message->fail(), "Duplicate
$proxy->filter(\&inject_duplicate_extension_serverhello);
$proxy->start();
ok(TLSProxy::Message->fail(), "Duplicate ServerHello extension");
-
-diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
-new file mode 100644
-index 0000000..94aabdc
--- /dev/null
+++ b/test/recipes/70-test_sslrecords.t
@@ -0,0 +1,140 @@
@@ -180457,8 +184241,8 @@
+plan skip_all => "$test_name needs the sock feature enabled"
+ if disabled("sock");
+
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
++plan skip_all => "$test_name needs TLSv1.2 enabled"
++ if disabled("tls1_2");
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
@@ -180572,8 +184356,6 @@
+ );
+ push @{$proxy->record_list}, $record;
+}
-diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
-index cbd4c65..89ef12f 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -1,56 +1,10 @@
@@ -180639,7 +184421,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -70,6 +24,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
+@@ -70,6 +24,9 @@ plan skip_all => "$test_name needs the d
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
@@ -180664,7 +184446,7 @@
checkmessages(1, "Default session ticket test", 1, 1, 1, 1);
#Test 2: If the server does not accept tickets we should get a normal handshake
-@@ -118,7 +74,7 @@ checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
+@@ -118,7 +74,7 @@ checkmessages(3, "No client support sess
#Expected result: ClientHello extension seen; ServerHello extension not seen
# NewSessionTicket message not seen; Abbreviated handshake
clearall();
@@ -180673,7 +184455,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
-@@ -126,12 +82,13 @@ $proxy->clearClient();
+@@ -126,12 +82,13 @@ clearall();
$proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
@@ -180688,7 +184470,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session." -no_ticket");
$proxy->start();
-@@ -140,6 +97,7 @@ $proxy->clientflags("-sess_in ".$session);
+@@ -140,6 +97,7 @@ clearall();
$proxy->clientstart();
checkmessages(5, "Session resumption with ticket capable client without a "
."ticket", 1, 1, 1, 0);
@@ -180696,7 +184478,7 @@
#Test 6: Client accepts empty ticket.
#Expected result: ClientHello extension seen; ServerHello extension seen;
-@@ -151,7 +109,7 @@ checkmessages(6, "Empty ticket test", 1, 1, 1, 1);
+@@ -151,7 +109,7 @@ checkmessages(6, "Empty ticket test", 1
#Test 7-8: Client keeps existing ticket on empty ticket.
clearall();
@@ -180705,7 +184487,7 @@
$proxy->serverconnects(3);
$proxy->filter(undef);
$proxy->clientflags("-sess_out ".$session);
-@@ -170,7 +128,25 @@ $proxy->clientstart();
+@@ -170,7 +128,25 @@ clearclient();
#Expected result: ClientHello extension seen; ServerHello extension not seen;
# NewSessionTicket message not seen; Abbreviated handshake.
checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
@@ -180758,8 +184540,6 @@
sub checkmessages($$$$$$)
{
my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_;
-diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t
-index ac88ed5..bfdee8b 100755
--- a/test/recipes/70-test_sslskewith0p.t
+++ b/test/recipes/70-test_sslskewith0p.t
@@ -1,56 +1,10 @@
@@ -180825,7 +184605,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -72,6 +26,9 @@ plan skip_all => "dh is not supported by this OpenSSL build"
+@@ -72,6 +26,9 @@ plan skip_all => "dh is not supported by
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
@@ -180851,8 +184631,6 @@
ok(TLSProxy::Message->fail, "ServerKeyExchange with 0 p");
sub ske_0_p_filter
-diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t
-index c1ec38f..f8c94e9 100755
--- a/test/recipes/70-test_sslvertol.t
+++ b/test/recipes/70-test_sslvertol.t
@@ -1,56 +1,10 @@
@@ -180918,7 +184696,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -69,6 +23,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
+@@ -69,6 +23,9 @@ plan skip_all => "$test_name needs the d
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
@@ -180942,8 +184720,6 @@
ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3");
#Test 2: Testing something below SSLv3 should fail
-diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
-index 24abfcf..1248594 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -1,56 +1,10 @@
@@ -181009,7 +184785,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -70,6 +24,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
+@@ -70,6 +24,9 @@ plan skip_all => "$test_name needs the d
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
@@ -181037,7 +184813,7 @@
checkmessages(1, "Default extended master secret test", 1, 1, 1);
#Test 2: If client omits extended master secret extension, server should too.
-@@ -134,7 +90,7 @@ checkmessages(2, "No ticket, no client extension extended master secret test", 0
+@@ -134,7 +90,7 @@ checkmessages(2, "No ticket, no client e
clearall();
setrmextms(0, 0);
@@ -181046,7 +184822,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
-@@ -142,6 +98,7 @@ $proxy->clearClient();
+@@ -142,6 +98,7 @@ setrmextms(0, 0);
$proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
@@ -181054,7 +184830,7 @@
#Test 6: Session resumption extended master secret test original session
# omits extension. Server must not resume session.
-@@ -150,7 +107,7 @@ checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
+@@ -150,7 +107,7 @@ checkmessages(5, "Session resumption ext
clearall();
setrmextms(1, 0);
@@ -181063,7 +184839,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
-@@ -159,6 +116,7 @@ $proxy->clientflags("-sess_in ".$session);
+@@ -159,6 +116,7 @@ setrmextms(1, 0);
setrmextms(0, 0);
$proxy->clientstart();
checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
@@ -181071,7 +184847,7 @@
#Test 7: Session resumption extended master secret test resumed session
# omits client extension. Server must abort connection.
-@@ -166,7 +124,7 @@ checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
+@@ -166,7 +124,7 @@ checkmessages(6, "Session resumption ext
clearall();
setrmextms(0, 0);
@@ -181080,7 +184856,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
-@@ -175,6 +133,7 @@ $proxy->clientflags("-sess_in ".$session);
+@@ -175,6 +133,7 @@ setrmextms(0, 0);
setrmextms(1, 0);
$proxy->clientstart();
ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
@@ -181088,7 +184864,7 @@
#Test 8: Session resumption extended master secret test resumed session
# omits server extension. Client must abort connection.
-@@ -182,7 +141,7 @@ ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
+@@ -182,7 +141,7 @@ ok(TLSProxy::Message->fail(), "Client in
clearall();
setrmextms(0, 0);
@@ -181097,7 +184873,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
-@@ -191,6 +150,7 @@ $proxy->clientflags("-sess_in ".$session);
+@@ -191,6 +150,7 @@ setrmextms(0, 0);
setrmextms(0, 1);
$proxy->clientstart();
ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
@@ -181105,7 +184881,7 @@
#Test 9: Session resumption extended master secret test initial session
# omits server extension. Client must abort connection.
-@@ -198,7 +158,7 @@ ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
+@@ -198,7 +158,7 @@ ok(TLSProxy::Message->fail(), "Server in
clearall();
setrmextms(0, 1);
@@ -181114,7 +184890,7 @@
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
-@@ -207,6 +167,7 @@ $proxy->clientflags("-sess_in ".$session);
+@@ -207,6 +167,7 @@ setrmextms(0, 1);
setrmextms(0, 0);
$proxy->clientstart();
ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
@@ -181122,8 +184898,6 @@
sub extms_filter
{
-diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t
-index 8c213e8..79a33cd 100644
--- a/test/recipes/70-test_verify_extra.t
+++ b/test/recipes/70-test_verify_extra.t
@@ -1,4 +1,11 @@
@@ -181139,8 +184913,6 @@
use OpenSSL::Test qw/:DEFAULT srctop_file/;
-diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
-index 09d5ba6..f4c01d5 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -1,4 +1,11 @@
@@ -181186,9 +184958,6 @@
sub yes {
-diff --git a/test/recipes/80-test_cipherlist.t b/test/recipes/80-test_cipherlist.t
-new file mode 100644
-index 0000000..98d537e
--- /dev/null
+++ b/test/recipes/80-test_cipherlist.t
@@ -0,0 +1,26 @@
@@ -181218,8 +184987,6 @@
+ if $no_anytls;
+
+simple_test("test_cipherlist", "cipherlist_test", "cipherlist");
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 645f37a..40fcf7c 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -1,4 +1,11 @@
@@ -181235,8 +185002,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t
-index 9685b95..9c717b2 100644
--- a/test/recipes/80-test_ct.t
+++ b/test/recipes/80-test_ct.t
@@ -1,4 +1,11 @@
@@ -181252,8 +185017,6 @@
use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/80-test_dane.t b/test/recipes/80-test_dane.t
-index 6436735..527e663 100644
--- a/test/recipes/80-test_dane.t
+++ b/test/recipes/80-test_dane.t
@@ -1,4 +1,11 @@
@@ -181269,8 +185032,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/80-test_dtlsv1listen.t b/test/recipes/80-test_dtlsv1listen.t
-index e7371ca..dd1bb35 100644
--- a/test/recipes/80-test_dtlsv1listen.t
+++ b/test/recipes/80-test_dtlsv1listen.t
@@ -1,4 +1,11 @@
@@ -181286,8 +185047,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
-index ae4bf85..103a7ae 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -1,4 +1,11 @@
@@ -181303,8 +185062,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
-index abb6528..a024753 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -1,10 +1,18 @@
@@ -181327,20 +185084,26 @@
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
-@@ -13,31 +21,48 @@ setup("test_ssl_new");
+@@ -13,31 +21,54 @@ setup("test_ssl_new");
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf"));
-my @conf_files = map {basename($_)} @conf_srcs;
+-
+-# 02-protocol-version.conf test results depend on the configuration of enabled
+-# protocols. We only verify generated sources in the default configuration.
+-my $is_default = (disabled("ssl3") && !disabled("tls1") &&
+- !disabled("tls1_1") && !disabled("tls1_2"));
+-
+-my %conf_dependent_tests = ("02-protocol-version.conf" => 1);
+my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+map { s/;.*// } @conf_srcs if $^O eq "VMS";
+my @conf_files = map { basename($_) } @conf_srcs;
+map { s/\.in// } @conf_files;
+
-+# 02-protocol-version.conf test and 05-dtls-protocol-version.conf results
-+# depend on the configuration of enabled protocols. We only verify generated
-+# sources in the default configuration.
++# Some test results depend on the configuration of enabled protocols. We only
++# verify generated sources in the default configuration.
+my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
+ !disabled("tls1_1") && !disabled("tls1_2"));
+
@@ -181348,20 +185111,22 @@
+
+my $no_tls = alldisabled(available_protocols("tls"));
+my $no_dtls = alldisabled(available_protocols("dtls"));
-
--# 02-protocol-version.conf test results depend on the configuration of enabled
--# protocols. We only verify generated sources in the default configuration.
--my $is_default = (disabled("ssl3") && !disabled("tls1") &&
-- !disabled("tls1_1") && !disabled("tls1_2"));
++my $no_npn = disabled("nextprotoneg");
++
+my %conf_dependent_tests = (
+ "02-protocol-version.conf" => !$is_default_tls,
-+ "05-dtls-protocol-version.conf" => !$is_default_dtls,
++ "04-client_auth.conf" => !$is_default_tls,
++ "07-dtls-protocol-version.conf" => !$is_default_dtls,
++ "10-resumption.conf" => !$is_default_tls,
++ "11-dtls_resumption.conf" => !$is_default_dtls,
+);
-
--my %conf_dependent_tests = ("02-protocol-version.conf" => 1);
++
+# Default is $no_tls but some tests have different skip conditions.
+my %skip = (
-+ "05-dtls-protocol-version.conf" => $no_dtls,
++ "07-dtls-protocol-version.conf" => $no_dtls,
++ "08-npn.conf" => $no_tls || $no_npn,
++ "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
++ "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
+);
foreach my $conf (@conf_files) {
@@ -181376,7 +185141,7 @@
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 2; # = scalar @conf_files
-+plan tests => 7; # = scalar @conf_srcs
++plan tests => 11; # = scalar @conf_srcs
sub test_conf {
plan tests => 3;
@@ -181386,7 +185151,7 @@
my $conf_file = srctop_file("test", "ssl-tests", $conf);
my $tmp_file = "${conf}.$$.tmp";
-@@ -63,8 +88,7 @@ sub test_conf {
+@@ -63,8 +94,7 @@ sub test_conf {
}
# Test 3. Run the test.
@@ -181396,8 +185161,6 @@
skip "Stale sources; skipping tests", 1 if !$run_test;
ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index 879ab7f..becfbae 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -1,10 +1,17 @@
@@ -181436,7 +185199,7 @@
- + 14 # For the first testssl
- + 16 # For the first testsslproxy
- + 16 # For the second testsslproxy
-+ + 12 # For the first testssl
++ +9 # For the first testssl
;
subtest 'test_ss' => sub {
@@ -181513,12 +185276,11 @@
subtest 'standard SSL tests' => sub {
######################################################################
- plan tests => 29;
-+ plan tests => 21;
-
- SKIP: {
- skip "SSLv3 is not supported by this OpenSSL build", 4
- if disabled("ssl3");
-
+-
+- SKIP: {
+- skip "SSLv3 is not supported by this OpenSSL build", 4
+- if disabled("ssl3");
+-
- ok(run(test([@ssltest, "-ssl3", @extra])),
- 'test sslv3');
- ok(run(test([@ssltest, "-ssl3", "-server_auth", @CA, @extra])),
@@ -181542,11 +185304,12 @@
- ok(run(test([@ssltest, "-server_auth", "-client_auth", @CA, @extra])),
- 'test sslv2/sslv3 with both server and client authentication');
- }
--
-- SKIP: {
-- skip "SSLv3 is not supported by this OpenSSL build", 4
-- if disabled("ssl3");
--
++ plan tests => 21;
+
+ SKIP: {
+ skip "SSLv3 is not supported by this OpenSSL build", 4
+ if disabled("ssl3");
+
- ok(run(test([@ssltest, "-bio_pair", "-ssl3", @extra])),
+ ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
'test sslv3 via BIO pair');
@@ -181685,8 +185448,31 @@
'test tls1 with PSK via BIO pair');
}
}
-@@ -613,25 +579,6 @@ sub testssl {
+@@ -563,19 +529,14 @@ sub testssl {
+ subtest 'Next Protocol Negotiation Tests' => sub {
+ ######################################################################
+
+- plan tests => 7;
++ plan tests => 2;
+
+ SKIP: {
+- skip "TLSv1.0 is not supported by this OpenSSL build", 7
++ skip "TLSv1.0 is not supported by this OpenSSL build", 2
+ if $no_tls1;
+- skip "Next Protocol Negotiation is not supported by this OpenSSL build", 7
++ skip "Next Protocol Negotiation is not supported by this OpenSSL build", 2
+ if disabled("nextprotoneg");
+
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_server"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_server_reject"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server_reject"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server"])));
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2"])));
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2", "-reuse"])));
}
+@@ -613,66 +574,6 @@ sub testssl {
+ }
};
- subtest 'SNI tests' => sub {
@@ -181708,10 +185494,51 @@
- }
- };
-
- subtest 'ALPN tests' => sub {
- ######################################################################
+- subtest 'ALPN tests' => sub {
+- ######################################################################
+-
+- plan tests => 13;
+-
+- SKIP: {
+- skip "TLSv1.0 is not supported by this OpenSSL build", 13
+- if $no_tls1;
+-
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_server", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo", "-alpn_server", "foo", "-alpn_expected", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo,bar", "-alpn_server", "foo", "-alpn_expected", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "bar,foo", "-alpn_server", "foo", "-alpn_expected", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "bar,foo", "-alpn_server", "foo,bar", "-alpn_expected", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "bar,foo", "-alpn_server", "bar,foo", "-alpn_expected", "bar"])));
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo,bar", "-alpn_server", "bar,foo", "-alpn_expected", "bar"])));
+-
+- is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo", "-alpn_server", "bar"])), 0,
+- "Testing ALPN with protocol mismatch, expecting failure");
+- is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "baz", "-alpn_server", "bar,foo"])), 0,
+- "Testing ALPN with protocol mismatch, expecting failure");
+-
+- # ALPN + SNI
+- ok(run(test([@ssltest, "-bio_pair",
+- "-alpn_client", "foo,bar", "-sn_client", "alice",
+- "-alpn_server1", "foo,123", "-sn_server1", "alice",
+- "-alpn_server2", "bar,456", "-sn_server2", "bob",
+- "-alpn_expected", "foo"])));
+- ok(run(test([@ssltest, "-bio_pair",
+- "-alpn_client", "foo,bar", "-sn_client", "bob",
+- "-alpn_server1", "foo,123", "-sn_server1", "alice",
+- "-alpn_server2", "bar,456", "-sn_server2", "bob",
+- "-alpn_expected", "bar"])));
+- ok(run(test([@ssltest, "-bio_pair",
+- "-alpn_client", "foo,bar", "-sn_client", "bob",
+- "-alpn_server2", "bar,456", "-sn_server2", "bob",
+- "-alpn_expected", "bar"])));
+- }
+- };
+-
+ subtest 'SRP tests' => sub {
-@@ -705,7 +652,7 @@ sub testssl {
+ plan tests => 4;
+@@ -705,7 +606,7 @@ sub testssl {
if $no_anytls;
skip "skipping multi-buffer tests", 2
@@ -181720,7 +185547,7 @@
ok(run(test([@ssltest, "-cipher", "AES128-SHA", "-bytes", "8m"])));
-@@ -717,53 +664,6 @@ sub testssl {
+@@ -717,99 +618,6 @@ sub testssl {
}
};
@@ -181771,19 +185598,56 @@
- }}}}}
- };
-
- subtest 'TLS session reuse' => sub {
- plan tests => 12;
-
-@@ -790,7 +690,7 @@ sub testssl {
- subtest 'DTLS session reuse' => sub {
- plan tests => 12;
- SKIP: {
+- subtest 'TLS session reuse' => sub {
+- plan tests => 12;
+-
+- SKIP: {
+- skip "TLS1.1 or TLS1.2 disabled", 12 if $no_tls1_1 || $no_tls1_2;
+- ok(run(test([@ssltest, "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.2"])));
+- ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.1"])));
+-
+- ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.1"])));
+- ok(run(test([@ssltest, "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.2"])));
+-
+- ok(run(test([@ssltest, "-no_ticket", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.2"])));
+- ok(run(test([@ssltest, "-no_ticket", "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.1"])));
+-
+- ok(run(test([@ssltest, "-no_ticket", "-server_max_proto", "tls1.1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-no_ticket", "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.1"])));
+- ok(run(test([@ssltest, "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.2"])));
+- }
+- };
+-
+- subtest 'DTLS session reuse' => sub {
+- plan tests => 12;
+- SKIP: {
- skip "DTLS disabled", 12 if $no_dtls;
-+ skip "DTLS1.0 or DTLS1.2 disabled", 12 if $no_dtls1 || $no_dtls1_2;
+-
+- ok(run(test([@ssltest, "-dtls", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-dtls", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1.2"])));
+- ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1"])));
+-
+- ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1"])));
+- ok(run(test([@ssltest, "-dtls", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1.2"])));
+-
+- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1.2"])));
+- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1"])));
+-
+- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_max_proto", "dtls1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1"])));
+- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1.2"])));
+- }
+- };
+-
+ subtest 'Certificate Transparency tests' => sub {
+ ######################################################################
- ok(run(test([@ssltest, "-dtls", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
- ok(run(test([@ssltest, "-dtls", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1.2"])));
-@@ -833,76 +733,40 @@ sub testssl {
+@@ -833,76 +641,40 @@ sub testssl {
};
}
@@ -181793,11 +185657,44 @@
- my $CAtmp = shift;
- my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
- my @extra = @_;
--
++unlink $CAkey;
++unlink $CAcert;
++unlink $CAserial;
++unlink $CAreq;
++unlink $CAreq2;
++
++unlink $Ukey;
++unlink $Ureq;
++unlink $Ucert;
++unlink basename($Ucert, '.ss').'.srl';
++
++unlink $Dkey;
++unlink $Dreq;
++unlink $Dcert;
++
++unlink $Ekey;
++unlink $Ereq;
++unlink $Ecert;
++
++unlink $P1key;
++unlink $P1req;
++unlink $P1cert;
++unlink basename($P1cert, '.ss').'.srl';
++unlink $P1intermediate;
++unlink "intP1.ss";
++
++unlink $P2key;
++unlink $P2req;
++unlink $P2cert;
++unlink $P2intermediate;
++unlink "intP2.ss";
+
- my @ssltest = ("ssltest_old",
- "-s_key", $key, "-s_cert", $cert,
- "-c_key", $key, "-c_cert", $cert);
--
++unlink "ecp.ss";
++unlink "err.ss";
+
- # plan tests => 16;
-
- note('Testing a lot of proxy conditions.');
@@ -181860,45 +185757,8 @@
- }
- }
-}
-+unlink $CAkey;
-+unlink $CAcert;
-+unlink $CAserial;
-+unlink $CAreq;
-+unlink $CAreq2;
-+
-+unlink $Ukey;
-+unlink $Ureq;
-+unlink $Ucert;
-+unlink basename($Ucert, '.ss').'.srl';
-+
-+unlink $Dkey;
-+unlink $Dreq;
-+unlink $Dcert;
-+
-+unlink $Ekey;
-+unlink $Ereq;
-+unlink $Ecert;
-+
-+unlink $P1key;
-+unlink $P1req;
-+unlink $P1cert;
-+unlink basename($P1cert, '.ss').'.srl';
-+unlink $P1intermediate;
-+unlink "intP1.ss";
-+
-+unlink $P2key;
-+unlink $P2req;
-+unlink $P2cert;
-+unlink $P2intermediate;
-+unlink "intP2.ss";
-+
-+unlink "ecp.ss";
-+unlink "err.ss";
-+
+unlink $server_sess;
+unlink $client_sess;
-diff --git a/test/recipes/80-test_ssl_test_ctx.t b/test/recipes/80-test_ssl_test_ctx.t
-index 210e4e8..c593491 100644
--- a/test/recipes/80-test_ssl_test_ctx.t
+++ b/test/recipes/80-test_ssl_test_ctx.t
@@ -1,4 +1,11 @@
@@ -181914,8 +185774,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t
-index f2ceeeb..cf3378b 100644
--- a/test/recipes/80-test_tsa.t
+++ b/test/recipes/80-test_tsa.t
@@ -1,4 +1,11 @@
@@ -181931,9 +185789,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/80-test_x509aux.t b/test/recipes/80-test_x509aux.t
-new file mode 100644
-index 0000000..65ba5fc
--- /dev/null
+++ b/test/recipes/80-test_x509aux.t
@@ -0,0 +1,27 @@
@@ -181964,8 +185819,6 @@
+ srctop_file("test", "certs", "root-anyEKU.pem"),
+ srctop_file("test", "certs", "root-cert.pem")]
+ )), "x509aux tests");
-diff --git a/test/recipes/90-test_async.t b/test/recipes/90-test_async.t
-index dfee578..e0f1870 100644
--- a/test/recipes/90-test_async.t
+++ b/test/recipes/90-test_async.t
@@ -1,4 +1,11 @@
@@ -181981,9 +185834,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_bioprint.t b/test/recipes/90-test_bioprint.t
-new file mode 100644
-index 0000000..b86e828
--- /dev/null
+++ b/test/recipes/90-test_bioprint.t
@@ -0,0 +1,12 @@
@@ -181999,8 +185849,6 @@
+use OpenSSL::Test::Simple;
+
+simple_test("test_bioprint", "bioprinttest");
-diff --git a/test/recipes/90-test_constant_time.t b/test/recipes/90-test_constant_time.t
-index cfdb578..6fa73bf 100644
--- a/test/recipes/90-test_constant_time.t
+++ b/test/recipes/90-test_constant_time.t
@@ -1,4 +1,11 @@
@@ -182016,8 +185864,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_gmdiff.t b/test/recipes/90-test_gmdiff.t
-index 115445e..f2cce41 100644
--- a/test/recipes/90-test_gmdiff.t
+++ b/test/recipes/90-test_gmdiff.t
@@ -1,4 +1,11 @@
@@ -182033,8 +185879,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_heartbeat.t b/test/recipes/90-test_heartbeat.t
-index a139c9a..90d6a67 100644
--- a/test/recipes/90-test_heartbeat.t
+++ b/test/recipes/90-test_heartbeat.t
@@ -1,4 +1,11 @@
@@ -182050,8 +185894,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_ige.t b/test/recipes/90-test_ige.t
-index f008350..2ab4bd2 100644
--- a/test/recipes/90-test_ige.t
+++ b/test/recipes/90-test_ige.t
@@ -1,4 +1,11 @@
@@ -182067,8 +185909,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_memleak.t b/test/recipes/90-test_memleak.t
-index bc72f2e..52357c7 100644
--- a/test/recipes/90-test_memleak.t
+++ b/test/recipes/90-test_memleak.t
@@ -1,4 +1,11 @@
@@ -182084,9 +185924,6 @@
use OpenSSL::Test;
-diff --git a/test/recipes/90-test_networking.t b/test/recipes/90-test_networking.t
-deleted file mode 100644
-index 85de81a..0000000
--- a/test/recipes/90-test_networking.t
+++ /dev/null
@@ -1,113 +0,0 @@
@@ -182203,25 +186040,14 @@
-
- 1;
-}
-diff --git a/test/recipes/90-test_np.t b/test/recipes/90-test_np.t
-index a0d8b4b..08bb84b 100644
--- a/test/recipes/90-test_np.t
-+++ b/test/recipes/90-test_np.t
-@@ -1,4 +1,11 @@
++++ /dev/null
+@@ -1,5 +0,0 @@
-#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
-diff --git a/test/recipes/90-test_p5_crpt2.t b/test/recipes/90-test_p5_crpt2.t
-index 838e0d7..710dc8b 100644
+-
+-use OpenSSL::Test::Simple;
+-
+-simple_test("test_np", "nptest");
--- a/test/recipes/90-test_p5_crpt2.t
+++ b/test/recipes/90-test_p5_crpt2.t
@@ -1,4 +1,11 @@
@@ -182237,8 +186063,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_secmem.t b/test/recipes/90-test_secmem.t
-index 59f3bdd..d197c48 100644
--- a/test/recipes/90-test_secmem.t
+++ b/test/recipes/90-test_secmem.t
@@ -1,4 +1,11 @@
@@ -182254,8 +186078,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_srp.t b/test/recipes/90-test_srp.t
-index 9110319..7026c35 100644
--- a/test/recipes/90-test_srp.t
+++ b/test/recipes/90-test_srp.t
@@ -1,4 +1,11 @@
@@ -182271,9 +186093,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
-new file mode 100644
-index 0000000..ec525a1
--- /dev/null
+++ b/test/recipes/90-test_sslapi.t
@@ -0,0 +1,22 @@
@@ -182299,8 +186118,6 @@
+
+ok(run(test(["sslapitest", srctop_file("apps", "server.pem"),
+ srctop_file("apps", "server.pem")])), "running sslapitest");
-diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t
-index a08d8b0..56d5338 100755
--- a/test/recipes/90-test_threads.t
+++ b/test/recipes/90-test_threads.t
@@ -1,4 +1,11 @@
@@ -182316,8 +186133,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/90-test_v3name.t b/test/recipes/90-test_v3name.t
-index 2a8a472..2e144e5 100644
--- a/test/recipes/90-test_v3name.t
+++ b/test/recipes/90-test_v3name.t
@@ -1,4 +1,11 @@
@@ -182333,8 +186148,6 @@
use OpenSSL::Test::Simple;
-diff --git a/test/recipes/bc.pl b/test/recipes/bc.pl
-index f7d4dc6..dbb5842 100644
--- a/test/recipes/bc.pl
+++ b/test/recipes/bc.pl
@@ -1,4 +1,11 @@
@@ -182350,8 +186163,6 @@
use strict;
use warnings;
-diff --git a/test/recipes/tconversion.pl b/test/recipes/tconversion.pl
-index eeb25d0..e5fa9de 100644
--- a/test/recipes/tconversion.pl
+++ b/test/recipes/tconversion.pl
@@ -1,4 +1,11 @@
@@ -182367,8 +186178,6 @@
use strict;
use warnings;
-diff --git a/test/rmdtest.c b/test/rmdtest.c
-index 867a20e..7f1e72e 100644
--- a/test/rmdtest.c
+++ b/test/rmdtest.c
@@ -1,58 +1,10 @@
@@ -182462,7 +186271,7 @@
};
static char *ret[] = {
-@@ -101,30 +52,27 @@ static char *ret[] = {
+@@ -101,30 +52,30 @@ static char *ret[] = {
static char *pt(unsigned char *md);
int main(int argc, char *argv[])
{
@@ -182484,8 +186293,12 @@
+ ebcdic2ascii(test[i], test[i], strlen(test[i]));
# endif
- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_ripemd160(),
-+ EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_ripemd160(),
- NULL);
+- NULL);
++ if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_ripemd160(),
++ NULL)) {
++ printf("EVP Digest error.\n");
++ EXIT(1);
++ }
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
- printf("error calculating RIPEMD160 on '%s'\n", *P);
@@ -182501,8 +186314,6 @@
}
EXIT(err);
}
-diff --git a/test/rsa_test.c b/test/rsa_test.c
-index 2bc21b0..7d06394 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -1,3 +1,12 @@
@@ -182539,8 +186350,6 @@
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
-diff --git a/test/run_tests.pl b/test/run_tests.pl
-index f7bd623..6550e0b 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -1,10 +1,22 @@
@@ -182576,8 +186385,76 @@
@tests = grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
} glob(catfile($recipesdir,"*.t"));
-diff --git a/test/secmemtest.c b/test/secmemtest.c
-index 7a77291..c31f391 100644
+--- /dev/null
++++ b/test/sanitytest.c
+@@ -0,0 +1,67 @@
++/*
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include <internal/numbers.h>
++
++
++#define TEST(e) \
++ do { \
++ if (!(e)) { \
++ fprintf(stderr, "Failed " #e "\n"); \
++ failures++; \
++ } \
++ } while (0)
++
++
++enum smallchoices { sa, sb, sc };
++enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml };
++enum largechoices {
++ a01, b01, c01, d01, e01, f01, g01, h01, i01, j01,
++ a02, b02, c02, d02, e02, f02, g02, h02, i02, j02,
++ a03, b03, c03, d03, e03, f03, g03, h03, i03, j03,
++ a04, b04, c04, d04, e04, f04, g04, h04, i04, j04,
++ a05, b05, c05, d05, e05, f05, g05, h05, i05, j05,
++ a06, b06, c06, d06, e06, f06, g06, h06, i06, j06,
++ a07, b07, c07, d07, e07, f07, g07, h07, i07, j07,
++ a08, b08, c08, d08, e08, f08, g08, h08, i08, j08,
++ a09, b09, c09, d09, e09, f09, g09, h09, i09, j09,
++ a10, b10, c10, d10, e10, f10, g10, h10, i10, j10,
++ xxx };
++
++int main()
++{
++ char *p;
++ char bytes[sizeof(p)];
++ int failures = 0;
++
++ /* Is NULL equivalent to all-bytes-zero? */
++ p = NULL;
++ memset(bytes, 0, sizeof bytes);
++ TEST(memcmp(&p, bytes, sizeof(bytes)) == 0);
++
++ /* Enum size */
++ TEST(sizeof(enum smallchoices) == sizeof(int));
++ TEST(sizeof(enum medchoices) == sizeof(int));
++ TEST(sizeof(enum largechoices) == sizeof(int));
++ /* Basic two's complement checks. */
++ TEST(~(-1) == 0);
++ TEST(~(-1L) == 0L);
++
++ /* Check that values with sign bit 1 and value bits 0 are valid */
++ TEST(-(INT_MIN + 1) == INT_MAX);
++ TEST(-(LONG_MIN + 1) == LONG_MAX);
++
++ /* Check that unsigned-to-signed conversions preserve bit patterns */
++ TEST((int)((unsigned int)INT_MAX + 1) == INT_MIN);
++ TEST((long)((unsigned long)LONG_MAX + 1) == LONG_MIN);
++
++ return failures;
++}
--- a/test/secmemtest.c
+++ b/test/secmemtest.c
@@ -1,32 +1,101 @@
@@ -182688,8 +186565,6 @@
return 1;
}
#endif
-diff --git a/test/sha1test.c b/test/sha1test.c
-index ada37d1..9ff959e 100644
--- a/test/sha1test.c
+++ b/test/sha1test.c
@@ -1,58 +1,10 @@
@@ -182771,7 +186646,7 @@
};
static char *ret[] = {
-@@ -83,34 +34,29 @@ static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+@@ -83,44 +34,57 @@ static char *bigret = "34aa973cd4c4daa4f
static char *pt(unsigned char *md);
int main(int argc, char *argv[])
{
@@ -182800,7 +186675,12 @@
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(test[i], test[i], strlen(test[i]));
+# endif
-+ EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(), NULL);
++ if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(),
++ NULL)) {
++ printf("EVP_Digest() error\n");
++ err++;
++ goto err;
++ }
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
- printf("error calculating SHA1 on '%s'\n", *P);
@@ -182816,8 +186696,42 @@
}
memset(buf, 'a', 1000);
-diff --git a/test/sha256t.c b/test/sha256t.c
-index d88c805..315d10f 100644
+ #ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, 1000);
+ #endif /* CHARSET_EBCDIC */
+- EVP_DigestInit_ex(c, EVP_sha1(), NULL);
+- for (i = 0; i < 1000; i++)
+- EVP_DigestUpdate(c, buf, 1000);
+- EVP_DigestFinal_ex(c, md, NULL);
++ if (!EVP_DigestInit_ex(c, EVP_sha1(), NULL)) {
++ printf("EVP_DigestInit_ex() error\n");
++ err++;
++ goto err;
++ }
++ for (i = 0; i < 1000; i++) {
++ if (!EVP_DigestUpdate(c, buf, 1000)) {
++ printf("EVP_DigestUpdate() error\n");
++ err++;
++ goto err;
++ }
++ }
++ if (!EVP_DigestFinal_ex(c, md, NULL)) {
++ printf("EVP_DigestFinal() error\n");
++ err++;
++ goto err;
++ }
+ p = pt(md);
+
+ r = bigret;
+@@ -130,7 +94,7 @@ int main(int argc, char *argv[])
+ err++;
+ } else
+ printf("test 3 ok\n");
+-
++ err:
+ EVP_MD_CTX_free(c);
+ EXIT(err);
+ return (0);
--- a/test/sha256t.c
+++ b/test/sha256t.c
@@ -1,7 +1,12 @@
@@ -182836,8 +186750,123 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-diff --git a/test/sha512t.c b/test/sha512t.c
-index 714fed6..b11fcaa 100644
+@@ -59,7 +64,8 @@ int main(int argc, char **argv)
+
+ fprintf(stdout, "Testing SHA-256 ");
+
+- EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL);
++ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL))
++ goto err;
+ if (memcmp(md, app_b1, sizeof(app_b1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+@@ -68,9 +74,10 @@ int main(int argc, char **argv)
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+- EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
+- "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha256(),
+- NULL);
++ if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
++ "ijkljklm" "klmnlmno" "mnopnopq", 56, md,
++ NULL, EVP_sha256(), NULL))
++ goto err;
+ if (memcmp(md, app_b2, sizeof(app_b2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+@@ -85,19 +92,23 @@ int main(int argc, char **argv)
+ fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
+ return 1;
+ }
+- EVP_DigestInit_ex(evp, EVP_sha256(), NULL);
+- for (i = 0; i < 1000000; i += 288)
+- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+- (1000000 - i) < 288 ? 1000000 - i : 288);
+- EVP_DigestFinal_ex(evp, md, NULL);
++ if (!EVP_DigestInit_ex(evp, EVP_sha256(), NULL))
++ goto err;
++ for (i = 0; i < 1000000; i += 288) {
++ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
++ (1000000 - i) < 288 ? 1000000 - i : 288))
++ goto err;
++ }
++ if (!EVP_DigestFinal_ex(evp, md, NULL))
++ goto err;
+
+ if (memcmp(md, app_b3, sizeof(app_b3))) {
+ fflush(stdout);
+@@ -112,7 +123,8 @@ int main(int argc, char **argv)
+
+ fprintf(stdout, "Testing SHA-224 ");
+
+- EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL);
++ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL))
++ goto err;
+ if (memcmp(md, addenum_1, sizeof(addenum_1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+@@ -121,9 +133,10 @@ int main(int argc, char **argv)
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+- EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
+- "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha224(),
+- NULL);
++ if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
++ "ijkljklm" "klmnlmno" "mnopnopq", 56, md,
++ NULL, EVP_sha224(), NULL))
++ goto err;
+ if (memcmp(md, addenum_2, sizeof(addenum_2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+@@ -133,12 +146,16 @@ int main(int argc, char **argv)
+ fflush(stdout);
+
+ EVP_MD_CTX_reset(evp);
+- EVP_DigestInit_ex(evp, EVP_sha224(), NULL);
+- for (i = 0; i < 1000000; i += 64)
+- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+- (1000000 - i) < 64 ? 1000000 - i : 64);
+- EVP_DigestFinal_ex(evp, md, NULL);
++ if (!EVP_DigestInit_ex(evp, EVP_sha224(), NULL))
++ goto err;
++ for (i = 0; i < 1000000; i += 64) {
++ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
++ (1000000 - i) < 64 ? 1000000 - i : 64))
++ goto err;
++ }
++ if (!EVP_DigestFinal_ex(evp, md, NULL))
++ goto err;
+ EVP_MD_CTX_free(evp);
+
+ if (memcmp(md, addenum_3, sizeof(addenum_3))) {
+@@ -153,4 +170,8 @@ int main(int argc, char **argv)
+ fflush(stdout);
+
+ return 0;
++
++ err:
++ fprintf(stderr, "Fatal EVP error!\n");
++ return 1;
+ }
--- a/test/sha512t.c
+++ b/test/sha512t.c
@@ -1,7 +1,12 @@
@@ -182856,7 +186885,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-@@ -76,19 +81,6 @@ int main(int argc, char **argv)
+@@ -76,22 +81,10 @@ int main(int argc, char **argv)
int i;
EVP_MD_CTX *evp;
@@ -182875,9 +186904,124 @@
-
fprintf(stdout, "Testing SHA-512 ");
- EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
-diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
-index f01f664..89963ec 100644
+- EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
++ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL))
++ goto err;
+ if (memcmp(md, app_c1, sizeof(app_c1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+@@ -100,10 +93,11 @@ int main(int argc, char **argv)
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+- EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
+- "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
+- "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
+- "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL);
++ if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
++ "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
++ "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
++ "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL))
++ goto err;
+ if (memcmp(md, app_c2, sizeof(app_c2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+@@ -118,19 +112,23 @@ int main(int argc, char **argv)
+ fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
+ return 1;
+ }
+- EVP_DigestInit_ex(evp, EVP_sha512(), NULL);
+- for (i = 0; i < 1000000; i += 288)
+- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+- (1000000 - i) < 288 ? 1000000 - i : 288);
+- EVP_DigestFinal_ex(evp, md, NULL);
++ if (!EVP_DigestInit_ex(evp, EVP_sha512(), NULL))
++ goto err;
++ for (i = 0; i < 1000000; i += 288) {
++ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
++ (1000000 - i) < 288 ? 1000000 - i : 288))
++ goto err;
++ }
++ if (!EVP_DigestFinal_ex(evp, md, NULL))
++ goto err;
+ EVP_MD_CTX_reset(evp);
+
+ if (memcmp(md, app_c3, sizeof(app_c3))) {
+@@ -146,7 +144,8 @@ int main(int argc, char **argv)
+
+ fprintf(stdout, "Testing SHA-384 ");
+
+- EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL);
++ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL))
++ goto err;
+ if (memcmp(md, app_d1, sizeof(app_d1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+@@ -155,10 +154,11 @@ int main(int argc, char **argv)
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+- EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
+- "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
+- "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
+- "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL);
++ if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
++ "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
++ "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
++ "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL))
++ goto err;
+ if (memcmp(md, app_d2, sizeof(app_d2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+@@ -167,12 +167,16 @@ int main(int argc, char **argv)
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+- EVP_DigestInit_ex(evp, EVP_sha384(), NULL);
+- for (i = 0; i < 1000000; i += 64)
+- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+- (1000000 - i) < 64 ? 1000000 - i : 64);
+- EVP_DigestFinal_ex(evp, md, NULL);
++ if (!EVP_DigestInit_ex(evp, EVP_sha384(), NULL))
++ goto err;
++ for (i = 0; i < 1000000; i += 64) {
++ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
++ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
++ (1000000 - i) < 64 ? 1000000 - i : 64))
++ goto err;
++ }
++ if (!EVP_DigestFinal_ex(evp, md, NULL))
++ goto err;
+ EVP_MD_CTX_free(evp);
+
+ if (memcmp(md, app_d3, sizeof(app_d3))) {
+@@ -187,4 +191,9 @@ int main(int argc, char **argv)
+ fflush(stdout);
+
+ return 0;
++
++ err:
++ fflush(stdout);
++ fprintf(stderr, "\nFatal EVP error!\n");
++ return 1;
+ }
--- a/test/smime-certs/mksmime-certs.sh
+++ b/test/smime-certs/mksmime-certs.sh
@@ -1,4 +1,11 @@
@@ -182892,8 +187036,6 @@
# Utility to recreate S/MIME certificates
-diff --git a/test/srptest.c b/test/srptest.c
-index 8379535..8d0aaa3 100644
--- a/test/srptest.c
+++ b/test/srptest.c
@@ -1,3 +1,12 @@
@@ -182909,11 +187051,9 @@
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_SRP
-diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf
-index 8c8067d..ab34e01 100644
--- a/test/ssl-tests/01-simple.conf
+++ b/test/ssl-tests/01-simple.conf
-@@ -18,13 +18,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -18,13 +18,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -182927,7 +187067,7 @@
[test-0]
ExpectedResult = Success
-@@ -43,12 +41,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -43,12 +41,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -182940,8 +187080,6 @@
[test-1]
ClientAlert = UnknownCA
ExpectedResult = ClientFail
-diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in
-index a152f66..e3a6330 100644
--- a/test/ssl-tests/01-simple.conf.in
+++ b/test/ssl-tests/01-simple.conf.in
@@ -1,4 +1,11 @@
@@ -182956,8 +187094,6 @@
## SSL test configurations
-diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf
-index dc46bfa..1b9a41b 100644
--- a/test/ssl-tests/02-protocol-version.conf
+++ b/test/ssl-tests/02-protocol-version.conf
@@ -378,14 +378,12 @@ CipherString = DEFAULT
@@ -183020,7 +187156,7 @@
[test-3]
ExpectedResult = InternalError
-@@ -485,14 +477,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -485,14 +477,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -183305,7 +187441,7 @@
[test-22]
ExpectedResult = Success
Protocol = TLSv1
-@@ -1010,14 +964,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -1010,14 +964,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -183590,7 +187726,7 @@
[test-41]
ExpectedResult = Success
Protocol = TLSv1.1
-@@ -1544,14 +1460,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -1544,14 +1460,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -183875,7 +188011,7 @@
[test-60]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -2081,14 +1959,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -2081,14 +1959,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -184156,7 +188292,7 @@
[test-79]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -2616,13 +2456,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -2616,13 +2456,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -184430,7 +188566,7 @@
[test-98]
ExpectedResult = InternalError
-@@ -3141,7 +2943,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -3141,7 +2943,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -184734,7 +188870,7 @@
[test-117]
ExpectedResult = Success
Protocol = TLSv1
-@@ -3685,7 +3449,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -3685,7 +3449,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -185038,7 +189174,7 @@
[test-136]
ExpectedResult = Success
Protocol = TLSv1.1
-@@ -4238,7 +3964,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -4238,7 +3964,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -185342,7 +189478,7 @@
[test-155]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -4794,7 +4482,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -4794,7 +4482,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -185642,7 +189778,7 @@
[test-174]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -5348,14 +4998,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -5348,14 +4998,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -185931,7 +190067,7 @@
[test-193]
ExpectedResult = Success
Protocol = TLSv1
-@@ -5891,7 +5503,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -5891,7 +5503,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -186235,7 +190371,7 @@
[test-212]
ExpectedResult = Success
Protocol = TLSv1.1
-@@ -6444,7 +6018,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -6444,7 +6018,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -186539,7 +190675,7 @@
[test-231]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -7000,7 +6536,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -7000,7 +6536,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -186839,7 +190975,7 @@
[test-250]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -7554,14 +7052,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -7554,14 +7052,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -187128,7 +191264,7 @@
[test-269]
ExpectedResult = Success
Protocol = TLSv1.1
-@@ -8096,7 +7556,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -8096,7 +7556,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -187432,7 +191568,7 @@
[test-288]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -8649,7 +8071,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -8649,7 +8071,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -187732,7 +191868,7 @@
[test-307]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -9200,14 +8584,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -9200,14 +8584,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -188021,7 +192157,7 @@
[test-326]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -9739,7 +9085,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -9739,7 +9085,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -188321,7 +192457,7 @@
[test-345]
ExpectedResult = Success
Protocol = TLSv1.2
-@@ -10286,14 +9594,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+@@ -10286,14 +9594,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -188546,13 +192682,17 @@
[test-360]
ExpectedResult = Success
Protocol = TLSv1.2
-diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in
-index 99b1dc0..46851c9 100644
--- a/test/ssl-tests/02-protocol-version.conf.in
+++ b/test/ssl-tests/02-protocol-version.conf.in
@@ -1,115 +1,19 @@
# -*- mode: perl; -*-
--
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
-## Test version negotiation
-
-package ssltests;
@@ -188562,20 +192702,23 @@
-use OpenSSL::Test;
-use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
-setup("no_test_here");
--
+
-my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-# undef stands for "no limit".
-my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
--
++## Test TLS version negotiation
+
-my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
--
++package ssltests;
+
-my $min_enabled; my $max_enabled;
--
++use strict;
++use warnings;
+
-# Protocol configuration works in cascades, i.e.,
-# $no_tls1_1 disables TLSv1.1 and below.
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
+-#
-# $min_enabled and $max_enabled will be correct if there is at least one
-# protocol enabled.
-foreach my $i (0..$#protocols) {
@@ -188590,13 +192733,9 @@
- $max_enabled = $i;
- }
-}
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
+-
-our @tests = ();
-
+-
-sub generate_tests() {
- foreach my $c_min (0..$#min_protocols) {
- my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
@@ -188626,8 +192765,7 @@
- }
- }
-}
-+## Test TLS version negotiation
-
+-
-sub expected_result {
- my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
- if ($no_tls) {
@@ -188641,17 +192779,14 @@
- $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max;
- $s_min = $s_min == 0 ? 0 : $s_min - 1;
- $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max;
-+package ssltests;
-
+-
- # We now have at least one protocol enabled, so $min_enabled and
- # $max_enabled are well-defined.
- $c_min = max $c_min, $min_enabled;
- $s_min = max $s_min, $min_enabled;
- $c_max = min $c_max, $max_enabled;
- $s_max = min $s_max, $max_enabled;
-+use strict;
-+use warnings;
-
+-
- if ($c_min > $c_max) {
- # Client should fail to even send a hello.
- # This results in an internal error since the server will be
@@ -188676,10 +192811,7 @@
+use protocol_version;
-generate_tests();
-+our @tests = generate_tests("TLS");
-diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.conf
-new file mode 100644
-index 0000000..835ce91
++our @tests = generate_version_tests("TLS");
--- /dev/null
+++ b/test/ssl-tests/03-custom_verify.conf
@@ -0,0 +1,220 @@
@@ -188903,9 +193035,6 @@
+ExpectedResult = ClientFail
+
+
-diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in
-new file mode 100644
-index 0000000..1cd4273
--- /dev/null
+++ b/test/ssl-tests/03-custom_verify.conf.in
@@ -0,0 +1,134 @@
@@ -189043,12 +193172,9 @@
+
+
+);
-diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
-new file mode 100644
-index 0000000..02cba53
--- /dev/null
+++ b/test/ssl-tests/04-client_auth.conf
-@@ -0,0 +1,562 @@
+@@ -0,0 +1,592 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 20
@@ -189212,12 +193338,14 @@
+[5-server-auth-TLSv1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1
+
+[5-server-auth-TLSv1-client]
+CipherString = DEFAULT
-+Protocol = TLSv1
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189237,13 +193365,15 @@
+[6-client-auth-TLSv1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1
+VerifyMode = Request
+
+[6-client-auth-TLSv1-request-client]
+CipherString = DEFAULT
-+Protocol = TLSv1
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189263,14 +193393,16 @@
+[7-client-auth-TLSv1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[7-client-auth-TLSv1-require-fail-client]
+CipherString = DEFAULT
-+Protocol = TLSv1
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189291,16 +193423,18 @@
+[8-client-auth-TLSv1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[8-client-auth-TLSv1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189320,15 +193454,17 @@
+[9-client-auth-TLSv1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1
+VerifyMode = Require
+
+[9-client-auth-TLSv1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+Protocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189349,12 +193485,14 @@
+[10-server-auth-TLSv1.1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.1
+
+[10-server-auth-TLSv1.1-client]
+CipherString = DEFAULT
-+Protocol = TLSv1.1
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189374,13 +193512,15 @@
+[11-client-auth-TLSv1.1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.1
+VerifyMode = Request
+
+[11-client-auth-TLSv1.1-request-client]
+CipherString = DEFAULT
-+Protocol = TLSv1.1
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189400,14 +193540,16 @@
+[12-client-auth-TLSv1.1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[12-client-auth-TLSv1.1-require-fail-client]
+CipherString = DEFAULT
-+Protocol = TLSv1.1
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189428,16 +193570,18 @@
+[13-client-auth-TLSv1.1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[13-client-auth-TLSv1.1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189457,15 +193601,17 @@
+[14-client-auth-TLSv1.1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.1
+VerifyMode = Require
+
+[14-client-auth-TLSv1.1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+Protocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189486,12 +193632,14 @@
+[15-server-auth-TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.2
+
+[15-server-auth-TLSv1.2-client]
+CipherString = DEFAULT
-+Protocol = TLSv1.2
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189511,13 +193659,15 @@
+[16-client-auth-TLSv1.2-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.2
+VerifyMode = Request
+
+[16-client-auth-TLSv1.2-request-client]
+CipherString = DEFAULT
-+Protocol = TLSv1.2
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189537,14 +193687,16 @@
+[17-client-auth-TLSv1.2-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[17-client-auth-TLSv1.2-require-fail-client]
+CipherString = DEFAULT
-+Protocol = TLSv1.2
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189565,16 +193717,18 @@
+[18-client-auth-TLSv1.2-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[18-client-auth-TLSv1.2-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189594,15 +193748,17 @@
+[19-client-auth-TLSv1.2-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+Protocol = TLSv1.2
+VerifyMode = Require
+
+[19-client-auth-TLSv1.2-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+Protocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
@@ -189611,12 +193767,9 @@
+ServerAlert = UnknownCA
+
+
-diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
-new file mode 100644
-index 0000000..36d13df
--- /dev/null
+++ b/test/ssl-tests/04-client_auth.conf.in
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,125 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
@@ -189645,15 +193798,23 @@
+ foreach (0..$#protocols) {
+ my $protocol = $protocols[$_];
+ my $protocol_name = $protocol || "flex";
++ my $caalert;
+ if (!$is_disabled[$_]) {
++ if ($protocol_name eq "SSLv3") {
++ $caalert = "BadCertificate";
++ } else {
++ $caalert = "UnknownCA";
++ }
+ # Sanity-check simple handshake.
+ push @tests, {
+ name => "server-auth-${protocol_name}",
+ server => {
-+ "Protocol" => $protocol
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol
+ },
+ client => {
-+ "Protocol" => $protocol
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol
+ },
+ test => { "ExpectedResult" => "Success" },
+ };
@@ -189662,11 +193823,13 @@
+ push @tests, {
+ name => "client-auth-${protocol_name}-request",
+ server => {
-+ "Protocol" => $protocol,
-+ "VerifyMode" => "Request",
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol,
++ "VerifyMode" => "Request"
+ },
+ client => {
-+ "Protocol" => $protocol
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol
+ },
+ test => { "ExpectedResult" => "Success" },
+ };
@@ -189675,12 +193838,14 @@
+ push @tests, {
+ name => "client-auth-${protocol_name}-require-fail",
+ server => {
-+ "Protocol" => $protocol,
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol,
+ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyMode" => "Require",
+ },
+ client => {
-+ "Protocol" => $protocol,
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
@@ -189692,12 +193857,14 @@
+ push @tests, {
+ name => "client-auth-${protocol_name}-require",
+ server => {
-+ "Protocol" => $protocol,
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol,
+ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyMode" => "Request",
+ },
+ client => {
-+ "Protocol" => $protocol,
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol,
+ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ },
@@ -189708,17 +193875,19 @@
+ push @tests, {
+ name => "client-auth-${protocol_name}-noroot",
+ server => {
-+ "Protocol" => $protocol,
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol,
+ "VerifyMode" => "Require",
+ },
+ client => {
-+ "Protocol" => $protocol,
++ "MinProtocol" => $protocol,
++ "MaxProtocol" => $protocol,
+ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
-+ "ServerAlert" => "UnknownCA",
++ "ServerAlert" => $caalert,
+ },
+ };
+ }
@@ -189726,12 +193895,9 @@
+}
+
+generate_tests();
-diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf
-new file mode 100644
-index 0000000..ef6db27
--- /dev/null
+++ b/test/ssl-tests/05-sni.conf
-@@ -0,0 +1,193 @@
+@@ -0,0 +1,168 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
@@ -189749,19 +193915,14 @@
+
+[0-SNI-switch-context-ssl]
+server = 0-SNI-switch-context-server
-+server2 = 0-SNI-switch-context-server2
+client = 0-SNI-switch-context-client
++server2 = 0-SNI-switch-context-server
+
+[0-SNI-switch-context-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
-+[0-SNI-switch-context-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
+[0-SNI-switch-context-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -189781,19 +193942,14 @@
+
+[1-SNI-keep-context-ssl]
+server = 1-SNI-keep-context-server
-+server2 = 1-SNI-keep-context-server2
+client = 1-SNI-keep-context-client
++server2 = 1-SNI-keep-context-server
+
+[1-SNI-keep-context-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
-+[1-SNI-keep-context-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
+[1-SNI-keep-context-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -189837,19 +193993,14 @@
+
+[3-SNI-no-client-support-ssl]
+server = 3-SNI-no-client-support-server
-+server2 = 3-SNI-no-client-support-server2
+client = 3-SNI-no-client-support-client
++server2 = 3-SNI-no-client-support-server
+
+[3-SNI-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
-+[3-SNI-no-client-support-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
+[3-SNI-no-client-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -189868,19 +194019,14 @@
+
+[4-SNI-bad-sni-ignore-mismatch-ssl]
+server = 4-SNI-bad-sni-ignore-mismatch-server
-+server2 = 4-SNI-bad-sni-ignore-mismatch-server2
+client = 4-SNI-bad-sni-ignore-mismatch-client
++server2 = 4-SNI-bad-sni-ignore-mismatch-server
+
+[4-SNI-bad-sni-ignore-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
-+[4-SNI-bad-sni-ignore-mismatch-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
+[4-SNI-bad-sni-ignore-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -189900,19 +194046,14 @@
+
+[5-SNI-bad-sni-reject-mismatch-ssl]
+server = 5-SNI-bad-sni-reject-mismatch-server
-+server2 = 5-SNI-bad-sni-reject-mismatch-server2
+client = 5-SNI-bad-sni-reject-mismatch-client
++server2 = 5-SNI-bad-sni-reject-mismatch-server
+
+[5-SNI-bad-sni-reject-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
-+[5-SNI-bad-sni-reject-mismatch-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
+[5-SNI-bad-sni-reject-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -189925,12 +194066,9 @@
+ServerNameCallback = RejectMismatch
+
+
-diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in
-new file mode 100644
-index 0000000..635ce9a
--- /dev/null
+++ b/test/ssl-tests/05-sni.conf.in
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,74 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -189951,7 +194089,6 @@
+ {
+ name => "SNI-switch-context",
+ server => { },
-+ server2 => { },
+ client => { },
+ test => { "ServerName" => "server2",
+ "ExpectedServerName" => "server2",
@@ -189961,7 +194098,6 @@
+ {
+ name => "SNI-keep-context",
+ server => { },
-+ server2 => { },
+ client => { },
+ test => { "ServerName" => "server1",
+ "ExpectedServerName" => "server1",
@@ -189978,7 +194114,6 @@
+ {
+ name => "SNI-no-client-support",
+ server => { },
-+ server2 => { },
+ client => { },
+ test => {
+ # We expect that the callback is still called
@@ -189992,7 +194127,6 @@
+ {
+ name => "SNI-bad-sni-ignore-mismatch",
+ server => { },
-+ server2 => { },
+ client => { },
+ test => { "ServerName" => "invalid",
+ "ExpectedServerName" => "server1",
@@ -190002,7 +194136,6 @@
+ {
+ name => "SNI-bad-sni-reject-mismatch",
+ server => { },
-+ server2 => { },
+ client => { },
+ test => { "ServerName" => "invalid",
+ "ServerNameCallback" => "RejectMismatch",
@@ -190010,9 +194143,6 @@
+ "ServerAlert" => "UnrecognizedName"},
+ },
+);
-diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf
-new file mode 100644
-index 0000000..b3bfda0
--- /dev/null
+++ b/test/ssl-tests/06-sni-ticket.conf
@@ -0,0 +1,631 @@
@@ -190044,8 +194174,8 @@
+
+[0-sni-session-ticket-ssl]
+server = 0-sni-session-ticket-server
++client = 0-sni-session-ticket-client
+server2 = 0-sni-session-ticket-server2
-+client = 0-sni-session-ticket-client
+
+[0-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190078,8 +194208,8 @@
+
+[1-sni-session-ticket-ssl]
+server = 1-sni-session-ticket-server
++client = 1-sni-session-ticket-client
+server2 = 1-sni-session-ticket-server2
-+client = 1-sni-session-ticket-client
+
+[1-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190114,8 +194244,8 @@
+
+[2-sni-session-ticket-ssl]
+server = 2-sni-session-ticket-server
++client = 2-sni-session-ticket-client
+server2 = 2-sni-session-ticket-server2
-+client = 2-sni-session-ticket-client
+
+[2-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190150,8 +194280,8 @@
+
+[3-sni-session-ticket-ssl]
+server = 3-sni-session-ticket-server
++client = 3-sni-session-ticket-client
+server2 = 3-sni-session-ticket-server2
-+client = 3-sni-session-ticket-client
+
+[3-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190186,8 +194316,8 @@
+
+[4-sni-session-ticket-ssl]
+server = 4-sni-session-ticket-server
++client = 4-sni-session-ticket-client
+server2 = 4-sni-session-ticket-server2
-+client = 4-sni-session-ticket-client
+
+[4-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190222,8 +194352,8 @@
+
+[5-sni-session-ticket-ssl]
+server = 5-sni-session-ticket-server
++client = 5-sni-session-ticket-client
+server2 = 5-sni-session-ticket-server2
-+client = 5-sni-session-ticket-client
+
+[5-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190258,8 +194388,8 @@
+
+[6-sni-session-ticket-ssl]
+server = 6-sni-session-ticket-server
++client = 6-sni-session-ticket-client
+server2 = 6-sni-session-ticket-server2
-+client = 6-sni-session-ticket-client
+
+[6-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190294,8 +194424,8 @@
+
+[7-sni-session-ticket-ssl]
+server = 7-sni-session-ticket-server
++client = 7-sni-session-ticket-client
+server2 = 7-sni-session-ticket-server2
-+client = 7-sni-session-ticket-client
+
+[7-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190330,8 +194460,8 @@
+
+[8-sni-session-ticket-ssl]
+server = 8-sni-session-ticket-server
++client = 8-sni-session-ticket-client
+server2 = 8-sni-session-ticket-server2
-+client = 8-sni-session-ticket-client
+
+[8-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190366,8 +194496,8 @@
+
+[9-sni-session-ticket-ssl]
+server = 9-sni-session-ticket-server
++client = 9-sni-session-ticket-client
+server2 = 9-sni-session-ticket-server2
-+client = 9-sni-session-ticket-client
+
+[9-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190402,8 +194532,8 @@
+
+[10-sni-session-ticket-ssl]
+server = 10-sni-session-ticket-server
++client = 10-sni-session-ticket-client
+server2 = 10-sni-session-ticket-server2
-+client = 10-sni-session-ticket-client
+
+[10-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190438,8 +194568,8 @@
+
+[11-sni-session-ticket-ssl]
+server = 11-sni-session-ticket-server
++client = 11-sni-session-ticket-client
+server2 = 11-sni-session-ticket-server2
-+client = 11-sni-session-ticket-client
+
+[11-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190474,8 +194604,8 @@
+
+[12-sni-session-ticket-ssl]
+server = 12-sni-session-ticket-server
++client = 12-sni-session-ticket-client
+server2 = 12-sni-session-ticket-server2
-+client = 12-sni-session-ticket-client
+
+[12-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190510,8 +194640,8 @@
+
+[13-sni-session-ticket-ssl]
+server = 13-sni-session-ticket-server
++client = 13-sni-session-ticket-client
+server2 = 13-sni-session-ticket-server2
-+client = 13-sni-session-ticket-client
+
+[13-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190546,8 +194676,8 @@
+
+[14-sni-session-ticket-ssl]
+server = 14-sni-session-ticket-server
++client = 14-sni-session-ticket-client
+server2 = 14-sni-session-ticket-server2
-+client = 14-sni-session-ticket-client
+
+[14-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190582,8 +194712,8 @@
+
+[15-sni-session-ticket-ssl]
+server = 15-sni-session-ticket-server
++client = 15-sni-session-ticket-client
+server2 = 15-sni-session-ticket-server2
-+client = 15-sni-session-ticket-client
+
+[15-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190618,8 +194748,8 @@
+
+[16-sni-session-ticket-ssl]
+server = 16-sni-session-ticket-server
++client = 16-sni-session-ticket-client
+server2 = 16-sni-session-ticket-server2
-+client = 16-sni-session-ticket-client
+
+[16-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
@@ -190647,9 +194777,6 @@
+SessionTicketExpected = No
+
+
-diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in
-new file mode 100644
-index 0000000..8c95827
--- /dev/null
+++ b/test/ssl-tests/06-sni-ticket.conf.in
@@ -0,0 +1,86 @@
@@ -190739,9 +194866,6 @@
+};
+
+generate_tests();
-diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf
-new file mode 100644
-index 0000000..df7e4df
--- /dev/null
+++ b/test/ssl-tests/07-dtls-protocol-version.conf
@@ -0,0 +1,1820 @@
@@ -192565,9 +196689,6 @@
+Protocol = DTLSv1.2
+
+
-diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in
-new file mode 100644
-index 0000000..965ed3e
--- /dev/null
+++ b/test/ssl-tests/07-dtls-protocol-version.conf.in
@@ -0,0 +1,19 @@
@@ -192589,13 +196710,2981 @@
+
+use protocol_version;
+
-+our @tests = generate_tests("DTLS");
-diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
-new file mode 100644
-index 0000000..cb99756
++our @tests = generate_version_tests("DTLS");
--- /dev/null
++++ b/test/ssl-tests/08-npn.conf
+@@ -0,0 +1,362 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 12
++
++test-0 = 0-npn-simple
++test-1 = 1-npn-client-finds-match
++test-2 = 2-npn-client-honours-server-pref
++test-3 = 3-npn-client-first-pref-on-mismatch
++test-4 = 4-npn-no-server-support
++test-5 = 5-npn-no-client-support
++test-6 = 6-npn-with-sni-no-context-switch
++test-7 = 7-npn-with-sni-context-switch
++test-8 = 8-npn-selected-sni-server-supports-npn
++test-9 = 9-npn-selected-sni-server-does-not-support-npn
++test-10 = 10-alpn-preferred-over-npn
++test-11 = 11-sni-npn-preferred-over-alpn
++# ===========================================================
++
++[0-npn-simple]
++ssl_conf = 0-npn-simple-ssl
++
++[0-npn-simple-ssl]
++server = 0-npn-simple-server
++client = 0-npn-simple-client
++
++[0-npn-simple-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[0-npn-simple-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-0]
++ClientNPNProtocols = foo
++ExpectedNPNProtocol = foo
++ServerNPNProtocols = foo
++
++
++# ===========================================================
++
++[1-npn-client-finds-match]
++ssl_conf = 1-npn-client-finds-match-ssl
++
++[1-npn-client-finds-match-ssl]
++server = 1-npn-client-finds-match-server
++client = 1-npn-client-finds-match-client
++
++[1-npn-client-finds-match-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[1-npn-client-finds-match-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-1]
++ClientNPNProtocols = foo,bar
++ExpectedNPNProtocol = bar
++ServerNPNProtocols = baz,bar
++
++
++# ===========================================================
++
++[2-npn-client-honours-server-pref]
++ssl_conf = 2-npn-client-honours-server-pref-ssl
++
++[2-npn-client-honours-server-pref-ssl]
++server = 2-npn-client-honours-server-pref-server
++client = 2-npn-client-honours-server-pref-client
++
++[2-npn-client-honours-server-pref-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[2-npn-client-honours-server-pref-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-2]
++ClientNPNProtocols = foo,bar
++ExpectedNPNProtocol = bar
++ServerNPNProtocols = bar,foo
++
++
++# ===========================================================
++
++[3-npn-client-first-pref-on-mismatch]
++ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl
++
++[3-npn-client-first-pref-on-mismatch-ssl]
++server = 3-npn-client-first-pref-on-mismatch-server
++client = 3-npn-client-first-pref-on-mismatch-client
++
++[3-npn-client-first-pref-on-mismatch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[3-npn-client-first-pref-on-mismatch-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-3]
++ClientNPNProtocols = foo,bar
++ExpectedNPNProtocol = foo
++ServerNPNProtocols = baz
++
++
++# ===========================================================
++
++[4-npn-no-server-support]
++ssl_conf = 4-npn-no-server-support-ssl
++
++[4-npn-no-server-support-ssl]
++server = 4-npn-no-server-support-server
++client = 4-npn-no-server-support-client
++
++[4-npn-no-server-support-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[4-npn-no-server-support-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-4]
++ClientNPNProtocols = foo
++
++
++# ===========================================================
++
++[5-npn-no-client-support]
++ssl_conf = 5-npn-no-client-support-ssl
++
++[5-npn-no-client-support-ssl]
++server = 5-npn-no-client-support-server
++client = 5-npn-no-client-support-client
++
++[5-npn-no-client-support-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[5-npn-no-client-support-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-5]
++ServerNPNProtocols = foo
++
++
++# ===========================================================
++
++[6-npn-with-sni-no-context-switch]
++ssl_conf = 6-npn-with-sni-no-context-switch-ssl
++
++[6-npn-with-sni-no-context-switch-ssl]
++server = 6-npn-with-sni-no-context-switch-server
++client = 6-npn-with-sni-no-context-switch-client
++server2 = 6-npn-with-sni-no-context-switch-server2
++
++[6-npn-with-sni-no-context-switch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-npn-with-sni-no-context-switch-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-npn-with-sni-no-context-switch-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-6]
++ClientNPNProtocols = foo,bar
++ExpectedNPNProtocol = foo
++ExpectedServerName = server1
++Server2NPNProtocols = bar
++ServerNPNProtocols = foo
++ServerName = server1
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[7-npn-with-sni-context-switch]
++ssl_conf = 7-npn-with-sni-context-switch-ssl
++
++[7-npn-with-sni-context-switch-ssl]
++server = 7-npn-with-sni-context-switch-server
++client = 7-npn-with-sni-context-switch-client
++server2 = 7-npn-with-sni-context-switch-server2
++
++[7-npn-with-sni-context-switch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-npn-with-sni-context-switch-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-npn-with-sni-context-switch-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-7]
++ClientNPNProtocols = foo,bar
++ExpectedNPNProtocol = bar
++ExpectedServerName = server2
++Server2NPNProtocols = bar
++ServerNPNProtocols = foo
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[8-npn-selected-sni-server-supports-npn]
++ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
++
++[8-npn-selected-sni-server-supports-npn-ssl]
++server = 8-npn-selected-sni-server-supports-npn-server
++client = 8-npn-selected-sni-server-supports-npn-client
++server2 = 8-npn-selected-sni-server-supports-npn-server2
++
++[8-npn-selected-sni-server-supports-npn-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-npn-selected-sni-server-supports-npn-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-npn-selected-sni-server-supports-npn-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-8]
++ClientNPNProtocols = foo,bar
++ExpectedNPNProtocol = bar
++ExpectedServerName = server2
++Server2NPNProtocols = bar
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[9-npn-selected-sni-server-does-not-support-npn]
++ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
++
++[9-npn-selected-sni-server-does-not-support-npn-ssl]
++server = 9-npn-selected-sni-server-does-not-support-npn-server
++client = 9-npn-selected-sni-server-does-not-support-npn-client
++server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
++
++[9-npn-selected-sni-server-does-not-support-npn-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-npn-selected-sni-server-does-not-support-npn-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-npn-selected-sni-server-does-not-support-npn-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-9]
++ClientNPNProtocols = foo,bar
++ExpectedServerName = server2
++ServerNPNProtocols = foo
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[10-alpn-preferred-over-npn]
++ssl_conf = 10-alpn-preferred-over-npn-ssl
++
++[10-alpn-preferred-over-npn-ssl]
++server = 10-alpn-preferred-over-npn-server
++client = 10-alpn-preferred-over-npn-client
++
++[10-alpn-preferred-over-npn-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[10-alpn-preferred-over-npn-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-10]
++ClientALPNProtocols = foo
++ClientNPNProtocols = bar
++ExpectedALPNProtocol = foo
++ServerALPNProtocols = foo
++ServerNPNProtocols = bar
++
++
++# ===========================================================
++
++[11-sni-npn-preferred-over-alpn]
++ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
++
++[11-sni-npn-preferred-over-alpn-ssl]
++server = 11-sni-npn-preferred-over-alpn-server
++client = 11-sni-npn-preferred-over-alpn-client
++server2 = 11-sni-npn-preferred-over-alpn-server2
++
++[11-sni-npn-preferred-over-alpn-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[11-sni-npn-preferred-over-alpn-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[11-sni-npn-preferred-over-alpn-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-11]
++ClientALPNProtocols = foo
++ClientNPNProtocols = bar
++ExpectedNPNProtocol = bar
++ExpectedServerName = server2
++Server2NPNProtocols = bar
++ServerALPNProtocols = foo
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
+--- /dev/null
++++ b/test/ssl-tests/08-npn.conf.in
+@@ -0,0 +1,165 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## Test version negotiation
++
++use strict;
++use warnings;
++
++package ssltests;
++
++
++our @tests = (
++ {
++ name => "npn-simple",
++ server => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo",
++ "ServerNPNProtocols" => "foo",
++ "ExpectedNPNProtocol" => "foo",
++ },
++ },
++ {
++ name => "npn-client-finds-match",
++ server => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "ServerNPNProtocols" => "baz,bar",
++ "ExpectedNPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "npn-client-honours-server-pref",
++ server => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "ServerNPNProtocols" => "bar,foo",
++ "ExpectedNPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "npn-client-first-pref-on-mismatch",
++ server => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "ServerNPNProtocols" => "baz",
++ "ExpectedNPNProtocol" => "foo",
++ },
++ },
++ {
++ name => "npn-no-server-support",
++ server => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo",
++ "ExpectedNPNProtocol" => undef,
++ },
++ },
++ {
++ name => "npn-no-client-support",
++ server => { },
++ client => { },
++ test => {
++ "ServerNPNProtocols" => "foo",
++ "ExpectedNPNProtocol" => undef,
++ },
++ },
++ {
++ name => "npn-with-sni-no-context-switch",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "ServerNPNProtocols" => "foo",
++ "Server2NPNProtocols" => "bar",
++ "ServerName" => "server1",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server1",
++ "ExpectedNPNProtocol" => "foo",
++ },
++ },
++ {
++ name => "npn-with-sni-context-switch",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "ServerNPNProtocols" => "foo",
++ "Server2NPNProtocols" => "bar",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedNPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "npn-selected-sni-server-supports-npn",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "Server2NPNProtocols" => "bar",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedNPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "npn-selected-sni-server-does-not-support-npn",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientNPNProtocols" => "foo,bar",
++ "ServerNPNProtocols" => "foo",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedNPNProtocol" => undef,
++ },
++ },
++ {
++ name => "alpn-preferred-over-npn",
++ server => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo",
++ "ClientNPNProtocols" => "bar",
++ "ServerALPNProtocols" => "foo",
++ "ServerNPNProtocols" => "bar",
++ "ExpectedALPNProtocol" => "foo",
++ "ExpectedNPNProtocol" => undef,
++ },
++ },
++ {
++ name => "sni-npn-preferred-over-alpn",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo",
++ "ClientNPNProtocols" => "bar",
++ "ServerALPNProtocols" => "foo",
++ "Server2NPNProtocols" => "bar",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedALPNProtocol" => undef,
++ "ExpectedNPNProtocol" => "bar",
++ },
++ },
++);
+--- /dev/null
++++ b/test/ssl-tests/09-alpn.conf
+@@ -0,0 +1,298 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 10
++
++test-0 = 0-alpn-simple
++test-1 = 1-alpn-client-finds-match
++test-2 = 2-alpn-client-honours-server-pref
++test-3 = 3-alpn-alert-on-mismatch
++test-4 = 4-alpn-no-server-support
++test-5 = 5-alpn-no-client-support
++test-6 = 6-alpn-with-sni-no-context-switch
++test-7 = 7-alpn-with-sni-context-switch
++test-8 = 8-alpn-selected-sni-server-supports-alpn
++test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
++# ===========================================================
++
++[0-alpn-simple]
++ssl_conf = 0-alpn-simple-ssl
++
++[0-alpn-simple-ssl]
++server = 0-alpn-simple-server
++client = 0-alpn-simple-client
++
++[0-alpn-simple-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[0-alpn-simple-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-0]
++ClientALPNProtocols = foo
++ExpectedALPNProtocol = foo
++ServerALPNProtocols = foo
++
++
++# ===========================================================
++
++[1-alpn-client-finds-match]
++ssl_conf = 1-alpn-client-finds-match-ssl
++
++[1-alpn-client-finds-match-ssl]
++server = 1-alpn-client-finds-match-server
++client = 1-alpn-client-finds-match-client
++
++[1-alpn-client-finds-match-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[1-alpn-client-finds-match-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-1]
++ClientALPNProtocols = foo,bar
++ExpectedALPNProtocol = bar
++ServerALPNProtocols = baz,bar
++
++
++# ===========================================================
++
++[2-alpn-client-honours-server-pref]
++ssl_conf = 2-alpn-client-honours-server-pref-ssl
++
++[2-alpn-client-honours-server-pref-ssl]
++server = 2-alpn-client-honours-server-pref-server
++client = 2-alpn-client-honours-server-pref-client
++
++[2-alpn-client-honours-server-pref-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[2-alpn-client-honours-server-pref-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-2]
++ClientALPNProtocols = foo,bar
++ExpectedALPNProtocol = bar
++ServerALPNProtocols = bar,foo
++
++
++# ===========================================================
++
++[3-alpn-alert-on-mismatch]
++ssl_conf = 3-alpn-alert-on-mismatch-ssl
++
++[3-alpn-alert-on-mismatch-ssl]
++server = 3-alpn-alert-on-mismatch-server
++client = 3-alpn-alert-on-mismatch-client
++
++[3-alpn-alert-on-mismatch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[3-alpn-alert-on-mismatch-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-3]
++ClientALPNProtocols = foo,bar
++ExpectedResult = ServerFail
++ServerALPNProtocols = baz
++ServerAlert = NoApplicationProtocol
++
++
++# ===========================================================
++
++[4-alpn-no-server-support]
++ssl_conf = 4-alpn-no-server-support-ssl
++
++[4-alpn-no-server-support-ssl]
++server = 4-alpn-no-server-support-server
++client = 4-alpn-no-server-support-client
++
++[4-alpn-no-server-support-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[4-alpn-no-server-support-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-4]
++ClientALPNProtocols = foo
++
++
++# ===========================================================
++
++[5-alpn-no-client-support]
++ssl_conf = 5-alpn-no-client-support-ssl
++
++[5-alpn-no-client-support-ssl]
++server = 5-alpn-no-client-support-server
++client = 5-alpn-no-client-support-client
++
++[5-alpn-no-client-support-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[5-alpn-no-client-support-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-5]
++ServerALPNProtocols = foo
++
++
++# ===========================================================
++
++[6-alpn-with-sni-no-context-switch]
++ssl_conf = 6-alpn-with-sni-no-context-switch-ssl
++
++[6-alpn-with-sni-no-context-switch-ssl]
++server = 6-alpn-with-sni-no-context-switch-server
++client = 6-alpn-with-sni-no-context-switch-client
++server2 = 6-alpn-with-sni-no-context-switch-server2
++
++[6-alpn-with-sni-no-context-switch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-alpn-with-sni-no-context-switch-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-alpn-with-sni-no-context-switch-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-6]
++ClientALPNProtocols = foo,bar
++ExpectedALPNProtocol = foo
++ExpectedServerName = server1
++Server2ALPNProtocols = bar
++ServerALPNProtocols = foo
++ServerName = server1
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[7-alpn-with-sni-context-switch]
++ssl_conf = 7-alpn-with-sni-context-switch-ssl
++
++[7-alpn-with-sni-context-switch-ssl]
++server = 7-alpn-with-sni-context-switch-server
++client = 7-alpn-with-sni-context-switch-client
++server2 = 7-alpn-with-sni-context-switch-server2
++
++[7-alpn-with-sni-context-switch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-alpn-with-sni-context-switch-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-alpn-with-sni-context-switch-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-7]
++ClientALPNProtocols = foo,bar
++ExpectedALPNProtocol = bar
++ExpectedServerName = server2
++Server2ALPNProtocols = bar
++ServerALPNProtocols = foo
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[8-alpn-selected-sni-server-supports-alpn]
++ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl
++
++[8-alpn-selected-sni-server-supports-alpn-ssl]
++server = 8-alpn-selected-sni-server-supports-alpn-server
++client = 8-alpn-selected-sni-server-supports-alpn-client
++server2 = 8-alpn-selected-sni-server-supports-alpn-server2
++
++[8-alpn-selected-sni-server-supports-alpn-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-alpn-selected-sni-server-supports-alpn-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-alpn-selected-sni-server-supports-alpn-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-8]
++ClientALPNProtocols = foo,bar
++ExpectedALPNProtocol = bar
++ExpectedServerName = server2
++Server2ALPNProtocols = bar
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
++# ===========================================================
++
++[9-alpn-selected-sni-server-does-not-support-alpn]
++ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl
++
++[9-alpn-selected-sni-server-does-not-support-alpn-ssl]
++server = 9-alpn-selected-sni-server-does-not-support-alpn-server
++client = 9-alpn-selected-sni-server-does-not-support-alpn-client
++server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2
++
++[9-alpn-selected-sni-server-does-not-support-alpn-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-alpn-selected-sni-server-does-not-support-alpn-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-alpn-selected-sni-server-does-not-support-alpn-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-9]
++ClientALPNProtocols = foo,bar
++ExpectedServerName = server2
++ServerALPNProtocols = foo
++ServerName = server2
++ServerNameCallback = IgnoreMismatch
++
++
+--- /dev/null
++++ b/test/ssl-tests/09-alpn.conf.in
+@@ -0,0 +1,136 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## Test version negotiation
++
++use strict;
++use warnings;
++
++package ssltests;
++
++
++our @tests = (
++ {
++ name => "alpn-simple",
++ server => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo",
++ "ServerALPNProtocols" => "foo",
++ "ExpectedALPNProtocol" => "foo",
++ },
++ },
++ {
++ name => "alpn-client-finds-match",
++ server => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "ServerALPNProtocols" => "baz,bar",
++ "ExpectedALPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "alpn-client-honours-server-pref",
++ server => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "ServerALPNProtocols" => "bar,foo",
++ "ExpectedALPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "alpn-alert-on-mismatch",
++ server => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "ServerALPNProtocols" => "baz",
++ "ExpectedResult" => "ServerFail",
++ "ServerAlert" => "NoApplicationProtocol",
++ },
++ },
++ {
++ name => "alpn-no-server-support",
++ server => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo",
++ "ExpectedALPNProtocol" => undef,
++ },
++ },
++ {
++ name => "alpn-no-client-support",
++ server => { },
++ client => { },
++ test => {
++ "ServerALPNProtocols" => "foo",
++ "ExpectedALPNProtocol" => undef,
++ },
++ },
++ {
++ name => "alpn-with-sni-no-context-switch",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "ServerALPNProtocols" => "foo",
++ "Server2ALPNProtocols" => "bar",
++ "ServerName" => "server1",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server1",
++ "ExpectedALPNProtocol" => "foo",
++ },
++ },
++ {
++ name => "alpn-with-sni-context-switch",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "ServerALPNProtocols" => "foo",
++ "Server2ALPNProtocols" => "bar",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedALPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "alpn-selected-sni-server-supports-alpn",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "Server2ALPNProtocols" => "bar",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedALPNProtocol" => "bar",
++ },
++ },
++ {
++ name => "alpn-selected-sni-server-does-not-support-alpn",
++ server => { },
++ server2 => { },
++ client => { },
++ test => {
++ "ClientALPNProtocols" => "foo,bar",
++ "ServerALPNProtocols" => "foo",
++ "ServerName" => "server2",
++ "ServerNameCallback" => "IgnoreMismatch",
++ "ExpectedServerName" => "server2",
++ "ExpectedALPNProtocol" => undef,
++ },
++ },
++);
+--- /dev/null
++++ b/test/ssl-tests/10-resumption.conf
+@@ -0,0 +1,1336 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 36
++
++test-0 = 0-resumption
++test-1 = 1-resumption
++test-2 = 2-resumption
++test-3 = 3-resumption
++test-4 = 4-resumption
++test-5 = 5-resumption
++test-6 = 6-resumption
++test-7 = 7-resumption
++test-8 = 8-resumption
++test-9 = 9-resumption
++test-10 = 10-resumption
++test-11 = 11-resumption
++test-12 = 12-resumption
++test-13 = 13-resumption
++test-14 = 14-resumption
++test-15 = 15-resumption
++test-16 = 16-resumption
++test-17 = 17-resumption
++test-18 = 18-resumption
++test-19 = 19-resumption
++test-20 = 20-resumption
++test-21 = 21-resumption
++test-22 = 22-resumption
++test-23 = 23-resumption
++test-24 = 24-resumption
++test-25 = 25-resumption
++test-26 = 26-resumption
++test-27 = 27-resumption
++test-28 = 28-resumption
++test-29 = 29-resumption
++test-30 = 30-resumption
++test-31 = 31-resumption
++test-32 = 32-resumption
++test-33 = 33-resumption
++test-34 = 34-resumption
++test-35 = 35-resumption
++# ===========================================================
++
++[0-resumption]
++ssl_conf = 0-resumption-ssl
++
++[0-resumption-ssl]
++server = 0-resumption-server
++client = 0-resumption-client
++resume-server = 0-resumption-resume-server
++resume-client = 0-resumption-client
++
++[0-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[0-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[0-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-0]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[1-resumption]
++ssl_conf = 1-resumption-ssl
++
++[1-resumption-ssl]
++server = 1-resumption-server
++client = 1-resumption-client
++resume-server = 1-resumption-resume-server
++resume-client = 1-resumption-client
++
++[1-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[1-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[1-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-1]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[2-resumption]
++ssl_conf = 2-resumption-ssl
++
++[2-resumption-ssl]
++server = 2-resumption-server
++client = 2-resumption-client
++resume-server = 2-resumption-resume-server
++resume-client = 2-resumption-client
++
++[2-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[2-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[2-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-2]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[3-resumption]
++ssl_conf = 3-resumption-ssl
++
++[3-resumption-ssl]
++server = 3-resumption-server
++client = 3-resumption-client
++resume-server = 3-resumption-resume-server
++resume-client = 3-resumption-client
++
++[3-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[3-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[3-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-3]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[4-resumption]
++ssl_conf = 4-resumption-ssl
++
++[4-resumption-ssl]
++server = 4-resumption-server
++client = 4-resumption-client
++resume-server = 4-resumption-resume-server
++resume-client = 4-resumption-client
++
++[4-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[4-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[4-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-4]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[5-resumption]
++ssl_conf = 5-resumption-ssl
++
++[5-resumption-ssl]
++server = 5-resumption-server
++client = 5-resumption-client
++resume-server = 5-resumption-resume-server
++resume-client = 5-resumption-client
++
++[5-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[5-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[5-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-5]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[6-resumption]
++ssl_conf = 6-resumption-ssl
++
++[6-resumption-ssl]
++server = 6-resumption-server
++client = 6-resumption-client
++resume-server = 6-resumption-resume-server
++resume-client = 6-resumption-client
++
++[6-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-6]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[7-resumption]
++ssl_conf = 7-resumption-ssl
++
++[7-resumption-ssl]
++server = 7-resumption-server
++client = 7-resumption-client
++resume-server = 7-resumption-resume-server
++resume-client = 7-resumption-client
++
++[7-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-7]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[8-resumption]
++ssl_conf = 8-resumption-ssl
++
++[8-resumption-ssl]
++server = 8-resumption-server
++client = 8-resumption-client
++resume-server = 8-resumption-resume-server
++resume-client = 8-resumption-client
++
++[8-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-8]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[9-resumption]
++ssl_conf = 9-resumption-ssl
++
++[9-resumption-ssl]
++server = 9-resumption-server
++client = 9-resumption-client
++resume-server = 9-resumption-resume-server
++resume-client = 9-resumption-client
++
++[9-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-9]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[10-resumption]
++ssl_conf = 10-resumption-ssl
++
++[10-resumption-ssl]
++server = 10-resumption-server
++client = 10-resumption-client
++resume-server = 10-resumption-resume-server
++resume-client = 10-resumption-client
++
++[10-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[10-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[10-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-10]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[11-resumption]
++ssl_conf = 11-resumption-ssl
++
++[11-resumption-ssl]
++server = 11-resumption-server
++client = 11-resumption-client
++resume-server = 11-resumption-resume-server
++resume-client = 11-resumption-client
++
++[11-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[11-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[11-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-11]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[12-resumption]
++ssl_conf = 12-resumption-ssl
++
++[12-resumption-ssl]
++server = 12-resumption-server
++client = 12-resumption-client
++resume-server = 12-resumption-resume-server
++resume-client = 12-resumption-client
++
++[12-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[12-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[12-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-12]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[13-resumption]
++ssl_conf = 13-resumption-ssl
++
++[13-resumption-ssl]
++server = 13-resumption-server
++client = 13-resumption-client
++resume-server = 13-resumption-resume-server
++resume-client = 13-resumption-client
++
++[13-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[13-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[13-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-13]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[14-resumption]
++ssl_conf = 14-resumption-ssl
++
++[14-resumption-ssl]
++server = 14-resumption-server
++client = 14-resumption-client
++resume-server = 14-resumption-resume-server
++resume-client = 14-resumption-client
++
++[14-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[14-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[14-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-14]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[15-resumption]
++ssl_conf = 15-resumption-ssl
++
++[15-resumption-ssl]
++server = 15-resumption-server
++client = 15-resumption-client
++resume-server = 15-resumption-resume-server
++resume-client = 15-resumption-client
++
++[15-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[15-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[15-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-15]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[16-resumption]
++ssl_conf = 16-resumption-ssl
++
++[16-resumption-ssl]
++server = 16-resumption-server
++client = 16-resumption-client
++resume-server = 16-resumption-resume-server
++resume-client = 16-resumption-client
++
++[16-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[16-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[16-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-16]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[17-resumption]
++ssl_conf = 17-resumption-ssl
++
++[17-resumption-ssl]
++server = 17-resumption-server
++client = 17-resumption-client
++resume-server = 17-resumption-resume-server
++resume-client = 17-resumption-client
++
++[17-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[17-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[17-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-17]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[18-resumption]
++ssl_conf = 18-resumption-ssl
++
++[18-resumption-ssl]
++server = 18-resumption-server
++client = 18-resumption-client
++resume-server = 18-resumption-server
++resume-client = 18-resumption-resume-client
++
++[18-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[18-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[18-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-18]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[19-resumption]
++ssl_conf = 19-resumption-ssl
++
++[19-resumption-ssl]
++server = 19-resumption-server
++client = 19-resumption-client
++resume-server = 19-resumption-server
++resume-client = 19-resumption-resume-client
++
++[19-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[19-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[19-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-19]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[20-resumption]
++ssl_conf = 20-resumption-ssl
++
++[20-resumption-ssl]
++server = 20-resumption-server
++client = 20-resumption-client
++resume-server = 20-resumption-server
++resume-client = 20-resumption-resume-client
++
++[20-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[20-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[20-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-20]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[21-resumption]
++ssl_conf = 21-resumption-ssl
++
++[21-resumption-ssl]
++server = 21-resumption-server
++client = 21-resumption-client
++resume-server = 21-resumption-server
++resume-client = 21-resumption-resume-client
++
++[21-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[21-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[21-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-21]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[22-resumption]
++ssl_conf = 22-resumption-ssl
++
++[22-resumption-ssl]
++server = 22-resumption-server
++client = 22-resumption-client
++resume-server = 22-resumption-server
++resume-client = 22-resumption-resume-client
++
++[22-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[22-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[22-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-22]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[23-resumption]
++ssl_conf = 23-resumption-ssl
++
++[23-resumption-ssl]
++server = 23-resumption-server
++client = 23-resumption-client
++resume-server = 23-resumption-server
++resume-client = 23-resumption-resume-client
++
++[23-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[23-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[23-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-23]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[24-resumption]
++ssl_conf = 24-resumption-ssl
++
++[24-resumption-ssl]
++server = 24-resumption-server
++client = 24-resumption-client
++resume-server = 24-resumption-server
++resume-client = 24-resumption-resume-client
++
++[24-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[24-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[24-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-24]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[25-resumption]
++ssl_conf = 25-resumption-ssl
++
++[25-resumption-ssl]
++server = 25-resumption-server
++client = 25-resumption-client
++resume-server = 25-resumption-server
++resume-client = 25-resumption-resume-client
++
++[25-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[25-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[25-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-25]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[26-resumption]
++ssl_conf = 26-resumption-ssl
++
++[26-resumption-ssl]
++server = 26-resumption-server
++client = 26-resumption-client
++resume-server = 26-resumption-server
++resume-client = 26-resumption-resume-client
++
++[26-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[26-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[26-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-26]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[27-resumption]
++ssl_conf = 27-resumption-ssl
++
++[27-resumption-ssl]
++server = 27-resumption-server
++client = 27-resumption-client
++resume-server = 27-resumption-server
++resume-client = 27-resumption-resume-client
++
++[27-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[27-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[27-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-27]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[28-resumption]
++ssl_conf = 28-resumption-ssl
++
++[28-resumption-ssl]
++server = 28-resumption-server
++client = 28-resumption-client
++resume-server = 28-resumption-server
++resume-client = 28-resumption-resume-client
++
++[28-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[28-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[28-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-28]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[29-resumption]
++ssl_conf = 29-resumption-ssl
++
++[29-resumption-ssl]
++server = 29-resumption-server
++client = 29-resumption-client
++resume-server = 29-resumption-server
++resume-client = 29-resumption-resume-client
++
++[29-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[29-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[29-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-29]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[30-resumption]
++ssl_conf = 30-resumption-ssl
++
++[30-resumption-ssl]
++server = 30-resumption-server
++client = 30-resumption-client
++resume-server = 30-resumption-server
++resume-client = 30-resumption-resume-client
++
++[30-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[30-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[30-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-30]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[31-resumption]
++ssl_conf = 31-resumption-ssl
++
++[31-resumption-ssl]
++server = 31-resumption-server
++client = 31-resumption-client
++resume-server = 31-resumption-server
++resume-client = 31-resumption-resume-client
++
++[31-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[31-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[31-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-31]
++HandshakeMode = Resume
++Protocol = TLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[32-resumption]
++ssl_conf = 32-resumption-ssl
++
++[32-resumption-ssl]
++server = 32-resumption-server
++client = 32-resumption-client
++resume-server = 32-resumption-server
++resume-client = 32-resumption-resume-client
++
++[32-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[32-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[32-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-32]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[33-resumption]
++ssl_conf = 33-resumption-ssl
++
++[33-resumption-ssl]
++server = 33-resumption-server
++client = 33-resumption-client
++resume-server = 33-resumption-server
++resume-client = 33-resumption-resume-client
++
++[33-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[33-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[33-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-33]
++HandshakeMode = Resume
++Protocol = TLSv1.1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[34-resumption]
++ssl_conf = 34-resumption-ssl
++
++[34-resumption-ssl]
++server = 34-resumption-server
++client = 34-resumption-client
++resume-server = 34-resumption-server
++resume-client = 34-resumption-resume-client
++
++[34-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[34-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[34-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-34]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[35-resumption]
++ssl_conf = 35-resumption-ssl
++
++[35-resumption-ssl]
++server = 35-resumption-server
++client = 35-resumption-client
++resume-server = 35-resumption-server
++resume-client = 35-resumption-resume-client
++
++[35-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[35-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[35-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-35]
++HandshakeMode = Resume
++Protocol = TLSv1.2
++ResumptionExpected = Yes
++
++
+--- /dev/null
++++ b/test/ssl-tests/10-resumption.conf.in
+@@ -0,0 +1,19 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## Test version negotiation upon resumption.
++
++use strict;
++use warnings;
++
++package ssltests;
++
++use protocol_version;
++
++our @tests = generate_resumption_tests("TLS");
+--- /dev/null
++++ b/test/ssl-tests/11-dtls_resumption.conf
+@@ -0,0 +1,612 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 16
++
++test-0 = 0-resumption
++test-1 = 1-resumption
++test-2 = 2-resumption
++test-3 = 3-resumption
++test-4 = 4-resumption
++test-5 = 5-resumption
++test-6 = 6-resumption
++test-7 = 7-resumption
++test-8 = 8-resumption
++test-9 = 9-resumption
++test-10 = 10-resumption
++test-11 = 11-resumption
++test-12 = 12-resumption
++test-13 = 13-resumption
++test-14 = 14-resumption
++test-15 = 15-resumption
++# ===========================================================
++
++[0-resumption]
++ssl_conf = 0-resumption-ssl
++
++[0-resumption-ssl]
++server = 0-resumption-server
++client = 0-resumption-client
++resume-server = 0-resumption-resume-server
++resume-client = 0-resumption-client
++
++[0-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[0-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[0-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-0]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[1-resumption]
++ssl_conf = 1-resumption-ssl
++
++[1-resumption-ssl]
++server = 1-resumption-server
++client = 1-resumption-client
++resume-server = 1-resumption-resume-server
++resume-client = 1-resumption-client
++
++[1-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[1-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[1-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-1]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[2-resumption]
++ssl_conf = 2-resumption-ssl
++
++[2-resumption-ssl]
++server = 2-resumption-server
++client = 2-resumption-client
++resume-server = 2-resumption-resume-server
++resume-client = 2-resumption-client
++
++[2-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[2-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[2-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-2]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[3-resumption]
++ssl_conf = 3-resumption-ssl
++
++[3-resumption-ssl]
++server = 3-resumption-server
++client = 3-resumption-client
++resume-server = 3-resumption-resume-server
++resume-client = 3-resumption-client
++
++[3-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[3-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[3-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-3]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[4-resumption]
++ssl_conf = 4-resumption-ssl
++
++[4-resumption-ssl]
++server = 4-resumption-server
++client = 4-resumption-client
++resume-server = 4-resumption-resume-server
++resume-client = 4-resumption-client
++
++[4-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[4-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[4-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-4]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[5-resumption]
++ssl_conf = 5-resumption-ssl
++
++[5-resumption-ssl]
++server = 5-resumption-server
++client = 5-resumption-client
++resume-server = 5-resumption-resume-server
++resume-client = 5-resumption-client
++
++[5-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[5-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[5-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-5]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[6-resumption]
++ssl_conf = 6-resumption-ssl
++
++[6-resumption-ssl]
++server = 6-resumption-server
++client = 6-resumption-client
++resume-server = 6-resumption-resume-server
++resume-client = 6-resumption-client
++
++[6-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[6-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-6]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[7-resumption]
++ssl_conf = 7-resumption-ssl
++
++[7-resumption-ssl]
++server = 7-resumption-server
++client = 7-resumption-client
++resume-server = 7-resumption-resume-server
++resume-client = 7-resumption-client
++
++[7-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-resumption-resume-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[7-resumption-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-7]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[8-resumption]
++ssl_conf = 8-resumption-ssl
++
++[8-resumption-ssl]
++server = 8-resumption-server
++client = 8-resumption-client
++resume-server = 8-resumption-server
++resume-client = 8-resumption-resume-client
++
++[8-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[8-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-8]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[9-resumption]
++ssl_conf = 9-resumption-ssl
++
++[9-resumption-ssl]
++server = 9-resumption-server
++client = 9-resumption-client
++resume-server = 9-resumption-server
++resume-client = 9-resumption-resume-client
++
++[9-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[9-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[9-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-9]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[10-resumption]
++ssl_conf = 10-resumption-ssl
++
++[10-resumption-ssl]
++server = 10-resumption-server
++client = 10-resumption-client
++resume-server = 10-resumption-server
++resume-client = 10-resumption-resume-client
++
++[10-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[10-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[10-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-10]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[11-resumption]
++ssl_conf = 11-resumption-ssl
++
++[11-resumption-ssl]
++server = 11-resumption-server
++client = 11-resumption-client
++resume-server = 11-resumption-server
++resume-client = 11-resumption-resume-client
++
++[11-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[11-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++MinProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[11-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-11]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[12-resumption]
++ssl_conf = 12-resumption-ssl
++
++[12-resumption-ssl]
++server = 12-resumption-server
++client = 12-resumption-client
++resume-server = 12-resumption-server
++resume-client = 12-resumption-resume-client
++
++[12-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[12-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[12-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-12]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[13-resumption]
++ssl_conf = 13-resumption-ssl
++
++[13-resumption-ssl]
++server = 13-resumption-server
++client = 13-resumption-client
++resume-server = 13-resumption-server
++resume-client = 13-resumption-resume-client
++
++[13-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[13-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[13-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-13]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1
++ResumptionExpected = No
++
++
++# ===========================================================
++
++[14-resumption]
++ssl_conf = 14-resumption-ssl
++
++[14-resumption-ssl]
++server = 14-resumption-server
++client = 14-resumption-client
++resume-server = 14-resumption-server
++resume-client = 14-resumption-resume-client
++
++[14-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[14-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[14-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-14]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = Yes
++
++
++# ===========================================================
++
++[15-resumption]
++ssl_conf = 15-resumption-ssl
++
++[15-resumption-ssl]
++server = 15-resumption-server
++client = 15-resumption-client
++resume-server = 15-resumption-server
++resume-client = 15-resumption-resume-client
++
++[15-resumption-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[15-resumption-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++MinProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[15-resumption-resume-client]
++CipherString = DEFAULT
++MaxProtocol = DTLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-15]
++HandshakeMode = Resume
++Method = DTLS
++Protocol = DTLSv1.2
++ResumptionExpected = Yes
++
++
+--- /dev/null
++++ b/test/ssl-tests/11-dtls_resumption.conf.in
+@@ -0,0 +1,19 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## Test version negotiation upon resumption.
++
++use strict;
++use warnings;
++
++package ssltests;
++
++use protocol_version;
++
++our @tests = generate_resumption_tests("DTLS");
+--- /dev/null
+++ b/test/ssl-tests/protocol_version.pm
-@@ -0,0 +1,166 @@
+@@ -0,0 +1,247 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -192669,12 +199758,18 @@
+ }
+}
+
-+sub generate_tests {
++sub no_tests {
++ my ($dtls) = @_;
++ return $dtls ? alldisabled("dtls1", "dtls1_2") :
++ alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
++}
++
++sub generate_version_tests {
+ my ($method) = @_;
+
+ my $dtls = $method eq "DTLS";
+ # Don't write the redundant "Method = TLS" into the configuration.
-+ undef $method if !$dtls;
++ undef $method if !$dtls;
+
+ my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
+ my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
@@ -192682,9 +199777,7 @@
+ my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+ my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
+
-+ my $no_tests = $dtls ? alldisabled("dtls1", "dtls1_2") :
-+ alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-+ if ($no_tests) {
++ if (no_tests($dtls)) {
+ return;
+ }
+
@@ -192722,6 +199815,83 @@
+ return @tests;
+}
+
++sub generate_resumption_tests {
++ my ($method) = @_;
++
++ my $dtls = $method eq "DTLS";
++ # Don't write the redundant "Method = TLS" into the configuration.
++ undef $method if !$dtls;
++
++ my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
++ my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
++
++ if (no_tests($dtls)) {
++ return;
++ }
++
++ my @server_tests = ();
++ my @client_tests = ();
++
++ # Obtain the first session against a fixed-version server/client.
++ foreach my $original_protocol($min_enabled..$#protocols) {
++ # Upgrade or downgrade the server/client max version support and test
++ # that it upgrades, downgrades or resumes the session as well.
++ foreach my $resume_protocol($min_enabled..$#protocols) {
++ my $resumption_expected;
++ # We should only resume on exact version match.
++ if ($original_protocol eq $resume_protocol) {
++ $resumption_expected = "Yes";
++ } else {
++ $resumption_expected = "No";
++ }
++
++ foreach my $ticket ("SessionTicket", "-SessionTicket") {
++ # Client is flexible, server upgrades/downgrades.
++ push @server_tests, {
++ "name" => "resumption",
++ "client" => { },
++ "server" => {
++ "MinProtocol" => $protocols[$original_protocol],
++ "MaxProtocol" => $protocols[$original_protocol],
++ "Options" => $ticket,
++ },
++ "resume_server" => {
++ "MaxProtocol" => $protocols[$resume_protocol],
++ },
++ "test" => {
++ "Protocol" => $protocols[$resume_protocol],
++ "Method" => $method,
++ "HandshakeMode" => "Resume",
++ "ResumptionExpected" => $resumption_expected,
++ }
++ };
++ # Server is flexible, client upgrades/downgrades.
++ push @client_tests, {
++ "name" => "resumption",
++ "client" => {
++ "MinProtocol" => $protocols[$original_protocol],
++ "MaxProtocol" => $protocols[$original_protocol],
++ },
++ "server" => {
++ "Options" => $ticket,
++ },
++ "resume_client" => {
++ "MaxProtocol" => $protocols[$resume_protocol],
++ },
++ "test" => {
++ "Protocol" => $protocols[$resume_protocol],
++ "Method" => $method,
++ "HandshakeMode" => "Resume",
++ "ResumptionExpected" => $resumption_expected,
++ }
++ };
++ }
++ }
++ }
++
++ return (@server_tests, @client_tests);
++}
++
+sub expected_result {
+ my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
+ $protocols) = @_;
@@ -192762,8 +199932,6 @@
+}
+
+1;
-diff --git a/test/ssl-tests/ssltests_base.pm b/test/ssl-tests/ssltests_base.pm
-index 387043e..303224a 100644
--- a/test/ssl-tests/ssltests_base.pm
+++ b/test/ssl-tests/ssltests_base.pm
@@ -1,4 +1,10 @@
@@ -192777,8 +199945,6 @@
## SSL test configurations
-diff --git a/test/ssl_test.c b/test/ssl_test.c
-index dfe71cb..060f73e 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -1,14 +1,14 @@
@@ -192800,61 +199966,190 @@
#include <openssl/conf.h>
#include <openssl/err.h>
-@@ -44,8 +44,8 @@ static int check_result(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+@@ -40,23 +40,23 @@ static const char *print_alert(int alert
+ return alert ? SSL_alert_desc_string_long(alert) : "no alert";
+ }
+
+-static int check_result(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
- if (result.result != test_ctx->expected_result) {
+- if (result.result != test_ctx->expected_result) {
++ if (result->result != test_ctx->expected_result) {
fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n",
- ssl_test_result_t_name(test_ctx->expected_result),
- ssl_test_result_t_name(result.result));
+ ssl_test_result_name(test_ctx->expected_result),
-+ ssl_test_result_name(result.result));
++ ssl_test_result_name(result->result));
return 0;
}
return 1;
-@@ -123,6 +123,33 @@ static int check_protocol(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+ }
+
+-static int check_alerts(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+ {
+- if (result.client_alert_sent != result.client_alert_received) {
++ if (result->client_alert_sent != result->client_alert_received) {
+ fprintf(stderr, "Client sent alert %s but server received %s\n.",
+- print_alert(result.client_alert_sent),
+- print_alert(result.client_alert_received));
++ print_alert(result->client_alert_sent),
++ print_alert(result->client_alert_received));
+ /*
+ * We can't bail here because the peer doesn't always get far enough
+ * to process a received alert. Specifically, in protocol version
+@@ -71,10 +71,10 @@ static int check_alerts(HANDSHAKE_RESULT
+ /* return 0; */
+ }
+
+- if (result.server_alert_sent != result.server_alert_received) {
++ if (result->server_alert_sent != result->server_alert_received) {
+ fprintf(stderr, "Server sent alert %s but client received %s\n.",
+- print_alert(result.server_alert_sent),
+- print_alert(result.server_alert_received));
++ print_alert(result->server_alert_sent),
++ print_alert(result->server_alert_received));
+ /* return 0; */
+ }
+
+@@ -85,92 +85,211 @@ static int check_alerts(HANDSHAKE_RESULT
+ * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
+ * where the low byte is the alert code and the high byte is other stuff.
+ */
+- && (result.client_alert_sent & 0xff) != test_ctx->client_alert) {
++ && (result->client_alert_sent & 0xff) != test_ctx->client_alert) {
+ fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n",
+ print_alert(test_ctx->client_alert),
+- print_alert(result.client_alert_sent));
++ print_alert(result->client_alert_sent));
+ return 0;
+ }
+
+ if (test_ctx->server_alert
+- && (result.server_alert_sent & 0xff) != test_ctx->server_alert) {
++ && (result->server_alert_sent & 0xff) != test_ctx->server_alert) {
+ fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n",
+ print_alert(test_ctx->server_alert),
+- print_alert(result.server_alert_sent));
++ print_alert(result->server_alert_sent));
+ return 0;
+ }
+
return 1;
}
-+static int check_servername(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+-static int check_protocol(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+ {
+- if (result.client_protocol != result.server_protocol) {
++ if (result->client_protocol != result->server_protocol) {
+ fprintf(stderr, "Client has protocol %s but server has %s\n.",
+- ssl_protocol_name(result.client_protocol),
+- ssl_protocol_name(result.server_protocol));
++ ssl_protocol_name(result->client_protocol),
++ ssl_protocol_name(result->server_protocol));
+ return 0;
+ }
+
+ if (test_ctx->protocol) {
+- if (result.client_protocol != test_ctx->protocol) {
++ if (result->client_protocol != test_ctx->protocol) {
+ fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n",
+ ssl_protocol_name(test_ctx->protocol),
+- ssl_protocol_name(result.client_protocol));
++ ssl_protocol_name(result->client_protocol));
+ return 0;
+ }
+ }
+ return 1;
+ }
+
++static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
-+ if (result.servername != test_ctx->expected_servername) {
++ if (result->servername != test_ctx->expected_servername) {
+ fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
+ ssl_servername_name(test_ctx->expected_servername),
-+ ssl_servername_name(result.servername));
++ ssl_servername_name(result->servername));
+ return 0;
+ }
+ return 1;
+}
+
-+static int check_session_ticket(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
+ return 1;
+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN &&
-+ result.session_ticket == SSL_TEST_SESSION_TICKET_NO)
++ result->session_ticket == SSL_TEST_SESSION_TICKET_NO)
+ return 1;
-+ if (result.session_ticket != test_ctx->session_ticket_expected) {
++ if (result->session_ticket != test_ctx->session_ticket_expected) {
+ fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
+ ssl_session_ticket_name(test_ctx->session_ticket_expected),
-+ ssl_session_ticket_name(result.session_ticket));
++ ssl_session_ticket_name(result->session_ticket));
+ return 0;
+ }
+ return 1;
+}
+
++static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
++{
++ int ret = 1;
++ ret &= strings_equal("NPN Negotiated (client vs server)",
++ result->client_npn_negotiated,
++ result->server_npn_negotiated);
++ ret &= strings_equal("ExpectedNPNProtocol",
++ test_ctx->expected_npn_protocol,
++ result->client_npn_negotiated);
++ return ret;
++}
++
++static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
++{
++ int ret = 1;
++ ret &= strings_equal("ALPN Negotiated (client vs server)",
++ result->client_alpn_negotiated,
++ result->server_alpn_negotiated);
++ ret &= strings_equal("ExpectedALPNProtocol",
++ test_ctx->expected_alpn_protocol,
++ result->client_alpn_negotiated);
++ return ret;
++}
++
++static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
++{
++ if (result->client_resumed != result->server_resumed) {
++ fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n",
++ result->client_resumed, result->server_resumed);
++ return 0;
++ }
++ if (result->client_resumed != test_ctx->resumption_expected) {
++ fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n",
++ test_ctx->resumption_expected, result->client_resumed);
++ return 0;
++ }
++ return 1;
++}
++
/*
* This could be further simplified by constructing an expected
* HANDSHAKE_RESULT, and implementing comparison methods for
-@@ -133,40 +160,65 @@ static int check_test(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+ * its fields.
+ */
+-static int check_test(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+ {
int ret = 1;
ret &= check_result(result, test_ctx);
ret &= check_alerts(result, test_ctx);
- if (result.result == SSL_TEST_SUCCESS)
-+ if (result.result == SSL_TEST_SUCCESS) {
++ if (result->result == SSL_TEST_SUCCESS) {
ret &= check_protocol(result, test_ctx);
+ ret &= check_servername(result, test_ctx);
+ ret &= check_session_ticket(result, test_ctx);
-+ ret &= (result.session_ticket_do_not_call == 0);
++ ret &= (result->session_ticket_do_not_call == 0);
++ ret &= check_npn(result, test_ctx);
++ ret &= check_alpn(result, test_ctx);
++ ret &= check_resumption(result, test_ctx);
+ }
return ret;
}
@@ -192863,12 +200158,12 @@
{
int ret = 0;
- SSL_CTX *server_ctx = NULL, *client_ctx = NULL;
-+ SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL;
++ SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
++ *resume_server_ctx = NULL, *resume_client_ctx = NULL;
SSL_TEST_CTX *test_ctx = NULL;
- HANDSHAKE_RESULT result;
-
-- server_ctx = SSL_CTX_new(TLS_server_method());
-- client_ctx = SSL_CTX_new(TLS_client_method());
+- HANDSHAKE_RESULT result;
++ HANDSHAKE_RESULT *result = NULL;
++
+ test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
+ if (test_ctx == NULL)
+ goto err;
@@ -192881,6 +200176,12 @@
+ OPENSSL_assert(server2_ctx != NULL);
+ }
+ client_ctx = SSL_CTX_new(DTLS_client_method());
++ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
++ resume_server_ctx = SSL_CTX_new(DTLS_server_method());
++ resume_client_ctx = SSL_CTX_new(DTLS_client_method());
++ OPENSSL_assert(resume_server_ctx != NULL);
++ OPENSSL_assert(resume_client_ctx != NULL);
++ }
+ }
+#endif
+ if (test_ctx->method == SSL_TEST_METHOD_TLS) {
@@ -192890,9 +200191,20 @@
+ OPENSSL_assert(server2_ctx != NULL);
+ }
+ client_ctx = SSL_CTX_new(TLS_client_method());
+
+- server_ctx = SSL_CTX_new(TLS_server_method());
+- client_ctx = SSL_CTX_new(TLS_client_method());
+- OPENSSL_assert(server_ctx != NULL && client_ctx != NULL);
++ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
++ resume_server_ctx = SSL_CTX_new(TLS_server_method());
++ resume_client_ctx = SSL_CTX_new(TLS_client_method());
++ OPENSSL_assert(resume_server_ctx != NULL);
++ OPENSSL_assert(resume_client_ctx != NULL);
++ }
+ }
+
- OPENSSL_assert(server_ctx != NULL && client_ctx != NULL);
++ OPENSSL_assert(server_ctx != NULL);
++ OPENSSL_assert(client_ctx != NULL);
OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
@@ -192905,10 +200217,17 @@
- test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
- if (test_ctx == NULL)
+ if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
++ goto err;
++ if (resume_server_ctx != NULL
++ && !SSL_CTX_config(resume_server_ctx, "resume-server"))
++ goto err;
++ if (resume_client_ctx != NULL
++ && !SSL_CTX_config(resume_client_ctx, "resume-client"))
goto err;
- result = do_handshake(server_ctx, client_ctx);
-+ result = do_handshake(server_ctx, server2_ctx, client_ctx, test_ctx);
++ result = do_handshake(server_ctx, server2_ctx, client_ctx,
++ resume_server_ctx, resume_client_ctx, test_ctx);
ret = check_test(result, test_ctx);
@@ -192917,28 +200236,44 @@
SSL_CTX_free(server_ctx);
+ SSL_CTX_free(server2_ctx);
SSL_CTX_free(client_ctx);
++ SSL_CTX_free(resume_server_ctx);
++ SSL_CTX_free(resume_client_ctx);
SSL_TEST_CTX_free(test_ctx);
if (ret != 1)
-diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl
-index b3c953a..6a5333e 100644
+ ERR_print_errors_fp(stderr);
++ HANDSHAKE_RESULT_free(result);
+ return ret;
+ }
+
--- a/test/ssl_test.tmpl
+++ b/test/ssl_test.tmpl
-@@ -2,7 +2,13 @@
- ssl_conf = {-$testname-}-ssl
+@@ -3,22 +3,56 @@ ssl_conf = {-$testname-}-ssl
[{-$testname-}-ssl]
--server = {-$testname-}-server
-+server = {-$testname-}-server{-
-+ # The server2 section is optional.
+ server = {-$testname-}-server
+-client = {-$testname-}-client
++client = {-$testname-}-client{-
++ # The following sections are optional.
+ $OUT = "";
+ if (%server2) {
+ $OUT .= "\nserver2 = $testname-server2";
++ } elsif ($reuse_server2) {
++ $OUT .= "\nserver2 = $testname-server";
+ }
++ if (%resume_server) {
++ $OUT .= "\nresume-server = $testname-resume-server";
++ } elsif ($reuse_resume_server) {
++ $OUT .= "\nresume-server = $testname-server";
++ }
++ if (%resume_client) {
++ $OUT .= "\nresume-client = $testname-resume-client";
++ } elsif ($reuse_resume_client) {
++ $OUT .= "\nresume-client = $testname-client";
++ }
+-}
- client = {-$testname-}-client
[{-$testname-}-server]
-@@ -10,15 +16,19 @@ client = {-$testname-}-client
+ {-
foreach my $key (sort keys %server) {
$OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key};
}
@@ -192948,6 +200283,12 @@
+ $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
+ }
+ }
++ if (%resume_server) {
++ $OUT .= "\n[$testname-resume-server]\n";
++ foreach my $key (sort keys %resume_server) {
++ $OUT .= qq{$key} . " = " . qq{$resume_server{$key}\n} if defined $resume_server{$key};
++ }
++ }
-}
-
[{-$testname-}-client]
@@ -192955,13 +200296,17 @@
foreach my $key (sort keys %client) {
$OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key};
}
++ if (%resume_client) {
++ $OUT .= "\n[$testname-resume-client]\n";
++ foreach my $key (sort keys %resume_client) {
++ $OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key};
++ }
++ }
-}
-
[test-{-$idx-}]
{-
foreach my $key (sort keys %test) {
-diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
-index 0c1bbbd..b06ab48 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -1,11 +1,10 @@
@@ -192979,7 +200324,7 @@
*/
#include <string.h>
-@@ -71,7 +70,7 @@ __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *valu
+@@ -71,7 +70,7 @@ static const test_enum ssl_test_results[
return 1;
}
@@ -192988,16 +200333,18 @@
{
return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
}
-@@ -82,6 +81,8 @@ const char *ssl_test_result_t_name(ssl_test_result_t result)
+@@ -82,6 +81,10 @@ const char *ssl_test_result_t_name(ssl_t
static const test_enum ssl_alerts[] = {
{"UnknownCA", SSL_AD_UNKNOWN_CA},
+ {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
+ {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
++ {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
++ {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
};
__owur static int parse_alert(int *alert, const char *value)
-@@ -113,6 +114,8 @@ static const test_enum ssl_protocols[] = {
+@@ -113,6 +116,8 @@ static const test_enum ssl_protocols[] =
{"TLSv1.1", TLS1_1_VERSION},
{"TLSv1", TLS1_VERSION},
{"SSLv3", SSL3_VERSION},
@@ -193006,7 +200353,7 @@
};
__owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
-@@ -126,6 +129,156 @@ const char *ssl_protocol_name(int protocol)
+@@ -126,6 +131,226 @@ const char *ssl_protocol_name(int protoc
return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
}
@@ -193160,10 +200507,80 @@
+{
+ return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
+}
++
++#define IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(field) \
++ static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \
++ { \
++ OPENSSL_free(test_ctx->field); \
++ test_ctx->field = OPENSSL_strdup(value); \
++ OPENSSL_assert(test_ctx->field != NULL); \
++ return 1; \
++ }
++
++/************************************/
++/* NPN and ALPN options */
++/************************************/
++
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_npn_protocol)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols)
++IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol)
++
++/***********************/
++/* Handshake mode */
++/***********************/
++
++static const test_enum ssl_handshake_modes[] = {
++ {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
++ {"Resume", SSL_TEST_HANDSHAKE_RESUME},
++ {"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE},
++};
++
++__owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
++{
++ int ret_value;
++ if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
++ &ret_value, value)) {
++ return 0;
++ }
++ test_ctx->handshake_mode = ret_value;
++ return 1;
++}
++
++const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
++{
++ return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
++ mode);
++}
++
++static int parse_boolean(const char *value, int *result)
++{
++ if (strcasecmp(value, "Yes") == 0) {
++ *result = 1;
++ return 1;
++ }
++ else if (strcasecmp(value, "No") == 0) {
++ *result = 0;
++ return 1;
++ }
++ return 0;
++}
++
++#define IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(field) \
++ static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \
++ { \
++ return parse_boolean(value, &test_ctx->field); \
++ }
++
++IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(resumption_expected)
/*************************************************************/
/* Known test options and their corresponding parse methods. */
-@@ -141,6 +294,12 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
+@@ -141,9 +366,24 @@ static const ssl_test_ctx_option ssl_tes
{ "ClientAlert", &parse_client_alert },
{ "ServerAlert", &parse_server_alert },
{ "Protocol", &parse_protocol },
@@ -193173,10 +200590,23 @@
+ { "ServerNameCallback", &parse_servername_callback },
+ { "SessionTicketExpected", &parse_session_ticket },
+ { "Method", &parse_test_method },
++ { "ClientNPNProtocols", &parse_client_npn_protocols },
++ { "ServerNPNProtocols", &parse_server_npn_protocols },
++ { "Server2NPNProtocols", &parse_server2_npn_protocols },
++ { "ExpectedNPNProtocol", &parse_expected_npn_protocol },
++ { "ClientALPNProtocols", &parse_client_alpn_protocols },
++ { "ServerALPNProtocols", &parse_server_alpn_protocols },
++ { "Server2ALPNProtocols", &parse_server2_alpn_protocols },
++ { "ExpectedALPNProtocol", &parse_expected_alpn_protocol },
++ { "HandshakeMode", &parse_handshake_mode },
++ { "ResumptionExpected", &parse_resumption_expected },
};
-
-@@ -153,7 +312,6 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
+-
+ /*
+ * Since these methods are used to create tests, we use OPENSSL_assert liberally
+ * for malloc failures and other internal errors.
+@@ -153,12 +393,20 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
SSL_TEST_CTX *ret;
ret = OPENSSL_zalloc(sizeof(*ret));
OPENSSL_assert(ret != NULL);
@@ -193184,8 +200614,20 @@
return ret;
}
-diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
-index a183272..c551a9b 100644
+ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
+ {
++
++ OPENSSL_free(ctx->client_npn_protocols);
++ OPENSSL_free(ctx->server_npn_protocols);
++ OPENSSL_free(ctx->server2_npn_protocols);
++ OPENSSL_free(ctx->client_alpn_protocols);
++ OPENSSL_free(ctx->server_alpn_protocols);
++ OPENSSL_free(ctx->server2_alpn_protocols);
++ OPENSSL_free(ctx->expected_npn_protocol);
++ OPENSSL_free(ctx->expected_alpn_protocol);
+ OPENSSL_free(ctx);
+ }
+
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -1,11 +1,10 @@
@@ -193203,7 +200645,7 @@
*/
#ifndef HEADER_SSL_TEST_CTX_H
-@@ -15,12 +14,44 @@
+@@ -15,12 +14,52 @@
#include <openssl/ssl.h>
typedef enum {
@@ -193211,7 +200653,10 @@
+ SSL_TEST_SUCCESS = 0, /* Default */
SSL_TEST_SERVER_FAIL,
SSL_TEST_CLIENT_FAIL,
- SSL_TEST_INTERNAL_ERROR
+- SSL_TEST_INTERNAL_ERROR
++ SSL_TEST_INTERNAL_ERROR,
++ /* Couldn't test resumption/renegotiation: original handshake failed. */
++ SSL_TEST_FIRST_HANDSHAKE_FAILED
} ssl_test_result_t;
+typedef enum {
@@ -193233,7 +200678,6 @@
+ SSL_TEST_SERVERNAME_REJECT_MISMATCH
+} ssl_servername_callback_t;
+
-+
+typedef enum {
+ SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */
+ SSL_TEST_SESSION_TICKET_YES,
@@ -193246,10 +200690,17 @@
+ SSL_TEST_METHOD_DTLS
+} ssl_test_method_t;
+
++typedef enum {
++ SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */
++ SSL_TEST_HANDSHAKE_RESUME,
++ /* Not yet implemented */
++ SSL_TEST_HANDSHAKE_RENEGOTIATE
++} ssl_handshake_mode_t;
++
typedef struct ssl_test_ctx {
/* Test expectations. */
/* Defaults to SUCCESS. */
-@@ -34,11 +65,36 @@ typedef struct ssl_test_ctx {
+@@ -34,11 +73,53 @@ typedef struct ssl_test_ctx {
/* Negotiated protocol version. 0 if no expectation. */
/* See ssl.h for protocol versions. */
int protocol;
@@ -193272,6 +200723,22 @@
+ ssl_session_ticket_t session_ticket_expected;
+ /* Whether the server/client CTX should use DTLS or TLS. */
+ ssl_test_method_t method;
++ /*
++ * NPN and ALPN protocols supported by the client, server, and second
++ * (SNI) server. A comma-separated list.
++ */
++ char *client_npn_protocols;
++ char *server_npn_protocols;
++ char *server2_npn_protocols;
++ char *expected_npn_protocol;
++ char *client_alpn_protocols;
++ char *server_alpn_protocols;
++ char *server2_alpn_protocols;
++ char *expected_alpn_protocol;
++ /* Whether to test a resumed/renegotiated handshake. */
++ ssl_handshake_mode_t handshake_mode;
++ /* Whether the second handshake is resumed or a full handshake (boolean). */
++ int resumption_expected;
} SSL_TEST_CTX;
-const char *ssl_test_result_t_name(ssl_test_result_t result);
@@ -193284,11 +200751,10 @@
+ servername_callback);
+const char *ssl_session_ticket_name(ssl_session_ticket_t server);
+const char *ssl_test_method_name(ssl_test_method_t method);
++const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode);
/*
* Load the test case context from |conf|.
-diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c
-index 3c6fa71..3818ba5 100644
--- a/test/ssl_test_ctx_test.c
+++ b/test/ssl_test_ctx_test.c
@@ -1,11 +1,10 @@
@@ -193306,7 +200772,15 @@
*/
/*
-@@ -37,26 +36,56 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
+@@ -14,6 +13,7 @@
+ */
+
+ #include <stdio.h>
++#include <string.h>
+
+ #include "e_os.h"
+ #include "ssl_test_ctx.h"
+@@ -37,29 +37,100 @@ static int SSL_TEST_CTX_equal(SSL_TEST_C
{
if (ctx->expected_result != ctx2->expected_result) {
fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
@@ -193338,8 +200812,8 @@
- ssl_protocol_name(ctx2->expected_result));
+ ssl_protocol_name(ctx->protocol),
+ ssl_protocol_name(ctx2->protocol));
-+ return 0;
-+ }
+ return 0;
+ }
+ if (ctx->client_verify_callback != ctx2->client_verify_callback) {
+ fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
+ ssl_verify_callback_name(ctx->client_verify_callback),
@@ -193368,10 +200842,54 @@
+ fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
+ ssl_session_ticket_name(ctx->session_ticket_expected),
+ ssl_session_ticket_name(ctx2->session_ticket_expected));
- return 0;
- }
++ return 0;
++ }
++ if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
++ ctx2->client_npn_protocols))
++ return 0;
++ if (ctx->method != ctx2->method) {
++ fprintf(stderr, "Method mismatch: %s vs %s.\n",
++ ssl_test_method_name(ctx->method),
++ ssl_test_method_name(ctx2->method));
++ return 0;
++ }
++ if (!strings_equal("ServerNPNProtocols", ctx->server_npn_protocols,
++ ctx2->server_npn_protocols))
++ return 0;
++ if (!strings_equal("Server2NPNProtocols", ctx->server_npn_protocols,
++ ctx2->server_npn_protocols))
++ return 0;
++ if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol,
++ ctx2->expected_npn_protocol))
++ return 0;
++ if (!strings_equal("ClientALPNProtocols", ctx->client_alpn_protocols,
++ ctx2->client_alpn_protocols))
++ return 0;
-@@ -136,6 +165,13 @@ static int test_good_configuration()
++ if (!strings_equal("ServerALPNProtocols", ctx->server_alpn_protocols,
++ ctx2->server_alpn_protocols))
++ return 0;
++ if (!strings_equal("Server2ALPNProtocols", ctx->server_alpn_protocols,
++ ctx2->server_alpn_protocols))
++ return 0;
++ if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
++ ctx2->expected_alpn_protocol))
++ return 0;
++ if (ctx->handshake_mode != ctx2->handshake_mode) {
++ fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
++ ssl_handshake_mode_name(ctx->handshake_mode),
++ ssl_handshake_mode_name(ctx2->handshake_mode));
++ return 0;
++ }
++ if (ctx->resumption_expected != ctx2->resumption_expected) {
++ fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n",
++ ctx->resumption_expected, ctx2->resumption_expected);
++ return 0;
++ }
+ return 1;
+ }
+
+@@ -136,6 +207,19 @@ static int test_good_configuration()
fixture.expected_ctx->client_alert = SSL_AD_UNKNOWN_CA;
fixture.expected_ctx->server_alert = 0; /* No alert. */
fixture.expected_ctx->protocol = TLS1_1_VERSION;
@@ -193382,10 +200900,16 @@
+ SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
+ fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
+ fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
++ fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
++ fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
++ OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
++ OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
++ fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
++ fixture.expected_ctx->resumption_expected = 1;
EXECUTE_SSL_TEST_CTX_TEST();
}
-@@ -144,6 +180,11 @@ static const char *bad_configurations[] = {
+@@ -144,6 +228,13 @@ static const char *bad_configurations[]
"ssltest_unknown_expected_result",
"ssltest_unknown_alert",
"ssltest_unknown_protocol",
@@ -193394,14 +200918,14 @@
+ "ssltest_unknown_servername_callback",
+ "ssltest_unknown_session_ticket_expected",
+ "ssltest_unknown_method",
++ "ssltest_unknown_handshake_mode",
++ "ssltest_unknown_resumption_expected",
};
static int test_bad_configuration(int idx)
-diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf
-index 2e6800e..2fa54b5 100644
--- a/test/ssl_test_ctx_test.conf
+++ b/test/ssl_test_ctx_test.conf
-@@ -4,6 +4,12 @@
+@@ -4,6 +4,16 @@
ExpectedResult = ServerFail
ClientAlert = UnknownCA
Protocol = TLSv1.1
@@ -193411,10 +200935,14 @@
+ServerNameCallback = IgnoreMismatch
+SessionTicketExpected = Yes
+Method = DTLS
++ClientNPNProtocols = foo,bar
++Server2ALPNProtocols = baz
++HandshakeMode = Resume
++ResumptionExpected = yes
[ssltest_unknown_option]
UnknownOption = Foo
-@@ -16,3 +22,18 @@ ServerAlert = Foo
+@@ -16,3 +26,24 @@ ServerAlert = Foo
[ssltest_unknown_protocol]
Protocol = Foo
@@ -193433,12 +200961,15 @@
+
+[ssltest_unknown_method]
+Method = TLS2
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-new file mode 100644
-index 0000000..f16947b
++
++[ssltest_unknown_handshake_mode]
++HandshakeMode = Foo
++
++[ssltest_unknown_resumption_expected]
++ResumptionExpected = Foo
--- /dev/null
+++ b/test/sslapitest.c
-@@ -0,0 +1,208 @@
+@@ -0,0 +1,361 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -193520,11 +201051,50 @@
+ return testresult;
+}
+
-+static int test_session(void)
++typedef struct ssl_session_test_fixture {
++ const char *test_case_name;
++ int use_ext_cache;
++ int use_int_cache;
++} SSL_SESSION_TEST_FIXTURE;
++
++static int new_called = 0, remove_called = 0;
++
++static SSL_SESSION_TEST_FIXTURE
++ssl_session_set_up(const char *const test_case_name)
+{
++ SSL_SESSION_TEST_FIXTURE fixture;
++
++ fixture.test_case_name = test_case_name;
++ fixture.use_ext_cache = 1;
++ fixture.use_int_cache = 1;
++
++ new_called = remove_called = 0;
++
++ return fixture;
++}
++
++static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)
++{
++}
++
++static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
++{
++ new_called++;
++
++ return 1;
++}
++
++static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
++{
++ remove_called++;
++}
++
++static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
++{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl1 = NULL, *clientssl1 = NULL;
+ SSL *serverssl2 = NULL, *clientssl2 = NULL;
++ SSL *serverssl3 = NULL, *clientssl3 = NULL;
+ SSL_SESSION *sess1 = NULL, *sess2 = NULL;
+ int testresult = 0;
+
@@ -193534,27 +201104,47 @@
+ return 0;
+ }
+
-+ /* Turn on client session cache */
-+ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
++#ifndef OPENSSL_NO_TLS1_2
++ /* Only allow TLS1.2 so we can force a connection failure later */
++ SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
++#endif
+
++ /* Set up session cache */
++ if (fix.use_ext_cache) {
++ SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
++ SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
++ }
++ if (fix.use_int_cache) {
++ /* Also covers instance where both are set */
++ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
++ } else {
++ SSL_CTX_set_session_cache_mode(cctx,
++ SSL_SESS_CACHE_CLIENT
++ | SSL_SESS_CACHE_NO_INTERNAL_STORE);
++ }
++
+ if (!create_ssl_connection(sctx, cctx, &serverssl1, &clientssl1, NULL,
+ NULL)) {
+ printf("Unable to create SSL connection\n");
+ goto end;
+ }
-+
+ sess1 = SSL_get1_session(clientssl1);
+ if (sess1 == NULL) {
+ printf("Unexpected NULL session\n");
+ goto end;
+ }
+
-+ if (SSL_CTX_add_session(cctx, sess1)) {
++ if (fix.use_int_cache && SSL_CTX_add_session(cctx, sess1)) {
+ /* Should have failed because it should already be in the cache */
+ printf("Unexpected success adding session to cache\n");
+ goto end;
+ }
+
++ if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) {
++ printf("Session not added to cache\n");
++ goto end;
++ }
++
+ if (!create_ssl_connection(sctx, cctx, &serverssl2, &clientssl2, NULL,
+ NULL)) {
+ printf("Unable to create second SSL connection\n");
@@ -193567,6 +201157,11 @@
+ goto end;
+ }
+
++ if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) {
++ printf("Remove session callback unexpectedly called\n");
++ goto end;
++ }
++
+ /*
+ * This should clear sess2 from the cache because it is a "bad" session. See
+ * SSL_set_session() documentation.
@@ -193576,43 +201171,130 @@
+ goto end;
+ }
+
++ if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) {
++ printf("Failed to call callback to remove session\n");
++ goto end;
++ }
++
++
+ if (SSL_get_session(clientssl2) != sess1) {
+ printf("Unexpected session found\n");
+ goto end;
+ }
+
-+ if (!SSL_CTX_add_session(cctx, sess2)) {
-+ /*
-+ * Should have succeeded because it should not already be in the cache
++ if (fix.use_int_cache) {
++ if (!SSL_CTX_add_session(cctx, sess2)) {
++ /*
++ * Should have succeeded because it should not already be in the cache
++ */
++ printf("Unexpected failure adding session to cache\n");
++ goto end;
++ }
++
++ if (!SSL_CTX_remove_session(cctx, sess2)) {
++ printf("Unexpected failure removing session from cache\n");
++ goto end;
++ }
++
++ /* This is for the purposes of internal cache testing...ignore the
++ * counter for external cache
+ */
-+ printf("Unexpected failure adding session to cache\n");
++ if (fix.use_ext_cache)
++ remove_called--;
++ }
++
++ /* This shouldn't be in the cache so should fail */
++ if (SSL_CTX_remove_session(cctx, sess2)) {
++ printf("Unexpected success removing session from cache\n");
+ goto end;
+ }
+
-+ if (!SSL_CTX_remove_session(cctx, sess2)) {
-+ printf("Unexpected failure removing session from cache\n");
++ if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) {
++ printf("Failed to call callback to remove session #2\n");
+ goto end;
+ }
+
-+ if (SSL_CTX_remove_session(cctx, sess2)) {
-+ printf("Unexpected success removing session from cache\n");
++#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
++ /* Force a connection failure */
++ SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
++ clientssl3 = SSL_new(cctx);
++ if (clientssl3 == NULL) {
++ printf("Malloc failure\n");
+ goto end;
+ }
++ if (!SSL_set_session(clientssl3, sess1)) {
++ printf("Unable to set session for third connection\n");
++ goto end;
++ }
+
++ /* This should fail because of the mismatched protocol versions */
++ if (create_ssl_connection(sctx, cctx, &serverssl3, &clientssl3, NULL,
++ NULL)) {
++ printf("Unexpected success creating SSL connection\n");
++ goto end;
++ }
++
++ /* We should have automatically removed the session from the cache */
++ if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
++ printf("Failed to call callback to remove session #2\n");
++ goto end;
++ }
++
++ if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) {
++ /*
++ * Should have succeeded because it should not already be in the cache
++ */
++ printf("Unexpected failure adding session to cache #2\n");
++ goto end;
++ }
++#endif
++
+ testresult = 1;
++
+ end:
+ SSL_free(serverssl1);
+ SSL_free(clientssl1);
+ SSL_free(serverssl2);
+ SSL_free(clientssl2);
++ SSL_free(serverssl3);
++ SSL_free(clientssl3);
+ SSL_SESSION_free(sess1);
+ SSL_SESSION_free(sess2);
++ /*
++ * Check if we need to remove any sessions up-refed for the external cache
++ */
++ if (new_called >= 1)
++ SSL_SESSION_free(sess1);
++ if (new_called >= 2)
++ SSL_SESSION_free(sess2);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
++static int test_session_with_only_int_cache(void) {
++ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
++
++ fixture.use_ext_cache = 0;
++
++ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
++}
++
++static int test_session_with_only_ext_cache(void) {
++ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
++
++ fixture.use_int_cache = 0;
++
++ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
++}
++
++static int test_session_with_both_cache(void) {
++ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
++
++ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
++}
++
+int main(int argc, char *argv[])
+{
+ BIO *err = NULL;
@@ -193632,7 +201314,9 @@
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ADD_TEST(test_tlsext_status_type);
-+ ADD_TEST(test_session);
++ ADD_TEST(test_session_with_only_int_cache);
++ ADD_TEST(test_session_with_only_ext_cache);
++ ADD_TEST(test_session_with_both_cache);
+
+ testresult = run_tests(argv[0]);
+
@@ -193647,8 +201331,6 @@
+
+ return testresult;
+}
-diff --git a/test/ssltest_old.c b/test/ssltest_old.c
-index 2fd7da8..74908b0 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1,112 +1,12 @@
@@ -193804,7 +201486,7 @@
#include "../ssl/ssl_locl.h"
/*
-@@ -223,9 +123,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+@@ -223,9 +123,6 @@ static int app_verify_callback(X509_STOR
struct app_verify_arg {
char *string;
int app_verify;
@@ -193814,7 +201496,7 @@
};
#ifndef OPENSSL_NO_DH
-@@ -799,7 +696,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
+@@ -799,7 +696,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ss
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
@@ -193844,6 +201526,22 @@
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr, " -npn_client - have client side offer NPN\n");
fprintf(stderr, " -npn_server - have server side offer NPN\n");
+@@ -964,11 +852,11 @@ static void print_details(SSL *c_ssl, co
+ SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
+ cert = SSL_get_peer_certificate(c_ssl);
+ if (cert != NULL) {
+- pkey = X509_get_pubkey(cert);
+- if (pkey != NULL) {
++ EVP_PKEY* pubkey = X509_get0_pubkey(cert);
++
++ if (pubkey != NULL) {
+ BIO_puts(bio_stdout, ", ");
+- print_key_details(bio_stdout, pkey);
+- EVP_PKEY_free(pkey);
++ print_key_details(bio_stdout, pubkey);
+ }
+ X509_free(cert);
+ }
@@ -1074,7 +962,7 @@ int main(int argc, char *argv[])
int client_auth = 0;
int server_auth = 0, i;
@@ -193916,7 +201614,7 @@
if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
-@@ -3051,23 +2910,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
+@@ -3051,23 +2910,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long co
return (ret);
}
@@ -193940,7 +201638,7 @@
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char *s, buf[256];
-@@ -3100,341 +2942,13 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)
+@@ -3100,341 +2942,13 @@ static int verify_callback(int ok, X509_
}
}
@@ -194282,7 +201980,7 @@
if (cb_arg->app_verify) {
char *s = NULL, buf[256];
-@@ -3452,61 +2966,9 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+@@ -3452,61 +2966,9 @@ static int app_verify_callback(X509_STOR
}
return (1);
}
@@ -194344,7 +202042,7 @@
return (ok);
}
-@@ -3726,33 +3188,3 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
+@@ -3726,33 +3188,3 @@ static unsigned int psk_server_callback(
return psk_len;
}
#endif
@@ -194378,12 +202076,9 @@
-
- return 1;
-}
-diff --git a/test/ssltestlib.c b/test/ssltestlib.c
-new file mode 100644
-index 0000000..357ef00
--- /dev/null
+++ b/test/ssltestlib.c
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,158 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -194442,11 +202137,18 @@
+ SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
+{
+ int retc = -1, rets = -1, err, abortctr = 0;
++ int clienterr = 0, servererr = 0;
+ SSL *serverssl, *clientssl;
+ BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
+
-+ serverssl = SSL_new(serverctx);
-+ clientssl = SSL_new(clientctx);
++ if (*sssl == NULL)
++ serverssl = SSL_new(serverctx);
++ else
++ serverssl = *sssl;
++ if (*cssl == NULL)
++ clientssl = SSL_new(clientctx);
++ else
++ clientssl = *cssl;
+
+ if (serverssl == NULL || clientssl == NULL) {
+ printf("Failed to create SSL object\n");
@@ -194486,28 +202188,30 @@
+
+ do {
+ err = SSL_ERROR_WANT_WRITE;
-+ while (retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
++ while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
+ retc = SSL_connect(clientssl);
+ if (retc <= 0)
+ err = SSL_get_error(clientssl, retc);
+ }
+
-+ if (retc <= 0 && err != SSL_ERROR_WANT_READ) {
++ if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
+ printf("SSL_connect() failed %d, %d\n", retc, err);
-+ goto error;
++ clienterr = 1;
+ }
+
+ err = SSL_ERROR_WANT_WRITE;
-+ while (rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
++ while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
+ rets = SSL_accept(serverssl);
+ if (rets <= 0)
+ err = SSL_get_error(serverssl, rets);
+ }
+
-+ if (rets <= 0 && err != SSL_ERROR_WANT_READ) {
++ if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) {
+ printf("SSL_accept() failed %d, %d\n", retc, err);
++ servererr = 1;
++ }
++ if (clienterr && servererr)
+ goto error;
-+ }
+ if (++abortctr == MAXLOOPS) {
+ printf("No progress made\n");
+ goto error;
@@ -194520,18 +202224,19 @@
+ return 1;
+
+ error:
-+ SSL_free(serverssl);
-+ SSL_free(clientssl);
-+ BIO_free(s_to_c_bio);
-+ BIO_free(c_to_s_bio);
-+ BIO_free(s_to_c_fbio);
-+ BIO_free(c_to_s_fbio);
++ if (*sssl == NULL) {
++ SSL_free(serverssl);
++ BIO_free(s_to_c_bio);
++ BIO_free(s_to_c_fbio);
++ }
++ if (*cssl == NULL) {
++ SSL_free(clientssl);
++ BIO_free(c_to_s_bio);
++ BIO_free(c_to_s_fbio);
++ }
+
+ return 0;
+}
-diff --git a/test/ssltestlib.h b/test/ssltestlib.h
-new file mode 100644
-index 0000000..f05878a
--- /dev/null
+++ b/test/ssltestlib.h
@@ -0,0 +1,21 @@
@@ -194556,9 +202261,6 @@
+ SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
+
+#endif /* HEADER_SSLTESTLIB_H */
-diff --git a/test/test_aesni b/test/test_aesni
-deleted file mode 100755
-index 3929c75..0000000
--- a/test/test_aesni
+++ /dev/null
@@ -1,68 +0,0 @@
@@ -194630,9 +202332,6 @@
-fi
-
-exit 0
-diff --git a/test/test_padlock b/test/test_padlock
-deleted file mode 100755
-index 5c0f210..0000000
--- a/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
@@ -194700,9 +202399,6 @@
-fi
-
-exit 0
-diff --git a/test/test_t4 b/test/test_t4
-deleted file mode 100755
-index 5cecb56..0000000
--- a/test/test_t4
+++ /dev/null
@@ -1,70 +0,0 @@
@@ -194776,8 +202472,6 @@
-fi
-
-exit 0
-diff --git a/test/testlib/OpenSSL/Test.pm b/test/testlib/OpenSSL/Test.pm
-index 28c915a..0c3b910 100644
--- a/test/testlib/OpenSSL/Test.pm
+++ b/test/testlib/OpenSSL/Test.pm
@@ -1,3 +1,10 @@
@@ -194947,8 +202641,6 @@
if ($debug) {
print STDERR "DEBUG: __cwd(), directories and files:\n";
print STDERR " \$directories{BLDTEST} = \"$directories{BLDTEST}\"\n";
-diff --git a/test/testlib/OpenSSL/Test/Simple.pm b/test/testlib/OpenSSL/Test/Simple.pm
-index b596e5f..c5a84d5 100644
--- a/test/testlib/OpenSSL/Test/Simple.pm
+++ b/test/testlib/OpenSSL/Test/Simple.pm
@@ -1,3 +1,10 @@
@@ -194962,8 +202654,6 @@
package OpenSSL::Test::Simple;
use strict;
-diff --git a/test/testlib/OpenSSL/Test/Utils.pm b/test/testlib/OpenSSL/Test/Utils.pm
-index da35b14..665bfc6 100644
--- a/test/testlib/OpenSSL/Test/Utils.pm
+++ b/test/testlib/OpenSSL/Test/Utils.pm
@@ -1,3 +1,10 @@
@@ -194986,8 +202676,6 @@
# args:
# single string
sub disabled {
-diff --git a/test/testutil.c b/test/testutil.c
-index 3f63784..9a67630 100644
--- a/test/testutil.c
+++ b/test/testutil.c
@@ -1,58 +1,10 @@
@@ -195055,8 +202743,35 @@
*/
#include "testutil.h"
-diff --git a/test/testutil.h b/test/testutil.h
-index 2ae3d7d..0170a22 100644
+@@ -60,6 +12,7 @@
+ #include <assert.h>
+ #include <stdlib.h>
+ #include <stdio.h>
++#include <string.h>
+ #include "e_os.h"
+
+ /*
+@@ -137,3 +90,20 @@ int run_tests(const char *test_prog_name
+ printf(" All tests passed.\n");
+ return EXIT_SUCCESS;
+ }
++
++static const char *print_string_maybe_null(const char *s)
++{
++ return s == NULL ? "(NULL)" : s;
++}
++
++int strings_equal(const char *desc, const char *s1, const char *s2)
++{
++ if (s1 == NULL && s2 == NULL)
++ return 1;
++ if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) {
++ fprintf(stderr, "%s mismatch: %s vs %s\n", desc, print_string_maybe_null(s1),
++ print_string_maybe_null(s2));
++ return 0;
++ }
++ return 1;
++}
--- a/test/testutil.h
+++ b/test/testutil.h
@@ -1,58 +1,10 @@
@@ -195065,7 +202780,9 @@
- *
- * More information:
- * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
-- *
++/*
++ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Author: Mike Bland (mbland at acm.org)
- * Date: 2014-06-07
- * ====================================================================
@@ -195101,9 +202818,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -195124,11 +202839,23 @@
*/
#ifndef HEADER_TESTUTIL_H
-diff --git a/test/threadstest.c b/test/threadstest.c
-index e3a9ff5..db864b2 100644
+@@ -132,4 +84,13 @@ void add_test(const char *test_case_name
+ void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num);
+ int run_tests(const char *test_prog_name);
+
++/*
++ * Test assumption verification helpers.
++ */
++
++/*
++ * Returns 1 if |s1| and |s2| are both NULL or equal.
++ * Otherwise, returns 0 and pretty-prints diagnostics using |desc|.
++ */
++int strings_equal(const char *desc, const char *s1, const char *s2);
+ #endif /* HEADER_TESTUTIL_H */
--- a/test/threadstest.c
+++ b/test/threadstest.c
-@@ -1,56 +1,15 @@
+@@ -1,56 +1,19 @@
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
+/*
@@ -195184,6 +202911,10 @@
+ * https://www.openssl.org/source/license.html
*/
++#if defined(_WIN32)
++# include <windows.h>
++#endif
++
#include <stdio.h>
#include <openssl/crypto.h>
@@ -195191,9 +202922,6 @@
#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-diff --git a/test/times b/test/times
-deleted file mode 100644
-index 6b66eb3..0000000
--- a/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
@@ -195310,9 +203038,6 @@
-rsa 2048 bits 0.2605s 0.0086s
-rsa 4096 bits 1.6883s 0.0302s
-
-diff --git a/test/v3ext.c b/test/v3ext.c
-new file mode 100644
-index 0000000..1c1f788
--- /dev/null
+++ b/test/v3ext.c
@@ -0,0 +1,42 @@
@@ -195358,8 +203083,6 @@
+ X509_free(x);
+ return ret;
+}
-diff --git a/test/v3nametest.c b/test/v3nametest.c
-index ac5c9ff..648c1df 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -1,3 +1,12 @@
@@ -195375,8 +203098,6 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "../e_os.h"
-diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
-index 8362de4..cbc6d8c 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -1,58 +1,10 @@
@@ -195443,8 +203164,15 @@
*/
#include <stdio.h>
-diff --git a/test/wp_test.c b/test/wp_test.c
-index de7aa3d..7b5cc04 100644
+@@ -170,7 +122,7 @@ static int test_alt_chains_cert_forgery(
+
+ i = X509_verify_cert(sctx);
+
+- if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
++ if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
+ /* This is the result we were expecting: Test passed */
+ ret = 1;
+ }
--- a/test/wp_test.c
+++ b/test/wp_test.c
@@ -1,7 +1,12 @@
@@ -195483,9 +203211,6 @@
fprintf(stdout, "Testing Whirlpool ");
WHIRLPOOL("", 0, md);
-diff --git a/test/x509aux.c b/test/x509aux.c
-new file mode 100644
-index 0000000..4f00196
--- /dev/null
+++ b/test/x509aux.c
@@ -0,0 +1,226 @@
@@ -195715,9 +203440,6 @@
+ BIO_free(bio_err);
+ EXIT(ret);
+}
-diff --git a/tools/Makefile.in b/tools/Makefile.in
-deleted file mode 100644
-index dec5f75..0000000
--- a/tools/Makefile.in
+++ /dev/null
@@ -1,62 +0,0 @@
@@ -195783,8 +203505,6 @@
- mv c_rehash.new c_rehash
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-diff --git a/tools/build.info b/tools/build.info
-index 3810fbc..059e582 100644
--- a/tools/build.info
+++ b/tools/build.info
@@ -1,4 +1,7 @@
@@ -195797,9 +203517,6 @@
+ SCRIPTS={- $c_rehash_name -}
+ SOURCE[{- $c_rehash_name -}]=c_rehash.in
ENDIF
-diff --git a/tools/c_hash b/tools/c_hash
-deleted file mode 100644
-index 5e0a908..0000000
--- a/tools/c_hash
+++ /dev/null
@@ -1,9 +0,0 @@
@@ -195812,9 +203529,6 @@
- h=`openssl x509 -hash -noout -in $i`
- echo "$h.0 => $i"
-done
-diff --git a/tools/c_info b/tools/c_info
-deleted file mode 100644
-index 0e1e633..0000000
--- a/tools/c_info
+++ /dev/null
@@ -1,12 +0,0 @@
@@ -195830,9 +203544,6 @@
- echo "$n"
- echo "--------"
-done
-diff --git a/tools/c_issuer b/tools/c_issuer
-deleted file mode 100644
-index 55821ab..0000000
--- a/tools/c_issuer
+++ /dev/null
@@ -1,10 +0,0 @@
@@ -195846,9 +203557,6 @@
- n=`openssl x509 -issuer -noout -in $i`
- echo "$i $n"
-done
-diff --git a/tools/c_name b/tools/c_name
-deleted file mode 100644
-index 28800c0..0000000
--- a/tools/c_name
+++ /dev/null
@@ -1,10 +0,0 @@
@@ -195862,12 +203570,11 @@
- n=`openssl x509 -subject -noout -in $i`
- echo "$i $n"
-done
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index dc66a9d..949e44f 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -1,6 +1,12 @@
- #!{- $config{perl} -}
+-#!{- $config{perl} -}
++#!{- $config{hashbangperl} -}
# {- join("\n# ", @autowarntext) -}
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -195888,9 +203595,6 @@
closedir DIR;
if ( $removelinks ) {
# Delete any existing symbolic links
-diff --git a/tools/primes.py b/tools/primes.py
-deleted file mode 100644
-index 61de99f..0000000
--- a/tools/primes.py
+++ /dev/null
@@ -1,21 +0,0 @@
@@ -195915,8 +203619,6 @@
-print(offsets)
-print(len(offsets))
-print(muliplier)
-diff --git a/util/TLSProxy/ClientHello.pm b/util/TLSProxy/ClientHello.pm
-index 0586cf9..ec739d2 100644
--- a/util/TLSProxy/ClientHello.pm
+++ b/util/TLSProxy/ClientHello.pm
@@ -1,55 +1,9 @@
@@ -195980,8 +203682,6 @@
use strict;
-diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm
-index bbb0ad7..b8db22f 100644
--- a/util/TLSProxy/Message.pm
+++ b/util/TLSProxy/Message.pm
@@ -1,55 +1,9 @@
@@ -196055,8 +203755,6 @@
};
my %message_type = (
-diff --git a/util/TLSProxy/NewSessionTicket.pm b/util/TLSProxy/NewSessionTicket.pm
-index 4e8c713..e509985 100644
--- a/util/TLSProxy/NewSessionTicket.pm
+++ b/util/TLSProxy/NewSessionTicket.pm
@@ -1,54 +1,9 @@
@@ -196119,8 +203817,6 @@
use strict;
-diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
-index fcbe248..e0ce43a 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -1,55 +1,9 @@
@@ -196261,8 +203957,6 @@
}
sub process_packet
-diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
-index 124f924..2a605e3 100644
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@@ -1,55 +1,9 @@
@@ -196326,8 +204020,6 @@
use strict;
-diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm
-index 4798f22..ee2fd72 100644
--- a/util/TLSProxy/ServerHello.pm
+++ b/util/TLSProxy/ServerHello.pm
@@ -1,55 +1,9 @@
@@ -196391,8 +204083,6 @@
use strict;
-diff --git a/util/TLSProxy/ServerKeyExchange.pm b/util/TLSProxy/ServerKeyExchange.pm
-index a3973be..6e5b4cd 100644
--- a/util/TLSProxy/ServerKeyExchange.pm
+++ b/util/TLSProxy/ServerKeyExchange.pm
@@ -1,55 +1,9 @@
@@ -196456,8 +204146,6 @@
use strict;
-diff --git a/util/ck_errf.pl b/util/ck_errf.pl
-index 922e5f6..7fc5367 100755
--- a/util/ck_errf.pl
+++ b/util/ck_errf.pl
@@ -1,5 +1,11 @@
@@ -196473,9 +204161,6 @@
# This is just a quick script to scan for cases where the 'error'
# function name in a XXXerr() macro is wrong.
#
-diff --git a/util/copy-if-different.pl b/util/copy-if-different.pl
-deleted file mode 100755
-index ec99e08..0000000
--- a/util/copy-if-different.pl
+++ /dev/null
@@ -1,78 +0,0 @@
@@ -196557,8 +204242,6 @@
- print "Copying: $_ to $dfile\n";
- }
-
-diff --git a/util/copy.pl b/util/copy.pl
-index eba6d58..ef4d870 100644
--- a/util/copy.pl
+++ b/util/copy.pl
@@ -1,4 +1,11 @@
@@ -196583,9 +204266,6 @@
{
push @filelist, $_;
}
-diff --git a/util/dirname.pl b/util/dirname.pl
-deleted file mode 100644
-index d7a66d9..0000000
--- a/util/dirname.pl
+++ /dev/null
@@ -1,18 +0,0 @@
@@ -196607,8 +204287,6 @@
-
-print $d,"\n";
-exit(0);
-diff --git a/util/dofile.pl b/util/dofile.pl
-index 983778f..e0333fe 100644
--- a/util/dofile.pl
+++ b/util/dofile.pl
@@ -1,5 +1,11 @@
@@ -196624,9 +204302,6 @@
# Reads one or more template files and runs it through Text::Template
#
# It is assumed that this scripts is called with -Mconfigdata, a module
-diff --git a/util/domd.in b/util/domd.in
-deleted file mode 100755
-index 1569c35..0000000
--- a/util/domd.in
+++ /dev/null
@@ -1,26 +0,0 @@
@@ -196656,9 +204331,6 @@
- mv Makefile.tmp Makefile
- ;;
-esac
-diff --git a/util/extract-names.pl b/util/extract-names.pl
-deleted file mode 100644
-index 0f69335..0000000
--- a/util/extract-names.pl
+++ /dev/null
@@ -1,26 +0,0 @@
@@ -196688,9 +204360,6 @@
-
-print join("\n", @words),"\n";
-
-diff --git a/util/extract-section.pl b/util/extract-section.pl
-deleted file mode 100644
-index 7a0ba4f..0000000
--- a/util/extract-section.pl
+++ /dev/null
@@ -1,12 +0,0 @@
@@ -196706,12 +204375,9 @@
-
-print "$ARGV[0]\n";
-
-diff --git a/util/find-doc-nits.pl b/util/find-doc-nits.pl
-new file mode 100755
-index 0000000..ba60036
--- /dev/null
+++ b/util/find-doc-nits.pl
-@@ -0,0 +1,185 @@
+@@ -0,0 +1,189 @@
+#! /usr/bin/env perl
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -196797,6 +204463,10 @@
+ print "$id $sym missing from NAME section\n"
+ unless defined $names{$sym};
+ $names{$sym} = 2;
++
++ # Do some sanity checks on the prototype.
++ print "$id prototype missing spaces around commas: $line\n"
++ if ( $line =~ /[a-z0-9],[^ ]/ );
+ }
+
+ foreach my $n ( keys %names ) {
@@ -196897,9 +204567,6 @@
+}
+
+exit;
-diff --git a/util/find-undoc-api.pl b/util/find-undoc-api.pl
-new file mode 100755
-index 0000000..7b2cb97
--- /dev/null
+++ b/util/find-undoc-api.pl
@@ -0,0 +1,82 @@
@@ -196985,12 +204652,9 @@
+
+&printem('doc/crypto', 'util/libcrypto.num');
+&printem('doc/ssl', 'util/libssl.num');
-diff --git a/util/find-unused-errs b/util/find-unused-errs
-new file mode 100755
-index 0000000..d36789e
--- /dev/null
+++ b/util/find-unused-errs
-@@ -0,0 +1,31 @@
+@@ -0,0 +1,35 @@
+#! /bin/bash
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -197014,6 +204678,10 @@
+ git grep -l --full-name -F $F >$X2
+ NUM=`wc -l <$X2`
+ test $NUM -gt 2 && continue
++ if grep -q $F crypto/err/openssl.ec ; then
++ echo Possibly unused $F found in openssl.ec
++ continue
++ fi
+ echo $F
+ for FILE in `cat $X2` ; do
+ grep -v -w $F <$FILE >$FILE.new
@@ -197022,8 +204690,6 @@
+done
+
+rm $X1 $X2
-diff --git a/util/fipslink.pl b/util/fipslink.pl
-index 7b16e04..18a9153 100644
--- a/util/fipslink.pl
+++ b/util/fipslink.pl
@@ -1,4 +1,10 @@
@@ -197038,8 +204704,6 @@
sub check_env
{
-diff --git a/util/incore b/util/incore
-index bb765b1..26fcf95 100755
--- a/util/incore
+++ b/util/incore
@@ -1,7 +1,11 @@
@@ -197057,8 +204721,6 @@
# The script embeds fingerprint into ELF executable object, either
# application binary or shared library.
-diff --git a/util/indent.pro b/util/indent.pro
-index b7958e3..71997cb 100644
--- a/util/indent.pro
+++ b/util/indent.pro
@@ -187,11 +187,8 @@
@@ -197073,9 +204735,14 @@
-T CRYPTO_MEM_LEAK_CB
-T CRYPTO_THREADID
-T CRYPTO_dynlock_value
-diff --git a/util/install.sh b/util/install.sh
-deleted file mode 100755
-index e1d0c98..0000000
+@@ -574,6 +571,7 @@
+ -T asn1_ps_func
+ -T bio_dgram_data
+ -T bio_info_cb
++-T BIO_callack_fn
+ -T char_io
+ -T conf_finish_func
+ -T conf_init_func
--- a/util/install.sh
+++ /dev/null
@@ -1,108 +0,0 @@
@@ -197187,8 +204854,6 @@
-if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
-
-exit 0
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 5339358..e9966eb 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1,5 +1,5 @@
@@ -197198,7 +204863,7 @@
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_chain 4 1_1_0 EXIST::FUNCTION:
COMP_expand_block 5 1_1_0 EXIST::FUNCTION:COMP
-@@ -18,7 +18,6 @@ PKCS12_it 16 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FU
+@@ -18,7 +18,6 @@ i2d_ESS_ISSUER_SERIAL
i2d_ASN1_OCTET_STRING 17 1_1_0 EXIST::FUNCTION:
EC_KEY_set_private_key 18 1_1_0 EXIST::FUNCTION:EC
SRP_VBASE_get_by_user 19 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
@@ -197206,7 +204871,7 @@
Camellia_cfb128_encrypt 21 1_1_0 EXIST::FUNCTION:CAMELLIA
DES_ncbc_encrypt 22 1_1_0 EXIST::FUNCTION:DES
TS_REQ_get_ext_count 23 1_1_0 EXIST::FUNCTION:TS
-@@ -31,7 +30,7 @@ GENERAL_NAME_get0_otherName 29 1_1_0 EXIST::FUNCTION:
+@@ -31,7 +30,7 @@ ASN1_item_d2i_fp
ASN1_INTEGER_get_uint64 30 1_1_0 EXIST::FUNCTION:
EVP_DigestInit_ex 31 1_1_0 EXIST::FUNCTION:
CTLOG_new 32 1_1_0 EXIST::FUNCTION:CT
@@ -197215,7 +204880,7 @@
EVP_PBE_alg_add_type 34 1_1_0 EXIST::FUNCTION:
EVP_cast5_ofb 35 1_1_0 EXIST::FUNCTION:CAST
d2i_PUBKEY_fp 36 1_1_0 EXIST::FUNCTION:STDIO
-@@ -40,16 +39,15 @@ BF_decrypt 38 1_1_0 EXIST::FUNCTION:BF
+@@ -40,16 +39,15 @@ BF_decrypt
PEM_read_bio_PUBKEY 39 1_1_0 EXIST::FUNCTION:
X509_NAME_delete_entry 40 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_verify_recover 41 1_1_0 EXIST::FUNCTION:
@@ -197234,7 +204899,7 @@
ERR_peek_error 51 1_1_0 EXIST::FUNCTION:
X509v3_asid_validate_resource_set 52 1_1_0 EXIST::FUNCTION:RFC3779
PEM_write_bio_Parameters 53 1_1_0 EXIST::FUNCTION:
-@@ -57,7 +55,7 @@ CMS_SignerInfo_verify 54 1_1_0 EXIST::FUNCTION:CMS
+@@ -57,7 +55,7 @@ CMS_SignerInfo_verify
X509v3_asid_is_canonical 55 1_1_0 EXIST::FUNCTION:RFC3779
ASN1_ENUMERATED_get 56 1_1_0 EXIST::FUNCTION:
EVP_MD_do_all_sorted 57 1_1_0 EXIST::FUNCTION:
@@ -197243,7 +204908,7 @@
ENGINE_ctrl_cmd_string 59 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_finish 60 1_1_0 EXIST::FUNCTION:ENGINE
SRP_Calc_client_key 61 1_1_0 EXIST::FUNCTION:SRP
-@@ -68,7 +66,7 @@ DSO_bind_func 65 1_1_0 EXIST::FUNCTION:
+@@ -68,7 +66,7 @@ EVP_idea_ofb
EVP_PKEY_meth_get_copy 66 1_1_0 EXIST::FUNCTION:
RSA_up_ref 67 1_1_0 EXIST::FUNCTION:RSA
EVP_PKEY_meth_set_ctrl 68 1_1_0 EXIST::FUNCTION:
@@ -197252,7 +204917,7 @@
BN_GENCB_set 70 1_1_0 EXIST::FUNCTION:
BN_generate_prime 71 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
d2i_DSAPrivateKey_fp 72 1_1_0 EXIST::FUNCTION:DSA,STDIO
-@@ -79,7 +77,7 @@ ASN1_item_print 76 1_1_0 EXIST::FUNCTION:
+@@ -79,7 +77,7 @@ d2i_DSAPrivateKey_fp
CONF_set_nconf 77 1_1_0 EXIST::FUNCTION:
RAND_set_rand_method 78 1_1_0 EXIST::FUNCTION:
BN_GF2m_mod_mul 79 1_1_0 EXIST::FUNCTION:EC2M
@@ -197261,7 +204926,7 @@
ASN1_TIME_adj 81 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_get0_info 82 1_1_0 EXIST::FUNCTION:
BN_add_word 83 1_1_0 EXIST::FUNCTION:
-@@ -88,14 +86,14 @@ EVP_PKEY_add1_attr_by_OBJ 85 1_1_0 EXIST::FUNCTION:
+@@ -88,14 +86,14 @@ EVP_des_ede
ASYNC_WAIT_CTX_get_all_fds 86 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_do_cipher 87 1_1_0 EXIST::FUNCTION:
EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION:UI
@@ -197279,7 +204944,7 @@
X509_VERIFY_PARAM_set1_policies 97 1_1_0 EXIST::FUNCTION:
SCT_set0_extensions 98 1_1_0 EXIST::FUNCTION:CT
PKCS5_pbe2_set_scrypt 99 1_1_0 EXIST::FUNCTION:SCRYPT
-@@ -106,22 +104,22 @@ d2i_DHparams 103 1_1_0 EXIST::FUNCTION:DH
+@@ -106,22 +104,22 @@ d2i_DHparams
i2d_PKCS7_ENC_CONTENT 104 1_1_0 EXIST::FUNCTION:
DH_generate_key 105 1_1_0 EXIST::FUNCTION:DH
ENGINE_add_conf_module 106 1_1_0 EXIST::FUNCTION:ENGINE
@@ -197306,7 +204971,7 @@
EVP_camellia_128_ctr 123 1_1_0 EXIST::FUNCTION:CAMELLIA
EVP_CIPHER_impl_ctx_size 124 1_1_0 EXIST::FUNCTION:
X509_CRL_get_nextUpdate 125 1_1_0 EXIST::FUNCTION:
-@@ -132,22 +130,21 @@ ASN1_STRING_TABLE_add 129 1_1_0 EXIST::FUNCTION:
+@@ -132,22 +130,21 @@ ENGINE_set_destroy_function
d2i_ASIdentifiers 130 1_1_0 EXIST::FUNCTION:RFC3779
i2d_PKCS12_bio 131 1_1_0 EXIST::FUNCTION:
X509_to_X509_REQ 132 1_1_0 EXIST::FUNCTION:
@@ -197334,7 +204999,7 @@
EVP_PKEY_asn1_set_ctrl 149 1_1_0 EXIST::FUNCTION:
EC_POINTs_mul 150 1_1_0 EXIST::FUNCTION:EC
ASN1_get_object 151 1_1_0 EXIST::FUNCTION:
-@@ -168,7 +165,6 @@ CT_POLICY_EVAL_CTX_free 165 1_1_0 EXIST::FUNCTION:CT
+@@ -168,7 +165,6 @@ CT_POLICY_EVAL_CTX_free
CMS_RecipientInfo_kari_get0_ctx 166 1_1_0 EXIST::FUNCTION:CMS
PKCS7_set_attributes 167 1_1_0 EXIST::FUNCTION:
d2i_POLICYQUALINFO 168 1_1_0 EXIST::FUNCTION:
@@ -197342,7 +205007,7 @@
EVP_MD_type 170 1_1_0 EXIST::FUNCTION:
EVP_PKCS82PKEY 171 1_1_0 EXIST::FUNCTION:
BN_generate_prime_ex 172 1_1_0 EXIST::FUNCTION:
-@@ -181,7 +177,7 @@ EVP_PKEY_delete_attr 178 1_1_0 EXIST::FUNCTION:
+@@ -181,7 +177,7 @@ CMS_RecipientInfo_kari_get0_ctx
EVP_CIPHER_CTX_key_length 179 1_1_0 EXIST::FUNCTION:
BIO_clear_flags 180 1_1_0 EXIST::FUNCTION:
i2d_DISPLAYTEXT 181 1_1_0 EXIST::FUNCTION:
@@ -197351,7 +205016,7 @@
i2d_ASN1_PRINTABLESTRING 183 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_hostflags 184 1_1_0 EXIST::FUNCTION:
SCT_get0_log_id 185 1_1_0 EXIST::FUNCTION:CT
-@@ -201,7 +197,7 @@ EVP_PKEY_cmp 197 1_1_0 EXIST::FUNCTION:
+@@ -201,7 +197,7 @@ TS_TST_INFO_new
d2i_X509_ALGORS 198 1_1_0 EXIST::FUNCTION:
EVP_PKEY2PKCS8 199 1_1_0 EXIST::FUNCTION:
BN_nist_mod_256 200 1_1_0 EXIST::FUNCTION:
@@ -197360,7 +205025,7 @@
EVP_seed_cfb128 202 1_1_0 EXIST::FUNCTION:SEED
BASIC_CONSTRAINTS_free 203 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_flags 204 1_1_0 EXIST::FUNCTION:
-@@ -210,13 +206,13 @@ SCT_set_version 206 1_1_0 EXIST::FUNCTION:CT
+@@ -210,13 +206,13 @@ SCT_set_version
CMS_add1_ReceiptRequest 207 1_1_0 EXIST::FUNCTION:CMS
d2i_CRL_DIST_POINTS 208 1_1_0 EXIST::FUNCTION:
X509_CRL_INFO_free 209 1_1_0 EXIST::FUNCTION:
@@ -197376,7 +205041,7 @@
s2i_ASN1_OCTET_STRING 217 1_1_0 EXIST::FUNCTION:
POLICYINFO_it 218 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICYINFO_it 218 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -236,10 +232,10 @@ DIST_POINT_NAME_new 231 1_1_0 EXIST::FUNCTION:
+@@ -236,10 +232,10 @@ EC_POINT_set_Jprojective_coordinates_GFp
X509_LOOKUP_file 232 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_decrypt 233 1_1_0 EXIST::FUNCTION:
EVP_rc2_ecb 234 1_1_0 EXIST::FUNCTION:RC2
@@ -197389,7 +205054,7 @@
OBJ_txt2nid 240 1_1_0 EXIST::FUNCTION:
SEED_set_key 241 1_1_0 EXIST::FUNCTION:SEED
EC_KEY_clear_flags 242 1_1_0 EXIST::FUNCTION:EC
-@@ -258,7 +254,6 @@ ENGINE_register_all_ciphers 254 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -258,7 +254,6 @@ ENGINE_register_all_ciphers
SXNET_new 255 1_1_0 EXIST::FUNCTION:
EVP_camellia_256_ctr 256 1_1_0 EXIST::FUNCTION:CAMELLIA
d2i_PKCS8_PRIV_KEY_INFO 257 1_1_0 EXIST::FUNCTION:
@@ -197397,7 +205062,7 @@
EVP_md2 259 1_1_0 EXIST::FUNCTION:MD2
RC2_ecb_encrypt 260 1_1_0 EXIST::FUNCTION:RC2
ENGINE_register_DH 261 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -268,16 +263,16 @@ EVP_des_ede3 264 1_1_0 EXIST::FUNCTION:DES
+@@ -268,16 +263,16 @@ EVP_des_ede3
PKCS7_add1_attrib_digest 265 1_1_0 EXIST::FUNCTION:
EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:EC
EVP_seed_ecb 267 1_1_0 EXIST::FUNCTION:SEED
@@ -197418,7 +205083,7 @@
CRYPTO_secure_free 277 1_1_0 EXIST::FUNCTION:
DSA_print_fp 278 1_1_0 EXIST::FUNCTION:DSA,STDIO
X509_get_ext_d2i 279 1_1_0 EXIST::FUNCTION:
-@@ -302,59 +297,58 @@ PKCS8_set0_pbe 297 1_1_0 EXIST::FUNCTION:
+@@ -302,59 +297,58 @@ CT_POLICY_EVAL_CTX_set0_issuer
PEM_write_bio_DSA_PUBKEY 298 1_1_0 EXIST::FUNCTION:DSA
PEM_X509_INFO_read_bio 299 1_1_0 EXIST::FUNCTION:
EC_GROUP_get0_order 300 1_1_0 EXIST::FUNCTION:EC
@@ -197490,7 +205155,7 @@
PKCS7_stream 352 1_1_0 EXIST::FUNCTION:
i2t_ASN1_OBJECT 353 1_1_0 EXIST::FUNCTION:
EC_GROUP_get0_generator 354 1_1_0 EXIST::FUNCTION:EC
-@@ -378,7 +372,7 @@ SEED_ecb_encrypt 370 1_1_0 EXIST::FUNCTION:SEED
+@@ -378,7 +372,7 @@ SEED_ecb_encrypt
X509_PUBKEY_get0_param 371 1_1_0 EXIST::FUNCTION:
ASN1_i2d_fp 372 1_1_0 EXIST::FUNCTION:STDIO
BIO_new_mem_buf 373 1_1_0 EXIST::FUNCTION:
@@ -197499,7 +205164,7 @@
X509V3_EXT_REQ_add_nconf 375 1_1_0 EXIST::FUNCTION:
X509v3_asid_subset 376 1_1_0 EXIST::FUNCTION:RFC3779
RSA_check_key_ex 377 1_1_0 EXIST::FUNCTION:RSA
-@@ -390,10 +384,9 @@ X509_VERIFY_PARAM_get0_peername 382 1_1_0 EXIST::FUNCTION:
+@@ -390,10 +384,9 @@ CMS_RecipientInfo_kekri_id_cmp
ASN1_PCTX_get_oid_flags 383 1_1_0 EXIST::FUNCTION:
CONF_free 384 1_1_0 EXIST::FUNCTION:
DSO_get_filename 385 1_1_0 EXIST::FUNCTION:
@@ -197511,7 +205176,7 @@
DISPLAYTEXT_free 390 1_1_0 EXIST::FUNCTION:
BN_div 391 1_1_0 EXIST::FUNCTION:
RIPEMD160_Update 392 1_1_0 EXIST::FUNCTION:RMD160
-@@ -402,10 +395,10 @@ ASN1_OBJECT_new 394 1_1_0 EXIST::FUNCTION:
+@@ -402,10 +395,10 @@ PEM_write_bio_CMS
EVP_des_ede3_cfb8 395 1_1_0 EXIST::FUNCTION:DES
BIO_dump_indent_fp 396 1_1_0 EXIST::FUNCTION:STDIO
X509_NAME_ENTRY_get_data 397 1_1_0 EXIST::FUNCTION:
@@ -197524,7 +205189,7 @@
ASN1_STRING_print_ex_fp 402 1_1_0 EXIST::FUNCTION:STDIO
PKCS7_SIGNED_new 403 1_1_0 EXIST::FUNCTION:
CMS_get0_eContentType 404 1_1_0 EXIST::FUNCTION:CMS
-@@ -419,7 +412,7 @@ EVP_CipherFinal_ex 411 1_1_0 EXIST::FUNCTION:
+@@ -419,7 +412,7 @@ TS_TST_INFO_get_ordering
d2i_DSA_PUBKEY 412 1_1_0 EXIST::FUNCTION:DSA
BN_CTX_get 413 1_1_0 EXIST::FUNCTION:
BN_to_montgomery 414 1_1_0 EXIST::FUNCTION:
@@ -197533,7 +205198,7 @@
EVP_camellia_128_cfb8 416 1_1_0 EXIST::FUNCTION:CAMELLIA
EC_KEY_METHOD_free 417 1_1_0 EXIST::FUNCTION:EC
TS_TST_INFO_set_policy_id 418 1_1_0 EXIST::FUNCTION:TS
-@@ -448,17 +441,16 @@ BN_GENCB_new 440 1_1_0 EXIST::FUNCTION:
+@@ -448,17 +441,16 @@ DSA_free
X509_VAL_new 441 1_1_0 EXIST::FUNCTION:
NCONF_load 442 1_1_0 EXIST::FUNCTION:
ASN1_put_object 443 1_1_0 EXIST::FUNCTION:
@@ -197554,7 +205219,7 @@
ENGINE_get_digests 455 1_1_0 EXIST::FUNCTION:ENGINE
TS_MSG_IMPRINT_get_algo 456 1_1_0 EXIST::FUNCTION:TS
DH_new_method 457 1_1_0 EXIST::FUNCTION:DH
-@@ -474,9 +466,8 @@ OPENSSL_memcmp 466 1_1_0 EXIST::FUNCTION:
+@@ -474,9 +466,8 @@ EC_KEY_METHOD_get_init
BUF_MEM_new 467 1_1_0 EXIST::FUNCTION:
DSO_set_filename 468 1_1_0 EXIST::FUNCTION:
DH_new 469 1_1_0 EXIST::FUNCTION:DH
@@ -197565,7 +205230,7 @@
SCT_set_signature_nid 473 1_1_0 EXIST::FUNCTION:CT
i2d_RSA_PUBKEY_fp 474 1_1_0 EXIST::FUNCTION:RSA,STDIO
PKCS12_BAGS_it 475 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -489,7 +480,7 @@ X509_CRL_sort 480 1_1_0 EXIST::FUNCTION:
+@@ -489,7 +480,7 @@ ENGINE_register_all_RSA
i2d_RSA_PUBKEY_bio 481 1_1_0 EXIST::FUNCTION:RSA
ASN1_T61STRING_free 482 1_1_0 EXIST::FUNCTION:
PEM_write_CMS 483 1_1_0 EXIST::FUNCTION:CMS
@@ -197574,7 +205239,7 @@
ENGINE_get_ciphers 485 1_1_0 EXIST::FUNCTION:ENGINE
EVP_rc2_ofb 486 1_1_0 EXIST::FUNCTION:RC2
EVP_PKEY_set1_RSA 487 1_1_0 EXIST::FUNCTION:RSA
-@@ -501,11 +492,11 @@ BN_GF2m_mod_sqr_arr 492 1_1_0 EXIST::FUNCTION:EC2M
+@@ -501,11 +492,11 @@ BN_GF2m_mod_sqr_arr
ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BIO_f_cipher 494 1_1_0 EXIST::FUNCTION:
@@ -197589,7 +205254,7 @@
X509_CRL_print 499 1_1_0 EXIST::FUNCTION:
WHIRLPOOL_Update 500 1_1_0 EXIST::FUNCTION:WHIRLPOOL
DSA_get_ex_data 501 1_1_0 EXIST::FUNCTION:DSA
-@@ -516,18 +507,16 @@ PKCS7_cert_from_signer_info 505 1_1_0 EXIST::FUNCTION:
+@@ -516,18 +507,16 @@ DSA_get_ex_data
X509_TRUST_get_trust 506 1_1_0 EXIST::FUNCTION:
DES_string_to_key 507 1_1_0 EXIST::FUNCTION:DES
ERR_error_string 508 1_1_0 EXIST::FUNCTION:
@@ -197613,7 +205278,7 @@
EVP_MD_CTX_test_flags 521 1_1_0 EXIST::FUNCTION:
X509v3_addr_validate_path 522 1_1_0 EXIST::FUNCTION:RFC3779
BIO_new_fp 523 1_1_0 EXIST::FUNCTION:STDIO
-@@ -547,7 +536,7 @@ EC_KEY_get_flags 536 1_1_0 EXIST::FUNCTION:EC
+@@ -547,7 +536,7 @@ EC_KEY_get_flags
ASN1_TYPE_cmp 537 1_1_0 EXIST::FUNCTION:
i2d_RSAPublicKey 538 1_1_0 EXIST::FUNCTION:RSA
EC_GROUP_get_trinomial_basis 539 1_1_0 EXIST::FUNCTION:EC,EC2M
@@ -197622,7 +205287,7 @@
i2d_PBKDF2PARAM 541 1_1_0 EXIST::FUNCTION:
ENGINE_unregister_RAND 542 1_1_0 EXIST::FUNCTION:ENGINE
PEM_write_bio_RSAPrivateKey 543 1_1_0 EXIST::FUNCTION:RSA
-@@ -561,7 +550,7 @@ d2i_X509_CRL_fp 549 1_1_0 EXIST::FUNCTION:STDIO
+@@ -561,7 +550,7 @@ d2i_X509_CRL_fp
i2d_RSA_PUBKEY 550 1_1_0 EXIST::FUNCTION:RSA
EVP_aes_128_ccm 551 1_1_0 EXIST::FUNCTION:
ECParameters_print 552 1_1_0 EXIST::FUNCTION:EC
@@ -197631,7 +205296,7 @@
RAND_status 554 1_1_0 EXIST::FUNCTION:
EVP_ripemd160 555 1_1_0 EXIST::FUNCTION:RMD160
EVP_MD_meth_set_final 556 1_1_0 EXIST::FUNCTION:
-@@ -585,8 +574,7 @@ SCT_verify 573 1_1_0 EXIST::FUNCTION:CT
+@@ -585,8 +574,7 @@ SCT_verify
d2i_X509 574 1_1_0 EXIST::FUNCTION:
a2i_ASN1_STRING 575 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 1_1_0 EXIST::FUNCTION:EC
@@ -197641,7 +205306,7 @@
EVP_camellia_128_cfb128 579 1_1_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 1_1_0 EXIST::FUNCTION:DH
ERR_load_CONF_strings 581 1_1_0 EXIST::FUNCTION:
-@@ -640,12 +628,11 @@ CRYPTO_secure_malloc_done 625 1_1_0 EXIST::FUNCTION:
+@@ -640,12 +628,11 @@ ERR_load_RSA_strings
RSA_OAEP_PARAMS_new 626 1_1_0 EXIST::FUNCTION:RSA
X509_NAME_free 627 1_1_0 EXIST::FUNCTION:
PKCS12_set_mac 628 1_1_0 EXIST::FUNCTION:
@@ -197656,7 +205321,7 @@
d2i_X509_REQ_fp 635 1_1_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 1_1_0 EXIST::FUNCTION:DH
BN_get_rfc3526_prime_8192 637 1_1_0 EXIST::FUNCTION:
-@@ -654,26 +641,25 @@ X509_REVOKED_it 638 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:F
+@@ -654,26 +641,25 @@ DH_OpenSSL
CRYPTO_THREAD_write_lock 639 1_1_0 EXIST::FUNCTION:
X509V3_NAME_from_section 640 1_1_0 EXIST::FUNCTION:
EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:EC
@@ -197688,7 +205353,7 @@
IDEA_encrypt 662 1_1_0 EXIST::FUNCTION:IDEA
CRYPTO_nistcts128_encrypt_block 663 1_1_0 EXIST::FUNCTION:
EVP_MD_do_all 664 1_1_0 EXIST::FUNCTION:
-@@ -686,8 +672,8 @@ PKCS5_pbe_set0_algor 670 1_1_0 EXIST::FUNCTION:
+@@ -686,8 +672,8 @@ ENGINE_set_table_flags
ENGINE_get_table_flags 671 1_1_0 EXIST::FUNCTION:ENGINE
PKCS12_MAC_DATA_new 672 1_1_0 EXIST::FUNCTION:
X509_chain_up_ref 673 1_1_0 EXIST::FUNCTION:
@@ -197699,7 +205364,7 @@
PKCS12_add_localkeyid 675 1_1_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get0_type 676 1_1_0 EXIST::FUNCTION:
X509_TRUST_set_default 677 1_1_0 EXIST::FUNCTION:
-@@ -704,11 +690,11 @@ AES_ige_encrypt 686 1_1_0 EXIST::FUNCTION:
+@@ -704,11 +690,11 @@ TS_REQ_get_ext_d2i
d2i_SXNET 687 1_1_0 EXIST::FUNCTION:
CTLOG_get0_log_id 688 1_1_0 EXIST::FUNCTION:CT
CMS_RecipientInfo_ktri_get0_signer_id 689 1_1_0 EXIST::FUNCTION:CMS
@@ -197713,7 +205378,7 @@
ASN1_INTEGER_free 695 1_1_0 EXIST::FUNCTION:
BN_get0_nist_prime_224 696 1_1_0 EXIST::FUNCTION:
OPENSSL_isservice 697 1_1_0 EXIST::FUNCTION:
-@@ -727,16 +713,15 @@ i2s_ASN1_OCTET_STRING 709 1_1_0 EXIST::FUNCTION:
+@@ -727,16 +713,15 @@ d2i_ASIdOrRange
X509_add1_reject_object 710 1_1_0 EXIST::FUNCTION:
ERR_set_mark 711 1_1_0 EXIST::FUNCTION:
d2i_ASN1_VISIBLESTRING 712 1_1_0 EXIST::FUNCTION:
@@ -197732,7 +205397,7 @@
ASN1_SET_ANY_it 723 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_SET_ANY_it 723 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_TS_RESP_bio 724 1_1_0 EXIST::FUNCTION:TS
-@@ -746,22 +731,22 @@ EC_POINT_hex2point 727 1_1_0 EXIST::FUNCTION:EC
+@@ -746,22 +731,22 @@ EC_POINT_hex2point
X509v3_get_ext_by_critical 728 1_1_0 EXIST::FUNCTION:
ENGINE_get_default_RSA 729 1_1_0 EXIST::FUNCTION:ENGINE
DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DSA
@@ -197759,7 +205424,7 @@
TS_TST_INFO_get_ext_d2i 747 1_1_0 EXIST::FUNCTION:TS
RSA_check_key 748 1_1_0 EXIST::FUNCTION:RSA
TS_MSG_IMPRINT_set_algo 749 1_1_0 EXIST::FUNCTION:TS
-@@ -774,22 +759,22 @@ EVP_CIPHER_meth_set_cleanup 755 1_1_0 EXIST::FUNCTION:
+@@ -774,22 +759,22 @@ CTLOG_STORE_new
d2i_PKCS12_SAFEBAG 756 1_1_0 EXIST::FUNCTION:
EVP_MD_pkey_type 757 1_1_0 EXIST::FUNCTION:
X509_policy_node_get0_qualifiers 758 1_1_0 EXIST::FUNCTION:
@@ -197787,7 +205452,7 @@
EVP_rc5_32_12_16_cfb64 775 1_1_0 EXIST::FUNCTION:RC5
PKCS7_dataVerify 776 1_1_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_free 777 1_1_0 EXIST::FUNCTION:
-@@ -810,7 +795,6 @@ CRYPTO_ocb128_encrypt 791 1_1_0 EXIST::FUNCTION:OCB
+@@ -810,7 +795,6 @@ CRYPTO_ocb128_encrypt
EXTENDED_KEY_USAGE_new 792 1_1_0 EXIST::FUNCTION:
EVP_EncryptFinal 793 1_1_0 EXIST::FUNCTION:
PEM_write_ECPrivateKey 794 1_1_0 EXIST::FUNCTION:EC
@@ -197795,7 +205460,7 @@
EVP_CIPHER_meth_set_get_asn1_params 796 1_1_0 EXIST::FUNCTION:
PKCS7_dataInit 797 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_app_data 798 1_1_0 EXIST::FUNCTION:
-@@ -834,7 +818,7 @@ EVP_PKEY_set1_EC_KEY 815 1_1_0 EXIST::FUNCTION:EC
+@@ -834,7 +818,7 @@ EVP_PKEY_set1_EC_KEY
ECPKParameters_print_fp 816 1_1_0 EXIST::FUNCTION:EC,STDIO
GENERAL_SUBTREE_free 817 1_1_0 EXIST::FUNCTION:
RSA_blinding_off 818 1_1_0 EXIST::FUNCTION:RSA
@@ -197804,7 +205469,7 @@
X509V3_add_standard_extensions 820 1_1_0 EXIST::FUNCTION:
PEM_write_bio_RSA_PUBKEY 821 1_1_0 EXIST::FUNCTION:RSA
i2d_ASN1_UTF8STRING 822 1_1_0 EXIST::FUNCTION:
-@@ -842,10 +826,10 @@ TS_REQ_delete_ext 823 1_1_0 EXIST::FUNCTION:TS
+@@ -842,10 +826,10 @@ TS_REQ_delete_ext
PKCS7_DIGEST_free 824 1_1_0 EXIST::FUNCTION:
OBJ_nid2ln 825 1_1_0 EXIST::FUNCTION:
COMP_CTX_new 826 1_1_0 EXIST::FUNCTION:COMP
@@ -197819,7 +205484,7 @@
d2i_X509_REQ_bio 830 1_1_0 EXIST::FUNCTION:
EVP_PBE_cleanup 831 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_current_crl 832 1_1_0 EXIST::FUNCTION:
-@@ -854,20 +838,19 @@ EVP_PKEY_paramgen 834 1_1_0 EXIST::FUNCTION:
+@@ -854,20 +838,19 @@ CMS_get0_SignerInfos
PEM_write_PKCS8PrivateKey_nid 835 1_1_0 EXIST::FUNCTION:STDIO
PKCS7_ATTR_VERIFY_it 836 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ATTR_VERIFY_it 836 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -197843,7 +205508,7 @@
ASN1_TIME_check 851 1_1_0 EXIST::FUNCTION:
PKCS7_DIGEST_new 852 1_1_0 EXIST::FUNCTION:
i2d_TS_TST_INFO_fp 853 1_1_0 EXIST::FUNCTION:STDIO,TS
-@@ -881,12 +864,12 @@ TXT_DB_insert 860 1_1_0 EXIST::FUNCTION:
+@@ -881,12 +864,12 @@ ECDSA_sign_ex
EC_POINTs_make_affine 861 1_1_0 EXIST::FUNCTION:EC
RSA_padding_add_PKCS1_PSS 862 1_1_0 EXIST::FUNCTION:RSA
BF_options 863 1_1_0 EXIST::FUNCTION:BF
@@ -197859,7 +205524,7 @@
RSA_set_default_method 869 1_1_0 EXIST::FUNCTION:RSA
BN_GF2m_mod_sqrt_arr 870 1_1_0 EXIST::FUNCTION:EC2M
X509_get0_extensions 871 1_1_0 EXIST::FUNCTION:
-@@ -901,7 +884,6 @@ X509_REQ_INFO_free 878 1_1_0 EXIST::FUNCTION:
+@@ -901,7 +884,6 @@ EC_KEY_METHOD_set_compute_key
CMS_ReceiptRequest_create0 879 1_1_0 EXIST::FUNCTION:CMS
EVP_MD_meth_set_cleanup 880 1_1_0 EXIST::FUNCTION:
EVP_aes_128_xts 881 1_1_0 EXIST::FUNCTION:
@@ -197867,7 +205532,7 @@
TS_RESP_verify_signature 883 1_1_0 EXIST::FUNCTION:TS
ENGINE_set_pkey_meths 884 1_1_0 EXIST::FUNCTION:ENGINE
CMS_EncryptedData_decrypt 885 1_1_0 EXIST::FUNCTION:CMS
-@@ -920,10 +902,10 @@ EVP_bf_cfb64 896 1_1_0 EXIST::FUNCTION:BF
+@@ -920,10 +902,10 @@ EVP_bf_cfb64
PKCS7_sign_add_signer 897 1_1_0 EXIST::FUNCTION:
X509_print_ex 898 1_1_0 EXIST::FUNCTION:
PKCS7_add_recipient 899 1_1_0 EXIST::FUNCTION:
@@ -197880,7 +205545,7 @@
ENGINE_register_ciphers 904 1_1_0 EXIST::FUNCTION:ENGINE
PKCS5_pbe2_set_iv 905 1_1_0 EXIST::FUNCTION:
ASN1_add_stable_module 906 1_1_0 EXIST::FUNCTION:
-@@ -935,7 +917,7 @@ DES_encrypt1 911 1_1_0 EXIST::FUNCTION:DES
+@@ -935,7 +917,7 @@ DES_encrypt1
BN_mod_lshift1_quick 912 1_1_0 EXIST::FUNCTION:
BN_get_rfc3526_prime_6144 913 1_1_0 EXIST::FUNCTION:
OBJ_obj2txt 914 1_1_0 EXIST::FUNCTION:
@@ -197889,7 +205554,7 @@
EVP_EncodeUpdate 916 1_1_0 EXIST::FUNCTION:
PEM_write_bio_X509_CRL 917 1_1_0 EXIST::FUNCTION:
BN_cmp 918 1_1_0 EXIST::FUNCTION:
-@@ -943,7 +925,6 @@ CT_POLICY_EVAL_CTX_get0_log_store 919 1_1_0 EXIST::FUNCTION:CT
+@@ -943,7 +925,6 @@ CT_POLICY_EVAL_CTX_get0_log_store
CONF_set_default_method 920 1_1_0 EXIST::FUNCTION:
ASN1_PCTX_get_nm_flags 921 1_1_0 EXIST::FUNCTION:
X509_add1_ext_i2d 922 1_1_0 EXIST::FUNCTION:
@@ -197897,7 +205562,7 @@
i2d_PKCS7_RECIP_INFO 924 1_1_0 EXIST::FUNCTION:
PKCS1_MGF1 925 1_1_0 EXIST::FUNCTION:RSA
BIO_vsnprintf 926 1_1_0 EXIST::FUNCTION:
-@@ -965,7 +946,6 @@ PKCS7_get0_signers 940 1_1_0 EXIST::FUNCTION:
+@@ -965,7 +946,6 @@ i2d_X509_CRL_fp
X509_STORE_CTX_set_ex_data 941 1_1_0 EXIST::FUNCTION:
TS_VERIFY_CTS_set_certs 942 1_1_0 EXIST::FUNCTION:TS
BN_MONT_CTX_copy 943 1_1_0 EXIST::FUNCTION:
@@ -197905,7 +205570,7 @@
OPENSSL_INIT_new 945 1_1_0 EXIST::FUNCTION:
TS_ACCURACY_dup 946 1_1_0 EXIST::FUNCTION:TS
i2d_ECPrivateKey 947 1_1_0 EXIST::FUNCTION:EC
-@@ -977,7 +957,7 @@ ASN1_PRINTABLE_it 951 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:F
+@@ -977,7 +957,7 @@ TS_VERIFY_CTX_cleanup
EVP_VerifyFinal 952 1_1_0 EXIST::FUNCTION:
TS_ASN1_INTEGER_print_bio 953 1_1_0 EXIST::FUNCTION:TS
X509_NAME_ENTRY_set_object 954 1_1_0 EXIST::FUNCTION:
@@ -197914,7 +205579,7 @@
EVP_rc5_32_12_16_ecb 956 1_1_0 EXIST::FUNCTION:RC5
i2d_PKCS8_bio 957 1_1_0 EXIST::FUNCTION:
v2i_ASN1_BIT_STRING 958 1_1_0 EXIST::FUNCTION:
-@@ -1000,8 +980,7 @@ d2i_DSAPublicKey 972 1_1_0 EXIST::FUNCTION:DSA
+@@ -1000,8 +980,7 @@ d2i_DSAPublicKey
ENGINE_get_name 973 1_1_0 EXIST::FUNCTION:ENGINE
CRYPTO_THREAD_read_lock 974 1_1_0 EXIST::FUNCTION:
ASIdentifierChoice_free 975 1_1_0 EXIST::FUNCTION:RFC3779
@@ -197924,7 +205589,7 @@
BN_is_bit_set 978 1_1_0 EXIST::FUNCTION:
AES_ofb128_encrypt 979 1_1_0 EXIST::FUNCTION:
X509_STORE_add_lookup 980 1_1_0 EXIST::FUNCTION:
-@@ -1015,7 +994,7 @@ ISSUING_DIST_POINT_free 987 1_1_0 EXIST::FUNCTION:
+@@ -1015,7 +994,7 @@ i2d_TS_STATUS_INFO
ASN1_UTCTIME_free 988 1_1_0 EXIST::FUNCTION:
ERR_load_TS_strings 989 1_1_0 EXIST::FUNCTION:TS
BN_nist_mod_func 990 1_1_0 EXIST::FUNCTION:
@@ -197933,7 +205598,7 @@
DSA_SIG_new 992 1_1_0 EXIST::FUNCTION:DSA
DH_get_default_method 993 1_1_0 EXIST::FUNCTION:DH
PEM_proc_type 994 1_1_0 EXIST::FUNCTION:
-@@ -1028,11 +1007,11 @@ ASN1_BIT_STRING_it 1000 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -1028,11 +1007,11 @@ SEED_cfb128_encrypt
ASN1_BIT_STRING_it 1000 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PKCS12_decrypt_skey 1001 1_1_0 EXIST::FUNCTION:
ENGINE_register_EC 1002 1_1_0 EXIST::FUNCTION:ENGINE
@@ -197947,7 +205612,7 @@
BN_X931_generate_Xpq 1008 1_1_0 EXIST::FUNCTION:
ASN1_item_digest 1009 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_trust 1010 1_1_0 EXIST::FUNCTION:
-@@ -1043,13 +1022,12 @@ ASN1_UTCTIME_it 1013 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -1043,13 +1022,12 @@ i2d_RSAPublicKey_bio
i2d_DSA_PUBKEY_fp 1014 1_1_0 EXIST::FUNCTION:DSA,STDIO
X509at_get_attr_by_OBJ 1015 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_copy_ex 1016 1_1_0 EXIST::FUNCTION:
@@ -197965,7 +205630,7 @@
EVP_md4 1024 1_1_0 EXIST::FUNCTION:MD4
X509_set_subject_name 1025 1_1_0 EXIST::FUNCTION:
i2d_PKCS8PrivateKey_nid_bio 1026 1_1_0 EXIST::FUNCTION:
-@@ -1069,7 +1047,6 @@ TS_REQ_set_msg_imprint 1037 1_1_0 EXIST::FUNCTION:TS
+@@ -1069,7 +1047,6 @@ TS_REQ_set_msg_imprint
BN_mod_sub_quick 1038 1_1_0 EXIST::FUNCTION:
SMIME_write_CMS 1039 1_1_0 EXIST::FUNCTION:CMS
i2d_DSAPublicKey 1040 1_1_0 EXIST::FUNCTION:DSA
@@ -197973,7 +205638,7 @@
SMIME_text 1042 1_1_0 EXIST::FUNCTION:
PKCS7_add_recipient_info 1043 1_1_0 EXIST::FUNCTION:
BN_get_word 1044 1_1_0 EXIST::FUNCTION:
-@@ -1103,7 +1080,7 @@ X509_EXTENSION_set_data 1071 1_1_0 EXIST::FUNCTION:
+@@ -1103,7 +1080,7 @@ CRYPTO_mem_debug_malloc
ENGINE_get_EC 1072 1_1_0 EXIST::FUNCTION:ENGINE
ASN1_STRING_copy 1073 1_1_0 EXIST::FUNCTION:
EVP_PKEY_encrypt_old 1074 1_1_0 EXIST::FUNCTION:
@@ -197982,7 +205647,7 @@
DES_is_weak_key 1076 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_verify 1077 1_1_0 EXIST::FUNCTION:
ERR_load_BIO_strings 1078 1_1_0 EXIST::FUNCTION:
-@@ -1125,7 +1102,7 @@ X509_print_ex_fp 1093 1_1_0 EXIST::FUNCTION:STDIO
+@@ -1125,7 +1102,7 @@ X509_print_ex_fp
ERR_load_PEM_strings 1094 1_1_0 EXIST::FUNCTION:
ENGINE_unregister_pkey_asn1_meths 1095 1_1_0 EXIST::FUNCTION:ENGINE
IPAddressFamily_free 1096 1_1_0 EXIST::FUNCTION:RFC3779
@@ -197991,7 +205656,7 @@
ASN1_NULL_it 1098 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_NULL_it 1098 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509_REQ_get_pubkey 1099 1_1_0 EXIST::FUNCTION:
-@@ -1149,7 +1126,7 @@ i2d_X509_EXTENSIONS 1116 1_1_0 EXIST::FUNCTION:
+@@ -1149,7 +1126,7 @@ BIO_s_datagram
X509_STORE_CTX_get0_store 1117 1_1_0 EXIST::FUNCTION:
PKCS12_pack_p7data 1118 1_1_0 EXIST::FUNCTION:
RSA_print_fp 1119 1_1_0 EXIST::FUNCTION:RSA,STDIO
@@ -198000,7 +205665,7 @@
EC_KEY_print_fp 1121 1_1_0 EXIST::FUNCTION:EC,STDIO
BIO_dup_chain 1122 1_1_0 EXIST::FUNCTION:
PKCS8_PRIV_KEY_INFO_it 1123 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1160,7 +1137,7 @@ CRYPTO_cts128_encrypt 1126 1_1_0 EXIST::FUNCTION:
+@@ -1160,7 +1137,7 @@ RSA_OAEP_PARAMS_free
RC2_encrypt 1127 1_1_0 EXIST::FUNCTION:RC2
PEM_write 1128 1_1_0 EXIST::FUNCTION:STDIO
EVP_CIPHER_meth_get_get_asn1_params 1129 1_1_0 EXIST::FUNCTION:
@@ -198009,7 +205674,7 @@
d2i_ASN1_UTF8STRING 1131 1_1_0 EXIST::FUNCTION:
EXTENDED_KEY_USAGE_it 1132 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
EXTENDED_KEY_USAGE_it 1132 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -1175,8 +1152,8 @@ ASN1_STRING_set_by_NID 1140 1_1_0 EXIST::FUNCTION:
+@@ -1175,8 +1152,8 @@ RSA_new
PEM_write_bio_PKCS7 1141 1_1_0 EXIST::FUNCTION:
MDC2_Final 1142 1_1_0 EXIST::FUNCTION:MDC2
SMIME_crlf_copy 1143 1_1_0 EXIST::FUNCTION:
@@ -198020,7 +205685,7 @@
X509_load_cert_crl_file 1146 1_1_0 EXIST::FUNCTION:
EVP_PKEY_new_mac_key 1147 1_1_0 EXIST::FUNCTION:
DIST_POINT_new 1148 1_1_0 EXIST::FUNCTION:
-@@ -1187,7 +1164,7 @@ X509_STORE_CTX_set0_param 1152 1_1_0 EXIST::FUNCTION:
+@@ -1187,7 +1164,7 @@ PKCS5_v2_scrypt_keyivgen
DES_check_key_parity 1153 1_1_0 EXIST::FUNCTION:DES
EVP_aes_256_ocb 1154 1_1_0 EXIST::FUNCTION:OCB
X509_VAL_free 1155 1_1_0 EXIST::FUNCTION:
@@ -198029,7 +205694,7 @@
PEM_write_RSA_PUBKEY 1157 1_1_0 EXIST::FUNCTION:RSA
PKCS12_SAFEBAG_get0_p8inf 1158 1_1_0 EXIST::FUNCTION:
X509_CRL_set_issuer_name 1159 1_1_0 EXIST::FUNCTION:
-@@ -1211,7 +1188,7 @@ SHA256 1175 1_1_0 EXIST::FUNCTION:
+@@ -1211,7 +1188,7 @@ TS_TST_INFO_get_serial
X509_LOOKUP_hash_dir 1176 1_1_0 EXIST::FUNCTION:
ASN1_BIT_STRING_check 1177 1_1_0 EXIST::FUNCTION:
ENGINE_set_default_RAND 1178 1_1_0 EXIST::FUNCTION:ENGINE
@@ -198038,7 +205703,7 @@
TS_TST_INFO_add_ext 1180 1_1_0 EXIST::FUNCTION:TS
EVP_aes_192_ccm 1181 1_1_0 EXIST::FUNCTION:
X509V3_add_value 1182 1_1_0 EXIST::FUNCTION:
-@@ -1241,7 +1218,7 @@ OPENSSL_uni2asc 1205 1_1_0 EXIST::FUNCTION:
+@@ -1241,7 +1218,7 @@ EVP_cast5_cfb64
SCT_validation_status_string 1206 1_1_0 EXIST::FUNCTION:CT
PKCS7_add_attribute 1207 1_1_0 EXIST::FUNCTION:
ENGINE_register_DSA 1208 1_1_0 EXIST::FUNCTION:ENGINE
@@ -198047,7 +205712,7 @@
X509_policy_tree_free 1210 1_1_0 EXIST::FUNCTION:
EC_GFp_simple_method 1211 1_1_0 EXIST::FUNCTION:EC
X509_it 1212 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1251,10 +1228,10 @@ MDC2_Update 1214 1_1_0 EXIST::FUNCTION:MDC2
+@@ -1251,10 +1228,10 @@ MDC2_Update
EC_KEY_new_by_curve_name 1215 1_1_0 EXIST::FUNCTION:EC
X509_CRL_free 1216 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_SIGN_ENVELOPE 1217 1_1_0 EXIST::FUNCTION:
@@ -198061,7 +205726,7 @@
i2d_X509_AUX 1221 1_1_0 EXIST::FUNCTION:
RSA_verify_PKCS1_PSS_mgf1 1222 1_1_0 EXIST::FUNCTION:RSA
X509_time_adj 1223 1_1_0 EXIST::FUNCTION:
-@@ -1281,24 +1258,22 @@ X509_CRL_cmp 1243 1_1_0 EXIST::FUNCTION:
+@@ -1281,24 +1258,22 @@ PEM_read_bio_DSAparams
DSO_METHOD_openssl 1244 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey_fp 1245 1_1_0 EXIST::FUNCTION:STDIO
i2d_NETSCAPE_CERT_SEQUENCE 1246 1_1_0 EXIST::FUNCTION:
@@ -198088,7 +205753,7 @@
d2i_DISPLAYTEXT 1265 1_1_0 EXIST::FUNCTION:
HMAC_CTX_copy 1266 1_1_0 EXIST::FUNCTION:
CRYPTO_gcm128_init 1267 1_1_0 EXIST::FUNCTION:
-@@ -1319,15 +1294,15 @@ ASN1_TIME_free 1281 1_1_0 EXIST::FUNCTION:
+@@ -1319,15 +1294,15 @@ CONF_dump_fp
i2o_SCT_LIST 1282 1_1_0 EXIST::FUNCTION:CT
AES_encrypt 1283 1_1_0 EXIST::FUNCTION:
MD5_Init 1284 1_1_0 EXIST::FUNCTION:MD5
@@ -198107,7 +205772,7 @@
BN_num_bits 1293 1_1_0 EXIST::FUNCTION:
X509_CRL_METHOD_free 1294 1_1_0 EXIST::FUNCTION:
PEM_read_NETSCAPE_CERT_SEQUENCE 1295 1_1_0 EXIST::FUNCTION:
-@@ -1342,11 +1317,11 @@ BN_rshift1 1303 1_1_0 EXIST::FUNCTION:
+@@ -1342,11 +1317,11 @@ PEM_write_DSA_PUBKEY
i2d_PKCS7_ENVELOPE 1304 1_1_0 EXIST::FUNCTION:
PBKDF2PARAM_it 1305 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PBKDF2PARAM_it 1305 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -198121,12 +205786,12 @@
RC2_decrypt 1310 1_1_0 EXIST::FUNCTION:RC2
OPENSSL_atexit 1311 1_1_0 EXIST::FUNCTION:
CMS_add_standard_smimecap 1312 1_1_0 EXIST::FUNCTION:CMS
-@@ -1355,11 +1330,11 @@ BN_BLINDING_set_flags 1314 1_1_0 EXIST::FUNCTION:
+@@ -1355,11 +1330,11 @@ CMS_add_standard_smimecap
ERR_peek_last_error 1315 1_1_0 EXIST::FUNCTION:
ENGINE_set_cmd_defns 1316 1_1_0 EXIST::FUNCTION:ENGINE
d2i_ASN1_NULL 1317 1_1_0 EXIST::FUNCTION:
-RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:
-+RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
++RAND_event 1318 1_1_0 EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
i2d_PKCS12_fp 1319 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_init 1320 1_1_0 EXIST::FUNCTION:
X509_check_trust 1321 1_1_0 EXIST::FUNCTION:
@@ -198135,7 +205800,7 @@
HMAC_Init_ex 1323 1_1_0 EXIST::FUNCTION:
SMIME_read_CMS 1324 1_1_0 EXIST::FUNCTION:CMS
X509_subject_name_cmp 1325 1_1_0 EXIST::FUNCTION:
-@@ -1387,8 +1362,8 @@ PEM_write_bio_CMS_stream 1345 1_1_0 EXIST::FUNCTION:CMS
+@@ -1387,8 +1362,8 @@ PEM_write_bio_CMS_stream
BIO_f_linebuffer 1346 1_1_0 EXIST::FUNCTION:
ASN1_item_d2i_bio 1347 1_1_0 EXIST::FUNCTION:
ENGINE_get_flags 1348 1_1_0 EXIST::FUNCTION:ENGINE
@@ -198146,7 +205811,7 @@
EVP_PKEY_encrypt 1351 1_1_0 EXIST::FUNCTION:
CRYPTO_cfb128_8_encrypt 1352 1_1_0 EXIST::FUNCTION:
SXNET_get_id_INTEGER 1353 1_1_0 EXIST::FUNCTION:
-@@ -1397,7 +1372,6 @@ i2v_GENERAL_NAME 1355 1_1_0 EXIST::FUNCTION:
+@@ -1397,7 +1372,6 @@ ENGINE_get_flags
PKCS7_ENC_CONTENT_new 1356 1_1_0 EXIST::FUNCTION:
CRYPTO_realloc 1357 1_1_0 EXIST::FUNCTION:
BIO_ctrl_pending 1358 1_1_0 EXIST::FUNCTION:
@@ -198154,7 +205819,7 @@
EVP_MD_meth_new 1360 1_1_0 EXIST::FUNCTION:
X509_sign_ctx 1361 1_1_0 EXIST::FUNCTION:
BN_is_odd 1362 1_1_0 EXIST::FUNCTION:
-@@ -1407,11 +1381,9 @@ ASN1_SCTX_get_app_data 1365 1_1_0 EXIST::FUNCTION:
+@@ -1407,11 +1381,9 @@ ENGINE_get_flags
X509_get_default_cert_file_env 1366 1_1_0 EXIST::FUNCTION:
X509v3_addr_validate_resource_set 1367 1_1_0 EXIST::FUNCTION:RFC3779
d2i_X509_VAL 1368 1_1_0 EXIST::FUNCTION:
@@ -198167,7 +205832,7 @@
BN_GENCB_set_old 1373 1_1_0 EXIST::FUNCTION:
PEM_write_bio_X509 1374 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_free 1375 1_1_0 EXIST::FUNCTION:
-@@ -1421,18 +1393,16 @@ PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -1421,18 +1393,16 @@ ENGINE_unregister_DH
CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 EXIST::FUNCTION:CT
X509_NAME_hash 1379 1_1_0 EXIST::FUNCTION:
SCT_set_timestamp 1380 1_1_0 EXIST::FUNCTION:CT
@@ -198188,7 +205853,7 @@
X509_CRL_add0_revoked 1393 1_1_0 EXIST::FUNCTION:
GENERAL_NAME_set0_value 1394 1_1_0 EXIST::FUNCTION:
X509_ATTRIBUTE_dup 1395 1_1_0 EXIST::FUNCTION:
-@@ -1442,7 +1412,7 @@ PEM_read_bio_PrivateKey 1398 1_1_0 EXIST::FUNCTION:
+@@ -1442,7 +1412,7 @@ EC_GROUP_check_discriminant
d2i_PKCS7_ENCRYPT 1399 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_ctrl 1400 1_1_0 EXIST::FUNCTION:
X509_REQ_set_pubkey 1401 1_1_0 EXIST::FUNCTION:
@@ -198197,7 +205862,7 @@
X509_REQ_add_extensions_nid 1403 1_1_0 EXIST::FUNCTION:
PEM_X509_INFO_write_bio 1404 1_1_0 EXIST::FUNCTION:
BIO_dump_cb 1405 1_1_0 EXIST::FUNCTION:
-@@ -1455,7 +1425,7 @@ BIO_set_ex_data 1411 1_1_0 EXIST::FUNCTION:
+@@ -1455,7 +1425,7 @@ SRP_Calc_server_key
SHA512 1412 1_1_0 EXIST:!VMSVAX:FUNCTION:
X509_STORE_CTX_get_explicit_policy 1413 1_1_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 1_1_0 EXIST::FUNCTION:
@@ -198206,7 +205871,7 @@
EVP_MD_CTX_reset 1416 1_1_0 EXIST::FUNCTION:
X509_NAME_new 1417 1_1_0 EXIST::FUNCTION:
ASN1_item_pack 1418 1_1_0 EXIST::FUNCTION:
-@@ -1469,11 +1439,11 @@ CRYPTO_nistcts128_encrypt 1425 1_1_0 EXIST::FUNCTION:
+@@ -1469,11 +1439,11 @@ d2i_RSA_PUBKEY_fp
CONF_modules_finish 1426 1_1_0 EXIST::FUNCTION:
BN_value_one 1427 1_1_0 EXIST::FUNCTION:
RSA_padding_add_SSLv23 1428 1_1_0 EXIST::FUNCTION:RSA
@@ -198222,7 +205887,7 @@
ENGINE_get_RSA 1432 1_1_0 EXIST::FUNCTION:ENGINE
RAND_get_rand_method 1433 1_1_0 EXIST::FUNCTION:
ERR_load_DSA_strings 1434 1_1_0 EXIST::FUNCTION:DSA
-@@ -1485,22 +1455,21 @@ i2d_ECPrivateKey_bio 1439 1_1_0 EXIST::FUNCTION:EC
+@@ -1485,22 +1455,21 @@ i2d_ECPrivateKey_bio
BN_GENCB_free 1440 1_1_0 EXIST::FUNCTION:
HMAC_size 1441 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get0_DH 1442 1_1_0 EXIST::FUNCTION:DH
@@ -198248,7 +205913,7 @@
BN_nist_mod_192 1459 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_ISSUER_AND_SERIAL 1460 1_1_0 EXIST::FUNCTION:
X509V3_EXT_nconf 1461 1_1_0 EXIST::FUNCTION:
-@@ -1514,22 +1483,22 @@ i2d_PKCS7_SIGNER_INFO 1468 1_1_0 EXIST::FUNCTION:
+@@ -1514,22 +1483,22 @@ TS_CONF_get_tsa_section
EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION:UI
BN_bn2bin 1470 1_1_0 EXIST::FUNCTION:
d2i_ASN1_BIT_STRING 1471 1_1_0 EXIST::FUNCTION:
@@ -198276,7 +205941,7 @@
SXNET_it 1488 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
SXNET_it 1488 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BIO_indent 1489 1_1_0 EXIST::FUNCTION:
-@@ -1541,7 +1510,7 @@ i2d_TS_REQ_bio 1494 1_1_0 EXIST::FUNCTION:TS
+@@ -1541,7 +1510,7 @@ i2d_TS_REQ_bio
EVP_PKEY_CTX_get_operation 1495 1_1_0 EXIST::FUNCTION:
EVP_MD_meth_set_ctrl 1496 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_set_critical 1497 1_1_0 EXIST::FUNCTION:
@@ -198285,7 +205950,7 @@
ENGINE_get_DSA 1499 1_1_0 EXIST::FUNCTION:ENGINE
ASYNC_get_wait_ctx 1500 1_1_0 EXIST::FUNCTION:
ENGINE_set_load_privkey_function 1501 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -1553,7 +1522,7 @@ EVP_CIPHER_CTX_rand_key 1506 1_1_0 EXIST::FUNCTION:
+@@ -1553,7 +1522,7 @@ ENGINE_set_load_privkey_function
AES_set_encrypt_key 1507 1_1_0 EXIST::FUNCTION:
ASN1_UTCTIME_new 1508 1_1_0 EXIST::FUNCTION:
AES_cbc_encrypt 1509 1_1_0 EXIST::FUNCTION:
@@ -198294,7 +205959,7 @@
EVP_PKEY_asn1_find 1511 1_1_0 EXIST::FUNCTION:
d2i_ASN1_GENERALIZEDTIME 1512 1_1_0 EXIST::FUNCTION:
OPENSSL_cleanup 1513 1_1_0 EXIST::FUNCTION:
-@@ -1565,7 +1534,7 @@ BIO_free 1518 1_1_0 EXIST::FUNCTION:
+@@ -1565,7 +1534,7 @@ SCT_get_source
i2d_X509_ALGOR 1519 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set0_crls 1520 1_1_0 EXIST::FUNCTION:
ASYNC_pause_job 1521 1_1_0 EXIST::FUNCTION:
@@ -198303,7 +205968,7 @@
EVP_camellia_256_ofb 1523 1_1_0 EXIST::FUNCTION:CAMELLIA
PKCS12_item_i2d_encrypt 1524 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_copy 1525 1_1_0 EXIST::FUNCTION:
-@@ -1590,13 +1559,13 @@ CMS_get0_content 1543 1_1_0 EXIST::FUNCTION:CMS
+@@ -1590,13 +1559,13 @@ CMS_get0_content
BN_is_word 1544 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_key_length 1545 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_asn1_to_param 1546 1_1_0 EXIST::FUNCTION:
@@ -198319,7 +205984,7 @@
CMS_SignerInfo_sign 1554 1_1_0 EXIST::FUNCTION:CMS
ASN1_item_i2d_bio 1555 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_block_size 1556 1_1_0 EXIST::FUNCTION:
-@@ -1607,7 +1576,7 @@ EVP_MD_meth_set_app_datasize 1560 1_1_0 EXIST::FUNCTION:
+@@ -1607,7 +1576,7 @@ TS_CONF_set_default_engine
DSO_free 1561 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_get_tsa 1562 1_1_0 EXIST::FUNCTION:TS
EC_GROUP_check 1563 1_1_0 EXIST::FUNCTION:EC
@@ -198328,7 +205993,7 @@
TS_RESP_CTX_set_extension_cb 1565 1_1_0 EXIST::FUNCTION:TS
EVP_CIPHER_CTX_nid 1566 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_add_md 1567 1_1_0 EXIST::FUNCTION:TS
-@@ -1616,8 +1585,8 @@ X509V3_extensions_print 1569 1_1_0 EXIST::FUNCTION:
+@@ -1616,8 +1585,8 @@ DES_set_key
PEM_do_header 1570 1_1_0 EXIST::FUNCTION:
i2d_re_X509_CRL_tbs 1571 1_1_0 EXIST::FUNCTION:
BIO_method_name 1572 1_1_0 EXIST::FUNCTION:
@@ -198339,7 +206004,7 @@
d2i_X509_NAME_ENTRY 1575 1_1_0 EXIST::FUNCTION:
X509_trusted 1576 1_1_0 EXIST::FUNCTION:
X509_TRUST_get_flags 1577 1_1_0 EXIST::FUNCTION:
-@@ -1626,15 +1595,14 @@ PEM_write_X509_REQ_NEW 1579 1_1_0 EXIST::FUNCTION:
+@@ -1626,15 +1595,14 @@ DES_set_key
CONF_imodule_set_usr_data 1580 1_1_0 EXIST::FUNCTION:
d2i_TS_RESP_fp 1581 1_1_0 EXIST::FUNCTION:STDIO,TS
X509_policy_tree_get0_user_policies 1582 1_1_0 EXIST::FUNCTION:
@@ -198357,7 +206022,7 @@
ERR_get_error_line_data 1592 1_1_0 EXIST::FUNCTION:
CTLOG_get0_name 1593 1_1_0 EXIST::FUNCTION:CT
ASN1_TBOOLEAN_it 1594 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1642,7 +1610,6 @@ ASN1_TBOOLEAN_it 1594 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -1642,7 +1610,6 @@ CTLOG_get0_name
RC2_set_key 1595 1_1_0 EXIST::FUNCTION:RC2
X509_REVOKED_get_ext_by_NID 1596 1_1_0 EXIST::FUNCTION:
RSA_padding_add_none 1597 1_1_0 EXIST::FUNCTION:RSA
@@ -198365,7 +206030,7 @@
EVP_rc5_32_12_16_cbc 1599 1_1_0 EXIST::FUNCTION:RC5
PEM_dek_info 1600 1_1_0 EXIST::FUNCTION:
ASN1_SCTX_get_template 1601 1_1_0 EXIST::FUNCTION:
-@@ -1655,18 +1622,17 @@ TS_ext_print_bio 1607 1_1_0 EXIST::FUNCTION:TS
+@@ -1655,18 +1622,17 @@ TS_ext_print_bio
SCT_set1_log_id 1608 1_1_0 EXIST::FUNCTION:CT
X509_get0_pubkey_bitstr 1609 1_1_0 EXIST::FUNCTION:
ENGINE_register_all_RAND 1610 1_1_0 EXIST::FUNCTION:ENGINE
@@ -198387,7 +206052,7 @@
NCONF_dump_bio 1623 1_1_0 EXIST::FUNCTION:
X509_NAME_get_entry 1624 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get1_DH 1625 1_1_0 EXIST::FUNCTION:DH
-@@ -1677,18 +1643,18 @@ CRYPTO_ocb128_cleanup 1629 1_1_0 EXIST::FUNCTION:OCB
+@@ -1677,18 +1643,18 @@ CRYPTO_ocb128_cleanup
EVP_des_ede_cbc 1630 1_1_0 EXIST::FUNCTION:DES
i2d_ASN1_TIME 1631 1_1_0 EXIST::FUNCTION:
ENGINE_register_all_pkey_asn1_meths 1632 1_1_0 EXIST::FUNCTION:ENGINE
@@ -198409,7 +206074,7 @@
X509_STORE_CTX_get1_issuer 1644 1_1_0 EXIST::FUNCTION:
EVP_Digest 1645 1_1_0 EXIST::FUNCTION:
CRYPTO_set_ex_data 1646 1_1_0 EXIST::FUNCTION:
-@@ -1697,7 +1663,6 @@ BN_lshift1 1648 1_1_0 EXIST::FUNCTION:
+@@ -1697,7 +1663,6 @@ CMS_ContentInfo_it
i2d_EDIPARTYNAME 1649 1_1_0 EXIST::FUNCTION:
X509_policy_tree_get0_policies 1650 1_1_0 EXIST::FUNCTION:
X509at_add1_attr 1651 1_1_0 EXIST::FUNCTION:
@@ -198417,7 +206082,7 @@
X509_get_ex_data 1653 1_1_0 EXIST::FUNCTION:
RSA_set_method 1654 1_1_0 EXIST::FUNCTION:RSA
X509_REVOKED_dup 1655 1_1_0 EXIST::FUNCTION:
-@@ -1711,15 +1676,14 @@ BIO_asn1_get_suffix 1662 1_1_0 EXIST::FUNCTION:
+@@ -1711,15 +1676,14 @@ EC_GROUP_free
X509_VERIFY_PARAM_clear_flags 1663 1_1_0 EXIST::FUNCTION:
X509_NAME_add_entry_by_txt 1664 1_1_0 EXIST::FUNCTION:
DES_ede3_cfb_encrypt 1665 1_1_0 EXIST::FUNCTION:DES
@@ -198435,7 +206100,7 @@
PEM_write_PKCS7 1674 1_1_0 EXIST::FUNCTION:
PKCS7_add_signer 1675 1_1_0 EXIST::FUNCTION:
X509_SIG_it 1676 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1737,7 +1701,7 @@ CMS_EncryptedData_set1_key 1686 1_1_0 EXIST::FUNCTION:CMS
+@@ -1737,7 +1701,7 @@ CMS_EncryptedData_set1_key
OBJ_find_sigid_by_algs 1687 1_1_0 EXIST::FUNCTION:
ASN1_generate_nconf 1688 1_1_0 EXIST::FUNCTION:
CMS_add0_recipient_password 1689 1_1_0 EXIST::FUNCTION:CMS
@@ -198444,7 +206109,7 @@
PEM_read_bio_ECPrivateKey 1691 1_1_0 EXIST::FUNCTION:EC
EVP_PKEY_get_attr 1692 1_1_0 EXIST::FUNCTION:
PEM_read_bio_ECPKParameters 1693 1_1_0 EXIST::FUNCTION:EC
-@@ -1747,7 +1711,7 @@ PKCS12_SAFEBAG_get_bag_nid 1696 1_1_0 EXIST::FUNCTION:
+@@ -1747,7 +1711,7 @@ ENGINE_ctrl_cmd
TS_CONF_set_digests 1697 1_1_0 EXIST::FUNCTION:TS
PKCS7_SIGNED_it 1698 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_SIGNED_it 1698 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -198453,7 +206118,7 @@
X509_PURPOSE_cleanup 1700 1_1_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_dup 1701 1_1_0 EXIST::FUNCTION:TS
ENGINE_set_default_DSA 1702 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -1758,7 +1722,7 @@ X509_policy_tree_get0_level 1706 1_1_0 EXIST::FUNCTION:
+@@ -1758,7 +1722,7 @@ RSA_padding_check_PKCS1_OAEP_mgf1
ASN1_parse_dump 1708 1_1_0 EXIST::FUNCTION:
BIO_vfree 1709 1_1_0 EXIST::FUNCTION:
CRYPTO_cbc128_decrypt 1710 1_1_0 EXIST::FUNCTION:
@@ -198462,7 +206127,7 @@
d2i_PKCS7_bio 1712 1_1_0 EXIST::FUNCTION:
ENGINE_set_default_digests 1713 1_1_0 EXIST::FUNCTION:ENGINE
i2d_PublicKey 1714 1_1_0 EXIST::FUNCTION:
-@@ -1775,8 +1739,8 @@ EVP_cast5_ecb 1724 1_1_0 EXIST::FUNCTION:CAST
+@@ -1775,8 +1739,8 @@ EVP_cast5_ecb
BIO_nwrite0 1725 1_1_0 EXIST::FUNCTION:
CAST_encrypt 1726 1_1_0 EXIST::FUNCTION:CAST
a2d_ASN1_OBJECT 1727 1_1_0 EXIST::FUNCTION:
@@ -198473,7 +206138,7 @@
CMS_unsigned_get_attr 1730 1_1_0 EXIST::FUNCTION:CMS
EVP_aes_256_cbc 1731 1_1_0 EXIST::FUNCTION:
X509_check_ip_asc 1732 1_1_0 EXIST::FUNCTION:
-@@ -1787,7 +1751,7 @@ EVP_ENCODE_CTX_new 1736 1_1_0 EXIST::FUNCTION:
+@@ -1787,7 +1751,7 @@ TS_MSG_IMPRINT_new
BIO_f_base64 1737 1_1_0 EXIST::FUNCTION:
CMS_verify 1738 1_1_0 EXIST::FUNCTION:CMS
i2d_PrivateKey 1739 1_1_0 EXIST::FUNCTION:
@@ -198482,7 +206147,7 @@
OPENSSL_issetugid 1741 1_1_0 EXIST::FUNCTION:
d2i_ASN1_OBJECT 1742 1_1_0 EXIST::FUNCTION:
EVP_MD_meth_set_flags 1743 1_1_0 EXIST::FUNCTION:
-@@ -1796,14 +1760,14 @@ EC_POINT_cmp 1745 1_1_0 EXIST::FUNCTION:EC
+@@ -1796,14 +1760,14 @@ EC_POINT_cmp
ASN1_buf_print 1746 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_hex2ctrl 1747 1_1_0 EXIST::FUNCTION:
PEM_write_bio_PKCS8PrivateKey 1748 1_1_0 EXIST::FUNCTION:
@@ -198500,7 +206165,7 @@
X509_reject_clear 1757 1_1_0 EXIST::FUNCTION:
DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH
LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1822,8 +1786,6 @@ ASN1_OCTET_STRING_free 1770 1_1_0 EXIST::FUNCTION:
+@@ -1822,8 +1786,6 @@ TS_TST_INFO_get_exts
PKCS7_RECIP_INFO_free 1771 1_1_0 EXIST::FUNCTION:
ASN1_tag2bit 1772 1_1_0 EXIST::FUNCTION:
TS_REQ_add_ext 1773 1_1_0 EXIST::FUNCTION:TS
@@ -198509,7 +206174,7 @@
X509_digest 1776 1_1_0 EXIST::FUNCTION:
CRYPTO_THREAD_cleanup_local 1777 1_1_0 EXIST::FUNCTION:
NETSCAPE_CERT_SEQUENCE_it 1778 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1850,11 +1812,11 @@ EVP_CIPHER_CTX_clear_flags 1796 1_1_0 EXIST::FUNCTION:
+@@ -1850,11 +1812,11 @@ RAND_set_rand_engine
ECDSA_size 1797 1_1_0 EXIST::FUNCTION:EC
X509_ALGOR_get0 1798 1_1_0 EXIST::FUNCTION:
d2i_ACCESS_DESCRIPTION 1799 1_1_0 EXIST::FUNCTION:
@@ -198519,11 +206184,11 @@
CTLOG_STORE_load_default_file 1802 1_1_0 EXIST::FUNCTION:CT
PKCS12_SAFEBAG_create_pkcs8_encrypt 1803 1_1_0 EXIST::FUNCTION:
-RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:
-+RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
++RAND_screen 1804 1_1_0 EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
CONF_get_string 1805 1_1_0 EXIST::FUNCTION:
X509_cmp_current_time 1806 1_1_0 EXIST::FUNCTION:
i2d_DSAPrivateKey 1807 1_1_0 EXIST::FUNCTION:DSA
-@@ -1862,13 +1824,13 @@ ASN1_BIT_STRING_new 1808 1_1_0 EXIST::FUNCTION:
+@@ -1862,13 +1824,13 @@ i2d_DSAPrivateKey
BIO_new_file 1809 1_1_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_get0_algs 1810 1_1_0 EXIST::FUNCTION:
TS_RESP_set_status_info 1811 1_1_0 EXIST::FUNCTION:TS
@@ -198539,7 +206204,7 @@
OPENSSL_hexstr2buf 1819 1_1_0 EXIST::FUNCTION:
EVP_add_cipher 1820 1_1_0 EXIST::FUNCTION:
X509V3_EXT_add_list 1821 1_1_0 EXIST::FUNCTION:
-@@ -1877,7 +1839,7 @@ X509_get_ext_by_critical 1823 1_1_0 EXIST::FUNCTION:
+@@ -1877,7 +1839,7 @@ CMS_compress
ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION:
ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -198548,7 +206213,7 @@
ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION:
i2d_AUTHORITY_KEYID 1829 1_1_0 EXIST::FUNCTION:
-@@ -1886,10 +1848,9 @@ ASN1_VISIBLESTRING_it 1831 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -1886,10 +1848,9 @@ TS_TST_INFO_get_time
ASN1_VISIBLESTRING_it 1831 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509V3_EXT_REQ_add_conf 1832 1_1_0 EXIST::FUNCTION:
ASN1_STRING_to_UTF8 1833 1_1_0 EXIST::FUNCTION:
@@ -198560,7 +206225,7 @@
PKCS7_set_signed_attributes 1838 1_1_0 EXIST::FUNCTION:
EC_KEY_priv2buf 1839 1_1_0 EXIST::FUNCTION:EC
BN_BLINDING_free 1840 1_1_0 EXIST::FUNCTION:
-@@ -1908,11 +1869,11 @@ TS_RESP_CTX_set_serial_cb 1851 1_1_0 EXIST::FUNCTION:TS
+@@ -1908,11 +1869,11 @@ TS_RESP_CTX_set_serial_cb
POLICY_MAPPING_it 1852 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICY_MAPPING_it 1852 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ERR_load_KDF_strings 1853 1_1_0 EXIST::FUNCTION:
@@ -198574,7 +206239,7 @@
ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION:
PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:
PKCS7_digest_from_attributes 1861 1_1_0 EXIST::FUNCTION:
-@@ -1928,38 +1889,37 @@ X509_get_ext_by_OBJ 1869 1_1_0 EXIST::FUNCTION:
+@@ -1928,38 +1889,37 @@ DSA_generate_key
PBEPARAM_new 1870 1_1_0 EXIST::FUNCTION:
EVP_aes_128_cbc 1871 1_1_0 EXIST::FUNCTION:
CRYPTO_dup_ex_data 1872 1_1_0 EXIST::FUNCTION:
@@ -198620,7 +206285,7 @@
CRYPTO_gcm128_encrypt_ctr32 1905 1_1_0 EXIST::FUNCTION:
SCT_set1_signature 1906 1_1_0 EXIST::FUNCTION:CT
CONF_imodule_get_module 1907 1_1_0 EXIST::FUNCTION:
-@@ -1969,7 +1929,7 @@ SRP_Calc_B 1910 1_1_0 EXIST::FUNCTION:SRP
+@@ -1969,7 +1929,7 @@ SRP_Calc_B
CMS_decrypt_set1_key 1911 1_1_0 EXIST::FUNCTION:CMS
EC_GROUP_get_degree 1912 1_1_0 EXIST::FUNCTION:EC
X509_ALGOR_set0 1913 1_1_0 EXIST::FUNCTION:
@@ -198629,7 +206294,7 @@
X509v3_asid_inherits 1915 1_1_0 EXIST::FUNCTION:RFC3779
EVP_MD_meth_get_app_datasize 1916 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get_num_untrusted 1917 1_1_0 EXIST::FUNCTION:
-@@ -1993,7 +1953,7 @@ X509_NAME_add_entry 1935 1_1_0 EXIST::FUNCTION:
+@@ -1993,7 +1953,7 @@ RSA_flags
EVP_CIPHER_get_asn1_iv 1936 1_1_0 EXIST::FUNCTION:
i2d_RSAPrivateKey_bio 1937 1_1_0 EXIST::FUNCTION:RSA
PKCS5_PBE_keyivgen 1938 1_1_0 EXIST::FUNCTION:
@@ -198638,7 +206303,7 @@
EC_POINT_copy 1940 1_1_0 EXIST::FUNCTION:EC
X509V3_EXT_CRL_add_nconf 1941 1_1_0 EXIST::FUNCTION:
SHA256_Init 1942 1_1_0 EXIST::FUNCTION:
-@@ -2009,7 +1969,7 @@ PKCS12_unpack_p7data 1951 1_1_0 EXIST::FUNCTION:
+@@ -2009,7 +1969,7 @@ EVP_seed_cbc
ECDSA_sign 1952 1_1_0 EXIST::FUNCTION:EC
d2i_PKCS12_fp 1953 1_1_0 EXIST::FUNCTION:
CMS_unsigned_get_attr_by_NID 1954 1_1_0 EXIST::FUNCTION:CMS
@@ -198647,7 +206312,7 @@
BN_bntest_rand 1956 1_1_0 EXIST::FUNCTION:
X509_get_pubkey 1957 1_1_0 EXIST::FUNCTION:
i2d_X509_NAME 1958 1_1_0 EXIST::FUNCTION:
-@@ -2029,7 +1989,7 @@ EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:EC,EC2M
+@@ -2029,7 +1989,7 @@ EC_POINT_get_affine_coordinates_GF2m
EVP_ENCODE_CTX_num 1971 1_1_0 EXIST::FUNCTION:
Camellia_cfb1_encrypt 1972 1_1_0 EXIST::FUNCTION:CAMELLIA
NCONF_load_fp 1973 1_1_0 EXIST::FUNCTION:STDIO
@@ -198656,7 +206321,7 @@
EVP_PKEY_sign 1975 1_1_0 EXIST::FUNCTION:
TS_REQ_get_ext_by_critical 1976 1_1_0 EXIST::FUNCTION:TS
EC_KEY_key2buf 1977 1_1_0 EXIST::FUNCTION:EC
-@@ -2068,33 +2028,33 @@ TS_REQ_get_version 2006 1_1_0 EXIST::FUNCTION:TS
+@@ -2068,33 +2028,33 @@ TS_REQ_get_version
BN_exp 2007 1_1_0 EXIST::FUNCTION:
i2d_SXNET 2008 1_1_0 EXIST::FUNCTION:
OBJ_bsearch_ 2009 1_1_0 EXIST::FUNCTION:
@@ -198697,7 +206362,7 @@
_shadow_DES_check_key 2037 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
_shadow_DES_check_key 2037 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
CMS_RecipientInfo_set0_pkey 2038 1_1_0 EXIST::FUNCTION:CMS
-@@ -2112,17 +2072,17 @@ ASN1_ENUMERATED_it 2047 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2112,17 +2072,17 @@ ASN1_d2i_fp
o2i_ECPublicKey 2048 1_1_0 EXIST::FUNCTION:EC
ERR_load_BUF_strings 2049 1_1_0 EXIST::FUNCTION:
PEM_read_bio_RSA_PUBKEY 2050 1_1_0 EXIST::FUNCTION:RSA
@@ -198718,7 +206383,7 @@
OBJ_length 2062 1_1_0 EXIST::FUNCTION:
BN_GENCB_get_arg 2063 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_clear_flags 2064 1_1_0 EXIST::FUNCTION:
-@@ -2130,7 +2090,7 @@ EVP_PKEY_meth_get_verifyctx 2065 1_1_0 EXIST::FUNCTION:
+@@ -2130,7 +2090,7 @@ ENGINE_get_load_pubkey_function
CT_POLICY_EVAL_CTX_get0_cert 2066 1_1_0 EXIST::FUNCTION:CT
PEM_write_DHparams 2067 1_1_0 EXIST::FUNCTION:DH
DH_set_ex_data 2068 1_1_0 EXIST::FUNCTION:DH
@@ -198727,7 +206392,7 @@
CRYPTO_128_unwrap_pad 2070 1_1_0 EXIST::FUNCTION:
BIO_new_CMS 2071 1_1_0 EXIST::FUNCTION:CMS
i2d_ASN1_ENUMERATED 2072 1_1_0 EXIST::FUNCTION:
-@@ -2150,7 +2110,7 @@ i2d_ASN1_GENERALSTRING 2085 1_1_0 EXIST::FUNCTION:
+@@ -2150,7 +2110,7 @@ d2i_RSAPublicKey
POLICYQUALINFO_new 2086 1_1_0 EXIST::FUNCTION:
PKCS7_RECIP_INFO_get0_alg 2087 1_1_0 EXIST::FUNCTION:
EVP_PKEY_base_id 2088 1_1_0 EXIST::FUNCTION:
@@ -198736,7 +206401,7 @@
X509v3_get_ext_by_NID 2090 1_1_0 EXIST::FUNCTION:
TS_CONF_set_policies 2091 1_1_0 EXIST::FUNCTION:TS
CMS_SignerInfo_cert_cmp 2092 1_1_0 EXIST::FUNCTION:CMS
-@@ -2168,7 +2128,7 @@ X509_get_ext_count 2103 1_1_0 EXIST::FUNCTION:
+@@ -2168,7 +2128,7 @@ SCT_new
CRYPTO_cts128_decrypt 2104 1_1_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_get_fd 2105 1_1_0 EXIST::FUNCTION:
i2d_TS_REQ 2106 1_1_0 EXIST::FUNCTION:TS
@@ -198745,7 +206410,7 @@
ENGINE_register_pkey_meths 2108 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_load_public_key 2109 1_1_0 EXIST::FUNCTION:ENGINE
ASIdOrRange_it 2110 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-@@ -2193,14 +2153,14 @@ BN_mod_exp_recp 2126 1_1_0 EXIST::FUNCTION:
+@@ -2193,14 +2153,14 @@ ENGINE_get_destroy_function
EVP_mdc2 2127 1_1_0 EXIST::FUNCTION:MDC2
EVP_des_cfb64 2128 1_1_0 EXIST::FUNCTION:DES
PKCS7_sign 2129 1_1_0 EXIST::FUNCTION:
@@ -198762,7 +206427,7 @@
ASN1_item_i2d_fp 2137 1_1_0 EXIST::FUNCTION:STDIO
BN_GF2m_mod_sqr 2138 1_1_0 EXIST::FUNCTION:EC2M
ASN1_PRINTABLE_new 2139 1_1_0 EXIST::FUNCTION:
-@@ -2217,7 +2177,7 @@ CRYPTO_THREAD_compare_id 2148 1_1_0 EXIST::FUNCTION:
+@@ -2217,7 +2177,7 @@ i2d_PKCS8PrivateKey_nid_fp
d2i_IPAddressChoice 2149 1_1_0 EXIST::FUNCTION:RFC3779
IPAddressFamily_it 2150 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressFamily_it 2150 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
@@ -198771,7 +206436,7 @@
BIO_push 2152 1_1_0 EXIST::FUNCTION:
ASN1_BMPSTRING_new 2153 1_1_0 EXIST::FUNCTION:
COMP_get_type 2154 1_1_0 EXIST::FUNCTION:COMP
-@@ -2228,8 +2188,8 @@ PEM_write_X509 2158 1_1_0 EXIST::FUNCTION:
+@@ -2228,8 +2188,8 @@ d2i_ASIdentifierChoice
BN_CTX_free 2159 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:EC,EC2M
EVP_MD_flags 2161 1_1_0 EXIST::FUNCTION:
@@ -198782,7 +206447,7 @@
BN_GF2m_mod_solve_quad 2164 1_1_0 EXIST::FUNCTION:EC2M
EC_POINT_method_of 2165 1_1_0 EXIST::FUNCTION:EC
PKCS7_ENCRYPT_it 2166 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2239,14 +2199,13 @@ AUTHORITY_INFO_ACCESS_it 2167 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2239,14 +2199,13 @@ EC_POINT_method_of
X509_EXTENSION_create_by_NID 2168 1_1_0 EXIST::FUNCTION:
i2d_RSAPrivateKey 2169 1_1_0 EXIST::FUNCTION:RSA
d2i_CERTIFICATEPOLICIES 2170 1_1_0 EXIST::FUNCTION:
@@ -198799,7 +206464,7 @@
BN_get_rfc3526_prime_4096 2179 1_1_0 EXIST::FUNCTION:
d2i_PKCS7_fp 2180 1_1_0 EXIST::FUNCTION:STDIO
PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 1_1_0 EXIST::FUNCTION:
-@@ -2257,13 +2216,12 @@ CMS_RecipientInfo_kari_orig_id_cmp 2184 1_1_0 EXIST::FUNCTION:CMS
+@@ -2257,13 +2216,12 @@ CMS_RecipientInfo_kari_orig_id_cmp
NETSCAPE_SPKI_b64_encode 2185 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey 2186 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_new 2187 1_1_0 EXIST::FUNCTION:
@@ -198814,7 +206479,7 @@
ASN1_T61STRING_new 2195 1_1_0 EXIST::FUNCTION:
BN_kronecker 2196 1_1_0 EXIST::FUNCTION:
i2d_ACCESS_DESCRIPTION 2197 1_1_0 EXIST::FUNCTION:
-@@ -2272,7 +2230,7 @@ X509_STORE_CTX_set_depth 2199 1_1_0 EXIST::FUNCTION:
+@@ -2272,7 +2230,7 @@ EVP_camellia_192_cfb8
X509v3_delete_ext 2200 1_1_0 EXIST::FUNCTION:
ASN1_STRING_set0 2201 1_1_0 EXIST::FUNCTION:
BN_GF2m_add 2202 1_1_0 EXIST::FUNCTION:EC2M
@@ -198823,7 +206488,7 @@
TS_ACCURACY_set_millis 2204 1_1_0 EXIST::FUNCTION:TS
X509V3_EXT_conf 2205 1_1_0 EXIST::FUNCTION:
i2d_DHxparams 2206 1_1_0 EXIST::FUNCTION:DH
-@@ -2283,7 +2241,7 @@ i2d_TS_ACCURACY 2210 1_1_0 EXIST::FUNCTION:TS
+@@ -2283,7 +2241,7 @@ i2d_TS_ACCURACY
ASN1_VISIBLESTRING_free 2211 1_1_0 EXIST::FUNCTION:
NCONF_load_bio 2212 1_1_0 EXIST::FUNCTION:
DSA_get_default_method 2213 1_1_0 EXIST::FUNCTION:DSA
@@ -198832,7 +206497,7 @@
CRYPTO_ccm128_decrypt_ccm64 2215 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_set_clock_precision_digits 2216 1_1_0 EXIST::FUNCTION:TS
SCT_LIST_validate 2217 1_1_0 EXIST::FUNCTION:CT
-@@ -2312,7 +2270,7 @@ EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:EC,EC2M
+@@ -2312,7 +2270,7 @@ EC_GROUP_set_curve_GF2m
ENGINE_load_builtin_engines 2240 1_1_0 EXIST::FUNCTION:ENGINE
SRP_VBASE_init 2241 1_1_0 EXIST::FUNCTION:SRP
SHA224_Final 2242 1_1_0 EXIST::FUNCTION:
@@ -198841,7 +206506,7 @@
d2i_TS_TST_INFO 2244 1_1_0 EXIST::FUNCTION:TS
IPAddressOrRange_it 2245 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressOrRange_it 2245 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-@@ -2320,14 +2278,14 @@ ENGINE_get_cipher 2246 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -2320,14 +2278,14 @@ ENGINE_get_cipher
TS_TST_INFO_delete_ext 2247 1_1_0 EXIST::FUNCTION:TS
TS_OBJ_print_bio 2248 1_1_0 EXIST::FUNCTION:TS
X509_time_adj_ex 2249 1_1_0 EXIST::FUNCTION:
@@ -198859,7 +206524,7 @@
X509_VERIFY_PARAM_table_cleanup 2257 1_1_0 EXIST::FUNCTION:
i2d_re_X509_REQ_tbs 2258 1_1_0 EXIST::FUNCTION:
CONF_load_bio 2259 1_1_0 EXIST::FUNCTION:
-@@ -2378,7 +2336,7 @@ UTF8_putc 2302 1_1_0 EXIST::FUNCTION:
+@@ -2378,7 +2336,7 @@ ESS_ISSUER_SERIAL_free
RSA_private_encrypt 2303 1_1_0 EXIST::FUNCTION:RSA
X509_LOOKUP_shutdown 2304 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_set_accuracy 2305 1_1_0 EXIST::FUNCTION:TS
@@ -198868,7 +206533,7 @@
X509at_add1_attr_by_OBJ 2307 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_add0 2308 1_1_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get1_crl 2309 1_1_0 EXIST::FUNCTION:
-@@ -2400,7 +2358,6 @@ PEM_read_PKCS7 2324 1_1_0 EXIST::FUNCTION:
+@@ -2400,7 +2358,6 @@ EVP_camellia_192_ofb
DH_get_2048_256 2325 1_1_0 EXIST::FUNCTION:DH
X509at_delete_attr 2326 1_1_0 EXIST::FUNCTION:
PEM_write_bio 2327 1_1_0 EXIST::FUNCTION:
@@ -198876,7 +206541,7 @@
CMS_signed_get_attr_by_OBJ 2329 1_1_0 EXIST::FUNCTION:CMS
X509_REVOKED_add_ext 2330 1_1_0 EXIST::FUNCTION:
EVP_CipherUpdate 2331 1_1_0 EXIST::FUNCTION:
-@@ -2409,12 +2366,12 @@ EVP_aes_256_xts 2333 1_1_0 EXIST::FUNCTION:
+@@ -2409,12 +2366,12 @@ Camellia_cfb8_encrypt
EVP_DigestSignFinal 2334 1_1_0 EXIST::FUNCTION:
ASN1_STRING_cmp 2335 1_1_0 EXIST::FUNCTION:
EVP_chacha20_poly1305 2336 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305
@@ -198891,7 +206556,7 @@
X509_keyid_set1 2343 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1 2344 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_asn1_flag 2345 1_1_0 EXIST::FUNCTION:EC
-@@ -2439,12 +2396,12 @@ OTHERNAME_it 2363 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -2439,12 +2396,12 @@ DES_decrypt3
OTHERNAME_it 2363 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509at_add1_attr_by_txt 2364 1_1_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_free 2365 1_1_0 EXIST::FUNCTION:
@@ -198906,7 +206571,7 @@
GENERAL_NAME_new 2372 1_1_0 EXIST::FUNCTION:
DES_encrypt3 2373 1_1_0 EXIST::FUNCTION:DES
PKCS7_get_signer_info 2374 1_1_0 EXIST::FUNCTION:
-@@ -2455,7 +2412,7 @@ ASN1_UTF8STRING_it 2377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2455,7 +2412,7 @@ DES_encrypt3
ASN1_SCTX_set_app_data 2378 1_1_0 EXIST::FUNCTION:
CMS_add0_cert 2379 1_1_0 EXIST::FUNCTION:CMS
i2d_GENERAL_NAME 2380 1_1_0 EXIST::FUNCTION:
@@ -198915,7 +206580,7 @@
ENGINE_get_pkey_asn1_meth_engine 2382 1_1_0 EXIST::FUNCTION:ENGINE
d2i_ASN1_BMPSTRING 2383 1_1_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_create0_p8inf 2384 1_1_0 EXIST::FUNCTION:
-@@ -2472,7 +2429,6 @@ TS_TST_INFO_set_time 2394 1_1_0 EXIST::FUNCTION:TS
+@@ -2472,7 +2429,6 @@ TS_TST_INFO_set_time
OPENSSL_die 2395 1_1_0 EXIST::FUNCTION:
X509_LOOKUP_by_alias 2396 1_1_0 EXIST::FUNCTION:
EC_KEY_set_conv_form 2397 1_1_0 EXIST::FUNCTION:EC
@@ -198923,7 +206588,7 @@
X509_TRUST_get_count 2399 1_1_0 EXIST::FUNCTION:
IPAddressOrRange_free 2400 1_1_0 EXIST::FUNCTION:RFC3779
RSA_padding_add_PKCS1_OAEP 2401 1_1_0 EXIST::FUNCTION:RSA
-@@ -2490,19 +2446,18 @@ EVP_MD_CTX_md_data 2412 1_1_0 EXIST::FUNCTION:
+@@ -2490,19 +2446,18 @@ EVP_rc5_32_12_16_ofb
ASN1_PCTX_set_nm_flags 2413 1_1_0 EXIST::FUNCTION:
BIO_ctrl 2414 1_1_0 EXIST::FUNCTION:
X509_CRL_set_default_method 2415 1_1_0 EXIST::FUNCTION:
@@ -198946,7 +206611,7 @@
EVP_aes_256_cfb128 2428 1_1_0 EXIST::FUNCTION:
RSA_set_ex_data 2429 1_1_0 EXIST::FUNCTION:RSA
BN_GENCB_call 2430 1_1_0 EXIST::FUNCTION:
-@@ -2514,8 +2469,8 @@ EVP_get_digestbyname 2435 1_1_0 EXIST::FUNCTION:
+@@ -2514,8 +2469,8 @@ i2d_TS_MSG_IMPRINT_fp
X509_CRL_get_lastUpdate 2436 1_1_0 EXIST::FUNCTION:
OBJ_create_objects 2437 1_1_0 EXIST::FUNCTION:
EVP_enc_null 2438 1_1_0 EXIST::FUNCTION:
@@ -198957,7 +206622,7 @@
BN_hex2bn 2441 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_impl_ctx_size 2442 1_1_0 EXIST::FUNCTION:
ASIdentifiers_new 2443 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -2542,12 +2497,12 @@ BIO_s_datagram_sctp 2461 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
+@@ -2542,12 +2497,12 @@ BIO_s_datagram_sctp
SXNET_add_id_asc 2462 1_1_0 EXIST::FUNCTION:
X509_print_fp 2463 1_1_0 EXIST::FUNCTION:STDIO
TS_REQ_set_version 2464 1_1_0 EXIST::FUNCTION:TS
@@ -198972,7 +206637,7 @@
NETSCAPE_SPKAC_it 2471 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NETSCAPE_SPKAC_it 2471 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ASIdOrRange_free 2472 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -2561,7 +2516,7 @@ EVP_CIPHER_CTX_ctrl 2479 1_1_0 EXIST::FUNCTION:
+@@ -2561,7 +2516,7 @@ TS_VERIFY_CTX_set_data
ASN1_T61STRING_it 2480 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_T61STRING_it 2480 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ENGINE_get_prev 2481 1_1_0 EXIST::FUNCTION:ENGINE
@@ -198981,7 +206646,7 @@
ERR_load_EC_strings 2483 1_1_0 EXIST::FUNCTION:EC
X509V3_string_free 2484 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_paramgen 2485 1_1_0 EXIST::FUNCTION:
-@@ -2609,7 +2564,6 @@ BN_get_rfc3526_prime_1536 2526 1_1_0 EXIST::FUNCTION:
+@@ -2609,7 +2564,6 @@ CRYPTO_mem_leaks
DSA_sign 2527 1_1_0 EXIST::FUNCTION:DSA
RAND_egd 2528 1_1_0 EXIST::FUNCTION:EGD
ASN1_d2i_bio 2529 1_1_0 EXIST::FUNCTION:
@@ -198989,7 +206654,7 @@
X509_REQ_digest 2531 1_1_0 EXIST::FUNCTION:
X509_set_notAfter 2532 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_type 2533 1_1_0 EXIST::FUNCTION:
-@@ -2620,8 +2574,7 @@ X509_PURPOSE_add 2537 1_1_0 EXIST::FUNCTION:
+@@ -2620,8 +2574,7 @@ CMS_signed_get0_data_by_OBJ
PKCS7_ENVELOPE_free 2538 1_1_0 EXIST::FUNCTION:
PKCS12_key_gen_uni 2539 1_1_0 EXIST::FUNCTION:
WHIRLPOOL 2540 1_1_0 EXIST::FUNCTION:WHIRLPOOL
@@ -198999,7 +206664,7 @@
EC_POINT_is_at_infinity 2543 1_1_0 EXIST::FUNCTION:EC
i2d_NOTICEREF 2544 1_1_0 EXIST::FUNCTION:
EC_KEY_new 2545 1_1_0 EXIST::FUNCTION:EC
-@@ -2641,25 +2594,25 @@ EVP_PKEY_CTX_get_keygen_info 2558 1_1_0 EXIST::FUNCTION:
+@@ -2641,25 +2594,25 @@ EC_GROUP_new_by_curve_name
d2i_ASN1_UINTEGER 2559 1_1_0 EXIST::FUNCTION:
i2s_ASN1_INTEGER 2560 1_1_0 EXIST::FUNCTION:
d2i_EC_PUBKEY_fp 2561 1_1_0 EXIST::FUNCTION:EC,STDIO
@@ -199030,7 +206695,7 @@
PKCS12_SAFEBAG_get_nid 2580 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_set_update_fn 2581 1_1_0 EXIST::FUNCTION:
BIO_f_asn1 2582 1_1_0 EXIST::FUNCTION:
-@@ -2693,11 +2646,11 @@ EVP_DecodeUpdate 2609 1_1_0 EXIST::FUNCTION:
+@@ -2693,11 +2646,11 @@ ENGINE_register_complete
ENGINE_get_default_RAND 2610 1_1_0 EXIST::FUNCTION:ENGINE
ERR_peek_last_error_line 2611 1_1_0 EXIST::FUNCTION:
ENGINE_get_ssl_client_cert_function 2612 1_1_0 EXIST::FUNCTION:ENGINE
@@ -199044,7 +206709,7 @@
SEED_encrypt 2617 1_1_0 EXIST::FUNCTION:SEED
IPAddressRange_it 2618 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressRange_it 2618 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-@@ -2728,7 +2681,6 @@ d2i_PBKDF2PARAM 2640 1_1_0 EXIST::FUNCTION:
+@@ -2728,7 +2681,6 @@ EC_GROUP_clear_free
ERR_load_COMP_strings 2641 1_1_0 EXIST::FUNCTION:COMP
EVP_PKEY_meth_add0 2642 1_1_0 EXIST::FUNCTION:
EVP_rc4_40 2643 1_1_0 EXIST::FUNCTION:RC4
@@ -199052,7 +206717,7 @@
RSA_bits 2645 1_1_0 EXIST::FUNCTION:RSA
ASN1_item_dup 2646 1_1_0 EXIST::FUNCTION:
GENERAL_NAMES_it 2647 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2741,7 +2693,7 @@ EVP_aes_256_cbc_hmac_sha1 2652 1_1_0 EXIST::FUNCTION:
+@@ -2741,7 +2693,7 @@ MD4_Init
SCT_validate 2653 1_1_0 EXIST::FUNCTION:CT
EC_GROUP_dup 2654 1_1_0 EXIST::FUNCTION:EC
EVP_sha1 2655 1_1_0 EXIST::FUNCTION:
@@ -199061,7 +206726,7 @@
BN_dup 2657 1_1_0 EXIST::FUNCTION:
TS_MSG_IMPRINT_print_bio 2658 1_1_0 EXIST::FUNCTION:TS
CONF_module_set_usr_data 2659 1_1_0 EXIST::FUNCTION:
-@@ -2751,8 +2703,7 @@ EVP_PKEY_assign 2662 1_1_0 EXIST::FUNCTION:
+@@ -2751,8 +2703,7 @@ EC_KEY_generate_key
EVP_aes_128_ofb 2663 1_1_0 EXIST::FUNCTION:
CMS_data 2664 1_1_0 EXIST::FUNCTION:CMS
X509_load_cert_file 2665 1_1_0 EXIST::FUNCTION:
@@ -199071,7 +206736,7 @@
ECDSA_SIG_free 2668 1_1_0 EXIST::FUNCTION:EC
d2i_PKCS12_BAGS 2669 1_1_0 EXIST::FUNCTION:
RSA_public_encrypt 2670 1_1_0 EXIST::FUNCTION:RSA
-@@ -2769,7 +2720,7 @@ d2i_CMS_ReceiptRequest 2680 1_1_0 EXIST::FUNCTION:CMS
+@@ -2769,7 +2720,7 @@ d2i_CMS_ReceiptRequest
X509_CRL_INFO_it 2681 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_CRL_INFO_it 2681 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BUF_reverse 2682 1_1_0 EXIST::FUNCTION:
@@ -199080,7 +206745,7 @@
X509_REQ_delete_attr 2684 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_set_signer_cert 2685 1_1_0 EXIST::FUNCTION:TS
X509V3_EXT_d2i 2686 1_1_0 EXIST::FUNCTION:
-@@ -2777,7 +2728,7 @@ ASN1_GENERALSTRING_it 2687 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -2777,7 +2728,7 @@ TS_RESP_CTX_set_signer_cert
ASN1_GENERALSTRING_it 2687 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
POLICYQUALINFO_free 2688 1_1_0 EXIST::FUNCTION:
EC_KEY_set_group 2689 1_1_0 EXIST::FUNCTION:EC
@@ -199089,7 +206754,7 @@
PEM_write_ECPKParameters 2691 1_1_0 EXIST::FUNCTION:EC
X509_VERIFY_PARAM_lookup 2692 1_1_0 EXIST::FUNCTION:
X509_LOOKUP_by_fingerprint 2693 1_1_0 EXIST::FUNCTION:
-@@ -2787,7 +2738,7 @@ d2i_ECPrivateKey_fp 2696 1_1_0 EXIST::FUNCTION:EC,STDIO
+@@ -2787,7 +2738,7 @@ d2i_ECPrivateKey_fp
TS_CONF_set_ordering 2697 1_1_0 EXIST::FUNCTION:TS
X509_CRL_get_ext 2698 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_OBJ 2699 1_1_0 EXIST::FUNCTION:
@@ -199098,7 +206763,7 @@
ASN1_PRINTABLESTRING_new 2701 1_1_0 EXIST::FUNCTION:
i2d_PBEPARAM 2702 1_1_0 EXIST::FUNCTION:
NETSCAPE_SPKI_new 2703 1_1_0 EXIST::FUNCTION:
-@@ -2821,8 +2772,8 @@ CMS_ContentInfo_print_ctx 2730 1_1_0 EXIST::FUNCTION:CMS
+@@ -2821,8 +2772,8 @@ CMS_ContentInfo_print_ctx
d2i_PKCS7_SIGNED 2731 1_1_0 EXIST::FUNCTION:
GENERAL_NAMES_free 2732 1_1_0 EXIST::FUNCTION:
SCT_get_timestamp 2733 1_1_0 EXIST::FUNCTION:CT
@@ -199109,7 +206774,7 @@
CMS_verify_receipt 2735 1_1_0 EXIST::FUNCTION:CMS
CRYPTO_THREAD_lock_new 2736 1_1_0 EXIST::FUNCTION:
BIO_get_ex_data 2737 1_1_0 EXIST::FUNCTION:
-@@ -2835,9 +2786,9 @@ d2i_IPAddressRange 2743 1_1_0 EXIST::FUNCTION:RFC3779
+@@ -2835,9 +2786,9 @@ d2i_IPAddressRange
ERR_remove_state 2744 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_0_0
X509_CRL_print_fp 2745 1_1_0 EXIST::FUNCTION:STDIO
TS_CONF_load_key 2746 1_1_0 EXIST::FUNCTION:TS
@@ -199121,7 +206786,7 @@
X509_REQ_to_X509 2750 1_1_0 EXIST::FUNCTION:
EVP_aes_192_wrap_pad 2751 1_1_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_new 2752 1_1_0 EXIST::FUNCTION:
-@@ -2848,8 +2799,8 @@ CT_POLICY_EVAL_CTX_new 2756 1_1_0 EXIST::FUNCTION:CT
+@@ -2848,18 +2799,18 @@ CT_POLICY_EVAL_CTX_new
NETSCAPE_SPKI_it 2757 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NETSCAPE_SPKI_it 2757 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CRYPTO_THREAD_unlock 2758 1_1_0 EXIST::FUNCTION:
@@ -199132,7 +206797,9 @@
OPENSSL_init 2761 1_1_0 EXIST::FUNCTION:
TS_RESP_get_tst_info 2762 1_1_0 EXIST::FUNCTION:TS
X509_VERIFY_PARAM_get_depth 2763 1_1_0 EXIST::FUNCTION:
-@@ -2858,8 +2809,8 @@ BIO_set 2765 1_1_0 EXIST::FUNCTION:
+ EVP_SealFinal 2764 1_1_0 EXIST::FUNCTION:RSA
+-BIO_set 2765 1_1_0 EXIST::FUNCTION:
++BIO_set 2765 1_1_0 NOEXIST::FUNCTION:
CONF_imodule_set_flags 2766 1_1_0 EXIST::FUNCTION:
i2d_ASN1_SET_ANY 2767 1_1_0 EXIST::FUNCTION:
EVP_PKEY_decrypt 2768 1_1_0 EXIST::FUNCTION:
@@ -199143,7 +206810,7 @@
EVP_des_ede3_cbc 2770 1_1_0 EXIST::FUNCTION:DES
X509_up_ref 2771 1_1_0 EXIST::FUNCTION:
OBJ_NAME_do_all_sorted 2772 1_1_0 EXIST::FUNCTION:
-@@ -2872,8 +2823,7 @@ RSAPrivateKey_it 2777 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -2872,8 +2823,7 @@ RSAPrivateKey_it
RSAPrivateKey_it 2777 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
X509_NAME_ENTRY_free 2778 1_1_0 EXIST::FUNCTION:
BIO_new_fd 2779 1_1_0 EXIST::FUNCTION:
@@ -199153,7 +206820,7 @@
NCONF_get_section 2782 1_1_0 EXIST::FUNCTION:
PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2885,12 +2835,11 @@ PKCS12_setup_mac 2788 1_1_0 EXIST::FUNCTION:
+@@ -2885,12 +2835,11 @@ CMS_RecipientInfo_encrypt
PEM_read_bio_PKCS7 2789 1_1_0 EXIST::FUNCTION:
SHA512_Final 2790 1_1_0 EXIST:!VMSVAX:FUNCTION:
X509_VERIFY_PARAM_set1_host 2791 1_1_0 EXIST::FUNCTION:
@@ -199167,7 +206834,7 @@
EVP_SealInit 2798 1_1_0 EXIST::FUNCTION:RSA
X509_REQ_get0_signature 2799 1_1_0 EXIST::FUNCTION:
PKEY_USAGE_PERIOD_free 2800 1_1_0 EXIST::FUNCTION:
-@@ -2907,8 +2856,8 @@ ENGINE_register_all_DH 2809 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -2907,8 +2856,8 @@ ENGINE_register_all_DH
ERR_clear_error 2810 1_1_0 EXIST::FUNCTION:
EC_KEY_dup 2811 1_1_0 EXIST::FUNCTION:EC
X509_LOOKUP_init 2812 1_1_0 EXIST::FUNCTION:
@@ -199178,7 +206845,7 @@
X509V3_EXT_print_fp 2815 1_1_0 EXIST::FUNCTION:STDIO
OBJ_bsearch_ex_ 2816 1_1_0 EXIST::FUNCTION:
DES_ofb64_encrypt 2817 1_1_0 EXIST::FUNCTION:DES
-@@ -2922,11 +2871,10 @@ SCT_free 2824 1_1_0 EXIST::FUNCTION:CT
+@@ -2922,11 +2871,10 @@ SCT_free
TS_TST_INFO_get_msg_imprint 2825 1_1_0 EXIST::FUNCTION:TS
X509v3_addr_add_range 2826 1_1_0 EXIST::FUNCTION:RFC3779
PKCS12_get_friendlyname 2827 1_1_0 EXIST::FUNCTION:
@@ -199191,7 +206858,7 @@
EVP_camellia_256_cfb8 2833 1_1_0 EXIST::FUNCTION:CAMELLIA
EC_KEY_get0_public_key 2834 1_1_0 EXIST::FUNCTION:EC
SRP_Calc_x 2835 1_1_0 EXIST::FUNCTION:SRP
-@@ -2954,19 +2902,18 @@ PEM_write_bio_PrivateKey 2855 1_1_0 EXIST::FUNCTION:
+@@ -2954,19 +2902,18 @@ CRYPTO_mem_debug_realloc
ASN1_UTCTIME_check 2856 1_1_0 EXIST::FUNCTION:
ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -199214,7 +206881,7 @@
BN_CTX_start 2871 1_1_0 EXIST::FUNCTION:
BN_print 2872 1_1_0 EXIST::FUNCTION:
EC_KEY_set_flags 2873 1_1_0 EXIST::FUNCTION:EC
-@@ -2981,10 +2928,10 @@ X509_CINF_it 2880 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2981,10 +2928,10 @@ SCT_set0_signature
TS_CONF_set_accuracy 2881 1_1_0 EXIST::FUNCTION:TS
DES_crypt 2882 1_1_0 EXIST::FUNCTION:DES
BN_BLINDING_create_param 2883 1_1_0 EXIST::FUNCTION:
@@ -199228,7 +206895,7 @@
POLICY_CONSTRAINTS_it 2888 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICY_CONSTRAINTS_it 2888 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
NCONF_free_data 2889 1_1_0 EXIST::FUNCTION:
-@@ -3012,7 +2959,7 @@ EVP_des_ede3_cfb1 2909 1_1_0 EXIST::FUNCTION:DES
+@@ -3012,7 +2959,7 @@ EVP_des_ede3_cfb1
TS_REQ_to_TS_VERIFY_CTX 2910 1_1_0 EXIST::FUNCTION:TS
d2i_PBEPARAM 2911 1_1_0 EXIST::FUNCTION:
BN_get0_nist_prime_521 2912 1_1_0 EXIST::FUNCTION:
@@ -199237,7 +206904,7 @@
X509_PUBKEY_get0 2914 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_parent_ctx 2915 1_1_0 EXIST::FUNCTION:
EC_GROUP_set_seed 2916 1_1_0 EXIST::FUNCTION:EC
-@@ -3025,7 +2972,7 @@ RC5_32_decrypt 2921 1_1_0 EXIST::FUNCTION:RC5
+@@ -3025,7 +2972,7 @@ RC5_32_decrypt
i2d_X509_REQ_INFO 2922 1_1_0 EXIST::FUNCTION:
EVP_des_cfb1 2923 1_1_0 EXIST::FUNCTION:DES
OBJ_NAME_cleanup 2924 1_1_0 EXIST::FUNCTION:
@@ -199246,7 +206913,7 @@
DES_cfb64_encrypt 2926 1_1_0 EXIST::FUNCTION:DES
CAST_cfb64_encrypt 2927 1_1_0 EXIST::FUNCTION:CAST
EVP_PKEY_asn1_set_param 2928 1_1_0 EXIST::FUNCTION:
-@@ -3042,9 +2989,8 @@ X509_get1_email 2938 1_1_0 EXIST::FUNCTION:
+@@ -3042,9 +2989,8 @@ ENGINE_by_id
EC_POINT_point2oct 2939 1_1_0 EXIST::FUNCTION:EC
EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:EC
ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION:
@@ -199257,7 +206924,7 @@
i2d_X509_CRL_bio 2945 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_item 2946 1_1_0 EXIST::FUNCTION:
CRYPTO_ccm128_encrypt 2947 1_1_0 EXIST::FUNCTION:
-@@ -3052,7 +2998,7 @@ X509v3_addr_get_afi 2948 1_1_0 EXIST::FUNCTION:RFC3779
+@@ -3052,7 +2998,7 @@ X509v3_addr_get_afi
X509_STORE_CTX_get0_param 2949 1_1_0 EXIST::FUNCTION:
EVP_add_alg_module 2950 1_1_0 EXIST::FUNCTION:
X509_check_purpose 2951 1_1_0 EXIST::FUNCTION:
@@ -199266,7 +206933,7 @@
X509_PURPOSE_get_count 2953 1_1_0 EXIST::FUNCTION:
d2i_PKCS12_bio 2954 1_1_0 EXIST::FUNCTION:
ASN1_item_free 2955 1_1_0 EXIST::FUNCTION:
-@@ -3114,14 +3060,12 @@ PEM_read_bio_RSAPublicKey 3009 1_1_0 EXIST::FUNCTION:RSA
+@@ -3114,14 +3060,12 @@ PEM_read_bio_RSAPublicKey
EVP_PKEY_asn1_set_private 3010 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get0_RSA 3011 1_1_0 EXIST::FUNCTION:RSA
DES_ede3_cfb64_encrypt 3012 1_1_0 EXIST::FUNCTION:DES
@@ -199283,7 +206950,7 @@
EC_POINT_bn2point 3021 1_1_0 EXIST::FUNCTION:EC
PBE2PARAM_it 3022 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PBE2PARAM_it 3022 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -3140,7 +3084,7 @@ PKCS7_it 3034 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -3140,7 +3084,7 @@ RC4_set_key
PKCS7_it 3034 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CMS_unsigned_get_attr_by_OBJ 3035 1_1_0 EXIST::FUNCTION:CMS
BN_clear 3036 1_1_0 EXIST::FUNCTION:
@@ -199292,7 +206959,7 @@
GENERAL_NAME_cmp 3038 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set_purpose 3039 1_1_0 EXIST::FUNCTION:
X509_REVOKED_get_ext_d2i 3040 1_1_0 EXIST::FUNCTION:
-@@ -3148,7 +3092,7 @@ X509V3_set_conf_lhash 3041 1_1_0 EXIST::FUNCTION:
+@@ -3148,7 +3092,7 @@ CMS_unsigned_get_attr_by_OBJ
PKCS7_ENC_CONTENT_it 3042 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ENC_CONTENT_it 3042 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PKCS12_item_pack_safebag 3043 1_1_0 EXIST::FUNCTION:
@@ -199301,7 +206968,7 @@
i2d_X509_PUBKEY 3045 1_1_0 EXIST::FUNCTION:
EVP_DecryptUpdate 3046 1_1_0 EXIST::FUNCTION:
CAST_cbc_encrypt 3047 1_1_0 EXIST::FUNCTION:CAST
-@@ -3202,12 +3146,12 @@ d2i_ECPrivateKey_bio 3094 1_1_0 EXIST::FUNCTION:EC
+@@ -3202,12 +3146,12 @@ d2i_ECPrivateKey_bio
BIO_s_secmem 3095 1_1_0 EXIST::FUNCTION:
ENGINE_get_default_EC 3096 1_1_0 EXIST::FUNCTION:ENGINE
TS_RESP_create_response 3097 1_1_0 EXIST::FUNCTION:TS
@@ -199316,7 +206983,7 @@
USERNOTICE_new 3104 1_1_0 EXIST::FUNCTION:
POLICY_MAPPING_new 3105 1_1_0 EXIST::FUNCTION:
CRYPTO_gcm128_release 3106 1_1_0 EXIST::FUNCTION:
-@@ -3218,9 +3162,9 @@ PEM_read_DSA_PUBKEY 3110 1_1_0 EXIST::FUNCTION:DSA
+@@ -3218,9 +3162,9 @@ PEM_read_DSA_PUBKEY
X509_get0_subject_key_id 3111 1_1_0 EXIST::FUNCTION:
i2s_ASN1_ENUMERATED 3112 1_1_0 EXIST::FUNCTION:
X509v3_get_ext_by_OBJ 3113 1_1_0 EXIST::FUNCTION:
@@ -199328,7 +206995,7 @@
i2d_RSA_PSS_PARAMS 3117 1_1_0 EXIST::FUNCTION:RSA
EVP_aes_128_wrap_pad 3118 1_1_0 EXIST::FUNCTION:
ASN1_BIT_STRING_set 3119 1_1_0 EXIST::FUNCTION:
-@@ -3248,16 +3192,16 @@ TXT_DB_free 3139 1_1_0 EXIST::FUNCTION:
+@@ -3248,16 +3192,16 @@ CONF_load_fp
ASN1_STRING_set 3140 1_1_0 EXIST::FUNCTION:
d2i_ESS_CERT_ID 3141 1_1_0 EXIST::FUNCTION:TS
EVP_PKEY_meth_set_derive 3142 1_1_0 EXIST::FUNCTION:
@@ -199349,7 +207016,7 @@
X509_CRL_get0_by_cert 3153 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_set_tsa 3154 1_1_0 EXIST::FUNCTION:TS
i2d_ASN1_GENERALIZEDTIME 3155 1_1_0 EXIST::FUNCTION:
-@@ -3268,11 +3212,11 @@ X509_VERIFY_PARAM_set_time 3159 1_1_0 EXIST::FUNCTION:
+@@ -3268,11 +3212,11 @@ TS_TST_INFO_set_tsa
BN_reciprocal 3160 1_1_0 EXIST::FUNCTION:
d2i_PKCS7_SIGN_ENVELOPE 3161 1_1_0 EXIST::FUNCTION:
X509_NAME_digest 3162 1_1_0 EXIST::FUNCTION:
@@ -199363,7 +207030,7 @@
PKCS12_SAFEBAG_create_crl 3168 1_1_0 EXIST::FUNCTION:
d2i_X509_NAME 3169 1_1_0 EXIST::FUNCTION:
IDEA_cfb64_encrypt 3170 1_1_0 EXIST::FUNCTION:IDEA
-@@ -3282,24 +3226,23 @@ HMAC_Init 3173 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_
+@@ -3282,24 +3226,23 @@ HMAC_Init
EVP_MD_CTX_update_fn 3174 1_1_0 EXIST::FUNCTION:
EVP_aes_128_ecb 3175 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_bio_stream 3176 1_1_0 EXIST::FUNCTION:
@@ -199393,7 +207060,7 @@
CRYPTO_THREAD_run_once 3195 1_1_0 EXIST::FUNCTION:
TS_REQ_print_bio 3196 1_1_0 EXIST::FUNCTION:TS
SCT_get_version 3197 1_1_0 EXIST::FUNCTION:CT
-@@ -3307,7 +3250,7 @@ IDEA_set_encrypt_key 3198 1_1_0 EXIST::FUNCTION:IDEA
+@@ -3307,7 +3250,7 @@ IDEA_set_encrypt_key
ENGINE_get_DH 3199 1_1_0 EXIST::FUNCTION:ENGINE
i2d_ASIdentifierChoice 3200 1_1_0 EXIST::FUNCTION:RFC3779
SRP_Calc_A 3201 1_1_0 EXIST::FUNCTION:SRP
@@ -199402,7 +207069,7 @@
EVP_idea_cfb64 3203 1_1_0 EXIST::FUNCTION:IDEA
PKCS12_newpass 3204 1_1_0 EXIST::FUNCTION:
EVP_aes_256_cbc_hmac_sha256 3205 1_1_0 EXIST::FUNCTION:
-@@ -3321,11 +3264,11 @@ EVP_CIPHER_CTX_new 3212 1_1_0 EXIST::FUNCTION:
+@@ -3321,11 +3264,11 @@ X509_issuer_name_hash_old
MD4_Final 3213 1_1_0 EXIST::FUNCTION:MD4
EVP_PKEY_id 3214 1_1_0 EXIST::FUNCTION:
CMS_RecipientInfo_get0_pkey_ctx 3215 1_1_0 EXIST::FUNCTION:CMS
@@ -199416,7 +207083,16 @@
BIO_hex_string 3221 1_1_0 EXIST::FUNCTION:
X509_REQ_sign_ctx 3222 1_1_0 EXIST::FUNCTION:
CRYPTO_ocb128_init 3223 1_1_0 EXIST::FUNCTION:OCB
-@@ -3377,10 +3320,9 @@ BIO_vprintf 3267 1_1_0 EXIST::FUNCTION:
+@@ -3364,7 +3307,7 @@ EVP_read_pw_string_min
+ X509_set_notBefore 3255 1_1_0 EXIST::FUNCTION:
+ MD4 3256 1_1_0 EXIST::FUNCTION:MD4
+ EVP_PKEY_CTX_dup 3257 1_1_0 EXIST::FUNCTION:
+-ENGINE_setup_bsd_cryptodev 3258 1_1_0 EXIST:__FreeBSD__:FUNCTION:ENGINE
++ENGINE_setup_bsd_cryptodev 3258 1_1_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
+ PEM_read_bio_DHparams 3259 1_1_0 EXIST::FUNCTION:DH
+ CMS_SharedInfo_encode 3260 1_1_0 EXIST::FUNCTION:CMS
+ ASN1_OBJECT_create 3261 1_1_0 EXIST::FUNCTION:
+@@ -3377,10 +3320,9 @@ ENGINE_set_load_pubkey_function
CMS_RecipientInfo_decrypt 3268 1_1_0 EXIST::FUNCTION:CMS
RSA_generate_key 3269 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA
PKCS7_set0_type_other 3270 1_1_0 EXIST::FUNCTION:
@@ -199429,7 +207105,7 @@
SCT_print 3275 1_1_0 EXIST::FUNCTION:CT
X509_PUBKEY_set 3276 1_1_0 EXIST::FUNCTION:
POLICY_CONSTRAINTS_free 3277 1_1_0 EXIST::FUNCTION:
-@@ -3390,9 +3332,9 @@ X509_NAME_get_text_by_OBJ 3280 1_1_0 EXIST::FUNCTION:
+@@ -3390,9 +3332,9 @@ d2i_DSA_PUBKEY_bio
RSA_padding_check_none 3281 1_1_0 EXIST::FUNCTION:RSA
CRYPTO_set_mem_debug 3282 1_1_0 EXIST::FUNCTION:
TS_VERIFY_CTX_init 3283 1_1_0 EXIST::FUNCTION:TS
@@ -199441,7 +207117,7 @@
X509_LOOKUP_ctrl 3287 1_1_0 EXIST::FUNCTION:
SRP_check_known_gN_param 3288 1_1_0 EXIST::FUNCTION:SRP
d2i_DIST_POINT 3289 1_1_0 EXIST::FUNCTION:
-@@ -3412,7 +3354,7 @@ DSA_SIG_free 3301 1_1_0 EXIST::FUNCTION:DSA
+@@ -3412,7 +3354,7 @@ DSA_SIG_free
BIO_asn1_set_suffix 3302 1_1_0 EXIST::FUNCTION:
EVP_PKEY_set_type_str 3303 1_1_0 EXIST::FUNCTION:
i2d_X509_SIG 3304 1_1_0 EXIST::FUNCTION:
@@ -199450,7 +207126,7 @@
X509_STORE_CTX_set_trust 3306 1_1_0 EXIST::FUNCTION:
TS_ACCURACY_set_micros 3307 1_1_0 EXIST::FUNCTION:TS
EVP_DigestFinal_ex 3308 1_1_0 EXIST::FUNCTION:
-@@ -3436,24 +3378,23 @@ CTLOG_free 3325 1_1_0 EXIST::FUNCTION:CT
+@@ -3436,24 +3378,23 @@ CTLOG_free
EVP_CIPHER_meth_dup 3326 1_1_0 EXIST::FUNCTION:
CMS_get1_crls 3327 1_1_0 EXIST::FUNCTION:CMS
X509_aux_print 3328 1_1_0 EXIST::FUNCTION:
@@ -199478,7 +207154,7 @@
ASN1_VISIBLESTRING_new 3347 1_1_0 EXIST::FUNCTION:
BN_set_flags 3348 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey_bio 3349 1_1_0 EXIST::FUNCTION:
-@@ -3461,8 +3402,8 @@ ASN1_SEQUENCE_ANY_it 3350 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -3461,8 +3402,8 @@ CMS_SignerInfo_verify_content
ASN1_SEQUENCE_ANY_it 3350 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ASN1_UTCTIME_adj 3351 1_1_0 EXIST::FUNCTION:
BN_mod_sqrt 3352 1_1_0 EXIST::FUNCTION:
@@ -199489,7 +207165,7 @@
EVP_PKEY_meth_get_paramgen 3355 1_1_0 EXIST::FUNCTION:
X509_ATTRIBUTE_create_by_OBJ 3356 1_1_0 EXIST::FUNCTION:
RSA_generate_key_ex 3357 1_1_0 EXIST::FUNCTION:RSA
-@@ -3471,7 +3412,7 @@ DIST_POINT_free 3359 1_1_0 EXIST::FUNCTION:
+@@ -3471,7 +3412,7 @@ CMS_SignerInfo_get0_algs
ESS_SIGNING_CERT_free 3360 1_1_0 EXIST::FUNCTION:TS
SCT_new_from_base64 3361 1_1_0 EXIST::FUNCTION:CT
OpenSSL_version 3362 1_1_0 EXIST::FUNCTION:
@@ -199498,7 +207174,7 @@
ECDSA_SIG_get0 3364 1_1_0 EXIST::FUNCTION:EC
BN_set_word 3365 1_1_0 EXIST::FUNCTION:
ENGINE_set_flags 3366 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -3489,21 +3430,19 @@ PKCS12_PBE_add 3376 1_1_0 EXIST::FUNCTION:
+@@ -3489,21 +3430,19 @@ RSA_padding_check_SSLv23
EC_KEY_set_public_key_affine_coordinates 3377 1_1_0 EXIST::FUNCTION:EC
EVP_EncryptInit_ex 3378 1_1_0 EXIST::FUNCTION:
ENGINE_add 3379 1_1_0 EXIST::FUNCTION:ENGINE
@@ -199521,7 +207197,7 @@
X509_INFO_free 3394 1_1_0 EXIST::FUNCTION:
d2i_PKCS8_PRIV_KEY_INFO_fp 3395 1_1_0 EXIST::FUNCTION:STDIO
X509_OBJECT_retrieve_match 3396 1_1_0 EXIST::FUNCTION:
-@@ -3511,13 +3450,13 @@ EVP_aes_128_ctr 3397 1_1_0 EXIST::FUNCTION:
+@@ -3511,13 +3450,13 @@ d2i_PKCS8_PRIV_KEY_INFO_fp
EVP_PBE_find 3398 1_1_0 EXIST::FUNCTION:
SHA512_Transform 3399 1_1_0 EXIST:!VMSVAX:FUNCTION:
ERR_add_error_vdata 3400 1_1_0 EXIST::FUNCTION:
@@ -199530,14 +207206,15 @@
NETSCAPE_SPKAC_new 3402 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_verify 3403 1_1_0 EXIST::FUNCTION:
CRYPTO_128_wrap 3404 1_1_0 EXIST::FUNCTION:
- X509_STORE_set_lookup_crls_cb 3405 1_1_0 EXIST::FUNCTION:
+-X509_STORE_set_lookup_crls_cb 3405 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_lookup_crls 3405 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_meth_get_ctrl 3406 1_1_0 EXIST::FUNCTION:
-OCSP_REQ_CTX_set1_req 3407 1_1_0 EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req 3407 1_1_0 EXIST::FUNCTION:OCSP
CONF_imodule_get_usr_data 3408 1_1_0 EXIST::FUNCTION:
CRYPTO_new_ex_data 3409 1_1_0 EXIST::FUNCTION:
PEM_read_PKCS8_PRIV_KEY_INFO 3410 1_1_0 EXIST::FUNCTION:
-@@ -3531,7 +3470,7 @@ ASN1_mbstring_copy 3417 1_1_0 EXIST::FUNCTION:
+@@ -3531,7 +3470,7 @@ DH_check_pub_key
PKCS7_set_type 3418 1_1_0 EXIST::FUNCTION:
BIO_gets 3419 1_1_0 EXIST::FUNCTION:
RSA_padding_check_PKCS1_type_1 3420 1_1_0 EXIST::FUNCTION:RSA
@@ -199546,7 +207223,7 @@
i2d_X509_REQ_fp 3422 1_1_0 EXIST::FUNCTION:STDIO
BN_BLINDING_convert_ex 3423 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_print 3424 1_1_0 EXIST::FUNCTION:
-@@ -3540,15 +3479,15 @@ PEM_ASN1_read 3426 1_1_0 EXIST::FUNCTION:STDIO
+@@ -3540,15 +3479,15 @@ PEM_ASN1_read
SCT_get_log_entry_type 3427 1_1_0 EXIST::FUNCTION:CT
EVP_CIPHER_meth_get_init 3428 1_1_0 EXIST::FUNCTION:
X509_ALGOR_free 3429 1_1_0 EXIST::FUNCTION:
@@ -199565,7 +207242,7 @@
EVP_MD_meth_get_init 3439 1_1_0 EXIST::FUNCTION:
ASN1_BIT_STRING_free 3440 1_1_0 EXIST::FUNCTION:
i2d_PROXY_CERT_INFO_EXTENSION 3441 1_1_0 EXIST::FUNCTION:
-@@ -3557,10 +3496,10 @@ X509_CRL_up_ref 3443 1_1_0 EXIST::FUNCTION:
+@@ -3557,10 +3496,10 @@ CTLOG_new_null
EVP_EncodeFinal 3444 1_1_0 EXIST::FUNCTION:
X509_set_ex_data 3445 1_1_0 EXIST::FUNCTION:
ERR_get_next_error_library 3446 1_1_0 EXIST::FUNCTION:
@@ -199578,7 +207255,7 @@
BIO_method_type 3451 1_1_0 EXIST::FUNCTION:
ECPKParameters_print 3452 1_1_0 EXIST::FUNCTION:EC
EVP_rc4 3453 1_1_0 EXIST::FUNCTION:RC4
-@@ -3588,14 +3527,14 @@ ASYNC_WAIT_CTX_get_changed_fds 3474 1_1_0 EXIST::FUNCTION:
+@@ -3588,14 +3527,14 @@ RIPEMD160_Init
EVP_PKEY_save_parameters 3475 1_1_0 EXIST::FUNCTION:
SCT_set_source 3476 1_1_0 EXIST::FUNCTION:CT
DES_set_odd_parity 3477 1_1_0 EXIST::FUNCTION:DES
@@ -199597,7 +207274,7 @@
X509V3_EXT_add_alias 3486 1_1_0 EXIST::FUNCTION:
BN_get_params 3487 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
PKCS5_pbkdf2_set 3488 1_1_0 EXIST::FUNCTION:
-@@ -3613,7 +3552,7 @@ BIO_ptr_ctrl 3499 1_1_0 EXIST::FUNCTION:
+@@ -3613,7 +3552,7 @@ ENGINE_register_digests
EVP_rc4_hmac_md5 3500 1_1_0 EXIST::FUNCTION:MD5,RC4
OPENSSL_strlcat 3501 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_new 3502 1_1_0 EXIST::FUNCTION:
@@ -199606,7 +207283,7 @@
BUF_MEM_grow_clean 3504 1_1_0 EXIST::FUNCTION:
X509_NAME_print_ex_fp 3505 1_1_0 EXIST::FUNCTION:STDIO
X509_check_host 3506 1_1_0 EXIST::FUNCTION:
-@@ -3663,7 +3602,6 @@ BN_dec2bn 3549 1_1_0 EXIST::FUNCTION:
+@@ -3663,7 +3602,6 @@ i2o_SCT_signature
CMS_decrypt 3550 1_1_0 EXIST::FUNCTION:CMS
BN_mpi2bn 3551 1_1_0 EXIST::FUNCTION:
EVP_aes_128_cfb128 3552 1_1_0 EXIST::FUNCTION:
@@ -199614,7 +207291,7 @@
RC5_32_ecb_encrypt 3554 1_1_0 EXIST::FUNCTION:RC5
EVP_CIPHER_meth_new 3555 1_1_0 EXIST::FUNCTION:
i2d_RSA_OAEP_PARAMS 3556 1_1_0 EXIST::FUNCTION:RSA
-@@ -3671,19 +3609,17 @@ SXNET_get_id_ulong 3557 1_1_0 EXIST::FUNCTION:
+@@ -3671,19 +3609,17 @@ i2d_RSA_OAEP_PARAMS
BIO_get_callback_arg 3558 1_1_0 EXIST::FUNCTION:
ENGINE_register_RSA 3559 1_1_0 EXIST::FUNCTION:ENGINE
i2v_GENERAL_NAMES 3560 1_1_0 EXIST::FUNCTION:
@@ -199636,7 +207313,7 @@
CRYPTO_ccm128_aad 3572 1_1_0 EXIST::FUNCTION:
IPAddressFamily_new 3573 1_1_0 EXIST::FUNCTION:RFC3779
d2i_TS_ACCURACY 3574 1_1_0 EXIST::FUNCTION:TS
-@@ -3693,7 +3629,7 @@ EVP_camellia_256_cbc 3577 1_1_0 EXIST::FUNCTION:CAMELLIA
+@@ -3693,7 +3629,7 @@ EVP_camellia_256_cbc
i2d_PROXY_POLICY 3578 1_1_0 EXIST::FUNCTION:
X509_subject_name_hash_old 3579 1_1_0 EXIST::FUNCTION:MD5
PEM_read_bio_DSA_PUBKEY 3580 1_1_0 EXIST::FUNCTION:DSA
@@ -199645,7 +207322,7 @@
PEM_write_DSAparams 3582 1_1_0 EXIST::FUNCTION:DSA
ASN1_TIME_to_generalizedtime 3583 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_critical 3584 1_1_0 EXIST::FUNCTION:
-@@ -3703,17 +3639,16 @@ PEM_write_RSAPublicKey 3587 1_1_0 EXIST::FUNCTION:RSA
+@@ -3703,17 +3639,16 @@ PEM_write_RSAPublicKey
EVP_MD_meth_dup 3588 1_1_0 EXIST::FUNCTION:
ENGINE_unregister_ciphers 3589 1_1_0 EXIST::FUNCTION:ENGINE
X509_issuer_and_serial_cmp 3590 1_1_0 EXIST::FUNCTION:
@@ -199665,7 +207342,7 @@
BN_is_prime 3601 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
CMS_get0_signers 3602 1_1_0 EXIST::FUNCTION:CMS
i2d_PrivateKey_fp 3603 1_1_0 EXIST::FUNCTION:STDIO
-@@ -3736,11 +3671,10 @@ TS_CONF_set_signer_digest 3619 1_1_0 EXIST::FUNCTION:TS
+@@ -3736,11 +3671,10 @@ TS_CONF_set_signer_digest
OBJ_new_nid 3620 1_1_0 EXIST::FUNCTION:
CMS_ReceiptRequest_new 3621 1_1_0 EXIST::FUNCTION:CMS
SRP_VBASE_get1_by_user 3622 1_1_0 EXIST::FUNCTION:SRP
@@ -199678,7 +207355,7 @@
ENGINE_free 3628 1_1_0 EXIST::FUNCTION:ENGINE
d2i_X509_ATTRIBUTE 3629 1_1_0 EXIST::FUNCTION:
TS_RESP_free 3630 1_1_0 EXIST::FUNCTION:TS
-@@ -3781,22 +3715,21 @@ ERR_load_DH_strings 3664 1_1_0 EXIST::FUNCTION:DH
+@@ -3781,22 +3715,21 @@ ERR_load_DH_strings
EVP_MD_block_size 3665 1_1_0 EXIST::FUNCTION:
TS_X509_ALGOR_print_bio 3666 1_1_0 EXIST::FUNCTION:TS
d2i_PKCS7_ENVELOPE 3667 1_1_0 EXIST::FUNCTION:
@@ -199704,7 +207381,7 @@
ASN1_STRING_free 3684 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_inherit 3685 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_curve_name 3686 1_1_0 EXIST::FUNCTION:EC
-@@ -3806,20 +3739,20 @@ EVP_PKEY_decrypt_old 3689 1_1_0 EXIST::FUNCTION:
+@@ -3806,20 +3739,20 @@ RSA_print
ASN1_UTCTIME_cmp_time_t 3690 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1_ip 3691 1_1_0 EXIST::FUNCTION:
OTHERNAME_free 3692 1_1_0 EXIST::FUNCTION:
@@ -199730,7 +207407,7 @@
CMS_add0_CertificateChoices 3706 1_1_0 EXIST::FUNCTION:CMS
POLICYINFO_new 3707 1_1_0 EXIST::FUNCTION:
X509_CRL_get0_by_serial 3708 1_1_0 EXIST::FUNCTION:
-@@ -3832,15 +3765,15 @@ ENGINE_register_all_digests 3713 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -3832,15 +3765,15 @@ ENGINE_register_all_digests
X509_REQ_get_version 3714 1_1_0 EXIST::FUNCTION:
i2d_ASN1_UTCTIME 3715 1_1_0 EXIST::FUNCTION:
TS_STATUS_INFO_new 3716 1_1_0 EXIST::FUNCTION:TS
@@ -199749,7 +207426,7 @@
X509_STORE_CTX_get0_policy_tree 3726 1_1_0 EXIST::FUNCTION:
DES_set_key_checked 3727 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_meth_free 3728 1_1_0 EXIST::FUNCTION:
-@@ -3869,9 +3802,9 @@ EVP_PKEY_meth_get_sign 3750 1_1_0 EXIST::FUNCTION:
+@@ -3869,9 +3802,9 @@ DES_fcrypt
TS_REQ_get_nonce 3751 1_1_0 EXIST::FUNCTION:TS
ENGINE_unregister_EC 3752 1_1_0 EXIST::FUNCTION:ENGINE
X509v3_get_ext_count 3753 1_1_0 EXIST::FUNCTION:
@@ -199761,7 +207438,7 @@
BIO_set_callback 3757 1_1_0 EXIST::FUNCTION:
BN_GF2m_poly2arr 3758 1_1_0 EXIST::FUNCTION:EC2M
CMS_unsigned_get_attr_count 3759 1_1_0 EXIST::FUNCTION:CMS
-@@ -3881,18 +3814,17 @@ ECDH_compute_key 3762 1_1_0 EXIST::FUNCTION:EC
+@@ -3881,18 +3814,17 @@ ECDH_compute_key
ASN1_TIME_print 3763 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_peerkey 3764 1_1_0 EXIST::FUNCTION:
BN_mod_lshift1 3765 1_1_0 EXIST::FUNCTION:
@@ -199784,7 +207461,7 @@
EC_KEY_METHOD_set_init 3777 1_1_0 EXIST::FUNCTION:EC
EVP_PKEY_asn1_copy 3778 1_1_0 EXIST::FUNCTION:
RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-@@ -3900,7 +3832,7 @@ RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -3900,7 +3832,7 @@ RSA_PSS_PARAMS_it
X509_STORE_CTX_get_error_depth 3780 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_set_string 3781 1_1_0 EXIST::FUNCTION:
EC_GROUP_new_curve_GFp 3782 1_1_0 EXIST::FUNCTION:EC
@@ -199793,7 +207470,7 @@
Camellia_ofb128_encrypt 3784 1_1_0 EXIST::FUNCTION:CAMELLIA
X509_new 3785 1_1_0 EXIST::FUNCTION:
EC_KEY_get_conv_form 3786 1_1_0 EXIST::FUNCTION:EC
-@@ -3931,15 +3863,14 @@ USERNOTICE_it 3809 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -3931,15 +3863,14 @@ CMS_signed_delete_attr
PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BN_mul_word 3811 1_1_0 EXIST::FUNCTION:
@@ -199811,7 +207488,7 @@
X509_PURPOSE_get_by_sname 3820 1_1_0 EXIST::FUNCTION:
X509_PURPOSE_set 3821 1_1_0 EXIST::FUNCTION:
BN_mod_inverse 3822 1_1_0 EXIST::FUNCTION:
-@@ -3961,20 +3892,20 @@ BN_GF2m_mod_inv_arr 3837 1_1_0 EXIST::FUNCTION:EC2M
+@@ -3961,20 +3892,20 @@ BN_GF2m_mod_inv_arr
X509_REQ_get1_email 3838 1_1_0 EXIST::FUNCTION:
EC_KEY_print 3839 1_1_0 EXIST::FUNCTION:EC
i2d_ASN1_INTEGER 3840 1_1_0 EXIST::FUNCTION:
@@ -199836,7 +207513,7 @@
EVP_PKEY_asn1_set_security_bits 3855 1_1_0 EXIST::FUNCTION:
i2d_CERTIFICATEPOLICIES 3856 1_1_0 EXIST::FUNCTION:
i2d_X509_CERT_AUX 3857 1_1_0 EXIST::FUNCTION:
-@@ -3982,8 +3913,8 @@ i2o_ECPublicKey 3858 1_1_0 EXIST::FUNCTION:EC
+@@ -3982,8 +3913,8 @@ i2o_ECPublicKey
PKCS12_SAFEBAG_create0_pkcs8 3859 1_1_0 EXIST::FUNCTION:
OBJ_get0_data 3860 1_1_0 EXIST::FUNCTION:
EC_GROUP_get0_seed 3861 1_1_0 EXIST::FUNCTION:EC
@@ -199847,7 +207524,7 @@
ASRange_it 3863 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
ASRange_it 3863 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
i2d_TS_RESP 3864 1_1_0 EXIST::FUNCTION:TS
-@@ -3997,17 +3928,15 @@ RSA_OAEP_PARAMS_it 3871 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -3997,17 +3928,15 @@ RSA_OAEP_PARAMS_it
RSA_OAEP_PARAMS_it 3871 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
BN_bn2mpi 3872 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_cleanup 3873 1_1_0 EXIST::FUNCTION:
@@ -199867,7 +207544,7 @@
ASN1_INTEGER_it 3885 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_INTEGER_it 3885 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
TS_ACCURACY_new 3886 1_1_0 EXIST::FUNCTION:TS
-@@ -4019,19 +3948,19 @@ PBKDF2PARAM_new 3891 1_1_0 EXIST::FUNCTION:
+@@ -4019,19 +3948,19 @@ TS_RESP_CTX_set_status_info_cond
ENGINE_set_RSA 3892 1_1_0 EXIST::FUNCTION:ENGINE
i2d_X509_ATTRIBUTE 3893 1_1_0 EXIST::FUNCTION:
PKCS7_ctrl 3894 1_1_0 EXIST::FUNCTION:
@@ -199891,7 +207568,7 @@
PKCS8_pkey_get0_attrs 3907 1_1_0 EXIST::FUNCTION:
PKCS8_pkey_add1_attr_by_NID 3908 1_1_0 EXIST::FUNCTION:
ASYNC_is_capable 3909 1_1_0 EXIST::FUNCTION:
-@@ -4194,16 +4123,29 @@ DH_meth_set_generate_key 4067 1_1_0 EXIST::FUNCTION:DH
+@@ -4194,16 +4123,69 @@ DH_meth_set_generate_key
DH_meth_free 4068 1_1_0 EXIST::FUNCTION:DH
DH_meth_get_generate_key 4069 1_1_0 EXIST::FUNCTION:DH
DH_set_flags 4070 1_1_0 EXIST::FUNCTION:DH
@@ -199903,7 +207580,8 @@
-X509_STORE_CTX_set0_chain 4075 1_1_0 NOEXIST::FUNCTION:
+X509_STORE_CTX_set_error_depth 4075 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_cert 4076 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set_verify 4077 1_1_0 EXIST::FUNCTION:
+-X509_STORE_CTX_set_verify 4077 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_set_verify 4077 1_1_0 NOEXIST::FUNCTION:
+X509_STORE_CTX_set_current_cert 4078 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get_verify 4079 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get_verify_cb 4080 1_1_0 EXIST::FUNCTION:
@@ -199927,11 +207605,49 @@
+DSA_SIG_set0 4094 1_1_0 EXIST::FUNCTION:DSA
+EVP_PKEY_get0_hmac 4095 1_1_0 EXIST::FUNCTION:
+HMAC_CTX_get_md 4096 1_1_0 EXIST::FUNCTION:
-diff --git a/util/libssl.num b/util/libssl.num
-index 636892c..d023293 100644
++NAME_CONSTRAINTS_check_CN 4097 1_1_0 EXIST::FUNCTION:
++OCSP_resp_get0_id 4098 1_1_0 EXIST::FUNCTION:OCSP
++OCSP_resp_get0_certs 4099 1_1_0 EXIST::FUNCTION:OCSP
++X509_set_proxy_flag 4100 1_1_0 EXIST::FUNCTION:
++EVP_ENCODE_CTX_copy 4101 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_check_issued 4102 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_lookup_certs 4103 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_check_crl 4104 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_cleanup 4105 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_lookup_crls 4106 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_cert_crl 4107 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_lookup_certs 4108 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_check_revocation 4109 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_get_crl 4110 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_check_issued 4111 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_check_policy 4112 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_check_crl 4113 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_check_crl 4114 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_check_issued 4115 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_get_issuer 4116 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_get_crl 4117 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_get_issuer 4118 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_cleanup 4119 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_cleanup 4120 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_get_crl 4121 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_check_revocation 4122 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_cert_crl 4123 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_lookup_certs 4124 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_check_policy 4125 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_get_issuer 4126 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_check_policy 4127 1_1_0 EXIST::FUNCTION:
++X509_STORE_set_cert_crl 4128 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_check_revocation 4129 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_verify_cb 4130 1_1_0 EXIST::FUNCTION:
++X509_STORE_CTX_get_lookup_crls 4131 1_1_0 EXIST::FUNCTION:
++X509_STORE_get_verify 4132 1_1_0 EXIST::FUNCTION:
++X509_STORE_unlock 4133 1_1_0 EXIST::FUNCTION:
++X509_STORE_lock 4134 1_1_0 EXIST::FUNCTION:
++X509_set_proxy_pathlen 4135 1_1_0 EXIST::FUNCTION:
++X509_get_proxy_pathlen 4136 1_1_0 EXIST::FUNCTION:
--- a/util/libssl.num
+++ b/util/libssl.num
-@@ -7,7 +7,6 @@ SSL_copy_session_id 6 1_1_0 EXIST::FUNCTION:
+@@ -7,7 +7,6 @@ SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password 7 1_1_0 EXIST::FUNCTION:SRP
SSL_shutdown 8 1_1_0 EXIST::FUNCTION:
SSL_CTX_set_msg_callback 9 1_1_0 EXIST::FUNCTION:
@@ -199939,15 +207655,17 @@
SSL_SESSION_get0_ticket 11 1_1_0 EXIST::FUNCTION:
SSL_get1_supported_ciphers 12 1_1_0 EXIST::FUNCTION:
SSL_state_string_long 13 1_1_0 EXIST::FUNCTION:
-@@ -394,3 +393,6 @@ SSL_enable_ct 393 1_1_0 EXIST::FUNCTION:CT
+@@ -394,3 +393,10 @@ SSL_enable_ct
SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT
SSL_CTX_get_ciphers 395 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_hostname 396 1_1_0 EXIST::FUNCTION:
+SSL_client_version 397 1_1_0 EXIST::FUNCTION:
+SSL_SESSION_get_protocol_version 398 1_1_0 EXIST::FUNCTION:
+SSL_is_dtls 399 1_1_0 EXIST::FUNCTION:
-diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl
-index a809f71..5bf0168 100755
++SSL_CTX_dane_set_flags 400 1_1_0 EXIST::FUNCTION:
++SSL_dane_set_flags 401 1_1_0 EXIST::FUNCTION:
++SSL_CTX_dane_clear_flags 402 1_1_0 EXIST::FUNCTION:
++SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
--- a/util/mkbuildinf.pl
+++ b/util/mkbuildinf.pl
@@ -1,4 +1,11 @@
@@ -199963,8 +207681,6 @@
my ($cflags, $platform) = @ARGV;
-diff --git a/util/mkdef.pl b/util/mkdef.pl
-index 9f8d561..c2fbfe7 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -1,4 +1,11 @@
@@ -199980,7 +207696,16 @@
#
# generate a .def file
#
-@@ -122,6 +129,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+@@ -66,7 +73,7 @@ my $linux=0;
+ my $safe_stack_def = 0;
+
+ my @known_platforms = ( "__FreeBSD__", "PERL5",
+- "EXPORT_VAR_AS_FUNCTION", "ZLIB"
++ "EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32"
+ );
+ my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" );
+ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+@@ -122,6 +129,7 @@ my @known_algorithms = ( "RC2", "RC4", "
"TS",
# OCB mode
"OCB",
@@ -199988,7 +207713,7 @@
# APPLINK (win build feature?)
"APPLINK"
);
-@@ -239,7 +247,6 @@ $ssl.=" include/openssl/srtp.h";
+@@ -239,7 +247,6 @@ my $ssl="include/openssl/ssl.h";
my $crypto ="include/openssl/crypto.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
@@ -199996,7 +207721,15 @@
$crypto.=" include/internal/err.h";
$crypto.=" include/openssl/des.h" ; # unless $no_des;
$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
-@@ -1317,11 +1324,11 @@ EOF
+@@ -1114,6 +1121,7 @@ sub is_valid
+ if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
+ if ($keyword eq "VMS" && $VMS) { return 1; }
+ if ($keyword eq "WIN32" && $W32) { return 1; }
++ if ($keyword eq "_WIN32" && $W32) { return 1; }
+ if ($keyword eq "WINNT" && $NT) { return 1; }
+ # Special platforms:
+ # EXPORT_VAR_AS_FUNCTION means that global variables
+@@ -1317,11 +1325,11 @@ EOF
print OUT $symline;
$symvtextcount += length($symline) - 2;
} elsif($v) {
@@ -200012,8 +207745,6 @@
}
}
}
-diff --git a/util/mkdir-p.pl b/util/mkdir-p.pl
-index e73d02b..3280602 100755
--- a/util/mkdir-p.pl
+++ b/util/mkdir-p.pl
@@ -1,6 +1,10 @@
@@ -200044,8 +207775,6 @@
+ }
print "created directory `$dir'\n";
}
-diff --git a/util/mkerr.pl b/util/mkerr.pl
-index 4fd5520..7d07978 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -1,7 +1,12 @@
@@ -200072,7 +207801,7 @@
my $pack_errcode;
my $load_errcode;
-@@ -62,6 +69,8 @@ Options:
+@@ -62,6 +69,8 @@ mkerr.pl [options] ...
-hprefix P Prepend the filenames in generated #include <header>
statements with prefix P. Default: 'openssl/' (without
the quotes, naturally)
@@ -200184,7 +207913,7 @@
"\n",
"/* BEGIN ERROR CODES */\n";
}
-@@ -482,6 +453,7 @@ foreach $lib (keys %csrc)
+@@ -482,15 +453,16 @@ foreach $lib (keys %csrc)
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -200192,6 +207921,17 @@
EOF
if($static) {
print OUT <<"EOF";
+-${staticloader}void ERR_load_${lib}_strings(void);
++${staticloader}int ERR_load_${lib}_strings(void);
+
+ EOF
+ } else {
+ print OUT <<"EOF";
+-${staticloader}void ERR_load_${lib}_strings(void);
++${staticloader}int ERR_load_${lib}_strings(void);
+ ${staticloader}void ERR_unload_${lib}_strings(void);
+ ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+ # define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
@@ -542,11 +514,17 @@ EOF
}
print OUT <<"EOF";
@@ -200320,8 +208060,40 @@
print OUT " {${rstr},\n \"$rn\"},\n";
} else {
print OUT " {${rstr}, \"$rn\"},\n";
-diff --git a/util/mkrc.pl b/util/mkrc.pl
-index 8b74ff8..c177349 100755
+@@ -719,7 +652,7 @@ if($static) {
+
+ #endif
+
+-${staticloader}void ERR_load_${lib}_strings(void)
++${staticloader}int ERR_load_${lib}_strings(void)
+ {
+ #ifndef OPENSSL_NO_ERR
+
+@@ -728,6 +661,7 @@ if($static) {
+ ERR_load_strings($load_errcode, ${lib}_str_reasons);
+ }
+ #endif
++ return 1;
+ }
+ EOF
+ } else {
+@@ -747,7 +681,7 @@ static ERR_STRING_DATA ${lib}_lib_name[]
+ static int ${lib}_lib_error_code = 0;
+ static int ${lib}_error_init = 1;
+
+-${staticloader}void ERR_load_${lib}_strings(void)
++${staticloader}int ERR_load_${lib}_strings(void)
+ {
+ if (${lib}_lib_error_code == 0)
+ ${lib}_lib_error_code = ERR_get_next_error_library();
+@@ -764,6 +698,7 @@ static int ${lib}_error_init = 1;
+ ERR_load_strings(0, ${lib}_lib_name);
+ #endif
+ }
++ return 1;
+ }
+
+ ${staticloader}void ERR_unload_${lib}_strings(void)
--- a/util/mkrc.pl
+++ b/util/mkrc.pl
@@ -1,5 +1,10 @@
@@ -200345,8 +208117,6 @@
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
-diff --git a/util/openssl-format-source b/util/openssl-format-source
-index 7258836..36ea432 100755
--- a/util/openssl-format-source
+++ b/util/openssl-format-source
@@ -1,5 +1,13 @@
@@ -200363,9 +208133,6 @@
# openssl-format-source
# - format source tree according to OpenSSL coding style using indent
#
-diff --git a/util/perl/OpenSSL/Util/Pod.pm b/util/perl/OpenSSL/Util/Pod.pm
-new file mode 100644
-index 0000000..5c0af95
--- /dev/null
+++ b/util/perl/OpenSSL/Util/Pod.pm
@@ -0,0 +1,158 @@
@@ -200527,9 +208294,6 @@
+}
+
+1;
-diff --git a/util/perlpath.pl b/util/perlpath.pl
-deleted file mode 100755
-index a1f236b..0000000
--- a/util/perlpath.pl
+++ /dev/null
@@ -1,35 +0,0 @@
@@ -200568,9 +208332,6 @@
- rename($new,$_) || die "unable to rename $dir/$new:$!\n";
- chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
- }
-diff --git a/util/process_docs.pl b/util/process_docs.pl
-new file mode 100644
-index 0000000..8b8de81
--- /dev/null
+++ b/util/process_docs.pl
@@ -0,0 +1,235 @@
@@ -200809,8 +208570,6 @@
+https://www.openssl.org/source/license.html
+
+=cut
-diff --git a/util/selftest.pl b/util/selftest.pl
-index 06d494a..d1d1159 100644
--- a/util/selftest.pl
+++ b/util/selftest.pl
@@ -1,7 +1,12 @@
@@ -200828,8 +208587,6 @@
if (! -f "Configure") {
print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
-diff --git a/util/su-filter.pl b/util/su-filter.pl
-index 3715ba2..5996f58 100644
--- a/util/su-filter.pl
+++ b/util/su-filter.pl
@@ -1,7 +1,11 @@
@@ -200847,9 +208604,6 @@
use strict;
my $in_su = 0;
-diff --git a/util/toutf8.sh b/util/toutf8.sh
-deleted file mode 100644
-index 8a4254b..0000000
--- a/util/toutf8.sh
+++ /dev/null
@@ -1,17 +0,0 @@
@@ -200870,8 +208624,6 @@
- )
- fi
- done
-diff --git a/util/with_fallback.pm b/util/with_fallback.pm
-index 014f355..b6deb20 100644
--- a/util/with_fallback.pm
+++ b/util/with_fallback.pm
@@ -1,4 +1,9 @@
Modified: openssl/branches/1.1.0/debian/patches/pic.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/pic.patch 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/pic.patch 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,8 +1,13 @@
-Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200
-+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -16,6 +16,11 @@
+---
+ crypto/des/asm/desboth.pl | 17 ++++++++++++++---
+ crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++----
+ crypto/perlasm/x86gas.pl | 16 ++++++++++++++++
+ crypto/x86cpuid.pl | 10 +++++-----
+ 4 files changed, 55 insertions(+), 12 deletions(-)
+
+--- a/crypto/des/asm/desboth.pl
++++ b/crypto/des/asm/desboth.pl
+@@ -23,6 +23,11 @@ sub DES_encrypt3
&push("edi");
@@ -14,7 +19,7 @@
&comment("");
&comment("Load the data words");
&mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@
+@@ -54,15 +59,21 @@ sub DES_encrypt3
&mov(&swtmp(2), (DWC(($enc)?"1":"0")));
&mov(&swtmp(1), "eax");
&mov(&swtmp(0), "ebx");
@@ -39,11 +44,9 @@
&stack_pop(3);
&mov($L,&DWP(0,"ebx","",0));
-Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200
-+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -122,7 +122,11 @@
+--- a/crypto/perlasm/cbc.pl
++++ b/crypto/perlasm/cbc.pl
+@@ -129,7 +129,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -56,7 +59,7 @@
&mov("eax", &DWP($data_off,"esp","",0));
&mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@
+@@ -192,7 +196,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -69,7 +72,7 @@
&mov("eax", &DWP($data_off,"esp","",0));
&mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@
+@@ -225,7 +233,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -82,7 +85,7 @@
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
-@@ -261,7 +273,11 @@
+@@ -268,7 +280,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -95,11 +98,9 @@
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
-Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100
-+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -161,6 +161,7 @@
+--- a/crypto/perlasm/x86gas.pl
++++ b/crypto/perlasm/x86gas.pl
+@@ -170,6 +170,7 @@ sub ::file_end
if ($::macosx) { push (@out,"$tmp,2\n"); }
elsif ($::elf) { push (@out,"$tmp,4\n"); }
else { push (@out,"$tmp\n"); }
@@ -107,7 +108,7 @@
}
push(@out,$initseg) if ($initseg);
}
-@@ -218,8 +219,23 @@
+@@ -228,8 +229,23 @@ sub ::initseg
elsif ($::elf)
{ $initseg.=<<___;
.section .init
@@ -131,11 +132,9 @@
}
elsif ($::coff)
{ $initseg.=<<___; # applies to both Cygwin and Mingw
-Index: openssl-1.0.1c/crypto/x86cpuid.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100
-+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -8,6 +8,8 @@
+--- a/crypto/x86cpuid.pl
++++ b/crypto/x86cpuid.pl
+@@ -18,6 +18,8 @@ open OUT,">$output";
for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -144,7 +143,7 @@
&function_begin("OPENSSL_ia32_cpuid");
&xor ("edx","edx");
&pushf ();
-@@ -139,9 +141,7 @@
+@@ -165,9 +167,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
&set_label("nocpuid");
&function_end("OPENSSL_ia32_cpuid");
@@ -155,7 +154,7 @@
&xor ("eax","eax");
&xor ("edx","edx");
&picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -155,7 +155,7 @@
+@@ -181,7 +181,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
# but it's safe to call it on any [supported] 32-bit platform...
# Just check for [non-]zero return value...
@@ -164,7 +163,7 @@
&picmeup("ecx","OPENSSL_ia32cap_P");
&bt (&DWP(0,"ecx"),4);
&jnc (&label("nohalt")); # no TSC
-@@ -222,7 +222,7 @@
+@@ -248,7 +248,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
&ret ();
&function_end_B("OPENSSL_far_spin");
Modified: openssl/branches/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/patches/series 2016-07-29 22:02:21 UTC (rev 815)
@@ -1,7 +1,6 @@
openssl_snapshot.patch
config-hurd.patch
debian-targets.patch
-engines-path.patch
man-section.patch
no-rpath.patch
no-symbolic.patch
Modified: openssl/branches/1.1.0/debian/rules
===================================================================
--- openssl/branches/1.1.0/debian/rules 2016-07-24 19:51:30 UTC (rev 814)
+++ openssl/branches/1.1.0/debian/rules 2016-07-29 22:02:21 UTC (rev 815)
@@ -71,7 +71,8 @@
mv libcrypto.so* libssl.so* $$opt/; \
$(MAKE) -f Makefile clean; \
done
- ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)
+ # Debian Perl policy 5.1 (Script Magic)
+ HASHBANGPERL=/usr/bin/perl ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)
#$(MAKE) -f Makefile depend
ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
# $(MAKE) -f Makefile linux-shared
@@ -117,7 +118,7 @@
dh_testroot
dh_clean
dh_installdirs
- $(MAKE) -f Makefile install DESTDIR=`pwd`/debian/tmp
+ $(MAKE) -f Makefile install DESTDIR=`pwd`/debian/tmp -j1
binary-indep: build install
dh_testdir
More information about the Pkg-openssl-changes
mailing list