[Pkg-openssl-changes] r805 - in openssl/branches/1.1.0/debian: . patches
Sebastian Andrzej Siewior
bigeasy at moszumanska.debian.org
Fri Jun 10 19:30:09 UTC 2016
Author: bigeasy
Date: 2016-06-10 19:30:09 +0000 (Fri, 10 Jun 2016)
New Revision: 805
Modified:
openssl/branches/1.1.0/debian/changelog
openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
openssl/branches/1.1.0/debian/rules
Log:
parallel rules which work for sbuild + update snapshot
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2016-06-10 18:43:56 UTC (rev 804)
+++ openssl/branches/1.1.0/debian/changelog 2016-06-10 19:30:09 UTC (rev 805)
@@ -3,6 +3,8 @@
* Run the testsuite with verbose output.
* Use $(MAKE) so the whole make environment is passed to its child and we
can build in parallel with -jX
+ * Update snapshot to commit 5000a6d1215e ("Fix an error path leak in int
+ X509_ATTRIBUTE_set1_data()")
-- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Sun, 05 Jun 2016 22:49:30 +0200
Modified: openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-06-10 18:43:56 UTC (rev 804)
+++ openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-06-10 19:30:09 UTC (rev 805)
@@ -1,16 +1,33 @@
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
-index 0000000..1504fc6
+index 000000000000..f33e22acf6cb
--- /dev/null
+++ b/.gitattributes
-@@ -0,0 +1 @@
+@@ -0,0 +1,2 @@
+*.der binary
++/fuzz/corpora/** binary
diff --git a/.gitignore b/.gitignore
-index a6f5bf7..2f99952 100644
+index a6f5bf743a67..b47a348bdd37 100644
--- a/.gitignore
+++ b/.gitignore
-@@ -57,6 +57,14 @@ Makefile
+@@ -31,6 +31,7 @@ Makefile
+ /test/test*.pem
+ /test/newkey.pem
+ /test/*.log
++/test/buildtest_*
+ # Certificate symbolic links
+ *.0
+@@ -38,6 +39,7 @@ Makefile
+ # Links under apps
+ /apps/CA.pl
+ /apps/tsget
++/apps/tsget.pl
+ /apps/md4.c
+
+
+@@ -57,6 +59,15 @@ Makefile
+
# Executables
/apps/openssl
+/fuzz/asn1
@@ -19,25 +36,56 @@
+/fuzz/bndiv
+/fuzz/conf
+/fuzz/cms
++/fuzz/ct
+/fuzz/server
+/fuzz/x509
/test/sha256t
/test/sha512t
/test/gost2814789t
-@@ -71,6 +79,8 @@ Makefile
+@@ -71,10 +82,21 @@ Makefile
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
+/test/ssltest_old
+/test/x509aux
++/test/v3ext
*.so*
*.dylib*
*.dll*
+ *.exe
++*.pyc
++*.exp
++*.lib
++*.pdb
++*.ilk
++*.def
++*.rc
++*.res
+ # Exceptions
+ !/test/bctest
+ !/crypto/des/times/486-50.sol
+@@ -82,6 +104,7 @@ Makefile
+ # Misc auto generated files
+ /include/openssl/opensslconf.h
+ /tools/c_rehash
++/tools/c_rehash.pl
+ /crypto/**/lib
+ /engines/**/lib
+ /ssl/**/lib
+@@ -94,7 +117,7 @@ cscope.*
+ /crypto.map
+ /ssl.map
+
+-# Windows
++# Windows (legacy)
+ /tmp32
+ /tmp32.dbg
+ /tmp32dll
diff --git a/.travis.yml b/.travis.yml
-index f180a44..78cee30 100644
+index f180a446ac80..d3f67f9b4c48 100644
--- a/.travis.yml
+++ b/.travis.yml
-@@ -23,11 +23,9 @@ compiler:
+@@ -23,11 +23,9 @@ cache: ccache
- gcc
env:
@@ -50,7 +98,28 @@
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
-@@ -60,34 +58,24 @@ matrix:
+@@ -35,16 +33,16 @@ cache: ccache
+ include:
+ - os: linux
+ compiler: clang-3.6
+- env: CONFIG_OPTS="-fsanitize=address no-shared"
++ env: CONFIG_OPTS="no-shared enable-asan"
+ - os: linux
+ compiler: clang-3.6
+- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2 -fno-sanitize=alignment"
++ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -fno-sanitize=alignment"
+ - os: linux
+ compiler: gcc-5
+- env: CONFIG_OPTS="no-shared -fsanitize=address"
++ env: CONFIG_OPTS="no-shared no-asm enable-asan enable-rc5 enable-md2"
+ - os: linux
+ compiler: gcc-5
+- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -DPEDANTIC -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2"
++ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
+ - os: linux
+ compiler: i686-w64-mingw32-gcc
+ env: CONFIG_OPTS="no-pic"
+@@ -60,34 +58,24 @@ cache: ccache
before_script:
- sh .travis-create-release.sh $TRAVIS_OS_NAME
- tar -xvzf _srcdist.tar.gz
@@ -91,7 +160,7 @@
- make
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
-@@ -97,6 +85,10 @@ script:
+@@ -97,6 +85,10 @@ cache: ccache
else
make build_tests;
fi
@@ -104,7 +173,7 @@
notifications:
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
-index 0000000..48211a2
+index 000000000000..48211a274618
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,21 @@
@@ -130,16 +199,27 @@
+ Ulf Möller
+ Viktor Dukhovni
diff --git a/CHANGES b/CHANGES
-index 477d185..541efc3 100644
+index 477d18527d66..792f602d767e 100644
--- a/CHANGES
+++ b/CHANGES
-@@ -2,7 +2,55 @@
+@@ -2,7 +2,66 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
+ Changes between 1.0.2h and 1.1.0 [xx XXX 2016]
+
++ *) The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
++ DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
++ off the constant time implementation for RSA, DSA and DH have been made
++ no-ops and deprecated.
++ [Matt Caswell]
++
++ *) Windows RAND implementation was simplified to only get entropy by
++ calling CryptGenRandom(). Various other RAND-related tickets
++ were also closed.
++ [Joseph Wylie Yandle, Rich Salz]
++
+ *) The stack and lhash API's were renamed to start with OPENSSL_SK_
+ and OPENSSL_LH_, respectively. The old names are available
+ with API compatibility. They new names are now completely documented.
@@ -190,7 +270,7 @@
*) The following datatypes were made opaque: X509_OBJECT, X509_STORE_CTX,
X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD. The unused type
-@@ -988,6 +1036,103 @@
+@@ -988,6 +1047,103 @@
validated when establishing a connection.
[Rob Percival <robpercival at google.com>]
@@ -294,7 +374,7 @@
Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
-@@ -1226,7 +1371,7 @@
+@@ -1226,7 +1382,7 @@
*) Alternate chains certificate forgery
@@ -303,7 +383,7 @@
alternative certificate chain if the first attempt to build such a chain
fails. An error in the implementation of this logic can mean that an
attacker could cause certain checks on untrusted certificates to be
-@@ -1484,7 +1629,7 @@
+@@ -1484,7 +1640,7 @@
*) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
ARMv5 through ARMv8, as opposite to "locking" it to single one.
@@ -312,7 +392,7 @@
and argue that binary targeting say ARMv5 would still execute on
ARMv8. "Universal" build resolves this compromise by providing
near-optimal performance even on newer platforms.
-@@ -1544,7 +1689,7 @@
+@@ -1544,7 +1700,7 @@
[Steve Henson]
*) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
@@ -321,7 +401,7 @@
[Steve Henson]
*) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
-@@ -1653,7 +1798,7 @@
+@@ -1653,7 +1809,7 @@
*) Add support for certificate stores in CERT structure. This makes it
possible to have different stores per SSL structure or one store in
@@ -330,7 +410,7 @@
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
an error if the chain cannot be built: this will allow applications
-@@ -1716,7 +1861,7 @@
+@@ -1716,7 +1872,7 @@
[Steve Henson]
*) Integrate hostname, email address and IP address checking with certificate
@@ -340,10 +420,10 @@
*) Fixes and wildcard matching support to hostname and email checking
diff --git a/CONTRIBUTING b/CONTRIBUTING
-index 3b84ce31..1bfbc1b 100644
+index 3b84ce314190..07115e5a7588 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
-@@ -1,42 +1,68 @@
+@@ -1,42 +1,75 @@
-HOW TO CONTRIBUTE TO OpenSSL
-----------------------------
+HOW TO CONTRIBUTE TO PATCHES OpenSSL
@@ -358,42 +438,42 @@
-You can also make GitHub pull requests. If you do this, please also send
-mail to rt at openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
-+(Please visit https://openssl.org/community/getting-started.html for
++(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+Development is coordinated on the openssl-dev mailing list (see the
-+above link or http://mta.openssl.org for information on subscribing).
++above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
--
++OpenSSL community you might want to discuss it on the openssl-dev mailing
++list first. Someone may be already working on the same thing or there
++may be a good reason as to why that feature isn't implemented.
+
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag. OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
-+OpenSSL community you might want to discuss it on the openssl-dev mailing
-+list first. Someone may be already working on the same thing or there
-+may be a good reason as to why that feature isn't implemented.
-
--When at all possible, patches should include tests. These can either be
--added to an existing test, or completely new. Please see test/README for
--information on the test framework.
+The best way to submit a patch is to make a pull request on GitHub.
+(It is not necessary to send mail to rt at openssl.org to open a ticket!)
+If you think the patch could use feedback from the community, please
+start a thread on openssl-dev.
--Our preferred format for patch files is "git format-patch" output. For example
--to provide a patch file containing the last commit in your local git repository
--use the following command:
-+You can also submit patches by sending it as mail to rt at opensslorg.
+-When at all possible, patches should include tests. These can either be
+-added to an existing test, or completely new. Please see test/README for
+-information on the test framework.
++You can also submit patches by sending it as mail to rt at openssl.org.
+Please include the word "PATCH" and an explanation of what the patch
+does in the subject line. If you do this, our preferred format is "git
+format-patch" output. For example to provide a patch file containing the
+last commit in your local git repository use the following command:
+-Our preferred format for patch files is "git format-patch" output. For example
+-to provide a patch file containing the last commit in your local git repository
+-use the following command:
+-
-# git format-patch --stdout HEAD^ >mydiffs.patch
+ % git format-patch --stdout HEAD^ >mydiffs.patch
@@ -420,7 +500,7 @@
+
+ 1. Anything other than trivial contributions will require a contributor
+ licensing agreement, giving us permission to use your code. See
-+ https://openssl.org/policies/cla.html for details.
++ https://www.openssl.org/policies/cla.html for details.
+
+ 2. All source files should start with the following text (with
+ appropriate comment characters at the start of each line and the
@@ -434,18 +514,25 @@
+ https://www.openssl.org/source/license.html
+
+ 3. Patches should be as current as possible. When using GitHub, please
-+ expect to have to rebase and update often.
++ expect to have to rebase and update often. Note that we do not accept merge
++ commits. You will be asked to remove them before a patch is considered
++ acceptable.
+
-+ 3. Patches should follow our coding style (see
++ 4. Patches should follow our coding style (see
+ https://www.openssl.org/policies/codingstyle.html) and compile without
-+ warnings using the --strict-warnings flag. OpenSSL compiles on many
-+ varied platforms: try to ensure you only use portable features.
++ warnings. Where gcc or clang is availble you should use the
++ --strict-warnings Configure option. OpenSSL compiles on many varied
++ platforms: try to ensure you only use portable features.
+
-+ 4. When at all possible, patches should include tests. These can either be
++ 5. When at all possible, patches should include tests. These can either be
+ added to an existing test, or completely new. Please see test/README
+ for information on the test framework.
++
++ 6. New features or changed functionality must include documentation. Please
++ look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
++ our style.
diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf
-index c28e4e1..515cf00 100644
+index c28e4e1b515e..515cf00e20af 100644
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@@ -185,7 +185,7 @@
@@ -490,7 +577,7 @@
bn_asm_src => "bn_asm.c armv8-mont.S",
aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
-index de591c9..86dd411 100644
+index de591c90e14d..86dd4116c819 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -9,15 +9,39 @@ sub vc_win64a_info {
@@ -604,7 +691,10 @@
inherit_from => [ "BASE_unix", asm("alpha_asm") ],
cc => "gcc",
- cflags => "-O3",
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
++ cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
++ threads("-pthread")),
++ ex_libs => "-lrt", # for mlock(2)
+ bn_ops => "SIXTY_FOUR_BIT_LONG",
- thread_scheme => "(unknown)",
- dso_scheme => "dlfcn",
- shared_target => "alpha-osf1-shared",
@@ -614,10 +704,7 @@
- inherit_from => [ "BASE_unix", asm("alpha_asm") ],
- cc => "cc",
- cflags => "-std1 -tune host -O4 -readonly_strings",
-+ cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
-+ threads("-pthread")),
-+ ex_libs => "-lrt", # for mlock(2)
- bn_ops => "SIXTY_FOUR_BIT_LONG",
+- bn_ops => "SIXTY_FOUR_BIT_LONG",
- thread_scheme => "(unknown)",
+ thread_scheme => "pthreads",
dso_scheme => "dlfcn",
@@ -804,7 +891,7 @@
cflags => add(sub { my @warnings =
diff --git a/Configurations/50-djgpp.conf b/Configurations/50-djgpp.conf
new file mode 100644
-index 0000000..f532bd1
+index 000000000000..f532bd16f779
--- /dev/null
+++ b/Configurations/50-djgpp.conf
@@ -0,0 +1,15 @@
@@ -825,7 +912,7 @@
+);
diff --git a/Configurations/50-haiku.conf b/Configurations/50-haiku.conf
new file mode 100644
-index 0000000..f114666
+index 000000000000..f11466660965
--- /dev/null
+++ b/Configurations/50-haiku.conf
@@ -0,0 +1,29 @@
@@ -860,7 +947,7 @@
+);
diff --git a/Configurations/50-masm.conf b/Configurations/50-masm.conf
new file mode 100644
-index 0000000..60a5507
+index 000000000000..60a55072f256
--- /dev/null
+++ b/Configurations/50-masm.conf
@@ -0,0 +1,17 @@
@@ -883,7 +970,7 @@
+);
diff --git a/Configurations/99-personal-ben.conf b/Configurations/99-personal-ben.conf
deleted file mode 100644
-index 50b9315..0000000
+index 50b9315cf39e..000000000000
--- a/Configurations/99-personal-ben.conf
+++ /dev/null
@@ -1,95 +0,0 @@
@@ -984,7 +1071,7 @@
-);
diff --git a/Configurations/99-personal-bodo.conf b/Configurations/99-personal-bodo.conf
deleted file mode 100644
-index df9b49c..0000000
+index df9b49ce92e6..000000000000
--- a/Configurations/99-personal-bodo.conf
+++ /dev/null
@@ -1,21 +0,0 @@
@@ -1011,7 +1098,7 @@
-);
diff --git a/Configurations/99-personal-geoff.conf b/Configurations/99-personal-geoff.conf
deleted file mode 100644
-index 5bddfae..0000000
+index 5bddfaef8349..000000000000
--- a/Configurations/99-personal-geoff.conf
+++ /dev/null
@@ -1,29 +0,0 @@
@@ -1046,7 +1133,7 @@
-);
diff --git a/Configurations/99-personal-levitte.conf b/Configurations/99-personal-levitte.conf
deleted file mode 100644
-index c67252b..0000000
+index c67252b510d8..000000000000
--- a/Configurations/99-personal-levitte.conf
+++ /dev/null
@@ -1,21 +0,0 @@
@@ -1073,7 +1160,7 @@
-);
diff --git a/Configurations/99-personal-rse.conf b/Configurations/99-personal-rse.conf
deleted file mode 100644
-index 9999fcd..0000000
+index 9999fcd3cf60..000000000000
--- a/Configurations/99-personal-rse.conf
+++ /dev/null
@@ -1,12 +0,0 @@
@@ -1091,7 +1178,7 @@
-);
diff --git a/Configurations/99-personal-steve.conf b/Configurations/99-personal-steve.conf
deleted file mode 100644
-index 473fd24..0000000
+index 473fd240d4f9..000000000000
--- a/Configurations/99-personal-steve.conf
+++ /dev/null
@@ -1,50 +0,0 @@
@@ -1146,10 +1233,10 @@
- },
-);
diff --git a/Configurations/README b/Configurations/README
-index a5a006e..8451b44 100644
+index a5a006e46a34..8451b4400433 100644
--- a/Configurations/README
+++ b/Configurations/README
-@@ -99,8 +99,7 @@ In each table entry, the following keys are significant:
+@@ -99,8 +99,7 @@ hash table, where each entry represent a specific target.
some options. In this case, the first
string in the list is the name of the build
scheme.
@@ -1208,7 +1295,7 @@
src2obj - function that produces build file lines to build an
object file from source files and associated data.
diff --git a/Configurations/README.design b/Configurations/README.design
-index 574982f..5777e72 100644
+index 574982fb5a2b..5777e72441bb 100644
--- a/Configurations/README.design
+++ b/Configurations/README.design
@@ -91,6 +91,7 @@ depends on the library 'libssl' to function properly.
@@ -1232,7 +1319,7 @@
Two things are worth an extra note:
-@@ -153,13 +154,14 @@ information comes down to this:
+@@ -153,13 +154,14 @@ When Configure digests these build.info files, the accumulated
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
@@ -1271,7 +1358,7 @@
When Configure processes the build.info files, it will take it as
truth without question, and will therefore perform very few checks.
-@@ -202,6 +205,10 @@ indexes:
+@@ -202,6 +205,10 @@ collected into the %unified_info database, divided into the following
engines => a list of engines. These are directly inferred from
the ENGINES variable in build.info files.
@@ -1282,7 +1369,7 @@
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
-@@ -247,11 +254,15 @@ section above would be digested into a %unified_info table:
+@@ -247,11 +254,15 @@ As an example, here is how the build.info files example from the
[
"libssl",
],
@@ -1299,7 +1386,7 @@
[
"libcrypto",
],
-@@ -259,11 +270,25 @@ section above would be digested into a %unified_info table:
+@@ -259,11 +270,25 @@ As an example, here is how the build.info files example from the
[
"libcrypto",
],
@@ -1326,7 +1413,7 @@
"includes" =>
{
"apps/openssl" =>
-@@ -271,7 +296,7 @@ section above would be digested into a %unified_info table:
+@@ -271,7 +296,7 @@ As an example, here is how the build.info files example from the
".",
"include",
],
@@ -1335,7 +1422,7 @@
[
"include"
],
-@@ -283,6 +308,10 @@ section above would be digested into a %unified_info table:
+@@ -283,6 +308,10 @@ As an example, here is how the build.info files example from the
[
"include",
],
@@ -1346,7 +1433,7 @@
}
"libraries" =>
[
-@@ -308,9 +337,6 @@ section above would be digested into a %unified_info table:
+@@ -308,9 +337,6 @@ As an example, here is how the build.info files example from the
],
"rawlines" =>
[
@@ -1356,7 +1443,7 @@
],
"sources" =>
{
-@@ -338,7 +364,7 @@ section above would be digested into a %unified_info table:
+@@ -338,7 +364,7 @@ As an example, here is how the build.info files example from the
[
"engines/e_ossltest.c",
],
@@ -1409,7 +1496,7 @@
following calls:
# Note: libobj2shlib will only be called if shared libraries are
-@@ -509,25 +563,43 @@ following calls:
+@@ -509,25 +563,43 @@ example, producing the rules to build 'libssl' would result in the
# Note 2: libobj2shlib gets both the name of the static library
# and the names of all the object files that go into it. It's up
# to the implementation to decide which to use as input.
@@ -1418,14 +1505,6 @@
- objs => [ "ssl/tls.o" ],
- deps => [ "libcrypto" ]
- ordinals => [ "ssl", "util/libssl.num" ]);
--
-- obj2lib(lib => "libssl"
-- objs => [ "ssl/tls.o" ]);
--
-- # Note 3: common.tmpl peals off the ".o" extension, as the
-- # platform at hand may have a different one.
-- src2obj(obj => "ssl/tls"
-- srcs => [ "ssl/tls.c" ],
+ # Note 3: common.tmpl peals off the ".o" extension from all object
+ # files, as the platform at hand may have a different one.
+ libobj2shlib(shlib => "libcrypto",
@@ -1433,10 +1512,16 @@
+ objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
+ deps => [ ]
+ ordinals => [ "crypto", "util/libcrypto.num" ]);
-+
+
+- obj2lib(lib => "libssl"
+- objs => [ "ssl/tls.o" ]);
+ obj2lib(lib => "libcrypto"
+ objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
-+
+
+- # Note 3: common.tmpl peals off the ".o" extension, as the
+- # platform at hand may have a different one.
+- src2obj(obj => "ssl/tls"
+- srcs => [ "ssl/tls.c" ],
+ src2obj(obj => "crypto/aes"
+ srcs => [ "crypto/aes.c" ],
deps => [ ],
@@ -1471,10 +1556,22 @@
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.
diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
-index cdcaf53..e3f49e7 100644
+index cdcaf5320f7a..48b3d18716df 100644
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
-@@ -42,8 +42,13 @@
+@@ -1,7 +1,9 @@
+ {- # -*- Mode: perl -*-
+
+- # A cache of objects for which a recipe has already been generated
+- my %cache;
++ use File::Basename;
++
++ # A cache of objects for which a recipe has already been generated
++ my %cache;
+
+ # resolvedepends and reducedepends work in tandem to make sure
+ # there are no duplicate dependencies and that they are in the
+@@ -42,8 +44,13 @@
my $bin = shift;
my %opts = @_;
if ($unified_info{generate}->{$src}) {
@@ -1488,8 +1585,77 @@
deps => $unified_info{depends}->{$src},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
+@@ -153,9 +160,59 @@
+ $cache{$script} = 1;
+ }
+
++ sub dodir {
++ my $dir = shift;
++ return "" if !exists(&generatedir) or $cache{$dir};
++ $OUT .= generatedir(dir => $dir,
++ deps => $unified_info{dirinfo}->{$dir}->{deps},
++ %{$unified_info{dirinfo}->{$_}->{products}});
++ $cache{$dir} = 1;
++ }
++
+ # Start with populating the cache with all the overrides
+ %cache = map { $_ => 1 } @{$unified_info{overrides}};
+
++ # For convenience collect information regarding directories where
++ # files are generated, those generated files and the end product
++ # they end up in where applicable. Then, add build rules for those
++ # directories
++ if (exists &generatedir) {
++ my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
++ "lib" => [ @{$unified_info{libraries}} ],
++ "bin" => [ @{$unified_info{programs}} ],
++ "script" => [ @{$unified_info{scripts}} ] );
++ foreach my $type (keys %loopinfo) {
++ foreach my $product (@{$loopinfo{$type}}) {
++ my %dirs = ();
++ my $pd = dirname($product);
++
++ # We already have a "test" target, and the current directory
++ # is just silly to make a target for
++ $dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
++
++ foreach (@{$unified_info{sources}->{$product}}) {
++ my $d = dirname($_);
++
++ # We don't want to create targets for source directories
++ # when building out of source
++ next if ($config{sourcedir} ne $config{builddir}
++ && $d =~ m|^\Q$config{sourcedir}\E|);
++ # We already have a "test" target, and the current directory
++ # is just silly to make a target for
++ next if $d eq "test" || $d eq ".";
++
++ $dirs{$d} = 1;
++ push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
++ if $d ne $pd;
++ }
++ foreach (keys %dirs) {
++ push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
++ $product;
++ }
++ }
++ }
++ }
++
+ # Build all known libraries, engines, programs and scripts.
+ # Everything else will be handled as a consequence.
+ foreach (@{$unified_info{libraries}}) { dolib($_); }
+@@ -163,6 +220,8 @@
+ foreach (@{$unified_info{programs}}) { dobin($_); }
+ foreach (@{$unified_info{scripts}}) { doscript($_); }
+
++ foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); }
++
+ # Finally, should there be any applicable BEGINRAW/ENDRAW sections,
+ # they are added here.
+ $OUT .= $_."\n" foreach @{$unified_info{rawlines}};
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
-index 2e58b1a..3314a17 100644
+index 2e58b1af9d25..3314a1701770 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -82,6 +82,10 @@ CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
@@ -1592,7 +1758,7 @@
check_INSTALLTOP :
@ IF "$(INSTALLTOP)" .EQS. "" THEN -
WRITE SYS$ERROR "INSTALLTOP should not be empty"
-@@ -418,9 +439,7 @@ check_INSTALLTOP :
+@@ -418,9 +439,7 @@ vmsconfig.pm : configdata.pm
# Developer targets ##################################################
debug_logicals :
@@ -1639,10 +1805,10 @@
SET DEFAULT $backward
${after}
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index ed64e65..e20b632 100644
+index ed64e654fdcf..c595fd84e5ce 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -84,7 +84,12 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+@@ -84,13 +84,16 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
@@ -1656,7 +1822,14 @@
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
-@@ -169,10 +174,9 @@ LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag}
+-MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \
+- $(SRCDIR)/tools/c_issuer $(SRCDIR)/tools/c_name \
+- $(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
++MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
+ {- output_on() if $disabled{apps}; "" -}
+
+ SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
+@@ -169,10 +172,9 @@ LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag}
# $prefix is not /usr.
. ($config{target} =~ m|^BSD-| && $prefix !~ m|^/usr/.*$|
? " -Wl,-rpath,\$\$(LIBRPATH)" : "") -}
@@ -1668,7 +1841,7 @@
PERL={- $config{perl} -}
-@@ -180,6 +184,8 @@ ARFLAGS= {- $target{arflags} -}
+@@ -180,6 +182,8 @@ ARFLAGS= {- $target{arflags} -}
AR=$(CROSS_COMPILE){- $target{ar} || "ar" -} $(ARFLAGS) r
RANLIB= {- $target{ranlib} -}
NM= $(CROSS_COMPILE){- $target{nm} || "nm" -}
@@ -1677,7 +1850,7 @@
RM= rm -f
RMDIR= rmdir
TAR= {- $target{tar} || "tar" -}
-@@ -217,12 +223,14 @@ build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
+@@ -217,12 +221,14 @@ build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
build_tests: configdata.pm build_tests_nodep depend
build_tests_nodep: $(TESTPROGS)
@@ -1694,7 +1867,7 @@
EXE_EXT={- $exeext -} \
OPENSSL_ENGINES=../$(BLDDIR)/engines \
$(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
-@@ -231,7 +239,7 @@ test tests: build_tests_nodep build_apps_nodep build_engines_nodep \
+@@ -231,7 +237,7 @@ test tests: build_tests_nodep build_apps_nodep build_engines_nodep \
@ : {- output_on() if !$disabled{tests}; "" -}
list-tests:
@@ -1703,7 +1876,7 @@
libclean:
@set -e; for s in $(SHLIB_INFO); do \
-@@ -258,7 +266,7 @@ clean: libclean
+@@ -258,7 +264,7 @@ clean: libclean
rm -f core
rm -f tags TAGS
rm -f openssl.pc libcrypto.pc libssl.pc
@@ -1712,7 +1885,7 @@
rm -f $(TARFILE)
# This exists solely for those who still type 'make depend'
-@@ -526,6 +534,7 @@ PROCESS_PODS=\
+@@ -526,6 +532,7 @@ PROCESS_PODS=\
SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \
[ -z "$$SEC" ] && SEC=$$defsec; \
fn=`basename $$p .pod`; \
@@ -1720,7 +1893,7 @@
NAME=`echo $$fn | tr [a-z] [A-Z]`; \
suf=`eval "echo $$OUTSUFFIX"`; \
top=`eval "echo $$OUTTOP"`; \
-@@ -605,7 +614,7 @@ install_html_docs:
+@@ -605,7 +612,7 @@ UNINSTALL_DOCS=\
OUTSUFFIX='.$(HTMLSUFFIX)'; \
OUTTOP="$(DESTDIR)$(HTMLDIR)"; \
GENERATE="pod2html --podroot=$(SRCDIR)/doc --htmldir=.. \
@@ -1729,7 +1902,7 @@
| sed -e 's|href=\"http://man.he.net/man|href=\"../man|g'"; \
$(PROCESS_PODS)
-@@ -621,7 +630,8 @@ uninstall_html_docs:
+@@ -621,7 +628,8 @@ UNINSTALL_DOCS=\
update: generate errors ordinals
@@ -1739,7 +1912,7 @@
# Test coverage is a good idea for the future
#coverage: $(PROGRAMS) $(TESTPROGRAMS)
-@@ -652,18 +662,26 @@ generate_crypto_bn:
+@@ -652,18 +660,26 @@ generate: generate_apps generate_crypto_bn generate_crypto_objects
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
generate_crypto_objects:
@@ -1769,7 +1942,24 @@
errors:
( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c )
( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write )
-@@ -807,19 +825,20 @@ configdata.pm: $(SRCDIR)/Configurations/unix-Makefile.tmpl $(SRCDIR)/Configurati
+@@ -690,7 +706,7 @@ tags TAGS: FORCE
+
+ # Release targets (note: only available on Unix) #####################
+
+-TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
++TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
+ PREPARE_CMD=:
+ tar:
+ TMPDIR=/var/tmp/openssl-copy.$$$$; \
+@@ -698,6 +714,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
+ mkdir -p $$TMPDIR/$$DISTDIR; \
+ (cd $(SRCDIR); \
+ git ls-tree -r --name-only --full-tree HEAD \
++ | grep -v '^fuzz/corpora' \
+ | while read F; do \
+ mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
+ cp $$F $$TMPDIR/$$DISTDIR/$$F; \
+@@ -807,19 +824,20 @@ configdata.pm: $(SRCDIR)/Configurations/unix-Makefile.tmpl $(SRCDIR)/Configurati
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -1794,7 +1984,7 @@
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
-@@ -835,7 +854,9 @@ EOF
+@@ -835,7 +853,9 @@ EOF
$target: $args{generator}->[0] $deps
( trap "rm -f \$@.*" INT 0; \\
$generator \$@.S; \\
@@ -1805,7 +1995,7 @@
EOF
}
# Otherwise....
-@@ -846,7 +867,8 @@ EOF
+@@ -846,7 +866,8 @@ EOF
}
return <<"EOF";
$args{src}: $args{generator}->[0] $deps
@@ -1815,7 +2005,7 @@
EOF
}
}
-@@ -939,15 +961,15 @@ EOF
+@@ -939,15 +960,15 @@ EOF
$target: $lib$libext $deps $ordinalsfile
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
@@ -1834,7 +2024,7 @@
link_shlib.$shlib_target
EOF
. (windowsdll() ? <<"EOF" : "");
-@@ -975,7 +997,7 @@ EOF
+@@ -975,7 +996,7 @@ EOF
$target: $objs $deps
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
PLATFORM=\$(PLATFORM) \\
@@ -1843,7 +2033,7 @@
LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
-@@ -1012,7 +1034,7 @@ EOF
+@@ -1012,7 +1033,7 @@ EOF
$bin$exeext: $objs $deps
\$(RM) $bin$exeext
\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
@@ -1852,8 +2042,49 @@
APPNAME=$bin$exeext OBJECTS="$objs" \\
LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
+@@ -1034,5 +1055,40 @@ $script: $sources
+ chmod a+x $script
+ EOF
+ }
++ sub generatedir {
++ my %args = @_;
++ my $dir = $args{dir};
++ my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
++ my @actions = ();
++ my %extinfo = ( dso => $dsoext,
++ lib => $libext,
++ bin => $exeext );
++
++ foreach my $type (("dso", "lib", "bin", "script")) {
++ next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
++ if ($type eq "lib") {
++ foreach my $lib (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
++ push @actions, <<"EOF";
++ \$(AR) $lib$libext \$\?
++ \$(RANLIB) $lib$libext || echo Never mind.
++EOF
++ }
++ } else {
++ foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
++ if (dirname($prod) eq $dir) {
++ push @deps, $prod.$extinfo{$type};
++ } else {
++ push @actions, "\t@ : No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
++ }
++ }
++ }
++ }
++
++ my $deps = join(" ", @deps);
++ my $actions = join("\n", "", @actions);
++ return <<"EOF";
++$args{dir} $args{dir}/: $deps$actions
++EOF
++ }
+ "" # Important! This becomes part of the template result.
+ -}
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
-index 0c043a0..9a8109f 100644
+index 0c043a098efb..081e20b3f301 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -19,10 +19,14 @@
@@ -1919,7 +2150,7 @@
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
-@@ -151,26 +169,31 @@ test tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
+@@ -151,26 +169,32 @@ test tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
list-tests:
@set TOP=$(SRCDIR)
@set PERL=$(PERL)
@@ -1960,10 +2191,11 @@
+ -del /Q /S /F apps\*.lib
+ -del /Q /S /F engines\*.manifest
+ -del /Q /S /F apps\*.manifest
++ -del /Q /S /F test\*.manifest
depend:
-@@ -181,52 +204,72 @@ install_sw: all install_dev install_engines install_runtime
+@@ -181,52 +205,72 @@ install_sw: all install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
install_docs:
@@ -2010,10 +2242,10 @@
@echo *** Installing engines
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(ENGINESDIR)"
-+ @if not "$(ENGINES)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
++ @if not "$(ENGINES)"=="" \
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(ENGINEPDBS) "$(DESTDIR)$(ENGINESDIR)"
uninstall_engines:
@@ -2023,11 +2255,11 @@
@echo *** Installing runtime files
- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\bin"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(DESTDIR)$(INSTALLTOP)\bin"
-+ @if not "$(SHLIBS)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
- $(PERL) $(SRCDIR)\util\copy.pl $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
- @$(PERL) $(SRCDIR)\util\copy.pl $(PROGRAMS) "$(DESTDIR)$(INSTALLTOP)\bin"
++ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
++ @if not "$(SHLIBS)"=="" \
+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(SHLIBPDBS) \
+ "$(DESTDIR)$(INSTALLTOP)\bin"
+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(PROGRAMS) \
@@ -2050,7 +2282,7 @@
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
-@@ -250,18 +293,20 @@ configdata.pm: {- $config{build_file_template} -} $(SRCDIR)\Configure
+@@ -250,18 +294,20 @@ configdata.pm: {- $config{build_file_template} -} $(SRCDIR)\Configure
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
@@ -2077,7 +2309,7 @@
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
-@@ -273,9 +318,8 @@ EOF
+@@ -273,9 +319,8 @@ EOF
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
@@ -2088,7 +2320,7 @@
$generator \$@.S
\$(CC) \$(CFLAGS) $incs /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
del /Q \$@.S
-@@ -283,15 +327,14 @@ EOF
+@@ -283,15 +328,14 @@ EOF
}
# Otherwise....
return <<"EOF";
@@ -2107,7 +2339,7 @@
EOF
}
}
-@@ -301,12 +344,12 @@ EOF
+@@ -301,12 +345,12 @@ EOF
my $obj = $args{obj};
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
@@ -2124,7 +2356,7 @@
}
}
my $ecflags = { lib => '$(LIB_CFLAGS)',
-@@ -322,7 +365,7 @@ EOF
+@@ -322,7 +366,7 @@ EOF
return <<"EOF" if (!$disabled{makedepend});
$obj$depext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
@@ -2133,7 +2365,7 @@
chomp;
s/^Note: including file: *//;
\$\$collect{\$\$_} = 1;
-@@ -362,18 +405,18 @@ EOF
+@@ -362,18 +406,18 @@ EOF
rel2abs($config{builddir}));
my $target = shlib_import($lib);
return <<"EOF"
@@ -2158,7 +2390,7 @@
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
EOF
-@@ -436,13 +479,13 @@ EOF
+@@ -436,15 +480,51 @@ EOF
sub in2script {
my %args = @_;
my $script = $args{script};
@@ -2174,8 +2406,46 @@
"-o$target{build_file}" $sources > "$script"
EOF
}
++ sub generatedir {
++ my %args = @_;
++ my $dir = $args{dir};
++ my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
++ my @actions = ();
++ my %extinfo = ( dso => $dsoext,
++ lib => $libext,
++ bin => $exeext );
++
++ foreach my $type (("dso", "lib", "bin", "script")) {
++ next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
++ if ($type eq "lib") {
++ foreach my $lib (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
++ push @actions, <<"EOF";
++ \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
++\$\?
++<<
++EOF
++ }
++ } else {
++ foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
++ if (dirname($prod) eq $dir) {
++ push @deps, $prod.$extinfo{$type};
++ } else {
++ push @actions, "\t@ : No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
++ }
++ }
++ }
++ }
++
++ my $deps = join(" ", @deps);
++ my $actions = join("\n", "", @actions);
++ return <<"EOF";
++$args{dir} $args{dir}\\ : $deps$actions
++EOF
++ }
+ "" # Important! This becomes part of the template result.
+ -}
diff --git a/Configure b/Configure
-index a7b9ed5..0c87cd1 100755
+index a7b9ed564f9d..7bbb5b7697b3 100755
--- a/Configure
+++ b/Configure
@@ -1,5 +1,11 @@
@@ -2190,7 +2460,15 @@
## Configure -- OpenSSL source tree configuration script
-@@ -67,9 +73,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
+@@ -8,6 +14,7 @@ use strict;
+ use File::Basename;
+ use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+ use File::Path qw/mkpath/;
++use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+
+ # see INSTALL for instructions.
+
+@@ -67,9 +74,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# Following are set automatically by this script
#
@@ -2203,7 +2481,7 @@
# SHA256_ASM sha256_block is implemented in assembler
# SHA512_ASM sha512_block is implemented in assembler
# AES_ASM ASE_[en|de]crypt is implemented in assembler
-@@ -160,7 +166,7 @@ sub read_config;
+@@ -160,7 +167,7 @@ sub read_config;
# resolve_config(target)
#
@@ -2212,7 +2490,7 @@
# chosen target and any target it inherits from.
sub resolve_config;
-@@ -172,6 +178,8 @@ my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
+@@ -172,6 +179,8 @@ my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
@@ -2221,12 +2499,12 @@
$config{sourcedir} = abs2rel($srcdir);
$config{builddir} = abs2rel($blddir);
-@@ -202,10 +210,24 @@ die "erroneous version information in opensslv.h: ",
+@@ -202,10 +211,24 @@ die "erroneous version information in opensslv.h: ",
# Collect target configurations
my $pattern = catfile(dirname($0), "Configurations", "*.conf");
-foreach (sort glob($pattern) ) {
-+foreach (sort glob("\"$pattern\"") ) {
++foreach (sort glob($pattern)) {
&read_config($_);
}
@@ -2239,7 +2517,7 @@
+ $pattern = catfile($ENV{$local_config_envname}, '*.conf');
+ }
+
-+ foreach (sort glob($pattern) ) {
++ foreach (sort glob($pattern)) {
+ &read_config($_);
+ }
+}
@@ -2247,7 +2525,7 @@
print "Configuring OpenSSL version $config{version} (0x$config{version_num})\n";
-@@ -238,12 +260,13 @@ $config{sdirs} = [
+@@ -238,12 +261,13 @@ $config{sdirs} = [
my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
my @dtls = qw(dtls1 dtls1_2);
@@ -2262,15 +2540,16 @@
"asm",
"async",
"autoalginit",
-@@ -277,6 +300,7 @@ my @disablables = (
+@@ -277,6 +301,8 @@ my @disablables = (
"engine",
"err",
"filenames",
-+ "fuzz",
++ "fuzz-libfuzzer",
++ "fuzz-afl",
"gost",
"heartbeats",
"hw(-.+)?",
-@@ -301,7 +325,6 @@ my @disablables = (
+@@ -301,7 +327,6 @@ my @disablables = (
"ripemd",
"rmd160",
"scrypt",
@@ -2278,7 +2557,7 @@
"sctp",
"seed",
"shared",
-@@ -316,6 +339,7 @@ my @disablables = (
+@@ -316,6 +341,7 @@ my @disablables = (
"threads",
"tls",
"ts",
@@ -2286,7 +2565,7 @@
"ui",
"unit-test",
"whirlpool",
-@@ -331,24 +355,29 @@ foreach my $proto ((@tls, @dtls))
+@@ -331,24 +357,30 @@ foreach my $proto ((@tls, @dtls))
my @deprecated_disablables = (
"ssl2",
@@ -2299,7 +2578,8 @@
+ "asan" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
-+ "fuzz" => "default",
++ "fuzz-libfuzzer" => "default",
++ "fuzz-afl" => "default",
"md2" => "default",
"rc5" => "default",
"sctp" => "default",
@@ -2316,7 +2596,7 @@
"heartbeats" => "default",
);
-@@ -364,7 +393,7 @@ my @disable_cascades = (
+@@ -364,7 +396,7 @@ my @disable_cascades = (
"ec" => [ "ecdsa", "ecdh" ],
"dgram" => [ "dtls", "sctp" ],
@@ -2325,7 +2605,7 @@
"dtls" => [ @dtls ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
-@@ -458,8 +487,6 @@ my $target="";
+@@ -458,8 +490,6 @@ my $target="";
$config{options}="";
$config{build_type} = "release";
@@ -2334,7 +2614,7 @@
my @argvcopy=@ARGV;
if (grep /^reconf(igure)?$/, @argvcopy) {
-@@ -644,11 +671,7 @@ foreach (@argvcopy)
+@@ -644,11 +674,7 @@ foreach (@argvcopy)
}
elsif (/^[-+]/)
{
@@ -2347,7 +2627,22 @@
{
$config{prefix}=$1;
die "Directory given with --prefix MUST be absolute\n"
-@@ -712,7 +735,7 @@ foreach (@argvcopy)
+@@ -674,6 +700,14 @@ foreach (@argvcopy)
+ {
+ $withargs{zlib_include}=$1;
+ }
++ elsif (/^--with-fuzzer-lib=(.*)$/)
++ {
++ $withargs{fuzzer_lib}=$1;
++ }
++ elsif (/^--with-fuzzer-include=(.*)$/)
++ {
++ $withargs{fuzzer_include}=$1;
++ }
+ elsif (/^--with-fipslibdir=(.*)$/)
+ {
+ $config{fipslibdir}="$1/";
+@@ -712,7 +746,7 @@ foreach (@argvcopy)
unless ($_ eq $target || /^no-/ || /^disable-/)
{
# "no-..." follows later after implied disactivations
@@ -2356,7 +2651,7 @@
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
-@@ -888,9 +911,13 @@ $config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
+@@ -888,9 +922,13 @@ $config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
# Allow overriding the names of some tools. USE WITH CARE
$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl");
$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
@@ -2371,7 +2666,7 @@
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
-@@ -904,22 +931,6 @@ $config{shared_ldflag} = "";
+@@ -904,22 +942,6 @@ $config{shared_ldflag} = "";
$target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY";
@@ -2394,7 +2689,7 @@
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-@@ -983,7 +994,7 @@ unless ($disabled{threads}) {
+@@ -983,7 +1005,7 @@ unless ($disabled{threads}) {
$disabled{threads} = "unavailable";
}
} else {
@@ -2403,15 +2698,19 @@
# if there's a chance that's possible
if ($target{thread_scheme} eq "(unknown)") {
# If the user asked for "threads" and we don't have internal
-@@ -1030,6 +1041,24 @@ if ($disabled{"dynamic-engine"}) {
+@@ -1030,6 +1052,29 @@ if ($disabled{"dynamic-engine"}) {
$config{dynamic_engines} = 1;
}
-+unless ($disabled{fuzz}) {
++unless ($disabled{"fuzz-libfuzzer"}) {
+ push @{$config{dirs}}, "fuzz";
+ $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
+}
+
++unless ($disabled{"fuzz-afl"}) {
++ push @{$config{dirs}}, "fuzz";
++}
++
+unless ($disabled{asan}) {
+ $config{cflags} .= "-fsanitize=address ";
+}
@@ -2422,13 +2721,14 @@
+ $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
+}
+
-+unless ($disabled{fuzz} && $disabled{asan} && $disabled{ubsan}) {
++unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
++ && $disabled{asan} && $disabled{ubsan}) {
+ $config{cflags} .= "-fno-omit-frame-pointer -g ";
+}
#
# Platform fix-ups
#
-@@ -1239,12 +1268,27 @@ my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
+@@ -1239,12 +1284,27 @@ my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
@@ -2462,7 +2762,15 @@
$config{build_file_template} = $build_file_template;
use lib catdir(dirname(__FILE__),"util");
-@@ -1374,47 +1418,47 @@ if ($builder eq "unified") {
+@@ -1334,6 +1394,7 @@ if ($builder eq "unified") {
+ $template->fill_in(HASH => { config => \%config,
+ target => \%target,
+ disabled => \%disabled,
++ withargs => \%withargs,
+ builddir => abs2rel($buildd, $blddir),
+ sourcedir => abs2rel($sourced, $blddir),
+ buildtop => abs2rel($blddir, $blddir),
+@@ -1374,47 +1435,47 @@ if ($builder eq "unified") {
=> sub { die "ENDIF out of scope" if ! @skip;
pop @skip; },
qr/^\s*PROGRAMS\s*=\s*(.*)\s*$/
@@ -2523,7 +2831,7 @@
if !@skip || $skip[$#skip] > 0 },
qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
=> sub {
-@@ -1628,9 +1672,15 @@ EOF
+@@ -1628,9 +1689,15 @@ EOF
foreach (keys %depends) {
my $dest = $_;
@@ -2542,7 +2850,7 @@
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
-@@ -1651,9 +1701,9 @@ EOF
+@@ -1651,9 +1718,9 @@ EOF
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
@@ -2555,7 +2863,7 @@
my $i = dirname($d);
push @{$unified_info{includes}->{$ddest}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}};
-@@ -1663,9 +1713,15 @@ EOF
+@@ -1663,9 +1730,15 @@ EOF
foreach (keys %includes) {
my $dest = $_;
@@ -2574,7 +2882,7 @@
}
foreach (@{$includes{$dest}}) {
my $i = cleandir($sourced, $_, $blddir);
-@@ -1823,7 +1879,7 @@ print OUT "1;\n";
+@@ -1823,7 +1896,7 @@ print OUT "1;\n";
close(OUT);
@@ -2583,7 +2891,7 @@
print "CFLAG =$target{cflags} $config{cflags}\n";
print "SHARED_CFLAG =$target{shared_cflag}\n";
print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
-@@ -1851,7 +1907,9 @@ print "CHACHA_ENC =$target{chacha_obj}\n";
+@@ -1851,7 +1924,9 @@ print "CHACHA_ENC =$target{chacha_obj}\n";
print "POLY1305_OBJ =$target{poly1305_obj}\n";
print "BLAKE2_OBJ =$target{blake2_obj}\n";
print "PROCESSOR =$config{processor}\n";
@@ -2594,7 +2902,61 @@
print "ARFLAGS =$target{arflags}\n";
print "PERL =$config{perl}\n";
print "\n";
-@@ -1939,6 +1997,14 @@ or position independent code, please let us know (but please first make sure
+@@ -1867,53 +1942,12 @@ for (@generated_headers) {
+ catfile($srcdir, $_.".in"));
+ }
+
+-###
+-### When the old "unixmake" scheme goes away, so does this function
+-###
+-sub build_Makefile {
+- run_dofile("Makefile","Makefile.in");
+-
+- # Copy all Makefile.in to Makefile (except top-level)
+- use File::Find;
+- use IO::File;
+- find(
+- {
+- preprocess => sub {
+- grep(!/^\./, @_);
+- },
+- wanted => sub {
+- return if ($_ ne "Makefile.in" || $File::Find::dir eq ".");
+- my $in = IO::File->new($_, "r") or
+- die sprintf "Error reading Makefile.in in %s: !$\n",
+- $File::Find::dir;
+- my $out = IO::File->new("Makefile", "w") or
+- die sprintf "Error writing Makefile in %s: !$\n",
+- $File::Find::dir;
+- print $out "# Generated from $_, do not edit\n";
+- while (my $line = <$in>) { print $out $line }
+- $in->close() or
+- die sprintf "Error reading Makefile.in in %s: !$\n",
+- $File::Find::dir;
+- $out->close() or
+- die sprintf "Error writing Makefile in %s: !$\n",
+- $File::Find::dir;
+- },
+- },
+- ".");
+-}
+-
+ my %builders = (
+ unified => sub {
+ run_dofile(catfile($blddir, $target{build_file}),
+ $config{build_file_template},
+ catfile($srcdir, "Configurations", "common.tmpl"));
+ },
+- unixmake => sub {
+- build_Makefile();
+-
+- run_dofile("util/domd", "util/domd.in");
+- chmod 0755, "util/domd";
+- },
+ );
+
+ $builders{$builder}->($builder_platform, @builder_opts);
+@@ -1939,6 +1973,14 @@ or position independent code, please let us know (but please first make sure
you have tried with a current version of OpenSSL).
EOF
@@ -2609,7 +2971,7 @@
exit(0);
######################################################################
-@@ -2104,8 +2170,8 @@ sub read_config {
+@@ -2104,8 +2146,8 @@ sub read_config {
}
@@ -2620,7 +2982,7 @@
# recursively
sub resolve_config {
my $target = shift;
-@@ -2158,7 +2224,7 @@ sub resolve_config {
+@@ -2158,7 +2200,7 @@ sub resolve_config {
# - If a value is a coderef, it will be executed with the list of
# inherited values as arguments.
# - If the corresponding key doesn't have a value at all or is the
@@ -2629,7 +2991,7 @@
# default combiner (below), and the result becomes this target's
# value.
# - Otherwise, this target's value is assumed to be a string that
-@@ -2266,13 +2332,34 @@ sub run_dofile
+@@ -2266,13 +2308,34 @@ sub run_dofile
foreach (@templates) {
die "Can't open $_, $!" unless -f $_;
}
@@ -2665,7 +3027,7 @@
# Configuration printer ##############################################
sub print_table_entry
-@@ -2400,22 +2487,6 @@ sub absolutedir {
+@@ -2400,22 +2463,6 @@ sub absolutedir {
return realpath($dir);
}
@@ -2688,7 +3050,7 @@
sub quotify {
my %processors = (
perl => sub { my $x = shift;
-@@ -2519,3 +2590,41 @@ sub collect_information {
+@@ -2519,3 +2566,41 @@ sub collect_information {
}
}
}
@@ -2731,7 +3093,7 @@
+ return @result;
+}
diff --git a/INSTALL b/INSTALL
-index 2e06aa7..ab35353 100644
+index 2e06aa7b6066..b5cfa71c7a6a 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,16 +2,15 @@
@@ -2767,7 +3129,129 @@
Quick Start
-----------
-@@ -234,9 +234,6 @@
+@@ -77,13 +77,28 @@
+ --openssldir depend in what configuration is used and what Windows
+ implementation OpenSSL is built on. More notes on this in NOTES.WIN):
+
+- --prefix=DIR
+- The top of the installation directory tree. Defaults are:
++ --api=x.y.z
++ Don't build with support for deprecated APIs below the
++ specified version number. For example "--api=1.1.0" will
++ remove support for all APIS that were deprecated in OpenSSL
++ version 1.1.0 or below.
+
+- Unix: /usr/local
+- Windows: C:\Program Files\OpenSSL
+- or C:\Program Files (x86)\OpenSSL
+- OpenVMS: SYS$COMMON:[OPENSSL-'version']
++ --cross-compile-prefix=PREFIX
++ The PREFIX to include in front of commands for your
++ toolchain. For example to build the mingw64 target on Linux
++ you might use "--cross-compile-prefix=x86_64-w64-mingw32-".
++ If the compiler is gcc, then this will attempt to run
++ x86_64-w64-mingw32-gcc when compiling.
++
++ --debug
++ Build OpenSSL with debugging symbols.
++
++ --libdir=DIR
++ The name of the directory under the top of the installation
++ directory tree (see the --prefix option) where libraries will
++ be installed. By default this is "lib". Note that on Windows
++ only ".lib" files will be stored in this location. dll files
++ will always be installed to the "bin" directory.
+
+ --openssldir=DIR
+ Directory for OpenSSL configuration files, and also the
+@@ -94,16 +109,54 @@
+ or C:\Program Files (x86)\Common Files\SSL
+ OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
+
+- --api=x.y.z
+- Don't build with support for deprecated APIs below the
+- specified version number. For example "--api=1.1.0" will
+- remove support for all APIS that were deprecated in OpenSSL
+- version 1.1.0 or below.
++ --prefix=DIR
++ The top of the installation directory tree. Defaults are:
++
++ Unix: /usr/local
++ Windows: C:\Program Files\OpenSSL
++ or C:\Program Files (x86)\OpenSSL
++ OpenVMS: SYS$COMMON:[OPENSSL-'version']
++
++ --release
++ Build OpenSSL without debugging symbols. This is the default.
++
++ --strict-warnings
++ This is a developer flag that switches on various compiler
++ options recommended for OpenSSL development. It only works
++ when using gcc or clang as the compiler. If you are
++ developing a patch for OpenSSL then it is recommended that
++ you use this option where possible.
++
++ --with-zlib-include=DIR
++ The directory for the location of the zlib include file. This
++ option is only necessary if enable-zlib (see below) is used
++ and the include file is not already on the system include
++ path.
++
++ --with-zlib-lib=LIB
++ On Unix: this is the directory containing the zlib library.
++ If not provided the system library path will be used.
++ On Windows: this is the filename of the zlib library (with or
++ without a path). This flag must be provided if the
++ zlib-dynamic option is not also used. If zlib-dynamic is used
++ then this flag is optional and a default value ("ZLIB1") is
++ used if not provided.
++ On VMS: this is the filename of the zlib library (with or
++ without a path). This flag is optional and if not provided
++ then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is
++ used by default depending on the pointer size chosen.
+
+ no-afalgeng
+ Don't build the AFALG engine. This option will be forced if
+ on a platform that does not support AFALG.
+
++ enable-asan
++ Build with the Address sanitser. This is a developer option
++ only. It may not work on all platforms and should never be
++ used in production environments. It will only work when used
++ with gcc or clang and should be used in conjunction with the
++ no-shared option.
++
+ no-asm
+ Do not use assembler code. On some platforms a small amount
+ of assembler code may still be used.
+@@ -147,6 +200,13 @@
+ enable-crypto-mdebug-backtrace
+ As for crypto-mdebug, but additionally provide backtrace
+ information for allocated memory.
++ TO BE USED WITH CARE: this uses GNU C functionality, and
++ is therefore not usable for non-GNU config targets. If
++ your build complains about the use of '-rdynamic' or the
++ lack of header file execinfo.h, this option is not for you.
++ ALSO NOTE that even though execinfo.h is available on your
++ system (through Gnulib), the functions might just be stubs
++ that do nothing.
+
+ no-ct
+ Don't build support for Certificate Transparency.
+@@ -192,6 +252,12 @@
+ Don't compile in filename and line number information (e.g.
+ for errors and memory allocation).
+
++ enable-fuzz
++ Build with support for fuzzing. This is a developer option
++ only. It may not work on all platforms and should never be
++ used in production environments. See the file fuzz/README.md
++ for further details.
++
+ no-gost
+ Don't build support for GOST based ciphersuites. Note that
+ if this feature is enabled then GOST ciphersuites are only
+@@ -234,9 +300,6 @@
Don't build support for RFC3779 ("X.509 Extensions for IP
Addresses and AS Identifiers")
@@ -2777,7 +3261,61 @@
sctp
Build support for SCTP
-@@ -496,13 +493,11 @@
+@@ -297,6 +360,14 @@
+ no-ts
+ Don't build Time Stamping Authority support.
+
++ enable-ubsan
++ Build with the Undefined Behaviour sanitser. This is a
++ developer option only. It may not work on all platforms and
++ should never be used in production environments. It will only
++ work when used with gcc or clang and should be used in
++ conjunction with the "-DPEDANTIC" option (or the
++ --strict-warnings option).
++
+ no-ui
+ Don't build with the "UI" capability (i.e. the set of
+ features enabling text based prompts).
+@@ -415,10 +486,10 @@
+ The generic configurations "cc" or "gcc" should usually work on 32 bit
+ Unix-like systems.
+
+- Configure creates a build file ("Makefile" on Unix and "descrip.mms"
+- on OpenVMS) from a suitable template in Configurations, and
+- defines various macros in crypto/opensslconf.h (generated from
+- crypto/opensslconf.h.in).
++ Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
++ and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
++ and defines various macros in include/openssl/opensslconf.h (generated from
++ include/openssl/opensslconf.h.in).
+
+ 1c. Configure OpenSSL for building outside of the source tree.
+
+@@ -471,9 +542,12 @@
+
+ If the build fails, look at the output. There may be reasons for
+ the failure that aren't problems in OpenSSL itself (like missing
+- standard headers). If it is a problem with OpenSSL itself, please
+- report the problem to <rt at openssl.org> (note that your message
+- will be recorded in the request tracker publicly readable at
++ standard headers). If you are having problems you can get help by
++ sending an email to the openssl-users email list (see
++ https://www.openssl.org/community/mailinglists.html for details). If it
++ is a bug with OpenSSL itself, please report the problem to
++ <rt at openssl.org> (note that your message will be recorded in the request
++ tracker publicly readable at
+ https://www.openssl.org/community/index.html#bugs and will be
+ forwarded to a public mailing list). Please check out the request
+ tracker. Maybe the bug was already reported or has already been
+@@ -491,18 +565,19 @@
+ $ mms test ! OpenVMS
+ $ nmake test # Windows
+
++ NOTE: you MUST run the tests from an unprivileged account (or
++ disable your privileges temporarly if your platform allows it).
++
+ If some tests fail, look at the output. There may be reasons for
+ the failure that isn't a problem in OpenSSL itself (like a
malfunction with Perl). You may want increased verbosity, that
can be accomplished like this:
@@ -2794,7 +3332,7 @@
If you want to run just one or a few specific tests, you can use
the make variable TESTS to specify them, like this:
-@@ -513,7 +508,7 @@
+@@ -513,7 +588,7 @@
And of course, you can combine (Unix example shown):
@@ -2803,9 +3341,153 @@
You can find the list of available tests like this:
+@@ -528,12 +603,13 @@
+ compiler optimization flags from the CFLAGS line in Makefile and
+ run "make clean; make" or corresponding.
+
+- Please send a bug reports to <rt at openssl.org>.
++ Please send bug reports to <rt at openssl.org>.
+
+ 4. If everything tests ok, install OpenSSL with
+
+ $ make install # Unix
+ $ mms install ! OpenVMS
++ $ nmake install # Windows
+
+ This will install all the software components in this directory
+ tree under PREFIX (the directory given with --prefix or its
+@@ -595,7 +671,7 @@
+
+ * COMPILING existing applications
+
+- OpenSSL 1.1 hides a number of structures that were previously
++ OpenSSL 1.1.0 hides a number of structures that were previously
+ open. This includes all internal libssl structures and a number
+ of EVP types. Accessor functions have been added to allow
+ controlled access to the structures' data.
+@@ -607,11 +683,108 @@
+ provided accessor functions where you would previously access a
+ structure's field directly.
+
+- <TBA>
+-
+ Some APIs have changed as well. However, older APIs have been
+ preserved when possible.
+
++ Environment Variables
++ ---------------------
++
++ A number of environment variables can be used to provide additional control
++ over the build process. Typically these should be defined prior to running
++ config or Configure. Not all environment variables are relevant to all
++ platforms.
++
++ AR
++ The name of the ar executable to use.
++
++ CC
++ The compiler to use. Configure will attempt to pick a default
++ compiler for your platform but this choice can be overridden
++ using this variable. Set it to the compiler executable you wish
++ to use, e.g. "gcc" or "clang".
++
++ CROSS_COMPILE
++ This environment variable has the same meaning as for the
++ "--cross-compile-prefix" Configure flag described above. If both
++ are set then the Configure flag takes precedence.
++
++ NM
++ The name of the nm executable to use.
++
++ OPENSSL_LOCAL_CONFIG_DIR
++ OpenSSL comes with a database of information about how it
++ should be built on different platforms. This information is
++ held in ".conf" files in the Configurations directory. See the
++ file Configurations/README for further information about the
++ format of ".conf" files. As well as the standard ".conf" files
++ it is possible to create your own ".conf" files and store them
++ locally, outside the OpenSSL source tree. This environment
++ variable can be set to the directory where these files are held.
++
++ PERL
++ The name of the Perl executable to use.
++
++ RC
++ The name of the rc executable to use. The default will be as
++ defined for the target platform in the ".conf" file. If not
++ defined then "windres" will be used. The WINDRES environment
++ variable is synonymous to this. If both are defined then RC
++ takes precedence.
++
++ RANLIB
++ The name of the ranlib executable to use.
++
++ WINDRES
++ See RC.
++
++ Makefile targets
++ ----------------
++
++ The Configure script generates a Makefile in a format relevant to the specific
++ platform. The Makefiles provide a number of targets that can be used. Not all
++ targets may be available on all platforms. Only the most common targets are
++ described here. Examine the Makefiles themselves for the full list.
++
++ all
++ The default target to build all the software components.
++
++ clean
++ Remove all build artefacts and return the directory to a "clean"
++ state.
++
++ depend
++ Rebuild the dependencies in the Makefiles. This is a legacy
++ option that no longer needs to be used in OpenSSL 1.1.0.
++
++ install
++ Install all OpenSSL components.
++
++ install_sw
++ Only install the OpenSSL software components.
++
++ install_docs
++ Only install the OpenSSL documentation components.
++
++ install_man_docs
++ Only install the OpenSSL man pages (Unix only).
++
++ install_html_docs
++ Only install the OpenSSL html documentation.
++
++ list-tests
++ Prints a list of all the self test names.
++
++ test
++ Build and run the OpenSSL self tests.
++
++ uninstall
++ Uninstall all OpenSSL components.
++
++ update
++ This is a developer option. If you are developing a patch for
++ OpenSSL you may need to use this if you want to update
++ automatically generated files; add new error codes or add new
++ (or change the visibility of) public API functions. (Unix only).
+
+ Note on multi-threading
+ -----------------------
+@@ -652,7 +825,7 @@
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+- to install additional support software to obtain random seed.
++ to install additional support software to obtain a random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
+
diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP
deleted file mode 100644
-index e1ec676..0000000
+index e1ec6760389e..000000000000
--- a/INSTALL.DJGPP
+++ /dev/null
@@ -1,48 +0,0 @@
@@ -2859,7 +3541,7 @@
- obtained from "http://www.rahul.net/dkaufman/index.html".
diff --git a/INSTALL.WCE b/INSTALL.WCE
deleted file mode 100644
-index fe1431a..0000000
+index fe1431acb76d..000000000000
--- a/INSTALL.WCE
+++ /dev/null
@@ -1,93 +0,0 @@
@@ -2957,7 +3639,7 @@
- build.
-
diff --git a/LICENSE b/LICENSE
-index fb03713..c6cc098 100644
+index fb03713dd111..c6cc098f9c28 100644
--- a/LICENSE
+++ b/LICENSE
@@ -4,9 +4,7 @@
@@ -2973,7 +3655,7 @@
---------------
diff --git a/Makefile.in b/Makefile.in
deleted file mode 100644
-index baaaf84..0000000
+index baaaf84432b1..000000000000
--- a/Makefile.in
+++ /dev/null
@@ -1,798 +0,0 @@
@@ -3776,7 +4458,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/Makefile.shared b/Makefile.shared
-index 65980b2..d856180 100644
+index 65980b293f7d..d856180bf134 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -14,6 +14,7 @@ CFLAGS=$(CFLAG)
@@ -3787,7 +4469,7 @@
# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
# or Mingw.
SHARED_RCFLAGS=$(SHARED_RCFLAG)
-@@ -278,9 +279,9 @@ link_shlib.cygwin:
+@@ -278,9 +279,9 @@ link_app.darwin: # is there run-path on darwin?
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
@@ -3799,7 +4481,7 @@
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \
-@@ -306,9 +307,9 @@ link_shlib.mingw:
+@@ -306,9 +307,9 @@ link_app.darwin: # is there run-path on darwin?
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
@@ -3811,7 +4493,7 @@
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \
-@@ -561,11 +562,11 @@ symlink.hpux:
+@@ -561,11 +562,11 @@ symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
@@ -3828,7 +4510,7 @@
link_shlib.bsd-shared: link_shlib.bsd
link_app.bsd-shared: link_app.bsd
diff --git a/NEWS b/NEWS
-index 90336bc..c3f7497 100644
+index 90336bc6d3aa..c3f749778e7f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,9 @@
@@ -3864,7 +4546,7 @@
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
diff --git a/NOTES.DJGPP b/NOTES.DJGPP
new file mode 100644
-index 0000000..bbe63dc
+index 000000000000..bbe63dc15438
--- /dev/null
+++ b/NOTES.DJGPP
@@ -0,0 +1,48 @@
@@ -3918,10 +4600,10 @@
+ obtained from "http://www.rahul.net/dkaufman/index.html".
diff --git a/NOTES.PERL b/NOTES.PERL
new file mode 100644
-index 0000000..eda812d
+index 000000000000..46d585acca14
--- /dev/null
+++ b/NOTES.PERL
-@@ -0,0 +1,118 @@
+@@ -0,0 +1,119 @@
+ TOC
+ ===
+
@@ -3959,7 +4641,8 @@
+ MinGW and Cygwin. The key recommendation is to use "matching" Perl,
+ one that matches build environment. For example, if you will build
+ on Cygwin be sure to use the Cygwin package manager to install Perl.
-+ For VC-* builds we recommend ActiveState Perl, available from
++ For MSYS builds use the MSYS provided Perl. For VC-* builds we
++ recommend ActiveState Perl, available from
+ http://www.activestate.com/ActivePerl.
+
+ Notes on Perl on VMS
@@ -3967,7 +4650,7 @@
+
+ You will need to install Perl separately. One way to do so is to
+ download the source from http://perl.org/, unpacking it, reading
-+ README.vms and follow instructions. Another way is to download a
++ README.vms and follow the instructions. Another way is to download a
+ .PCSI file from http://www.vmsperl.com/ and install it using the
+ POLYCENTER install tool.
+
@@ -4023,9 +4706,9 @@
+
+ $ cpan -i Text::Template
+
-+ Note that this runs all the tests that the module to be install
++ Note that this runs all the tests that the module to be installed
+ comes with. This is usually a smooth operation, but there are
-+ platforms where a failure is indicate even though the actual tests
++ platforms where a failure is indicated even though the actual tests
+ were successful. Should that happen, you can force an
+ installation regardless (that should be safe since you've already
+ seen the tests succeed!):
@@ -4041,7 +4724,7 @@
+
+ $ cpan -f -i "Text::Template"
diff --git a/NOTES.WIN b/NOTES.WIN
-index 1c10b75..b3d1967 100644
+index 1c10b758df0f..8c589e6d3a53 100644
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -2,15 +2,16 @@
@@ -4057,7 +4740,8 @@
+ this are required as well:
+
- You need Perl. We recommend ActiveState Perl, available from
- http://www.activestate.com/ActivePerl.
+- http://www.activestate.com/ActivePerl.
++ https://www.activestate.com/ActivePerl.
You also need the perl module Text::Template, available on CPAN.
- Please read README.PERL for more information.
+ Please read NOTES.PERL for more information.
@@ -4077,6 +4761,27 @@
GNU C (Cygwin)
--------------
+@@ -57,7 +64,7 @@
+
+ To build OpenSSL using Cygwin, you need to:
+
+- * Install Cygwin (see http://cygwin.com/)
++ * Install Cygwin (see https://cygwin.com/)
+
+ * Install Cygwin Perl and ensure it is in the path. Recall that
+ as least 5.10.0 is required.
+@@ -88,9 +95,9 @@
+ required. Run the installers and do whatever magic they say it takes
+ to start MSYS bash shell with GNU tools and matching Perl on its PATH.
+ "Matching Perl" refers to chosen "shell environment", i.e. if built
+- under MSYS, then Perl compiled for MSYS is highly recommended.
++ under MSYS, then Perl compiled for MSYS must be used.
+
+- Alternativelly, one can use MSYS2 from http://msys2.github.io/,
++ Alternativelly, one can use MSYS2 from https://msys2.github.io/,
+ which includes MingW (32-bit and 64-bit).
+
+ * It is also possible to cross-compile it on Linux by configuring
@@ -105,18 +112,18 @@
This section applies to non-Cygwin builds.
@@ -4109,7 +4814,7 @@
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
diff --git a/README b/README
-index 5773613..1672580 100644
+index 5773613c9fc7..aa8fe685116e 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
@@ -4119,7 +4824,21 @@
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
-@@ -48,9 +48,8 @@
+@@ -10,11 +10,8 @@
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
+- well as a full-strength general purpose cryptographic library. The project is
+- managed by a worldwide community of volunteers that use the Internet to
+- communicate, plan, and develop the OpenSSL toolkit and its related
+- documentation.
++ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
++ full-strength general purpose cryptographic library.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
+@@ -48,15 +45,16 @@
------------
See the appropriate file:
@@ -4131,9 +4850,63 @@
SUPPORT
-------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+- commercial technical support.
++ commercial technical support. Free community support is available through the
++ openssl-users email list (see
++ https://www.openssl.org/community/mailinglists.html for further details).
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+@@ -69,12 +67,11 @@
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+- - On Unix systems:
+- Self-test report generated by 'make report'
+- - On other systems:
+- OpenSSL version: output of 'openssl version -a'
+- OS Name, Version, Hardware platform
+- Compiler Details (name, version)
++ - OpenSSL version: output of 'openssl version -a'
++ - Any "Configure" options that you selected during compilation of the
++ library if applicable (see INSTALL)
++ - OS Name, Version, Hardware platform
++ - Compiler Details (name, version)
+ - Application Details (name, version)
+ - Problem Description (steps that will reproduce the problem, if known)
+ - Stack Traceback (if the application dumps core)
+@@ -84,8 +81,8 @@
+ rt at openssl.org
+
+ In order to avoid spam, this is a moderated mailing list, and it might
+- take a day for the ticket to show up. (We also scan posts to make sure
+- that security disclosures aren't publically posted by mistake.) Mail
++ take a couple of days for the ticket to show up. (We also scan posts to make
++ sure that security disclosures aren't publically posted by mistake.) Mail
+ to this address is recorded in the public RT (request tracker) database
+ (see https://www.openssl.org/community/index.html#bugs for details) and
+ also forwarded the public openssl-dev mailing list. Confidential mail
+@@ -94,11 +91,11 @@
+
+ Please do NOT use this for general assistance or support queries.
+ Just because something doesn't work the way you expect does not mean it
+- is necessarily a bug in OpenSSL.
++ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
++ of query.
+
+- You can also make GitHub pull requests. If you do this, please also send
+- mail to rt at openssl.org with a link to the PR so that we can more easily
+- keep track of it.
++ You can also make GitHub pull requests. See the CONTRIBUTING file for more
++ details.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
diff --git a/README.PERL b/README.PERL
deleted file mode 100644
-index 184b377..0000000
+index 184b3771a06b..000000000000
--- a/README.PERL
+++ /dev/null
@@ -1,118 +0,0 @@
@@ -4256,7 +5029,7 @@
-
- $ cpan -f -i "Text::Template"
diff --git a/VMS/VMSify-conf.pl b/VMS/VMSify-conf.pl
-index 9890362..21eff11 100644
+index 9890362d5bdf..21eff113f850 100644
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -1,4 +1,11 @@
@@ -4273,7 +5046,7 @@
use strict;
use warnings;
diff --git a/VMS/openssl_shutdown.com.in b/VMS/openssl_shutdown.com.in
-index 236979e..5385362 100644
+index 236979eab22c..53853623046f 100644
--- a/VMS/openssl_shutdown.com.in
+++ b/VMS/openssl_shutdown.com.in
@@ -39,9 +39,7 @@ $ DEAS OSSL$LIB'v'
@@ -4299,7 +5072,7 @@
$
$ EXIT 'status'
diff --git a/VMS/openssl_startup.com.in b/VMS/openssl_startup.com.in
-index caad022..e5043b5 100644
+index caad02278b95..e5043b5bb0c2 100644
--- a/VMS/openssl_startup.com.in
+++ b/VMS/openssl_startup.com.in
@@ -90,9 +90,7 @@ $ DEF OSSL$LIB'v' OSSL$INSTROOT:[LIB.'arch']
@@ -4325,7 +5098,7 @@
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_'
diff --git a/VMS/openssl_utils.com b/VMS/openssl_utils.com
-index b9dea72..09c75d9 100644
+index b9dea722f3da..09c75d973c6d 100644
--- a/VMS/openssl_utils.com
+++ b/VMS/openssl_utils.com
@@ -5,8 +5,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL
@@ -4340,7 +5113,7 @@
+$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
$ ENDIF
diff --git a/VMS/translatesyms.pl b/VMS/translatesyms.pl
-index de3db6c..f61d954 100644
+index de3db6ccaf5c..f61d954ec56e 100644
--- a/VMS/translatesyms.pl
+++ b/VMS/translatesyms.pl
@@ -1,4 +1,11 @@
@@ -4357,7 +5130,7 @@
# This script will translate any SYMBOL_VECTOR item that has a translation
# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
-index f5e8e4a..0dec24c 100644
+index f5e8e4a191ee..0dec24c36f28 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -1,4 +1,11 @@
@@ -4401,7 +5174,7 @@
exit 0;
diff --git a/apps/Makefile.in b/apps/Makefile.in
deleted file mode 100644
-index d2ec0c7..0000000
+index d2ec0c773afe..000000000000
--- a/apps/Makefile.in
+++ /dev/null
@@ -1,159 +0,0 @@
@@ -4565,7 +5338,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/apps/app_rand.c b/apps/app_rand.c
-index a6805d4..8163d99 100644
+index a6805d4d75fb..0d44af903b81 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -1,111 +1,10 @@
@@ -4686,8 +5459,19 @@
*/
#include "apps.h"
+@@ -120,10 +19,6 @@ int app_RAND_load_file(const char *file, int dont_warn)
+ int consider_randfile = (file == NULL);
+ char buffer[200];
+
+-#ifdef OPENSSL_SYS_WINDOWS
+- RAND_screen();
+-#endif
+-
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ #ifndef OPENSSL_NO_EGD
diff --git a/apps/apps.c b/apps/apps.c
-index 6d8c489..a3e1794 100644
+index 6d8c4897d0ed..fca3775b770f 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1,111 +1,10 @@
@@ -4927,7 +5711,19 @@
*/
unsigned char *next_protos_parse(size_t *outlen, const char *in)
{
-@@ -2621,6 +2524,8 @@ BIO *bio_open_default_quiet(const char *filename, char mode, int format)
+@@ -2081,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
+ crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+ crl = load_crl_crldp(crldp);
+ sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+- if (!crl)
++ if (!crl) {
++ sk_X509_CRL_free(crls);
+ return NULL;
++ }
+ sk_X509_CRL_push(crls, crl);
+ /* Try to download delta CRL */
+ crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
+@@ -2621,6 +2526,8 @@ BIO *bio_open_default_quiet(const char *filename, char mode, int format)
void wait_for_async(SSL *s)
{
@@ -4936,7 +5732,7 @@
int width = 0;
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
-@@ -2630,7 +2535,7 @@ void wait_for_async(SSL *s)
+@@ -2630,7 +2537,7 @@ void wait_for_async(SSL *s)
return;
if (numfds == 0)
return;
@@ -4945,7 +5741,7 @@
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
}
-@@ -2644,4 +2549,33 @@ void wait_for_async(SSL *s)
+@@ -2644,4 +2551,33 @@ void wait_for_async(SSL *s)
fds++;
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);
@@ -4980,7 +5776,7 @@
+}
+#endif
diff --git a/apps/apps.h b/apps/apps.h
-index 10e1534..6a0acab 100644
+index 10e15345033c..6a0acab58c33 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -1,117 +1,19 @@
@@ -5129,13 +5925,15 @@
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
-index 3da7e3b..d3b1970 100644
+index 3da7e3b4c587..d3b1970deffe 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -5183,9 +5981,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -5207,7 +6003,7 @@
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
diff --git a/apps/build.info b/apps/build.info
-index 3baba66..c7dc19f 100644
+index 3baba66feb1c..c7dc19f7a500 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -1,4 +1,6 @@
@@ -5233,13 +6029,15 @@
+ SOURCE[{- $tsget_name -}]=tsget.in
ENDIF
diff --git a/apps/ca.c b/apps/ca.c
-index 95801fb..acbd388 100644
+index 95801fbf39b9..acbd3886c6ed 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -5287,9 +6085,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -5447,7 +6243,7 @@
case OPT_CREATE_SERIAL:
create_ser = 1;
break;
-@@ -481,13 +427,11 @@ end_of_options:
+@@ -481,13 +427,11 @@ int ca_main(int argc, char **argv)
argv = opt_rest();
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
@@ -5466,7 +6262,7 @@
/* Lets get the config section we are using */
if (section == NULL) {
-@@ -552,7 +496,7 @@ end_of_options:
+@@ -552,7 +496,7 @@ int ca_main(int argc, char **argv)
} else
ERR_clear_error();
@@ -5475,7 +6271,7 @@
/* report status of cert with serial number given on command line */
if (ser_status) {
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
-@@ -571,7 +515,7 @@ end_of_options:
+@@ -571,7 +515,7 @@ int ca_main(int argc, char **argv)
goto end;
}
@@ -5484,7 +6280,7 @@
/* we definitely need a private key, so let's get it */
if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
-@@ -596,7 +540,7 @@ end_of_options:
+@@ -596,7 +540,7 @@ int ca_main(int argc, char **argv)
goto end;
}
@@ -5493,7 +6289,7 @@
/* we need a certificate */
if (!selfsign || spkac_file || ss_cert_file || gencrl) {
if ((certfile == NULL)
-@@ -664,7 +608,7 @@ end_of_options:
+@@ -664,7 +608,7 @@ int ca_main(int argc, char **argv)
} else
ERR_clear_error();
@@ -5502,7 +6298,7 @@
/* lookup where to write new certificates */
if ((outdir == NULL) && (req)) {
-@@ -690,7 +634,7 @@ end_of_options:
+@@ -690,7 +634,7 @@ int ca_main(int argc, char **argv)
#endif
}
@@ -5511,7 +6307,7 @@
/* we need to load the database file */
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
lookup_fail(section, ENV_DATABASE);
-@@ -748,7 +692,7 @@ end_of_options:
+@@ -748,7 +692,7 @@ int ca_main(int argc, char **argv)
if (!index_index(db))
goto end;
@@ -5520,7 +6316,7 @@
/* Update the db file for expired certificates */
if (doupdatedb) {
if (verbose)
-@@ -1116,7 +1060,7 @@ end_of_options:
+@@ -1116,7 +1060,7 @@ int ca_main(int argc, char **argv)
}
}
@@ -5529,7 +6325,7 @@
if (gencrl) {
int crl_v2 = 0;
if (!crl_ext) {
-@@ -1257,7 +1201,7 @@ end_of_options:
+@@ -1257,7 +1201,7 @@ int ca_main(int argc, char **argv)
goto end;
}
@@ -5538,7 +6334,7 @@
if (dorevoke) {
if (infile == NULL) {
BIO_printf(bio_err, "no input files\n");
-@@ -1283,10 +1227,9 @@ end_of_options:
+@@ -1283,10 +1227,9 @@ int ca_main(int argc, char **argv)
BIO_printf(bio_err, "Data Base Updated\n");
}
}
@@ -5551,7 +6347,7 @@
BIO_free_all(Sout);
BIO_free_all(out);
diff --git a/apps/ciphers.c b/apps/ciphers.c
-index 924c015..9e3b633 100644
+index 924c0153b39d..9e3b633700e3 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,58 +1,10 @@
@@ -5683,7 +6479,7 @@
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
diff --git a/apps/cms.c b/apps/cms.c
-index 95f2124..3a9b7af 100644
+index 95f21245eb66..ad771d2d850b 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1,54 +1,10 @@
@@ -5693,7 +6489,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -5724,8 +6521,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -5837,8 +6633,25 @@
if (operation == SMIME_RESIGN)
ret = SMIME_write_CMS(out, cms, indata, flags);
else
+@@ -1282,7 +1240,7 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+ *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+ *rr_from)
+ {
+- STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
++ STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
+ CMS_ReceiptRequest *rr;
+ rct_to = make_names_stack(rr_to);
+ if (!rct_to)
+@@ -1297,6 +1255,7 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+ rct_to);
+ return rr;
+ err:
++ sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
+ return NULL;
+ }
+
diff --git a/apps/crl.c b/apps/crl.c
-index 915c9ac..3e30bdc 100644
+index 915c9ac741c7..3e30bdc59c12 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -1,58 +1,10 @@
@@ -5952,7 +6765,7 @@
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
-index e864973..73e6270 100644
+index e864973b0923..1631258793ec 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,64 +1,10 @@
@@ -6026,8 +6839,25 @@
*/
#include <stdio.h>
+@@ -197,8 +143,6 @@ int crl2pkcs7_main(int argc, char **argv)
+ }
+ }
+
+- sk_OPENSSL_STRING_free(certflst);
+-
+ out = bio_open_default(outfile, 'w', outformat);
+ if (out == NULL)
+ goto end;
+@@ -214,6 +158,7 @@ int crl2pkcs7_main(int argc, char **argv)
+ }
+ ret = 0;
+ end:
++ sk_OPENSSL_STRING_free(certflst);
+ BIO_free(in);
+ BIO_free_all(out);
+ PKCS7_free(p7);
diff --git a/apps/dgst.c b/apps/dgst.c
-index bebaaf5..e438b7c 100644
+index bebaaf53d387..e438b7c8cc35 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -1,58 +1,10 @@
@@ -6096,7 +6926,7 @@
#include <stdio.h>
diff --git a/apps/dh1024.pem b/apps/dh1024.pem
-index 6eaeca9..f1a5e18 100644
+index 6eaeca9b8eb1..f1a5e180aa95 100644
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,10 +1,10 @@
@@ -6118,7 +6948,7 @@
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/apps/dh2048.pem b/apps/dh2048.pem
-index dcd0b8d..e899f2e 100644
+index dcd0b8d01b89..e899f2e0296d 100644
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
@@ -1,12 +1,14 @@
@@ -6146,7 +6976,7 @@
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/apps/dh4096.pem b/apps/dh4096.pem
-index 1b35ad8..adada2b 100644
+index 1b35ad8e62eb..adada2b55815 100644
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
@@ -1,18 +1,19 @@
@@ -6185,7 +7015,7 @@
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/apps/dhparam.c b/apps/dhparam.c
-index 9ad80ed..350dd28 100644
+index 9ad80edef603..f86e3155998c 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -1,111 +1,10 @@
@@ -6315,8 +7145,44 @@
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"C", OPT_C, '-', "Print C code"},
+@@ -371,15 +270,30 @@ int dhparam_main(int argc, char **argv)
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+- printf("p value is not prime\n");
++ BIO_printf(bio_err, "WARNING: p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+- printf("p value is not a safe prime\n");
++ BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
++ if (i & DH_CHECK_Q_NOT_PRIME)
++ BIO_printf(bio_err, "WARNING: q value is not a prime\n");
++ if (i & DH_CHECK_INVALID_Q_VALUE)
++ BIO_printf(bio_err, "WARNING: q value is invalid\n");
++ if (i & DH_CHECK_INVALID_J_VALUE)
++ BIO_printf(bio_err, "WARNING: j value is invalid\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+- printf("unable to check the generator value\n");
++ BIO_printf(bio_err,
++ "WARNING: unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+- printf("the g value is not a generator\n");
++ BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
+ if (i == 0)
+- printf("DH parameters appear to be ok.\n");
++ BIO_printf(bio_err, "DH parameters appear to be ok.\n");
++ if (num != 0 && i != 0) {
++ /*
++ * We have generated parameters but DH_check() indicates they are
++ * invalid! This should never happen!
++ */
++ BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
++ goto end;
++ }
+ }
+ if (C) {
+ unsigned char *data;
diff --git a/apps/dsa.c b/apps/dsa.c
-index 1c841a3..ef50fed 100644
+index 1c841a3a80aa..ef50fede7874 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -1,58 +1,10 @@
@@ -6404,7 +7270,7 @@
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
-index 5c282be..c12bd70 100644
+index 5c282be1c32f..cd2ca4c3f7c9 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -1,58 +1,10 @@
@@ -6472,8 +7338,16 @@
*/
#include <openssl/opensslconf.h>
+@@ -292,6 +244,7 @@ int dsaparam_main(int argc, char **argv)
+ " return NULL;\n"
+ " }\n"
+ " return(dsa);\n}\n");
++ OPENSSL_free(data);
+ }
+
+ if (!noout) {
diff --git a/apps/ec.c b/apps/ec.c
-index 432e9ff..007bf0a 100644
+index 432e9ff5eb2f..007bf0a89c95 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -1,58 +1,10 @@
@@ -6619,7 +7493,7 @@
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
diff --git a/apps/ecparam.c b/apps/ecparam.c
-index 55d71f7..4e6cf22 100644
+index 55d71f7fd41e..4e6cf22908f9 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -1,59 +1,12 @@
@@ -6677,8 +7551,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -6689,7 +7564,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
diff --git a/apps/enc.c b/apps/enc.c
-index 9e7d069..b7e4a95 100644
+index 9e7d0692641e..b7e4a95f9c87 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -1,58 +1,10 @@
@@ -6781,7 +7656,7 @@
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
diff --git a/apps/engine.c b/apps/engine.c
-index b60bfbc..bb4b0c1 100644
+index b60bfbc29416..bb4b0c19a894 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,59 +1,10 @@
@@ -6872,7 +7747,7 @@
OPENSSL_strlcat(*buf, ", ", *size);
OPENSSL_strlcat(*buf, s, *size);
diff --git a/apps/errstr.c b/apps/errstr.c
-index 141338a..ae7acf5 100644
+index 141338adac4b..ae7acf52f89d 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -1,58 +1,10 @@
@@ -6950,7 +7825,7 @@
ret = 0;
for (argv = opt_rest(); *argv; argv++) {
diff --git a/apps/gendsa.c b/apps/gendsa.c
-index 33166b7..2be3b9a 100644
+index 33166b77ad71..2be3b9a0550e 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -1,58 +1,10 @@
@@ -7019,7 +7894,7 @@
#include <openssl/opensslconf.h>
diff --git a/apps/genpkey.c b/apps/genpkey.c
-index ca5d848..7abb3e6 100644
+index ca5d848266c0..7abb3e6ff11f 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -1,60 +1,12 @@
@@ -7078,8 +7953,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -7090,7 +7966,7 @@
#include <string.h>
#include "apps.h"
diff --git a/apps/genrsa.c b/apps/genrsa.c
-index 8b6dd03..79e2dae 100644
+index 8b6dd03d0839..79e2dae8008b 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -1,58 +1,10 @@
@@ -7159,7 +8035,7 @@
#include <openssl/opensslconf.h>
diff --git a/apps/nseq.c b/apps/nseq.c
-index 4bc4f32..018d5eb 100644
+index 4bc4f3282889..018d5ebdb655 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,59 +1,10 @@
@@ -7228,7 +8104,7 @@
#include <stdio.h>
diff --git a/apps/ocsp.c b/apps/ocsp.c
-index ca293a9..48ceadd 100644
+index ca293a9709d9..48ceadd6b3d8 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,59 +1,10 @@
@@ -7439,7 +8315,7 @@
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
diff --git a/apps/openssl.c b/apps/openssl.c
-index c8912ee..f069277 100644
+index c8912eee5941..f06927778ae0 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -1,111 +1,10 @@
@@ -7617,13 +8493,15 @@
BIO_puts(bio_out, "TLS1\n");
#endif
diff --git a/apps/opt.c b/apps/opt.c
-index 63d3215..87d3e4d 100644
+index 63d32150cc63..87d3e4de63fe 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -7654,9 +8532,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -7721,13 +8597,15 @@
o->valtype == 'F' ? OPT_FMT_PEMDER
: OPT_FMT_ANY, &ival))
diff --git a/apps/passwd.c b/apps/passwd.c
-index 98092bb..e282521 100644
+index 98092bb04b5d..e2825219c980 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2000-2015 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -7758,9 +8636,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -7790,7 +8666,7 @@
}
}
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
-index 406b103..8602a99 100644
+index 406b10328a5b..8602a99ff028 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,59 +1,10 @@
@@ -7903,7 +8779,7 @@
/* Given a single certificate return a verified chain or NULL if error */
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
-index ad8330d..8763df0 100644
+index ad8330d42ff7..8763df098e7d 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -1,106 +1,10 @@
@@ -8041,7 +8917,7 @@
default:
break;
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
-index 15b8e6a..22b5866 100644
+index 15b8e6a08417..22b586614468 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,60 +1,12 @@
@@ -8100,8 +8976,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -8201,7 +9078,7 @@
goto end;
}
diff --git a/apps/pkey.c b/apps/pkey.c
-index 122ced7..50ee05f 100644
+index 122ced706cdf..50ee05f78499 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -1,60 +1,12 @@
@@ -8260,8 +9137,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -8331,7 +9209,7 @@
} else if (outformat == FORMAT_ASN1) {
if (pubout)
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
-index d55adef..f6bcb8f 100644
+index d55adef1ca00..f6bcb8f84efe 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -1,60 +1,12 @@
@@ -8390,8 +9268,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -8402,7 +9281,7 @@
#include <string.h>
#include "apps.h"
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
-index fe7f586..0dc3897 100644
+index fe7f5861199d..0dc389783d37 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -1,59 +1,10 @@
@@ -8480,7 +9359,7 @@
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
diff --git a/apps/prime.c b/apps/prime.c
-index b18257d..940fd45 100644
+index b18257de7e8d..b0f5969a2203 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,50 +1,10 @@
@@ -8578,16 +9457,19 @@
BN_print(bio_out, bn);
BIO_printf(bio_out, " (%s) %s prime\n",
-@@ -143,6 +121,7 @@ int prime_main(int argc, char **argv)
+@@ -141,8 +119,8 @@ int prime_main(int argc, char **argv)
+ }
+ }
- BN_free(bn);
-
+- BN_free(bn);
+-
+ ret = 0;
end:
++ BN_free(bn);
return ret;
}
diff --git a/apps/progs.h b/apps/progs.h
-index c8779d9..ac9d208 100644
+index c8779d902193..ac9d20804b08 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -1,12 +1,13 @@
@@ -8639,7 +9521,7 @@
{ FT_md, "mdc2", dgst_main},
#endif
diff --git a/apps/progs.pl b/apps/progs.pl
-index ee6ce92..3ec16d5 100644
+index ee6ce9247451..3ec16d54cb81 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,12 +1,10 @@
@@ -8668,12 +9550,12 @@
- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
-+ *
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL licenses, (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -8704,7 +9586,7 @@
}
diff --git a/apps/rand.c b/apps/rand.c
-index bd6fdff..89a23a2 100644
+index bd6fdff123ff..d60f1ecf8658 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -1,55 +1,10 @@
@@ -8769,20 +9651,57 @@
*/
#include "apps.h"
+@@ -150,22 +105,26 @@ int rand_main(int argc, char **argv)
+ r = RAND_bytes(buf, chunk);
+ if (r <= 0)
+ goto end;
+- if (format != FORMAT_TEXT) /* hex */
+- BIO_write(out, buf, chunk);
+- else {
++ if (format != FORMAT_TEXT) {
++ if (BIO_write(out, buf, chunk) != chunk)
++ goto end;
++ } else {
+ for (i = 0; i < chunk; i++)
+- BIO_printf(out, "%02x", buf[i]);
++ if (BIO_printf(out, "%02x", buf[i]) != 2)
++ goto end;
+ }
+ num -= chunk;
+ }
+ if (format == FORMAT_TEXT)
+ BIO_puts(out, "\n");
+- (void)BIO_flush(out);
++ if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
++ goto end;
+
+- app_RAND_write_file(NULL);
+ ret = 0;
+
+ end:
++ if (ret != 0)
++ ERR_print_errors(bio_err);
+ BIO_free_all(out);
+ return (ret);
+ }
diff --git a/apps/rehash.c b/apps/rehash.c
-index 895a222..7337942 100644
+index 895a222f0c78..4686b53b93d7 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
-@@ -1,60 +1,16 @@
+@@ -1,65 +1,22 @@
/*
-- * C implementation based on the original Perl and shell versions
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Copyright (c) 2013-2014 Timo Teräs <timo.teras at iki.fi>
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
++ */
++
++/*
+ * C implementation based on the original Perl and shell versions
+ *
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras at iki.fi>
*/
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
@@ -8835,22 +9754,106 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+- */
+
+ #include "apps.h"
+
+-#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__)
++#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
++ (defined(__VMS) && defined(__DECC) && __CTRL_VER >= 80300000)
+ # include <unistd.h>
+ # include <stdio.h>
+ # include <limits.h>
+@@ -74,6 +31,9 @@
+ # include <openssl/x509.h>
+
+
++# ifndef PATH_MAX
++# define PATH_MAX 4096
++# endif
+ # ifndef NAME_MAX
+ # define NAME_MAX 255
+ # endif
+@@ -203,7 +163,7 @@ static int handle_symlink(const char *filename, const char *fullpath)
+ int i, type, id;
+ unsigned char ch;
+ char linktarget[PATH_MAX], *endptr;
+- ssize_t n;
++ ossl_ssize_t n;
+
+ for (i = 0; i < 8; i++) {
+ ch = filename[i];
+@@ -300,6 +260,11 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
+ return errs;
+ }
+
++static void str_free(char *s)
++{
++ OPENSSL_free(s);
++}
+
-+/*
-+ * C implementation based on the original Perl and shell versions
- *
-+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras at iki.fi>
+ /*
+ * Process a directory; return number of errors found.
*/
+@@ -310,11 +275,12 @@ static int do_dir(const char *dirname, enum Hash h)
+ OPENSSL_DIR_CTX *d = NULL;
+ struct stat st;
+ unsigned char idmask[MAX_COLLISIONS / 8];
+- int n, nextid, buflen, errs = 0;
++ int n, numfiles, nextid, buflen, errs = 0;
+ size_t i;
+ const char *pathsep;
+ const char *filename;
+- char *buf;
++ char *buf, *copy;
++ STACK_OF(OPENSSL_STRING) *files = NULL;
- #include "apps.h"
+ if (app_access(dirname, W_OK) < 0) {
+ BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
+@@ -328,7 +294,23 @@ static int do_dir(const char *dirname, enum Hash h)
+ if (verbose)
+ BIO_printf(bio_out, "Doing %s\n", dirname);
+
++ if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
++ BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
++ exit(1);
++ }
+ while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
++ if ((copy = strdup(filename)) == NULL
++ || sk_OPENSSL_STRING_push(files, copy) == 0) {
++ BIO_puts(bio_err, "out of memory\n");
++ exit(1);
++ }
++ }
++ OPENSSL_DIR_end(&d);
++ sk_OPENSSL_STRING_sort(files);
++
++ numfiles = sk_OPENSSL_STRING_num(files);
++ for (n = 0; n < numfiles; ++n) {
++ filename = sk_OPENSSL_STRING_value(files, n);
+ if (snprintf(buf, buflen, "%s%s%s",
+ dirname, pathsep, filename) >= buflen)
+ continue;
+@@ -338,7 +320,7 @@ static int do_dir(const char *dirname, enum Hash h)
+ continue;
+ errs += do_file(filename, buf, h);
+ }
+- OPENSSL_DIR_end(&d);
++ sk_OPENSSL_STRING_pop_free(files, str_free);
+
+ for (i = 0; i < OSSL_NELEM(hash_table); i++) {
+ for (bp = hash_table[i]; bp; bp = nextbp) {
diff --git a/apps/req.c b/apps/req.c
-index 7f4a946..aaca43a 100644
+index 7f4a946aaa1f..ca8a9af8747d 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -8898,9 +9901,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -8921,8 +9922,23 @@
goto end;
if (req_conf != NULL) {
+@@ -547,8 +499,12 @@ int req_main(int argc, char **argv)
+ }
+ }
+
+- BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
+- newkey, keyalgstr);
++ if (pkey_type == EVP_PKEY_EC) {
++ BIO_printf(bio_err, "Generating an EC private key\n");
++ } else {
++ BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
++ newkey, keyalgstr);
++ }
+
+ EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
+ EVP_PKEY_CTX_set_app_data(genctx, bio_err);
diff --git a/apps/rsa.c b/apps/rsa.c
-index 980d9ef..3a1195f 100644
+index 980d9ef911c1..3a1195f566c6 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -1,106 +1,10 @@
@@ -9039,7 +10055,7 @@
#include <openssl/opensslconf.h>
diff --git a/apps/rsautl.c b/apps/rsautl.c
-index 728352c..84f0164 100644
+index 728352cbd4c0..84f0164cebb6 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -1,59 +1,10 @@
@@ -9117,7 +10133,7 @@
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
diff --git a/apps/s_apps.h b/apps/s_apps.h
-index b029635..c47932b 100644
+index b02963591274..c47932bfb689 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -1,112 +1,12 @@
@@ -9241,7 +10257,7 @@
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
diff --git a/apps/s_cb.c b/apps/s_cb.c
-index abcbad4..9481fa5 100644
+index abcbad473829..9481fa51572a 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,111 +1,10 @@
@@ -9381,7 +10397,7 @@
if (noshared) {
BIO_puts(out, "\n");
diff --git a/apps/s_client.c b/apps/s_client.c
-index d658e04..4b9880a 100644
+index d658e04994e0..d990f46bedfe 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1,112 +1,12 @@
@@ -9590,7 +10606,17 @@
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
-@@ -813,7 +714,7 @@ OPTIONS s_client_options[] = {
+@@ -683,7 +584,9 @@ OPTIONS s_client_options[] = {
+ {"unix", OPT_UNIX, 's', "Connect over unix domain sockets"},
+ #endif
+ {"4", OPT_4, '-', "Use IPv4 only"},
++#ifdef AF_INET6
+ {"6", OPT_6, '-', "Use IPv6 only"},
++#endif
+ {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
+ {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},
+ {"certform", OPT_CERTFORM, 'F',
+@@ -813,7 +716,7 @@ OPTIONS s_client_options[] = {
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
#endif
#ifndef OPENSSL_NO_SRP
@@ -9599,7 +10625,7 @@
{"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
{"srp_lateuser", OPT_SRP_LATEUSER, '-',
"SRP username into second ClientHello message"},
-@@ -835,7 +736,7 @@ OPTIONS s_client_options[] = {
+@@ -835,7 +738,7 @@ OPTIONS s_client_options[] = {
{"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
{"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
#endif
@@ -9608,7 +10634,7 @@
};
typedef enum PROTOCOL_choice {
-@@ -851,7 +752,7 @@ typedef enum PROTOCOL_choice {
+@@ -851,7 +754,7 @@ typedef enum PROTOCOL_choice {
PROTO_IRC
} PROTOCOL_CHOICE;
@@ -9617,7 +10643,7 @@
{"smtp", PROTO_SMTP},
{"pop3", PROTO_POP3},
{"imap", PROTO_IMAP},
-@@ -860,7 +761,7 @@ static OPT_PAIR services[] = {
+@@ -860,9 +763,13 @@ static OPT_PAIR services[] = {
{"xmpp-server", PROTO_XMPP_SERVER},
{"telnet", PROTO_TELNET},
{"irc", PROTO_IRC},
@@ -9625,18 +10651,129 @@
+ {NULL, 0}
};
++#define IS_INET_FLAG(o) \
++ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
++#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
++
int s_client_main(int argc, char **argv)
-@@ -937,6 +838,9 @@ int s_client_main(int argc, char **argv)
+ {
+ BIO *sbio;
+@@ -937,6 +844,11 @@ int s_client_main(int argc, char **argv)
int ct_validation = 0;
#endif
int min_version = 0, max_version = 0;
+ int async = 0;
+ unsigned int split_send_fragment = 0;
+ unsigned int max_pipelines = 0;
++ enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
++ int count4or6 = 0;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
-@@ -1136,7 +1040,6 @@ int s_client_main(int argc, char **argv)
+@@ -972,6 +884,19 @@ int s_client_main(int argc, char **argv)
+
+ prog = opt_init(argc, argv, s_client_options);
+ while ((o = opt_next()) != OPT_EOF) {
++ /* Check for intermixing flags. */
++ if (connect_type == use_unix && IS_INET_FLAG(o)) {
++ BIO_printf(bio_err,
++ "%s: Intermixed protocol flags (unix and internet domains)\n",
++ prog);
++ goto end;
++ }
++ if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
++ BIO_printf(bio_err,
++ "%s: Intermixed protocol flags (internet and unix domains)\n",
++ prog);
++ goto end;
++ }
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+@@ -983,58 +908,27 @@ int s_client_main(int argc, char **argv)
+ ret = 0;
+ goto end;
+ case OPT_4:
+-#ifdef AF_UNIX
+- if (socket_family == AF_UNIX) {
+- OPENSSL_free(host); host = NULL;
+- OPENSSL_free(port); port = NULL;
+- }
+-#endif
++ connect_type = use_inet;
+ socket_family = AF_INET;
++ count4or6++;
+ break;
+- case OPT_6:
+- if (1) {
+ #ifdef AF_INET6
+-#ifdef AF_UNIX
+- if (socket_family == AF_UNIX) {
+- OPENSSL_free(host); host = NULL;
+- OPENSSL_free(port); port = NULL;
+- }
+-#endif
+- socket_family = AF_INET6;
+- } else {
+-#endif
+- BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog);
+- goto end;
+- }
++ case OPT_6:
++ connect_type = use_inet;
++ socket_family = AF_INET6;
++ count4or6++;
+ break;
+- case OPT_HOST:
+-#ifdef AF_UNIX
+- if (socket_family == AF_UNIX) {
+- OPENSSL_free(host); host = NULL;
+- OPENSSL_free(port); port = NULL;
+- socket_family = AF_UNSPEC;
+- }
+ #endif
+- OPENSSL_free(host); host = BUF_strdup(opt_arg());
++ case OPT_HOST:
++ connect_type = use_inet;
++ host = OPENSSL_strdup(opt_arg());
+ break;
+ case OPT_PORT:
+-#ifdef AF_UNIX
+- if (socket_family == AF_UNIX) {
+- OPENSSL_free(host); host = NULL;
+- OPENSSL_free(port); port = NULL;
+- socket_family = AF_UNSPEC;
+- }
+-#endif
+- OPENSSL_free(port); port = BUF_strdup(opt_arg());
++ connect_type = use_inet;
++ port = OPENSSL_strdup(opt_arg());
+ break;
+ case OPT_CONNECT:
+-#ifdef AF_UNIX
+- if (socket_family == AF_UNIX) {
+- socket_family = AF_UNSPEC;
+- }
+-#endif
+- OPENSSL_free(host); host = NULL;
+- OPENSSL_free(port); port = NULL;
++ connect_type = use_inet;
+ connectstr = opt_arg();
+ break;
+ case OPT_PROXY:
+@@ -1043,9 +937,9 @@ int s_client_main(int argc, char **argv)
+ break;
+ #ifdef AF_UNIX
+ case OPT_UNIX:
++ connect_type = use_unix;
+ socket_family = AF_UNIX;
+- OPENSSL_free(host); host = BUF_strdup(opt_arg());
+- OPENSSL_free(port); port = NULL;
++ host = OPENSSL_strdup(opt_arg());
+ break;
+ #endif
+ case OPT_XMPPHOST:
+@@ -1136,7 +1030,6 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "Error getting client auth engine\n");
goto opthelp;
}
@@ -9644,7 +10781,7 @@
#endif
break;
case OPT_RAND:
-@@ -1200,10 +1103,6 @@ int s_client_main(int argc, char **argv)
+@@ -1200,10 +1093,6 @@ int s_client_main(int argc, char **argv)
goto end;
}
break;
@@ -9655,7 +10792,7 @@
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPUSER:
-@@ -1233,13 +1132,6 @@ int s_client_main(int argc, char **argv)
+@@ -1233,13 +1122,6 @@ int s_client_main(int argc, char **argv)
if (min_version < TLS1_VERSION)
min_version = TLS1_VERSION;
break;
@@ -9669,7 +10806,7 @@
#endif
case OPT_SSL_CONFIG:
ssl_config = opt_arg();
-@@ -1384,6 +1276,7 @@ int s_client_main(int argc, char **argv)
+@@ -1384,6 +1266,7 @@ int s_client_main(int argc, char **argv)
case OPT_STARTTLS:
if (!opt_pair(opt_arg(), services, &starttls_proto))
goto end;
@@ -9677,7 +10814,18 @@
case OPT_SERVERNAME:
servername = opt_arg();
break;
-@@ -1801,9 +1694,9 @@ int s_client_main(int argc, char **argv)
+@@ -1417,6 +1300,10 @@ int s_client_main(int argc, char **argv)
+ break;
+ }
+ }
++ if (count4or6 >= 2) {
++ BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
++ goto opthelp;
++ }
+ argc = opt_num_rest();
+ if (argc != 0)
+ goto opthelp;
+@@ -1801,9 +1688,9 @@ int s_client_main(int argc, char **argv)
goto end;
}
} else if (dane_tlsa_rrset != NULL) {
@@ -9690,7 +10838,7 @@
}
re_start:
-@@ -2267,18 +2160,8 @@ int s_client_main(int argc, char **argv)
+@@ -2267,18 +2154,8 @@ int s_client_main(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
@@ -9710,7 +10858,7 @@
} else
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, timeoutp);
-@@ -2359,6 +2242,8 @@ int s_client_main(int argc, char **argv)
+@@ -2359,6 +2236,8 @@ int s_client_main(int argc, char **argv)
write_ssl = 0;
}
break;
@@ -9719,7 +10867,7 @@
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
-@@ -2445,20 +2330,17 @@ int s_client_main(int argc, char **argv)
+@@ -2445,20 +2324,17 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_c_out, "closed\n");
ret = 0;
goto shut;
@@ -9745,7 +10893,7 @@
#else
else if (FD_ISSET(fileno(stdin), &readfds))
#endif
-@@ -2520,6 +2402,16 @@ int s_client_main(int argc, char **argv)
+@@ -2520,6 +2396,16 @@ int s_client_main(int argc, char **argv)
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
@@ -9762,7 +10910,7 @@
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
-@@ -2669,6 +2561,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
+@@ -2669,6 +2555,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
@@ -9771,7 +10919,7 @@
BIO_printf(bio, "Server public key is %d bit\n",
EVP_PKEY_bits(pktmp));
diff --git a/apps/s_server.c b/apps/s_server.c
-index 6c8541e..08753c3 100644
+index 6c8541eec948..dce02f036c80 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1,112 +1,12 @@
@@ -10103,7 +11251,7 @@
return ebcdic_write(bp, str, strlen(str));
}
#endif
-@@ -664,8 +570,8 @@ static int cert_status_cb(SSL *s, void *arg)
+@@ -664,19 +570,19 @@ static int cert_status_cb(SSL *s, void *arg)
SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
NULL, NULL))
goto err;
@@ -10114,6 +11262,20 @@
if (obj == NULL) {
BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
goto done;
+ }
+- req = OCSP_REQUEST_new();
+- if (req == NULL)
+- goto err;
+ id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
+ X509_OBJECT_free(obj);
+ if (!id)
+ goto err;
++ req = OCSP_REQUEST_new();
++ if (req == NULL)
++ goto err;
+ if (!OCSP_request_add0_id(req, id))
+ goto err;
+ id = NULL;
@@ -1007,12 +913,12 @@ OPTIONS s_server_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
@@ -10255,7 +11417,16 @@
#ifndef OPENSSL_NO_DTLS
if(dtlslisten) {
-@@ -2564,6 +2488,8 @@ static int init_ssl_connection(SSL *con)
+@@ -2557,6 +2481,8 @@ static int init_ssl_connection(SSL *con)
+ BIO_ADDR_free(client);
+ dtlslisten = 0;
+ i = SSL_accept(con);
++ } else {
++ BIO_ADDR_free(client);
+ }
+ } else
+ #endif
+@@ -2564,6 +2490,8 @@ static int init_ssl_connection(SSL *con)
do {
i = SSL_accept(con);
@@ -10264,7 +11435,7 @@
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
-@@ -2571,6 +2497,8 @@ static int init_ssl_connection(SSL *con)
+@@ -2571,6 +2499,8 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
@@ -10273,7 +11444,7 @@
}
}
#endif
-@@ -2589,13 +2517,15 @@ static int init_ssl_connection(SSL *con)
+@@ -2589,13 +2519,15 @@ static int init_ssl_connection(SSL *con)
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
i = SSL_accept(con);
@@ -10290,7 +11461,7 @@
BIO_printf(bio_s_out, "DELAY\n");
return (1);
}
-@@ -2681,6 +2611,7 @@ static int init_ssl_connection(SSL *con)
+@@ -2681,6 +2613,7 @@ static int init_ssl_connection(SSL *con)
OPENSSL_free(exportedkeymat);
}
@@ -10299,13 +11470,15 @@
}
diff --git a/apps/s_socket.c b/apps/s_socket.c
-index 4653217..d16f5ad 100644
+index 465321754cbb..d16f5ad81731 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,106 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -10392,9 +11565,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -10425,13 +11596,15 @@
}
BIO_ADDRINFO_free(res);
diff --git a/apps/s_time.c b/apps/s_time.c
-index 6890bc1..ecab515 100644
+index 6890bc1be00c..ecab515b1f65 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -1,67 +1,14 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -10479,9 +11652,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -10503,7 +11674,7 @@
#include <stdlib.h>
#include <string.h>
diff --git a/apps/sess_id.c b/apps/sess_id.c
-index f40f131..2b63e69 100644
+index f40f131e1bd5..2b63e69cdcc0 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -1,58 +1,10 @@
@@ -10572,7 +11743,7 @@
#include <stdio.h>
diff --git a/apps/smime.c b/apps/smime.c
-index 60daeb4..f9f3d23 100644
+index 60daeb408d5e..f9f3d2378753 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -1,59 +1,10 @@
@@ -10717,7 +11888,7 @@
if (operation == SMIME_RESIGN)
rv = SMIME_write_PKCS7(out, p7, indata, flags);
diff --git a/apps/speed.c b/apps/speed.c
-index 160841d..139295c 100644
+index 160841d040b1..3b162e1058ca 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,59 +1,12 @@
@@ -10787,7 +11958,25 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -2650,20 +2603,20 @@ int speed_main(int argc, char **argv)
+@@ -1239,6 +1192,7 @@ static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_
+ int speed_main(int argc, char **argv)
+ {
+ loopargs_t *loopargs = NULL;
++ int async_init = 0;
+ int loopargs_len = 0;
+ char *prog;
+ const EVP_CIPHER *evp_cipher = NULL;
+@@ -1565,7 +1519,8 @@ int speed_main(int argc, char **argv)
+
+ /* Initialize the job pool if async mode is enabled */
+ if (async_jobs > 0) {
+- if (!ASYNC_init_thread(async_jobs, async_jobs)) {
++ async_init = ASYNC_init_thread(async_jobs, async_jobs);
++ if (!async_init) {
+ BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
+ goto end;
+ }
+@@ -2650,20 +2605,20 @@ int speed_main(int argc, char **argv)
break;
}
}
@@ -10822,8 +12011,18 @@
}
}
+@@ -2846,7 +2801,9 @@ int speed_main(int argc, char **argv)
+ if (async_jobs > 0) {
+ for (i = 0; i < loopargs_len; i++)
+ ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
++ }
+
++ if (async_init) {
+ ASYNC_cleanup_thread();
+ }
+ OPENSSL_free(loopargs);
diff --git a/apps/spkac.c b/apps/spkac.c
-index 07f36d3..b6fc46d 100644
+index 07f36d370d60..b6fc46dfc26f 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -1,60 +1,12 @@
@@ -10882,8 +12081,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -10894,7 +12094,7 @@
#include <stdlib.h>
#include <string.h>
diff --git a/apps/srp.c b/apps/srp.c
-index 1bf2ee2..d81346d 100644
+index 1bf2ee299a01..5ba937598452 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -1,59 +1,10 @@
@@ -10995,17 +12195,19 @@
if (db == NULL)
goto end;
-@@ -646,7 +596,7 @@ int srp_main(int argc, char **argv)
+@@ -646,7 +596,9 @@ int srp_main(int argc, char **argv)
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
- OPENSSL_free(tofree);
+
++ OPENSSL_free(passin);
++ OPENSSL_free(passout);
if (ret)
ERR_print_errors(bio_err);
if (randfile)
diff --git a/apps/testdsa.h b/apps/testdsa.h
-index c72c71e..1e4502a 100644
+index c72c71eccea3..1e4502a10bd0 100644
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -1,50 +1,10 @@
@@ -11066,7 +12268,7 @@
/* used by speed.c */
diff --git a/apps/testrsa.h b/apps/testrsa.h
-index b163313..1350ce5 100644
+index b1633136605c..1350ce54e3fb 100644
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -1,59 +1,10 @@
@@ -11136,7 +12338,7 @@
static unsigned char test512[] = {
diff --git a/apps/timeouts.h b/apps/timeouts.h
-index dc83e9d..e023b0a 100644
+index dc83e9deec14..e023b0aa4920 100644
--- a/apps/timeouts.h
+++ b/apps/timeouts.h
@@ -1,59 +1,10 @@
@@ -11205,7 +12407,7 @@
#ifndef INCLUDED_TIMEOUTS_H
diff --git a/apps/ts.c b/apps/ts.c
-index 70a9013..ec83aac 100644
+index 70a9013e2b6f..ec83aacda4aa 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1,59 +1,10 @@
@@ -11314,8 +12516,37 @@
goto end;
/* Check parameter consistency and execute the appropriate function. */
+diff --git a/apps/tsget.in b/apps/tsget.in
+index fe029f353a04..706711155244 100644
+--- a/apps/tsget.in
++++ b/apps/tsget.in
+@@ -1,7 +1,11 @@
+ #!{- $config{perl} -}
+-# Written by Zoltan Glozik <zglozik at stones.com>.
+-# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+-$::version = '$Id: tsget,v 1.3 2009/09/07 17:57:18 steve Exp $';
++# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
++# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
+ use strict;
+ use IO::Handle;
+@@ -42,7 +46,8 @@ sub create_curl {
+ # Error-handling related options.
+ $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+ $curl->setopt(CURLOPT_FAILONERROR, 1);
+- $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
++ $curl->setopt(CURLOPT_USERAGENT,
++ "OpenTSA tsget.pl/openssl-{- $config{version} -}");
+
+ # Options for POST method.
+ $curl->setopt(CURLOPT_UPLOAD, 1);
diff --git a/apps/verify.c b/apps/verify.c
-index fa51783..86d1b2a 100644
+index fa517830cf25..86d1b2a8517e 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -1,58 +1,10 @@
@@ -11384,7 +12615,7 @@
#include <stdio.h>
diff --git a/apps/version.c b/apps/version.c
-index 0a252e7..e3c8299 100644
+index 0a252e75b23d..e3c8299fcf9a 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -1,111 +1,10 @@
@@ -11506,7 +12737,7 @@
#include <stdio.h>
diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c
-index ecf21af..f83f716 100644
+index ecf21afb6ea6..f83f7168efe5 100644
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
@@ -1,53 +1,10 @@
@@ -11515,7 +12746,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -11546,8 +12778,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -11569,10 +12800,11 @@
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
diff --git a/apps/winrand.c b/apps/winrand.c
-index a5fe791..e65605e 100644
+deleted file mode 100644
+index a5fe79103771..000000000000
--- a/apps/winrand.c
-+++ b/apps/winrand.c
-@@ -1,55 +1,10 @@
++++ /dev/null
+@@ -1,145 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
@@ -11624,18 +12856,102 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*-
+- *
+- */
+-
+-/*-
+- * Usage: winrand [filename]
+- *
+- * Collects entropy from mouse movements and other events and writes
+- * random data to filename or .rnd
+- */
+-
+-#include <windows.h>
+-#include <openssl/opensslv.h>
+-#include <openssl/rand.h>
+-
+-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
+-const char *filename;
+-
+-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
+- PSTR cmdline, int iCmdShow)
+-{
+- static char appname[] = "OpenSSL";
+- HWND hwnd;
+- MSG msg;
+- WNDCLASSEX wndclass;
+- char buffer[200];
+-
+- if (cmdline[0] == '\0')
+- filename = RAND_file_name(buffer, sizeof buffer);
+- else
+- filename = cmdline;
+-
+- RAND_load_file(filename, -1);
+-
+- wndclass.cbSize = sizeof(wndclass);
+- wndclass.style = CS_HREDRAW | CS_VREDRAW;
+- wndclass.lpfnWndProc = WndProc;
+- wndclass.cbClsExtra = 0;
+- wndclass.cbWndExtra = 0;
+- wndclass.hInstance = hInstance;
+- wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
+- wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
+- wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
+- wndclass.lpszMenuName = NULL;
+- wndclass.lpszClassName = appname;
+- wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
+- RegisterClassEx(&wndclass);
+-
+- hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
+- WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
+- CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
+- NULL);
+-
+- ShowWindow(hwnd, iCmdShow);
+- UpdateWindow(hwnd);
+-
+- while (GetMessage(&msg, NULL, 0, 0)) {
+- TranslateMessage(&msg);
+- DispatchMessage(&msg);
+- }
+-
+- return msg.wParam;
+-}
+-
+-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
+-{
+- HDC hdc;
+- PAINTSTRUCT ps;
+- RECT rect;
+- static int seeded = 0;
+-
+- switch (iMsg) {
+- case WM_PAINT:
+- hdc = BeginPaint(hwnd, &ps);
+- GetClientRect(hwnd, &rect);
+- DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
+- &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
+- EndPaint(hwnd, &ps);
+- return 0;
+-
+- case WM_DESTROY:
+- PostQuitMessage(0);
+- return 0;
+- }
+-
+- if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
+- seeded = 1;
+- if (RAND_write_file(filename) <= 0)
+- MessageBox(hwnd, "Couldn't write random file!",
+- "OpenSSL", MB_OK | MB_ICONERROR);
+- PostQuitMessage(0);
+- }
+-
+- return DefWindowProc(hwnd, iMsg, wParam, lParam);
+-}
diff --git a/apps/x509.c b/apps/x509.c
-index 6e6ee08..56c6fcc 100644
+index 6e6ee08ad29a..64197665d0ea 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1,58 +1,10 @@
@@ -11726,7 +13042,48 @@
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
-@@ -763,7 +715,7 @@ int x509_main(int argc, char **argv)
+@@ -193,7 +145,7 @@ OPTIONS x509_options[] = {
+ int x509_main(int argc, char **argv)
+ {
+ ASN1_INTEGER *sno = NULL;
+- ASN1_OBJECT *objtmp;
++ ASN1_OBJECT *objtmp = NULL;
+ BIO *out = NULL;
+ CONF *extconf = NULL;
+ EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
+@@ -325,6 +277,7 @@ int x509_main(int argc, char **argv)
+ if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
+ goto end;
+ sk_ASN1_OBJECT_push(trust, objtmp);
++ objtmp = NULL;
+ trustout = 1;
+ break;
+ case OPT_ADDREJECT:
+@@ -338,6 +291,7 @@ int x509_main(int argc, char **argv)
+ && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
+ goto end;
+ sk_ASN1_OBJECT_push(reject, objtmp);
++ objtmp = NULL;
+ trustout = 1;
+ break;
+ case OPT_SETALIAS:
+@@ -638,6 +592,7 @@ int x509_main(int argc, char **argv)
+ objtmp = sk_ASN1_OBJECT_value(trust, i);
+ X509_add1_trust_object(x, objtmp);
+ }
++ objtmp = NULL;
+ }
+
+ if (reject) {
+@@ -645,6 +600,7 @@ int x509_main(int argc, char **argv)
+ objtmp = sk_ASN1_OBJECT_value(reject, i);
+ X509_add1_reject_object(x, objtmp);
+ }
++ objtmp = NULL;
+ }
+
+ if (num) {
+@@ -763,7 +719,7 @@ int x509_main(int argc, char **argv)
BIO_printf(out, "/*\n"
" * Subject: %s\n", buf);
@@ -11735,7 +13092,15 @@
BIO_printf(out, " * Issuer: %s\n"
" */\n", buf);
-@@ -991,6 +943,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+@@ -933,6 +889,7 @@ int x509_main(int argc, char **argv)
+ ASN1_INTEGER_free(sno);
+ sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+ sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
++ ASN1_OBJECT_free(objtmp);
+ OPENSSL_free(passin);
+ return (ret);
+ }
+@@ -991,6 +948,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY *upkey;
upkey = X509_get0_pubkey(xca);
@@ -11747,7 +13112,7 @@
xsc = X509_STORE_CTX_new();
diff --git a/build.info b/build.info
-index ab941f8..6bc70c6 100644
+index ab941f8ce467..6bc70c6939fc 100644
--- a/build.info
+++ b/build.info
@@ -2,8 +2,8 @@
@@ -11762,10 +13127,44 @@
IF[{- $config{target} =~ /^Cygwin/ -}]
diff --git a/config b/config
-index 9dfe1c3..dfdca4d 100755
+index 9dfe1c3d2b03..2e02ae36918c 100755
--- a/config
+++ b/config
-@@ -134,10 +134,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+@@ -1,25 +1,15 @@
+ #!/bin/sh
++# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ #
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
+ # OpenSSL config: determine the operating system and run ./Configure
++# Derived from minarch and GuessOS from Apache.
+ #
+-# "config -h" for usage information.
+-#
+-# this is a merge of minarch and GuessOS from the Apache Group.
+-# Originally written by Tim Hudson <tjh at cryptsoft.com>.
+-
+-# Original Apache Group comments on GuessOS
+-
+-# Simple OS/Platform guesser. Similar to config.guess but
+-# much, much smaller. Since it was developed for use with
+-# Apache, it follows under Apache's regular licensing
+-# with one specific addition: Any changes or additions
+-# to this script should be Emailed to the Apache
+-# group (apache at apache.org) in general and to
+-# Jim Jagielski (jim at jaguNET.com) in specific.
+-#
+-# Be as similar to the output of config.guess/config.sub
+-# as possible.
+-
++# Do "config -h" for usage information.
+ SUFFIX=""
+ TEST="false"
+ EXE=""
+@@ -134,10 +124,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
esac
;;
@@ -11776,7 +13175,7 @@
IRIX:6.*)
echo "mips3-sgi-irix"; exit 0
;;
-@@ -265,6 +261,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+@@ -265,6 +251,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
Power*)
echo "ppc-apple-darwin${VERSION}"
;;
@@ -11786,7 +13185,7 @@
*)
echo "i686-apple-darwin${VERSION}"
;;
-@@ -461,14 +460,6 @@ case "$GUESSOS" in
+@@ -461,14 +450,6 @@ case "$GUESSOS" in
uClinux*)
OUT=uClinux-dist
;;
@@ -11801,7 +13200,7 @@
mips3-sgi-irix)
#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
#CPU=${CPU:-0}
-@@ -515,7 +506,7 @@ case "$GUESSOS" in
+@@ -515,7 +496,7 @@ case "$GUESSOS" in
ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
@@ -11810,7 +13209,7 @@
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
# The stty technique used elsewhere doesn't work on
-@@ -528,6 +519,22 @@ case "$GUESSOS" in
+@@ -528,6 +509,22 @@ case "$GUESSOS" in
else
OUT="darwin-i386-cc"
fi ;;
@@ -11833,8 +13232,23 @@
armv6+7-*-iphoneos)
options="$options -arch%20armv6 -arch%20armv7"
OUT="iphoneos-cross" ;;
+diff --git a/config.com b/config.com
+index 4151a88a442b..015de511a284 100644
+--- a/config.com
++++ b/config.com
+@@ -1,4 +1,10 @@
+ $ ! OpenSSL config: determine the architecture and run Configure
++$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++$ !
++$ ! Licensed under the OpenSSL license (the "License"). You may not use
++$ ! this file except in compliance with the License. You can obtain a
++$ ! copy in the file LICENSE in the source distribution or at
++$ ! https://www.openssl.org/source/license.html
+ $ !
+ $ ! Very simple for the moment, it will take the following arguments:
+ $ !
diff --git a/crypto/LPdir_nyi.c b/crypto/LPdir_nyi.c
-index 283d5b0..18566fd 100644
+index 283d5b06369e..18566fd673b5 100644
--- a/crypto/LPdir_nyi.c
+++ b/crypto/LPdir_nyi.c
@@ -1,4 +1,13 @@
@@ -11852,7 +13266,7 @@
*/
/*
diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
-index 1428cd1..8f27f70 100644
+index 1428cd16c611..8f27f7080185 100644
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
@@ -1,4 +1,13 @@
@@ -11870,7 +13284,7 @@
* $
*/
diff --git a/crypto/LPdir_vms.c b/crypto/LPdir_vms.c
-index 362918d..1a5b60f 100644
+index 362918dae379..1a5b60febfbc 100644
--- a/crypto/LPdir_vms.c
+++ b/crypto/LPdir_vms.c
@@ -1,4 +1,13 @@
@@ -11888,7 +13302,7 @@
* All rights reserved.
*
diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c
-index 4ff514f..71103da 100644
+index 4ff514f8856b..71103da0ad1e 100644
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
@@ -1,28 +1,12 @@
@@ -11927,7 +13341,7 @@
#include <tchar.h>
#ifndef LPDIR_H
diff --git a/crypto/LPdir_win32.c b/crypto/LPdir_win32.c
-index b1c983d..8f6d6ad 100644
+index b1c983d87f13..8f6d6ada031d 100644
--- a/crypto/LPdir_win32.c
+++ b/crypto/LPdir_win32.c
@@ -1,4 +1,13 @@
@@ -11945,7 +13359,7 @@
* $
*/
diff --git a/crypto/LPdir_wince.c b/crypto/LPdir_wince.c
-index ae8a56f..163479e 100644
+index ae8a56f4be89..163479e3409a 100644
--- a/crypto/LPdir_wince.c
+++ b/crypto/LPdir_wince.c
@@ -1,4 +1,13 @@
@@ -11964,7 +13378,7 @@
*/
diff --git a/crypto/Makefile.in b/crypto/Makefile.in
deleted file mode 100644
-index 60304ac..0000000
+index 60304acbc28d..000000000000
--- a/crypto/Makefile.in
+++ /dev/null
@@ -1,117 +0,0 @@
@@ -12087,7 +13501,7 @@
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/aes/Makefile.in b/crypto/aes/Makefile.in
deleted file mode 100644
-index 0dc96e4..0000000
+index 0dc96e4a3d8d..000000000000
--- a/crypto/aes/Makefile.in
+++ /dev/null
@@ -1,106 +0,0 @@
@@ -12198,7 +13612,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c
-index 826de68..342841f 100644
+index 826de68af886..342841fc4ff7 100644
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@@ -1,51 +1,10 @@
@@ -12260,7 +13674,7 @@
#include <openssl/aes.h>
diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c
-index 3962c3e..f010e3c 100644
+index 3962c3e9213f..f010e3c4ea9e 100644
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -1,51 +1,10 @@
@@ -12322,7 +13736,7 @@
#include <openssl/aes.h>
diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
-index 837d4fe..ef0fc51 100644
+index 837d4feb9f65..ef0fc51d952f 100644
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -1,3 +1,12 @@
@@ -12339,7 +13753,7 @@
* rijndael-alg-fst.c
*
diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c
-index 6639c78..29bfc1a 100644
+index 6639c783c47f..29bfc1ad66f7 100644
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@@ -1,51 +1,10 @@
@@ -12401,7 +13815,7 @@
#include <assert.h>
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
-index f8f4ba5..9125264 100644
+index f8f4ba57753f..9125264ed98e 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -1,51 +1,10 @@
@@ -12463,7 +13877,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h
-index e49f357..adee29d 100644
+index e49f35702b04..adee29df8d91 100644
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@@ -1,51 +1,10 @@
@@ -12525,7 +13939,7 @@
#ifndef HEADER_AES_LOCL_H
diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
-index ca84a6c..7403c84 100644
+index ca84a6cc33e2..7403c84f82d2 100644
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@@ -1,51 +1,10 @@
@@ -12587,7 +14001,7 @@
#include <openssl/opensslv.h>
diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c
-index bc24038..215b538 100644
+index bc240383a8cb..215b53858eb6 100644
--- a/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
@@ -1,51 +1,10 @@
@@ -12649,7 +14063,7 @@
#include <openssl/aes.h>
diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
-index c9cd3d3..cae0b21 100644
+index c9cd3d3f2b81..cae0b212297a 100644
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
@@ -1,54 +1,10 @@
@@ -12659,7 +14073,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -12690,8 +14105,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -12713,7 +14127,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c
-index 1b64f5b..dd7e905 100644
+index 1b64f5b65b6c..dd7e905470f0 100644
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@@ -1,3 +1,12 @@
@@ -12730,7 +14144,7 @@
* rijndael-alg-fst.c
*
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
-index 5a7f1b4..1ba3565 100755
+index 5a7f1b4551bc..1ba356508a42 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -1,4 +1,11 @@
@@ -12747,7 +14161,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
-index 3efe415..16d79aa 100644
+index 3efe415e66e6..16d79aae534e 100644
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl
@@ -1,4 +1,11 @@
@@ -12764,7 +14178,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl
-index 54426f7..19d2cc1 100644
+index 54426f7dda9e..19d2cc176fb2 100644
--- a/crypto/aes/asm/aes-c64xplus.pl
+++ b/crypto/aes/asm/aes-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -12780,8 +14194,23 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
+index 7f6c4c366291..ef44f7cc764a 100644
+--- a/crypto/aes/asm/aes-ia64.S
++++ b/crypto/aes/asm/aes-ia64.S
+@@ -1,3 +1,10 @@
++// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
++//
++// Licensed under the OpenSSL license (the "License"). You may not use
++// this file except in compliance with the License. You can obtain a copy
++// in the file LICENSE in the source distribution or at
++// https://www.openssl.org/source/license.html
++//
+ // ====================================================================
+ // Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ // project. Rights for redistribution and usage in source and binary
diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl
-index 77dfe1a..439578d 100644
+index 77dfe1ac9b11..439578d9c244 100644
--- a/crypto/aes/asm/aes-mips.pl
+++ b/crypto/aes/asm/aes-mips.pl
@@ -1,4 +1,11 @@
@@ -12868,7 +14297,7 @@
bal _mips_AES_set_encrypt_key
diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl
-index 714dcfb..2c785bc 100644
+index 714dcfbbe3b7..2c785bc56d5d 100644
--- a/crypto/aes/asm/aes-parisc.pl
+++ b/crypto/aes/asm/aes-parisc.pl
@@ -1,4 +1,11 @@
@@ -12885,7 +14314,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl
-index 5b83016..d02dde5 100644
+index 5b83016efa98..d02dde5bc5f8 100644
--- a/crypto/aes/asm/aes-ppc.pl
+++ b/crypto/aes/asm/aes-ppc.pl
@@ -1,4 +1,11 @@
@@ -12902,7 +14331,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
-index 4aacf1b..a93d601 100644
+index 4aacf1b6b5ea..a93d60191347 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -1,4 +1,11 @@
@@ -12978,7 +14407,7 @@
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl
-index 9eb0c3d..883fae8 100755
+index 9eb0c3d9c1f4..883fae820f8c 100755
--- a/crypto/aes/asm/aes-sparcv9.pl
+++ b/crypto/aes/asm/aes-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -12995,7 +14424,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
-index e95593e..aef440f 100755
+index e95593e35e0b..ce4ca30b1a78 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13011,12 +14440,21 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+@@ -37,7 +44,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $verticalspin=1; # unlike 32-bit version $verticalspin performs
diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl
new file mode 100755
-index 0000000..1483a68
+index 000000000000..c72f86555293
--- /dev/null
+++ b/crypto/aes/asm/aesfx-sparcv9.pl
-@@ -0,0 +1,442 @@
+@@ -0,0 +1,446 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -13122,6 +14560,7 @@
+ orn %g0, $mask, $mask
+ retl
+ stda %f8, [$out + $mask]0xc0 ! partial store
++.type aes_fx_encrypt,#function
+.size aes_fx_encrypt,.-aes_fx_encrypt
+
+.globl aes_fx_decrypt
@@ -13199,6 +14638,7 @@
+ orn %g0, $mask, $mask
+ retl
+ stda %f8, [$out + $mask]0xc0 ! partial store
++.type aes_fx_decrypt,#function
+.size aes_fx_decrypt,.-aes_fx_decrypt
+___
+}
@@ -13212,6 +14652,7 @@
+ mov -1, $inc
+ retl
+ nop
++.type aes_fx_set_decrypt_key,#function
+.size aes_fx_set_decrypt_key,.-aes_fx_set_decrypt_key
+
+.globl aes_fx_set_encrypt_key
@@ -13348,6 +14789,7 @@
+ std %f2, [$out + 8]
+ retl
+ xor %o0, %o0, %o0 ! return 0
++.type aes_fx_set_encrypt_key,#function
+.size aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key
+___
+}
@@ -13460,7 +14902,7 @@
+
+close STDOUT;
diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl
-index d7ad788..b12e535 100644
+index d7ad7882c4ee..aa2735e06ab2 100644
--- a/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13476,8 +14918,17 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ # void aesni_multi_cbc_encrypt (
diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
-index 4a746e9..873b2b3 100644
+index 4a746e9be98e..4b979a734656 100644
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13493,8 +14944,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -102,7 +109,7 @@ $shaext=1; ### set to zero if compiling for 1.0.1
+
+ $stitched_decrypt=0;
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ # void aesni_cbc_sha1_enc(const void *inp,
diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl
-index 6d195a4..12e53e7 100644
+index 6d195a4c20b1..e9ad24f7d7e5 100644
--- a/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13510,8 +14970,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $shaext=$avx; ### set to zero if compiling for 1.0.1
+ $avx=1 if (!$shaext && $avx);
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $func="aesni_cbc_sha256_enc";
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
-index b85d0c4..ed1a47c 100644
+index b85d0c425b8e..ed1a47c30cd1 100644
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
@@ -1,4 +1,11 @@
@@ -13528,7 +14997,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
-index 6e41a1a..7b68d5b 100644
+index 6e41a1ae86ef..a03da20a5aba 100644
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13544,8 +15013,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -193,7 +200,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl
-index a1891cc..ad54204 100755
+index a1891cc03caa..ad54204238e8 100755
--- a/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/aes/asm/aesp8-ppc.pl
@@ -1,4 +1,11 @@
@@ -13562,7 +15040,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl
-index 5b0159e..bf479c6 100644
+index 5b0159e22289..bf479c60aede 100644
--- a/crypto/aes/asm/aest4-sparcv9.pl
+++ b/crypto/aes/asm/aest4-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -13579,7 +15057,7 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index 9844ca1..aa36ed2 100755
+index 9844ca1aabc9..aa36ed272405 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -1,4 +1,11 @@
@@ -13596,7 +15074,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
-index 58d0173..4ccdc82 100644
+index 58d0173de246..4ccdc827594d 100644
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl
@@ -1,4 +1,11 @@
@@ -13613,7 +15091,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl
-index 3f7d33c..73d1b2e 100644
+index 3f7d33c45bce..6b14a517dc58 100644
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13629,8 +15107,17 @@
###################################################################
### AES-128 [originally in CTR mode] ###
+@@ -99,7 +106,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
diff --git a/crypto/aes/asm/vpaes-armv8.pl b/crypto/aes/asm/vpaes-armv8.pl
-index f44c62a..776a9b7 100755
+index f44c62a0a28e..776a9b744f3d 100755
--- a/crypto/aes/asm/vpaes-armv8.pl
+++ b/crypto/aes/asm/vpaes-armv8.pl
@@ -1,4 +1,11 @@
@@ -13647,7 +15134,7 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl
-index 1759ae9..7f81209 100644
+index 1759ae9dcff2..7f8120992705 100644
--- a/crypto/aes/asm/vpaes-ppc.pl
+++ b/crypto/aes/asm/vpaes-ppc.pl
@@ -1,4 +1,11 @@
@@ -13664,7 +15151,7 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl
-index 4fcd561..47615c0 100644
+index 4fcd561592a7..47615c0795f8 100644
--- a/crypto/aes/asm/vpaes-x86.pl
+++ b/crypto/aes/asm/vpaes-x86.pl
@@ -1,4 +1,11 @@
@@ -13681,7 +15168,7 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl
-index f2ef318..6039582 100644
+index f2ef318fae4e..265b6aa36201 100644
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
@@ -1,4 +1,11 @@
@@ -13697,8 +15184,17 @@
######################################################################
## Constant-time SSSE3 AES core implementation.
+@@ -57,7 +64,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $PREFIX="vpaes";
diff --git a/crypto/aes/build.info b/crypto/aes/build.info
-index 08c3afe..cf6cb5e 100644
+index 08c3afe48d3b..cf6cb5ec25ba 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -25,6 +25,8 @@ INCLUDE[aes-sparcv9.o]=..
@@ -13711,7 +15207,7 @@
GENERATE[aes-ppc.s]=asm/aes-ppc.pl $(PERLASM_SCHEME)
GENERATE[vpaes-ppc.s]=asm/vpaes-ppc.pl $(PERLASM_SCHEME)
diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl
-index 8af0f09..6c7fd4c 100644
+index 8af0f09d4b95..6c7fd4c9dd3d 100644
--- a/crypto/alphacpuid.pl
+++ b/crypto/alphacpuid.pl
@@ -1,7 +1,14 @@
@@ -13731,7 +15227,7 @@
print <<'___';
.text
-@@ -127,6 +134,34 @@ OPENSSL_cleanse:
+@@ -127,6 +134,34 @@ print <<'___';
bne $17,.Little
.Ldone: ret ($26)
.end OPENSSL_cleanse
@@ -13767,7 +15263,7 @@
{
my ($out,$cnt,$max)=("\$16","\$17","\$18");
diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl
-index bfec664..caa3387 100755
+index bfec664198cf..caa33875c937 100755
--- a/crypto/arm64cpuid.pl
+++ b/crypto/arm64cpuid.pl
@@ -1,4 +1,11 @@
@@ -13783,7 +15279,7 @@
$flavour = shift;
$output = shift;
-@@ -62,6 +69,57 @@ _armv8_pmull_probe:
+@@ -62,6 +69,57 @@ $code.=<<___;
pmull v0.1q, v0.1d, v0.1d
ret
.size _armv8_pmull_probe,.-_armv8_pmull_probe
@@ -13842,7 +15338,7 @@
print $code;
diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
-index 31dbd3a..3fc9e69 100644
+index 31dbd3a5fc09..3fc9e69b1c0a 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -1,3 +1,12 @@
@@ -13859,7 +15355,7 @@
# define __ARM_ARCH_H__
diff --git a/crypto/armcap.c b/crypto/armcap.c
-index 1afbc9f..4215766 100644
+index 1afbc9fcd036..4215766bf449 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,3 +1,12 @@
@@ -13876,7 +15372,7 @@
#include <stdlib.h>
#include <string.h>
diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl
-index c669623..33c893d 100644
+index c66962350d30..33c893d0e460 100644
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
@@ -1,4 +1,11 @@
@@ -13892,7 +15388,7 @@
$flavour = shift;
$output = shift;
-@@ -98,6 +105,36 @@ OPENSSL_cleanse:
+@@ -98,6 +105,36 @@ $code.=<<___;
#endif
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -13931,7 +15427,7 @@
.fpu neon
diff --git a/crypto/asn1/Makefile.in b/crypto/asn1/Makefile.in
deleted file mode 100644
-index 282bd45..0000000
+index 282bd45727fe..000000000000
--- a/crypto/asn1/Makefile.in
+++ /dev/null
@@ -1,78 +0,0 @@
@@ -14014,13 +15510,15 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
-index 00b0854..33be907 100644
+index 00b0854c6b21..33be907f9d5e 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -14068,9 +15566,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -14098,10 +15594,10 @@
return (ret);
}
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
-index 5ba6e1d..9676ab7 100644
+index 5ba6e1d1dadf..e5c1d0ed70e2 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
-@@ -1,58 +1,10 @@
+@@ -1,63 +1,16 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
+/*
@@ -14166,7 +15662,13 @@
*/
#include <stdio.h>
-@@ -138,6 +90,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+ #include <limits.h>
+ #include "internal/cryptlib.h"
++#include "internal/numbers.h"
+ #include <openssl/buffer.h>
+ #include <openssl/asn1.h>
+
+@@ -138,13 +91,14 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
#endif
#define HEADER_SIZE 8
@@ -14174,7 +15676,35 @@
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
-@@ -216,29 +169,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+ unsigned char *p;
+ int i;
+ size_t want = HEADER_SIZE;
+- int eos = 0;
++ uint32_t eos = 0;
+ size_t off = 0;
+ size_t len = 0;
+
+@@ -199,16 +153,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+
+ if (inf & 1) {
+ /* no data body so go round again */
+- eos++;
+- if (eos < 0) {
++ if (eos == UINT32_MAX) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+ goto err;
+ }
++ eos++;
+ want = HEADER_SIZE;
+ } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
+ /* eos value, so go back and read another header */
+ eos--;
+- if (eos <= 0)
++ if (eos == 0)
+ break;
+ else
+ want = HEADER_SIZE;
+@@ -216,29 +170,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
/* suck in slen bytes of data */
want = slen;
if (want > (len - off)) {
@@ -14229,8 +15759,17 @@
}
}
if (off + slen < off) {
+@@ -246,7 +215,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+ goto err;
+ }
+ off += slen;
+- if (eos <= 0) {
++ if (eos == 0) {
+ break;
+ } else
+ want = HEADER_SIZE;
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
-index a2c837c..2f9b63b 100644
+index a2c837c75703..2f9b63b2a102 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -1,58 +1,10 @@
@@ -14299,13 +15838,15 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
-index 569fcee..d9a57b2 100644
+index 569fceea94d3..d9a57b2c6123 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -14353,9 +15894,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -14368,13 +15907,15 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
-index 7ba5e52..2f60d6c 100644
+index 7ba5e524157d..8d43ee5f5309 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -1,62 +1,14 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -14422,9 +15963,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -14441,8 +15980,71 @@
*/
#include <stdio.h>
+@@ -220,41 +172,48 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+ struct tm *ts;
+ struct tm data;
+ size_t len = 20;
++ ASN1_GENERALIZEDTIME *tmps = NULL;
+
+ if (s == NULL)
+- s = ASN1_GENERALIZEDTIME_new();
+- if (s == NULL)
+- return (NULL);
++ tmps = ASN1_GENERALIZEDTIME_new();
++ else
++ tmps = s;
++ if (tmps == NULL)
++ return NULL;
+
+ ts = OPENSSL_gmtime(&t, &data);
+ if (ts == NULL)
+- return (NULL);
++ goto err;
+
+ if (offset_day || offset_sec) {
+ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+- return NULL;
++ goto err;
+ }
+
+- p = (char *)s->data;
+- if ((p == NULL) || ((size_t)s->length < len)) {
++ p = (char *)tmps->data;
++ if ((p == NULL) || ((size_t)tmps->length < len)) {
+ p = OPENSSL_malloc(len);
+ if (p == NULL) {
+ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
+- return (NULL);
++ goto err;
+ }
+- OPENSSL_free(s->data);
+- s->data = (unsigned char *)p;
++ OPENSSL_free(tmps->data);
++ tmps->data = (unsigned char *)p;
+ }
+
+ BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
+ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+ ts->tm_sec);
+- s->length = strlen(p);
+- s->type = V_ASN1_GENERALIZEDTIME;
++ tmps->length = strlen(p);
++ tmps->type = V_ASN1_GENERALIZEDTIME;
+ #ifdef CHARSET_EBCDIC_not
+- ebcdic2ascii(s->data, s->data, s->length);
++ ebcdic2ascii(tmps->data, tmps->data, tmps->length);
+ #endif
+- return (s);
++ return tmps;
++ err:
++ if (s == NULL)
++ ASN1_GENERALIZEDTIME_free(tmps);
++ return NULL;
+ }
+
+ const char *_asn1_mon[12] = {
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
-index 68eedc4..1514ede 100644
+index 68eedc41228f..1514ede4fd48 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -1,58 +1,10 @@
@@ -14511,13 +16113,15 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
-index ec623f7..9c28c02 100644
+index ec623f7b5a3f..9c28c02951f8 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -14565,9 +16169,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -14603,7 +16205,7 @@
return plen;
}
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
-index 8c38e19..5578e92 100644
+index 8c38e19963b8..5578e9239769 100644
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -1,59 +1,10 @@
@@ -14672,7 +16274,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
-index 5d3ebd6..4cca7a0 100644
+index 5d3ebd6ca7ab..4cca7a09e304 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -1,58 +1,10 @@
@@ -14741,7 +16343,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
-index 7b5bf6f..2e1205c 100644
+index 7b5bf6fc38d2..2e1205caea00 100644
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -1,58 +1,10 @@
@@ -14810,7 +16412,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
-index 9c70891..1aafe7c 100644
+index 9c70891c2225..1aafe7c839e6 100644
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -1,61 +1,14 @@
@@ -14883,7 +16485,7 @@
#include <openssl/asn1.h>
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
-index 616f979..7e21a5e 100644
+index 616f97993fa9..7e21a5ec9fbd 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -1,111 +1,10 @@
@@ -15005,7 +16607,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 977f523..59d5121 100644
+index 977f523fbfea..59d51210c3cd 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -1,59 +1,10 @@
@@ -15149,7 +16751,7 @@
type = str->type;
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
-index 79748bf..118e0cb 100644
+index 79748bf75478..53832c8a2c6d 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -1,59 +1,10 @@
@@ -15237,8 +16839,25 @@
{NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
{NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
{NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
+@@ -242,7 +199,7 @@ static ASN1_STRING_TABLE *stable_get(int nid)
+ tmp = ASN1_STRING_TABLE_get(nid);
+ if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
+ return tmp;
+- rv = OPENSSL_malloc(sizeof(*rv));
++ rv = OPENSSL_zalloc(sizeof(*rv));
+ if (rv == NULL)
+ return NULL;
+ if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
+@@ -258,7 +215,6 @@ static ASN1_STRING_TABLE *stable_get(int nid)
+ } else {
+ rv->minsize = -1;
+ rv->maxsize = -1;
+- rv->mask = 0;
+ rv->flags = STABLE_FLAGS_MALLOC;
+ }
+ return rv;
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
-index ef429da..3f82c2b 100644
+index ef429da27320..3f82c2bc3166 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -1,55 +1,10 @@
@@ -15312,7 +16931,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
-index 8dea2e0..8547513 100644
+index 8dea2e0e5cbd..8547513e3ae9 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -1,58 +1,10 @@
@@ -15391,7 +17010,7 @@
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
-index 432125b..eadc31a 100644
+index 432125bfc401..eadc31a4522a 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -1,58 +1,10 @@
@@ -15460,13 +17079,15 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
-index 64e983e..e2dc09f 100644
+index 64e983e79a4b..e2dc09f6aee5 100644
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -15514,9 +17135,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -15529,7 +17148,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
-index 211689b..00ab136 100644
+index 211689b14d51..00ab136f0223 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -1,58 +1,10 @@
@@ -15598,7 +17217,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
-index a0c6320..577e205 100644
+index a0c63207f9e6..577e2050edee 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -1,59 +1,10 @@
@@ -15667,7 +17286,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
-index 465b263..a363fdb 100644
+index 465b2633e662..a363fdb2d12a 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,61 +1,11 @@
@@ -15953,7 +17572,7 @@
};
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
-index 59a99ed..a2e1c64 100644
+index 59a99edf2ff7..493a693aa384 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -1,59 +1,10 @@
@@ -16021,14 +17640,70 @@
*/
#include "internal/cryptlib.h"
+@@ -111,7 +62,7 @@ typedef struct {
+ int exp_count;
+ } tag_exp_arg;
+
+-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
++static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+ int *perr);
+ static int bitstr_cb(const char *elem, int len, void *bitstr);
+ static int asn1_cb(const char *elem, int len, void *bitstr);
+@@ -124,7 +75,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+ static int asn1_str2tag(const char *tagstr, int len);
+
+-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
++ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
+ {
+ X509V3_CTX cnf;
+
+@@ -135,7 +86,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+ return ASN1_generate_v3(str, &cnf);
+ }
+
+-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
++ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
+ {
+ int err = 0;
+ ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
+@@ -144,7 +95,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+ return ret;
+ }
+
+-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
++static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+ int *perr)
+ {
+ ASN1_TYPE *ret;
+@@ -670,7 +621,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+ goto bad_form;
+ }
+ if ((atmp->value.integer
+- = s2i_ASN1_INTEGER(NULL, (char *)str)) == NULL) {
++ = s2i_ASN1_INTEGER(NULL, str)) == NULL) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+ goto bad_str;
+ }
+@@ -743,7 +694,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+ }
+
+ if (format == ASN1_GEN_FORMAT_HEX) {
+- if ((rdata = OPENSSL_hexstr2buf((char *)str, &rdlen)) == NULL) {
++ if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+ goto bad_str;
+ }
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
-index 938984d..aecb4ad 100644
+index 938984d50959..aecb4adb5b3f 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -16076,9 +17751,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -16091,7 +17764,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
-index ea3d20a..56c9954 100644
+index ea3d20ae3840..56c99541d5f4 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -1,59 +1,10 @@
@@ -16160,7 +17833,7 @@
/* Internal ASN1 structures and functions: not for application use */
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
-index e412820..51da014 100644
+index e41282094dec..51da0143aa2e 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -1,58 +1,10 @@
@@ -16229,7 +17902,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
-index 851fb91..a588fbd 100644
+index 851fb91e8cb1..a588fbd23fef 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -1,55 +1,10 @@
@@ -16303,7 +17976,7 @@
return val;
}
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
-index a5c8601..9bffee6 100644
+index a5c86011ff73..9bffee62f781 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -1,59 +1,10 @@
@@ -16372,7 +18045,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c
-index f90b442..196dd56 100644
+index f90b442673a6..196dd56f06af 100644
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@@ -1,55 +1,10 @@
@@ -16437,7 +18110,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
-index 93b7b90..7c30202 100644
+index 93b7b90215b9..1f5be531896f 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -1,59 +1,10 @@
@@ -16505,8 +18178,51 @@
*/
#include <stdio.h>
+@@ -66,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+ {
+ ASN1_STRING *octmp;
+
+- if (oct == NULL|| *oct== NULL) {
++ if (oct == NULL || *oct == NULL) {
+ if ((octmp = ASN1_STRING_new()) == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+- if (oct)
+- *oct = octmp;
+- } else
++ } else {
+ octmp = *oct;
++ }
+
+ OPENSSL_free(octmp->data);
+ octmp->data = NULL;
+
+ if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+- return NULL;
++ goto err;
+ }
+- if (!octmp->data) {
++ if (octmp->data == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+- return NULL;
++ goto err;
+ }
++
++ if (oct != NULL && *oct == NULL)
++ *oct = octmp;
++
+ return octmp;
++ err:
++ if (oct == NULL || *oct == NULL)
++ ASN1_STRING_free(octmp);
++ return NULL;
+ }
+
+ /* Extract an ASN1 object from an ASN1_STRING */
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
-index 1657ac7..664b682 100644
+index 1657ac72cfad..400effa12cf5 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -1,59 +1,10 @@
@@ -16574,8 +18290,34 @@
*/
/*
+@@ -144,8 +95,8 @@ const BIO_METHOD *BIO_f_asn1(void)
+
+ static int asn1_bio_new(BIO *b)
+ {
+- BIO_ASN1_BUF_CTX *ctx;
+- ctx = OPENSSL_malloc(sizeof(*ctx));
++ BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
++
+ if (ctx == NULL)
+ return 0;
+ if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
+@@ -164,14 +115,8 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
+ if (ctx->buf == NULL)
+ return 0;
+ ctx->bufsize = size;
+- ctx->bufpos = 0;
+- ctx->buflen = 0;
+- ctx->copylen = 0;
+ ctx->asn1_class = V_ASN1_UNIVERSAL;
+ ctx->asn1_tag = V_ASN1_OCTET_STRING;
+- ctx->ex_buf = 0;
+- ctx->ex_pos = 0;
+- ctx->ex_len = 0;
+ ctx->state = ASN1_STATE_START;
+ return 1;
+ }
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
-index 9a6eaf6..beeda9f 100644
+index 9a6eaf612ab8..0f206b24977e 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -1,55 +1,10 @@
@@ -16639,7 +18381,25 @@
*/
#include <openssl/asn1.h>
-@@ -119,7 +74,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+@@ -105,21 +60,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+ ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+ return NULL;
+ }
+- ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux));
++ ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
+ asn_bio = BIO_new(BIO_f_asn1());
++ if (ndef_aux == NULL || asn_bio == NULL)
++ goto err;
+
+ /* ASN1 bio needs to be next to output BIO */
+-
+ out = BIO_push(asn_bio, out);
+-
+- if (ndef_aux == NULL || asn_bio == NULL || !out)
++ if (out == NULL)
+ goto err;
+
+ BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
/*
@@ -16649,7 +18409,7 @@
*/
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
-index 3305ad1..6e42f86 100644
+index 3305ad146b9c..6e42f86a9bcd 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -1,15 +1,26 @@
@@ -16691,7 +18451,7 @@
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
-index 878504f..a3511da 100644
+index 878504f9c37a..a3511da07288 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -1,7 +1,10 @@
@@ -16769,13 +18529,15 @@
+print("\n};\n");
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
-index 85567ce..e311b90 100644
+index 85567cee5caf..e311b909dbb2 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -16823,9 +18585,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -16859,7 +18619,7 @@
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
-index 3ebdb5d..dfdc1a6 100644
+index 3ebdb5d1509e..dfdc1a6c96c3 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -1,58 +1,10 @@
@@ -16928,13 +18688,15 @@
#include <stdio.h>
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
-index 79e7121..f7416e5 100644
+index 79e7121998a2..f7416e5550c3 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -16982,9 +18744,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -16997,7 +18757,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
-index 0feb7a1..15aece9 100644
+index 0feb7a15b6fd..0f16ac0bbbdd 100644
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -1,61 +1,14 @@
@@ -17086,8 +18846,16 @@
ASN1err(ASN1_F_A2I_ASN1_INTEGER,
ASN1_R_NON_HEX_CHARACTERS);
goto err;
+@@ -201,6 +148,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+ return 1;
+ err:
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
++ OPENSSL_free(s);
+ return 0;
+ }
+
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
-index 7d9eb14..f9a77a2 100644
+index 7d9eb1475aca..f9a77a2cde2a 100644
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -1,61 +1,14 @@
@@ -17177,7 +18945,7 @@
ASN1_R_NON_HEX_CHARACTERS);
return 0;
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
-index 7ca643f..445b0c8 100644
+index 7ca643fb5842..445b0c84251f 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -1,58 +1,10 @@
@@ -17263,7 +19031,7 @@
+ return -1;
}
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
-index c1504d8..8986c43 100644
+index c1504d8263ba..8986c43cbee5 100644
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -1,58 +1,10 @@
@@ -17332,7 +19100,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
-index c7382bd..267ce60 100644
+index c7382bd94432..267ce60110d5 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -1,58 +1,10 @@
@@ -17401,7 +19169,7 @@
#include "openssl/opensslconf.h"
diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c
-index 550fc8e..c7baf40 100644
+index 550fc8eb708b..c7baf40d30f5 100644
--- a/crypto/asn1/nsseq.c
+++ b/crypto/asn1/nsseq.c
@@ -1,59 +1,10 @@
@@ -17470,7 +19238,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
-index e75ab7e..92da23e 100644
+index e75ab7e9765d..92da23ec3bce 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -1,59 +1,10 @@
@@ -17539,7 +19307,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
-index 244706a..9687057 100644
+index 244706a3dfe8..96870579688a 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -1,59 +1,10 @@
@@ -17617,7 +19385,7 @@
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
-index 6ee7ef4..cc1f76c 100644
+index 6ee7ef4b3b53..cc1f76c228df 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -1,59 +1,10 @@
@@ -17686,7 +19454,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
-index 1e062a9..ebee6b5 100644
+index 1e062a9ee9ae..ebee6b50cd94 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -1,59 +1,10 @@
@@ -17755,7 +19523,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
-index 2b38e05..0c3a239 100644
+index 2b38e0573c13..0c3a2393ba35 100644
--- a/crypto/asn1/t_bitst.c
+++ b/crypto/asn1/t_bitst.c
@@ -1,59 +1,10 @@
@@ -17824,7 +19592,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
-index b17862c..5ae19ed 100644
+index b17862c2f49d..5ae19ed78a5b 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -1,58 +1,10 @@
@@ -17893,7 +19661,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
-index bc20c14..51b56d0 100644
+index bc20c14e2bf4..51b56d0aa9f7 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -1,59 +1,10 @@
@@ -17962,7 +19730,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
-index 5715921..64bbe40 100644
+index 571592199f90..aad838a08300 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -1,59 +1,10 @@
@@ -18030,7 +19798,15 @@
*/
#include <stddef.h>
-@@ -584,7 +535,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+@@ -63,6 +14,7 @@
+ #include <openssl/objects.h>
+ #include <openssl/buffer.h>
+ #include <openssl/err.h>
++#include "internal/numbers.h"
+ #include "asn1_locl.h"
+
+ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+@@ -584,7 +536,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} else if (ret == -1)
return -1;
if (!*val)
@@ -18039,7 +19815,7 @@
else {
/*
* We've got a valid STACK: free up any items present
-@@ -858,9 +809,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+@@ -858,9 +810,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
break;
case V_ASN1_INTEGER:
@@ -18049,8 +19825,35 @@
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
+@@ -946,7 +896,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+
+ static int asn1_find_end(const unsigned char **in, long len, char inf)
+ {
+- int expected_eoc;
++ uint32_t expected_eoc;
+ long plen;
+ const unsigned char *p = *in, *q;
+ /* If not indefinite length constructed just add length */
+@@ -976,10 +926,15 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+- if (inf)
++ if (inf) {
++ if (expected_eoc == UINT32_MAX) {
++ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
++ return 0;
++ }
+ expected_eoc++;
+- else
++ } else {
+ p += plen;
++ }
+ len -= p - q;
+ }
+ if (expected_eoc) {
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
-index 0d25cf9..9526cff 100644
+index 0d25cf9d75e7..9526cff35b3f 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -1,59 +1,10 @@
@@ -18129,7 +19932,7 @@
* These are all have the same content format as ASN1_INTEGER
*/
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
-index 2fc036f..9b623d9 100644
+index 2fc036fb666f..9b623d907c4a 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -1,59 +1,10 @@
@@ -18212,7 +20015,7 @@
if (!seqtt)
continue;
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
-index 9e8ba9c..455a88a 100644
+index 9e8ba9c0b271..455a88ab6282 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -1,59 +1,10 @@
@@ -18281,7 +20084,7 @@
#include <stddef.h>
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
-index f6bd218..425810b 100644
+index f6bd2189cf28..425810b4219e 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -1,59 +1,10 @@
@@ -18375,7 +20178,7 @@
char *tname;
ASN1_VALUE *skitem;
diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c
-index a775839..1bdd2df 100644
+index a7758394b1d9..e1df2cfcae04 100644
--- a/crypto/asn1/tasn_scn.c
+++ b/crypto/asn1/tasn_scn.c
@@ -1,59 +1,10 @@
@@ -18443,8 +20246,19 @@
*/
#include <stddef.h>
+@@ -73,8 +24,8 @@
+
+ ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
+ {
+- ASN1_SCTX *ret;
+- ret = OPENSSL_malloc(sizeof(*ret));
++ ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
++
+ if (ret == NULL) {
+ ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c
-index da9a80a..98d9879 100644
+index da9a80a06d27..98d987901413 100644
--- a/crypto/asn1/tasn_typ.c
+++ b/crypto/asn1/tasn_typ.c
@@ -1,60 +1,12 @@
@@ -18503,8 +20317,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -18515,7 +20330,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
-index 41f2fc2..cb24593 100644
+index 41f2fc24a0fe..f03f9e9ed04b 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -1,59 +1,10 @@
@@ -18583,8 +20398,28 @@
*/
#include <stddef.h>
+@@ -99,6 +50,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+ * then the count is incremented. If op is 0 count is set to 1. If op is -1
+ * count is decremented and the return value is the current reference count
+ * or 0 if no reference count exists.
++ * FIXME: return and manage any error from inside this method
+ */
+
+ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+@@ -117,8 +69,10 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+ if (op == 0) {
+ *lck = 1;
+ *lock = CRYPTO_THREAD_lock_new();
+- if (*lock == NULL)
++ if (*lock == NULL) {
++ /* FIXME: should report an error (-1) at this point */
+ return 0;
++ }
+ return 1;
+ }
+ CRYPTO_atomic_add(lck, op, &ret, *lock);
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
-index 30c59d8..dfebf68 100644
+index 30c59d850f43..dfebf6865ab5 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -1,59 +1,10 @@
@@ -18653,7 +20488,7 @@
#include <stddef.h>
diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
-index c8072e3..db6ce82 100644
+index c8072e337f94..db6ce82e8ff4 100644
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@@ -1,59 +1,10 @@
@@ -18722,7 +20557,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
-index b49c787..8d99f07 100644
+index b49c787792f5..8d99f07c6361 100644
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -1,58 +1,10 @@
@@ -18791,7 +20626,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
-index f804282..9d27ba4 100644
+index f804282c51b2..9d27ba4bc1ff 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -1,59 +1,10 @@
@@ -18860,7 +20695,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
-index 1e80d9e..593049f 100644
+index 1e80d9ec3495..593049f0f26e 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -1,58 +1,10 @@
@@ -18929,7 +20764,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
-index b880e24..d5b0b69 100644
+index b880e2420b1b..d5b0b69dde31 100644
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@@ -1,58 +1,10 @@
@@ -18998,7 +20833,7 @@
#include <stdio.h>
diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
-index 636f69b..c45400b 100644
+index 636f69b3edaa..c45400b42f3a 100644
--- a/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
@@ -1,58 +1,10 @@
@@ -19067,7 +20902,7 @@
/*
diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
-index d9ebfe1..d1f1d3b 100644
+index d9ebfe1c7e75..d1f1d3bff989 100644
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
@@ -1,58 +1,10 @@
@@ -19137,7 +20972,7 @@
#include <stdio.h>
diff --git a/crypto/async/Makefile.in b/crypto/async/Makefile.in
deleted file mode 100644
-index aa85749..0000000
+index aa85749899cf..000000000000
--- a/crypto/async/Makefile.in
+++ /dev/null
@@ -1,63 +0,0 @@
@@ -19205,7 +21040,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c
-index 19fb72c..a9ae35d 100644
+index 19fb72c2c081..a9ae35de45b0 100644
--- a/crypto/async/arch/async_null.c
+++ b/crypto/async/arch/async_null.c
@@ -1,53 +1,10 @@
@@ -19214,7 +21049,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19245,8 +21081,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19268,7 +21103,7 @@
/* This must be the first #include file */
diff --git a/crypto/async/arch/async_null.h b/crypto/async/arch/async_null.h
-index a965bdb..aef40b5 100644
+index a965bdbbd849..aef40b5d9ee0 100644
--- a/crypto/async/arch/async_null.h
+++ b/crypto/async/arch/async_null.h
@@ -1,53 +1,10 @@
@@ -19277,7 +21112,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19308,8 +21144,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19331,7 +21166,7 @@
#include <openssl/async.h>
diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c
-index 33f2a3f..02c342d 100644
+index 33f2a3fa1ea2..02c342d3dfa9 100644
--- a/crypto/async/arch/async_posix.c
+++ b/crypto/async/arch/async_posix.c
@@ -1,53 +1,10 @@
@@ -19340,7 +21175,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19371,8 +21207,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19394,10 +21229,10 @@
/* This must be the first #include file */
diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
-index de80f95..e0099c3 100644
+index de80f95f9d44..3c61f7f7b081 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
-@@ -1,59 +1,17 @@
+@@ -1,59 +1,19 @@
/*
- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
- */
@@ -19420,8 +21255,7 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -19449,6 +21283,8 @@
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -19460,12 +21296,23 @@
#include <openssl/e_os2.h>
-#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC)
-+#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) && !defined(__ANDROID__)
++#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \
++ && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
++ && !defined(__ANDROID__) && !defined(__OpenBSD__)
# include <unistd.h>
+@@ -74,7 +34,7 @@ typedef struct async_fibre_st {
+ int env_init;
+ } async_fibre;
+
+-static inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
++static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
+ {
+ o->env_init = 1;
+
diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c
-index 4f4c799..37a3111 100644
+index 4f4c799e9863..37a31110527f 100644
--- a/crypto/async/arch/async_win.c
+++ b/crypto/async/arch/async_win.c
@@ -1,53 +1,10 @@
@@ -19474,7 +21321,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19505,8 +21353,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19528,7 +21375,7 @@
/* This must be the first #include file */
diff --git a/crypto/async/arch/async_win.h b/crypto/async/arch/async_win.h
-index 4287330..61cfdd7 100644
+index 42873307d08b..61cfdd72dec6 100644
--- a/crypto/async/arch/async_win.h
+++ b/crypto/async/arch/async_win.h
@@ -1,53 +1,10 @@
@@ -19537,7 +21384,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19568,8 +21416,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19591,7 +21438,7 @@
/*
diff --git a/crypto/async/async.c b/crypto/async/async.c
-index b4ba561..965a195 100644
+index b4ba56188817..965a1954f9bc 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -1,53 +1,10 @@
@@ -19600,7 +21447,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19631,8 +21479,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19662,7 +21509,7 @@
#include <internal/cryptlib_int.h>
#include <string.h>
diff --git a/crypto/async/async_err.c b/crypto/async/async_err.c
-index 26b34d4..13c41cd 100644
+index 26b34d4defec..13c41cdd28a2 100644
--- a/crypto/async/async_err.c
+++ b/crypto/async/async_err.c
@@ -1,61 +1,11 @@
@@ -19748,7 +21595,7 @@
};
diff --git a/crypto/async/async_locl.h b/crypto/async/async_locl.h
-index 7fa1f26..786cf00 100644
+index 7fa1f26c005c..786cf0099c19 100644
--- a/crypto/async/async_locl.h
+++ b/crypto/async/async_locl.h
@@ -1,53 +1,10 @@
@@ -19757,7 +21604,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19788,8 +21636,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19811,7 +21658,7 @@
/*
diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c
-index ece995f..e5ecaeb 100644
+index ece995f4e9a8..e5ecaeb5ee8a 100644
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
@@ -1,53 +1,10 @@
@@ -19820,7 +21667,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -19851,8 +21699,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -19873,9 +21720,81 @@
*/
/* This must be the first #include file */
+diff --git a/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT
+deleted file mode 100644
+index 6857223506de..000000000000
+--- a/crypto/bf/COPYRIGHT
++++ /dev/null
+@@ -1,46 +0,0 @@
+-Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+-All rights reserved.
+-
+-This package is an Blowfish implementation written
+-by Eric Young (eay at cryptsoft.com).
+-
+-This library is free for commercial and non-commercial use as long as
+-the following conditions are aheared to. The following conditions
+-apply to all code found in this distribution.
+-
+-Copyright remains Eric Young's, and as such any Copyright notices in
+-the code are not to be removed.
+-
+-Redistribution and use in source and binary forms, with or without
+-modification, are permitted provided that the following conditions
+-are met:
+-1. Redistributions of source code must retain the copyright
+- notice, this list of conditions and the following disclaimer.
+-2. Redistributions in binary form must reproduce the above copyright
+- notice, this list of conditions and the following disclaimer in the
+- documentation and/or other materials provided with the distribution.
+-3. All advertising materials mentioning features or use of this software
+- must display the following acknowledgement:
+- This product includes software developed by Eric Young (eay at cryptsoft.com)
+-
+-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-SUCH DAMAGE.
+-
+-The license and distribution terms for any publically available version or
+-derivative of this code cannot be changed. i.e. this code cannot simply be
+-copied and put under another distrubution license
+-[including the GNU Public License.]
+-
+-The reason behind this being stated in this direct manner is past
+-experience in code simply being copied and the attribution removed
+-from it and then being distributed as part of other packages. This
+-implementation was a non-trivial and unpaid effort.
+diff --git a/crypto/bf/INSTALL b/crypto/bf/INSTALL
+deleted file mode 100644
+index 3b259235326a..000000000000
+--- a/crypto/bf/INSTALL
++++ /dev/null
+@@ -1,14 +0,0 @@
+-This Eric Young's blowfish implementation, taken from his SSLeay library
+-and made available as a separate library.
+-
+-The version number (0.7.2m) is the SSLeay version that this library was
+-taken from.
+-
+-To build, just unpack and type make.
+-If you are not using gcc, edit the Makefile.
+-If you are compiling for an x86 box, try the assembler (it needs improving).
+-There are also some compile time options that can improve performance,
+-these are documented in the Makefile.
+-
+-eric 15-Apr-1997
+-
diff --git a/crypto/bf/Makefile.in b/crypto/bf/Makefile.in
deleted file mode 100644
-index a41b9d1..0000000
+index a41b9d19692f..000000000000
--- a/crypto/bf/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -19930,8 +21849,20 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/bf/VERSION b/crypto/bf/VERSION
+deleted file mode 100644
+index be995855e43b..000000000000
+--- a/crypto/bf/VERSION
++++ /dev/null
+@@ -1,6 +0,0 @@
+-The version numbers will follow my SSL implementation
+-
+-0.7.2r - Some reasonable default compiler options from
+- Peter Gutman <pgut001 at cs.auckland.ac.nz>
+-
+-0.7.2m - the first release
diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl
-index 319a638..ebc24f4 100644
+index 319a63875497..ebc24f48a152 100644
--- a/crypto/bf/asm/bf-586.pl
+++ b/crypto/bf/asm/bf-586.pl
@@ -1,4 +1,11 @@
@@ -19948,7 +21879,7 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
diff --git a/crypto/bf/bf_cbc.c b/crypto/bf/bf_cbc.c
-index b052951..6ed6257 100644
+index b052951fcd3f..6ed62578ace3 100644
--- a/crypto/bf/bf_cbc.c
+++ b/crypto/bf/bf_cbc.c
@@ -1,58 +1,10 @@
@@ -20017,13 +21948,15 @@
#include <openssl/blowfish.h>
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
-index cab8bf8..ce6e13b 100644
+index cab8bf8e7443..ce6e13b5a4cc 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20071,9 +22004,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20086,13 +22017,15 @@
#include <openssl/blowfish.h>
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
-index a7640d8..aa73540 100644
+index a7640d88b3e2..aa73540f35ae 100644
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20140,9 +22073,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20155,13 +22086,15 @@
#include <openssl/blowfish.h>
diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
-index 04eb391..9f80c56 100644
+index 04eb39134aba..9f80c56d5716 100644
--- a/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20209,9 +22142,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20224,13 +22155,15 @@
#include <openssl/blowfish.h>
diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
-index 5ad9ec2..7e5f92c 100644
+index 5ad9ec29494e..7e5f92c26cb6 100644
--- a/crypto/bf/bf_locl.h
+++ b/crypto/bf/bf_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20278,9 +22211,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20293,13 +22224,15 @@
#ifndef HEADER_BF_LOCL_H
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
-index 97a58ce..6418217 100644
+index 97a58cef6a04..6418217b307d 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20347,9 +22280,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20362,7 +22293,7 @@
#include <openssl/blowfish.h>
diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
-index c3e1873..a054b03 100644
+index c3e187363cf1..a054b03f8122 100644
--- a/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
@@ -1,58 +1,10 @@
@@ -20431,7 +22362,7 @@
static const BF_KEY bf_init = {
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
-index 3cfc6a1..a4903a2 100644
+index 3cfc6a1c65e0..a4903a2a71de 100644
--- a/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
@@ -1,58 +1,10 @@
@@ -20499,8 +22430,81 @@
*/
#include <stdio.h>
+diff --git a/crypto/bf/bfs.cpp b/crypto/bf/bfs.cpp
+deleted file mode 100644
+index d74c45776078..000000000000
+--- a/crypto/bf/bfs.cpp
++++ /dev/null
+@@ -1,67 +0,0 @@
+-//
+-// gettsc.inl
+-//
+-// gives access to the Pentium's (secret) cycle counter
+-//
+-// This software was written by Leonard Janke (janke at unixg.ubc.ca)
+-// in 1996-7 and is entered, by him, into the public domain.
+-
+-#if defined(__WATCOMC__)
+-void GetTSC(unsigned long&);
+-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+-#elif defined(__GNUC__)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- asm volatile(".byte 15, 49\n\t"
+- : "=eax" (tsc)
+- :
+- : "%edx", "%eax");
+-}
+-#elif defined(_MSC_VER)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- unsigned long a;
+- __asm _emit 0fh
+- __asm _emit 31h
+- __asm mov a, eax;
+- tsc=a;
+-}
+-#endif
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <openssl/blowfish.h>
+-
+-void main(int argc,char *argv[])
+- {
+- BF_KEY key;
+- unsigned long s1,s2,e1,e2;
+- unsigned long data[2];
+- int i,j;
+-
+- for (j=0; j<6; j++)
+- {
+- for (i=0; i<1000; i++) /**/
+- {
+- BF_encrypt(&data[0],&key);
+- GetTSC(s1);
+- BF_encrypt(&data[0],&key);
+- BF_encrypt(&data[0],&key);
+- BF_encrypt(&data[0],&key);
+- GetTSC(e1);
+- GetTSC(s2);
+- BF_encrypt(&data[0],&key);
+- BF_encrypt(&data[0],&key);
+- BF_encrypt(&data[0],&key);
+- BF_encrypt(&data[0],&key);
+- GetTSC(e2);
+- BF_encrypt(&data[0],&key);
+- }
+-
+- printf("blowfish %d %d (%d)\n",
+- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+- }
+- }
+-
diff --git a/crypto/bf/build.info b/crypto/bf/build.info
-index b8f9820..37a004e 100644
+index b8f982004ad7..37a004ea5b59 100644
--- a/crypto/bf/build.info
+++ b/crypto/bf/build.info
@@ -1,5 +1,6 @@
@@ -20513,7 +22517,7 @@
DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/crypto/bio/Makefile.in b/crypto/bio/Makefile.in
deleted file mode 100644
-index f57d357..0000000
+index f57d357fa90e..000000000000
--- a/crypto/bio/Makefile.in
+++ /dev/null
@@ -1,55 +0,0 @@
@@ -20573,7 +22577,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
-index eed40bf..3a9a00c 100644
+index eed40bf8b5f4..3a9a00c121ab 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -1,61 +1,16 @@
@@ -20716,13 +22720,15 @@
struct servent se_fallback = { NULL, NULL, NULL, 0 };
#else
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
-index c586b76..a27954f 100644
+index c586b765ee79..a27954fa34fa 100644
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -20770,9 +22776,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -20785,7 +22789,7 @@
/*
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
-index 72a2ee8..545c469 100644
+index 72a2ee849b27..6808cdc6de65 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -1,69 +1,16 @@
@@ -20966,7 +22970,26 @@
break;
case 'c':
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-@@ -437,28 +385,29 @@ fmtstr(char **sbuffer,
+@@ -415,9 +363,15 @@ _dopr(char **sbuffer,
+ break;
+ }
+ }
+- *truncated = (currlen > *maxlen - 1);
+- if (*truncated)
+- currlen = *maxlen - 1;
++ /*
++ * We have to truncate if there is no dynamic buffer and we have filled the
++ * static buffer.
++ */
++ if (buffer == NULL) {
++ *truncated = (currlen > *maxlen - 1);
++ if (*truncated)
++ currlen = *maxlen - 1;
++ }
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+ return 0;
+ *retlen = currlen - 1;
+@@ -437,28 +391,37 @@ fmtstr(char **sbuffer,
if (value == 0)
value = "<NULL>";
@@ -20978,8 +23001,16 @@
padlen = min - strln;
if (min < 0 || padlen < 0)
padlen = 0;
-+ if (max >= 0)
-+ max += padlen; /* The maximum output including padding */
++ if (max >= 0) {
++ /*
++ * Calculate the maximum output including padding.
++ * Make sure max doesn't overflow into negativity
++ */
++ if (max < INT_MAX - padlen)
++ max += padlen;
++ else
++ max = INT_MAX;
++ }
if (flags & DP_F_MINUS)
padlen = -padlen;
@@ -21002,7 +23033,7 @@
if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
++padlen;
-@@ -599,23 +548,28 @@ static int
+@@ -599,23 +562,28 @@ static int
fmtfp(char **sbuffer,
char **buffer,
size_t *currlen,
@@ -21036,7 +23067,7 @@
if (fvalue < 0)
signvalue = '-';
else if (flags & DP_F_PLUS)
-@@ -623,7 +577,73 @@ fmtfp(char **sbuffer,
+@@ -623,7 +591,73 @@ fmtfp(char **sbuffer,
else if (flags & DP_F_SPACE)
signvalue = ' ';
@@ -21111,7 +23142,7 @@
/*
* sorry, we only support 9 digits past the decimal because of our
-@@ -654,16 +674,51 @@ fmtfp(char **sbuffer,
+@@ -654,16 +688,51 @@ fmtfp(char **sbuffer,
iconvert[iplace] = 0;
/* convert fractional part */
@@ -21167,7 +23198,7 @@
zpadlen = max - fplace;
if (zpadlen < 0)
zpadlen = 0;
-@@ -717,6 +772,28 @@ fmtfp(char **sbuffer,
+@@ -717,6 +786,28 @@ fmtfp(char **sbuffer,
return 0;
--zpadlen;
}
@@ -21196,7 +23227,7 @@
while (padlen < 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
-@@ -733,10 +810,10 @@ doapr_outch(char **sbuffer,
+@@ -733,10 +824,10 @@ doapr_outch(char **sbuffer,
char **buffer, size_t *currlen, size_t *maxlen, int c)
{
/* If we haven't at least one buffer, someone has doe a big booboo */
@@ -21209,7 +23240,7 @@
if (buffer && *currlen == *maxlen) {
if (*maxlen > INT_MAX - BUFFER_INC)
-@@ -748,7 +825,7 @@ doapr_outch(char **sbuffer,
+@@ -748,7 +839,7 @@ doapr_outch(char **sbuffer,
if (*buffer == NULL)
return 0;
if (*currlen > 0) {
@@ -21219,7 +23250,7 @@
}
*sbuffer = NULL;
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
-index a2d0100..ac2c2d1 100644
+index a2d0100bb368..ac2c2d161ba8 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -1,58 +1,10 @@
@@ -21331,7 +23362,7 @@
OPENSSL_free(port);
}
diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
-index 9f092fc..726b062 100644
+index 9f092fc0737d..726b0629b372 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -1,55 +1,10 @@
@@ -21409,7 +23440,7 @@
return accepted_sock;
}
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
-index 361d26a..702581e 100644
+index 361d26a5b73d..702581e4cdee 100644
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -1,58 +1,10 @@
@@ -21478,7 +23509,7 @@
#include <stdio.h>
diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
-index d8c90f5..ed25b1f 100644
+index d8c90f58af8c..ed25b1f6c1df 100644
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -1,58 +1,10 @@
@@ -21547,13 +23578,15 @@
#include <stdio.h>
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
-index cefd35f..364d9fb 100644
+index cefd35f9841c..364d9fb5aef2 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -21601,9 +23634,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -21616,13 +23647,15 @@
#include <stdio.h>
diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
-index 162e250..0736b3f 100644
+index 162e250f9baf..0736b3f2fcf2 100644
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -21670,9 +23703,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -21685,7 +23716,7 @@
#include <stdio.h>
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
-index 552b66e..860208b 100644
+index 552b66eca010..860208be3bb9 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -1,58 +1,10 @@
@@ -21754,7 +23785,7 @@
#include <stdio.h>
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
-index 36b9dfe..7553182 100644
+index 36b9dfe62c3d..75531824c33d 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -1,62 +1,11 @@
@@ -21910,7 +23941,7 @@
{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
{ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"},
diff --git a/crypto/bio/bio_lcl.h b/crypto/bio/bio_lcl.h
-index 52c9e79..f5a886c 100644
+index 52c9e79a24c6..f5a886cb7ccf 100644
--- a/crypto/bio/bio_lcl.h
+++ b/crypto/bio/bio_lcl.h
@@ -1,3 +1,12 @@
@@ -21927,13 +23958,15 @@
#include "e_os.h"
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
-index 94c97da..0b111c6 100644
+index 94c97da369d5..0b111c663c3f 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -21981,9 +24014,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -22027,7 +24058,7 @@
return 1;
diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c
-index 88ce8c3..d172047 100644
+index 88ce8c339603..d172047f5577 100644
--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
@@ -1,55 +1,10 @@
@@ -22093,7 +24124,7 @@
#include "bio_lcl.h"
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
-index 8cd66fe..628da9e 100644
+index 8cd66fe1ee07..628da9e6348b 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -1,58 +1,10 @@
@@ -22184,7 +24215,7 @@
break;
case BIO_C_SET_NBIO:
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
-index 2991c3a..394080d 100644
+index 2991c3afedcb..de34f6bf3763 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -1,55 +1,10 @@
@@ -22249,18 +24280,36 @@
*/
/*
-@@ -627,16 +582,15 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+@@ -119,16 +74,13 @@ struct bio_bio_st {
+
+ static int bio_new(BIO *bio)
+ {
+- struct bio_bio_st *b;
++ struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
+
+- b = OPENSSL_malloc(sizeof(*b));
+ if (b == NULL)
+ return 0;
+
+- b->peer = NULL;
+ /* enough for one TLS record (just a default) */
+ b->size = 17 * 1024;
+- b->buf = NULL;
+
+ bio->ptr = b;
+ return 1;
+@@ -627,16 +579,15 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_CTRL_EOF:
- {
- BIO *other_bio = ptr;
--
-- if (other_bio) {
-- struct bio_bio_st *other_b = other_bio->ptr;
+ if (b->peer != NULL) {
+ struct bio_bio_st *peer_b = b->peer->ptr;
+- if (other_bio) {
+- struct bio_bio_st *other_b = other_bio->ptr;
+-
- assert(other_b != NULL);
- ret = other_b->len == 0 && other_b->closed;
- } else
@@ -22274,7 +24323,7 @@
break;
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
-index a4949b3..dfd0988 100644
+index a4949b3d6070..dfd0988dfb49 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -1,58 +1,10 @@
@@ -22352,7 +24401,7 @@
BIO_set_retry_special(b);
c->state = BIO_CONN_S_BLOCKED_CONNECT;
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
-index cf2f9f6..6dfcc9b 100644
+index cf2f9f66b534..6dfcc9ba7b5a 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -1,59 +1,10 @@
@@ -22434,13 +24483,15 @@
static int dgram_read(BIO *h, char *buf, int size);
static int dgram_puts(BIO *h, const char *str);
diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
-index 983e9fe..1e56cb6 100644
+index 983e9fe08c76..1e56cb62df95 100644
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -22488,9 +24539,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -22503,13 +24552,15 @@
#include <stdio.h>
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
-index a37e89d..36099f8 100644
+index a37e89d935b2..36099f8a5dbe 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -22557,9 +24608,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -22609,7 +24658,7 @@
file = fopen(filename, mode);
# endif
diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c
-index c2c8c79..6cbde4d 100644
+index c2c8c79097d1..6cbde4d2fe81 100644
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@@ -1,55 +1,10 @@
@@ -22675,13 +24724,15 @@
/*
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
-index 46bd034..80da3a1 100644
+index 46bd0343d547..80da3a1e0978 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -22729,9 +24780,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -22773,7 +24822,7 @@
static int mem_new(BIO *bi)
diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
-index 29561c7..e5c4adc 100644
+index 29561c7326c0..e5c4adc874f1 100644
--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
@@ -1,58 +1,10 @@
@@ -22842,7 +24891,7 @@
#include <stdio.h>
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
-index c1f76a2..570e898 100644
+index c1f76a24a799..570e8985af57 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -1,58 +1,10 @@
@@ -22925,7 +24974,7 @@
# endif
diff --git a/crypto/blake2/Makefile.in b/crypto/blake2/Makefile.in
deleted file mode 100644
-index ebfaa04..0000000
+index ebfaa045b2e6..000000000000
--- a/crypto/blake2/Makefile.in
+++ /dev/null
@@ -1,41 +0,0 @@
@@ -22971,7 +25020,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/blake2/blake2_impl.h b/crypto/blake2/blake2_impl.h
-index 335a383..8fe5c95 100644
+index 335a38302f01..8fe5c9591505 100644
--- a/crypto/blake2/blake2_impl.h
+++ b/crypto/blake2/blake2_impl.h
@@ -1,16 +1,15 @@
@@ -22996,7 +25045,7 @@
* can be found at https://blake2.net.
*/
diff --git a/crypto/blake2/blake2_locl.h b/crypto/blake2/blake2_locl.h
-index 10334b1..fb7beb9 100644
+index 10334b1622ba..fb7beb976c2f 100644
--- a/crypto/blake2/blake2_locl.h
+++ b/crypto/blake2/blake2_locl.h
@@ -1,16 +1,15 @@
@@ -23021,7 +25070,7 @@
* can be found at https://blake2.net.
*/
diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c
-index 8e92a0a..e77bd9a 100644
+index 8e92a0a8bef6..e77bd9ac16ff 100644
--- a/crypto/blake2/blake2b.c
+++ b/crypto/blake2/blake2b.c
@@ -1,16 +1,15 @@
@@ -23057,7 +25106,7 @@
stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
datalen -= stashlen;
diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c
-index 227fa10..0b3503e 100644
+index 227fa10edc3c..0b3503e4f007 100644
--- a/crypto/blake2/blake2s.c
+++ b/crypto/blake2/blake2s.c
@@ -1,16 +1,15 @@
@@ -23093,7 +25142,7 @@
stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
datalen -= stashlen;
diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c
-index e06bb5b..82c6f6b 100644
+index e06bb5bdb77d..82c6f6bd8044 100644
--- a/crypto/blake2/m_blake2b.c
+++ b/crypto/blake2/m_blake2b.c
@@ -1,16 +1,15 @@
@@ -23127,7 +25176,7 @@
};
diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c
-index 6150e98..467e91a 100644
+index 6150e981f080..467e91a87bdd 100644
--- a/crypto/blake2/m_blake2s.c
+++ b/crypto/blake2/m_blake2s.c
@@ -1,16 +1,15 @@
@@ -23162,7 +25211,7 @@
diff --git a/crypto/bn/Makefile.in b/crypto/bn/Makefile.in
deleted file mode 100644
-index 420eebb..0000000
+index 420eebbc87a2..000000000000
--- a/crypto/bn/Makefile.in
+++ /dev/null
@@ -1,149 +0,0 @@
@@ -23315,8 +25364,261 @@
- $(CC) $(CFLAGS) -c $< -o $@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/bn/README.pod b/crypto/bn/README.pod
+new file mode 100644
+index 000000000000..07e72aa2c5d9
+--- /dev/null
++++ b/crypto/bn/README.pod
+@@ -0,0 +1,247 @@
++=pod
++
++=head1 NAME
++
++bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
++bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
++bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
++bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
++bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
++bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
++bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
++library internal functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/bn.h>
++
++ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
++ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
++ BN_ULONG w);
++ void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
++ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
++ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
++ int num);
++ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
++ int num);
++
++ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
++ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
++ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
++ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
++
++ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
++
++ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
++ int nb);
++ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
++ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
++ int dna,int dnb,BN_ULONG *tmp);
++ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
++ int n, int tna,int tnb, BN_ULONG *tmp);
++ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
++ int n2, BN_ULONG *tmp);
++ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
++ int n2, BN_ULONG *tmp);
++
++ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
++ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
++
++ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
++ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
++ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
++
++ BIGNUM *bn_expand(BIGNUM *a, int bits);
++ BIGNUM *bn_wexpand(BIGNUM *a, int n);
++ BIGNUM *bn_expand2(BIGNUM *a, int n);
++ void bn_fix_top(BIGNUM *a);
++
++ void bn_check_top(BIGNUM *a);
++ void bn_print(BIGNUM *a);
++ void bn_dump(BN_ULONG *d, int n);
++ void bn_set_max(BIGNUM *a);
++ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
++ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
++
++=head1 DESCRIPTION
++
++This page documents the internal functions used by the OpenSSL
++B<BIGNUM> implementation. They are described here to facilitate
++debugging and extending the library. They are I<not> to be used by
++applications.
++
++=head2 The BIGNUM structure
++
++ typedef struct bignum_st BIGNUM;
++
++ struct bignum_st
++ {
++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
++ int top; /* Index of last used d +1. */
++ /* The next are internal book keeping for bn_expand. */
++ int dmax; /* Size of the d array. */
++ int neg; /* one if the number is negative */
++ int flags;
++ };
++
++
++The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
++least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
++in size, depending on the 'number of bits' (B<BITS2>) specified in
++C<openssl/bn.h>.
++
++B<dmax> is the size of the B<d> array that has been allocated. B<top>
++is the number of words being used, so for a value of 4, bn.d[0]=4 and
++bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
++B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
++
++B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
++flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and
++BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
++structure B<b>.
++
++Various routines in this library require the use of temporary
++B<BIGNUM> variables during their execution. Since dynamic memory
++allocation to create B<BIGNUM>s is rather expensive when used in
++conjunction with repeated subroutine calls, the B<BN_CTX> structure is
++used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
++L<BN_CTX_start(3)>.
++
++=head2 Low-level arithmetic operations
++
++These functions are implemented in C and for several platforms in
++assembly language:
++
++bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
++arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
++in B<rp>, and returns the high word (carry).
++
++bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
++word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
++the result in B<rp>, and returns the high word (carry).
++
++bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
++B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
++word-wise, and places the low and high bytes of the result in B<rp>.
++
++bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
++by B<d> and returns the result.
++
++bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
++arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
++result in B<rp>, and returns the high word (carry).
++
++bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
++arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
++result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
++otherwise).
++
++bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
++B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
++result in B<r>.
++
++bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
++B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
++result in B<r>.
++
++bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
++B<b> and the 8 word array B<r>.
++
++bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
++B<b> and the 16 word array B<r>.
++
++The following functions are implemented in C:
++
++bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
++and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
++less than B<b>.
++
++bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
++word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
++array B<r>. It computes B<a>*B<b> and places the result in B<r>.
++
++bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
++arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
++B<a>*B<b> and places the result in B<r>.
++
++bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
++on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
++(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
++word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
++B<a>*B<b> and places the result in B<r>.
++
++bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
++operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
++B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
++
++bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
++B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
++and B<b>.
++
++bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
++B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
++array B<tmp>.
++
++BN_mul() calls bn_mul_normal(), or an optimized implementation if the
++factors have the same size: bn_mul_comba8() is used if they are 8
++words long, bn_mul_recursive() if they are larger than
++B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
++size, and bn_mul_part_recursive() for others that are larger than
++B<BN_MULL_SIZE_NORMAL>.
++
++bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
++B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
++
++The implementations use the following macros which, depending on the
++architecture, may use "long long" C operations or inline assembler.
++They are defined in C<bn_lcl.h>.
++
++mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
++low word of the result in B<r> and the high word in B<c>.
++
++mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
++places the low word of the result in B<r> and the high word in B<c>.
++
++sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
++of the result in B<r0> and the high word in B<r1>.
++
++=head2 Size changes
++
++bn_expand() ensures that B<b> has enough space for a B<bits> bit
++number. bn_wexpand() ensures that B<b> has enough space for an
++B<n> word number. If the number has to be expanded, both macros
++call bn_expand2(), which allocates a new B<d> array and copies the
++data. They return B<NULL> on error, B<b> otherwise.
++
++The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
++significant non-zero word plus one when B<a> has shrunk.
++
++=head2 Debugging
++
++bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
++E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort.
++
++bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
++(in reverse order, i.e. most significant word first) to stderr.
++
++bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
++This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
++B<BIGNUM> that contains the B<n> low or high words of B<a>.
++
++If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
++and bn_set_max() are defined as empty macros.
++
++=head1 SEE ALSO
++
++L<bn(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl
-index 2ac3532..1d68d6d 100644
+index 2ac3532435cf..1d68d6d07215 100644
--- a/crypto/bn/asm/alpha-mont.pl
+++ b/crypto/bn/asm/alpha-mont.pl
@@ -1,4 +1,11 @@
@@ -23333,7 +25635,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
-index 36681ee..0bb5433 100644
+index 36681ee9cfd6..0bb543307590 100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -1,4 +1,11 @@
@@ -23350,7 +25652,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
-index c791502..0dc4fe9 100644
+index c791502e9969..0dc4fe95e439 100644
--- a/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/bn/asm/armv4-mont.pl
@@ -1,4 +1,11 @@
@@ -23367,7 +25669,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
-index f04aab1..5d5af1b 100755
+index f04aab16bc59..5d5af1b6be25 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -1,4 +1,11 @@
@@ -23384,7 +25686,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl
-index 3f34abe..1ca1bbf 100644
+index 3f34abef9e38..1ca1bbf7d4e1 100644
--- a/crypto/bn/asm/bn-586.pl
+++ b/crypto/bn/asm/bn-586.pl
@@ -1,4 +1,11 @@
@@ -23400,8 +25702,23 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
+diff --git a/crypto/bn/asm/bn-c64xplus.asm b/crypto/bn/asm/bn-c64xplus.asm
+index 7b72bff4acda..de6d37728fba 100644
+--- a/crypto/bn/asm/bn-c64xplus.asm
++++ b/crypto/bn/asm/bn-c64xplus.asm
+@@ -1,3 +1,10 @@
++;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
++;;
++;; Licensed under the OpenSSL license (the "License"). You may not use
++;; this file except in compliance with the License. You can obtain a copy
++;; in the file LICENSE in the source distribution or at
++;; https://www.openssl.org/source/license.html
++;;
+ ;;====================================================================
+ ;; Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+ ;; project.
diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl
-index c79f46f..c0e5400 100644
+index c79f46f33310..c0e5400807f5 100644
--- a/crypto/bn/asm/c64xplus-gf2m.pl
+++ b/crypto/bn/asm/c64xplus-gf2m.pl
@@ -1,4 +1,11 @@
@@ -23418,7 +25735,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl
-index ec3ea34..60d0363 100644
+index ec3ea343c840..60d0363660d0 100644
--- a/crypto/bn/asm/co-586.pl
+++ b/crypto/bn/asm/co-586.pl
@@ -1,4 +1,10 @@
@@ -23434,7 +25751,7 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl
-index 710ca3c..5cc5c59 100644
+index 710ca3c1f4c0..5cc5c599f9de 100644
--- a/crypto/bn/asm/ia64-mont.pl
+++ b/crypto/bn/asm/ia64-mont.pl
@@ -1,4 +1,11 @@
@@ -23450,8 +25767,26 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
+index 9e090ab8fda3..2fdf5bbabe15 100644
+--- a/crypto/bn/asm/ia64.S
++++ b/crypto/bn/asm/ia64.S
+@@ -3,6 +3,13 @@
+ .ident "ia64.S, Version 2.1"
+ .ident "IA-64 ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+
++// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
++//
++// Licensed under the OpenSSL license (the "License"). You may not use
++// this file except in compliance with the License. You can obtain a copy
++// in the file LICENSE in the source distribution or at
++// https://www.openssl.org/source/license.html
++
+ //
+ // ====================================================================
+ // Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl
-index 3bccdf6..a907571 100644
+index 3bccdf6931de..a907571bec3f 100644
--- a/crypto/bn/asm/mips-mont.pl
+++ b/crypto/bn/asm/mips-mont.pl
@@ -1,4 +1,11 @@
@@ -23468,7 +25803,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
-index 4c8eba0..e3a38bd 100644
+index 4c8eba0a0527..e3a38bd14013 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -1,4 +1,11 @@
@@ -23484,8 +25819,37 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
+index f3b16290eb04..413eac71237c 100644
+--- a/crypto/bn/asm/pa-risc2.s
++++ b/crypto/bn/asm/pa-risc2.s
+@@ -1,3 +1,9 @@
++; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
++;
++; Licensed under the OpenSSL license (the "License"). You may not use
++; this file except in compliance with the License. You can obtain a copy
++; in the file LICENSE in the source distribution or at
++; https://www.openssl.org/source/license.html
+ ;
+ ; PA-RISC 2.0 implementation of bn_asm code, based on the
+ ; 64-bit version of the code. This code is effectively the
+diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
+index a99545754d18..97381172e727 100644
+--- a/crypto/bn/asm/pa-risc2W.s
++++ b/crypto/bn/asm/pa-risc2W.s
+@@ -1,3 +1,10 @@
++; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++;
++; Licensed under the OpenSSL license (the "License"). You may not use
++; this file except in compliance with the License. You can obtain a copy
++; in the file LICENSE in the source distribution or at
++; https://www.openssl.org/source/license.html
++
+ ;
+ ; PA-RISC 64-bit implementation of bn_asm code
+ ;
diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl
-index aa6c797..8aa94e8 100644
+index aa6c797dcdc0..8aa94e8511c9 100644
--- a/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/bn/asm/parisc-mont.pl
@@ -1,4 +1,11 @@
@@ -23502,7 +25866,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl
-index 6930a3a..5802260 100644
+index 6930a3acebd2..5802260ca680 100644
--- a/crypto/bn/asm/ppc-mont.pl
+++ b/crypto/bn/asm/ppc-mont.pl
@@ -1,4 +1,11 @@
@@ -23519,7 +25883,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl
-index 446d8ba..346e01f 100644
+index 446d8ba9492b..346e01faf5dd 100644
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
@@ -1,5 +1,11 @@
@@ -23536,7 +25900,7 @@
# architectures with single file. We pick up the target based on the
# file name we are asked to generate.
diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl
-index 595fc6d..1e19c95 100644
+index 595fc6d31f60..1e19c958a16f 100644
--- a/crypto/bn/asm/ppc64-mont.pl
+++ b/crypto/bn/asm/ppc64-mont.pl
@@ -1,4 +1,11 @@
@@ -23553,7 +25917,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
-index 712a77f..1b9f85f 100755
+index 712a77fe8ca3..0c1b236ef982 100755
--- a/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/bn/asm/rsaz-avx2.pl
@@ -1,4 +1,11 @@
@@ -23569,8 +25933,17 @@
##############################################################################
# #
+@@ -103,7 +110,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-
+ $addx = ($ver>=3.03);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT = *OUT;
+
+ if ($avx>1) {{{
diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
-index 3290054..0589f42 100755
+index 3290054f2e90..6f3b664f7a89 100755
--- a/crypto/bn/asm/rsaz-x86_64.pl
+++ b/crypto/bn/asm/rsaz-x86_64.pl
@@ -1,4 +1,11 @@
@@ -23586,8 +25959,17 @@
##############################################################################
# #
+@@ -95,7 +102,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl
-index 1d76c9f..cbd16f4 100644
+index 1d76c9f416c3..cbd16f42145b 100644
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/bn/asm/s390x-gf2m.pl
@@ -1,4 +1,11 @@
@@ -23604,7 +25986,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl
-index bdad486..2205bc2 100644
+index bdad486e4f47..2205bc2ca043 100644
--- a/crypto/bn/asm/s390x-mont.pl
+++ b/crypto/bn/asm/s390x-mont.pl
@@ -1,4 +1,11 @@
@@ -23620,8 +26002,29 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
+index f5eebe413a28..292a7a9998bd 100755
+--- a/crypto/bn/asm/s390x.S
++++ b/crypto/bn/asm/s390x.S
+@@ -1,11 +1,11 @@
+ .ident "s390x.S, version 1.1"
+ // ====================================================================
+-// Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+-// project.
++// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ //
+-// Rights for redistribution and usage in source and binary forms are
+-// granted according to the OpenSSL license. Warranty of any kind is
+-// disclaimed.
++// Licensed under the OpenSSL license (the "License"). You may not use
++// this file except in compliance with the License. You can obtain a copy
++// in the file LICENSE in the source distribution or at
++// https://www.openssl.org/source/license.html
+ // ====================================================================
+
+ .text
diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl
-index 7ec83c2..4faf66f 100755
+index 7ec83c2c9c22..4faf66f10a52 100755
--- a/crypto/bn/asm/sparct4-mont.pl
+++ b/crypto/bn/asm/sparct4-mont.pl
@@ -1,4 +1,11 @@
@@ -23637,8 +26040,52 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
+diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S
+index 88c5dc480a76..9c31073b2430 100644
+--- a/crypto/bn/asm/sparcv8.S
++++ b/crypto/bn/asm/sparcv8.S
+@@ -3,12 +3,12 @@
+
+ /*
+ * ====================================================================
+- * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+- * project.
++ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+- * Rights for redistribution and usage in source and binary forms are
+- * granted according to the OpenSSL license. Warranty of any kind is
+- * disclaimed.
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
+ * ====================================================================
+ */
+
+diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S
+index 915a4e781a54..e77e67aa5720 100644
+--- a/crypto/bn/asm/sparcv8plus.S
++++ b/crypto/bn/asm/sparcv8plus.S
+@@ -3,12 +3,12 @@
+
+ /*
+ * ====================================================================
+- * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+- * project.
++ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+- * Rights for redistribution and usage in source and binary forms are
+- * granted according to the OpenSSL license. Warranty of any kind is
+- * disclaimed.
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
+ * ====================================================================
+ */
+
diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl
-index c7bf9f2..dcf11a8 100644
+index c7bf9f228bda..dcf11a87a18e 100644
--- a/crypto/bn/asm/sparcv9-gf2m.pl
+++ b/crypto/bn/asm/sparcv9-gf2m.pl
@@ -1,4 +1,11 @@
@@ -23655,7 +26102,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
-index 4f922c3..771cd96 100644
+index 4f922c3110e1..771cd96141c3 100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
@@ -1,4 +1,11 @@
@@ -23672,7 +26119,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/sparcv9a-mont.pl b/crypto/bn/asm/sparcv9a-mont.pl
-index 7a4782e..902c0d3 100755
+index 7a4782e78764..902c0d3ad266 100755
--- a/crypto/bn/asm/sparcv9a-mont.pl
+++ b/crypto/bn/asm/sparcv9a-mont.pl
@@ -1,4 +1,11 @@
@@ -23689,7 +26136,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl
-index 8cf4dde..9f81bc8 100644
+index 8cf4dde4d5a1..9f81bc822e8a 100644
--- a/crypto/bn/asm/via-mont.pl
+++ b/crypto/bn/asm/via-mont.pl
@@ -1,4 +1,11 @@
@@ -23706,7 +26153,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl
-index 7b953a2..64dba44 100644
+index 7b953a2be040..64dba4480fbe 100644
--- a/crypto/bn/asm/vis3-mont.pl
+++ b/crypto/bn/asm/vis3-mont.pl
@@ -1,4 +1,11 @@
@@ -23724,7 +26171,7 @@
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/vms.mar b/crypto/bn/asm/vms.mar
deleted file mode 100644
-index aefab15..0000000
+index aefab15cdb29..000000000000
--- a/crypto/bn/asm/vms.mar
+++ /dev/null
@@ -1,6440 +0,0 @@
@@ -30169,7 +32616,7 @@
-; For now, the code below doesn't work, so I end this prematurely.
-.end
diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl
-index 0292178..f464368 100644
+index 0292178d2488..f4643687332f 100644
--- a/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/bn/asm/x86-gf2m.pl
@@ -1,4 +1,11 @@
@@ -30186,7 +32633,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl
-index 7c4e0b2..9994b0b 100755
+index 7c4e0b2ee373..9994b0bf9652 100755
--- a/crypto/bn/asm/x86-mont.pl
+++ b/crypto/bn/asm/x86-mont.pl
@@ -1,4 +1,11 @@
@@ -30203,7 +32650,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/bn/asm/x86.pl b/crypto/bn/asm/x86.pl
-index c1cab72..d57571d 100644
+index c1cab72716c0..d57571db5d09 100644
--- a/crypto/bn/asm/x86.pl
+++ b/crypto/bn/asm/x86.pl
@@ -1,4 +1,10 @@
@@ -30219,7 +32666,7 @@
push(@INC,"perlasm","../../perlasm");
require "x86asm.pl";
diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
-index d77dc43..d46109a 100644
+index d77dc433d405..d46109a8c200 100644
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -1,3 +1,12 @@
@@ -30236,7 +32683,7 @@
#if !(defined(__GNUC__) && __GNUC__>=2)
# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
-index 42bbec2..7842311 100644
+index 42bbec2fb7ef..d962f62033ca 100644
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
@@ -1,4 +1,11 @@
@@ -30252,8 +32699,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -31,7 +38,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ ($lo,$hi)=("%rax","%rdx"); $a=$lo;
diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
-index 3e0a78e..d44cfae 100755
+index 3e0a78e41fa8..3a2511f7f287 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1,4 +1,11 @@
@@ -30269,8 +32725,17 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -50,7 +57,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
-index aa6a5d1..7a7a2e6 100755
+index aa6a5d1d0e53..2a7972d61086 100755
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -1,4 +1,11 @@
@@ -30286,8 +32751,17 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -35,7 +42,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
-index 3e7d86b..d44e8f7 100644
+index 3e7d86b2dd57..d44e8f7d899d 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -1,58 +1,10 @@
@@ -30356,13 +32830,15 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
-index 4c67d28..39c6c21 100644
+index 4c67d2809257..39c6c2134b34 100644
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -30410,9 +32886,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -30425,7 +32899,7 @@
#include <assert.h>
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
-index 81b895c..24d1383 100644
+index 81b895ce379f..24d138309d47 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -1,116 +1,14 @@
@@ -30552,7 +33026,7 @@
#define BN_BLINDING_COUNTER 32
diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c
-index 881b4cc..39dd612 100644
+index 881b4cc915b5..39dd61202ad7 100644
--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
@@ -1,4 +1,11 @@
@@ -30569,7 +33043,7 @@
#include <openssl/bn.h>
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
-index 700234b..68c0468 100644
+index 700234be6f69..68c04687437f 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -1,56 +1,10 @@
@@ -30636,7 +33110,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
-index debed8d..de54d5e 100644
+index debed8dc83e8..de54d5e8cb38 100644
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@@ -1,55 +1,10 @@
@@ -30702,7 +33176,7 @@
/*
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
-index ad4a16e..17d0559 100644
+index ad4a16eabe88..17d05597b3fc 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -1,59 +1,10 @@
@@ -30771,7 +33245,7 @@
#include "bn_lcl.h"
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
-index 486a31d..eef1b87 100644
+index 486a31d79a88..eef1b878c810 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -1,58 +1,10 @@
@@ -30867,7 +33341,7 @@
}
bn_correct_top(snum);
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
-index 7412859..a71b265 100644
+index 7412859edf34..a71b265de251 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -1,61 +1,11 @@
@@ -30959,7 +33433,7 @@
{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
-index c5e579c..d334cf7 100644
+index c5e579c77cf4..d334cf705bb3 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1,111 +1,10 @@
@@ -31096,7 +33570,7 @@
if (bn_wexpand(b, top) == NULL)
diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
-index f836158..5141c21 100644
+index f83615805a8e..5141c21f6d6b 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -1,111 +1,10 @@
@@ -31218,7 +33692,7 @@
#include <stdio.h>
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
-index a6e909d..1039e76 100644
+index a6e909d870a4..1039e7630f63 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -1,111 +1,10 @@
@@ -31340,7 +33814,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
-index 84837a0..003c15b 100644
+index 84837a0f579e..003c15b0edd5 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -1,3 +1,12 @@
@@ -31443,7 +33917,7 @@
#include <assert.h>
diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c
-index abc8fc4..9227b6e 100644
+index abc8fc45a178..9227b6e24159 100644
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
@@ -1,55 +1,10 @@
@@ -31509,7 +33983,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
-index 4477bec..b9bc6cc 100644
+index 4477bec5ee48..b9bc6cca27fe 100644
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@@ -1,55 +1,10 @@
@@ -31575,7 +34049,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
-index 412740d..ebf17b0 100644
+index 412740d4ba00..ebf17b068d7d 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -1,111 +1,10 @@
@@ -31697,13 +34171,15 @@
#ifndef HEADER_BN_LCL_H
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
-index 4b37906..ccdefb3 100644
+index 4b37906319fc..ccdefb354f4f 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -31751,9 +34227,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -31792,7 +34266,7 @@
}
bn_pollute(a);
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
-index 99789b9..13b583f 100644
+index 99789b944ad2..13b583f76c9f 100644
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
@@ -1,115 +1,10 @@
@@ -31802,7 +34276,8 @@
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -31903,8 +34378,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -31917,7 +34391,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
-index dfa395a..6d37279 100644
+index dfa395afd667..6d37279a5ea0 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -1,111 +1,10 @@
@@ -32039,7 +34513,7 @@
/*
diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
-index 80d105d..043e21d 100644
+index 80d105dd5531..043e21d26a38 100644
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -1,58 +1,10 @@
@@ -32166,13 +34640,15 @@
+ return a;
}
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
-index 0d2a743..66139ed 100644
+index 0d2a743cc7cd..66139edf513c 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -32220,9 +34696,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -32235,7 +34709,7 @@
#include <assert.h>
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
-index 35d0eef..53598f9 100644
+index 35d0eef37b5a..53598f97eff5 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -1,58 +1,10 @@
@@ -32303,7 +34777,7 @@
#include "bn_lcl.h"
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
-index a5887d9..bdfa558 100644
+index a5887d96a853..bdfa558a7e6e 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -1,111 +1,12 @@
@@ -32448,7 +34922,7 @@
if (ctx == NULL)
goto err;
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
-index 6f6949c..41440fa 100644
+index 6f6949cd7a86..41440fa4e19c 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -1,59 +1,13 @@
@@ -32520,7 +34994,7 @@
typedef unsigned short prime_t;
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
-index 3a5f064..163d4a9 100644
+index 3a5f064faa61..163d4a9d306f 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -1,62 +1,22 @@
@@ -32602,7 +35076,7 @@
EOF
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
-index 0c3b214..78589db 100644
+index 0c3b214f12a8..78589dba5bdb 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -1,58 +1,10 @@
@@ -32705,7 +35179,7 @@
num = i + neg;
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
-index ce4a0e1..9c0a4ee 100644
+index ce4a0e17d796..9c0a4eef06fe 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -1,111 +1,10 @@
@@ -32843,13 +35317,15 @@
if (pseudorand == 2) {
/*
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
-index ef15c8f..e532b6e 100644
+index ef15c8f170b4..e532b6e668c1 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -32897,9 +35373,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -32912,7 +35386,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
-index 4c85275..9907b82 100644
+index 4c8527583bb2..9907b82fa2eb 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -1,58 +1,10 @@
@@ -32981,13 +35455,15 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
-index 389b7cf..a62bb1a 100644
+index 389b7cfab4ee..a62bb1a58480 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -33035,9 +35511,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -33050,7 +35524,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
-index 7ae7536..84376c7 100644
+index 7ae7536d67a6..84376c78e5ba 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -1,59 +1,10 @@
@@ -33119,7 +35593,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c
-index a1e438c..58b1691 100644
+index a1e438c71a7b..58b1691eee77 100644
--- a/crypto/bn/bn_srp.c
+++ b/crypto/bn/bn_srp.c
@@ -1,3 +1,12 @@
@@ -33136,7 +35610,7 @@
#include "e_os.h"
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
-index 718777b..fd28298 100644
+index 718777b5b839..a34244c4aded 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -1,58 +1,10 @@
@@ -33204,8 +35678,41 @@
*/
#include "internal/cryptlib.h"
+@@ -70,10 +22,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+ if (w == 0)
+ return (BN_ULONG)-1;
+
++#ifndef BN_LLONG
++ /*
++ * If |w| is too long and we don't have BN_ULLONG then we need to fall
++ * back to using BN_div_word
++ */
++ if (w > ((BN_ULONG)1 << BN_BITS4)) {
++ BIGNUM *tmp = BN_dup(a);
++ if (tmp == NULL)
++ return (BN_ULONG)-1;
++
++ ret = BN_div_word(tmp, w);
++ BN_free(tmp);
++
++ return ret;
++ }
++#endif
++
+ bn_check_top(a);
+ w &= BN_MASK2;
+ for (i = a->top - 1; i >= 0; i--) {
+ #ifndef BN_LLONG
++ /*
++ * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
++ * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
++ * safe and will not overflow
++ */
+ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
+ ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
+ #else
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
-index 3c74fd5..83170d4 100644
+index 3c74fd57b90d..83170d49196c 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -1,59 +1,10 @@
@@ -33274,7 +35781,7 @@
#include <stdio.h>
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
-index 83a5b81..edceb73 100644
+index 83a5b81219ed..edceb73c66a4 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -7,7 +7,7 @@ SOURCE[../../libcrypto]=\
@@ -33296,7 +35803,7 @@
GENERATE[armv4-mont.S]=asm/armv4-mont.pl $(PERLASM_SCHEME)
INCLUDE[armv4-mont.o]=..
diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c
-index d85e612..3398cce 100644
+index d85e612bf7b4..1a70f6caded2 100644
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
@@ -1,3 +1,12 @@
@@ -33312,8 +35819,17 @@
/*****************************************************************************
* *
* Copyright (c) 2012, Intel Corporation *
+@@ -244,7 +253,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
+
+ rsaz_1024_sqr_avx2(result, result, m, k0, 5);
+
+- wvalue = *((unsigned short *)&p_str[index / 8]);
++ wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
+ wvalue = (wvalue >> (index % 8)) & 31;
+ index -= 5;
+
diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
-index 229e181..9501cc8 100644
+index 229e181f67b5..9501cc8089e9 100644
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -1,3 +1,12 @@
@@ -33331,7 +35847,7 @@
* Copyright (c) 2012, Intel Corporation *
diff --git a/crypto/bn/vms-helper.c b/crypto/bn/vms-helper.c
deleted file mode 100644
-index cb519c4..0000000
+index cb519c4ecabc..000000000000
--- a/crypto/bn/vms-helper.c
+++ /dev/null
@@ -1,67 +0,0 @@
@@ -33404,7 +35920,7 @@
-}
diff --git a/crypto/buffer/Makefile.in b/crypto/buffer/Makefile.in
deleted file mode 100644
-index 97e1094..0000000
+index 97e1094ddb7e..000000000000
--- a/crypto/buffer/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -33452,7 +35968,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
-index 0fb9d4f..b7679ae 100644
+index 0fb9d4fcea37..b7679ae06448 100644
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
@@ -1,61 +1,11 @@
@@ -33525,13 +36041,15 @@
#include <stdio.h>
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
-index a16f3bd..7caa215 100644
+index a16f3bd34263..7caa2150924a 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -33579,9 +36097,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -33614,7 +36130,7 @@
return (len);
}
diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl
-index 2feb4e3..9efe120 100644
+index 2feb4e31f45a..9efe1205fff4 100644
--- a/crypto/c64xpluscpuid.pl
+++ b/crypto/c64xpluscpuid.pl
@@ -1,5 +1,10 @@
@@ -33637,7 +36153,7 @@
.asg OPENSSL_atomic_add,_OPENSSL_atomic_add
.asg OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu
.asg OPENSSL_instrument_bus,_OPENSSL_instrument_bus
-@@ -82,6 +88,29 @@ _OPENSSL_cleanse:
+@@ -82,6 +88,29 @@ $code.=<<___;
[A1] STB A2,*A4++[2]
.endasmfunc
@@ -33669,7 +36185,7 @@
.asmfunc
diff --git a/crypto/camellia/Makefile.in b/crypto/camellia/Makefile.in
deleted file mode 100644
-index 5a806e2..0000000
+index 5a806e26fd53..000000000000
--- a/crypto/camellia/Makefile.in
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -33731,7 +36247,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl
-index de354aa..59f9ed9 100644
+index de354aa2e544..59f9ed9141b0 100644
--- a/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/camellia/asm/cmll-x86.pl
@@ -1,4 +1,11 @@
@@ -33748,7 +36264,7 @@
# ====================================================================
# Copyright (c) 2008 Andy Polyakov <appro at openssl.org>
diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl
-index d94f46b..86ea9e7 100644
+index d94f46b887e5..da5ad7b7e0e7 100644
--- a/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/camellia/asm/cmll-x86_64.pl
@@ -1,4 +1,11 @@
@@ -33764,8 +36280,17 @@
# ====================================================================
# Copyright (c) 2008 Andy Polyakov <appro at openssl.org>
+@@ -40,7 +47,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl
-index fac5362..ffe4a7d 100644
+index fac53623a7bc..ffe4a7d91cbc 100644
--- a/crypto/camellia/asm/cmllt4-sparcv9.pl
+++ b/crypto/camellia/asm/cmllt4-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -33782,7 +36307,7 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
diff --git a/crypto/camellia/build.info b/crypto/camellia/build.info
-index 152e0a4..fd78272 100644
+index 152e0a455a0c..fd782724f069 100644
--- a/crypto/camellia/build.info
+++ b/crypto/camellia/build.info
@@ -8,4 +8,4 @@ DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
@@ -33792,7 +36317,7 @@
-DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9-modes.pl
+DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl
diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c
-index 68651b6..f65bedb 100644
+index 68651b61b8b1..f65bedb936fd 100644
--- a/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
@@ -1,3 +1,12 @@
@@ -33809,7 +36334,7 @@
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
* ALL RIGHTS RESERVED.
diff --git a/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c
-index 742af6d..b19171d 100644
+index 742af6d679f0..b19171ded26b 100644
--- a/crypto/camellia/cmll_cbc.c
+++ b/crypto/camellia/cmll_cbc.c
@@ -1,51 +1,10 @@
@@ -33871,13 +36396,15 @@
#include <openssl/camellia.h>
diff --git a/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c
-index 8f9f8a6..4f49ead 100644
+index 8f9f8a6fd1b4..4f49eaded66c 100644
--- a/crypto/camellia/cmll_cfb.c
+++ b/crypto/camellia/cmll_cfb.c
@@ -1,107 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -33974,9 +36501,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -33989,7 +36514,7 @@
#include <openssl/camellia.h>
diff --git a/crypto/camellia/cmll_ctr.c b/crypto/camellia/cmll_ctr.c
-index b891a04..161d1e1 100644
+index b891a0445698..161d1e18c136 100644
--- a/crypto/camellia/cmll_ctr.c
+++ b/crypto/camellia/cmll_ctr.c
@@ -1,51 +1,10 @@
@@ -34051,7 +36576,7 @@
#include <openssl/camellia.h>
diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c
-index 4edaa6d..d932f1b 100644
+index 4edaa6d7a9f5..d932f1b37517 100644
--- a/crypto/camellia/cmll_ecb.c
+++ b/crypto/camellia/cmll_ecb.c
@@ -1,51 +1,10 @@
@@ -34113,7 +36638,7 @@
#include <openssl/camellia.h>
diff --git a/crypto/camellia/cmll_locl.h b/crypto/camellia/cmll_locl.h
-index 0cbcba2..4b3c86c 100644
+index 0cbcba29d330..4b3c86c82179 100644
--- a/crypto/camellia/cmll_locl.h
+++ b/crypto/camellia/cmll_locl.h
@@ -1,3 +1,12 @@
@@ -34130,7 +36655,7 @@
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
* ALL RIGHTS RESERVED.
diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c
-index ba93702..e5f014b 100644
+index ba9370252dc9..e5f014b79cbc 100644
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
@@ -1,51 +1,10 @@
@@ -34192,13 +36717,15 @@
#include <openssl/opensslv.h>
diff --git a/crypto/camellia/cmll_ofb.c b/crypto/camellia/cmll_ofb.c
-index 8d004b9..b43c685 100644
+index 8d004b939323..b43c685c751f 100644
--- a/crypto/camellia/cmll_ofb.c
+++ b/crypto/camellia/cmll_ofb.c
@@ -1,107 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -34295,9 +36822,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -34311,7 +36836,7 @@
#include <openssl/camellia.h>
diff --git a/crypto/cast/Makefile.in b/crypto/cast/Makefile.in
deleted file mode 100644
-index 218c480..0000000
+index 218c480d1a2c..000000000000
--- a/crypto/cast/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -34367,7 +36892,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl
-index 267d699..6beb9c5 100644
+index 267d69976d2c..6beb9c5f2550 100644
--- a/crypto/cast/asm/cast-586.pl
+++ b/crypto/cast/asm/cast-586.pl
@@ -1,4 +1,11 @@
@@ -34384,13 +36909,15 @@
# This flag makes the inner loop one cycle longer, but generates
# code that runs %30 faster on the pentium pro/II, 44% faster
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
-index 32641b5..bd7cb2f 100644
+index 32641b5a22c0..bd7cb2f46843 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -34438,9 +36965,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -34453,7 +36978,7 @@
#include <openssl/cast.h>
diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
-index 1e736f0..da41794 100644
+index 1e736f0664d9..da4179438f1d 100644
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
@@ -1,58 +1,10 @@
@@ -34522,7 +37047,7 @@
#include <openssl/cast.h>
diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c
-index 8fe3b26..9a85812 100644
+index 8fe3b26f9bee..9a858125919c 100644
--- a/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
@@ -1,58 +1,10 @@
@@ -34591,13 +37116,15 @@
#include <openssl/cast.h>
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
-index c7b4259..dffb074 100644
+index c7b42591d04f..dffb074762c2 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -34645,9 +37172,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -34660,7 +37185,7 @@
#include <openssl/cast.h>
diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c
-index 5ce379b..962d2a6 100644
+index 5ce379b6a3fc..962d2a60b4c5 100644
--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
@@ -1,58 +1,10 @@
@@ -34729,7 +37254,7 @@
#include <openssl/cast.h>
diff --git a/crypto/cast/cast_lcl.h b/crypto/cast/cast_lcl.h
-index 4a3c603..504232a 100644
+index 4a3c603507e4..504232a1a910 100644
--- a/crypto/cast/cast_lcl.h
+++ b/crypto/cast/cast_lcl.h
@@ -1,58 +1,10 @@
@@ -34798,7 +37323,7 @@
#include "e_os.h"
diff --git a/crypto/cast/cast_s.h b/crypto/cast/cast_s.h
-index 6eb0542..d9fd6ac 100644
+index 6eb0542d6833..d9fd6ac416e7 100644
--- a/crypto/cast/cast_s.h
+++ b/crypto/cast/cast_s.h
@@ -1,59 +1,12 @@
@@ -34868,9 +37393,85 @@
OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+diff --git a/crypto/cast/casts.cpp b/crypto/cast/casts.cpp
+deleted file mode 100644
+index 8d7bd468d229..000000000000
+--- a/crypto/cast/casts.cpp
++++ /dev/null
+@@ -1,70 +0,0 @@
+-//
+-// gettsc.inl
+-//
+-// gives access to the Pentium's (secret) cycle counter
+-//
+-// This software was written by Leonard Janke (janke at unixg.ubc.ca)
+-// in 1996-7 and is entered, by him, into the public domain.
+-
+-#if defined(__WATCOMC__)
+-void GetTSC(unsigned long&);
+-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+-#elif defined(__GNUC__)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- asm volatile(".byte 15, 49\n\t"
+- : "=eax" (tsc)
+- :
+- : "%edx", "%eax");
+-}
+-#elif defined(_MSC_VER)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- unsigned long a;
+- __asm _emit 0fh
+- __asm _emit 31h
+- __asm mov a, eax;
+- tsc=a;
+-}
+-#endif
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <openssl/cast.h>
+-
+-void main(int argc,char *argv[])
+- {
+- CAST_KEY key;
+- unsigned long s1,s2,e1,e2;
+- unsigned long data[2];
+- int i,j;
+- static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+-
+- CAST_set_key(&key, 16,d);
+-
+- for (j=0; j<6; j++)
+- {
+- for (i=0; i<1000; i++) /**/
+- {
+- CAST_encrypt(&data[0],&key);
+- GetTSC(s1);
+- CAST_encrypt(&data[0],&key);
+- CAST_encrypt(&data[0],&key);
+- CAST_encrypt(&data[0],&key);
+- GetTSC(e1);
+- GetTSC(s2);
+- CAST_encrypt(&data[0],&key);
+- CAST_encrypt(&data[0],&key);
+- CAST_encrypt(&data[0],&key);
+- CAST_encrypt(&data[0],&key);
+- GetTSC(e2);
+- CAST_encrypt(&data[0],&key);
+- }
+-
+- printf("cast %d %d (%d)\n",
+- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+- }
+- }
+-
diff --git a/crypto/chacha/Makefile.in b/crypto/chacha/Makefile.in
deleted file mode 100644
-index 067fbed..0000000
+index 067fbed428b5..000000000000
--- a/crypto/chacha/Makefile.in
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -34932,7 +37533,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl
-index c908399..5b3e7be 100755
+index c9083998349c..5b3e7be78108 100755
--- a/crypto/chacha/asm/chacha-armv4.pl
+++ b/crypto/chacha/asm/chacha-armv4.pl
@@ -1,4 +1,11 @@
@@ -34949,7 +37550,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl
-index 16cb1fa..03e8616 100755
+index 16cb1fad3494..03e8616a035f 100755
--- a/crypto/chacha/asm/chacha-armv8.pl
+++ b/crypto/chacha/asm/chacha-armv8.pl
@@ -1,4 +1,11 @@
@@ -34966,7 +37567,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/chacha/asm/chacha-c64xplus.pl b/crypto/chacha/asm/chacha-c64xplus.pl
-index b2ea406..bdb3804 100755
+index b2ea40666f0a..bdb380442c4a 100755
--- a/crypto/chacha/asm/chacha-c64xplus.pl
+++ b/crypto/chacha/asm/chacha-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -34983,7 +37584,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl
-index 2bb3fce..b978f58 100755
+index 2bb3fce8ed97..b978f58c7efc 100755
--- a/crypto/chacha/asm/chacha-ppc.pl
+++ b/crypto/chacha/asm/chacha-ppc.pl
@@ -1,4 +1,11 @@
@@ -35013,7 +37614,7 @@
b Loop_outer_vmx
diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl
-index 42faadc..c7a2692 100755
+index 42faadcd7f57..c31526473dba 100755
--- a/crypto/chacha/asm/chacha-s390x.pl
+++ b/crypto/chacha/asm/chacha-s390x.pl
@@ -1,4 +1,11 @@
@@ -35029,8 +37630,26 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -140,7 +147,8 @@ $code.=<<___;
+ .type ChaCha20_ctr32,\@function
+ .align 32
+ ChaCha20_ctr32:
+- cl${g}ije $len,0,.Lno_data # $len==0?
++ lt${g}r $len,$len # $len==0?
++ bzr %r14
+ a${g}hi $len,-64
+ l${g}hi %r1,-$frame
+ stm${g} %r6,%r15,`6*$SIZE_T`($sp)
+@@ -272,7 +280,6 @@ $code.=<<___;
+ stmg %r0,%r3,$stdframe+4*12($sp)
+
+ lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
+-.Lno_data:
+ br %r14
+
+ .align 16
diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl
-index 8b9696f..3c6e67d 100755
+index 8b9696ff0252..3c6e67d9c873 100755
--- a/crypto/chacha/asm/chacha-x86.pl
+++ b/crypto/chacha/asm/chacha-x86.pl
@@ -1,4 +1,11 @@
@@ -35067,7 +37686,7 @@
my ($out,$inp,$len)=("edi","esi","ecx");
diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
-index 4b36b58..8d46522 100755
+index 4b36b5825c45..4b1750cd5dea 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -1,4 +1,11 @@
@@ -35083,8 +37702,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ # input parameter block
diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c
-index 281a9be..13720d0 100644
+index 281a9be8a808..239f68ab825e 100644
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
@@ -1,50 +1,10 @@
@@ -35144,9 +37772,25 @@
*/
/* Adapted from the public domain code by D. Bernstein from SUPERCOP. */
+@@ -150,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+ inp += todo;
+ len -= todo;
+
+- /* advance counter */
+- if (++input[12] == 0)
+- input[13]++;
++ /*
++ * Advance 32-bit counter. Note that as subroutine is so to
++ * say nonce-agnostic, this limited counter width doesn't
++ * prevent caller from implementing wider counter. It would
++ * simply take two calls split on counter overflow...
++ */
++ input[12]++;
+ }
+ }
diff --git a/crypto/cmac/Makefile.in b/crypto/cmac/Makefile.in
deleted file mode 100644
-index 1d6f0bd..0000000
+index 1d6f0bd52caf..000000000000
--- a/crypto/cmac/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -35194,7 +37838,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
-index d9a550e..a58454a 100644
+index d9a550e72b68..a58454a089c6 100644
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
@@ -1,54 +1,10 @@
@@ -35204,7 +37848,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35235,8 +37880,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35258,7 +37902,7 @@
#include <stdio.h>
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
-index f00a32e..10748f1 100644
+index f00a32eb2f3a..10748f148859 100644
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
@@ -1,54 +1,10 @@
@@ -35268,7 +37912,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35299,8 +37944,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35322,7 +37966,7 @@
#include <stdio.h>
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
-index cb30e6d..c4f13a0 100644
+index cb30e6d5be8b..c4f13a069f32 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -1,54 +1,10 @@
@@ -35332,7 +37976,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35363,8 +38008,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35387,7 +38031,7 @@
#include <stdio.h>
diff --git a/crypto/cms/Makefile.in b/crypto/cms/Makefile.in
deleted file mode 100644
-index 19a50b2..0000000
+index 19a50b21e79b..000000000000
--- a/crypto/cms/Makefile.in
+++ /dev/null
@@ -1,49 +0,0 @@
@@ -35441,7 +38085,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
-index d839935..81e9a53 100644
+index d83993584ca1..81e9a53069af 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,54 +1,10 @@
@@ -35451,7 +38095,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35482,8 +38127,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35505,7 +38149,7 @@
#include <openssl/asn1t.h>
diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
-index 834a254..5c560b4 100644
+index 834a254f5da4..5c560b451c67 100644
--- a/crypto/cms/cms_att.c
+++ b/crypto/cms/cms_att.c
@@ -1,54 +1,10 @@
@@ -35515,7 +38159,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35546,8 +38191,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35569,7 +38213,7 @@
#include <openssl/asn1t.h>
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
-index 9e12078..c0cb368 100644
+index 9e120780ff09..c0cb368d0fd1 100644
--- a/crypto/cms/cms_cd.c
+++ b/crypto/cms/cms_cd.c
@@ -1,54 +1,10 @@
@@ -35579,7 +38223,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35610,8 +38255,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35633,7 +38277,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
-index 54444b1..5da6802 100644
+index 54444b1b65c7..5da6802fcd5e 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -1,54 +1,10 @@
@@ -35643,7 +38287,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35674,8 +38319,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35697,7 +38341,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
-index 23adc2f..ed91342 100644
+index 23adc2ffdabd..ed913426bc91 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -1,54 +1,10 @@
@@ -35707,7 +38351,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35729,8 +38374,7 @@
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
@@ -35783,7 +38427,7 @@
ok = 1;
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index c54667f..111b2aa 100644
+index c54667f5df50..111b2aa5735f 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -1,54 +1,10 @@
@@ -35793,7 +38437,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35824,8 +38469,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35847,7 +38491,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
-index 8d43bb1..cfda019 100644
+index 8d43bb1ff5e2..cfda0190c244 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -1,61 +1,11 @@
@@ -35928,7 +38572,7 @@
{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
"error reading messagedigest attribute"},
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
-index 353ec0e..4780231 100644
+index 353ec0e858fb..4780231c22bb 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -1,54 +1,10 @@
@@ -35938,7 +38582,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -35969,8 +38614,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -35992,7 +38636,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
-index bac583e..d18f980 100644
+index bac583e3ba95..d18f980a9732 100644
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@@ -1,54 +1,10 @@
@@ -36002,7 +38646,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36033,8 +38678,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -36056,7 +38700,7 @@
#include <openssl/asn1t.h>
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
-index 562b1e5..8f44c81 100644
+index 562b1e506c76..8f44c815c961 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -1,54 +1,10 @@
@@ -36066,7 +38710,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36097,8 +38742,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -36120,7 +38764,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
-index 7f04f20..d0c0e81 100644
+index 7f04f20c70c9..d0c0e81363ba 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -1,54 +1,10 @@
@@ -36130,7 +38774,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36161,8 +38806,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -36184,7 +38828,7 @@
#ifndef HEADER_CMS_LCL_H
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
-index a0a1adb..53eade3 100644
+index a0a1adb38adf..53eade31417b 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -1,54 +1,10 @@
@@ -36194,7 +38838,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36225,8 +38870,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -36248,7 +38892,7 @@
#include <openssl/asn1t.h>
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
-index 5ab20e2..0571bb8 100644
+index 5ab20e2bfad0..0571bb8026a5 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -1,54 +1,10 @@
@@ -36258,7 +38902,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2009 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36284,8 +38929,7 @@
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
-+ * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
@@ -36345,7 +38989,7 @@
if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
-index 151f40f..6c3db3b 100644
+index 151f40f9a54f..6c3db3b425ba 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -1,54 +1,10 @@
@@ -36355,7 +38999,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36372,8 +39017,7 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -36418,7 +39062,7 @@
if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
-index 98054b3..4a8f819 100644
+index 98054b36b541..4a8f819f24dd 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,54 +1,10 @@
@@ -36428,7 +39072,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -36459,8 +39104,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -36483,7 +39127,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/comp/Makefile.in b/crypto/comp/Makefile.in
deleted file mode 100644
-index 0673d46..0000000
+index 0673d469d978..000000000000
--- a/crypto/comp/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -36534,7 +39178,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
-index 6dd7684..2f38c2e 100644
+index 6dd76846c5d7..2f38c2e94cef 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -1,55 +1,10 @@
@@ -36600,7 +39244,7 @@
#include <stdio.h>
diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
-index 96f2a99..0233e94 100644
+index 96f2a9971bbc..0233e940f637 100644
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
@@ -1,61 +1,11 @@
@@ -36673,7 +39317,7 @@
#include <stdio.h>
diff --git a/crypto/comp/comp_lcl.h b/crypto/comp/comp_lcl.h
-index 613437e..aa45fca 100644
+index 613437e05af8..aa45fca238da 100644
--- a/crypto/comp/comp_lcl.h
+++ b/crypto/comp/comp_lcl.h
@@ -1,57 +1,12 @@
@@ -36741,7 +39385,7 @@
int type; /* NID for compression library */
const char *name; /* A text string to identify the library */
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
-index 83fea93..32afd0d 100644
+index 83fea93cb80d..32afd0dba818 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -1,55 +1,10 @@
@@ -36808,7 +39452,7 @@
#include <stdio.h>
diff --git a/crypto/conf/Makefile.in b/crypto/conf/Makefile.in
deleted file mode 100644
-index 5acaa1c..0000000
+index 5acaa1c403e7..000000000000
--- a/crypto/conf/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -36859,7 +39503,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
-index 5365c97..5535416 100644
+index 5365c97e7816..5535416ab3bf 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -1,58 +1,10 @@
@@ -36937,7 +39581,7 @@
static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
-index 0f3f52a..8861b3a 100644
+index 0f3f52abd3dd..8861b3a5a062 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -1,58 +1,10 @@
@@ -37006,7 +39650,7 @@
/* Part of the code in here was originally in conf.c, which is now removed */
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
-index 3ebb0f7..da4767e 100644
+index 3ebb0f7a736f..da4767e196cb 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -1,63 +1,12 @@
@@ -37112,7 +39756,7 @@
static const unsigned short CONF_type_default[256] = {
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
-index 80ea3ce..31bb15c 100644
+index 80ea3ce79862..31bb15c34a7a 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -1,61 +1,11 @@
@@ -37211,7 +39855,7 @@
{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
"module initialization error"},
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
-index f197714..c998373 100644
+index f1977148b47a..c99837387eb0 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -1,59 +1,10 @@
@@ -37313,7 +39957,7 @@
#endif
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
-index a5c961d..4e7a434 100644
+index a5c961df02fe..4e7a434e0e4d 100644
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -1,59 +1,10 @@
@@ -37382,7 +40026,7 @@
#include <stdio.h>
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
-index cef805d..6235f50 100644
+index cef805dfcaf1..6235f50f849f 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,59 +1,10 @@
@@ -37465,7 +40109,7 @@
return NULL;
}
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
-index ab034c2..a1c25b3 100644
+index ab034c2111f8..a1c25b3ee676 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -1,59 +1,10 @@
@@ -37534,7 +40178,7 @@
#include <stdio.h>
diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
-index 087c087..5af08ae 100644
+index 087c087c6219..5af08ae20ab1 100644
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -1,4 +1,10 @@
@@ -37655,7 +40299,7 @@
EOF
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
-index 8ad93a9..3c6e8d5 100644
+index 8ad93a9738e3..3c6e8d53d23a 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -1,61 +1,11 @@
@@ -37752,7 +40396,7 @@
};
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
-index 7e1d780..8e189ec 100644
+index 7e1d780f6c91..8e189eca64fe 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -1,112 +1,12 @@
@@ -37898,7 +40542,7 @@
+#endif
diff --git a/crypto/ct/Makefile.in b/crypto/ct/Makefile.in
deleted file mode 100644
-index 794efbc..0000000
+index 794efbc6d777..000000000000
--- a/crypto/ct/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -37948,7 +40592,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
-index a1693a6..d6279d2 100644
+index a1693a6c28aa..d6279d22981e 100644
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -1,59 +1,10 @@
@@ -38017,7 +40661,7 @@
#include <limits.h>
diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c
-index 1754395..8581dbb 100644
+index 175439507e56..8581dbb79192 100644
--- a/crypto/ct/ct_err.c
+++ b/crypto/ct/ct_err.c
@@ -1,61 +1,11 @@
@@ -38150,7 +40794,7 @@
"unrecognized signature nid"},
{ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"},
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
-index b1a65d6..e3ef4b7 100644
+index b1a65d626277..e3ef4b749408 100644
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -1,53 +1,10 @@
@@ -38159,7 +40803,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -38190,8 +40835,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -38213,7 +40857,7 @@
#include <stddef.h>
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
-index 47bd08f..6fc21b7 100644
+index 47bd08fc2498..6fc21b7269e3 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -1,56 +1,10 @@
@@ -38280,7 +40924,7 @@
#include <stdlib.h>
diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
-index ece353b..ced585f 100644
+index ece353bdac43..cacc3bd2b4fd 100644
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -1,59 +1,10 @@
@@ -38348,8 +40992,20 @@
*/
#ifdef OPENSSL_NO_CT
+@@ -414,9 +365,9 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+ if (pp != NULL) {
+ p = *pp;
+ s2n(len2 - 2, p);
++ if (!is_pp_new)
++ *pp += len2;
+ }
+- if (!is_pp_new)
+- *pp += len2;
+ return len2;
+
+ err:
diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
-index f97cfdf..4c4f9b3 100644
+index f97cfdfabd68..4c4f9b3e3b6d 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -1,55 +1,11 @@
@@ -38416,7 +41072,7 @@
#ifdef OPENSSL_NO_CT
# error "CT is disabled"
diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
-index 5004ae0..2786746 100644
+index 5004ae0b940e..2786746997b3 100644
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -1,59 +1,10 @@
@@ -38485,7 +41141,7 @@
#ifdef OPENSSL_NO_CT
diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
-index 1fc7456..1aec3e2 100644
+index 1fc745612914..1aec3e2541db 100644
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -1,59 +1,10 @@
@@ -38554,7 +41210,7 @@
#ifdef OPENSSL_NO_CT
diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c
-index 13937c7..28fd044 100644
+index 13937c75cad0..28fd04485fa3 100644
--- a/crypto/ct/ct_sct_ctx.c
+++ b/crypto/ct/ct_sct_ctx.c
@@ -1,59 +1,10 @@
@@ -38623,7 +41279,7 @@
#ifdef OPENSSL_NO_CT
diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c
-index 71c0361..8305ce6 100644
+index 71c03611261f..8305ce678eae 100644
--- a/crypto/ct/ct_vfy.c
+++ b/crypto/ct/ct_vfy.c
@@ -1,59 +1,10 @@
@@ -38692,7 +41348,7 @@
#include <string.h>
diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
-index ed361dc..4298e1e 100644
+index ed361dc7f153..4298e1eddb9a 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -1,59 +1,10 @@
@@ -38761,7 +41417,7 @@
#ifdef OPENSSL_NO_CT
diff --git a/crypto/cversion.c b/crypto/cversion.c
-index a13ccf4..96d8a5b 100644
+index a13ccf429f1d..96d8a5b5e0e7 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -1,58 +1,10 @@
@@ -38829,9 +41485,65 @@
*/
#include "internal/cryptlib.h"
+diff --git a/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT
+deleted file mode 100644
+index 5469e1e46996..000000000000
+--- a/crypto/des/COPYRIGHT
++++ /dev/null
+@@ -1,50 +0,0 @@
+-Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+-All rights reserved.
+-
+-This package is an DES implementation written by Eric Young (eay at cryptsoft.com).
+-The implementation was written so as to conform with MIT's libdes.
+-
+-This library is free for commercial and non-commercial use as long as
+-the following conditions are aheared to. The following conditions
+-apply to all code found in this distribution.
+-
+-Copyright remains Eric Young's, and as such any Copyright notices in
+-the code are not to be removed.
+-If this package is used in a product, Eric Young should be given attribution
+-as the author of that the SSL library. This can be in the form of a textual
+-message at program startup or in documentation (online or textual) provided
+-with the package.
+-
+-Redistribution and use in source and binary forms, with or without
+-modification, are permitted provided that the following conditions
+-are met:
+-1. Redistributions of source code must retain the copyright
+- notice, this list of conditions and the following disclaimer.
+-2. Redistributions in binary form must reproduce the above copyright
+- notice, this list of conditions and the following disclaimer in the
+- documentation and/or other materials provided with the distribution.
+-3. All advertising materials mentioning features or use of this software
+- must display the following acknowledgement:
+- This product includes software developed by Eric Young (eay at cryptsoft.com)
+-
+-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-SUCH DAMAGE.
+-
+-The license and distribution terms for any publically available version or
+-derivative of this code cannot be changed. i.e. this code cannot simply be
+-copied and put under another distrubution license
+-[including the GNU Public License.]
+-
+-The reason behind this being stated in this direct manner is past
+-experience in code simply being copied and the attribution removed
+-from it and then being distributed as part of other packages. This
+-implementation was a non-trivial and unpaid effort.
diff --git a/crypto/des/Makefile.in b/crypto/des/Makefile.in
deleted file mode 100644
-index 5f87f22..0000000
+index 5f87f22bf701..000000000000
--- a/crypto/des/Makefile.in
+++ /dev/null
@@ -1,72 +0,0 @@
@@ -38908,7 +41620,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl
-index d94528f..d5911a1 100644
+index d94528ff7c28..d5911a185823 100644
--- a/crypto/des/asm/crypt586.pl
+++ b/crypto/des/asm/crypt586.pl
@@ -1,10 +1,13 @@
@@ -38930,7 +41642,7 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl
-index e56eae4..3d7c7f1 100644
+index e56eae47ddcb..3d7c7f1b91e1 100644
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
@@ -1,8 +1,13 @@
@@ -38949,8 +41661,44 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
+diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
+index 3efe2465a74a..2d794d3374b3 100644
+--- a/crypto/des/asm/des_enc.m4
++++ b/crypto/des/asm/des_enc.m4
+@@ -1,26 +1,9 @@
+-! des_enc.m4
+-! des_enc.S (generated from des_enc.m4)
++! Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ !
+-! UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file.
+-!
+-! Version 1.0. 32-bit version.
+-!
+-! June 8, 2000.
+-!
+-! Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation
+-! by Andy Polyakov.
+-!
+-! January 1, 2003.
+-!
+-! Assembler version: Copyright Svend Olaf Mikkelsen.
+-!
+-! Original C code: Copyright Eric A. Young.
+-!
+-! This code can be freely used by LibDES/SSLeay/OpenSSL users.
+-!
+-! The LibDES/SSLeay/OpenSSL copyright notices must be respected.
+-!
+-! This version can be redistributed.
++! Licensed under the OpenSSL license (the "License"). You may not use
++! this file except in compliance with the License. You can obtain a copy
++! in the file LICENSE in the source distribution or at
++! https://www.openssl.org/source/license.html
+ !
+ ! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
+ !
diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
-index eec0088..76759fb 100644
+index eec00886e4c6..76759fb29203 100644
--- a/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
@@ -1,4 +1,11 @@
@@ -38967,7 +41715,7 @@
$L="edi";
$R="esi";
diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
-index 858df0b..1d4f0d1 100644
+index 858df0ba84e3..1d4f0d11bf36 100644
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -38983,8 +41731,145 @@
# ====================================================================
# Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
+diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
+deleted file mode 100644
+index 1beafe253b17..000000000000
+--- a/crypto/des/asm/readme
++++ /dev/null
+@@ -1,131 +0,0 @@
+-First up, let me say I don't like writing in assembler. It is not portable,
+-dependant on the particular CPU architecture release and is generally a pig
+-to debug and get right. Having said that, the x86 architecture is probably
+-the most important for speed due to number of boxes and since
+-it appears to be the worst architecture to to get
+-good C compilers for. So due to this, I have lowered myself to do
+-assembler for the inner DES routines in libdes :-).
+-
+-The file to implement in assembler is des_enc.c. Replace the following
+-4 functions
+-des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
+-des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+-des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+-des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+-
+-They encrypt/decrypt the 64 bits held in 'data' using
+-the 'ks' key schedules. The only difference between the 4 functions is that
+-des_encrypt2() does not perform IP() or FP() on the data (this is an
+-optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+-perform triple des. The triple DES routines are in here because it does
+-make a big difference to have them located near the des_encrypt2 function
+-at link time..
+-
+-Now as we all know, there are lots of different operating systems running on
+-x86 boxes, and unfortunately they normally try to make sure their assembler
+-formating is not the same as the other peoples.
+-The 4 main formats I know of are
+-Microsoft Windows 95/Windows NT
+-Elf Includes Linux and FreeBSD(?).
+-a.out The older Linux.
+-Solaris Same as Elf but different comments :-(.
+-
+-Now I was not overly keen to write 4 different copies of the same code,
+-so I wrote a few perl routines to output the correct assembler, given
+-a target assembler type. This code is ugly and is just a hack.
+-The libraries are x86unix.pl and x86ms.pl.
+-des586.pl, des686.pl and des-som[23].pl are the programs to actually
+-generate the assembler.
+-
+-So to generate elf assembler
+-perl des-som3.pl elf >dx86-elf.s
+-For Windows 95/NT
+-perl des-som2.pl win32 >win32.asm
+-
+-[ update 4 Jan 1996 ]
+-I have added another way to do things.
+-perl des-som3.pl cpp >dx86-cpp.s
+-generates a file that will be included by dx86unix.cpp when it is compiled.
+-To build for elf, a.out, solaris, bsdi etc,
+-cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+-cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+-cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+-cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+-This was done to cut down the number of files in the distribution.
+-
+-Now the ugly part. I acquired my copy of Intels
+-"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+-things. First, the aim of the exersize is to 'extract' one byte at a time
+-from a word and do an array lookup. This involves getting the byte from
+-the 4 locations in the word and moving it to a new word and doing the lookup.
+-The most obvious way to do this is
+-xor eax, eax # clear word
+-movb al, cl # get low byte
+-xor edi DWORD PTR 0x100+des_SP[eax] # xor in word
+-movb al, ch # get next byte
+-xor edi DWORD PTR 0x300+des_SP[eax] # xor in word
+-shr ecx 16
+-which seems ok. For the pentium, this system appears to be the best.
+-One has to do instruction interleaving to keep both functional units
+-operating, but it is basically very efficient.
+-
+-Now the crunch. When a full register is used after a partial write, eg.
+-mov al, cl
+-xor edi, DWORD PTR 0x100+des_SP[eax]
+-386 - 1 cycle stall
+-486 - 1 cycle stall
+-586 - 0 cycle stall
+-686 - at least 7 cycle stall (page 22 of the above mentioned document).
+-
+-So the technique that produces the best results on a pentium, according to
+-the documentation, will produce hideous results on a pentium pro.
+-
+-To get around this, des686.pl will generate code that is not as fast on
+-a pentium, should be very good on a pentium pro.
+-mov eax, ecx # copy word
+-shr ecx, 8 # line up next byte
+-and eax, 0fch # mask byte
+-xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup
+-mov eax, ecx # get word
+-shr ecx 8 # line up next byte
+-and eax, 0fch # mask byte
+-xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup
+-
+-Due to the execution units in the pentium, this actually works quite well.
+-For a pentium pro it should be very good. This is the type of output
+-Visual C++ generates.
+-
+-There is a third option. instead of using
+-mov al, ch
+-which is bad on the pentium pro, one may be able to use
+-movzx eax, ch
+-which may not incur the partial write penalty. On the pentium,
+-this instruction takes 4 cycles so is not worth using but on the
+-pentium pro it appears it may be worth while. I need access to one to
+-experiment :-).
+-
+-eric (20 Oct 1996)
+-
+-22 Nov 1996 - I have asked people to run the 2 different version on pentium
+-pros and it appears that the intel documentation is wrong. The
+-mov al,bh is still faster on a pentium pro, so just use the des586.pl
+-install des686.pl
+-
+-3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+-functions into des_enc.c because it does make a massive performance
+-difference on some boxes to have the functions code located close to
+-the des_encrypt2() function.
+-
+-9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+-pentiums. It contains an inner loop from
+-Svend Olaf Mikkelsen <svolaf at inet.uni-c.dk> which does raw ecb DES calls at
+-273,000 per second. He had a previous version at 250,000 and the best
+-I was able to get was 203,000. The content has not changed, this is all
+-due to instruction sequencing (and actual instructions choice) which is able
+-to keep both functional units of the pentium going.
+-We may have lost the ugly register usage restrictions when x86 went 32 bit
+-but for the pentium it has been replaced by evil instruction ordering tricks.
+-
+-13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+-raw DES at 281,000 per second on a pentium 100.
+-
diff --git a/crypto/des/build.info b/crypto/des/build.info
-index 10927cc..c0306cf 100644
+index 10927ccbabd2..c0306cfd6f5a 100644
--- a/crypto/des/build.info
+++ b/crypto/des/build.info
@@ -1,12 +1,11 @@
@@ -39005,7 +41890,7 @@
GENERATE[des_enc-sparc.S]=asm/des_enc.m4
GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
-index 1903765..a7bf068 100644
+index 1903765c7321..a7bf0689b255 100644
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -1,58 +1,10 @@
@@ -39074,7 +41959,7 @@
#include "des_locl.h"
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
-index 5b84e84..92e773f 100644
+index 5b84e844b429..92e773f81f4a 100644
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -1,58 +1,10 @@
@@ -39143,13 +42028,15 @@
#define CBC_ENC_C__DONT_UPDATE_IV
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
-index 4922245..5edb979 100644
+index 49222451bb57..5edb979e1069 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39197,9 +42084,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -39212,13 +42097,15 @@
#include "des_locl.h"
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
-index f9dce3d..96de51b 100644
+index f9dce3dd38fa..96de51b055ec 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39266,9 +42153,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -39281,13 +42166,15 @@
#include "des_locl.h"
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
-index dd213b0..6c428ba 100644
+index dd213b0326fe..6c428ba61f09 100644
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39335,9 +42222,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -39350,7 +42235,7 @@
#include "e_os.h"
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
-index 1f827f2..600f6df 100644
+index 1f827f216e41..600f6df4886f 100644
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -1,58 +1,10 @@
@@ -39419,13 +42304,15 @@
#include <openssl/crypto.h>
diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
-index 7ed783c..53881d4 100644
+index 7ed783cb3764..53881d4175ea 100644
--- a/crypto/des/des_locl.h
+++ b/crypto/des/des_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -39473,9 +42360,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -39528,7 +42413,7 @@
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
-index e96dd9e..6ac89d4 100644
+index e96dd9e507ae..6ac89d4e78bb 100644
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -1,58 +1,10 @@
@@ -39597,7 +42482,7 @@
#include "des_locl.h"
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
-index 109ffd4..bd130c6 100644
+index 109ffd430f67..bd130c6e03eb 100644
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -1,58 +1,10 @@
@@ -39667,7 +42552,7 @@
#include "des_locl.h"
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
deleted file mode 100644
-index a37e753..0000000
+index a37e75324082..000000000000
--- a/crypto/des/enc_read.c
+++ /dev/null
@@ -1,234 +0,0 @@
@@ -39907,7 +42792,7 @@
-}
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
deleted file mode 100644
-index dd1c0f9..0000000
+index dd1c0f9c4036..000000000000
--- a/crypto/des/enc_writ.c
+++ /dev/null
@@ -1,180 +0,0 @@
@@ -40092,7 +42977,7 @@
-#endif /* OPENSSL_NO_POSIX_IO */
-}
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
-index 0c7484c..b52f486 100644
+index 0c7484ce1297..5215ad3e6420 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -1,3 +1,12 @@
@@ -40128,14 +43013,88 @@
#include <openssl/crypto.h>
#include "des_locl.h"
+@@ -70,27 +66,23 @@ char *DES_crypt(const char *buf, const char *salt)
+ char e_buf[32 + 1]; /* replace 32 by 8 ? */
+ char *ret;
+
+- /* Copy at most 2 chars of salt */
+- if ((e_salt[0] = salt[0]) != '\0')
+- e_salt[1] = salt[1];
++ if (salt[0] == '\0' || salt[1] == '\0')
++ return NULL;
+
+- /* Copy at most 32 chars of password */
+- strncpy(e_buf, buf, sizeof(e_buf));
++ /* Copy salt, convert to ASCII. */
++ e_salt[0] = salt[0];
++ e_salt[1] = salt[1];
++ e_salt[2] = '\0';
++ ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
+
+- /* Make sure we have a delimiter */
+- e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
+-
+- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
+- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+-
+- /* Convert the cleartext password to ASCII */
++ /* Convert password to ASCII. */
++ OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
+ ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+
+- /* Encrypt it (from/to ASCII) */
++ /* Encrypt it (from/to ASCII); if it worked, convert back. */
+ ret = DES_fcrypt(e_buf, e_salt, buff);
+-
+- /* Convert the result back to EBCDIC */
+- ascii2ebcdic(ret, ret, strlen(ret));
++ if (ret != NULL)
++ ascii2ebcdic(ret, ret, strlen(ret));
+
+ return ret;
+ #endif
+@@ -107,25 +99,14 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+ unsigned char *b = bb;
+ unsigned char c, u;
+
+- /*
+- * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
+- * have * as the pwd field in /etc/passwd, the function returns
+- * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
+- * crypt to "*". This was found when replacing the crypt in our shared
+- * libraries. People found that the disabled accounts effectively had no
+- * passwd :-(.
+- */
+-#ifndef CHARSET_EBCDIC
+- x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
++ x = ret[0] = salt[0];
++ if (x == 0 || x >= sizeof(con_salt))
++ return NULL;
+ Eswap0 = con_salt[x] << 2;
+- x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
++ x = ret[1] = salt[1];
++ if (x == 0 || x >= sizeof(con_salt))
++ return NULL;
+ Eswap1 = con_salt[x] << 6;
+-#else
+- x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
+- Eswap0 = con_salt[x] << 2;
+- x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
+- Eswap1 = con_salt[x] << 6;
+-#endif
+
+ /*
+ * EAY r=strlen(buf); r=(r+7)/8;
diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
-index 6e02ac7..fe2369a 100644
+index 6e02ac7c3c7a..fe2369a93526 100644
--- a/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
@@ -1,68 +1,14 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -40183,9 +43142,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40208,7 +43165,7 @@
#include "des_locl.h"
#undef DES_FCRYPT
diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
-index 208615d..244f15c 100644
+index 208615d47b9f..244f15ca2a96 100644
--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -1,64 +1,17 @@
@@ -40286,13 +43243,15 @@
#include "des_locl.h"
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
-index 97d4f61..a551a07 100644
+index 97d4f611f413..a551a07e0eb4 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -40340,9 +43299,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40355,13 +43312,15 @@
#include "des_locl.h"
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
-index 53c558f..30976c8 100644
+index 53c558f40125..30976c871daa 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -40409,9 +43368,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40424,13 +43381,15 @@
#include "des_locl.h"
diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
-index c37709b..65a9b86 100644
+index c37709b24124..65a9b8604d80 100644
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -40478,9 +43437,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40493,7 +43450,7 @@
#include "des_locl.h"
diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
-index 91a6caf..0fa058f 100644
+index 91a6caf0bea1..0fa058f03f07 100644
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -1,58 +1,10 @@
@@ -40562,13 +43519,15 @@
#include "des_locl.h"
diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
-index 1ff0b75..8710cec 100644
+index 1ff0b7592d54..8710ceca9544 100644
--- a/crypto/des/qud_cksm.c
+++ b/crypto/des/qud_cksm.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -40616,9 +43575,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40631,7 +43588,7 @@
/*
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
-index da95bfe..61e4f9d 100644
+index da95bfebae29..61e4f9d05dcb 100644
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
@@ -1,55 +1,10 @@
@@ -40698,7 +43655,7 @@
#include <openssl/des.h>
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
deleted file mode 100644
-index 748d0e6..0000000
+index 748d0e621b87..000000000000
--- a/crypto/des/read2pwd.c
+++ /dev/null
@@ -1,146 +0,0 @@
@@ -40849,13 +43806,15 @@
-}
-#endif
diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h
-index 727e285..fe59e22 100644
+index 727e28596c3b..fe59e224de75 100644
--- a/crypto/des/rpc_des.h
+++ b/crypto/des/rpc_des.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -40903,9 +43862,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -40918,7 +43875,7 @@
/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */
diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
-index 76cdd0c..bfa8511 100644
+index 76cdd0c7be22..bfa85115a2d7 100644
--- a/crypto/des/rpc_enc.c
+++ b/crypto/des/rpc_enc.c
@@ -1,58 +1,10 @@
@@ -40987,7 +43944,7 @@
#include "rpc_des.h"
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
-index d9fc921..93adff3 100644
+index d9fc921f8309..93adff398298 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -1,58 +1,10 @@
@@ -41056,7 +44013,7 @@
/*-
diff --git a/crypto/des/spr.h b/crypto/des/spr.h
-index cd55a45..42adfbf 100644
+index cd55a452472d..42adfbf6ee60 100644
--- a/crypto/des/spr.h
+++ b/crypto/des/spr.h
@@ -1,58 +1,10 @@
@@ -41125,7 +44082,7 @@
OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
-index e671d14..4dc661f 100644
+index e671d14b0f8d..78998a1cd071 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -1,58 +1,10 @@
@@ -41193,8 +44150,44 @@
*/
#include <openssl/crypto.h>
+@@ -62,7 +14,6 @@ void DES_string_to_key(const char *str, DES_cblock *key)
+ {
+ DES_key_schedule ks;
+ int i, length;
+- register unsigned char j;
+
+ memset(key, 0, 8);
+ length = strlen(str);
+@@ -71,7 +22,8 @@ void DES_string_to_key(const char *str, DES_cblock *key)
+ (*key)[i % 8] ^= (str[i] << 1);
+ #else /* MIT COMPATIBLE */
+ for (i = 0; i < length; i++) {
+- j = str[i];
++ register unsigned char j = str[i];
++
+ if ((i % 16) < 8)
+ (*key)[i % 8] ^= (j << 1);
+ else {
+@@ -94,7 +46,6 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+ {
+ DES_key_schedule ks;
+ int i, length;
+- register unsigned char j;
+
+ memset(key1, 0, 8);
+ memset(key2, 0, 8);
+@@ -114,7 +65,8 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+ }
+ #else /* MIT COMPATIBLE */
+ for (i = 0; i < length; i++) {
+- j = str[i];
++ register unsigned char j = str[i];
++
+ if ((i % 32) < 16) {
+ if ((i % 16) < 8)
+ (*key1)[i % 8] ^= (j << 1);
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
-index 11ee004..c4e455d 100644
+index 11ee004590c2..c4e455d9b912 100644
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -1,58 +1,10 @@
@@ -41264,7 +44257,7 @@
#include "des_locl.h"
diff --git a/crypto/dh/Makefile.in b/crypto/dh/Makefile.in
deleted file mode 100644
-index 205909a..0000000
+index 205909a73825..000000000000
--- a/crypto/dh/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -41314,7 +44307,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index 54d5ba5..222cb20 100644
+index 54d5ba5d3436..78aea3609326 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -1,59 +1,10 @@
@@ -41382,8 +44375,27 @@
*/
#include <stdio.h>
+@@ -329,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
+ else
+ pub_key = NULL;
+
+- if (priv_key == NULL && pub_key == NULL) {
++ if (x->p == NULL || (ptype == 2 && priv_key == NULL)
++ || (ptype > 0 && pub_key == NULL)) {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+@@ -486,7 +438,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+
+ static int dh_missing_parameters(const EVP_PKEY *a)
+ {
+- if (!a->pkey.dh->p || !a->pkey.dh->g)
++ if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
+ return 1;
+ return 0;
+ }
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
-index aa80291..7c72fd6 100644
+index aa802915a895..7c72fd64e50a 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -1,59 +1,10 @@
@@ -41452,7 +44464,7 @@
#include <stdio.h>
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 5d14265..523e31d 100644
+index 5d1426580291..523e31d05e1c 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -1,58 +1,10 @@
@@ -41521,7 +44533,7 @@
#include <stdio.h>
diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
-index 90ce0b0..f8ed1b7 100644
+index 90ce0b0d89e5..f8ed1b7461ee 100644
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
@@ -1,55 +1,10 @@
@@ -41587,7 +44599,7 @@
/* This file contains deprecated functions as wrappers to the new ones */
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
-index 4778b8d..a5348b1 100644
+index 4778b8d87516..a5348b1aabdd 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,61 +1,11 @@
@@ -41686,13 +44698,15 @@
{ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
-index 5c96dac..27ecb98 100644
+index 5c96dacdba0a..27ecb983d16b 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -41740,9 +44754,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -41755,7 +44767,7 @@
/*
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
-index 6c31fec..f2f3d24 100644
+index 6c31fecd12f2..f2f3d24158d3 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -1,53 +1,10 @@
@@ -41764,7 +44776,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -41795,8 +44808,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -41818,7 +44830,7 @@
#include <e_os.h>
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index d957550..9b79f39 100644
+index d9575503d1f7..1644003bd95b 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -1,58 +1,10 @@
@@ -41886,8 +44898,69 @@
*/
#include <stdio.h>
+@@ -161,24 +113,18 @@ static int generate_key(DH *dh)
+ }
+
+ {
+- BIGNUM *local_prk = NULL;
+- BIGNUM *prk;
++ BIGNUM *prk = BN_new();
+
+- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+- local_prk = prk = BN_new();
+- if (local_prk == NULL)
+- goto err;
+- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+- } else {
+- prk = priv_key;
+- }
++ if (prk == NULL)
++ goto err;
++ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+- BN_free(local_prk);
++ BN_free(prk);
+ goto err;
+ }
+- /* We MUST free local_prk before any further use of priv_key */
+- BN_free(local_prk);
++ /* We MUST free prk before any further use of priv_key */
++ BN_free(prk);
+ }
+
+ dh->pub_key = pub_key;
+@@ -223,10 +169,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ dh->lock, dh->p, ctx);
+- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+- /* XXX */
+- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+- }
++ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+ if (!mont)
+ goto err;
+ }
+@@ -255,15 +198,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+- /*
+- * If a is only one word long and constant time is false, use the faster
+- * exponentiation function.
+- */
+- if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
+- BN_ULONG A = bn_get_words(a)[0];
+- return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
+- } else
+- return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
++ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+ }
+
+ static int dh_init(DH *dh)
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
-index bf9f8d3..8645b67 100644
+index bf9f8d331740..6a59f7faa432 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -1,58 +1,10 @@
@@ -41955,13 +45028,14 @@
*/
#include <stdio.h>
-@@ -109,13 +61,20 @@ DH *DH_new_method(ENGINE *engine)
+@@ -109,13 +61,21 @@ DH *DH_new_method(ENGINE *engine)
return NULL;
}
+ ret->references = 1;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
++ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
@@ -41978,7 +45052,7 @@
}
ret->engine = engine;
} else
-@@ -124,29 +83,19 @@ DH *DH_new_method(ENGINE *engine)
+@@ -124,29 +84,19 @@ DH *DH_new_method(ENGINE *engine)
ret->meth = ENGINE_get_DH(ret->engine);
if (ret->meth == NULL) {
DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
@@ -42013,7 +45087,7 @@
DH_free(ret);
ret = NULL;
}
-@@ -245,15 +194,27 @@ void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g)
+@@ -245,15 +195,27 @@ void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g)
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
@@ -42049,7 +45123,7 @@
if (q != NULL) {
dh->length = BN_num_bits(q);
-@@ -283,14 +244,25 @@ void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key)
+@@ -283,14 +245,25 @@ void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key)
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
{
@@ -42082,7 +45156,7 @@
return 1;
}
diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h
-index 46e4bc7..19301c3 100644
+index 46e4bc79d985..19301c318586 100644
--- a/crypto/dh/dh_locl.h
+++ b/crypto/dh/dh_locl.h
@@ -1,11 +1,10 @@
@@ -42101,7 +45175,7 @@
#include <openssl/dh.h>
diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c
-index 0bc5e53..45753b6 100644
+index 0bc5e53e0275..45753b6164bd 100644
--- a/crypto/dh/dh_meth.c
+++ b/crypto/dh/dh_meth.c
@@ -1,16 +1,15 @@
@@ -42163,25 +45237,26 @@
int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
{
+- OPENSSL_free(dhm->name);
+- dhm->name = OPENSSL_strdup(name);
+ char *tmpname;
-+
+
+- return dhm->name != NULL;
+ tmpname = OPENSSL_strdup(name);
+ if (tmpname == NULL) {
+ DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
- OPENSSL_free(dhm->name);
-- dhm->name = OPENSSL_strdup(name);
++ OPENSSL_free(dhm->name);
+ dhm->name = tmpname;
-
-- return dhm->name != NULL;
++
+ return 1;
}
int DH_meth_get_flags(DH_METHOD *dhm)
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index 5d357a3..c3e03c7 100644
+index 5d357a380154..c3e03c7a420d 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -1,59 +1,10 @@
@@ -42300,7 +45375,7 @@
{
DH_PKEY_CTX *dctx = ctx->data;
diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c
-index 4c89a14..283fb0f 100644
+index 4c89a1428358..283fb0f4a31a 100644
--- a/crypto/dh/dh_prn.c
+++ b/crypto/dh/dh_prn.c
@@ -1,58 +1,10 @@
@@ -42369,7 +45444,7 @@
#include <stdio.h>
diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
-index 48b199d..c4a2195 100644
+index 48b199dfce74..c4a219590e9e 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -1,59 +1,10 @@
@@ -42437,8 +45512,135 @@
*/
#include <stdio.h>
+diff --git a/crypto/dh/example b/crypto/dh/example
+deleted file mode 100644
+index 16a33d2910f1..000000000000
+--- a/crypto/dh/example
++++ /dev/null
+@@ -1,50 +0,0 @@
+-From owner-cypherpunks at toad.com Mon Sep 25 10:50:51 1995
+-Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
+- (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
+-Received: by minbne.mincom.oz.au id AA19958
+- (5.65c/IDA-1.4.4 for eay at orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
+-Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
+- Wed, 27 Sep 1995 19:13:05 +1000
+-Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
+- Wed, 27 Sep 1995 04:48:46 -0400
+-Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
+-Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
+-Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14])
+- by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442
+- for <cypherpunks at toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
+-Received: (karn at localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1)
+- id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+-Date: Mon, 25 Sep 1995 17:50:51 -0700
+-From: Phil Karn <karn at qualcomm.com>
+-Message-Id: <199509260050.RAA14732 at servo.qualcomm.com>
+-To: cypherpunks at toad.com, ipsec-dev at eit.com
+-Subject: Primality verification needed
+-Sender: owner-cypherpunks at toad.com
+-Precedence: bulk
+-Status: RO
+-X-Status:
+-
+-Hi. I've generated a 2047-bit "strong" prime number that I would like to
+-use with Diffie-Hellman key exchange. I assert that not only is this number
+-'p' prime, but so is (p-1)/2.
+-
+-I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+-1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+-However, to increase my confidence that this number really is a strong prime,
+-I'd like to ask others to confirm it with other tests. Here's the number in hex:
+-
+-72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+-fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+-a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+-fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+-3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+-ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+-56a05180c3bec7ddd5ef6fe76b1f717b
+-
+-The generator, g, for this prime is 2.
+-
+-Thanks!
+-
+-Phil Karn
+-
+-
+diff --git a/crypto/dh/generate b/crypto/dh/generate
+deleted file mode 100644
+index 5d407231df5b..000000000000
+--- a/crypto/dh/generate
++++ /dev/null
+@@ -1,65 +0,0 @@
+-From: stewarts at ix.netcom.com (Bill Stewart)
+-Newsgroups: sci.crypt
+-Subject: Re: Diffie-Hellman key exchange
+-Date: Wed, 11 Oct 1995 23:08:28 GMT
+-Organization: Freelance Information Architect
+-Lines: 32
+-Message-ID: <45hir2$7l8 at ixnews7.ix.netcom.com>
+-References: <458rhn$76m$1 at mhadf.production.compuserve.com>
+-NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+-X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995
+-X-Newsreader: Forte Free Agent 1.0.82
+-
+-Kent Briggs <72124.3234 at CompuServe.COM> wrote:
+-
+->I have a copy of the 1976 IEEE article describing the
+->Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm
+->looking for sources that give examples of secure a,q pairs and
+->possible some source code that I could examine.
+-
+-q should be prime, and ideally should be a "strong prime",
+-which means it's of the form 2n+1 where n is also prime.
+-q also needs to be long enough to prevent the attacks LaMacchia and
+-Odlyzko described (some variant on a factoring attack which generates
+-a large pile of simultaneous equations and then solves them);
+-long enough is about the same size as factoring, so 512 bits may not
+-be secure enough for most applications. (The 192 bits used by
+-"secure NFS" was certainly not long enough.)
+-
+-a should be a generator for q, which means it needs to be
+-relatively prime to q-1. Usually a small prime like 2, 3 or 5 will
+-work.
+-
+-....
+-
+-Date: Tue, 26 Sep 1995 13:52:36 MST
+-From: "Richard Schroeppel" <rcs at cs.arizona.edu>
+-To: karn
+-Cc: ho at cs.arizona.edu
+-Subject: random large primes
+-
+-Since your prime is really random, proving it is hard.
+-My personal limit on rigorously proved primes is ~350 digits.
+-If you really want a proof, we should talk to Francois Morain,
+-or the Australian group.
+-
+-If you want 2 to be a generator (mod P), then you need it
+-to be a non-square. If (P-1)/2 is also prime, then
+-non-square == primitive-root for bases << P.
+-
+-In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+-If you want this, you should restrict your sieve accordingly.
+-
+-3 is a generator iff P = 5 (mod 12).
+-
+-5 is a generator iff P = 3 or 7 (mod 10).
+-
+-2 is perfectly usable as a base even if it's a non-generator, since
+-it still covers half the space of possible residues. And an
+-eavesdropper can always determine the low-bit of your exponent for
+-a generator anyway.
+-
+-Rich rcs at cs.arizona.edu
+-
+-
+-
diff --git a/crypto/dllmain.c b/crypto/dllmain.c
-index 0a229b5..91904aa 100644
+index 0a229b57f951..91904aad983b 100644
--- a/crypto/dllmain.c
+++ b/crypto/dllmain.c
@@ -1,3 +1,12 @@
@@ -42456,7 +45658,7 @@
#if defined(_WIN32) || defined(__CYGWIN__)
diff --git a/crypto/dsa/Makefile.in b/crypto/dsa/Makefile.in
deleted file mode 100644
-index 145034e..0000000
+index 145034e8878c..000000000000
--- a/crypto/dsa/Makefile.in
+++ /dev/null
@@ -1,47 +0,0 @@
@@ -42508,7 +45710,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
-index 54cdb3d..1bb11a9 100644
+index 54cdb3dae068..b30368e32e33 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -1,59 +1,10 @@
@@ -42576,8 +45778,26 @@
*/
#include <stdio.h>
+@@ -315,7 +266,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
+ {
+ DSA *dsa;
+ dsa = pkey->pkey.dsa;
+- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
++ if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
+ return 1;
+ return 0;
+ }
+@@ -558,7 +509,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+
+ /* NB these are sorted in pkey_id order, lowest first */
+
+-const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
++const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
+
+ {
+ EVP_PKEY_DSA2,
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
-index 1468fb1..93ce85f 100644
+index 1468fb1e6678..93ce85f09e85 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -1,59 +1,10 @@
@@ -42646,7 +45866,7 @@
#include <stdio.h>
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
-index f50fcc0..b852fc7 100644
+index f50fcc01ee0b..b852fc70f6c3 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -1,55 +1,10 @@
@@ -42712,7 +45932,7 @@
/*
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
-index 2e29258..96bd4d3 100644
+index 2e2925832464..96bd4d3a8f5f 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -1,61 +1,11 @@
@@ -42835,13 +46055,15 @@
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
-index c278d98..3dac550 100644
+index c278d9853de6..3dac5500312a 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -42889,9 +46111,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -42913,7 +46133,7 @@
/* if p, q already supplied generate g only */
if (ret->p && ret->q) {
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
-index 4415884..2bb8454 100644
+index 441588498ee7..aa5d42ce174f 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -1,58 +1,10 @@
@@ -42981,8 +46201,40 @@
*/
#include <stdio.h>
+@@ -98,24 +50,18 @@ static int dsa_builtin_keygen(DSA *dsa)
+ pub_key = dsa->pub_key;
+
+ {
+- BIGNUM *local_prk = NULL;
+- BIGNUM *prk;
++ BIGNUM *prk = BN_new();
+
+- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+- local_prk = prk = BN_new();
+- if (local_prk == NULL)
+- goto err;
+- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+- } else {
+- prk = priv_key;
+- }
++ if (prk == NULL)
++ goto err;
++ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+ if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+- BN_free(local_prk);
++ BN_free(prk);
+ goto err;
+ }
+- /* We MUST free local_prk before any further use of priv_key */
+- BN_free(local_prk);
++ /* We MUST free prk before any further use of priv_key */
++ BN_free(prk);
+ }
+
+ dsa->priv_key = priv_key;
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
-index facb97f..9294594 100644
+index facb97fb5ebb..14cb35f82e28 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -1,58 +1,10 @@
@@ -43050,7 +46302,7 @@
*/
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-@@ -111,20 +63,27 @@ const DSA_METHOD *DSA_get_method(DSA *d)
+@@ -111,20 +63,28 @@ const DSA_METHOD *DSA_get_method(DSA *d)
DSA *DSA_new_method(ENGINE *engine)
{
@@ -43066,6 +46318,7 @@
+ ret->references = 1;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
++ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
@@ -43082,7 +46335,7 @@
}
ret->engine = engine;
} else
-@@ -133,29 +92,19 @@ DSA *DSA_new_method(ENGINE *engine)
+@@ -133,29 +93,19 @@ DSA *DSA_new_method(ENGINE *engine)
ret->meth = ENGINE_get_DSA(ret->engine);
if (ret->meth == NULL) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
@@ -43117,7 +46370,7 @@
DSA_free(ret);
ret = NULL;
}
-@@ -315,14 +264,27 @@ void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g)
+@@ -315,14 +265,27 @@ void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g)
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
@@ -43152,7 +46405,7 @@
return 1;
}
-@@ -337,14 +299,25 @@ void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key)
+@@ -337,14 +300,25 @@ void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key)
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
{
@@ -43185,7 +46438,7 @@
return 1;
}
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
-index 657fbff..d488951 100644
+index 657fbff64fec..d488951a16f2 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -1,55 +1,10 @@
@@ -43251,7 +46504,7 @@
#include <openssl/dsa.h>
diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c
-index 816e35e..1d27cea 100644
+index 816e35ecc528..1d27ceae1ce1 100644
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
@@ -1,4 +1,13 @@
@@ -43314,25 +46567,26 @@
int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
{
+- OPENSSL_free(dsam->name);
+- dsam->name = OPENSSL_strdup(name);
+ char *tmpname;
-+
+
+- return dsam->name != NULL;
+ tmpname = OPENSSL_strdup(name);
+ if (tmpname == NULL) {
+ DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
- OPENSSL_free(dsam->name);
-- dsam->name = OPENSSL_strdup(name);
++ OPENSSL_free(dsam->name);
+ dsam->name = tmpname;
-
-- return dsam->name != NULL;
++
+ return 1;
}
int DSA_meth_get_flags(DSA_METHOD *dsam)
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index 9285553..ce1da1c 100644
+index 92855537b8ee..9c97ef949c0c 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -1,58 +1,10 @@
@@ -43400,7 +46654,50 @@
*/
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-@@ -140,7 +92,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+@@ -90,42 +42,6 @@ static DSA_METHOD openssl_dsa_meth = {
+ NULL
+ };
+
+-/*-
+- * These macro wrappers replace attempts to use the dsa_mod_exp() and
+- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
+- * having a the macro work as an expression by bundling an "err_instr". So;
+- *
+- * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+- * dsa->method_mont_p)) goto err;
+- *
+- * can be replaced by;
+- *
+- * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
+- * dsa->method_mont_p);
+- */
+-
+-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
+- do { \
+- int _tmp_res53; \
+- if ((dsa)->meth->dsa_mod_exp) \
+- _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
+- (a2), (p2), (m), (ctx), (in_mont)); \
+- else \
+- _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
+- (m), (ctx), (in_mont)); \
+- if (!_tmp_res53) err_instr; \
+- } while(0)
+-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
+- do { \
+- int _tmp_res53; \
+- if ((dsa)->meth->bn_mod_exp) \
+- _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
+- (m), (ctx), (m_ctx)); \
+- else \
+- _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
+- if (!_tmp_res53) err_instr; \
+- } while(0)
+-
+ const DSA_METHOD *DSA_OpenSSL(void)
+ {
+ return &openssl_dsa_meth;
+@@ -140,7 +56,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
@@ -43408,7 +46705,7 @@
int rv = 0;
m = BN_new();
-@@ -191,13 +142,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+@@ -191,13 +106,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
* Redo if r or s is zero as required by FIPS 186-3: this is very
* unlikely.
*/
@@ -43423,8 +46720,118 @@
rv = 1;
+@@ -225,7 +135,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ const unsigned char *dgst, int dlen)
+ {
+ BN_CTX *ctx = NULL;
+- BIGNUM *k, *kq, *K, *kinv = NULL, *r = *rp;
++ BIGNUM *k, *kinv = NULL, *r = *rp;
+ int ret = 0;
+
+ if (!dsa->p || !dsa->q || !dsa->g) {
+@@ -234,8 +144,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ }
+
+ k = BN_new();
+- kq = BN_new();
+- if (k == NULL || kq == NULL)
++ if (k == NULL)
+ goto err;
+
+ if (ctx_in == NULL) {
+@@ -258,9 +167,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ goto err;
+ } while (BN_is_zero(k));
+
+- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+- BN_set_flags(k, BN_FLG_CONSTTIME);
+- }
++ BN_set_flags(k, BN_FLG_CONSTTIME);
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+ if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+@@ -270,30 +177,29 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+
+ /* Compute r = (g^k mod p) mod q */
+
+- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+- if (!BN_copy(kq, k))
++ /*
++ * We do not want timing information to leak the length of k, so we
++ * compute g^k using an equivalent exponent of fixed length. (This
++ * is a kludge that we need because the BN_mod_exp_mont() does not
++ * let us specify the desired timing behaviour.)
++ */
++
++ if (!BN_add(k, k, dsa->q))
++ goto err;
++ if (BN_num_bits(k) <= BN_num_bits(dsa->q)) {
++ if (!BN_add(k, k, dsa->q))
+ goto err;
+-
+- /*
+- * We do not want timing information to leak the length of k, so we
+- * compute g^k using an equivalent exponent of fixed length. (This
+- * is a kludge that we need because the BN_mod_exp_mont() does not
+- * let us specify the desired timing behaviour.)
+- */
+-
+- if (!BN_add(kq, kq, dsa->q))
+- goto err;
+- if (BN_num_bits(kq) <= BN_num_bits(dsa->q)) {
+- if (!BN_add(kq, kq, dsa->q))
+- goto err;
+- }
+-
+- K = kq;
+- } else {
+- K = k;
+ }
+- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+- dsa->method_mont_p);
++
++ if ((dsa)->meth->bn_mod_exp != NULL) {
++ if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
++ dsa->method_mont_p))
++ goto err;
++ } else {
++ if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
++ goto err;
++ }
++
+ if (!BN_mod(r, r, dsa->q, ctx))
+ goto err;
+
+@@ -311,7 +217,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ if (ctx != ctx_in)
+ BN_CTX_free(ctx);
+ BN_clear_free(k);
+- BN_clear_free(kq);
+ return ret;
+ }
+
+@@ -391,9 +296,16 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+ goto err;
+ }
+
+- DSA_MOD_EXP(goto err, dsa, t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
+- mont);
+- /* BN_copy(&u1,&t1); */
++ if (dsa->meth->dsa_mod_exp != NULL) {
++ if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
++ dsa->p, ctx, mont))
++ goto err;
++ } else {
++ if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
++ mont))
++ goto err;
++ }
++
+ /* let u1 = u1 mod q */
+ if (!BN_mod(u1, t1, dsa->q, ctx))
+ goto err;
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
-index 8eca37f..4180958 100644
+index 8eca37fd0a4d..418095871ec2 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -1,59 +1,10 @@
@@ -43493,7 +46900,7 @@
#include <stdio.h>
diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
-index de33745..f3c20ea 100644
+index de3374562cde..f3c20ea0ac6c 100644
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c
@@ -1,59 +1,10 @@
@@ -43562,7 +46969,7 @@
#include <stdio.h>
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
-index b9dcd5b..5692794 100644
+index b9dcd5b28d3a..56927945fe5f 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -1,58 +1,10 @@
@@ -43631,7 +47038,7 @@
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
-index 6ce9968..a84d521 100644
+index 6ce9968eafad..a84d521283c6 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -1,58 +1,10 @@
@@ -43699,9 +47106,137 @@
*/
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+diff --git a/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt
+deleted file mode 100644
+index 974f255070c1..000000000000
+--- a/crypto/dsa/fips186a.txt
++++ /dev/null
+@@ -1,122 +0,0 @@
+-The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+-examples. This is an updated version that uses SHA-1 (FIPS 180-1)
+-supplied to me by Wei Dai
+---
+- APPENDIX 5. EXAMPLE OF THE DSA
+-
+-
+-This appendix is for informational purposes only and is not required to meet
+-the standard.
+-
+-Let L = 512 (size of p). The values in this example are expressed in
+-hexadecimal notation. The p and q given here were generated by the prime
+-generation standard described in appendix 2 using the 160-bit SEED:
+-
+- d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+-
+-With this SEED, the algorithm found p and q when the counter was at 105.
+-
+-x was generated by the algorithm described in appendix 3, section 3.1, using
+-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+-
+-XSEED =
+-
+- bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+-
+-t =
+- 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+-
+-x = G(t,XSEED) mod q
+-
+-k was generated by the algorithm described in appendix 3, section 3.2, using
+-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+-
+-KSEED =
+-
+- 687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+-
+-t =
+- EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+-
+-k = G(t,KSEED) mod q
+-
+-Finally:
+-
+-h = 2
+-
+-p =
+- 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+- cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+- 49693dfb f83724c2 ec0736ee 31c80291
+-
+-
+-q =
+- c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+-
+-
+-g =
+- 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+- 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+- c42e9f6f 464b088c c572af53 e6d78802
+-
+-
+-x =
+- 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+-
+-
+-k =
+- 358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+-
+-
+-kinv =
+-
+- 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+-
+-M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+-
+-SHA(M) =
+-
+- a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+-
+-
+-y =
+-
+- 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
+- 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+- 858fba33 f44c0669 9630a76b 030ee333
+-
+-
+-r =
+- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+-
+-s =
+- 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+-
+-
+-w =
+- 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+-
+-
+-u1 =
+- bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+-
+-
+-u2 =
+- 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+-
+-
+-gu1 mod p =
+-
+- 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+- 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+- 6f96662a 1987a21b e4ec1071 010b6069
+-
+-
+-yu2 mod p =
+-
+- 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+- 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
+- c19441f4 22bf3c34 08aeba1f 0a4dbec7
+-
+-v =
+- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/crypto/dso/Makefile.in b/crypto/dso/Makefile.in
deleted file mode 100644
-index e2fec28..0000000
+index e2fec28d4b22..000000000000
--- a/crypto/dso/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -43750,8 +47285,36 @@
- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/dso/README b/crypto/dso/README
+deleted file mode 100644
+index d0bc9a89fbd4..000000000000
+--- a/crypto/dso/README
++++ /dev/null
+@@ -1,22 +0,0 @@
+-NOTES
+------
+-
+-I've checked out HPUX (well, version 11 at least) and shl_t is
+-a pointer type so it's safe to use in the way it has been in
+-dso_dl.c. On the other hand, HPUX11 support dlfcn too and
+-according to their man page, prefer developers to move to that.
+-I'll leave Richard's changes there as I guess dso_dl is needed
+-for HPUX10.20.
+-
+-There is now a callback scheme in place where filename conversion can
+-(a) be turned off altogether through the use of the
+- DSO_FLAG_NO_NAME_TRANSLATION flag,
+-(b) be handled by default using the default DSO_METHOD's converter
+-(c) overriden per-DSO by setting the override callback
+-(d) a mix of (b) and (c) - eg. implement an override callback that;
+- (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
+- and if so, convert "blah" into "blah32.dll" (the default is
+- otherwise to make it "blah.dll").
+- (ii) default to the normal behaviour - we're not on win32, eg.
+- finish with (return dso->meth->dso_name_converter(dso,NULL)).
+-
diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
-index 5a138b3..bc29fb2 100644
+index 5a138b308212..bc29fb23e039 100644
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -1,59 +1,10 @@
@@ -43844,7 +47407,7 @@
}
return ((DSO_FUNC_TYPE)sym);
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
-index f1773c8..624052b 100644
+index f1773c85dabc..624052b86a31 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -1,59 +1,10 @@
@@ -43913,7 +47476,7 @@
/*
diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c
-index 136c4fe..870c80b 100644
+index 136c4fe5b414..870c80beb0a4 100644
--- a/crypto/dso/dso_err.c
+++ b/crypto/dso/dso_err.c
@@ -1,61 +1,11 @@
@@ -43986,7 +47549,7 @@
#include <stdio.h>
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
-index a6cc700..6bb9f5f 100644
+index a6cc700b2883..bea8776d71b8 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -1,59 +1,10 @@
@@ -44054,8 +47617,16 @@
*/
#include "dso_locl.h"
+@@ -88,6 +39,7 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
+ ret->references = 1;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
++ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ sk_void_free(ret->meth_data);
+ OPENSSL_free(ret);
+ return NULL;
diff --git a/crypto/dso/dso_locl.h b/crypto/dso/dso_locl.h
-index 622e69e..1976787 100644
+index 622e69ef83a2..19767871fa6f 100644
--- a/crypto/dso/dso_locl.h
+++ b/crypto/dso/dso_locl.h
@@ -1,11 +1,12 @@
@@ -44077,7 +47648,7 @@
#include "internal/cryptlib.h"
#include "internal/dso.h"
diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c
-index 62191d7..6626331 100644
+index 62191d753889..6626331e9256 100644
--- a/crypto/dso/dso_openssl.c
+++ b/crypto/dso/dso_openssl.c
@@ -1,59 +1,10 @@
@@ -44146,7 +47717,7 @@
#include "dso_locl.h"
diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c
-index 654e766..90d387e 100644
+index 654e766764fd..90d387eb5363 100644
--- a/crypto/dso/dso_vms.c
+++ b/crypto/dso/dso_vms.c
@@ -1,59 +1,10 @@
@@ -44224,7 +47795,7 @@
if (filename == NULL) {
DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
-index 01d2a72..4ac6e71 100644
+index 01d2a720204a..4ac6e7176d72 100644
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -1,59 +1,10 @@
@@ -44293,7 +47864,7 @@
#include "dso_locl.h"
diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c
-index 1248cba..6871953 100644
+index 1248cba26070..68719538fb30 100644
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@@ -1,17 +1,103 @@
@@ -44404,7 +47975,7 @@
* AG, Germany, for their BS2000 mainframe machines. Within the POSIX
diff --git a/crypto/ec/Makefile.in b/crypto/ec/Makefile.in
deleted file mode 100644
-index cc5e4b6..0000000
+index cc5e4b671f30..000000000000
--- a/crypto/ec/Makefile.in
+++ /dev/null
@@ -1,73 +0,0 @@
@@ -44482,7 +48053,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl
-index 6eafaa0..62761f8 100755
+index 6eafaa0ad35f..62761f8c9616 100755
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -1,4 +1,11 @@
@@ -44499,7 +48070,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
-index 53e974b..c5c1280 100644
+index 53e974bdd403..c5c1280755c5 100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1,4 +1,11 @@
@@ -44516,7 +48087,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl
-index 43f3c1d..3bdd2cf 100755
+index 43f3c1d7881f..3bdd2cf13f01 100755
--- a/crypto/ec/asm/ecp_nistz256-avx2.pl
+++ b/crypto/ec/asm/ecp_nistz256-avx2.pl
@@ -1,4 +1,11 @@
@@ -44533,7 +48104,7 @@
##############################################################################
# #
diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
-index 3c4b071..ed95b20 100755
+index 3c4b0711fc33..3f39088661b5 100755
--- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -44549,8 +48120,288 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -94,6 +101,7 @@ my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1");
+ my ($rp_real,$ap_real)=("%g2","%g3");
+
+ $code.=<<___;
++.type ecp_nistz256_precomputed,#object
+ .size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+ .align 64
+ .LRR: ! 2^512 mod P precomputed for NIST P256 polynomial
+@@ -115,6 +123,7 @@ $code.=<<___;
+ nop
+ ret
+ restore
++.type ecp_nistz256_to_mont,#function
+ .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+ ! void ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+@@ -129,6 +138,7 @@ $code.=<<___;
+ nop
+ ret
+ restore
++.type ecp_nistz256_from_mont,#function
+ .size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+ ! void ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+@@ -142,6 +152,7 @@ $code.=<<___;
+ nop
+ ret
+ restore
++.type ecp_nistz256_mul_mont,#function
+ .size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+ ! void ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]);
+@@ -154,6 +165,7 @@ $code.=<<___;
+ nop
+ ret
+ restore
++.type ecp_nistz256_sqr_mont,#function
+ .size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+ ___
+
+@@ -353,6 +365,7 @@ $code.=<<___;
+ st @acc[6],[$rp+24]
+ retl
+ st @acc[7],[$rp+28]
++.type __ecp_nistz256_mul_mont,#function
+ .size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+ ! void ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+@@ -372,6 +385,7 @@ $code.=<<___;
+ ld [$ap+28], at acc[7]
+ ret
+ restore
++.type ecp_nistz256_add,#function
+ .size ecp_nistz256_add,.-ecp_nistz256_add
+
+ .align 32
+@@ -422,6 +436,7 @@ $code.=<<___;
+ st @acc[6],[$rp+24]
+ retl
+ st @acc[7],[$rp+28]
++.type __ecp_nistz256_add,#function
+ .size __ecp_nistz256_add,.-__ecp_nistz256_add
+
+ ! void ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+@@ -440,6 +455,7 @@ $code.=<<___;
+ ld [$ap+28], at acc[7]
+ ret
+ restore
++.type ecp_nistz256_mul_by_2,#function
+ .size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+ .align 32
+@@ -454,6 +470,7 @@ $code.=<<___;
+ addccc @acc[7], at acc[7], at acc[7]
+ b .Lreduce_by_sub
+ subc %g0,%g0,$carry ! broadcast carry bit
++.type __ecp_nistz256_mul_by_2,#function
+ .size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
+
+ ! void ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+@@ -472,6 +489,7 @@ $code.=<<___;
+ ld [$ap+28], at acc[7]
+ ret
+ restore
++.type ecp_nistz256_mul_by_3,#function
+ .size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+ .align 32
+@@ -506,6 +524,7 @@ $code.=<<___;
+ addccc $t7, at acc[7], at acc[7]
+ b .Lreduce_by_sub
+ subc %g0,%g0,$carry ! broadcast carry bit
++.type __ecp_nistz256_mul_by_3,#function
+ .size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3
+
+ ! void ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+@@ -525,6 +544,7 @@ $code.=<<___;
+ ld [$ap+28], at acc[7]
+ ret
+ restore
++.type ecp_nistz256_sub,#function
+ .size ecp_nistz256_sub,.-ecp_nistz256_sub
+
+ ! void ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+@@ -544,6 +564,7 @@ $code.=<<___;
+ mov 0, at acc[7]
+ ret
+ restore
++.type ecp_nistz256_neg,#function
+ .size ecp_nistz256_neg,.-ecp_nistz256_neg
+
+ .align 32
+@@ -594,6 +615,7 @@ $code.=<<___;
+ st @acc[6],[$rp+24]
+ retl
+ st @acc[7],[$rp+28]
++.type __ecp_nistz256_sub_from,#function
+ .size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+ .align 32
+@@ -616,6 +638,7 @@ $code.=<<___;
+ subccc $t7, at acc[7], at acc[7]
+ b .Lreduce_by_add
+ subc %g0,%g0,$carry ! broadcast borrow bit
++.type __ecp_nistz256_sub_morf,#function
+ .size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+ ! void ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+@@ -634,6 +657,7 @@ $code.=<<___;
+ ld [$ap+28], at acc[7]
+ ret
+ restore
++.type ecp_nistz256_div_by_2,#function
+ .size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+ .align 32
+@@ -687,6 +711,7 @@ $code.=<<___;
+ st @acc[6],[$rp+24]
+ retl
+ st @acc[7],[$rp+28]
++.type __ecp_nistz256_div_by_2,#function
+ .size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+ ___
+
+@@ -816,6 +841,7 @@ SPARC_PIC_THUNK(%g1)
+
+ ret
+ restore
++.type ecp_nistz256_point_double,#function
+ .size ecp_nistz256_point_double,.-ecp_nistz256_point_double
+ ___
+ }
+@@ -1118,6 +1144,7 @@ $code.=<<___;
+ .Ladd_done:
+ ret
+ restore
++.type ecp_nistz256_point_add,#function
+ .size ecp_nistz256_point_add,.-ecp_nistz256_point_add
+ ___
+ }
+@@ -1341,6 +1368,7 @@ ___
+ $code.=<<___;
+ ret
+ restore
++.type ecp_nistz256_point_add_affine,#function
+ .size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+ ___
+ } }}}
+@@ -1416,6 +1444,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type ecp_nistz256_scatter_w5,#function
+ .size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+ ! void ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1,
+@@ -1513,6 +1542,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type ecp_nistz256_gather_w5,#function
+ .size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+ ! void ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1,
+@@ -1540,6 +1570,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type ecp_nistz256_scatter_w7,#function
+ .size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+ ! void ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1,
+@@ -1580,6 +1611,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type ecp_nistz256_gather_w7,#function
+ .size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+ ___
+ }}}
+@@ -1607,6 +1639,7 @@ $code.=<<___;
+ addxccc $acc3,$acc3,$acc3
+ b .Lreduce_by_sub_vis3
+ addxc %g0,%g0,$acc4 ! did it carry?
++.type __ecp_nistz256_mul_by_2_vis3,#function
+ .size __ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3
+
+ .align 32
+@@ -1640,6 +1673,7 @@ $code.=<<___;
+ stx $acc2,[$rp+16]
+ retl
+ stx $acc3,[$rp+24]
++.type __ecp_nistz256_add_vis3,#function
+ .size __ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3
+
+ ! Trouble with subtraction is that there is no subtraction with 64-bit
+@@ -1686,6 +1720,7 @@ $code.=<<___;
+ subc %g0,%g0,$acc4 ! did it borrow?
+ b .Lreduce_by_add_vis3
+ or $acc3,$acc5,$acc3
++.type __ecp_nistz256_sub_from_vis3,#function
+ .size __ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3
+
+ .align 32
+@@ -1744,6 +1779,7 @@ $code.=<<___;
+ stx $acc2,[$rp+16]
+ retl
+ stx $acc3,[$rp+24]
++.type __ecp_nistz256_sub_morf_vis3,#function
+ .size __ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3
+
+ .align 32
+@@ -1784,6 +1820,7 @@ $code.=<<___;
+ stx $acc2,[$rp+16]
+ retl
+ stx $acc3,[$rp+24]
++.type __ecp_nistz256_div_by_2_vis3,#function
+ .size __ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3
+
+ ! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and
+@@ -1881,6 +1918,7 @@ $code.=<<___;
+ addxccc $acc4,$t3,$acc3
+ b .Lmul_final_vis3 ! see below
+ addxc $acc5,%g0,$acc4
++.type __ecp_nistz256_mul_mont_vis3,#function
+ .size __ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3
+
+ ! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less
+@@ -2005,6 +2043,7 @@ $code.=<<___;
+ stx $acc2,[$rp+16]
+ retl
+ stx $acc3,[$rp+24]
++.type __ecp_nistz256_sqr_mont_vis3,#function
+ .size __ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3
+ ___
+
+@@ -2268,6 +2307,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type ecp_nistz256_point_double_vis3,#function
+ .size ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3
+ ___
+ }
+@@ -2688,6 +2728,7 @@ $code.=<<___;
+ .Ladd_done_vis3:
+ ret
+ restore
++.type ecp_nistz256_point_add_vis3,#function
+ .size ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3
+ ___
+ }
+@@ -3006,6 +3047,7 @@ ___
+ $code.=<<___;
+ ret
+ restore
++.type ecp_nistz256_point_add_affine_vis3,#function
+ .size ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3
+ .align 64
+ .Lone_mont_vis3:
diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl
-index 7aa9b0f..e9fa038 100755
+index 7aa9b0f78ce8..e9fa038a0b34 100755
--- a/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -1,4 +1,11 @@
@@ -44567,7 +48418,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl
-index 824d7b5..b87211d 100755
+index 824d7b51583d..cce92b99f7a2 100755
--- a/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -1,4 +1,11 @@
@@ -44583,8 +48434,17 @@
##############################################################################
# #
+@@ -60,7 +67,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
-index 3dbf4ac..e535823 100644
+index 3dbf4ac2abe1..e535823c0f75 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -1,50 +1,10 @@
@@ -44748,7 +48608,7 @@
}
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
-index c9723bf..d253eba 100644
+index c9723bff8e27..d253eba51b5a 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -1,3 +1,12 @@
@@ -44825,7 +48685,7 @@
#include <openssl/err.h>
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
-index 8c88607..4ac96fd 100644
+index 8c88607213e9..ea88ce860a9a 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -1,3 +1,12 @@
@@ -44901,8 +48761,29 @@
#include <openssl/err.h>
+@@ -378,16 +334,14 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+ }
+ }
+
++ /*
++ * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
++ * the point is on the curve.
++ */
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+ goto err;
+ }
+
+- /* test required by X9.62 */
+- if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+- goto err;
+- }
+-
+ ret = 1;
+
+ err:
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
-index 8d8d853..cfeef5f 100644
+index 8d8d85386f9c..cfeef5fc7495 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -1,3 +1,12 @@
@@ -44979,7 +48860,7 @@
#include <openssl/err.h>
diff --git a/crypto/ec/ec_25519.c b/crypto/ec/ec_25519.c
-index 3acb275..4a9e3c9 100644
+index 3acb27534431..4a9e3c9ff0db 100644
--- a/crypto/ec/ec_25519.c
+++ b/crypto/ec/ec_25519.c
@@ -1,54 +1,10 @@
@@ -44989,7 +48870,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -45020,8 +48902,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -45043,7 +48924,7 @@
#include <string.h>
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
-index ca354c0..684da95 100644
+index ca354c05cd73..6567a2f398cf 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -1,59 +1,10 @@
@@ -45111,8 +48992,17 @@
*/
#include <stdio.h>
+@@ -341,7 +292,7 @@ static int ec_security_bits(const EVP_PKEY *pkey)
+
+ static int ec_missing_parameters(const EVP_PKEY *pkey)
+ {
+- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
++ if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+ return 1;
+ return 0;
+ }
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index bc43878..9272e1f 100644
+index bc4387837d8e..9272e1f1bae9 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1,58 +1,10 @@
@@ -45180,7 +49070,7 @@
#include <string.h>
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
-index 601559f..eeb06ec 100644
+index 601559f4c488..eeb06ec1cbe3 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -1,55 +1,10 @@
@@ -45265,7 +49155,7 @@
EC_POINT_free(point);
return ret;
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
-index a95d519..6e125f4 100644
+index a95d519f475d..6e125f4bda4b 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -1,59 +1,12 @@
@@ -45323,8 +49213,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -45335,7 +49226,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
-index c995141..bfff6d6 100644
+index c9951414c994..bfff6d65f7b4 100644
--- a/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
@@ -1,59 +1,12 @@
@@ -45393,8 +49284,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -45405,7 +49297,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
-index 8e2a7fc..56aacd4 100644
+index 8e2a7fc1b051..56aacd4a0028 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,61 +1,11 @@
@@ -45604,7 +49496,7 @@
{ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"},
{ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"},
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
-index f7948cc..b3ea1b0 100644
+index f7948ccab2aa..b3ea1b046d53 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -1,59 +1,12 @@
@@ -45662,8 +49554,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -45754,7 +49647,7 @@
if (key->meth->set_private != NULL
&& key->meth->set_private(key, priv_key) == 0)
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
-index 003421e..eb469ba 100644
+index 003421eabe8e..eb469ba3adfe 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -1,54 +1,10 @@
@@ -45764,7 +49657,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -45781,8 +49675,7 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -45883,7 +49776,7 @@
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
-index 15caf4e..2cef3bc 100644
+index 15caf4ed0f73..2cef3bced4ad 100644
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -1,59 +1,12 @@
@@ -45941,8 +49834,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -45953,7 +49847,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 67e322f..d7383d6 100644
+index 67e322fbb3dd..fa74ee764477 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1,59 +1,12 @@
@@ -46011,8 +49905,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -46022,8 +49917,42 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Binary polynomial ECC support in OpenSSL originally developed by
+@@ -747,7 +700,15 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
++ if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
++ return 0;
++
++ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
++ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
++ EC_R_POINT_IS_NOT_ON_CURVE);
++ return 0;
++ }
++ return 1;
+ }
+
+ #ifndef OPENSSL_NO_EC2M
+@@ -765,7 +726,15 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
++ if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
++ return 0;
++
++ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
++ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
++ EC_R_POINT_IS_NOT_ON_CURVE);
++ return 0;
++ }
++ return 1;
+ }
+ #endif
+
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
-index 3c283e5..4215dc7 100644
+index 3c283e5ed6b5..036cdde490ba 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -1,59 +1,12 @@
@@ -46081,8 +50010,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -46092,8 +50022,24 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
+@@ -359,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ numblocks = (tmp_len + blocksize - 1) / blocksize;
+ if (numblocks > pre_comp->numblocks) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
++ OPENSSL_free(tmp_wNAF);
+ goto err;
+ }
+ totalnum = num + numblocks;
+@@ -373,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ wNAF_len[i] = blocksize;
+ if (tmp_len < blocksize) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
++ OPENSSL_free(tmp_wNAF);
+ goto err;
+ }
+ tmp_len -= blocksize;
diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c
-index d6bb62a..effc42a 100644
+index d6bb62af1572..effc42a344da 100644
--- a/crypto/ec/ec_oct.c
+++ b/crypto/ec/ec_oct.c
@@ -1,59 +1,12 @@
@@ -46151,8 +50097,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -46163,7 +50110,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Binary polynomial ECC support in OpenSSL originally developed by
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
-index bcb5063..68ff2bb 100644
+index bcb506385310..68ff2bbccf45 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -1,59 +1,10 @@
@@ -46232,7 +50179,7 @@
#include <stdio.h>
diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
-index b80ce38..1afa2ce 100644
+index b80ce384fcb5..1afa2ce875a7 100644
--- a/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
@@ -1,55 +1,10 @@
@@ -46298,7 +50245,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
-index e60574f..6cb0e11 100644
+index e60574f5f53c..6cb0e11c22b8 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -1,53 +1,10 @@
@@ -46307,7 +50254,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -46338,8 +50286,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -46361,7 +50308,7 @@
#include <string.h>
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
-index d1bebc4..715465c 100644
+index d1bebc4c4b98..715465c5fbf3 100644
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -1,3 +1,12 @@
@@ -46438,7 +50385,7 @@
#include <string.h>
#include <limits.h>
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
-index 113bcdf..6ff5a46 100644
+index 113bcdfa20f9..6ff5a462d345 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -1,58 +1,10 @@
@@ -46506,7 +50453,7 @@
#include <string.h>
diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c
-index 738c276..84a56a3 100644
+index 738c276ae97a..84a56a36d2f1 100644
--- a/crypto/ec/ecdsa_sign.c
+++ b/crypto/ec/ecdsa_sign.c
@@ -1,55 +1,10 @@
@@ -46572,7 +50519,7 @@
#include <openssl/ec.h>
diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c
-index f519b59..bc9ebf4 100644
+index f519b598070d..bc9ebf402543 100644
--- a/crypto/ec/ecdsa_vrf.c
+++ b/crypto/ec/ecdsa_vrf.c
@@ -1,58 +1,10 @@
@@ -46640,7 +50587,7 @@
#include <openssl/ec.h>
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
-index eacdb9e..c23d36f 100644
+index eacdb9ed722b..c23d36f5d849 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -1,59 +1,12 @@
@@ -46698,8 +50645,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -46710,7 +50658,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions originally developed by SUN MICROSYSTEMS, INC., and
diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
-index aa1f451..a9c6040 100644
+index aa1f45135918..a9c6040937c0 100644
--- a/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
@@ -1,59 +1,12 @@
@@ -46768,8 +50716,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -46780,7 +50729,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
-index c4729bf..615563b 100644
+index c4729bf95fc9..615563bc38e0 100644
--- a/crypto/ec/ecp_nist.c
+++ b/crypto/ec/ecp_nist.c
@@ -1,59 +1,12 @@
@@ -46838,8 +50787,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -46850,7 +50800,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
-index 78bdc35..0c11abc 100644
+index 78bdc355bd0f..0c11abc0895f 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1,6 +1,12 @@
@@ -46868,7 +50818,7 @@
*
* Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
-index 2da266c..8cd7222 100644
+index 2da266cb6ead..8cd72228540c 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1,6 +1,12 @@
@@ -46886,7 +50836,7 @@
*
* Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
-index a9b4295..7207494 100644
+index a9b4295e3061..7207494b8d77 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -1,6 +1,12 @@
@@ -46904,7 +50854,7 @@
*
* Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c
-index 01c88d8..97fb631 100644
+index 01c88d8e5b6f..97fb63100586 100644
--- a/crypto/ec/ecp_nistputil.c
+++ b/crypto/ec/ecp_nistputil.c
@@ -1,6 +1,12 @@
@@ -46922,7 +50872,7 @@
*
* Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
-index f2ef9be..f824a82 100644
+index f2ef9be7f8c0..f824a8267e54 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1,3 +1,12 @@
@@ -46952,7 +50902,7 @@
ecp_nistz256_scatter_w5 (row, &temp[0], 1);
diff --git a/crypto/ec/ecp_nistz256_table.c b/crypto/ec/ecp_nistz256_table.c
-index 216d024..3f5625c 100644
+index 216d024e0120..3f5625c6c5eb 100644
--- a/crypto/ec/ecp_nistz256_table.c
+++ b/crypto/ec/ecp_nistz256_table.c
@@ -1,4 +1,13 @@
@@ -46970,7 +50920,7 @@
* ecp_montp256.c, for the default generator. The table consists of 37
* subtables, each subtable contains 64 affine points. The affine points are
diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
-index 14f6252..299f8c5 100644
+index 14f62522cb5d..4d142a4ab96c 100644
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -1,61 +1,12 @@
@@ -47030,8 +50980,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -47041,8 +50992,29 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
+@@ -404,16 +355,14 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+ }
+ }
+
++ /*
++ * EC_POINT_set_affine_coordinates_GFp is responsible for checking that
++ * the point is on the curve.
++ */
+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+ goto err;
+ }
+
+- /* test required by X9.62 */
+- if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+- goto err;
+- }
+-
+ ret = 1;
+
+ err:
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
-index a5f3610..76e0caf 100644
+index a5f36103789b..76e0caf907ff 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -1,61 +1,12 @@
@@ -47102,8 +51074,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -47115,7 +51088,7 @@
* Portions of this software developed by SUN MICROSYSTEMS, INC.,
diff --git a/crypto/engine/Makefile.in b/crypto/engine/Makefile.in
deleted file mode 100644
-index 9f4edc6..0000000
+index 9f4edc6a4c1d..000000000000
--- a/crypto/engine/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -47173,7 +51146,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 6df6ef1..4600acb 100644
+index 6df6ef1f2423..4600acb69991 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -1,59 +1,10 @@
@@ -47242,7 +51215,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
-index 400b229..8bea37f 100644
+index 400b2291d855..8bea37fe28c7 100644
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -1,59 +1,10 @@
@@ -47311,7 +51284,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1959123..79a0641 100644
+index 195912348c9c..a2acabeeb133 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -1,4 +1,13 @@
@@ -47337,8 +51310,55 @@
if (!EVP_CIPHER_CTX_encrypting(ctx)) {
iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
+@@ -1248,8 +1257,7 @@ static void zapparams(struct crypt_kop *kop)
+ int i;
+
+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+- if (kop->crk_param[i].crp_p)
+- free(kop->crk_param[i].crp_p);
++ OPENSSL_free(kop->crk_param[i].crp_p);
+ kop->crk_param[i].crp_p = NULL;
+ kop->crk_param[i].crp_nbits = 0;
+ }
+@@ -1262,16 +1270,24 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ int fd, ret = -1;
+
+ if ((fd = get_asym_dev_crypto()) < 0)
+- return (ret);
++ return ret;
+
+ if (r) {
+- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++ kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
++ if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
++ return ret;
+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+ kop->crk_oparams++;
+ }
+ if (s) {
+ kop->crk_param[kop->crk_iparams + 1].crp_p =
+- calloc(slen, sizeof(char));
++ OPENSSL_zalloc(slen);
++ /* No need to free the kop->crk_iparams parameter if it was allocated,
++ * callers of this routine have to free allocated parameters through
++ * zapparams both in case of success and failure
++ */
++ if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
++ return ret;
+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+ kop->crk_oparams++;
+ }
+@@ -1284,7 +1300,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ ret = 0;
+ }
+
+- return (ret);
++ return ret;
+ }
+
+ static int
diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
-index c912c1d..7589c21 100644
+index c912c1d913f5..7589c21d6678 100644
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@@ -1,55 +1,10 @@
@@ -47404,7 +51424,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
-index f224255..718599f 100644
+index f224255851a0..718599f6d95a 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -1,59 +1,10 @@
@@ -47505,7 +51525,7 @@
/*
diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
-index 9a9337a..c8f628b 100644
+index 9a9337af5e57..c8f628b9cffc 100644
--- a/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
@@ -1,61 +1,11 @@
@@ -47634,7 +51654,7 @@
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
-index b331608..631aa39 100644
+index b331608a6eae..631aa39612ff 100644
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
@@ -1,56 +1,12 @@
@@ -47702,7 +51722,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
-index f3c0de9..c51a38d 100644
+index f3c0de99f9ab..c51a38dac0cf 100644
--- a/crypto/engine/eng_init.c
+++ b/crypto/engine/eng_init.c
@@ -1,55 +1,10 @@
@@ -47768,7 +51788,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index beaa878..6b6ff9f 100644
+index beaa878e36f2..6b6ff9fa4cbe 100644
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -1,60 +1,12 @@
@@ -47827,8 +51847,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -47856,7 +51877,7 @@
* (de)allocation of this structure. Hence, running_ref <= struct_ref at
* all times.
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index d0bc716..f7d0216 100644
+index d0bc716bb3cd..f7d0216efb01 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -1,59 +1,10 @@
@@ -47937,7 +51958,7 @@
}
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
-index 15ba1ca..a7252e9 100644
+index 15ba1ca33d96..a7252e930b5d 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -1,60 +1,12 @@
@@ -47996,8 +52017,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -48008,7 +52030,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
-index 0ec51bb..7e28604 100644
+index 0ec51bb7bfe1..7e2860495574 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -1,60 +1,12 @@
@@ -48067,8 +52089,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -48138,7 +52161,7 @@
static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
-index ee6ba28..305a648 100644
+index ee6ba284400b..305a648feb6a 100644
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
@@ -1,55 +1,10 @@
@@ -48204,7 +52227,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
-index b62f910..b3defcb 100644
+index b62f9109edd3..b3defcbe4fdb 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -1,50 +1,10 @@
@@ -48265,7 +52288,7 @@
#include <openssl/opensslconf.h>
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
-index 9648c0c..219253a 100644
+index 9648c0cb9488..219253a38acd 100644
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -1,55 +1,10 @@
@@ -48331,7 +52354,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
-index 28aa8e8..2a6a4ae 100644
+index 28aa8e8cd481..2a6a4ae95ed4 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -1,55 +1,10 @@
@@ -48397,7 +52420,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c
-index 7df01ca..ac49141 100644
+index 7df01caf1297..ac4914111540 100644
--- a/crypto/engine/tb_cipher.c
+++ b/crypto/engine/tb_cipher.c
@@ -1,55 +1,10 @@
@@ -48463,7 +52486,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
-index 4f68975..c6440df 100644
+index 4f68975ba54f..c6440df2076d 100644
--- a/crypto/engine/tb_dh.c
+++ b/crypto/engine/tb_dh.c
@@ -1,55 +1,10 @@
@@ -48529,7 +52552,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c
-index 03096b3..194b9c7 100644
+index 03096b30faec..194b9c7e8944 100644
--- a/crypto/engine/tb_digest.c
+++ b/crypto/engine/tb_digest.c
@@ -1,55 +1,10 @@
@@ -48595,7 +52618,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
-index adfb11f..fdb80cd 100644
+index adfb11fe3736..fdb80cd79f7e 100644
--- a/crypto/engine/tb_dsa.c
+++ b/crypto/engine/tb_dsa.c
@@ -1,55 +1,10 @@
@@ -48661,7 +52684,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c
-index 7c05c01..75750b2 100644
+index 7c05c01d10c5..75750b29fca0 100644
--- a/crypto/engine/tb_eckey.c
+++ b/crypto/engine/tb_eckey.c
@@ -1,55 +1,10 @@
@@ -48727,7 +52750,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c
-index 947e139..2e82d85 100644
+index 947e139e2ffb..2e82d8551efb 100644
--- a/crypto/engine/tb_pkmeth.c
+++ b/crypto/engine/tb_pkmeth.c
@@ -1,55 +1,10 @@
@@ -48793,7 +52816,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
-index b67cff5..225e7c8 100644
+index b67cff54f5a2..225e7c81dccd 100644
--- a/crypto/engine/tb_rand.c
+++ b/crypto/engine/tb_rand.c
@@ -1,55 +1,10 @@
@@ -48859,7 +52882,7 @@
#include "eng_int.h"
diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
-index 4405d67..e2cc680 100644
+index 4405d678f3f6..e2cc680a9c8d 100644
--- a/crypto/engine/tb_rsa.c
+++ b/crypto/engine/tb_rsa.c
@@ -1,55 +1,10 @@
@@ -48926,7 +52949,7 @@
#include "eng_int.h"
diff --git a/crypto/err/Makefile.in b/crypto/err/Makefile.in
deleted file mode 100644
-index c12ea3f..0000000
+index c12ea3ffd820..000000000000
--- a/crypto/err/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -48973,8 +52996,58 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/err/README b/crypto/err/README
+new file mode 100644
+index 000000000000..6d2ce0cd0ee8
+--- /dev/null
++++ b/crypto/err/README
+@@ -0,0 +1,44 @@
++Adding new libraries
++--------------------
++
++When adding a new sub-library to OpenSSL, assign it a library number
++ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its
++name to ERR_str_libraries[] (in crypto/err/err.c), and add
++ERR_load_XXX_strings() to the ERR_load_crypto_strings() function
++(in crypto/err/err_all.c). Finally, add an entry:
++
++ L XXX xxx.h xxx_err.c
++
++to crypto/err/openssl.ec, and add xxx_err.c to the Makefile.
++Running make errors will then generate a file xxx_err.c, and
++add all error codes used in the library to xxx.h.
++
++Additionally the library include file must have a certain form.
++Typically it will initially look like this:
++
++ #ifndef HEADER_XXX_H
++ #define HEADER_XXX_H
++
++ #ifdef __cplusplus
++ extern "C" {
++ #endif
++
++ /* Include files */
++
++ #include <openssl/bio.h>
++ #include <openssl/x509.h>
++
++ /* Macros, structures and function prototypes */
++
++
++ /* BEGIN ERROR CODES */
++
++The BEGIN ERROR CODES sequence is used by the error code
++generation script as the point to place new error codes, any text
++after this point will be overwritten when make errors is run.
++The closing #endif etc will be automatically added by the script.
++
++The generated C error code file xxx_err.c will load the header
++files stdio.h, openssl/err.h and openssl/xxx.h so the
++header file must load any additional header files containing any
++definitions it uses.
diff --git a/crypto/err/err.c b/crypto/err/err.c
-index b0fd19e..9b679d9 100644
+index b0fd19e7ae29..9b679d9b4861 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -1,118 +1,16 @@
@@ -49169,7 +53242,7 @@
#endif
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
-index 97078b4..f617dd1 100644
+index 97078b4e1a0c..f617dd1a0da7 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -1,58 +1,10 @@
@@ -49238,7 +53311,7 @@
#include <stdio.h>
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
-index 0f7d40c..c7dc1d1 100644
+index 0f7d40c39820..c7dc1d151a42 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -1,63 +1,14 @@
@@ -49312,7 +53385,7 @@
#include <openssl/crypto.h>
#include <openssl/buffer.h>
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
-index a969d7a..1abd774 100644
+index a969d7a29083..1abd7742dccd 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -28,11 +28,10 @@ L ENGINE include/openssl/engine.h crypto/engine/eng_err.c
@@ -49331,7 +53404,7 @@
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
diff --git a/crypto/evp/Makefile.in b/crypto/evp/Makefile.in
deleted file mode 100644
-index 15080d0..0000000
+index 15080d018c36..000000000000
--- a/crypto/evp/Makefile.in
+++ /dev/null
@@ -1,68 +0,0 @@
@@ -49404,13 +53477,15 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
-index cdb50b4..9067848 100644
+index cdb50b458452..9067848578d3 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -49458,9 +53533,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -49491,13 +53564,15 @@
BIO_set_init(bi, 1);
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
-index ad94ba4..5a4d9c5 100644
+index ad94ba4e5c8b..5a4d9c5d8749 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -49545,9 +53620,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -49560,13 +53633,15 @@
#include <stdio.h>
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
-index 46c5583..cd968ec 100644
+index 46c558335160..cd968ec2d475 100644
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -49614,9 +53689,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -49629,7 +53702,7 @@
#include <stdio.h>
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
-index 0ac1a31..33066e8 100644
+index 0ac1a31a63f4..33066e8d8319 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -1,58 +1,10 @@
@@ -49709,7 +53782,7 @@
BIO_set_data(bi, ctx);
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
-index ac172e8..6ed31ed 100644
+index ac172e84c4e3..6ed31edbcb6d 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -1,58 +1,10 @@
@@ -49790,7 +53863,7 @@
EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
#endif
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
-index 1612c2f..ec79734 100644
+index 1612c2f2ac3c..ec79734e6763 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -1,58 +1,10 @@
@@ -49859,7 +53932,7 @@
#include <stdio.h>
diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
-index 33944e1..e2295c4 100644
+index 33944e1894b6..e2295c4dc589 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -1,59 +1,10 @@
@@ -49928,7 +54001,7 @@
#include <string.h>
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index aee8127..c594a0a 100644
+index aee8127d0057..c594a0a63817 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,111 +1,10 @@
@@ -50072,7 +54145,7 @@
}
ctx->digest = type;
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
-index f0e410f..cfa65b8 100644
+index f0e410fc20b7..cfa65b8e33f1 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,51 +1,10 @@
@@ -50186,7 +54259,7 @@
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index 4d8c973..be1deaa 100644
+index 4d8c973c5ff9..be1deaa474d7 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,50 +1,10 @@
@@ -50274,7 +54347,7 @@
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
-index 075a8e8..b89d873 100644
+index 075a8e8cf70f..b89d873cc19d 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -1,50 +1,10 @@
@@ -50362,7 +54435,7 @@
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
-index 108a80b..dc38690 100644
+index 108a80b17c0d..dc386905c5cb 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -1,58 +1,10 @@
@@ -50431,7 +54504,7 @@
#include <stdio.h>
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
-index 0d9f7f1..b50fa0b 100644
+index 0d9f7f195155..b50fa0b96d6f 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,55 +1,10 @@
@@ -50497,7 +54570,7 @@
#include <openssl/opensslconf.h>
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
-index e4df25f..259d440 100644
+index e4df25f0588c..259d44059b20 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -1,58 +1,10 @@
@@ -50566,7 +54639,7 @@
#include <stdio.h>
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
-index c3c72a1..26fefd9 100644
+index c3c72a1665bd..26fefd9781b2 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -1,51 +1,10 @@
@@ -50666,13 +54739,15 @@
return 1;
}
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
-index ebdaadf..9b2facf 100644
+index ebdaadf6d622..9b2facfecfce 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -50720,9 +54795,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -50735,13 +54808,15 @@
#include <stdio.h>
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
-index 100ae3c..e21c045 100644
+index 100ae3c4f774..e21c045307c1 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -50789,9 +54864,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -50804,13 +54877,15 @@
#include <stdio.h>
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
-index 38e0c0a..93f6a41 100644
+index 38e0c0a77b05..93f6a4131fa8 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -50858,9 +54933,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -50891,7 +54964,7 @@
BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
0, idea_init_key, NULL,
diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
-index 7843196..0dfc48a 100644
+index 784319645588..0dfc48abf5a1 100644
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -1,58 +1,10 @@
@@ -50960,7 +55033,7 @@
#include <stdio.h>
diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c
-index 5f0cbee..927908f 100644
+index 5f0cbeef9af5..927908f87176 100644
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
@@ -1,59 +1,10 @@
@@ -51029,7 +55102,7 @@
#include <openssl/opensslconf.h>
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
-index 8a56723..8286424 100644
+index 8a56723c7e3d..8286424bb50e 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -1,58 +1,10 @@
@@ -51098,7 +55171,7 @@
#include <stdio.h>
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
-index be6b6a0..1a2895f 100644
+index be6b6a0d6688..1a2895f1d1fa 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -1,58 +1,10 @@
@@ -51167,7 +55240,7 @@
#include <stdio.h>
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
-index ded3090..28b12c7 100644
+index ded3090eb40d..28b12c7c26a8 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -1,50 +1,10 @@
@@ -51238,7 +55311,7 @@
# endif
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
-index 58980f5..1bc8141 100644
+index 58980f56defb..1bc8141e21b2 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -1,58 +1,10 @@
@@ -51307,7 +55380,7 @@
#include <stdio.h>
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
-index 6964b1e..40aec5f 100644
+index 6964b1e5b63d..40aec5fc6ac0 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -1,55 +1,10 @@
@@ -51383,7 +55456,7 @@
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
-index 92fe893..effaf5c 100644
+index 92fe893d7e4c..effaf5cc6173 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -1,58 +1,10 @@
@@ -51452,13 +55525,15 @@
#include <stdio.h>
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
-index ed85f89..bd2bbc0 100644
+index ed85f8933bc0..bd2bbc0b099a 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -1,61 +1,14 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -51506,9 +55581,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -51562,7 +55635,7 @@
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
-index 45e82c9..71d13b8 100644
+index 45e82c92462f..71d13b8df075 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -1,59 +1,10 @@
@@ -51631,7 +55704,7 @@
#include <stdio.h>
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index d7cc1f4..acb6b8b 100644
+index d7cc1f453c41..acb6b8bead94 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,58 +1,10 @@
@@ -51718,7 +55791,7 @@
ctx->buf_len += inl;
*outl = 0;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
-index 3b77e3b..c9c9dc7 100644
+index 3b77e3b864f4..c9c9dc7dcc13 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,61 +1,11 @@
@@ -51923,13 +55996,15 @@
};
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
-index 995d355..8a4297c 100644
+index 995d35503ca0..8a4297cf6eaa 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -51977,9 +56052,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -51992,7 +56065,7 @@
#include <stdio.h>
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
-index bc24d5a..4333fb9 100644
+index bc24d5a76593..4333fb97c245 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -1,58 +1,10 @@
@@ -52061,7 +56134,7 @@
#include <stdio.h>
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
-index c85a46a..7f3526f 100644
+index c85a46a4c811..7f3526f1ba43 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -1,59 +1,10 @@
@@ -52130,7 +56203,7 @@
/* EVP_MD_CTX related stuff */
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
-index ddf9bff..623f447 100644
+index ddf9bff93e59..623f4473876c 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -1,59 +1,10 @@
@@ -52199,7 +56272,7 @@
#include <stdio.h>
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
-index a44d972..c84ddc3 100644
+index a44d972925ce..c84ddc3f6367 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -1,59 +1,10 @@
@@ -52268,7 +56341,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
-index 0e83dfe..c4e28ae 100644
+index 0e83dfec107a..c4e28ae17af2 100644
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -1,58 +1,10 @@
@@ -52337,7 +56410,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
-index 933d82a..f3decaa 100644
+index 933d82af78c3..f3decaaf0fc7 100644
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -1,58 +1,10 @@
@@ -52406,7 +56479,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
-index b28be91..f4dc0c4 100644
+index b28be91edd65..f4dc0c43f406 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -1,58 +1,10 @@
@@ -52475,7 +56548,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c
-index 6367dc7..1213ff6 100644
+index 6367dc7a6f5c..1213ff64a6d8 100644
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
@@ -1,54 +1,10 @@
@@ -52485,7 +56558,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -52516,8 +56590,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -52539,7 +56612,7 @@
#if !defined(OPENSSL_NO_MD5)
diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
-index f7fa600..b7f0fd8 100644
+index f7fa60022b4b..b7f0fd8c19e4 100644
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -1,58 +1,10 @@
@@ -52608,7 +56681,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c
-index 0fc8c99..6c4daf5 100644
+index 0fc8c9916e6c..6c4daf56b1b2 100644
--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
@@ -1,58 +1,10 @@
@@ -52677,7 +56750,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
-index d4488be..07b46bd 100644
+index d4488bec0e79..07b46bd51887 100644
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -1,58 +1,10 @@
@@ -52746,13 +56819,15 @@
#include <stdio.h>
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
-index e673e41..4f00956 100644
+index e673e417255e..4f009560b338 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -52800,9 +56875,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -52815,7 +56888,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 0fe223f..3b74f72 100644
+index 0fe223fd3fe3..3b74f7229515 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -1,59 +1,10 @@
@@ -52884,7 +56957,7 @@
#include <stdio.h>
diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c
-index 12b7765..94fac22 100644
+index 12b7765ece62..94fac226b69f 100644
--- a/crypto/evp/m_wp.c
+++ b/crypto/evp/m_wp.c
@@ -1,3 +1,11 @@
@@ -52900,7 +56973,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
diff --git a/crypto/evp/names.c b/crypto/evp/names.c
-index 2e8281a..a92be1f 100644
+index 2e8281a3ff43..a92be1fedf18 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -1,58 +1,10 @@
@@ -52969,7 +57042,7 @@
#include <stdio.h>
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
-index 7900e28..7e55d0b 100644
+index 7900e2873f15..7e55d0bfb817 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -1,59 +1,10 @@
@@ -53038,7 +57111,7 @@
#include <stdio.h>
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
-index 76dcf02..2e45aa3 100644
+index 76dcf02ad145..2e45aa3bd8ec 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -1,60 +1,12 @@
@@ -53097,8 +57170,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -53118,7 +57192,7 @@
EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
goto err;
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
-index 5729ed7..6171bb9 100644
+index 5729ed7ac329..6171bb977e4c 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -1,58 +1,10 @@
@@ -53187,7 +57261,7 @@
#include <stdio.h>
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
-index f1fc818..645f973 100644
+index f1fc818750d1..645f973ceacf 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -1,58 +1,10 @@
@@ -53256,13 +57330,15 @@
#include <stdio.h>
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
-index a8fa301..0b7884f 100644
+index a8fa301b31c4..0b50d3210e55 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -53310,9 +57386,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -53324,7 +57398,22 @@
*/
#include <stdio.h>
-@@ -196,10 +148,16 @@ EVP_PKEY *EVP_PKEY_new(void)
+@@ -132,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
+ goto err;
+ }
++
++ if (!EVP_PKEY_missing_parameters(to)) {
++ if (EVP_PKEY_cmp_parameters(to, from) == 1)
++ return 1;
++ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
++ return 0;
++ }
++
+ if (from->ameth && from->ameth->param_copy)
+ return from->ameth->param_copy(to, from);
+ err:
+@@ -196,10 +156,16 @@ EVP_PKEY *EVP_PKEY_new(void)
return ret;
}
@@ -53344,7 +57433,7 @@
/*
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
-index 7f9c733..b65bc74 100644
+index 7f9c7337b2c0..b65bc74ed142 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -1,58 +1,10 @@
@@ -53413,7 +57502,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
-index d802d84..faa2464 100644
+index d802d84b8f3c..faa246483ba4 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -1,58 +1,10 @@
@@ -53482,7 +57571,7 @@
#include <stdio.h>
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
-index 46d2dcc..6cb442e 100644
+index 46d2dccffce1..6cb442e4f91d 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -1,58 +1,10 @@
@@ -53551,7 +57640,7 @@
#include <stdio.h>
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
-index 631ce35..6e8c565 100644
+index 631ce352f727..6e8c565dfd6b 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -1,58 +1,10 @@
@@ -53620,7 +57709,7 @@
#include <stdio.h>
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
-index 872947a..8ff50da 100644
+index 872947a6aa50..8ff50da33a23 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -1,59 +1,10 @@
@@ -53689,7 +57778,7 @@
#include <stdio.h>
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
-index 6d58f1b..6adc3a9 100644
+index 6d58f1b05e0b..6adc3a9c1986 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -1,59 +1,10 @@
@@ -53758,7 +57847,7 @@
#include <stdio.h>
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 08466ef..2e5e932 100644
+index 08466efe9fed..2e5e93294130 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1,59 +1,10 @@
@@ -53827,7 +57916,7 @@
#include <stdio.h>
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c
-index f9b368b..101bb1e 100644
+index f9b368b365b0..101bb1edbd48 100644
--- a/crypto/evp/scrypt.c
+++ b/crypto/evp/scrypt.c
@@ -1,59 +1,10 @@
@@ -53896,7 +57985,7 @@
#include <stddef.h>
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
-index ca1c204..0666393 100644
+index ca1c204f38e1..0666393900b4 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -1,115 +1,13 @@
@@ -54023,7 +58112,7 @@
/*
diff --git a/crypto/fips_err.h b/crypto/fips_err.h
deleted file mode 100644
-index b2fcabd..0000000
+index b2fcabd55046..000000000000
--- a/crypto/fips_err.h
+++ /dev/null
@@ -1,226 +0,0 @@
@@ -54255,7 +58344,7 @@
-}
diff --git a/crypto/fips_ers.c b/crypto/fips_ers.c
deleted file mode 100644
-index ad6935f..0000000
+index ad6935f7fe96..000000000000
--- a/crypto/fips_ers.c
+++ /dev/null
@@ -1,7 +0,0 @@
@@ -54268,7 +58357,7 @@
-#endif
diff --git a/crypto/hmac/Makefile.in b/crypto/hmac/Makefile.in
deleted file mode 100644
-index 2da801c..0000000
+index 2da801ccdaea..000000000000
--- a/crypto/hmac/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -54316,7 +58405,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
-index 98e73e9..714068d 100644
+index 98e73e937ff8..714068dc6860 100644
--- a/crypto/hmac/hm_ameth.c
+++ b/crypto/hmac/hm_ameth.c
@@ -1,59 +1,10 @@
@@ -54385,7 +58474,7 @@
#include <stdio.h>
diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
-index 268b48d..5b98477 100644
+index 268b48dbce6f..5b98477f9cfc 100644
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -1,59 +1,10 @@
@@ -54513,7 +58602,7 @@
}
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
-index 9504aad..848b581 100644
+index 9504aada943b..da7f58688f1e 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -1,58 +1,10 @@
@@ -54590,8 +58679,17 @@
{
return EVP_MD_size((ctx)->md);
}
+@@ -189,7 +141,7 @@ static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+ EVP_MD_CTX_reset(ctx->md_ctx);
+ ctx->md = NULL;
+ ctx->key_length = 0;
+- memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK));
++ OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
+ }
+
+ void HMAC_CTX_free(HMAC_CTX *ctx)
diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_lcl.h
-index f93e61f..4c156dc 100644
+index f93e61fd745c..4c156dc126c2 100644
--- a/crypto/hmac/hmac_lcl.h
+++ b/crypto/hmac/hmac_lcl.h
@@ -1,59 +1,12 @@
@@ -54662,10 +58760,17 @@
# define HEADER_HMAC_LCL_H
diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
-index bf5abc3..f942648 100644
+index bf5abc3be379..ffd6d6ca6f13 100644
--- a/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
-@@ -2,6 +2,12 @@
+@@ -1,7 +1,19 @@
++// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
++//
++// Licensed under the OpenSSL license (the "License"). You may not use
++// this file except in compliance with the License. You can obtain a copy
++// in the file LICENSE in the source distribution or at
++// https://www.openssl.org/source/license.html
+ // Works on all IA-64 platforms: Linux, HP-UX, Win64i...
// On Win64i compile with ias.exe.
.text
@@ -54678,7 +58783,7 @@
.global OPENSSL_cpuid_setup#
.proc OPENSSL_cpuid_setup#
OPENSSL_cpuid_setup:
-@@ -131,9 +137,7 @@ OPENSSL_wipe_cpu:
+@@ -131,9 +143,7 @@
.proc OPENSSL_cleanse#
OPENSSL_cleanse:
{ .mib; cmp.eq p6,p0=0,r33 // len==0
@@ -54689,7 +58794,7 @@
(p6) br.ret.spnt b0 };;
{ .mib; and r2=7,r32
cmp.leu p6,p0=15,r33 // len>=15
-@@ -166,14 +170,51 @@ OPENSSL_cleanse:
+@@ -166,14 +176,51 @@
(p6) br.ret.sptk.many b0 };;
.endp OPENSSL_cleanse#
@@ -54745,7 +58850,7 @@
{ .mmi; mov r8=ar.itc;;
mov r10=r0
mov r9=r8 };;
-@@ -208,10 +249,7 @@ OPENSSL_instrument_bus:
+@@ -208,10 +255,7 @@
.proc OPENSSL_instrument_bus2#
OPENSSL_instrument_bus2:
{ .mmi; mov r2=r33 // put aside cnt
@@ -54759,7 +58864,7 @@
mov r9=r8 };;
diff --git a/crypto/idea/Makefile.in b/crypto/idea/Makefile.in
deleted file mode 100644
-index 61ab62b..0000000
+index 61ab62b713ea..000000000000
--- a/crypto/idea/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -54807,7 +58912,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c
-index 5cdcc64..a70a868 100644
+index 5cdcc64a672c..a70a8682a780 100644
--- a/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
@@ -1,58 +1,10 @@
@@ -54876,13 +58981,15 @@
#include <openssl/idea.h>
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
-index f6ed632..daf467e 100644
+index f6ed63274930..daf467eb5c26 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -54930,9 +59037,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -54945,7 +59050,7 @@
#include <openssl/idea.h>
diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c
-index 9ab64b7..2208287 100644
+index 9ab64b7dcaee..2208287e3216 100644
--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
@@ -1,58 +1,10 @@
@@ -55014,13 +59119,15 @@
#include <openssl/idea.h>
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
-index 174f635..997a7b8 100644
+index 174f6354d615..997a7b88edf4 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -55068,9 +59175,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -55083,7 +59188,7 @@
#include <openssl/idea.h>
diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
-index c86140f..0285324 100644
+index c86140ffba10..02853246dca4 100644
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -1,58 +1,10 @@
@@ -55152,13 +59257,15 @@
#include <openssl/idea.h>
diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h
-index 9be76cd..f227d0d 100644
+index 9be76cdc5308..f227d0db3216 100644
--- a/crypto/idea/idea_lcl.h
+++ b/crypto/idea/idea_lcl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -55206,9 +59313,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -55220,8 +59325,26 @@
*/
/*
+diff --git a/crypto/idea/version b/crypto/idea/version
+deleted file mode 100644
+index 3f2229379549..000000000000
+--- a/crypto/idea/version
++++ /dev/null
+@@ -1,12 +0,0 @@
+-1.1 07/12/95 - eay
+- Many thanks to Rhys Weatherley <rweather at us.oracle.com>
+- for pointing out that I was assuming little endian byte
+- order for all quantities what idea actually used
+- bigendian. No where in the spec does it mention
+- this, it is all in terms of 16 bit numbers and even the example
+- does not use byte streams for the input example :-(.
+- If you byte swap each pair of input, keys and iv, the functions
+- would produce the output as the old version :-(.
+-
+-1.0 ??/??/95 - eay
+- First version.
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
-index 0b38eaa..4524fe2 100644
+index 0b38eaa38071..1bd1fab82fda 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -1,59 +1,10 @@
@@ -55289,8 +59412,21 @@
*/
/* Internal ASN1 structures and functions: not for application use */
+@@ -108,10 +59,10 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+ extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+ extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+ extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
++extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
+ extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+ extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+-extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
++extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+
+ /*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
diff --git a/crypto/include/internal/async.h b/crypto/include/internal/async.h
-index 76fe4d1..db56258 100644
+index 76fe4d1399a0..db56258f29eb 100644
--- a/crypto/include/internal/async.h
+++ b/crypto/include/internal/async.h
@@ -1,58 +1,10 @@
@@ -55358,7 +59494,7 @@
#include <openssl/async.h>
diff --git a/crypto/include/internal/bn_conf.h.in b/crypto/include/internal/bn_conf.h.in
-index e25a435..ec6e4f6 100644
+index e25a435726f9..ec6e4f6c1b5e 100644
--- a/crypto/include/internal/bn_conf.h.in
+++ b/crypto/include/internal/bn_conf.h.in
@@ -1,56 +1,11 @@
@@ -55425,7 +59561,7 @@
#ifndef HEADER_BN_CONF_H
diff --git a/crypto/include/internal/bn_dh.h b/crypto/include/internal/bn_dh.h
-index 3810514..b4bca40 100644
+index 3810514eef02..b4bca40c58a3 100644
--- a/crypto/include/internal/bn_dh.h
+++ b/crypto/include/internal/bn_dh.h
@@ -1,3 +1,12 @@
@@ -55442,7 +59578,7 @@
const extern BIGNUM _bignum_dh##x##_p; \
const extern BIGNUM _bignum_dh##x##_g; \
diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h
-index 8ea5193..9c984ba 100644
+index 8ea51936068f..9c984ba78183 100644
--- a/crypto/include/internal/bn_int.h
+++ b/crypto/include/internal/bn_int.h
@@ -1,55 +1,10 @@
@@ -55508,7 +59644,7 @@
#ifndef HEADER_BN_INT_H
diff --git a/crypto/include/internal/bn_srp.h b/crypto/include/internal/bn_srp.h
-index 153c8cd..d4b282a 100644
+index 153c8cde12eb..d4b282a6bbbe 100644
--- a/crypto/include/internal/bn_srp.h
+++ b/crypto/include/internal/bn_srp.h
@@ -1,3 +1,11 @@
@@ -55524,7 +59660,7 @@
#ifndef OPENSSL_NO_SRP
diff --git a/crypto/include/internal/chacha.h b/crypto/include/internal/chacha.h
-index dacbdf5..7d4366e 100644
+index dacbdf59dc65..7d4366ea2533 100644
--- a/crypto/include/internal/chacha.h
+++ b/crypto/include/internal/chacha.h
@@ -1,51 +1,10 @@
@@ -55586,7 +59722,7 @@
#ifndef HEADER_CHACHA_H
diff --git a/crypto/include/internal/cryptlib.h b/crypto/include/internal/cryptlib.h
-index 5fc7f0d..f2377d1 100644
+index 5fc7f0dd7e8b..f2377d1c932d 100644
--- a/crypto/include/internal/cryptlib.h
+++ b/crypto/include/internal/cryptlib.h
@@ -1,58 +1,10 @@
@@ -55664,7 +59800,7 @@
}
#endif
diff --git a/crypto/include/internal/cryptlib_int.h b/crypto/include/internal/cryptlib_int.h
-index a38ac18..aa02ddc 100644
+index a38ac18d1f80..aa02ddcd1757 100644
--- a/crypto/include/internal/cryptlib_int.h
+++ b/crypto/include/internal/cryptlib_int.h
@@ -1,58 +1,10 @@
@@ -55741,7 +59877,7 @@
*/
# define OPENSSL_INIT_ZLIB 0x00010000L
diff --git a/crypto/include/internal/dso_conf.h.in b/crypto/include/internal/dso_conf.h.in
-index e78e727..daa5e24 100644
+index e78e727bc310..daa5e247a391 100644
--- a/crypto/include/internal/dso_conf.h.in
+++ b/crypto/include/internal/dso_conf.h.in
@@ -1,56 +1,11 @@
@@ -55808,7 +59944,7 @@
#ifndef HEADER_DSO_CONF_H
diff --git a/crypto/include/internal/engine.h b/crypto/include/internal/engine.h
-index fffce40..977cf06 100644
+index fffce40140f1..977cf06d434f 100644
--- a/crypto/include/internal/engine.h
+++ b/crypto/include/internal/engine.h
@@ -1,55 +1,10 @@
@@ -55874,7 +60010,7 @@
#include <openssl/engine.h>
diff --git a/crypto/include/internal/err_int.h b/crypto/include/internal/err_int.h
-index 7f1037e..749a8db 100644
+index 7f1037e939f1..749a8db2622f 100644
--- a/crypto/include/internal/err_int.h
+++ b/crypto/include/internal/err_int.h
@@ -1,11 +1,10 @@
@@ -55900,7 +60036,7 @@
#endif
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
-index ca130c2..1c35319 100644
+index ca130c26a418..1c3531992180 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -1,59 +1,10 @@
@@ -55969,7 +60105,7 @@
struct evp_pkey_ctx_st {
diff --git a/crypto/include/internal/md32_common.h b/crypto/include/internal/md32_common.h
-index 156fa3a..21133a3 100644
+index 156fa3aeba49..21133a37d71b 100644
--- a/crypto/include/internal/md32_common.h
+++ b/crypto/include/internal/md32_common.h
@@ -1,51 +1,10 @@
@@ -56040,7 +60176,7 @@
* which is why it was moved to common header file.
*
diff --git a/crypto/include/internal/objects.h b/crypto/include/internal/objects.h
-index 86000b6..76e1b4d 100644
+index 86000b6db2e8..76e1b4d98838 100644
--- a/crypto/include/internal/objects.h
+++ b/crypto/include/internal/objects.h
@@ -1,9 +1,10 @@
@@ -56059,7 +60195,7 @@
#include <openssl/objects.h>
diff --git a/crypto/include/internal/poly1305.h b/crypto/include/internal/poly1305.h
-index 8e2cac5..1bc8716 100644
+index 8e2cac521507..1bc8716fca27 100644
--- a/crypto/include/internal/poly1305.h
+++ b/crypto/include/internal/poly1305.h
@@ -1,52 +1,12 @@
@@ -56123,7 +60259,7 @@
#define POLY1305_BLOCK_SIZE 16
diff --git a/crypto/include/internal/rand.h b/crypto/include/internal/rand.h
-index be92fa1..30887c4 100644
+index be92fa19ec2f..30887c4a7cbf 100644
--- a/crypto/include/internal/rand.h
+++ b/crypto/include/internal/rand.h
@@ -1,4 +1,13 @@
@@ -56141,7 +60277,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
-index ee49f2a..d8ec623 100644
+index ee49f2aa4ace..6df291980207 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -1,59 +1,10 @@
@@ -56218,8 +60354,14 @@
X509_NAME *issuer; /* CRL issuer name */
ASN1_TIME *lastUpdate; /* lastUpdate field */
ASN1_TIME *nextUpdate; /* nextUpdate field: optional */
+@@ -312,3 +263,5 @@ struct x509_object_st {
+ EVP_PKEY *pkey;
+ } data;
+ };
++
++int a2i_ipadd(unsigned char *ipout, const char *ipasc);
diff --git a/crypto/init.c b/crypto/init.c
-index 48f74c4..2344f99 100644
+index 48f74c496c0c..2344f991d2fc 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,61 +1,12 @@
@@ -56303,7 +60445,7 @@
OPENSSL_free(locals);
diff --git a/crypto/kdf/Makefile.in b/crypto/kdf/Makefile.in
deleted file mode 100644
-index 5ab2cbf..0000000
+index 5ab2cbfe5495..000000000000
--- a/crypto/kdf/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -56361,7 +60503,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
-index bbe4334..00b95b5 100644
+index bbe4334fa594..00b95b5a8840 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -1,49 +1,10 @@
@@ -56421,7 +60563,7 @@
#include <stdlib.h>
diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
-index b0321c5..6707a52 100644
+index b0321c51bde4..6707a52ba719 100644
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
@@ -1,61 +1,11 @@
@@ -56494,7 +60636,7 @@
#include <stdio.h>
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
-index 4b40c88..fa13732 100644
+index 4b40c88ce741..fa13732bbf92 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -1,59 +1,10 @@
@@ -56564,7 +60706,7 @@
#include <stdio.h>
diff --git a/crypto/lhash/Makefile.in b/crypto/lhash/Makefile.in
deleted file mode 100644
-index 9b9281f..0000000
+index 9b9281f8abff..000000000000
--- a/crypto/lhash/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -56612,13 +60754,15 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
-index cad3a61..7337832 100644
+index cad3a616aba4..7337832422d6 100644
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -56666,9 +60810,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -56767,13 +60909,15 @@
unsigned int i;
unsigned long total = 0, n_used = 0;
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
-index 60e9223..3e58eea 100644
+index 60e9223b59dc..3e58eea9c58b 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -1,124 +1,39 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -56821,9 +60965,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57109,7 +61251,7 @@
}
diff --git a/crypto/lhash/lhash_lcl.h b/crypto/lhash/lhash_lcl.h
new file mode 100644
-index 0000000..eb4a1a3
+index 000000000000..eb4a1a3f65fe
--- /dev/null
+++ b/crypto/lhash/lhash_lcl.h
@@ -0,0 +1,42 @@
@@ -57156,7 +61298,7 @@
+ int error;
+};
diff --git a/crypto/lhash/num.pl b/crypto/lhash/num.pl
-index 4440a99..8a8c42c 100644
+index 4440a992dccd..8a8c42c8a030 100644
--- a/crypto/lhash/num.pl
+++ b/crypto/lhash/num.pl
@@ -1,4 +1,10 @@
@@ -57173,7 +61315,7 @@
diff --git a/crypto/md2/Makefile.in b/crypto/md2/Makefile.in
deleted file mode 100644
-index 16bfea7..0000000
+index 16bfea7babd8..000000000000
--- a/crypto/md2/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -57221,13 +61363,15 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
-index 80dec23..b43cd4f 100644
+index 80dec2325f25..b43cd4f489bb 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -57275,9 +61419,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57290,13 +61432,15 @@
#include <stdio.h>
diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
-index ad643ee..460f96e 100644
+index ad643eee153c..460f96e475a5 100644
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -57344,9 +61488,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57360,7 +61502,7 @@
#include <stdio.h>
diff --git a/crypto/md4/Makefile.in b/crypto/md4/Makefile.in
deleted file mode 100644
-index f63c611..0000000
+index f63c611dae34..000000000000
--- a/crypto/md4/Makefile.in
+++ /dev/null
@@ -1,44 +0,0 @@
@@ -57409,13 +61551,15 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c
-index ab1e55b..5319618 100644
+index ab1e55b64a62..5319618615e3 100644
--- a/crypto/md4/md4_dgst.c
+++ b/crypto/md4/md4_dgst.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -57463,9 +61607,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57478,13 +61620,15 @@
#include <stdio.h>
diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h
-index 7e9701c..6aec556 100644
+index 7e9701c1dafa..6aec55626660 100644
--- a/crypto/md4/md4_locl.h
+++ b/crypto/md4/md4_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -57532,9 +61676,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57547,7 +61689,7 @@
#include <stdlib.h>
diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
-index efcf2c6..9f0989f 100644
+index efcf2c6c5f23..9f0989fad6af 100644
--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
@@ -1,58 +1,10 @@
@@ -57615,9 +61757,93 @@
*/
#include <stdio.h>
+diff --git a/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp
+deleted file mode 100644
+index c0ec97fc9f9b..000000000000
+--- a/crypto/md4/md4s.cpp
++++ /dev/null
+@@ -1,78 +0,0 @@
+-//
+-// gettsc.inl
+-//
+-// gives access to the Pentium's (secret) cycle counter
+-//
+-// This software was written by Leonard Janke (janke at unixg.ubc.ca)
+-// in 1996-7 and is entered, by him, into the public domain.
+-
+-#if defined(__WATCOMC__)
+-void GetTSC(unsigned long&);
+-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+-#elif defined(__GNUC__)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- asm volatile(".byte 15, 49\n\t"
+- : "=eax" (tsc)
+- :
+- : "%edx", "%eax");
+-}
+-#elif defined(_MSC_VER)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- unsigned long a;
+- __asm _emit 0fh
+- __asm _emit 31h
+- __asm mov a, eax;
+- tsc=a;
+-}
+-#endif
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <openssl/md4.h>
+-
+-extern "C" {
+-void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+-}
+-
+-void main(int argc,char *argv[])
+- {
+- unsigned char buffer[64*256];
+- MD4_CTX ctx;
+- unsigned long s1,s2,e1,e2;
+- unsigned char k[16];
+- unsigned long data[2];
+- unsigned char iv[8];
+- int i,num=0,numm;
+- int j=0;
+-
+- if (argc >= 2)
+- num=atoi(argv[1]);
+-
+- if (num == 0) num=16;
+- if (num > 250) num=16;
+- numm=num+2;
+- num*=64;
+- numm*=64;
+-
+- for (j=0; j<6; j++)
+- {
+- for (i=0; i<10; i++) /**/
+- {
+- md4_block_x86(&ctx,buffer,numm);
+- GetTSC(s1);
+- md4_block_x86(&ctx,buffer,numm);
+- GetTSC(e1);
+- GetTSC(s2);
+- md4_block_x86(&ctx,buffer,num);
+- GetTSC(e2);
+- md4_block_x86(&ctx,buffer,num);
+- }
+- printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+- }
+- }
+-
diff --git a/crypto/md5/Makefile.in b/crypto/md5/Makefile.in
deleted file mode 100644
-index 48ddab3..0000000
+index 48ddab350b21..000000000000
--- a/crypto/md5/Makefile.in
+++ /dev/null
@@ -1,61 +0,0 @@
@@ -57683,7 +61909,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl
-index b3b756c..24f68af 100644
+index b3b756cf7d48..24f68af546ac 100644
--- a/crypto/md5/asm/md5-586.pl
+++ b/crypto/md5/asm/md5-586.pl
@@ -1,4 +1,11 @@
@@ -57699,8 +61925,26 @@
# Normal is the
# md5_block_x86(MD5_CTX *c, ULONG *X);
+diff --git a/crypto/md5/asm/md5-ia64.S b/crypto/md5/asm/md5-ia64.S
+index e7de08d46a2b..c20467b47b12 100644
+--- a/crypto/md5/asm/md5-ia64.S
++++ b/crypto/md5/asm/md5-ia64.S
+@@ -1,3 +1,13 @@
++/*
++ *
++ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
+ /* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+
+ Permission is hereby granted, free of charge, to any person obtaining
diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl
-index 1c4ae52..09e6d71 100644
+index 1c4ae5200b98..09e6d7139a8b 100644
--- a/crypto/md5/asm/md5-sparcv9.pl
+++ b/crypto/md5/asm/md5-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -57717,7 +61961,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl
-index 8d820e1..be5e879 100755
+index 8d820e114024..3f656dc0b2b8 100755
--- a/crypto/md5/asm/md5-x86_64.pl
+++ b/crypto/md5/asm/md5-x86_64.pl
@@ -1,11 +1,13 @@
@@ -57740,14 +61984,25 @@
use strict;
+@@ -128,7 +130,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $code .= <<EOF;
diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
-index 37b0d31..fbede67 100644
+index 37b0d31160fc..fbede6742af6 100644
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -57795,9 +62050,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57810,13 +62063,15 @@
#include <stdio.h>
diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h
-index f2d80a0..9c7aade 100644
+index f2d80a035c5f..9c7aade840aa 100644
--- a/crypto/md5/md5_locl.h
+++ b/crypto/md5/md5_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -57864,9 +62119,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -57888,7 +62141,7 @@
# define md5_block_data_order md5_block_asm_data_order
# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
-index 9771dcf..becd87e 100644
+index 9771dcfe2955..becd87e4d602 100644
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -1,58 +1,10 @@
@@ -57956,9 +62209,93 @@
*/
#include <stdio.h>
+diff --git a/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp
+deleted file mode 100644
+index dd343fd4e6ed..000000000000
+--- a/crypto/md5/md5s.cpp
++++ /dev/null
+@@ -1,78 +0,0 @@
+-//
+-// gettsc.inl
+-//
+-// gives access to the Pentium's (secret) cycle counter
+-//
+-// This software was written by Leonard Janke (janke at unixg.ubc.ca)
+-// in 1996-7 and is entered, by him, into the public domain.
+-
+-#if defined(__WATCOMC__)
+-void GetTSC(unsigned long&);
+-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+-#elif defined(__GNUC__)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- asm volatile(".byte 15, 49\n\t"
+- : "=eax" (tsc)
+- :
+- : "%edx", "%eax");
+-}
+-#elif defined(_MSC_VER)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- unsigned long a;
+- __asm _emit 0fh
+- __asm _emit 31h
+- __asm mov a, eax;
+- tsc=a;
+-}
+-#endif
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <openssl/md5.h>
+-
+-extern "C" {
+-void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+-}
+-
+-void main(int argc,char *argv[])
+- {
+- unsigned char buffer[64*256];
+- MD5_CTX ctx;
+- unsigned long s1,s2,e1,e2;
+- unsigned char k[16];
+- unsigned long data[2];
+- unsigned char iv[8];
+- int i,num=0,numm;
+- int j=0;
+-
+- if (argc >= 2)
+- num=atoi(argv[1]);
+-
+- if (num == 0) num=16;
+- if (num > 250) num=16;
+- numm=num+2;
+- num*=64;
+- numm*=64;
+-
+- for (j=0; j<6; j++)
+- {
+- for (i=0; i<10; i++) /**/
+- {
+- md5_block_x86(&ctx,buffer,numm);
+- GetTSC(s1);
+- md5_block_x86(&ctx,buffer,numm);
+- GetTSC(e1);
+- GetTSC(s2);
+- md5_block_x86(&ctx,buffer,num);
+- GetTSC(e2);
+- md5_block_x86(&ctx,buffer,num);
+- }
+- printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+- }
+- }
+-
diff --git a/crypto/mdc2/Makefile.in b/crypto/mdc2/Makefile.in
deleted file mode 100644
-index 2f2ccf9..0000000
+index 2f2ccf9e3fd6..000000000000
--- a/crypto/mdc2/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -58006,7 +62343,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
-index ee94bbe..472a5ec 100644
+index ee94bbe08fc9..472a5ec2e0db 100644
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -1,58 +1,10 @@
@@ -58075,7 +62412,7 @@
#include <stdio.h>
diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
-index abfba5a..6397a47 100644
+index abfba5afdd03..6397a47e92dc 100644
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -1,58 +1,10 @@
@@ -58144,13 +62481,15 @@
#include <stdio.h>
diff --git a/crypto/mem.c b/crypto/mem.c
-index 16ef64c..6be14ab 100644
+index 16ef64c6fecf..6be14ab54ae2 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -58198,9 +62537,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -58226,7 +62563,7 @@
}
diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
-index 3389919..a1a4f93 100644
+index 3389919d5fd4..a1a4f93009c9 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -1,59 +1,10 @@
@@ -58295,7 +62632,7 @@
#include <string.h>
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
-index 2b8cf73..0b48708 100644
+index 2b8cf73028de..0b4870823262 100644
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -1,118 +1,16 @@
@@ -58424,7 +62761,7 @@
#include <openssl/buffer.h>
#include "internal/bio.h"
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
-index 31c0525..4ccff34 100644
+index 31c052512d51..4ccff34e5e8f 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -1,4 +1,13 @@
@@ -58655,7 +62992,7 @@
#endif /* IMPLEMENTED */
diff --git a/crypto/modes/Makefile.in b/crypto/modes/Makefile.in
deleted file mode 100644
-index 22ab8b9..0000000
+index 22ab8b9b0e39..000000000000
--- a/crypto/modes/Makefile.in
+++ /dev/null
@@ -1,76 +0,0 @@
@@ -58736,7 +63073,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl
-index 8f5026b..921f44e 100644
+index 8f5026b3a40f..810876c1a632 100644
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -1,4 +1,11 @@
@@ -58752,8 +63089,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -61,7 +68,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ if ($avx>1) {{{
diff --git a/crypto/modes/asm/ghash-alpha.pl b/crypto/modes/asm/ghash-alpha.pl
-index df6b3a3..ccf6b2b 100644
+index df6b3a3b6f43..ccf6b2bd6fac 100644
--- a/crypto/modes/asm/ghash-alpha.pl
+++ b/crypto/modes/asm/ghash-alpha.pl
@@ -1,4 +1,11 @@
@@ -58770,7 +63116,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
-index 6cc3653..db56c85 100644
+index 6cc36532fa27..db56c8592802 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -1,4 +1,11 @@
@@ -58787,7 +63133,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl
-index 93f6985..3cadda3 100644
+index 93f698521150..3cadda39945c 100644
--- a/crypto/modes/asm/ghash-c64xplus.pl
+++ b/crypto/modes/asm/ghash-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -58804,7 +63150,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-ia64.pl b/crypto/modes/asm/ghash-ia64.pl
-index 9d49143..81e75f7 100755
+index 9d49143c31c9..81e75f71a800 100755
--- a/crypto/modes/asm/ghash-ia64.pl
+++ b/crypto/modes/asm/ghash-ia64.pl
@@ -1,4 +1,11 @@
@@ -58821,7 +63167,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl
-index d5ad96b..1d62545 100644
+index d5ad96b40335..1d6254543bae 100644
--- a/crypto/modes/asm/ghash-parisc.pl
+++ b/crypto/modes/asm/ghash-parisc.pl
@@ -1,4 +1,11 @@
@@ -58838,7 +63184,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
-index a46f3eb..65ffaf9 100644
+index a46f3eba6a24..65ffaf98bca6 100644
--- a/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/modes/asm/ghash-s390x.pl
@@ -1,4 +1,11 @@
@@ -58866,7 +63212,7 @@
jz .Lsoft_gmult
stg %r0,16($sp) # arrange 16 bytes of zero input
diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl
-index badfcf7..6ca3a9b 100644
+index badfcf7b092c..6ca3a9bdf002 100644
--- a/crypto/modes/asm/ghash-sparcv9.pl
+++ b/crypto/modes/asm/ghash-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -58883,7 +63229,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
-index db6eeae..4eb0b2c 100644
+index db6eeae0fe4f..4eb0b2c6e52d 100644
--- a/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/modes/asm/ghash-x86.pl
@@ -1,4 +1,11 @@
@@ -58900,7 +63246,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl
-index 006215e..a5633e4 100644
+index 006215ecb189..b4a8ddbd2e80 100644
--- a/crypto/modes/asm/ghash-x86_64.pl
+++ b/crypto/modes/asm/ghash-x86_64.pl
@@ -1,4 +1,11 @@
@@ -58916,8 +63262,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -110,7 +117,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $do4xaggr=1;
diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl
-index 71457cf..70a6353 100755
+index 71457cf4fc59..70a63537fb50 100755
--- a/crypto/modes/asm/ghashp8-ppc.pl
+++ b/crypto/modes/asm/ghashp8-ppc.pl
@@ -1,4 +1,11 @@
@@ -58934,7 +63289,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
-index fe3a34d..5fcd0b9 100644
+index fe3a34d28e8c..5fcd0b9d032b 100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
@@ -1,4 +1,11 @@
@@ -58951,7 +63306,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
-index 43282c4..38195c4 100644
+index 43282c4ee7b0..38195c44a565 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -12,7 +12,7 @@ GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl $(PERLASM_SCHEME)
@@ -58964,7 +63319,7 @@
GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl $(PERLASM_SCHEME)
GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME)
diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
-index bf2210c..4c9bc85 100644
+index bf2210c39e86..4c9bc85eab27 100644
--- a/crypto/modes/cbc128.c
+++ b/crypto/modes/cbc128.c
@@ -1,51 +1,10 @@
@@ -59026,13 +63381,15 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c
-index ef99eb1..85ce84f 100644
+index ef99eb15d557..85ce84f10d80 100644
--- a/crypto/modes/ccm128.c
+++ b/crypto/modes/ccm128.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -59063,9 +63420,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -59087,7 +63442,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c
-index 8d3af57..e439567 100644
+index 8d3af57b7752..e439567fe59f 100644
--- a/crypto/modes/cfb128.c
+++ b/crypto/modes/cfb128.c
@@ -1,51 +1,10 @@
@@ -59149,7 +63504,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
-index 5bdbbcf..b7ffb73 100644
+index 5bdbbcf764ea..b7ffb73ab731 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -1,51 +1,10 @@
@@ -59211,7 +63566,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c
-index ed233d5..77ec994 100644
+index ed233d5d794e..77ec994b4f60 100644
--- a/crypto/modes/cts128.c
+++ b/crypto/modes/cts128.c
@@ -1,8 +1,10 @@
@@ -59230,13 +63585,15 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
-index 8a8b110..df9f654 100644
+index 8a8b1102686a..df9f654764da 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -59267,9 +63624,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -59291,7 +63646,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
-index 071b014..7a1603b 100644
+index 071b01465e93..7a1603bf9082 100644
--- a/crypto/modes/modes_lcl.h
+++ b/crypto/modes/modes_lcl.h
@@ -1,8 +1,10 @@
@@ -59310,13 +63665,15 @@
#include <openssl/modes.h>
diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c
-index c3daf7c..54a96b8 100644
+index c3daf7cd6eba..54a96b8e983f 100644
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -59347,9 +63704,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -59402,7 +63757,7 @@
/* Checksum_i = Checksum_{i-1} xor P_i */
ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum);
diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c
-index 0870f08..8309256 100644
+index 0870f08aed33..83092564c6b6 100644
--- a/crypto/modes/ofb128.c
+++ b/crypto/modes/ofb128.c
@@ -1,51 +1,10 @@
@@ -59464,7 +63819,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
-index b926844..46809a0 100644
+index b9268444eab3..46809a0e742d 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -1,55 +1,10 @@
@@ -59475,7 +63830,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -59506,8 +63862,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -59529,7 +63884,7 @@
/** Beware!
diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c
-index 55fa654..81b1eac 100644
+index 55fa65447827..81b1eacd5920 100644
--- a/crypto/modes/xts128.c
+++ b/crypto/modes/xts128.c
@@ -1,50 +1,10 @@
@@ -59590,7 +63945,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/o_dir.c b/crypto/o_dir.c
-index b3fcb91..89c8c5c 100644
+index b3fcb9173f86..89c8c5c565f8 100644
--- a/crypto/o_dir.c
+++ b/crypto/o_dir.c
@@ -1,59 +1,10 @@
@@ -59659,7 +64014,7 @@
#include <errno.h>
diff --git a/crypto/o_fips.c b/crypto/o_fips.c
-index 1139148..bf6db65 100644
+index 113914855998..bf6db65fedc0 100644
--- a/crypto/o_fips.c
+++ b/crypto/o_fips.c
@@ -1,59 +1,10 @@
@@ -59728,7 +64083,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/o_init.c b/crypto/o_init.c
-index 128f70b..2e0c126 100644
+index 128f70bd84da..2e0c126095f6 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -1,55 +1,10 @@
@@ -59793,7 +64148,7 @@
#include <e_os.h>
diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 660226f..29c324f 100644
+index 660226fcec5f..29c324f4746d 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -1,59 +1,10 @@
@@ -59944,7 +64299,7 @@
+#endif
+}
diff --git a/crypto/o_time.c b/crypto/o_time.c
-index 75aa2e5..b73fe1f 100644
+index 75aa2e56a2a6..b73fe1fcb633 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -1,63 +1,10 @@
@@ -60018,7 +64373,7 @@
#include <openssl/e_os2.h>
diff --git a/crypto/objects/Makefile.in b/crypto/objects/Makefile.in
deleted file mode 100644
-index f6c9f0a..0000000
+index f6c9f0a4fc12..000000000000
--- a/crypto/objects/Makefile.in
+++ /dev/null
@@ -1,58 +0,0 @@
@@ -60080,8 +64435,58 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/objects/README b/crypto/objects/README
+new file mode 100644
+index 000000000000..cb1d216ce8a7
+--- /dev/null
++++ b/crypto/objects/README
+@@ -0,0 +1,44 @@
++objects.txt syntax
++------------------
++
++To cover all the naming hacks that were previously in objects.h needed some
++kind of hacks in objects.txt.
++
++The basic syntax for adding an object is as follows:
++
++ 1 2 3 4 : shortName : Long Name
++
++ If Long Name contains only word characters and hyphen-minus
++ (0x2D) or full stop (0x2E) then Long Name is used as basis
++ for the base name in C. Otherwise, the shortName is used.
++
++ The base name (let's call it 'base') will then be used to
++ create the C macros SN_base, LN_base, NID_base and OBJ_base.
++
++ Note that if the base name contains spaces, dashes or periods,
++ those will be converte to underscore.
++
++Then there are some extra commands:
++
++ !Alias foo 1 2 3 4
++
++ This just makes a name foo for an OID. The C macro
++ OBJ_foo will be created as a result.
++
++ !Cname foo
++
++ This makes sure that the name foo will be used as base name
++ in C.
++
++ !module foo
++ 1 2 3 4 : shortName : Long Name
++ !global
++
++ The !module command was meant to define a kind of modularity.
++ What it does is to make sure the module name is prepended
++ to the base name. !global turns this off. This construction
++ is not recursive.
++
++Lines starting with # are treated as comments, as well as any line starting
++with ! and not matching the commands above.
++
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
-index 5728806..c655a90 100644
+index 572880648873..c655a908ddb8 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -1,3 +1,12 @@
@@ -60148,13 +64553,15 @@
int OBJ_NAME_remove(const char *name, int type)
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
-index 6baf2f0..46f98cb 100644
+index 6baf2f05b030..46f98cb0ff12 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -60202,9 +64609,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -60253,9 +64658,6 @@
}
- i = a2d_ASN1_OBJECT(buf, i, oid, -1);
- if (i == 0)
-- goto err;
-- op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
-- if (op == NULL)
+
+ /* Convert numerical OID string to an ASN1_OBJECT structure */
+ tmpoid = OBJ_txt2obj(oid, 1);
@@ -60264,6 +64666,9 @@
+ if (OBJ_obj2nid(tmpoid) != NID_undef) {
+ OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
goto err;
+- op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
+- if (op == NULL)
+- goto err;
- ok = OBJ_add_object(op);
+ }
+
@@ -60286,7 +64691,7 @@
size_t OBJ_length(const ASN1_OBJECT *obj)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index d852a55..df03694 100644
+index d852a55c5c2f..df03694974b9 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1,63 +1,12 @@
@@ -60362,7 +64767,7 @@
#define NUM_NID 1058
diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl
-index 0bf1e48..ba3eed6 100644
+index 0bf1e4878f66..ba3eed68cc63 100644
--- a/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
@@ -1,7 +1,14 @@
@@ -60457,7 +64862,7 @@
EOF
diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
-index 396b6c2..2dd80be 100644
+index 396b6c26e5c3..2dd80be0e355 100644
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
@@ -1,61 +1,11 @@
@@ -60539,7 +64944,7 @@
{0, NULL}
};
diff --git a/crypto/objects/obj_lcl.h b/crypto/objects/obj_lcl.h
-index c451088..a417f7c 100644
+index c45108845926..a417f7c46ef6 100644
--- a/crypto/objects/obj_lcl.h
+++ b/crypto/objects/obj_lcl.h
@@ -1,4 +1,11 @@
@@ -60556,7 +64961,7 @@
typedef struct name_funcs_st NAME_FUNCS;
DEFINE_STACK_OF(NAME_FUNCS)
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
-index 3b1c558..33075e6 100644
+index 3b1c55843984..33075e645174 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -1,58 +1,10 @@
@@ -60706,7 +65111,7 @@
int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
-index 34d6448..627f5bc 100644
+index 34d6448094b0..627f5bca2fb9 100644
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -1,59 +1,10 @@
@@ -60775,7 +65180,7 @@
#include <openssl/objects.h>
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
-index 7096ca5..d09aa71 100644
+index 7096ca544224..d09aa71f4e2d 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -1,4 +1,15 @@
@@ -60795,8 +65200,58 @@
typedef struct {
int sign_id;
+diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README
+deleted file mode 100644
+index cb1d216ce8a7..000000000000
+--- a/crypto/objects/objects.README
++++ /dev/null
+@@ -1,44 +0,0 @@
+-objects.txt syntax
+-------------------
+-
+-To cover all the naming hacks that were previously in objects.h needed some
+-kind of hacks in objects.txt.
+-
+-The basic syntax for adding an object is as follows:
+-
+- 1 2 3 4 : shortName : Long Name
+-
+- If Long Name contains only word characters and hyphen-minus
+- (0x2D) or full stop (0x2E) then Long Name is used as basis
+- for the base name in C. Otherwise, the shortName is used.
+-
+- The base name (let's call it 'base') will then be used to
+- create the C macros SN_base, LN_base, NID_base and OBJ_base.
+-
+- Note that if the base name contains spaces, dashes or periods,
+- those will be converte to underscore.
+-
+-Then there are some extra commands:
+-
+- !Alias foo 1 2 3 4
+-
+- This just makes a name foo for an OID. The C macro
+- OBJ_foo will be created as a result.
+-
+- !Cname foo
+-
+- This makes sure that the name foo will be used as base name
+- in C.
+-
+- !module foo
+- 1 2 3 4 : shortName : Long Name
+- !global
+-
+- The !module command was meant to define a kind of modularity.
+- What it does is to make sure the module name is prepended
+- to the base name. !global turns this off. This construction
+- is not recursive.
+-
+-Lines starting with # are treated as comments, as well as any line starting
+-with ! and not matching the commands above.
+-
diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl
-index 107647a..3b40277 100644
+index 107647adbc40..3b40277a23e6 100644
--- a/crypto/objects/objects.pl
+++ b/crypto/objects/objects.pl
@@ -1,4 +1,10 @@
@@ -60821,7 +65276,9 @@
-
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++ * WARNING: do not edit!
++ * Generated by crypto/objects/objects.pl
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -60869,9 +65326,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/objects.pl
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -60885,7 +65340,7 @@
#define SN_undef "UNDEF"
diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
-index 7ebd74c..53f9bd6 100644
+index 7ebd74cdcc0b..53f9bd604c38 100644
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -1,4 +1,11 @@
@@ -60923,7 +65378,7 @@
int sign_id;
diff --git a/crypto/ocsp/Makefile.in b/crypto/ocsp/Makefile.in
deleted file mode 100644
-index 0f8ae43..0000000
+index 0f8ae43065f7..000000000000
--- a/crypto/ocsp/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -60974,7 +65429,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
-index 3ee6f94..1e0b827 100644
+index 3ee6f94dcad7..1e0b82797bdc 100644
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@@ -1,60 +1,12 @@
@@ -61033,8 +65488,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -61045,7 +65501,7 @@
#include <openssl/asn1t.h>
#include <openssl/ocsp.h>
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
-index e8eaaff..35f4b58 100644
+index e8eaaffa17f4..35f4b5803aad 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -1,66 +1,10 @@
@@ -61121,7 +65577,7 @@
#include <stdio.h>
diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
-index 9043dd2..59bcf85 100644
+index 9043dd227412..59bcf85cd087 100644
--- a/crypto/ocsp/ocsp_err.c
+++ b/crypto/ocsp/ocsp_err.c
@@ -1,61 +1,11 @@
@@ -61239,7 +65695,7 @@
{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
"signer certificate not found"},
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
-index 854da8e..a993899 100644
+index 854da8e5c075..a993899a4052 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -1,66 +1,10 @@
@@ -61332,7 +65788,7 @@
return x;
}
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
-index f69d4df..680edfa 100644
+index f69d4df3b7dd..680edfa5c222 100644
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -1,59 +1,10 @@
@@ -61401,7 +65857,7 @@
#include <stdio.h>
diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h
-index df4ff40..f93a268 100644
+index df4ff401244c..f93a268e09b0 100644
--- a/crypto/ocsp/ocsp_lcl.h
+++ b/crypto/ocsp/ocsp_lcl.h
@@ -1,66 +1,10 @@
@@ -61477,7 +65933,7 @@
/*- CertID ::= SEQUENCE {
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
-index 8814190..ff04e46 100644
+index 88141901463e..ff04e466d05c 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -1,66 +1,10 @@
@@ -61553,10 +66009,10 @@
#include <stdio.h>
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
-index 8ac3d82..51b4364 100644
+index 8ac3d820add5..5605812ef74b 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
-@@ -1,66 +1,10 @@
+@@ -1,72 +1,17 @@
/*
- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project.
@@ -61628,8 +66084,65 @@
*/
#include <openssl/bio.h>
+ #include <openssl/err.h>
+ #include <openssl/ocsp.h>
+ #include "ocsp_lcl.h"
++#include "internal/cryptlib.h"
+ #include <openssl/pem.h>
+
+ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
+@@ -90,15 +35,17 @@ typedef struct {
+ const char *m;
+ } OCSP_TBLSTR;
+
+-static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
++static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
+ {
+- const OCSP_TBLSTR *p;
+- for (p = ts; p < ts + len; p++)
+- if (p->t == s)
+- return p->m;
++ size_t i;
++ for (i = 0; i < len; i++, ts++)
++ if (ts->t == s)
++ return ts->m;
+ return "(UNKNOWN)";
+ }
+
++#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
++
+ const char *OCSP_response_status_str(long s)
+ {
+ static const OCSP_TBLSTR rstat_tbl[] = {
+@@ -109,7 +56,7 @@ const char *OCSP_response_status_str(long s)
+ {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
+ {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
+ };
+- return table2string(s, rstat_tbl, 6);
++ return table2string(s, rstat_tbl);
+ }
+
+ const char *OCSP_cert_status_str(long s)
+@@ -119,7 +66,7 @@ const char *OCSP_cert_status_str(long s)
+ {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
+ {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
+ };
+- return table2string(s, cstat_tbl, 3);
++ return table2string(s, cstat_tbl);
+ }
+
+ const char *OCSP_crl_reason_str(long s)
+@@ -134,7 +81,7 @@ const char *OCSP_crl_reason_str(long s)
+ {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
+ {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
+ };
+- return table2string(s, reason_tbl, 8);
++ return table2string(s, reason_tbl);
+ }
+
+ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
-index e98c649..e3ef171 100644
+index e98c6491b2ac..e3ef17199f88 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -1,59 +1,10 @@
@@ -61698,7 +66211,7 @@
#include <stdio.h>
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
-index 2b55401..e2cfa6d 100644
+index 2b55401aea99..e2cfa6dda5b0 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -1,59 +1,10 @@
@@ -61775,7 +66288,7 @@
err:
ret = 0;
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
-index 142deac..2d425a8 100644
+index 142deac54e44..2d425a8951d6 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -1,59 +1,10 @@
@@ -61844,7 +66357,7 @@
# include <stdio.h>
diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl
-index bfc56fd..f82e27a 100644
+index bfc56fdc7fc0..f82e27ac4c34 100644
--- a/crypto/pariscid.pl
+++ b/crypto/pariscid.pl
@@ -1,4 +1,11 @@
@@ -61900,7 +66413,7 @@
my ($diff,$lastdiff)=("%r21","%r20");
diff --git a/crypto/pem/Makefile.in b/crypto/pem/Makefile.in
deleted file mode 100644
-index fab3663..0000000
+index fab36638ba32..000000000000
--- a/crypto/pem/Makefile.in
+++ /dev/null
@@ -1,46 +0,0 @@
@@ -61950,8 +66463,30 @@
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/pem/message b/crypto/pem/message
+deleted file mode 100644
+index e8bf9d759296..000000000000
+--- a/crypto/pem/message
++++ /dev/null
+@@ -1,16 +0,0 @@
+------BEGIN PRIVACY-ENHANCED MESSAGE-----
+-Proc-Type: 4,ENCRYPTED
+-Proc-Type: 4,MIC-ONLY
+-Proc-Type: 4,MIC-CLEAR
+-Content-Domain: RFC822
+-DEK-Info: DES-CBC,0123456789abcdef
+-Originator-Certificate
+- xxxx
+-Issuer-Certificate
+- xxxx
+-MIC-Info: RSA-MD5,RSA,
+- xxxx
+-
+-
+------END PRIVACY-ENHANCED MESSAGE-----
+-
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
-index 5967b6e..0e71813 100644
+index 5967b6eb72fd..0e7181311340 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -1,111 +1,10 @@
@@ -62073,7 +66608,7 @@
#include <stdio.h>
diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
-index 793a0a3..7a42535 100644
+index 793a0a343dd7..7a42535b77b2 100644
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
@@ -1,61 +1,11 @@
@@ -62182,7 +66717,7 @@
{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
-index 1b1cde4..dd493c8 100644
+index 1b1cde4b09f9..dd493c8509d0 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -1,58 +1,10 @@
@@ -62251,13 +66786,15 @@
#include <stdio.h>
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
-index 5e7aa77..42b46dc 100644
+index 5e7aa776d9b2..90893f195455 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -1,62 +1,15 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -62305,9 +66842,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -62324,7 +66859,35 @@
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
-@@ -98,17 +51,23 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
+@@ -78,41 +31,49 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
+ int PEM_def_callback(char *buf, int num, int w, void *key)
+ {
+ #if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
+- /*
+- * We should not ever call the default callback routine from windows.
+- */
+- PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+- return (-1);
++ int i;
+ #else
+ int i, j;
+ const char *prompt;
++#endif
++
+ if (key) {
+ i = strlen(key);
+ i = (i > num) ? num : i;
+ memcpy(buf, key, i);
+- return (i);
++ return i;
+ }
+
++#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
++ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
++ return -1;
++#else
+ prompt = EVP_get_pw_prompt();
+ if (prompt == NULL)
prompt = "Enter PEM pass phrase:";
for (;;) {
@@ -62339,7 +66902,8 @@
if (i != 0) {
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)num);
- return (-1);
+- return (-1);
++ return -1;
}
j = strlen(buf);
- if (j < MIN_LENGTH) {
@@ -62351,8 +66915,13 @@
} else
break;
}
-@@ -344,7 +303,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+- return (j);
++ return j;
+ #endif
+ }
+@@ -344,7 +305,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL) {
@@ -62360,7 +66929,7 @@
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
}
-@@ -431,115 +390,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+@@ -431,115 +392,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
pem_password_cb *callback, void *u)
{
@@ -62471,13 +67040,9 @@
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
- return (1);
- if (strncmp(header, "Proc-Type: ", 11) != 0) {
-+ return 1;
-+
-+ if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
- return (0);
-+ return 0;
- }
+- }
- header += 11;
- if (*header != '4')
- return (0);
@@ -62486,6 +67051,38 @@
- return (0);
- header++;
- if (strncmp(header, "ENCRYPTED", 9) != 0) {
+- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+- return (0);
+- }
+- for (; (*header != '\n') && (*header != '\0'); header++) ;
+- if (*header == '\0') {
+- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+- return (0);
+- }
+- header++;
+- if (strncmp(header, "DEK-Info: ", 10) != 0) {
+- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+- return (0);
+- }
+- header += 10;
++ return 1;
+
+- dekinfostart = header;
+- for (;;) {
+- c = *header;
+-#ifndef CHARSET_EBCDIC
+- if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+- ((c >= '0') && (c <= '9'))))
+- break;
+-#else
+- if (!(isupper(c) || (c == '-') || isdigit(c)))
+- break;
+-#endif
+- header++;
++ if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
++ return 0;
+ }
+ header += sizeof(ProcType)-1;
+ header += strspn(header, " \t");
+
@@ -62496,52 +67093,32 @@
+ /* We expect "ENCRYPTED" followed by optional white-space + line break */
+ if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
+ strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
-- return (0);
++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+ return 0;
- }
-- for (; (*header != '\n') && (*header != '\0'); header++) ;
-- if (*header == '\0') {
++ }
+ header += sizeof(ENCRYPTED)-1;
+ header += strspn(header, " \t\r");
+ if (*header++ != '\n') {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
-- return (0);
++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+ return 0;
- }
-- header++;
-- if (strncmp(header, "DEK-Info: ", 10) != 0) {
++ }
+
+ /*-
+ * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
+ * We expect "DEK-Info: algo[,hex-parameters]"
+ */
+ if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
-- return (0);
++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+ return 0;
- }
-- header += 10;
++ }
+ header += sizeof(DEKInfo)-1;
+ header += strspn(header, " \t");
-
++
+ /*
+ * DEK-INFO is a comma-separated combination of algorithm name and optional
+ * parameters.
+ */
- dekinfostart = header;
-- for (;;) {
-- c = *header;
--#ifndef CHARSET_EBCDIC
-- if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-- ((c >= '0') && (c <= '9'))))
-- break;
--#else
-- if (!(isupper(c) || (c == '-') || isdigit(c)))
-- break;
--#endif
-- header++;
-- }
++ dekinfostart = header;
+ header += strcspn(header, " \t,");
+ c = *header;
*header = '\0';
@@ -62554,7 +67131,7 @@
PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
- return (0);
+ return 0;
- }
++ }
+ ivlen = EVP_CIPHER_iv_length(enc);
+ if (ivlen > 0 && *header++ != ',') {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
@@ -62562,18 +67139,19 @@
+ } else if (ivlen == 0 && *header == ',') {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
+ return 0;
-+ }
-+
- if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
+ }
+- if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
- return (0);
-+ return 0;
- return (1);
++ if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
++ return 0;
++
+ return 1;
}
static int load_iv(char **fromp, unsigned char *to, int num)
-@@ -552,13 +549,8 @@ static int load_iv(char **fromp, unsigned char *to, int num)
+@@ -552,13 +551,8 @@ static int load_iv(char **fromp, unsigned char *to, int num)
to[i] = 0;
num *= 2;
for (i = 0; i < num; i++) {
@@ -62590,7 +67168,7 @@
return (0);
}
diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c
-index fbdff0a..036c8a6 100644
+index fbdff0aadf28..036c8a6fdb1d 100644
--- a/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.c
@@ -1,58 +1,10 @@
@@ -62659,13 +67237,15 @@
#include <stdio.h>
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
-index f6f0363..1f6b640 100644
+index f6f03634dbaa..1f6b640dbe79 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -62713,9 +67293,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -62728,7 +67306,7 @@
#include <stdio.h>
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
-index ef0c0e4..f3a45e4 100644
+index ef0c0e45d8ca..f3a45e4aeb32 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -1,58 +1,10 @@
@@ -62818,7 +67396,7 @@
return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
pem_str, bp, x, enc, kstr, klen, cb, u);
diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
-index fb8c9dd..0d8b62a 100644
+index fb8c9dd053be..0d8b62a6e26f 100644
--- a/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
@@ -1,58 +1,10 @@
@@ -62887,7 +67465,7 @@
#include <stdio.h>
diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c
-index 26117b5..3a99756 100644
+index 26117b57bdb0..3a997564a23f 100644
--- a/crypto/pem/pem_x509.c
+++ b/crypto/pem/pem_x509.c
@@ -1,59 +1,10 @@
@@ -62956,7 +67534,7 @@
#include <stdio.h>
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
-index eb66fb6..6d7e1db 100644
+index eb66fb62933e..6d7e1db21afe 100644
--- a/crypto/pem/pem_xaux.c
+++ b/crypto/pem/pem_xaux.c
@@ -1,59 +1,10 @@
@@ -63024,8 +67602,36 @@
*/
#include <stdio.h>
+diff --git a/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis
+deleted file mode 100644
+index be90c5d87f5b..000000000000
+--- a/crypto/pem/pkcs7.lis
++++ /dev/null
+@@ -1,22 +0,0 @@
+-21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
+- 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
+- 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
+- 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
+- 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
+- 20 20:d=0 hl=2 l= 0 cons: univ: SET
+- 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
+- 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
+- 00 35:d=0 hl=2 l= 0 prim: univ: EOC
+- 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
+- 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
+- 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
+- 00 1116:d=0 hl=2 l= 0 prim: univ: EOC
+- 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
+- 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
+- 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
+- 00 2066:d=0 hl=2 l= 0 prim: univ: EOC
+- 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
+- 00 2070:d=0 hl=2 l= 0 prim: univ: EOC
+- 00 2072:d=0 hl=2 l= 0 prim: univ: EOC
+- 00 2074:d=0 hl=2 l= 0 prim: univ: EOC
+-00 2076:d=0 hl=2 l= 0 prim: univ: EOC
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
-index 634cc59..4c07aee 100644
+index 634cc5924d8b..4c07aee8f247 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -1,59 +1,10 @@
@@ -63200,8 +67806,138 @@
return -1;
}
+diff --git a/crypto/perlasm/README b/crypto/perlasm/README
+new file mode 100644
+index 000000000000..2c8435cbe37c
+--- /dev/null
++++ b/crypto/perlasm/README
+@@ -0,0 +1,124 @@
++The perl scripts in this directory are my 'hack' to generate
++multiple different assembler formats via the one original script.
++
++The way to use this library is to start with adding the path to this directory
++and then include it.
++
++push(@INC,"perlasm","../../perlasm");
++require "x86asm.pl";
++
++The first thing we do is setup the file and type of assember
++
++&asm_init($ARGV[0],$0);
++
++The first argument is the 'type'. Currently
++'cpp', 'sol', 'a.out', 'elf' or 'win32'.
++Argument 2 is the file name.
++
++The reciprocal function is
++&asm_finish() which should be called at the end.
++
++There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
++and x86unix.pl which is the unix (gas) version.
++
++Functions of interest are:
++&external_label("des_SPtrans"); declare and external variable
++&LB(reg); Low byte for a register
++&HB(reg); High byte for a register
++&BP(off,base,index,scale) Byte pointer addressing
++&DWP(off,base,index,scale) Word pointer addressing
++&stack_push(num) Basically a 'sub esp, num*4' with extra
++&stack_pop(num) inverse of stack_push
++&function_begin(name,extra) Start a function with pushing of
++ edi, esi, ebx and ebp. extra is extra win32
++ external info that may be required.
++&function_begin_B(name,extra) Same as norma function_begin but no pushing.
++&function_end(name) Call at end of function.
++&function_end_A(name) Standard pop and ret, for use inside functions
++&function_end_B(name) Call at end but with poping or 'ret'.
++&swtmp(num) Address on stack temp word.
++&wparam(num) Parameter number num, that was push
++ in C convention. This all works over pushes
++ and pops.
++&comment("hello there") Put in a comment.
++&label("loop") Refer to a label, normally a jmp target.
++&set_label("loop") Set a label at this point.
++&data_word(word) Put in a word of data.
++
++So how does this all hold together? Given
++
++int calc(int len, int *data)
++ {
++ int i,j=0;
++
++ for (i=0; i<len; i++)
++ {
++ j+=other(data[i]);
++ }
++ }
++
++So a very simple version of this function could be coded as
++
++ push(@INC,"perlasm","../../perlasm");
++ require "x86asm.pl";
++
++ &asm_init($ARGV[0],"cacl.pl");
++
++ &external_label("other");
++
++ $tmp1= "eax";
++ $j= "edi";
++ $data= "esi";
++ $i= "ebp";
++
++ &comment("a simple function");
++ &function_begin("calc");
++ &mov( $data, &wparam(1)); # data
++ &xor( $j, $j);
++ &xor( $i, $i);
++
++ &set_label("loop");
++ &cmp( $i, &wparam(0));
++ &jge( &label("end"));
++
++ &mov( $tmp1, &DWP(0,$data,$i,4));
++ &push( $tmp1);
++ &call( "other");
++ &add( $j, "eax");
++ &pop( $tmp1);
++ &inc( $i);
++ &jmp( &label("loop"));
++
++ &set_label("end");
++ &mov( "eax", $j);
++
++ &function_end("calc");
++
++ &asm_finish();
++
++The above example is very very unoptimised but gives an idea of how
++things work.
++
++There is also a cbc mode function generator in cbc.pl
++
++&cbc( $name,
++ $encrypt_function_name,
++ $decrypt_function_name,
++ $true_if_byte_swap_needed,
++ $parameter_number_for_iv,
++ $parameter_number_for_encrypt_flag,
++ $first_parameter_to_pass,
++ $second_parameter_to_pass,
++ $third_parameter_to_pass);
++
++So for example, given
++void BF_encrypt(BF_LONG *data,BF_KEY *key);
++void BF_decrypt(BF_LONG *data,BF_KEY *key);
++void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
++ BF_KEY *ks, unsigned char *iv, int enc);
++
++&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
++
++&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
++&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
++
diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl
-index ecd3198..c00f54a 100755
+index ecd3198c44db..c00f54af1bdd 100755
--- a/crypto/perlasm/arm-xlate.pl
+++ b/crypto/perlasm/arm-xlate.pl
@@ -1,6 +1,10 @@
@@ -63219,7 +67955,7 @@
my $flavour = shift;
my $output = shift;
diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
-index 24561e7..ad79b24 100644
+index 24561e759aba..ad79b2407bee 100644
--- a/crypto/perlasm/cbc.pl
+++ b/crypto/perlasm/cbc.pl
@@ -1,4 +1,11 @@
@@ -63236,7 +67972,7 @@
# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
# des_cblock (*input);
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
-index bc79b46..2d46e24 100755
+index bc79b4626c4d..2d46e24482ce 100755
--- a/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/perlasm/ppc-xlate.pl
@@ -1,6 +1,10 @@
@@ -63253,8 +67989,138 @@
my $flavour = shift;
my $output = shift;
+diff --git a/crypto/perlasm/readme b/crypto/perlasm/readme
+deleted file mode 100644
+index 2c8435cbe37c..000000000000
+--- a/crypto/perlasm/readme
++++ /dev/null
+@@ -1,124 +0,0 @@
+-The perl scripts in this directory are my 'hack' to generate
+-multiple different assembler formats via the one original script.
+-
+-The way to use this library is to start with adding the path to this directory
+-and then include it.
+-
+-push(@INC,"perlasm","../../perlasm");
+-require "x86asm.pl";
+-
+-The first thing we do is setup the file and type of assember
+-
+-&asm_init($ARGV[0],$0);
+-
+-The first argument is the 'type'. Currently
+-'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+-Argument 2 is the file name.
+-
+-The reciprocal function is
+-&asm_finish() which should be called at the end.
+-
+-There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
+-and x86unix.pl which is the unix (gas) version.
+-
+-Functions of interest are:
+-&external_label("des_SPtrans"); declare and external variable
+-&LB(reg); Low byte for a register
+-&HB(reg); High byte for a register
+-&BP(off,base,index,scale) Byte pointer addressing
+-&DWP(off,base,index,scale) Word pointer addressing
+-&stack_push(num) Basically a 'sub esp, num*4' with extra
+-&stack_pop(num) inverse of stack_push
+-&function_begin(name,extra) Start a function with pushing of
+- edi, esi, ebx and ebp. extra is extra win32
+- external info that may be required.
+-&function_begin_B(name,extra) Same as norma function_begin but no pushing.
+-&function_end(name) Call at end of function.
+-&function_end_A(name) Standard pop and ret, for use inside functions
+-&function_end_B(name) Call at end but with poping or 'ret'.
+-&swtmp(num) Address on stack temp word.
+-&wparam(num) Parameter number num, that was push
+- in C convention. This all works over pushes
+- and pops.
+-&comment("hello there") Put in a comment.
+-&label("loop") Refer to a label, normally a jmp target.
+-&set_label("loop") Set a label at this point.
+-&data_word(word) Put in a word of data.
+-
+-So how does this all hold together? Given
+-
+-int calc(int len, int *data)
+- {
+- int i,j=0;
+-
+- for (i=0; i<len; i++)
+- {
+- j+=other(data[i]);
+- }
+- }
+-
+-So a very simple version of this function could be coded as
+-
+- push(@INC,"perlasm","../../perlasm");
+- require "x86asm.pl";
+-
+- &asm_init($ARGV[0],"cacl.pl");
+-
+- &external_label("other");
+-
+- $tmp1= "eax";
+- $j= "edi";
+- $data= "esi";
+- $i= "ebp";
+-
+- &comment("a simple function");
+- &function_begin("calc");
+- &mov( $data, &wparam(1)); # data
+- &xor( $j, $j);
+- &xor( $i, $i);
+-
+- &set_label("loop");
+- &cmp( $i, &wparam(0));
+- &jge( &label("end"));
+-
+- &mov( $tmp1, &DWP(0,$data,$i,4));
+- &push( $tmp1);
+- &call( "other");
+- &add( $j, "eax");
+- &pop( $tmp1);
+- &inc( $i);
+- &jmp( &label("loop"));
+-
+- &set_label("end");
+- &mov( "eax", $j);
+-
+- &function_end("calc");
+-
+- &asm_finish();
+-
+-The above example is very very unoptimised but gives an idea of how
+-things work.
+-
+-There is also a cbc mode function generator in cbc.pl
+-
+-&cbc( $name,
+- $encrypt_function_name,
+- $decrypt_function_name,
+- $true_if_byte_swap_needed,
+- $parameter_number_for_iv,
+- $parameter_number_for_encrypt_flag,
+- $first_parameter_to_pass,
+- $second_parameter_to_pass,
+- $third_parameter_to_pass);
+-
+-So for example, given
+-void BF_encrypt(BF_LONG *data,BF_KEY *key);
+-void BF_decrypt(BF_LONG *data,BF_KEY *key);
+-void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+- BF_KEY *ks, unsigned char *iv, int enc);
+-
+-&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
+-
+-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+-
diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
-index 81e6026..47c2e53 100644
+index 81e602671b38..47c2e53b994e 100644
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
@@ -1,4 +1,11 @@
@@ -63271,7 +68137,7 @@
# Specific modes implementations for SPARC Architecture 2011. There
# is T4 dependency though, an ASI value that is not specified in the
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
-index 80ab17f..b96873b 100755
+index 80ab17fc254d..b96873b55c61 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -1,4 +1,11 @@
@@ -63309,7 +68175,7 @@
&& do { my $sz = substr($1,0,1);
my @arr = split(/,\s*/,$line);
diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl
-index cae156a..4590ade 100644
+index cae156ae63ce..4590adee2fd8 100644
--- a/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
@@ -1,4 +1,11 @@
@@ -63326,7 +68192,7 @@
# require 'x86asm.pl';
# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
-index 9ee6fa3..2c8fce0 100644
+index 9ee6fa35fdec..2c8fce077939 100644
--- a/crypto/perlasm/x86gas.pl
+++ b/crypto/perlasm/x86gas.pl
@@ -1,4 +1,11 @@
@@ -63343,7 +68209,7 @@
package x86gas;
diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl
-index 917d0f8..a0a354c 100644
+index 917d0f8b8e19..a0a354c8fc36 100644
--- a/crypto/perlasm/x86masm.pl
+++ b/crypto/perlasm/x86masm.pl
@@ -1,4 +1,11 @@
@@ -63360,7 +68226,7 @@
package x86masm;
diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl
-index 5d92f60..4b664a8 100644
+index 5d92f6092ac9..4b664a870b44 100644
--- a/crypto/perlasm/x86nasm.pl
+++ b/crypto/perlasm/x86nasm.pl
@@ -1,4 +1,11 @@
@@ -63378,7 +68244,7 @@
diff --git a/crypto/pkcs12/Makefile.in b/crypto/pkcs12/Makefile.in
deleted file mode 100644
-index abca0e7..0000000
+index abca0e72bf80..000000000000
--- a/crypto/pkcs12/Makefile.in
+++ /dev/null
@@ -1,49 +0,0 @@
@@ -63432,7 +68298,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
-index b7dffc4..8a5ad20 100644
+index b7dffc4eea86..8a5ad2068d17 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -1,59 +1,10 @@
@@ -63501,7 +68367,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
-index 2f9481e..f2bfe32 100644
+index 2f9481ec721c..f2bfe32ebd6e 100644
--- a/crypto/pkcs12/p12_asn.c
+++ b/crypto/pkcs12/p12_asn.c
@@ -1,59 +1,10 @@
@@ -63570,7 +68436,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
-index 994f386..bf44c0a 100644
+index 994f3868d01d..bf44c0aa23d9 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -1,59 +1,10 @@
@@ -63639,7 +68505,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
-index 666b500..1fe140a 100644
+index 666b5006a8a6..1fe140ad0a51 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -1,59 +1,10 @@
@@ -63708,7 +68574,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
-index 1fd22c0..ca4dd53 100644
+index 1fd22c05605e..ca4dd539eb7c 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -1,59 +1,10 @@
@@ -63777,7 +68643,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
-index 2a89a48..9ad17d7 100644
+index 2a89a4894eee..9ad17d7f8aec 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -1,59 +1,10 @@
@@ -63846,7 +68712,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
-index 9c82969..a78e183 100644
+index 9c82969b3874..a78e183c9559 100644
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -1,59 +1,10 @@
@@ -63915,7 +68781,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
-index 6a9a325..4f1d29b 100644
+index 6a9a3254b141..4f1d29bb6d49 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -1,59 +1,10 @@
@@ -63995,7 +68861,7 @@
Ai = OPENSSL_malloc(u);
B = OPENSSL_malloc(v + 1);
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
-index ec59d83..ea7e0c9 100644
+index ec59d83c8f1f..ea7e0c94ef2e 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -1,59 +1,10 @@
@@ -64064,7 +68930,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_lcl.h b/crypto/pkcs12/p12_lcl.h
-index 49dc90c..8930875 100644
+index 49dc90ce2141..89308751538b 100644
--- a/crypto/pkcs12/p12_lcl.h
+++ b/crypto/pkcs12/p12_lcl.h
@@ -1,59 +1,10 @@
@@ -64133,7 +68999,7 @@
struct PKCS12_MAC_DATA_st {
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
-index 0395358..9bd672a 100644
+index 0395358325ab..9bd672a17c4c 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -1,59 +1,10 @@
@@ -64202,7 +69068,7 @@
# include <stdio.h>
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
-index e23d035..21bd772 100644
+index e23d0352c770..21bd77247644 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -1,59 +1,10 @@
@@ -64382,10 +69248,10 @@
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
- goto saferr;
- ASN1_OCTET_STRING_free(p12_data_tmp);
--
-- return 1;
+ goto err;
+- return 1;
+-
- saferr:
- /* Restore old safe */
- ASN1_OCTET_STRING_free(p12->authsafes->d.data);
@@ -64438,7 +69304,7 @@
X509_SIG_free(bag->value.shkeybag);
bag->value.shkeybag = p8new;
diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c
-index 8980abe..97577da 100644
+index 8980abe9b919..97577da26ecc 100644
--- a/crypto/pkcs12/p12_p8d.c
+++ b/crypto/pkcs12/p12_p8d.c
@@ -1,59 +1,10 @@
@@ -64507,7 +69373,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
-index b79ca64..86a07e1 100644
+index b79ca6427213..86a07e1335e4 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -1,59 +1,10 @@
@@ -64576,7 +69442,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
-index ffdf22d..c8564b4 100644
+index ffdf22ded2ea..c8564b416822 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -1,60 +1,10 @@
@@ -64646,7 +69512,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
-index 817327f..408c495 100644
+index 817327fc9939..408c495e5001 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -1,59 +1,10 @@
@@ -64715,7 +69581,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
-index 0850da8..36053f1 100644
+index 0850da8b7fc1..36053f196c71 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -1,61 +1,11 @@
@@ -64820,7 +69686,7 @@
{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
diff --git a/crypto/pkcs7/Makefile.in b/crypto/pkcs7/Makefile.in
deleted file mode 100644
-index b71d562..0000000
+index b71d56289496..000000000000
--- a/crypto/pkcs7/Makefile.in
+++ /dev/null
@@ -1,50 +0,0 @@
@@ -64875,7 +69741,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/pkcs7/bio_pk7.c b/crypto/pkcs7/bio_pk7.c
-index 6014b12..29feaa3 100644
+index 6014b12407b6..29feaa3544e3 100644
--- a/crypto/pkcs7/bio_pk7.c
+++ b/crypto/pkcs7/bio_pk7.c
@@ -1,55 +1,10 @@
@@ -64940,7 +69806,7 @@
#include <openssl/asn1.h>
diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
-index 485e676..315e1b8 100644
+index 485e676cff5e..315e1b8132c3 100644
--- a/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
@@ -1,59 +1,10 @@
@@ -65009,7 +69875,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
-index 84c59aa..5f71670 100644
+index 84c59aa5bf08..5f7167048ead 100644
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -1,59 +1,10 @@
@@ -65078,7 +69944,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
-index 4b1376e..b0a6bd5 100644
+index 4b1376eebedd..b0a6bd5e77b4 100644
--- a/crypto/pkcs7/pk7_dgst.c
+++ b/crypto/pkcs7/pk7_dgst.c
@@ -1,58 +1,10 @@
@@ -65147,7 +70013,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
-index 9d66fc4..1333e4d 100644
+index 9d66fc400728..1333e4df4d2d 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1,58 +1,10 @@
@@ -65224,7 +70090,7 @@
goto err;
}
diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
-index cf47843..6889a04 100644
+index cf478434fd15..6889a0487de9 100644
--- a/crypto/pkcs7/pk7_enc.c
+++ b/crypto/pkcs7/pk7_enc.c
@@ -1,58 +1,10 @@
@@ -65293,7 +70159,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
-index cdf7302..69c68cf 100644
+index cdf73028a3bd..69c68cf5f3d5 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,58 +1,10 @@
@@ -65362,7 +70228,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
-index 19130ee..d44b3ad 100644
+index 19130eefc7ed..d44b3adae670 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -1,55 +1,10 @@
@@ -65427,7 +70293,7 @@
#include <stdio.h>
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
-index 7c2d5c9..4418723 100644
+index 7c2d5c9895cd..44187230ef04 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -1,59 +1,10 @@
@@ -65496,7 +70362,7 @@
/* Simple PKCS#7 processing functions */
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
-index d897cfb..bcb479d 100644
+index d897cfb54ce1..bcb479d5065e 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -1,61 +1,11 @@
@@ -65678,7 +70544,7 @@
{0, NULL}
diff --git a/crypto/poly1305/Makefile.in b/crypto/poly1305/Makefile.in
deleted file mode 100644
-index 0601bf7..0000000
+index 0601bf734afb..000000000000
--- a/crypto/poly1305/Makefile.in
+++ /dev/null
@@ -1,61 +0,0 @@
@@ -65744,7 +70610,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl
-index aa3f228..fc899ce 100755
+index aa3f2280c648..fc899ced8671 100755
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
@@ -1,4 +1,11 @@
@@ -65769,7 +70635,7 @@
# Cortex-A8 6.25/+115% 2.36
# Cortex-A9 5.10/+95% 2.55
# Cortex-A15 3.85/+85% 1.25(**)
-@@ -523,6 +530,51 @@ poly1305_init_neon:
+@@ -523,6 +530,51 @@ $code.=<<___;
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
@ and P. Schwabe
@@ -65821,7 +70687,7 @@
vshr.u64 $T0,$D3,#26
vmovn.i64 $D3#lo,$D3
-@@ -887,7 +939,8 @@ poly1305_blocks_neon:
+@@ -887,7 +939,8 @@ $code.=<<___;
# endif
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ -65831,7 +70697,7 @@
vshr.u64 $T0,$D3,#26
vmovn.i64 $D3#lo,$D3
-@@ -915,19 +968,20 @@ poly1305_blocks_neon:
+@@ -915,19 +968,20 @@ $code.=<<___;
vbic.i32 $H3,#0xfc000000
vshrn.u64 $T1#lo,$D2,#26
vmovn.i64 $D2#lo,$D2
@@ -65856,7 +70722,7 @@
vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4
vbic.i32 $H1,#0xfc000000
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl
-index 2e1dae3..98a96b7 100755
+index 2e1dae3df238..98a96b799fa5 100755
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
@@ -1,4 +1,11 @@
@@ -65881,7 +70747,7 @@
#
# (*) estimate based on resources availability is less than 1.0,
# i.e. measured result is worse than expected, presumably binary
-@@ -507,9 +514,11 @@ poly1305_blocks_neon:
+@@ -507,9 +514,11 @@ $code.=<<___;
fmov $IN01_1,x6
add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32
add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32
@@ -65893,7 +70759,7 @@
b.ls .Lskip_loop
-@@ -660,41 +669,43 @@ poly1305_blocks_neon:
+@@ -660,41 +669,43 @@ $code.=<<___;
fmov $IN01_2,x8
umlal $ACC2,$IN01_4,${S3}[0]
fmov $IN01_3,x10
@@ -65949,7 +70815,7 @@
add $H1,$H1,$T0.2s // h0 -> h1
add $H4,$H4,$T1.2s // h3 -> h4
-@@ -702,9 +713,7 @@ poly1305_blocks_neon:
+@@ -702,9 +713,7 @@ $code.=<<___;
.Lskip_loop:
dup $IN23_2,${IN23_2}[0]
@@ -65960,7 +70826,7 @@
////////////////////////////////////////////////////////////////
// multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
diff --git a/crypto/poly1305/asm/poly1305-c64xplus.pl b/crypto/poly1305/asm/poly1305-c64xplus.pl
-index a7cf47d..93fef37 100755
+index a7cf47d5f05b..93fef37e605b 100755
--- a/crypto/poly1305/asm/poly1305-c64xplus.pl
+++ b/crypto/poly1305/asm/poly1305-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -65978,10 +70844,10 @@
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/poly1305/asm/poly1305-mips.pl b/crypto/poly1305/asm/poly1305-mips.pl
new file mode 100755
-index 0000000..b5bce47
+index 000000000000..d2b3e90d93f0
--- /dev/null
+++ b/crypto/poly1305/asm/poly1305-mips.pl
-@@ -0,0 +1,421 @@
+@@ -0,0 +1,425 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -66154,20 +71020,27 @@
+poly1305_blocks:
+ .set noreorder
+ dsrl $len,4 # number of complete blocks
-+ beqz $len,.Lno_data
++ bnez $len,poly1305_blocks_internal
+ nop
++ jr $ra
++ nop
++.end poly1305_blocks
+
-+ .frame $sp,8*8,$ra
++.align 5
++.ent poly1305_blocks_internal
++poly1305_blocks_internal:
++ .frame $sp,6*8,$ra
+ .mask $SAVED_REGS_MASK,-8
-+ dsub $sp,8*8
-+ sd $s5,0($sp)
-+ sd $s4,8($sp)
++ .set noreorder
++ dsub $sp,6*8
++ sd $s5,40($sp)
++ sd $s4,32($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
-+ sd $s3,16($sp)
-+ sd $s2,24($sp)
-+ sd $s1,32($sp)
-+ sd $s0,40($sp)
++ sd $s3,24($sp)
++ sd $s2,16($sp)
++ sd $s1,8($sp)
++ sd $s0,0($sp)
+___
+$code.=<<___;
+ .set reorder
@@ -66295,22 +71168,19 @@
+ sd $h2,16($ctx)
+
+ .set noreorder
-+ ld $s5,0($sp) # epilogue
-+ ld $s4,8($sp)
++ ld $s5,40($sp) # epilogue
++ ld $s4,32($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi epilogue
-+ ld $s3,16($sp)
-+ ld $s2,24($sp)
-+ ld $s1,32($sp)
-+ ld $s0,40($sp)
++ ld $s3,24($sp)
++ ld $s2,16($sp)
++ ld $s1,8($sp)
++ ld $s0,0($sp)
+___
+$code.=<<___;
-+ dadd $sp,8*8
-+
-+.Lno_data:
+ jr $ra
-+ nop
-+.end poly1305_blocks
++ dadd $sp,6*8
++.end poly1305_blocks_internal
+___
+}
+{
@@ -66404,7 +71274,7 @@
+close STDOUT;
+
diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl
-index 07da9d1..8a06c77 100755
+index 07da9d10b610..8a06c77c83a8 100755
--- a/crypto/poly1305/asm/poly1305-ppc.pl
+++ b/crypto/poly1305/asm/poly1305-ppc.pl
@@ -1,4 +1,11 @@
@@ -66421,7 +71291,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl
-index c8636a4..49f70a8 100755
+index c8636a46edf0..49f70a8c03d3 100755
--- a/crypto/poly1305/asm/poly1305-ppcfp.pl
+++ b/crypto/poly1305/asm/poly1305-ppcfp.pl
@@ -1,4 +1,11 @@
@@ -66438,7 +71308,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl
-index 141ba8d..82d757d 100755
+index 141ba8d0bd50..82d757d9a1ca 100755
--- a/crypto/poly1305/asm/poly1305-s390x.pl
+++ b/crypto/poly1305/asm/poly1305-s390x.pl
@@ -1,4 +1,11 @@
@@ -66455,7 +71325,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl
-index 497e270..460c863 100755
+index 497e27097dbd..c22735a7b82a 100755
--- a/crypto/poly1305/asm/poly1305-sparcv9.pl
+++ b/crypto/poly1305/asm/poly1305-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -66471,7 +71341,7 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -74,8 +81,8 @@ poly1305_init:
+@@ -74,8 +81,8 @@ SPARC_PIC_THUNK(%g1)
SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1)
ld [%g1],%g1
@@ -66482,8 +71352,64 @@
be .Lpoly1305_init_fma
nop
+@@ -132,6 +139,7 @@ SPARC_PIC_THUNK(%g1)
+ .Lno_key:
+ ret
+ restore %g0,%g0,%o0 ! return 0
++.type poly1305_init,#function
+ .size poly1305_init,.-poly1305_init
+
+ .globl poly1305_blocks
+@@ -264,6 +272,7 @@ SPARC_PIC_THUNK(%g1)
+ .Lno_data:
+ ret
+ restore
++.type poly1305_blocks,#function
+ .size poly1305_blocks,.-poly1305_blocks
+ ___
+ ########################################################################
+@@ -354,6 +363,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type poly1305_blocks_vis3,#function
+ .size poly1305_blocks_vis3,.-poly1305_blocks_vis3
+ ___
+ }
+@@ -426,6 +436,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type poly1305_emit,#function
+ .size poly1305_emit,.-poly1305_emit
+ ___
+
+@@ -591,6 +602,7 @@ $code.=<<___;
+ .Lno_key_fma:
+ ret
+ restore %g0,%g0,%o0 ! return 0
++.type poly1305_init_fma,#function
+ .size poly1305_init_fma,.-poly1305_init_fma
+
+ .align 32
+@@ -898,6 +910,7 @@ $code.=<<___;
+ .Labort:
+ ret
+ restore
++.type poly1305_blocks_fma,#function
+ .size poly1305_blocks_fma,.-poly1305_blocks_fma
+ ___
+ {
+@@ -1004,6 +1017,7 @@ $code.=<<___;
+
+ ret
+ restore
++.type poly1305_emit_fma,#function
+ .size poly1305_emit_fma,.-poly1305_emit_fma
+ ___
+ }
diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl
-index 97d0a81..ecc0ee6 100755
+index 97d0a81bea43..ecc0ee62eaec 100755
--- a/crypto/poly1305/asm/poly1305-x86.pl
+++ b/crypto/poly1305/asm/poly1305-x86.pl
@@ -1,4 +1,11 @@
@@ -66523,7 +71449,7 @@
&movdqa ($D2,$T1);
&psrlq ($T1,26);
diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl
-index 7d67611..8804a99 100755
+index 7d676119a25c..784ff4b75837 100755
--- a/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -1,4 +1,11 @@
@@ -66539,6 +71465,15 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -65,7 +72,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx");
@@ -130,8 +137,12 @@ $code.=<<___;
.extern OPENSSL_ia32cap_P
@@ -66552,7 +71487,7 @@
.type poly1305_init,\@function,3
.align 32
poly1305_init:
-@@ -495,10 +506,10 @@ poly1305_blocks_avx:
+@@ -495,10 +506,10 @@ $code.=<<___;
################################# base 2^26 -> base 2^64
mov $d1#d,$h0#d
@@ -66565,7 +71500,7 @@
shr \$6,$d1
shl \$52,$r1
-@@ -1383,10 +1394,10 @@ poly1305_blocks_avx2:
+@@ -1383,10 +1394,10 @@ $code.=<<___;
################################# base 2^26 -> base 2^64
mov $d1#d,$h0#d
@@ -66588,7 +71523,7 @@
.long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
.Lfive:
diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info
-index 389c7f6..d575f5a 100644
+index 389c7f6d3209..d575f5a63e1c 100644
--- a/crypto/poly1305/build.info
+++ b/crypto/poly1305/build.info
@@ -12,6 +12,7 @@ GENERATE[poly1305-armv4.S]=asm/poly1305-armv4.pl $(PERLASM_SCHEME)
@@ -66600,7 +71535,7 @@
BEGINRAW[Makefile(unix)]
{- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
-index 6bec8b3..55de19b 100644
+index 6bec8b30f885..55de19b7ed7e 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -1,8 +1,10 @@
@@ -66721,7 +71656,7 @@
stopwatch = OPENSSL_rdtsc();
for (i=0;i<10000;i++) {
diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c
-index 7c02c1d..08a5b58 100644
+index 7c02c1d52d0d..08a5b58c2a8d 100644
--- a/crypto/poly1305/poly1305_ieee754.c
+++ b/crypto/poly1305/poly1305_ieee754.c
@@ -1,8 +1,10 @@
@@ -66740,7 +71675,7 @@
/*
diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h
-index a27fb72..65cf96f 100644
+index a27fb728df6e..65cf96fc1fe8 100644
--- a/crypto/ppc_arch.h
+++ b/crypto/ppc_arch.h
@@ -1,5 +1,14 @@
@@ -66761,7 +71696,7 @@
extern unsigned int OPENSSL_ppccap_P;
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index 2c98daf..712ee79 100644
+index 2c98daf5b4df..712ee799d6df 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -1,3 +1,12 @@
@@ -66821,7 +71756,7 @@
if (sizeof(size_t) == 4) {
/* In 32-bit case PPC_FPU64 is always fastest [if option] */
diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl
-index 9de1355..9d1cada 100755
+index 9de1355b2f8f..9d1cada4dc4c 100755
--- a/crypto/ppccpuid.pl
+++ b/crypto/ppccpuid.pl
@@ -1,4 +1,11 @@
@@ -66837,7 +71772,7 @@
$flavour = shift;
-@@ -170,6 +177,32 @@ Laligned:
+@@ -170,6 +177,32 @@ Lot: andi. r5,r3,3
.byte 0,12,0x14,0,0,0,2,0
.long 0
.size .OPENSSL_cleanse,.-.OPENSSL_cleanse
@@ -66872,7 +71807,7 @@
my ($out,$cnt,$max)=("r3","r4","r5");
diff --git a/crypto/rand/Makefile.in b/crypto/rand/Makefile.in
deleted file mode 100644
-index 5442402..0000000
+index 5442402432ca..000000000000
--- a/crypto/rand/Makefile.in
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -66922,7 +71857,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
-index e9574b0..4b874e3 100644
+index e9574b08b897..137851f596d8 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -1,111 +1,10 @@
@@ -67051,8 +71986,28 @@
#include <openssl/err.h>
+@@ -140,7 +38,7 @@
+ /* #define PREDICT 1 */
+
+ #define STATE_SIZE 1023
+-static int state_num = 0, state_index = 0;
++static size_t state_num = 0, state_index = 0;
+ static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
+ static unsigned char md[MD_DIGEST_LENGTH];
+ static long md_count[2] = { 0, 0 };
+@@ -370,8 +268,8 @@ static int rand_seed(const void *buf, int num)
+ static int rand_bytes(unsigned char *buf, int num, int pseudo)
+ {
+ static volatile int stirred_pool = 0;
+- int i, j, k, st_num, st_idx;
+- int num_ceil;
++ int i, j, k;
++ size_t num_ceil, st_idx, st_num;
+ int ok;
+ long md_c[2];
+ unsigned char local_md[MD_DIGEST_LENGTH];
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
-index 47a5752..f4bfd86 100644
+index 47a575235a18..f4bfd8696c15 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -1,56 +1,10 @@
@@ -67119,7 +72074,7 @@
#include <openssl/opensslconf.h>
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
-index d01393a..c58e7ee 100644
+index d01393add1af..c58e7ee4fbfe 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -1,61 +1,11 @@
@@ -67218,7 +72173,7 @@
};
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
-index daa48dd..d98c90e 100644
+index daa48dd9f4ee..d98c90e2ac39 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -1,111 +1,10 @@
@@ -67340,7 +72295,7 @@
#ifndef HEADER_RAND_LCL_H
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
-index 9871113..2387126 100644
+index 98711135912f..238712671ba3 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -1,58 +1,10 @@
@@ -67409,7 +72364,7 @@
#include <stdio.h>
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
-index 1aff444..e231ecd 100644
+index 1aff4440fd6e..e231ecdb8287 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -1,112 +1,12 @@
@@ -67533,7 +72488,7 @@
#define USE_SOCKETS
diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
-index 5919f48..ae6f17d 100644
+index 5919f48c1757..ae6f17d91fc8 100644
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -1,59 +1,10 @@
@@ -67602,7 +72557,7 @@
#include <openssl/rand.h>
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
-index bf85d37..cb0c1ed 100644
+index bf85d37aeca4..c5d0aa155a6c 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -1,111 +1,10 @@
@@ -67723,14 +72678,646 @@
*/
#include "internal/cryptlib.h"
+@@ -114,444 +13,60 @@
+
+ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+ # include <windows.h>
+-# ifndef _WIN32_WINNT
+-# define _WIN32_WINNT 0x0400
++/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
++# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
++# define RAND_WINDOWS_USE_BCRYPT
+ # endif
+-# include <wincrypt.h>
+-# include <tlhelp32.h>
+-
+-/*
+- * Limit the time spent walking through the heap, processes, threads and
+- * modules to a maximum of 1000 milliseconds each, unless CryptoGenRandom
+- * failed
+- */
+-# define MAXDELAY 1000
+
++# ifdef RAND_WINDOWS_USE_BCRYPT
++# include <bcrypt.h>
++# pragma comment(lib, "bcrypt.lib")
++# ifndef STATUS_SUCCESS
++# define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
++# endif
++# else
++# include <wincrypt.h>
+ /*
+ * Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+-# define PROV_INTEL_SEC 22
+-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
++# define PROV_INTEL_SEC 22
++# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
++# endif
+
+ static void readtimer(void);
+-static void readscreen(void);
+-
+-/*
+- * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+- * when WINVER is 0x0500 and up, which currently only happens on Win2000.
+- * Unfortunately, those are typedefs, so they're a little bit difficult to
+- * detect properly. On the other hand, the macro CURSOR_SHOWING is defined
+- * within the same conditional, so it can be use to detect the absence of
+- * said typedefs.
+- */
+-
+-# ifndef CURSOR_SHOWING
+-/*
+- * Information about the global cursor.
+- */
+-typedef struct tagCURSORINFO {
+- DWORD cbSize;
+- DWORD flags;
+- HCURSOR hCursor;
+- POINT ptScreenPos;
+-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
+-
+-# define CURSOR_SHOWING 0x00000001
+-# endif /* CURSOR_SHOWING */
+-
+-# if !defined(OPENSSL_SYS_WINCE)
+-typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
+- DWORD, DWORD);
+-typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
+-typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD);
+-
+-typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID);
+-typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO);
+-typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT);
+-
+-typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+-typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+-typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t);
+-typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32);
+-typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32);
+-typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32);
+-typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32);
+-typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32);
+-
+-# include <lmcons.h>
+-# include <lmstats.h>
+-/*
+- * The NET API is Unicode only. It requires the use of the UNICODE macro.
+- * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the
+- * Platform SDK to allow the NET API to be used in non-Unicode applications
+- * provided that Unicode strings were still used for input. LMSTR is defined
+- * as LPWSTR.
+- */
+-typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET)
+- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *);
+-typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
+-# endif /* !OPENSSL_SYS_WINCE */
+
+ int RAND_poll(void)
+ {
+ MEMORYSTATUS mst;
+- HCRYPTPROV hProvider = 0;
++# ifndef RAND_WINDOWS_USE_BCRYPT
++ HCRYPTPROV hProvider;
++# endif
+ DWORD w;
+- int good = 0;
++ BYTE buf[64];
+
+-# if defined(OPENSSL_SYS_WINCE)
+-# if defined(_WIN32_WCE) && _WIN32_WCE>=300
+- /*
+- * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
+- * in commonly available implementations prior 300...
+- */
+- {
+- BYTE buf[64];
+- /* poll the CryptoAPI PRNG */
+- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+- CRYPT_VERIFYCONTEXT)) {
+- if (CryptGenRandom(hProvider, sizeof(buf), buf))
+- RAND_add(buf, sizeof(buf), sizeof(buf));
+- CryptReleaseContext(hProvider, 0);
+- }
++# ifdef RAND_WINDOWS_USE_BCRYPT
++ if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
++ RAND_add(buf, sizeof(buf), sizeof(buf));
+ }
+-# endif
+-# else /* OPENSSL_SYS_WINCE */
+- /*
+- * None of below libraries are present on Windows CE, which is
+- * why we #ifndef the whole section. This also excuses us from
+- * handling the GetProcAddress issue. The trouble is that in
+- * real Win32 API GetProcAddress is available in ANSI flavor
+- * only. In WinCE on the other hand GetProcAddress is a macro
+- * most commonly defined as GetProcAddressW, which accepts
+- * Unicode argument. If we were to call GetProcAddress under
+- * WinCE, I'd recommend to either redefine GetProcAddress as
+- * GetProcAddressA (there seem to be one in common CE spec) or
+- * implement own shim routine, which would accept ANSI argument
+- * and expand it to Unicode.
+- */
+- {
+- /* load functions dynamically - not available on all systems */
+- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+- HMODULE user = NULL;
+- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+- CRYPTACQUIRECONTEXTW acquire = NULL;
+- CRYPTGENRANDOM gen = NULL;
+- CRYPTRELEASECONTEXT release = NULL;
+- NETSTATGET netstatget = NULL;
+- NETFREE netfree = NULL;
+- BYTE buf[64];
+-
+- if (netapi) {
+- netstatget =
+- (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet");
+- netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree");
+- }
+-
+- if (netstatget && netfree) {
+- LPBYTE outbuf;
+- /*
+- * NetStatisticsGet() is a Unicode only function
+- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+- * contains 17 fields. We treat each field as a source of one
+- * byte of entropy.
+- */
+-
+- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) {
+- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+- netfree(outbuf);
+- }
+- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) {
+- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+- netfree(outbuf);
+- }
+- }
+-
+- if (netapi)
+- FreeLibrary(netapi);
+-
+- /*
+- * It appears like this can cause an exception deep within
+- * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey
+- * Altman. Only use it on NT.
+- */
+-
+- if (advapi) {
+- /*
+- * If it's available, then it's available in both ANSI
+- * and UNICODE flavors even in Win9x, documentation says.
+- * We favor Unicode...
+- */
+- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
+- "CryptAcquireContextW");
+- gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom");
+- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+- "CryptReleaseContext");
+- }
+-
+- if (acquire && gen && release) {
+- /* poll the CryptoAPI PRNG */
+- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
+- CRYPT_VERIFYCONTEXT)) {
+- if (gen(hProvider, sizeof(buf), buf) != 0) {
+- RAND_add(buf, sizeof(buf), 0);
+- good = 1;
+- }
+- release(hProvider, 0);
+- }
+-
+- /* poll the Pentium PRG with CryptoAPI */
+- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) {
+- if (gen(hProvider, sizeof(buf), buf) != 0) {
+- RAND_add(buf, sizeof(buf), sizeof(buf));
+- good = 1;
+- }
+- release(hProvider, 0);
+- }
+- }
+-
+- if (advapi)
+- FreeLibrary(advapi);
+-
+- if ((!check_winnt() ||
+- !OPENSSL_isservice()) &&
+- (user = LoadLibrary(TEXT("USER32.DLL")))) {
+- GETCURSORINFO cursor;
+- GETFOREGROUNDWINDOW win;
+- GETQUEUESTATUS queue;
+-
+- win =
+- (GETFOREGROUNDWINDOW) GetProcAddress(user,
+- "GetForegroundWindow");
+- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+-
+- if (win) {
+- /* window handle */
+- HWND h = win();
+- RAND_add(&h, sizeof(h), 0);
+- }
+- if (cursor) {
+- /*
+- * unfortunately, its not safe to call GetCursorInfo() on NT4
+- * even though it exists in SP3 (or SP6) and higher.
+- */
+- if (check_winnt() && !check_win_minplat(5))
+- cursor = 0;
+- }
+- if (cursor) {
+- /* cursor position */
+- /* assume 2 bytes of entropy */
+- CURSORINFO ci;
+- ci.cbSize = sizeof(CURSORINFO);
+- if (cursor(&ci))
+- RAND_add(&ci, ci.cbSize, 2);
+- }
+-
+- if (queue) {
+- /* message queue status */
+- /* assume 1 byte of entropy */
+- w = queue(QS_ALLEVENTS);
+- RAND_add(&w, sizeof(w), 1);
+- }
+-
+- FreeLibrary(user);
+- }
+-
+- /*-
+- * Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+- * (Win 9x and 2000 only, not available on NT)
+- *
+- * This seeding method was proposed in Peter Gutmann, Software
+- * Generation of Practically Strong Random Numbers,
+- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+- * (The assignment of entropy estimates below is arbitrary, but based
+- * on Peter's analysis the full poll appears to be safe. Additional
+- * interactive seeding is encouraged.)
+- */
+-
+- if (kernel) {
+- CREATETOOLHELP32SNAPSHOT snap;
+- CLOSETOOLHELP32SNAPSHOT close_snap;
+- HANDLE handle;
+-
+- HEAP32FIRST heap_first;
+- HEAP32NEXT heap_next;
+- HEAP32LIST heaplist_first, heaplist_next;
+- PROCESS32 process_first, process_next;
+- THREAD32 thread_first, thread_next;
+- MODULE32 module_first, module_next;
+-
+- HEAPLIST32 hlist;
+- HEAPENTRY32 hentry;
+- PROCESSENTRY32 p;
+- THREADENTRY32 t;
+- MODULEENTRY32 m;
+- DWORD starttime = 0;
+-
+- snap = (CREATETOOLHELP32SNAPSHOT)
+- GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+- close_snap = (CLOSETOOLHELP32SNAPSHOT)
+- GetProcAddress(kernel, "CloseToolhelp32Snapshot");
+- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+- heaplist_first =
+- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+- heaplist_next =
+- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+- process_first =
+- (PROCESS32) GetProcAddress(kernel, "Process32First");
+- process_next =
+- (PROCESS32) GetProcAddress(kernel, "Process32Next");
+- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+- module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+-
+- if (snap && heap_first && heap_next && heaplist_first &&
+- heaplist_next && process_first && process_next &&
+- thread_first && thread_next && module_first &&
+- module_next && (handle = snap(TH32CS_SNAPALL, 0))
+- != INVALID_HANDLE_VALUE) {
+- /* heap list and heap walking */
+- /*
+- * HEAPLIST32 contains 3 fields that will change with each
+- * entry. Consider each field a source of 1 byte of entropy.
+- * HEAPENTRY32 contains 5 fields that will change with each
+- * entry. Consider each field a source of 1 byte of entropy.
+- */
+- ZeroMemory(&hlist, sizeof(HEAPLIST32));
+- hlist.dwSize = sizeof(HEAPLIST32);
+- if (good)
+- starttime = GetTickCount();
+-# ifdef _MSC_VER
+- if (heaplist_first(handle, &hlist)) {
+- /*
+- * following discussion on dev ML, exception on WinCE (or
+- * other Win platform) is theoretically of unknown
+- * origin; prevent infinite loop here when this
+- * theoretical case occurs; otherwise cope with the
+- * expected (MSDN documented) exception-throwing
+- * behaviour of Heap32Next() on WinCE.
+- *
+- * based on patch in original message by Tanguy Fautré
+- * (2009/03/02) Subject: RAND_poll() and
+- * CreateToolhelp32Snapshot() stability
+- */
+- int ex_cnt_limit = 42;
+- do {
+- RAND_add(&hlist, hlist.dwSize, 3);
+- __try {
+- ZeroMemory(&hentry, sizeof(HEAPENTRY32));
+- hentry.dwSize = sizeof(HEAPENTRY32);
+- if (heap_first(&hentry,
+- hlist.th32ProcessID,
+- hlist.th32HeapID)) {
+- int entrycnt = 80;
+- do
+- RAND_add(&hentry, hentry.dwSize, 5);
+- while (heap_next(&hentry)
+- && (!good
+- || (GetTickCount() - starttime) <
+- MAXDELAY)
+- && --entrycnt > 0);
+- }
+- }
+- __except(EXCEPTION_EXECUTE_HANDLER) {
+- /*
+- * ignore access violations when walking the heap
+- * list
+- */
+- ex_cnt_limit--;
+- }
+- } while (heaplist_next(handle, &hlist)
+- && (!good
+- || (GetTickCount() - starttime) < MAXDELAY)
+- && ex_cnt_limit > 0);
+- }
+-# else
+- if (heaplist_first(handle, &hlist)) {
+- do {
+- RAND_add(&hlist, hlist.dwSize, 3);
+- hentry.dwSize = sizeof(HEAPENTRY32);
+- if (heap_first(&hentry,
+- hlist.th32ProcessID,
+- hlist.th32HeapID)) {
+- int entrycnt = 80;
+- do
+- RAND_add(&hentry, hentry.dwSize, 5);
+- while (heap_next(&hentry)
+- && --entrycnt > 0);
+- }
+- } while (heaplist_next(handle, &hlist)
+- && (!good
+- || (GetTickCount() - starttime) < MAXDELAY));
+- }
+-# endif
+-
+- /* process walking */
+- /*
+- * PROCESSENTRY32 contains 9 fields that will change with
+- * each entry. Consider each field a source of 1 byte of
+- * entropy.
+- */
+- p.dwSize = sizeof(PROCESSENTRY32);
+-
+- if (good)
+- starttime = GetTickCount();
+- if (process_first(handle, &p))
+- do
+- RAND_add(&p, p.dwSize, 9);
+- while (process_next(handle, &p)
+- && (!good
+- || (GetTickCount() - starttime) < MAXDELAY));
+-
+- /* thread walking */
+- /*
+- * THREADENTRY32 contains 6 fields that will change with each
+- * entry. Consider each field a source of 1 byte of entropy.
+- */
+- t.dwSize = sizeof(THREADENTRY32);
+- if (good)
+- starttime = GetTickCount();
+- if (thread_first(handle, &t))
+- do
+- RAND_add(&t, t.dwSize, 6);
+- while (thread_next(handle, &t)
+- && (!good
+- || (GetTickCount() - starttime) < MAXDELAY));
+-
+- /* module walking */
+- /*
+- * MODULEENTRY32 contains 9 fields that will change with each
+- * entry. Consider each field a source of 1 byte of entropy.
+- */
+- m.dwSize = sizeof(MODULEENTRY32);
+- if (good)
+- starttime = GetTickCount();
+- if (module_first(handle, &m))
+- do
+- RAND_add(&m, m.dwSize, 9);
+- while (module_next(handle, &m)
+- && (!good
+- || (GetTickCount() - starttime) < MAXDELAY));
+- if (close_snap)
+- close_snap(handle);
+- else
+- CloseHandle(handle);
+-
+- }
+-
+- FreeLibrary(kernel);
++# else
++ /* poll the CryptoAPI PRNG */
++ /* The CryptoAPI returns sizeof(buf) bytes of randomness */
++ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
++ if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
++ RAND_add(buf, sizeof(buf), sizeof(buf));
+ }
++ CryptReleaseContext(hProvider, 0);
+ }
+-# endif /* !OPENSSL_SYS_WINCE */
++
++ /* poll the Pentium PRG with CryptoAPI */
++ if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
++ if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
++ RAND_add(buf, sizeof(buf), sizeof(buf));
++ }
++ CryptReleaseContext(hProvider, 0);
++ }
++# endif
+
+ /* timer data */
+ readtimer();
+@@ -567,50 +82,18 @@ int RAND_poll(void)
+ return (1);
+ }
+
++#if OPENSSL_API_COMPAT < 0x00101000L
+ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+ {
+- double add_entropy = 0;
+-
+- switch (iMsg) {
+- case WM_KEYDOWN:
+- {
+- static WPARAM key;
+- if (key != wParam)
+- add_entropy = 0.05;
+- key = wParam;
+- }
+- break;
+- case WM_MOUSEMOVE:
+- {
+- static int lastx, lasty, lastdx, lastdy;
+- int x, y, dx, dy;
+-
+- x = LOWORD(lParam);
+- y = HIWORD(lParam);
+- dx = lastx - x;
+- dy = lasty - y;
+- if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0)
+- add_entropy = .2;
+- lastx = x, lasty = y;
+- lastdx = dx, lastdy = dy;
+- }
+- break;
+- }
+-
+- readtimer();
+- RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+- RAND_add(&wParam, sizeof(wParam), 0);
+- RAND_add(&lParam, sizeof(lParam), 0);
+-
+- return (RAND_status());
++ RAND_poll();
++ return RAND_status();
+ }
+
+ void RAND_screen(void)
+-{ /* function available for backward
+- * compatibility */
++{
+ RAND_poll();
+- readscreen();
+ }
++#endif
+
+ /* feed timing information to the PRNG */
+ static void readtimer(void)
+@@ -649,91 +132,4 @@ static void readtimer(void)
+ }
+ }
+
+-/* feed screen contents to PRNG */
+-/*****************************************************************************
+- *
+- * Created 960901 by Gertjan van Oosten, gertjan at West.NL, West Consulting B.V.
+- *
+- * Code adapted from
+- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
+- * the original copyright message is:
+- *
+- * (C) Copyright Microsoft Corp. 1993. All rights reserved.
+- *
+- * You have a royalty-free right to use, modify, reproduce and
+- * distribute the Sample Files (and/or any modified version) in
+- * any way you find useful, provided that you agree that
+- * Microsoft has no warranty obligations or liability for any
+- * Sample Application Files which are modified.
+- */
+-
+-static void readscreen(void)
+-{
+-# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
+- HDC hScrDC; /* screen DC */
+- HBITMAP hBitmap; /* handle for our bitmap */
+- BITMAP bm; /* bitmap properties */
+- unsigned int size; /* size of bitmap */
+- char *bmbits; /* contents of bitmap */
+- int w; /* screen width */
+- int h; /* screen height */
+- int y; /* y-coordinate of screen lines to grab */
+- int n = 16; /* number of screen lines to grab at a time */
+- BITMAPINFOHEADER bi; /* info about the bitmap */
+-
+- if (check_winnt() && OPENSSL_isservice() > 0)
+- return;
+-
+- /* Get a reference to the screen DC */
+- hScrDC = GetDC(NULL);
+-
+- /* Get screen resolution */
+- w = GetDeviceCaps(hScrDC, HORZRES);
+- h = GetDeviceCaps(hScrDC, VERTRES);
+-
+- /* Create a bitmap compatible with the screen DC */
+- hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+-
+- /* Get bitmap properties */
+- GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
+- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+-
+- bi.biSize = sizeof(BITMAPINFOHEADER);
+- bi.biWidth = bm.bmWidth;
+- bi.biHeight = bm.bmHeight;
+- bi.biPlanes = bm.bmPlanes;
+- bi.biBitCount = bm.bmBitsPixel;
+- bi.biCompression = BI_RGB;
+- bi.biSizeImage = 0;
+- bi.biXPelsPerMeter = 0;
+- bi.biYPelsPerMeter = 0;
+- bi.biClrUsed = 0;
+- bi.biClrImportant = 0;
+-
+- bmbits = OPENSSL_malloc(size);
+- if (bmbits != NULL) {
+- /* Now go through the whole screen, repeatedly grabbing n lines */
+- for (y = 0; y < h - n; y += n) {
+- unsigned char md[MD_DIGEST_LENGTH];
+-
+- /* Copy the bits of the current line range into the buffer */
+- GetDIBits(hScrDC, hBitmap, y, n,
+- bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS);
+-
+- /* Get the hash of the bitmap */
+- MD(bmbits, size, md);
+-
+- /* Seed the random generator with the hash value */
+- RAND_add(md, MD_DIGEST_LENGTH, 0);
+- }
+-
+- OPENSSL_free(bmbits);
+- }
+-
+- /* Clean up */
+- DeleteObject(hBitmap);
+- ReleaseDC(NULL, hScrDC);
+-# endif /* !OPENSSL_SYS_WINCE */
+-}
+-
+ #endif
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
-index 3ee6bf5..49f5405 100644
+index 3ee6bf5a162e..49f5405dbcbc 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -1,67 +1,14 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -67778,9 +73365,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -67835,6 +73420,8 @@
#ifdef OPENSSL_SYS_VMS
/*
+- * This declaration is a nasty hack to get around vms' extension to fopen for
+- * passing in sharing options being disabled by our /STANDARD=ANSI89
+ * Misc hacks needed for specific cases.
+ *
+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
@@ -67842,7 +73429,9 @@
+ * stdio function return this type (a study of stdio.h proves it).
+ * Additionally, we create a similar char pointer type for the sake of
+ * vms_setbuf below.
-+ */
+ */
+-static FILE *(*const vms_fopen)(const char *, const char *, ...) =
+- (FILE *(*)(const char *, const char *, ...))fopen;
+# if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
@@ -67865,12 +73454,9 @@
+ setbuf((__FILE_ptr32)fp, (char_ptr32)buf);
+}
+/*
- * This declaration is a nasty hack to get around vms' extension to fopen for
-- * passing in sharing options being disabled by our /STANDARD=ANSI89
++ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by /STANDARD=ANSI89
- */
--static FILE *(*const vms_fopen)(const char *, const char *, ...) =
-- (FILE *(*)(const char *, const char *, ...))fopen;
++ */
+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
+ (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
@@ -67924,7 +73510,7 @@
diff --git a/crypto/rc2/Makefile.in b/crypto/rc2/Makefile.in
deleted file mode 100644
-index 1a09360..0000000
+index 1a09360c38d4..000000000000
--- a/crypto/rc2/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -67972,7 +73558,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
-index b574c96..2b59353 100644
+index b574c96c124a..2b59353b1154 100644
--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
@@ -1,58 +1,10 @@
@@ -68041,7 +73627,7 @@
#include <openssl/rc2.h>
diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
-index 047c0fc..b87931f 100644
+index 047c0fc04da1..b87931f2a6c4 100644
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -1,58 +1,10 @@
@@ -68110,7 +73696,7 @@
#include <openssl/rc2.h>
diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h
-index ba1880c..a9a57d6 100644
+index ba1880c52fe2..a9a57d6126c5 100644
--- a/crypto/rc2/rc2_locl.h
+++ b/crypto/rc2/rc2_locl.h
@@ -1,58 +1,10 @@
@@ -68179,13 +73765,15 @@
#undef c2l
diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
-index 52a3710..55d8ba3 100644
+index 52a371030dc9..55d8ba37155c 100644
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -68233,9 +73821,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -68248,13 +73834,15 @@
#include <openssl/rc2.h>
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
-index bb3df00..e11093d 100644
+index bb3df006558e..e11093db9e21 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -68302,9 +73890,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -68317,13 +73903,15 @@
#include <openssl/rc2.h>
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
-index aec7ba3..d610278 100644
+index aec7ba303a58..d610278a9bdc 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -68371,9 +73959,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -68385,8 +73971,233 @@
*/
#include <openssl/rc2.h>
+diff --git a/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc
+deleted file mode 100644
+index f93ee003d2f8..000000000000
+--- a/crypto/rc2/rrc2.doc
++++ /dev/null
+@@ -1,219 +0,0 @@
+->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
+-Article 23601 of sci.crypt:
+-Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
+->From: pgut01 at cs.auckland.ac.nz (Peter Gutmann)
+-Newsgroups: sci.crypt
+-Subject: Specification for Ron Rivests Cipher No.2
+-Date: 11 Feb 1996 06:45:03 GMT
+-Organization: University of Auckland
+-Lines: 203
+-Sender: pgut01 at cs.auckland.ac.nz (Peter Gutmann)
+-Message-ID: <4fk39f$f70 at net.auckland.ac.nz>
+-NNTP-Posting-Host: cs26.cs.auckland.ac.nz
+-X-Newsreader: NN version 6.5.0 #3 (NOV)
+-
+-
+-
+-
+- Ron Rivest's Cipher No.2
+- ------------------------
+-
+-Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
+-refer to it by other names) is word oriented, operating on a block of 64 bits
+-divided into four 16-bit words, with a key table of 64 words. All data units
+-are little-endian. This functional description of the algorithm is based in
+-the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
+-the same general layout, terminology, and pseudocode style.
+-
+-
+-Notation and RRC.2 Primitive Operations
+-
+-RRC.2 uses the following primitive operations:
+-
+-1. Two's-complement addition of words, denoted by "+". The inverse operation,
+- subtraction, is denoted by "-".
+-2. Bitwise exclusive OR, denoted by "^".
+-3. Bitwise AND, denoted by "&".
+-4. Bitwise NOT, denoted by "~".
+-5. A left-rotation of words; the rotation of word x left by y is denoted
+- x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
+-
+-These operations are directly and efficiently supported by most processors.
+-
+-
+-The RRC.2 Algorithm
+-
+-RRC.2 consists of three components, a *key expansion* algorithm, an
+-*encryption* algorithm, and a *decryption* algorithm.
+-
+-
+-Key Expansion
+-
+-The purpose of the key-expansion routine is to expand the user's key K to fill
+-the expanded key array S, so S resembles an array of random binary words
+-determined by the user's secret key K.
+-
+-Initialising the S-box
+-
+-RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
+-Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
+-cryptography by enough time that there should be no concerns about trapdoors
+-hidden in the data. They have been published widely, and the S-box can be
+-easily recreated from the one-time pad values and the Beale Cipher data taken
+-from a standard source. To initialise the S-box:
+-
+- for i = 0 to 255 do
+- sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
+-
+-The contents of Beale Cipher No.1 and the necessary one-time pad are given as
+-an appendix at the end of this document. For efficiency, implementors may wish
+-to skip the Beale Cipher expansion and store the sBox table directly.
+-
+-Expanding the Secret Key to 128 Bytes
+-
+-The secret key is first expanded to fill 128 bytes (64 words). The expansion
+-consists of taking the sum of the first and last bytes in the user key, looking
+-up the sum (modulo 256) in the S-box, and appending the result to the key. The
+-operation is repeated with the second byte and new last byte of the key until
+-all 128 bytes have been generated. Note that the following pseudocode treats
+-the S array as an array of 128 bytes rather than 64 words.
+-
+- for j = 0 to length-1 do
+- S[ j ] = K[ j ]
+- for j = length to 127 do
+- s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
+-
+-At this point it is possible to perform a truncation of the effective key
+-length to ease the creation of espionage-enabled software products. However
+-since the author cannot conceive why anyone would want to do this, it will not
+-be considered further.
+-
+-The final phase of the key expansion involves replacing the first byte of S
+-with the entry selected from the S-box:
+-
+- S[ 0 ] = sBox[ S[ 0 ] ]
+-
+-
+-Encryption
+-
+-The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
+-rounds perform an additional transformation on the data. Note that the
+-following pseudocode treats the S array as an array of 64 words rather than 128
+-bytes.
+-
+- for i = 0 to 15 do
+- j = i * 4;
+- word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
+- word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
+- word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
+- word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
+-
+-In addition the fifth and eleventh rounds add the contents of the S-box indexed
+-by one of the data words to another of the data words following the four
+-subrounds as follows:
+-
+- word0 = word0 + S[ word3 & 63 ];
+- word1 = word1 + S[ word0 & 63 ];
+- word2 = word2 + S[ word1 & 63 ];
+- word3 = word3 + S[ word2 & 63 ];
+-
+-
+-Decryption
+-
+-The decryption operation is simply the inverse of the encryption operation.
+-Note that the following pseudocode treats the S array as an array of 64 words
+-rather than 128 bytes.
+-
+- for i = 15 downto 0 do
+- j = i * 4;
+- word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
+- word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
+- word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
+- word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
+-
+-In addition the fifth and eleventh rounds subtract the contents of the S-box
+-indexed by one of the data words from another one of the data words following
+-the four subrounds as follows:
+-
+- word3 = word3 - S[ word2 & 63 ]
+- word2 = word2 - S[ word1 & 63 ]
+- word1 = word1 - S[ word0 & 63 ]
+- word0 = word0 - S[ word3 & 63 ]
+-
+-
+-Test Vectors
+-
+-The following test vectors may be used to test the correctness of an RRC.2
+-implementation:
+-
+- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+- Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
+-
+- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+- Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
+-
+- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+- Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+- Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
+-
+- Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+- Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
+-
+-
+-Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
+- Creating the S-Box
+-
+-Beale Cipher No.1.
+-
+- 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
+- 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
+- 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
+- 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
+- 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
+- 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
+- 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
+- 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
+- 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
+- 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
+- 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
+- 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
+- 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
+- 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
+- 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
+- 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
+-
+-One-time Pad.
+-
+- 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
+- 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
+- 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
+- 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
+- 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
+- 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
+- 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
+- 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
+- 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
+- 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
+- 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
+- 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
+- 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
+- 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
+- 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
+- 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
+-
+-
+-Implementation
+-
+-A non-US based programmer who has never seen any encryption code before will
+-shortly be implementing RRC.2 based solely on this specification and not on
+-knowledge of any other encryption algorithms. Stand by.
+-
+-
+-
diff --git a/crypto/rc2/tab.c b/crypto/rc2/tab.c
-index 0534e37..bc95dc4 100644
+index 0534e37506c8..bc95dc4040f1 100644
--- a/crypto/rc2/tab.c
+++ b/crypto/rc2/tab.c
@@ -1,3 +1,12 @@
@@ -68402,9 +74213,37 @@
#include <stdio.h>
unsigned char ebits_to_num[256] = {
+diff --git a/crypto/rc2/version b/crypto/rc2/version
+deleted file mode 100644
+index 9db89544d8fa..000000000000
+--- a/crypto/rc2/version
++++ /dev/null
+@@ -1,22 +0,0 @@
+-1.1 23/08/96 - eay
+- Changed RC2_set_key() so it now takes another argument. Many
+- thanks to Peter Gutmann <pgut01 at cs.auckland.ac.nz> for the
+- clarification and original specification of RC2. BSAFE uses
+- this last parameter, 'bits'. It the key is 128 bits, BSAFE
+- also sets this parameter to 128. The old behaviour can be
+- duplicated by setting this parameter to 1024.
+-
+-1.0 08/04/96 - eay
+- First version of SSLeay with rc2. This has been written from the spec
+- posted sci.crypt. It is in this directory under rrc2.doc
+- I have no test values for any mode other than ecb, my wrappers for the
+- other modes should be ok since they are basically the same as
+- the ones taken from idea and des :-). I have implemented them as
+- little-endian operators.
+- While rc2 is included because it is used with SSL, I don't know how
+- far I trust it. It is about the same speed as IDEA and DES.
+- So if you are paranoid, used Tripple DES, else IDEA. If RC2
+- does get used more, perhaps more people will look for weaknesses in
+- it.
+-
+-
diff --git a/crypto/rc4/Makefile.in b/crypto/rc4/Makefile.in
deleted file mode 100644
-index 816ec2f..0000000
+index 816ec2fb83d1..000000000000
--- a/crypto/rc4/Makefile.in
+++ /dev/null
@@ -1,71 +0,0 @@
@@ -68480,7 +74319,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl
-index a517adb..9361777 100644
+index a517adb735fd..936177778d45 100644
--- a/crypto/rc4/asm/rc4-586.pl
+++ b/crypto/rc4/asm/rc4-586.pl
@@ -1,4 +1,11 @@
@@ -68497,7 +74336,7 @@
# ====================================================================
# [Re]written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl
-index 6e5fe05..daed75c 100644
+index 6e5fe0549d87..daed75c750c2 100644
--- a/crypto/rc4/asm/rc4-c64xplus.pl
+++ b/crypto/rc4/asm/rc4-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -68514,7 +74353,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/rc4/asm/rc4-ia64.pl b/crypto/rc4/asm/rc4-ia64.pl
-index b83e53a..5e8f5f5 100644
+index b83e53a60501..5e8f5f55b240 100644
--- a/crypto/rc4/asm/rc4-ia64.pl
+++ b/crypto/rc4/asm/rc4-ia64.pl
@@ -1,4 +1,11 @@
@@ -68531,7 +74370,7 @@
# ====================================================================
# Written by David Mosberger <David.Mosberger at acm.org> based on the
diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl
-index a92fe92..642e2b8 100644
+index a92fe92269fd..890161bac52d 100644
--- a/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -1,4 +1,11 @@
@@ -68547,8 +74386,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -57,7 +64,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl
-index bc366ec..006b6b0 100644
+index bc366ecb60fb..006b6b01af7d 100644
--- a/crypto/rc4/asm/rc4-parisc.pl
+++ b/crypto/rc4/asm/rc4-parisc.pl
@@ -1,4 +1,11 @@
@@ -68565,7 +74413,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl
-index fa6a23e..5589503 100644
+index fa6a23e1daf9..5589503aa244 100644
--- a/crypto/rc4/asm/rc4-s390x.pl
+++ b/crypto/rc4/asm/rc4-s390x.pl
@@ -1,4 +1,11 @@
@@ -68582,7 +74430,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
-index 4675106..900d209 100755
+index 46751064ea0f..5ae0c6dd4990 100755
--- a/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/rc4/asm/rc4-x86_64.pl
@@ -1,4 +1,11 @@
@@ -68598,8 +74446,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+@@ -115,7 +122,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $dat="%rdi"; # arg1
diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c
-index e7397b4..be11bad 100644
+index e7397b43c772..be11bade7bc0 100644
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@@ -1,58 +1,10 @@
@@ -68668,7 +74525,7 @@
#include <openssl/rc4.h>
diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h
-index 3ab2570..4380add 100644
+index 3ab25705ccd3..4380addbccb2 100644
--- a/crypto/rc4/rc4_locl.h
+++ b/crypto/rc4/rc4_locl.h
@@ -1,3 +1,12 @@
@@ -68685,7 +74542,7 @@
# define HEADER_RC4_LOCL_H
diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
-index 9931a61..16f81a4 100644
+index 9931a61008b0..16f81a4d3e92 100644
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -1,58 +1,10 @@
@@ -68755,7 +74612,7 @@
#include <openssl/rc4.h>
diff --git a/crypto/rc5/Makefile.in b/crypto/rc5/Makefile.in
deleted file mode 100644
-index 554d0ef..0000000
+index 554d0eff8b41..000000000000
--- a/crypto/rc5/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -68811,7 +74668,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl
-index a0d85f2..e3e1c64 100644
+index a0d85f2ba953..e3e1c6424295 100644
--- a/crypto/rc5/asm/rc5-586.pl
+++ b/crypto/rc5/asm/rc5-586.pl
@@ -1,4 +1,11 @@
@@ -68828,7 +74685,7 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c
-index b762b1e..c32f38e 100644
+index b762b1e36727..c32f38e473e8 100644
--- a/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
@@ -1,58 +1,10 @@
@@ -68897,7 +74754,7 @@
#include <openssl/rc5.h>
diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c
-index 8bcbad9..58631de 100644
+index 8bcbad9c5efc..58631dee20d2 100644
--- a/crypto/rc5/rc5_enc.c
+++ b/crypto/rc5/rc5_enc.c
@@ -1,58 +1,10 @@
@@ -68966,7 +74823,7 @@
#include <stdio.h>
diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h
-index 6b34f92..33a709b 100644
+index 6b34f923a662..33a709b4537e 100644
--- a/crypto/rc5/rc5_locl.h
+++ b/crypto/rc5/rc5_locl.h
@@ -1,58 +1,10 @@
@@ -69035,7 +74892,7 @@
#include <stdlib.h>
diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c
-index bfbb419..943a784 100644
+index bfbb419e09b3..943a7849bb89 100644
--- a/crypto/rc5/rc5_skey.c
+++ b/crypto/rc5/rc5_skey.c
@@ -1,58 +1,10 @@
@@ -69104,13 +74961,15 @@
#include <openssl/rc5.h>
diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
-index 70d8d23..9a8aa6b 100644
+index 70d8d23661d7..9a8aa6b244c9 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -69158,9 +75017,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -69173,13 +75030,15 @@
#include <openssl/rc5.h>
diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
-index 81c2005..3a41d77 100644
+index 81c2005dcbd8..3a41d773cb6e 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -69227,9 +75086,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -69241,9 +75098,85 @@
*/
#include <openssl/rc5.h>
+diff --git a/crypto/rc5/rc5s.cpp b/crypto/rc5/rc5s.cpp
+deleted file mode 100644
+index 1c5518bc8045..000000000000
+--- a/crypto/rc5/rc5s.cpp
++++ /dev/null
+@@ -1,70 +0,0 @@
+-//
+-// gettsc.inl
+-//
+-// gives access to the Pentium's (secret) cycle counter
+-//
+-// This software was written by Leonard Janke (janke at unixg.ubc.ca)
+-// in 1996-7 and is entered, by him, into the public domain.
+-
+-#if defined(__WATCOMC__)
+-void GetTSC(unsigned long&);
+-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+-#elif defined(__GNUC__)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- asm volatile(".byte 15, 49\n\t"
+- : "=eax" (tsc)
+- :
+- : "%edx", "%eax");
+-}
+-#elif defined(_MSC_VER)
+-inline
+-void GetTSC(unsigned long& tsc)
+-{
+- unsigned long a;
+- __asm _emit 0fh
+- __asm _emit 31h
+- __asm mov a, eax;
+- tsc=a;
+-}
+-#endif
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <openssl/rc5.h>
+-
+-void main(int argc,char *argv[])
+- {
+- RC5_32_KEY key;
+- unsigned long s1,s2,e1,e2;
+- unsigned long data[2];
+- int i,j;
+- static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+-
+- RC5_32_set_key(&key, 16,d,12);
+-
+- for (j=0; j<6; j++)
+- {
+- for (i=0; i<1000; i++) /**/
+- {
+- RC5_32_encrypt(&data[0],&key);
+- GetTSC(s1);
+- RC5_32_encrypt(&data[0],&key);
+- RC5_32_encrypt(&data[0],&key);
+- RC5_32_encrypt(&data[0],&key);
+- GetTSC(e1);
+- GetTSC(s2);
+- RC5_32_encrypt(&data[0],&key);
+- RC5_32_encrypt(&data[0],&key);
+- RC5_32_encrypt(&data[0],&key);
+- RC5_32_encrypt(&data[0],&key);
+- GetTSC(e2);
+- RC5_32_encrypt(&data[0],&key);
+- }
+-
+- printf("cast %d %d (%d)\n",
+- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+- }
+- }
+-
diff --git a/crypto/ripemd/Makefile.in b/crypto/ripemd/Makefile.in
deleted file mode 100644
-index 4a87049..0000000
+index 4a870499b9fe..000000000000
--- a/crypto/ripemd/Makefile.in
+++ /dev/null
@@ -1,51 +0,0 @@
@@ -69299,7 +75232,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl
-index fd32a73..544c496 100644
+index fd32a73606e5..544c496f0783 100644
--- a/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/ripemd/asm/rmd-586.pl
@@ -1,4 +1,11 @@
@@ -69316,7 +75249,7 @@
# Normal is the
# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c
-index fc50d5c..a1670c7 100644
+index fc50d5c8b3e8..a1670c7fbd83 100644
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
@@ -1,58 +1,10 @@
@@ -69385,13 +75318,15 @@
#include <stdio.h>
diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h
-index c08178c..9c5ba15 100644
+index c08178c0eb0f..9c5ba15130e6 100644
--- a/crypto/ripemd/rmd_locl.h
+++ b/crypto/ripemd/rmd_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -69439,9 +75374,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -69463,7 +75396,7 @@
# endif
#endif
diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c
-index 31f052c..c3193bd 100644
+index 31f052c786ae..c3193bd72380 100644
--- a/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
@@ -1,58 +1,10 @@
@@ -69532,7 +75465,7 @@
#include <stdio.h>
diff --git a/crypto/ripemd/rmdconst.h b/crypto/ripemd/rmdconst.h
-index f8d8723..b810132 100644
+index f8d8723b1073..b81013239bbe 100644
--- a/crypto/ripemd/rmdconst.h
+++ b/crypto/ripemd/rmdconst.h
@@ -1,59 +1,12 @@
@@ -69604,7 +75537,7 @@
#define KL2 0x6ED9EBA1L
diff --git a/crypto/rsa/Makefile.in b/crypto/rsa/Makefile.in
deleted file mode 100644
-index 199d887..0000000
+index 199d887bdfc1..000000000000
--- a/crypto/rsa/Makefile.in
+++ /dev/null
@@ -1,49 +0,0 @@
@@ -69658,7 +75591,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index 4ff2665..4f9c056 100644
+index 4ff2665d60f9..d55cf330b9a2 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1,59 +1,10 @@
@@ -69739,8 +75672,17 @@
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
+@@ -875,7 +827,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+ }
+ #endif
+
+-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
++const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
+ {
+ EVP_PKEY_RSA,
+ EVP_PKEY_RSA,
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
-index da8b240..20f8ebf 100644
+index da8b2406dd4b..20f8ebfa8a5a 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -1,59 +1,10 @@
@@ -69809,7 +75751,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
-index f780508..0adf169 100644
+index f78050876c77..0adf169aee59 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -1,50 +1,10 @@
@@ -69870,7 +75812,7 @@
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c
-index 6cc3c70..aca085a 100644
+index 6cc3c70ec3ef..9cd733b2c338 100644
--- a/crypto/rsa/rsa_crpt.c
+++ b/crypto/rsa/rsa_crpt.c
@@ -1,58 +1,10 @@
@@ -69938,8 +75880,40 @@
*/
#include <stdio.h>
+@@ -195,23 +147,18 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+ }
+
+ {
+- BIGNUM *local_n = NULL, *n;
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- /* Set BN_FLG_CONSTTIME flag */
+- local_n = n = BN_new();
+- if (local_n == NULL) {
+- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
+- BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+- } else {
+- n = rsa->n;
++ BIGNUM *n = BN_new();
++
++ if (n == NULL) {
++ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
++ goto err;
+ }
++ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+
+ ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
+ rsa->_method_mod_n);
+- /* We MUST free local_n before any further use of rsa->n */
+- BN_free(local_n);
++ /* We MUST free n before any further use of rsa->n */
++ BN_free(n);
+ }
+ if (ret == NULL) {
+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
-index 18e4065..21e0562 100644
+index 18e406594a76..21e0562525d0 100644
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -1,55 +1,10 @@
@@ -70005,7 +75979,7 @@
/*
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
-index 811fcfe..a92ea5d 100644
+index 811fcfe85995..a92ea5d026d1 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,61 +1,11 @@
@@ -70177,13 +76151,15 @@
"unsupported encryption type"},
{ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index c456258..b25d76e 100644
+index c4562589e10c..5c6b6192e6ac 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -70231,9 +76207,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -70245,8 +76219,97 @@
*/
/*
+@@ -185,64 +137,51 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+ if (!BN_mul(r0, r1, r2, ctx))
+ goto err; /* (p-1)(q-1) */
+ {
+- BIGNUM *local_r0 = NULL, *pr0;
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- pr0 = local_r0 = BN_new();
+- if (local_r0 == NULL)
+- goto err;
+- BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+- } else {
+- pr0 = r0;
+- }
++ BIGNUM *pr0 = BN_new();
++
++ if (pr0 == NULL)
++ goto err;
++ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
+- BN_free(local_r0);
++ BN_free(pr0);
+ goto err; /* d */
+ }
+- /* We MUST free local_r0 before any further use of r0 */
+- BN_free(local_r0);
++ /* We MUST free pr0 before any further use of r0 */
++ BN_free(pr0);
+ }
+
+ {
+- BIGNUM *local_d = NULL, *d;
+- /* set up d for correct BN_FLG_CONSTTIME flag */
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- d = local_d = BN_new();
+- if (local_d == NULL)
+- goto err;
+- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+- } else {
+- d = rsa->d;
+- }
++ BIGNUM *d = BN_new();
++
++ if (d == NULL)
++ goto err;
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+ if ( /* calculate d mod (p-1) */
+ !BN_mod(rsa->dmp1, d, r1, ctx)
+ /* calculate d mod (q-1) */
+ || !BN_mod(rsa->dmq1, d, r2, ctx)) {
+- BN_free(local_d);
++ BN_free(d);
+ goto err;
+ }
+- /* We MUST free local_d before any further use of rsa->d */
+- BN_free(local_d);
++ /* We MUST free d before any further use of rsa->d */
++ BN_free(d);
+ }
+
+ {
+- BIGNUM *local_p = NULL, *p;
++ BIGNUM *p = BN_new();
++
++ if (p == NULL)
++ goto err;
++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+ /* calculate inverse of q mod p */
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- p = local_p = BN_new();
+- if (local_p == NULL)
+- goto err;
+- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+- } else {
+- p = rsa->p;
+- }
+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
+- BN_free(local_p);
++ BN_free(p);
+ goto err;
+ }
+- /* We MUST free local_p before any further use of rsa->p */
+- BN_free(local_p);
++ /* We MUST free p before any further use of rsa->p */
++ BN_free(p);
+ }
+
+ ok = 1;
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
-index 7ee575d..4f93cbc 100644
+index 7ee575d66397..4f93cbcc4301 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1,58 +1,10 @@
@@ -70496,7 +76559,7 @@
return 1;
}
diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h
-index 598fcb7..5d16aa6 100644
+index 598fcb746bbe..5d16aa6f4372 100644
--- a/crypto/rsa/rsa_locl.h
+++ b/crypto/rsa/rsa_locl.h
@@ -1,11 +1,10 @@
@@ -70515,7 +76578,7 @@
#include <openssl/rsa.h>
diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c
-index 6c7679d..ef0dc97 100644
+index 6c7679dc1a9b..ef0dc9751f24 100644
--- a/crypto/rsa/rsa_meth.c
+++ b/crypto/rsa/rsa_meth.c
@@ -1,15 +1,15 @@
@@ -70576,25 +76639,26 @@
int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
{
+- OPENSSL_free(meth->name);
+- meth->name = OPENSSL_strdup(name);
+ char *tmpname;
-+
+
+- return meth->name != NULL;
+ tmpname = OPENSSL_strdup(name);
+ if (tmpname == NULL) {
+ RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
- OPENSSL_free(meth->name);
-- meth->name = OPENSSL_strdup(name);
++ OPENSSL_free(meth->name);
+ meth->name = tmpname;
-
-- return meth->name != NULL;
++
+ return 1;
}
int RSA_meth_get_flags(RSA_METHOD *meth)
diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
-index c426bd3..006d3bd 100644
+index c426bd33918b..006d3bd617ae 100644
--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
@@ -1,58 +1,10 @@
@@ -70663,7 +76727,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
-index 9f739f7..7f15955 100644
+index 9f739f745def..7f15955aa45a 100644
--- a/crypto/rsa/rsa_null.c
+++ b/crypto/rsa/rsa_null.c
@@ -1,59 +1,10 @@
@@ -70732,7 +76796,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
-index 27a6e78..c459b91 100644
+index 27a6e78823fe..c459b91ed233 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -1,6 +1,10 @@
@@ -70749,7 +76813,7 @@
/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
-index 5c3c0bf..1aeaae9 100644
+index 5c3c0bf95ecc..d8af92dc6ce1 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -1,111 +1,10 @@
@@ -70870,8 +76934,320 @@
*/
#include "internal/cryptlib.h"
+@@ -401,33 +300,27 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+ goto err;
+ } else {
+- BIGNUM *d = NULL, *local_d = NULL;
+-
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- local_d = d = BN_new();
+- if (d == NULL) {
+- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
+- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+- } else {
+- d = rsa->d;
++ BIGNUM *d = BN_new();
++ if (d == NULL) {
++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
++ goto err;
+ }
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
+- BN_free(local_d);
++ BN_free(d);
+ goto err;
+ }
+
+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+ rsa->_method_mod_n)) {
+- BN_free(local_d);
++ BN_free(d);
+ goto err;
+ }
+- /* We MUST free local_d before any further use of rsa->d */
+- BN_free(local_d);
++ /* We MUST free d before any further use of rsa->d */
++ BN_free(d);
+ }
+
+ if (blinding)
+@@ -535,32 +428,26 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+ goto err;
+ } else {
+- BIGNUM *d = NULL, *local_d = NULL;
+-
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- local_d = d = BN_new();
+- if (d == NULL) {
+- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
+- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+- } else {
+- d = rsa->d;
++ BIGNUM *d = BN_new();
++ if (d == NULL) {
++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
++ goto err;
+ }
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
+- BN_free(local_d);
++ BN_free(d);
+ goto err;
+ }
+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+ rsa->_method_mod_n)) {
+- BN_free(local_d);
++ BN_free(d);
+ goto err;
+ }
+- /* We MUST free local_d before any further use of rsa->d */
+- BN_free(local_d);
++ /* We MUST free d before any further use of rsa->d */
++ BN_free(d);
+ }
+
+ if (blinding)
+@@ -709,46 +596,35 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ vrfy = BN_CTX_get(ctx);
+
+ {
+- BIGNUM *local_p = NULL, *local_q = NULL;
+- BIGNUM *p = NULL, *q = NULL;
++ BIGNUM *p = BN_new(), *q = BN_new();
+
+ /*
+ * Make sure BN_mod_inverse in Montgomery initialization uses the
+- * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
++ * BN_FLG_CONSTTIME flag
+ */
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- local_p = p = BN_new();
+- if (p == NULL)
+- goto err;
+- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+-
+- local_q = q = BN_new();
+- if (q == NULL) {
+- BN_free(local_p);
+- goto err;
+- }
+- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+- } else {
+- p = rsa->p;
+- q = rsa->q;
++ if (p == NULL || q == NULL) {
++ BN_free(p);
++ BN_free(q);
++ goto err;
+ }
++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
++ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+
+ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_p, rsa->lock, p, ctx)
+ || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
+ rsa->lock, q, ctx)) {
+- BN_free(local_p);
+- BN_free(local_q);
++ BN_free(p);
++ BN_free(q);
+ goto err;
+ }
+ }
+ /*
+- * We MUST free local_p and local_q before any further use of rsa->p and
+- * rsa->q
++ * We MUST free p and q before any further use of rsa->p and rsa->q
+ */
+- BN_free(local_p);
+- BN_free(local_q);
++ BN_free(p);
++ BN_free(q);
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+@@ -758,72 +634,58 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+
+ /* compute I mod q */
+ {
+- BIGNUM *local_c = NULL;
+- const BIGNUM *c;
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- local_c = BN_new();
+- if (local_c == NULL)
+- goto err;
+- BN_with_flags(local_c, I, BN_FLG_CONSTTIME);
+- c = local_c;
+- } else {
+- c = I;
+- }
++ BIGNUM *c = BN_new();
++ if (c == NULL)
++ goto err;
++ BN_with_flags(c, I, BN_FLG_CONSTTIME);
++
+ if (!BN_mod(r1, c, rsa->q, ctx)) {
+- BN_free(local_c);
++ BN_free(c);
+ goto err;
+ }
+
+ {
+- BIGNUM *local_dmq1 = NULL, *dmq1;
+- /* compute r1^dmq1 mod q */
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- dmq1 = local_dmq1 = BN_new();
+- if (local_dmq1 == NULL) {
+- BN_free(local_c);
+- goto err;
+- }
+- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+- } else {
+- dmq1 = rsa->dmq1;
+- }
+- if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
+- rsa->_method_mod_q)) {
+- BN_free(local_c);
+- BN_free(local_dmq1);
++ BIGNUM *dmq1 = BN_new();
++ if (dmq1 == NULL) {
++ BN_free(c);
+ goto err;
+ }
+- /* We MUST free local_dmq1 before any further use of rsa->dmq1 */
+- BN_free(local_dmq1);
++ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
++
++ /* compute r1^dmq1 mod q */
++ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
++ rsa->_method_mod_q)) {
++ BN_free(c);
++ BN_free(dmq1);
++ goto err;
++ }
++ /* We MUST free dmq1 before any further use of rsa->dmq1 */
++ BN_free(dmq1);
+ }
+
+ /* compute I mod p */
+ if (!BN_mod(r1, c, rsa->p, ctx)) {
+- BN_free(local_c);
++ BN_free(c);
+ goto err;
+ }
+- /* We MUST free local_c before any further use of I */
+- BN_free(local_c);
++ /* We MUST free c before any further use of I */
++ BN_free(c);
+ }
+
+ {
+- BIGNUM *local_dmp1 = NULL, *dmp1;
++ BIGNUM *dmp1 = BN_new();
++ if (dmp1 == NULL)
++ goto err;
++ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
++
+ /* compute r1^dmp1 mod p */
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- dmp1 = local_dmp1 = BN_new();
+- if (local_dmp1 == NULL)
+- goto err;
+- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+- } else {
+- dmp1 = rsa->dmp1;
+- }
+ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
+ rsa->_method_mod_p)) {
+- BN_free(local_dmp1);
++ BN_free(dmp1);
+ goto err;
+ }
+- /* We MUST free local_dmp1 before any further use of rsa->dmp1 */
+- BN_free(local_dmp1);
++ /* We MUST free dmp1 before any further use of rsa->dmp1 */
++ BN_free(dmp1);
+ }
+
+ if (!BN_sub(r0, r0, m1))
+@@ -840,22 +702,17 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ goto err;
+
+ {
+- BIGNUM *local_r1 = NULL, *pr1;
+- /* Turn BN_FLG_CONSTTIME flag on before division operation */
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- pr1 = local_r1 = BN_new();
+- if (local_r1 == NULL)
+- goto err;
+- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+- } else {
+- pr1 = r1;
+- }
++ BIGNUM *pr1 = BN_new();
++ if (pr1 == NULL)
++ goto err;
++ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
++
+ if (!BN_mod(r0, pr1, rsa->p, ctx)) {
+- BN_free(local_r1);
++ BN_free(pr1);
+ goto err;
+ }
+- /* We MUST free local_r1 before any further use of r1 */
+- BN_free(local_r1);
++ /* We MUST free pr1 before any further use of r1 */
++ BN_free(pr1);
+ }
+
+ /*
+@@ -897,24 +754,18 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ * return that instead.
+ */
+
+- BIGNUM *local_d = NULL;
+- BIGNUM *d = NULL;
++ BIGNUM *d = BN_new();
++ if (d == NULL)
++ goto err;
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+- local_d = d = BN_new();
+- if (d == NULL)
+- goto err;
+- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+- } else {
+- d = rsa->d;
+- }
+ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+ rsa->_method_mod_n)) {
+- BN_free(local_d);
++ BN_free(d);
+ goto err;
+ }
+- /* We MUST free local_d before any further use of rsa->d */
+- BN_free(local_d);
++ /* We MUST free d before any further use of rsa->d */
++ BN_free(d);
+ }
+ }
+ ret = 1;
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
-index 68d251b..bac7c26 100644
+index 68d251bc0f4c..bac7c26a1738 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -1,58 +1,10 @@
@@ -70940,7 +77316,7 @@
#include "internal/constant_time_locl.h"
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
-index b128d73..767c4e7 100644
+index b128d736f732..767c4e7247da 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -1,59 +1,10 @@
@@ -71009,7 +77385,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c
-index f9e2572..5e6c599 100644
+index f9e2572f8ce4..5e6c599e46d5 100644
--- a/crypto/rsa/rsa_prn.c
+++ b/crypto/rsa/rsa_prn.c
@@ -1,59 +1,10 @@
@@ -71078,7 +77454,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
-index abd915d..0ec63b2 100644
+index abd915d1d3e4..0ec63b2ec7e7 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,59 +1,10 @@
@@ -71147,7 +77523,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
-index 18bf6c9..9e5fff4 100644
+index 18bf6c984c80..9e5fff450b84 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -1,58 +1,10 @@
@@ -71216,13 +77592,15 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
-index 439d699..8946e19 100644
+index 439d699f789d..8946e19c1740 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -71270,9 +77648,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -71285,7 +77661,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
-index 2762ad0..9ef6b80 100644
+index 2762ad0ce723..9ef6b80ea8ff 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -1,58 +1,10 @@
@@ -71354,7 +77730,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c
-index d8837a1..428a1e7 100644
+index d8837a16cbe8..428a1e725300 100644
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@@ -1,59 +1,10 @@
@@ -71423,7 +77799,7 @@
#include <stdio.h>
diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
-index 1e164e8..9dd993f 100644
+index 1e164e86e145..9dd993fbc0b6 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -1,58 +1,10 @@
@@ -71492,7 +77868,7 @@
#include <stdio.h>
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
-index 47d6b6f..675f2ec 100644
+index 47d6b6ff511c..675f2ecb9231 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
@@ -1,3 +1,12 @@
@@ -71509,10 +77885,20 @@
#include <stdlib.h>
#include <string.h>
diff --git a/crypto/s390xcpuid.S b/crypto/s390xcpuid.S
-index 3402a24..df7b35a 100644
+index 3402a2404bf1..8859e9e64a91 100644
--- a/crypto/s390xcpuid.S
+++ b/crypto/s390xcpuid.S
-@@ -5,14 +5,46 @@
+@@ -1,18 +1,56 @@
+ .text
++// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
++//
++// Licensed under the OpenSSL license (the "License"). You may not use
++// this file except in compliance with the License. You can obtain a copy
++// in the file LICENSE in the source distribution or at
++// https://www.openssl.org/source/license.html
+
+ .globl OPENSSL_s390x_facilities
+ .type OPENSSL_s390x_facilities, at function
.align 16
OPENSSL_s390x_facilities:
lghi %r0,0
@@ -71564,7 +77950,7 @@
br %r14
.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
-@@ -93,6 +125,33 @@ OPENSSL_cleanse:
+@@ -93,6 +131,33 @@
br %r14
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -71580,9 +77966,9 @@
+ je .Lno_data
+
+.Loop_cmp:
-+ llc %r0,0(%r2)
++ llgc %r0,0(%r2)
+ la %r2,1(%r2)
-+ llc %r1,0(%r3)
++ llgc %r1,0(%r3)
+ la %r3,1(%r3)
+ xr %r1,%r0
+ or %r5,%r1
@@ -71598,7 +77984,7 @@
.globl OPENSSL_instrument_bus
.type OPENSSL_instrument_bus, at function
.align 16
-@@ -112,4 +171,4 @@ OPENSSL_instrument_bus2:
+@@ -112,4 +177,4 @@
.section .init
brasl %r14,OPENSSL_cpuid_setup
@@ -71606,7 +77992,7 @@
+.comm OPENSSL_s390xcap_P,80,8
diff --git a/crypto/seed/Makefile.in b/crypto/seed/Makefile.in
deleted file mode 100644
-index 2ae714d..0000000
+index 2ae714d03240..000000000000
--- a/crypto/seed/Makefile.in
+++ /dev/null
@@ -1,44 +0,0 @@
@@ -71655,7 +78041,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c
-index 47ec9bc..c1e9285 100644
+index 47ec9bc7c7c9..c1e928516280 100644
--- a/crypto/seed/seed.c
+++ b/crypto/seed/seed.c
@@ -1,4 +1,13 @@
@@ -71673,7 +78059,7 @@
*
* Redistribution and use in source and binary forms, with or without
diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c
-index 470116c..c9a4fe2 100644
+index 470116c5056c..c9a4fe217b9b 100644
--- a/crypto/seed/seed_cbc.c
+++ b/crypto/seed/seed_cbc.c
@@ -1,51 +1,10 @@
@@ -71735,7 +78121,7 @@
#include <openssl/seed.h>
diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c
-index 6c81a74..2aee1ff 100644
+index 6c81a7451485..2aee1ffe39a6 100644
--- a/crypto/seed/seed_cfb.c
+++ b/crypto/seed/seed_cfb.c
@@ -1,107 +1,10 @@
@@ -71853,7 +78239,7 @@
#include <openssl/seed.h>
diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c
-index 51d8f84..b6e301c 100644
+index 51d8f8464fc1..b6e301ccdaac 100644
--- a/crypto/seed/seed_ecb.c
+++ b/crypto/seed/seed_ecb.c
@@ -1,51 +1,10 @@
@@ -71915,7 +78301,7 @@
#include <openssl/seed.h>
diff --git a/crypto/seed/seed_locl.h b/crypto/seed/seed_locl.h
-index 1c00d29..d4a03fc 100644
+index 1c00d294b50b..d4a03fc4aa85 100644
--- a/crypto/seed/seed_locl.h
+++ b/crypto/seed/seed_locl.h
@@ -1,4 +1,13 @@
@@ -71933,7 +78319,7 @@
*
* Redistribution and use in source and binary forms, with or without
diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c
-index 873e667..b455540 100644
+index 873e6670c96b..b45554058501 100644
--- a/crypto/seed/seed_ofb.c
+++ b/crypto/seed/seed_ofb.c
@@ -1,107 +1,10 @@
@@ -72052,7 +78438,7 @@
#include <openssl/seed.h>
diff --git a/crypto/sha/Makefile.in b/crypto/sha/Makefile.in
deleted file mode 100644
-index 8f24fea..0000000
+index 8f24feaf9720..000000000000
--- a/crypto/sha/Makefile.in
+++ /dev/null
@@ -1,106 +0,0 @@
@@ -72162,8 +78548,15 @@
- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+diff --git a/crypto/sha/asm/README b/crypto/sha/asm/README
+deleted file mode 100644
+index b7e755765fcc..000000000000
+--- a/crypto/sha/asm/README
++++ /dev/null
+@@ -1 +0,0 @@
+-C2.pl works
diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl
-index cd71d1c..0efed70 100644
+index cd71d1ca6444..0efed70a3ed9 100644
--- a/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
@@ -1,4 +1,11 @@
@@ -72180,7 +78573,7 @@
# ====================================================================
# [Re]written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-alpha.pl b/crypto/sha/asm/sha1-alpha.pl
-index 6c4b925..4124958 100644
+index 6c4b9251fd4e..4124958f7816 100644
--- a/crypto/sha/asm/sha1-alpha.pl
+++ b/crypto/sha/asm/sha1-alpha.pl
@@ -1,4 +1,11 @@
@@ -72205,7 +78598,7 @@
print $code;
close STDOUT;
diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
-index 6fd2303..7ff5bfb 100644
+index 6fd23031c9b7..7ff5bfbba6cb 100644
--- a/crypto/sha/asm/sha1-armv4-large.pl
+++ b/crypto/sha/asm/sha1-armv4-large.pl
@@ -1,4 +1,11 @@
@@ -72222,7 +78615,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl
-index 5ef9dc2..39609a4 100644
+index 5ef9dc2551af..39609a45bd45 100644
--- a/crypto/sha/asm/sha1-armv8.pl
+++ b/crypto/sha/asm/sha1-armv8.pl
@@ -1,4 +1,11 @@
@@ -72239,7 +78632,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl
-index ad8b172..4db2bcb 100644
+index ad8b17211f2a..4db2bcb06b31 100644
--- a/crypto/sha/asm/sha1-c64xplus.pl
+++ b/crypto/sha/asm/sha1-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -72256,7 +78649,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl
-index a9d2b7c..dec21f9 100644
+index a9d2b7c71dca..dec21f92d582 100644
--- a/crypto/sha/asm/sha1-ia64.pl
+++ b/crypto/sha/asm/sha1-ia64.pl
@@ -1,4 +1,11 @@
@@ -72273,7 +78666,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl
-index 9de3f15..5ea2206 100644
+index 9de3f156d434..51c73c05ace7 100644
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -1,4 +1,11 @@
@@ -72289,8 +78682,17 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -63,7 +70,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ # void sha1_multi_block (
diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl
-index 26db5cd..882f973 100644
+index 26db5cdad8d8..882f9731cf0d 100644
--- a/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/sha/asm/sha1-mips.pl
@@ -1,4 +1,11 @@
@@ -72316,7 +78718,7 @@
$code=<<___;
#ifdef OPENSSL_FIPSCANISTER
diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl
-index 6e5a328..a85d126 100644
+index 6e5a328a6f1f..a85d126ff060 100644
--- a/crypto/sha/asm/sha1-parisc.pl
+++ b/crypto/sha/asm/sha1-parisc.pl
@@ -1,4 +1,11 @@
@@ -72333,7 +78735,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-ppc.pl b/crypto/sha/asm/sha1-ppc.pl
-index ab65502..7a66e03 100755
+index ab655021ccd6..7a66e0353ee1 100755
--- a/crypto/sha/asm/sha1-ppc.pl
+++ b/crypto/sha/asm/sha1-ppc.pl
@@ -1,4 +1,11 @@
@@ -72350,7 +78752,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl
-index a62cc31..b19606c 100644
+index a62cc31892e2..b19606c5c514 100644
--- a/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/sha/asm/sha1-s390x.pl
@@ -1,4 +1,11 @@
@@ -72388,7 +78790,7 @@
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl
-index 9f20725..7437ff4 100644
+index 9f20725363f1..7437ff4f05fa 100644
--- a/crypto/sha/asm/sha1-sparcv9.pl
+++ b/crypto/sha/asm/sha1-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -72405,7 +78807,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl
-index e81a4dc..f9ed563 100644
+index e81a4dcb0534..f9ed5630e828 100644
--- a/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/crypto/sha/asm/sha1-sparcv9a.pl
@@ -1,4 +1,11 @@
@@ -72422,7 +78824,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl
-index 7c9ea9b..661fd9f 100644
+index 7c9ea9b0296c..661fd9f9ff27 100644
--- a/crypto/sha/asm/sha1-thumb.pl
+++ b/crypto/sha/asm/sha1-thumb.pl
@@ -1,4 +1,11 @@
@@ -72439,7 +78841,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl
-index 8827886..4cefc45 100755
+index 882788654288..e8f61ab82021 100755
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
@@ -1,4 +1,11 @@
@@ -72455,8 +78857,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -115,7 +122,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $shaext=1; ### set to zero if compiling for 1.0.1
+ $avx=1 if (!$shaext && $avx);
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $ctx="%rdi"; # 1st arg
diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl
-index 55d833a..6af1d84 100644
+index 55d833a8bbf8..6af1d84beb2b 100644
--- a/crypto/sha/asm/sha256-586.pl
+++ b/crypto/sha/asm/sha256-586.pl
@@ -1,4 +1,11 @@
@@ -72473,7 +78884,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
-index 621bcdb..55d30cb 100644
+index 621bcdb6284c..55d30cba3a21 100644
--- a/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/sha/asm/sha256-armv4.pl
@@ -1,4 +1,11 @@
@@ -72490,7 +78901,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl
-index 2f775ac..3ab7d9b 100644
+index 2f775ac0050c..3ab7d9b68946 100644
--- a/crypto/sha/asm/sha256-c64xplus.pl
+++ b/crypto/sha/asm/sha256-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -72507,7 +78918,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl
-index 65df8e6..acdffbd 100644
+index 65df8e633351..fbcd29f2e891 100644
--- a/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -1,4 +1,11 @@
@@ -72523,8 +78934,17 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -64,7 +71,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $avx = ($2>=3.0) + ($2>3.0);
+ }
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ # void sha256_multi_block (
diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl
-index d0f9101..0887e06 100644
+index d0f9101092b8..0887e061489a 100644
--- a/crypto/sha/asm/sha512-586.pl
+++ b/crypto/sha/asm/sha512-586.pl
@@ -1,4 +1,11 @@
@@ -72541,7 +78961,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl
-index 0840a8d..22b5a9d 100644
+index 0840a8d8147a..22b5a9d0b132 100644
--- a/crypto/sha/asm/sha512-armv4.pl
+++ b/crypto/sha/asm/sha512-armv4.pl
@@ -1,4 +1,11 @@
@@ -72558,7 +78978,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl
-index 7d69f0f..ef517df 100644
+index 7d69f0f4958d..ef517df64bf3 100644
--- a/crypto/sha/asm/sha512-armv8.pl
+++ b/crypto/sha/asm/sha512-armv8.pl
@@ -1,4 +1,11 @@
@@ -72575,7 +78995,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl
-index 71a1e80..9ebfc92 100644
+index 71a1e80bbb13..9ebfc92e23ae 100644
--- a/crypto/sha/asm/sha512-c64xplus.pl
+++ b/crypto/sha/asm/sha512-c64xplus.pl
@@ -1,4 +1,11 @@
@@ -72592,7 +79012,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-ia64.pl b/crypto/sha/asm/sha512-ia64.pl
-index 4f472d1..356a46a 100755
+index 4f472d12b88a..356a46aced78 100755
--- a/crypto/sha/asm/sha512-ia64.pl
+++ b/crypto/sha/asm/sha512-ia64.pl
@@ -1,4 +1,11 @@
@@ -72609,7 +79029,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl
-index 79429ab..5c2d23f 100644
+index 79429ab749a0..5c2d23faaf63 100644
--- a/crypto/sha/asm/sha512-mips.pl
+++ b/crypto/sha/asm/sha512-mips.pl
@@ -1,4 +1,11 @@
@@ -72660,7 +79080,7 @@
$LD $A,0*$SZ($ctx) # load context
$LD $B,1*$SZ($ctx)
diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl
-index 6cad72e..fcb6157 100755
+index 6cad72e25573..fcb6157902c3 100755
--- a/crypto/sha/asm/sha512-parisc.pl
+++ b/crypto/sha/asm/sha512-parisc.pl
@@ -1,4 +1,11 @@
@@ -72677,7 +79097,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-ppc.pl b/crypto/sha/asm/sha512-ppc.pl
-index 17fdc6e..fe95b01 100755
+index 17fdc6e8e5a9..fe95b0150907 100755
--- a/crypto/sha/asm/sha512-ppc.pl
+++ b/crypto/sha/asm/sha512-ppc.pl
@@ -1,4 +1,11 @@
@@ -72694,7 +79114,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl
-index 7780627..582d393 100644
+index 7780627131e9..582d393cefb5 100644
--- a/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/sha/asm/sha512-s390x.pl
@@ -1,4 +1,11 @@
@@ -72732,7 +79152,7 @@
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl
-index 866a7b0..4a1ce5f 100644
+index 866a7b0999aa..4a1ce5fe3e4e 100644
--- a/crypto/sha/asm/sha512-sparcv9.pl
+++ b/crypto/sha/asm/sha512-sparcv9.pl
@@ -1,4 +1,11 @@
@@ -72749,7 +79169,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl
-index a62acd2..431383b 100755
+index a62acd248f3a..3dbb23ae1166 100755
--- a/crypto/sha/asm/sha512-x86_64.pl
+++ b/crypto/sha/asm/sha512-x86_64.pl
@@ -1,4 +1,11 @@
@@ -72765,8 +79185,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -132,7 +139,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([
+ $shaext=1; ### set to zero if compiling for 1.0.1
+ $avx=1 if (!$shaext && $avx);
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ if ($output =~ /512/) {
diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl
-index 4718950..4d3d3b2 100755
+index 47189502c6cc..4d3d3b2f8c98 100755
--- a/crypto/sha/asm/sha512p8-ppc.pl
+++ b/crypto/sha/asm/sha512p8-ppc.pl
@@ -1,4 +1,11 @@
@@ -72783,7 +79212,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/crypto/sha/build.info b/crypto/sha/build.info
-index 7aa3a91..5843e50 100644
+index 7aa3a9187257..5843e508941d 100644
--- a/crypto/sha/build.info
+++ b/crypto/sha/build.info
@@ -13,7 +13,7 @@ GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
@@ -72796,7 +79225,7 @@
GENERATE[sha1-x86_64.s]=asm/sha1-x86_64.pl $(PERLASM_SCHEME)
GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME)
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
-index 32ec6f1..273ab08 100644
+index 32ec6f184c3a..273ab08dc18f 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -1,58 +1,10 @@
@@ -72865,7 +79294,7 @@
#include <stdio.h>
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
-index fb8e866..819370e 100644
+index fb8e86619196..819370e61540 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -1,58 +1,10 @@
@@ -72934,7 +79363,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
-index 53b6054..5e7ba43 100644
+index 53b605412231..5e7ba439f981 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -1,8 +1,12 @@
@@ -72955,7 +79384,7 @@
#include <stdlib.h>
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
-index 2c8954f..d24d103 100644
+index 2c8954f1c337..d24d103431dc 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -1,8 +1,12 @@
@@ -72976,13 +79405,15 @@
/*-
* IMPLEMENTATION NOTES.
diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
-index 649cded..918278a 100644
+index 649cdeda0905..918278a83f35 100644
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -73030,9 +79461,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -73045,7 +79474,7 @@
#include <stdlib.h>
diff --git a/crypto/sparc_arch.h b/crypto/sparc_arch.h
-index e30d322..99eafb3 100644
+index e30d322a4ae2..99eafb331352 100644
--- a/crypto/sparc_arch.h
+++ b/crypto/sparc_arch.h
@@ -1,3 +1,12 @@
@@ -73090,10 +79519,21 @@
# if defined(OPENSSL_PIC) && !defined(__PIC__)
# define __PIC__
diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S
-index 72c7adf..f48d860 100644
+index 72c7adfc74cb..4c394fa00d9e 100644
--- a/crypto/sparccpuid.S
+++ b/crypto/sparccpuid.S
-@@ -349,6 +349,14 @@ _sparcv9_random:
+@@ -1,3 +1,10 @@
++! Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
++!
++! Licensed under the OpenSSL license (the "License"). You may not use
++! this file except in compliance with the License. You can obtain a copy
++! in the file LICENSE in the source distribution or at
++! https://www.openssl.org/source/license.html
++
+ #ifdef OPENSSL_FIPSCANISTER
+ #include <openssl/fipssyms.h>
+ #endif
+@@ -349,6 +356,14 @@
.type _sparcv9_random,#function
.size _sparcv9_random,.-_sparcv9_vis3_probe
@@ -73108,7 +79548,7 @@
.global OPENSSL_cleanse
.align 32
OPENSSL_cleanse:
-@@ -432,6 +440,40 @@ OPENSSL_cleanse:
+@@ -432,6 +447,40 @@
.type OPENSSL_cleanse,#function
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -73150,7 +79590,7 @@
.align 8
_sparcv9_vis1_instrument_bus:
diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
-index 2058640..92841ce 100644
+index 2058640377b2..92841ce76a3a 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c
@@ -1,3 +1,12 @@
@@ -73232,7 +79672,7 @@
* VIS3 flag, because it goes to uninterruptable endless
diff --git a/crypto/srp/Makefile.in b/crypto/srp/Makefile.in
deleted file mode 100644
-index 78e9a4f..0000000
+index 78e9a4f8733c..000000000000
--- a/crypto/srp/Makefile.in
+++ /dev/null
@@ -1,39 +0,0 @@
@@ -73276,7 +79716,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
-index aefc490..766a0a2 100644
+index aefc4909c0f5..766a0a23bedd 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -1,61 +1,12 @@
@@ -73336,8 +79776,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -73403,7 +79844,7 @@
err:
BN_CTX_free(bn_ctx);
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
-index 78db608..11b9a4b 100644
+index 78db60888efb..11b9a4b58c63 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -1,61 +1,12 @@
@@ -73463,8 +79904,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -73485,7 +79927,7 @@
}
diff --git a/crypto/stack/Makefile.in b/crypto/stack/Makefile.in
deleted file mode 100644
-index e127585..0000000
+index e127585f8483..000000000000
--- a/crypto/stack/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -73533,7 +79975,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
-index d486f33..0076db1 100644
+index d486f335b2eb..0076db139d78 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -1,59 +1,12 @@
@@ -73888,7 +80330,7 @@
return st->sorted;
}
diff --git a/crypto/threads_none.c b/crypto/threads_none.c
-index 4e3b7a5..72bf25b 100644
+index 4e3b7a52e8cf..72bf25b0d5ff 100644
--- a/crypto/threads_none.c
+++ b/crypto/threads_none.c
@@ -1,54 +1,13 @@
@@ -73953,7 +80395,7 @@
#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c
-index edca77c..6f5e812 100644
+index edca77c0b972..6f5e812d97ac 100644
--- a/crypto/threads_pthread.c
+++ b/crypto/threads_pthread.c
@@ -1,54 +1,13 @@
@@ -74018,7 +80460,7 @@
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
diff --git a/crypto/threads_win.c b/crypto/threads_win.c
-index 63647a3..545b9be 100644
+index 63647a39a673..545b9beb873c 100644
--- a/crypto/threads_win.c
+++ b/crypto/threads_win.c
@@ -1,54 +1,13 @@
@@ -74129,7 +80571,7 @@
*key = TlsAlloc();
diff --git a/crypto/ts/Makefile.in b/crypto/ts/Makefile.in
deleted file mode 100644
-index 64156b5..0000000
+index 64156b561e44..000000000000
--- a/crypto/ts/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -74187,7 +80629,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
-index 5d0c598..e60675a 100644
+index 5d0c59869c9c..e60675ab7208 100644
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -1,58 +1,10 @@
@@ -74255,7 +80697,7 @@
#include <openssl/ts.h>
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
-index e610691..f5f3934 100644
+index e61069141634..f5f3934dfd48 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -1,59 +1,10 @@
@@ -74324,7 +80766,7 @@
#include <string.h>
diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
-index b1dd8a1..08217f7 100644
+index b1dd8a1c2cc9..08217f71b31d 100644
--- a/crypto/ts/ts_err.c
+++ b/crypto/ts/ts_err.c
@@ -1,61 +1,11 @@
@@ -74421,7 +80863,7 @@
{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),
"ess add signing cert error"},
diff --git a/crypto/ts/ts_lcl.h b/crypto/ts/ts_lcl.h
-index e3f915c..d0c3cf8 100644
+index e3f915c79536..d0c3cf816e00 100644
--- a/crypto/ts/ts_lcl.h
+++ b/crypto/ts/ts_lcl.h
@@ -1,58 +1,12 @@
@@ -74499,7 +80941,7 @@
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
-index 087334b..bde1bd7 100644
+index 087334bcbd49..bde1bd75e47e 100644
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -1,59 +1,10 @@
@@ -74568,7 +81010,7 @@
#include <stdio.h>
diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c
-index 791715c..0dedf47 100644
+index 791715cce86d..0dedf47d924b 100644
--- a/crypto/ts/ts_req_print.c
+++ b/crypto/ts/ts_req_print.c
@@ -1,59 +1,10 @@
@@ -74637,7 +81079,7 @@
#include <stdio.h>
diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c
-index 5e1114a..a37cf84 100644
+index 5e1114ab9d3c..a37cf84633e5 100644
--- a/crypto/ts/ts_req_utils.c
+++ b/crypto/ts/ts_req_utils.c
@@ -1,59 +1,10 @@
@@ -74706,7 +81148,7 @@
#include <stdio.h>
diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c
-index 643bf4a..6eb0ec8 100644
+index 643bf4ac0a98..6eb0ec8d7504 100644
--- a/crypto/ts/ts_rsp_print.c
+++ b/crypto/ts/ts_rsp_print.c
@@ -1,59 +1,10 @@
@@ -74775,7 +81217,7 @@
#include <stdio.h>
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
-index 0ad6f10..a4acc9e 100644
+index 0ad6f100d6db..a4acc9e8376d 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -1,59 +1,10 @@
@@ -74844,7 +81286,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c
-index 5d0c51a..3747b5c 100644
+index 5d0c51a0b141..3747b5c9da49 100644
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@@ -1,59 +1,10 @@
@@ -74913,7 +81355,7 @@
#include <stdio.h>
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
-index 89b86e1..e13fd90 100644
+index 89b86e1dd322..21da8aaa9e8f 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -1,59 +1,10 @@
@@ -74981,8 +81423,60 @@
*/
#include <stdio.h>
+@@ -396,36 +347,43 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+ unsigned char *imprint = NULL;
+ unsigned imprint_len = 0;
+ int ret = 0;
++ int flags = ctx->flags;
+
+- if ((ctx->flags & TS_VFY_SIGNATURE)
++ /* Some options require us to also check the signature */
++ if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
++ || (flags & TS_VFY_TSA_NAME)) {
++ flags |= TS_VFY_SIGNATURE;
++ }
++
++ if ((flags & TS_VFY_SIGNATURE)
+ && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
+ goto err;
+- if ((ctx->flags & TS_VFY_VERSION)
++ if ((flags & TS_VFY_VERSION)
+ && TS_TST_INFO_get_version(tst_info) != 1) {
+ TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+ goto err;
+ }
+- if ((ctx->flags & TS_VFY_POLICY)
++ if ((flags & TS_VFY_POLICY)
+ && !ts_check_policy(ctx->policy, tst_info))
+ goto err;
+- if ((ctx->flags & TS_VFY_IMPRINT)
++ if ((flags & TS_VFY_IMPRINT)
+ && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+ tst_info))
+ goto err;
+- if ((ctx->flags & TS_VFY_DATA)
++ if ((flags & TS_VFY_DATA)
+ && (!ts_compute_imprint(ctx->data, tst_info,
+ &md_alg, &imprint, &imprint_len)
+ || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+ goto err;
+- if ((ctx->flags & TS_VFY_NONCE)
++ if ((flags & TS_VFY_NONCE)
+ && !ts_check_nonces(ctx->nonce, tst_info))
+ goto err;
+- if ((ctx->flags & TS_VFY_SIGNER)
++ if ((flags & TS_VFY_SIGNER)
+ && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
+ TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+ goto err;
+ }
+- if ((ctx->flags & TS_VFY_TSA_NAME)
++ if ((flags & TS_VFY_TSA_NAME)
+ && !ts_check_signer_name(ctx->tsa_name, signer)) {
+ TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+ goto err;
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
-index b650a00..141385d 100644
+index b650a00bb606..141385d79f6b 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -1,59 +1,10 @@
@@ -75052,7 +81546,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/txt_db/Makefile.in b/crypto/txt_db/Makefile.in
deleted file mode 100644
-index 905ab41..0000000
+index 905ab41ab4a0..000000000000
--- a/crypto/txt_db/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -75100,7 +81594,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
-index 219031e..1432230 100644
+index 219031e507db..14322309a7a1 100644
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -1,58 +1,10 @@
@@ -75188,7 +81682,7 @@
}
diff --git a/crypto/ui/Makefile.in b/crypto/ui/Makefile.in
deleted file mode 100644
-index 665cd2e..0000000
+index 665cd2ee4920..000000000000
--- a/crypto/ui/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
@@ -75236,7 +81730,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c
-index b43356e..03cd2bc 100644
+index b43356e126a4..03cd2bc554e7 100644
--- a/crypto/ui/ui_err.c
+++ b/crypto/ui/ui_err.c
@@ -1,61 +1,11 @@
@@ -75318,7 +81812,7 @@
{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
-index 7b08107..1213892 100644
+index 7b08107f7a46..1213892ad554 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -1,59 +1,10 @@
@@ -75415,7 +81909,7 @@
}
diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h
-index abbdd1c..2953739 100644
+index abbdd1c0b5bb..2953739b76ff 100644
--- a/crypto/ui/ui_locl.h
+++ b/crypto/ui/ui_locl.h
@@ -1,59 +1,10 @@
@@ -75484,7 +81978,7 @@
#ifndef HEADER_UI_LOCL_H
diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
-index 7fc3e17..929f7cb 100644
+index 7fc3e17fb09e..929f7cb4c7eb 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -1,118 +1,10 @@
@@ -75494,7 +81988,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -75598,8 +82093,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -75612,7 +82106,7 @@
#include <openssl/e_os2.h>
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
-index f04ee7c..3b51db9 100644
+index f04ee7c1f4f8..3b51db92cdd8 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -1,55 +1,10 @@
@@ -75678,7 +82172,7 @@
#include <string.h>
diff --git a/crypto/uid.c b/crypto/uid.c
-index 2093947..12df8a4 100644
+index 2093947cfc27..12df8a4e87c0 100644
--- a/crypto/uid.c
+++ b/crypto/uid.c
@@ -1,55 +1,10 @@
@@ -75744,7 +82238,7 @@
#include <openssl/crypto.h>
diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h
-index 09c280e..3b994a0 100644
+index 09c280e87b99..3b994a0aba2c 100644
--- a/crypto/vms_rms.h
+++ b/crypto/vms_rms.h
@@ -1,3 +1,11 @@
@@ -75761,7 +82255,7 @@
diff --git a/crypto/whrlpool/Makefile.in b/crypto/whrlpool/Makefile.in
deleted file mode 100644
-index e6c64b7..0000000
+index e6c64b77c551..000000000000
--- a/crypto/whrlpool/Makefile.in
+++ /dev/null
@@ -1,56 +0,0 @@
@@ -75822,7 +82316,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl
-index a71a29f..f63945c 100644
+index a71a29f522ac..f63945c8b90b 100644
--- a/crypto/whrlpool/asm/wp-mmx.pl
+++ b/crypto/whrlpool/asm/wp-mmx.pl
@@ -1,4 +1,11 @@
@@ -75839,7 +82333,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl
-index 5a3bdbc..a52f0b9 100644
+index 5a3bdbcf20d1..c0b21d13ed49 100644
--- a/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/crypto/whrlpool/asm/wp-x86_64.pl
@@ -1,4 +1,11 @@
@@ -75855,8 +82349,17 @@
#
# ====================================================================
# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+@@ -41,7 +48,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+ ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ sub L() { $code.=".byte ".join(',', at _)."\n"; }
diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c
-index dc652e8..b29f037 100644
+index dc652e87fed3..b29f037bf73e 100644
--- a/crypto/whrlpool/wp_block.c
+++ b/crypto/whrlpool/wp_block.c
@@ -1,3 +1,12 @@
@@ -75873,7 +82376,7 @@
* The Whirlpool hashing function.
*
diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
-index eeb420c..d852db6 100644
+index eeb420c02ff5..d852db6554e8 100644
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -1,3 +1,12 @@
@@ -75890,7 +82393,7 @@
* The Whirlpool hashing function.
*
diff --git a/crypto/whrlpool/wp_locl.h b/crypto/whrlpool/wp_locl.h
-index 6e7b549..3a81cfd 100644
+index 6e7b549e1e85..3a81cfd58c1a 100644
--- a/crypto/whrlpool/wp_locl.h
+++ b/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,12 @@
@@ -75908,7 +82411,7 @@
void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
diff --git a/crypto/x509/Makefile.in b/crypto/x509/Makefile.in
deleted file mode 100644
-index 8b11dc4..0000000
+index 8b11dc436d93..000000000000
--- a/crypto/x509/Makefile.in
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -75970,7 +82473,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
-index 5524117..5473cb1 100644
+index 55241175b5bb..5473cb178afa 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -1,58 +1,10 @@
@@ -76047,7 +82550,7 @@
#include "x509_lcl.h"
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
-index eea7a7e..4376bed 100644
+index eea7a7ee41c3..4376bed83452 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -1,58 +1,10 @@
@@ -76116,7 +82619,7 @@
#include <stdio.h>
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
-index d4d916e..9b6b5a5 100644
+index d4d916ed9992..9b6b5a5147ab 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -1,59 +1,10 @@
@@ -76185,7 +82688,7 @@
#include <stdio.h>
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
-index afe59c4..0d0447b 100644
+index afe59c4e9c2f..0d0447bd2b07 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -1,58 +1,10 @@
@@ -76262,7 +82765,7 @@
if (BIO_write(bp, (char *)bs->data, bs->length)
!= bs->length)
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
-index 996a755..5fbe767 100644
+index 996a755ae3de..5fbe76768ee2 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -1,58 +1,10 @@
@@ -76331,7 +82834,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
-index fb04cdc..3708d43 100644
+index fb04cdcf68d0..1fda58e90f90 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -1,58 +1,10 @@
@@ -76399,7 +82902,7 @@
*/
#include <stdio.h>
-@@ -288,7 +240,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+@@ -288,13 +240,13 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
return (0);
ASN1_OBJECT_free(attr->object);
attr->object = OBJ_dup(obj);
@@ -76408,14 +82911,52 @@
}
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+ const void *data, int len)
+ {
+- ASN1_TYPE *ttmp;
++ ASN1_TYPE *ttmp = NULL;
+ ASN1_STRING *stmp = NULL;
+ int atype = 0;
+ if (!attr)
+@@ -319,20 +271,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+ * least one value but some types use and zero length SET and require
+ * this.
+ */
+- if (attrtype == 0)
++ if (attrtype == 0) {
++ ASN1_STRING_free(stmp);
+ return 1;
++ }
+ if ((ttmp = ASN1_TYPE_new()) == NULL)
+ goto err;
+ if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
+ if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ goto err;
+- } else
++ } else {
+ ASN1_TYPE_set(ttmp, atype, stmp);
++ stmp = NULL;
++ }
+ if (!sk_ASN1_TYPE_push(attr->set, ttmp))
+ goto err;
+ return 1;
+ err:
+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
++ ASN1_TYPE_free(ttmp);
++ ASN1_STRING_free(stmp);
+ return 0;
+ }
+
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
-index d3b2c19..63cef40 100644
+index d3b2c199b973..63cef40e4089 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -76463,9 +83004,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -76492,7 +83031,7 @@
a->cert_info.enc.len);
}
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
-index d833733..cb03dbf 100644
+index d8337337eaa3..cb03dbfa6c8b 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -1,58 +1,10 @@
@@ -76561,7 +83100,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
-index 0633cae..d11358e 100644
+index 0633caea7992..d11358e34fe2 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -1,58 +1,10 @@
@@ -76630,7 +83169,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
-index d140d52..dbebbaa 100644
+index d140d5230d76..dbebbaa479ff 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,61 +1,11 @@
@@ -76736,7 +83275,7 @@
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
"no cert set for us to verify"},
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
-index 9691d2d..b01ad12 100644
+index 9691d2dce35a..b01ad127b644 100644
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -1,58 +1,10 @@
@@ -76805,7 +83344,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
-index db98a10..340bb60 100644
+index db98a105aa93..340bb60b9841 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -1,59 +1,10 @@
@@ -76874,7 +83413,7 @@
/*
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
-index b822966..ea7f471 100644
+index b82296620309..0b5b5b9ed76c 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -1,58 +1,10 @@
@@ -77056,7 +83595,8 @@
+ return 1;
}
- X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
+-X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
{
+ if (a == NULL || a->type != X509_LU_X509)
+ return NULL;
@@ -77076,7 +83616,7 @@
}
-void X509_OBJECT_free_contents(X509_OBJECT *a)
-+int X509_OBJECT_get_type(X509_OBJECT *a)
++int X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+ return a->type;
+}
@@ -77280,7 +83820,7 @@
{
return ctx->ctx;
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
-index 8b4d436..ccec20d 100644
+index 8b4d4362ba09..ccec20d66085 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -1,58 +1,10 @@
@@ -77424,7 +83964,7 @@
return (NULL);
}
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
-index d082636..3d72787 100644
+index d082636de411..3d72787d3164 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -1,58 +1,10 @@
@@ -77493,13 +84033,15 @@
#include <stdio.h>
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
-index 2b2cbce..3574322 100644
+index 2b2cbcee1737..35743225a8f9 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -77547,9 +84089,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -77562,7 +84102,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
-index 360ead8..6addfbe 100644
+index 360ead87d3ff..6addfbe72e2e 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -1,58 +1,10 @@
@@ -77650,7 +84190,7 @@
long X509_get_version(X509 *x)
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
-index 4c5281a..db0024f 100644
+index 4c5281a718c3..d736418cbe64 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -1,59 +1,10 @@
@@ -77718,8 +84258,40 @@
*/
#include <stdio.h>
+@@ -197,7 +148,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+ /* dup supplied name */
+ if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ /* Keep the dynamic flag of existing entry */
+ trtmp->flags &= X509_TRUST_DYNAMIC;
+@@ -214,14 +165,20 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+ if (trtable == NULL
+ && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;;
+ }
+ if (!sk_X509_TRUST_push(trtable, trtmp)) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ }
+ return 1;
++ err:
++ if (idx == -1) {
++ OPENSSL_free(trtmp->name);
++ OPENSSL_free(trtmp);
++ }
++ return 0;
+ }
+
+ static void trtable_free(X509_TRUST *p)
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
-index 8a9a7f0..ae54de1 100644
+index 8a9a7f04449a..ae54de1c3107 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -1,58 +1,10 @@
@@ -77801,7 +84373,7 @@
default:
/* Printing an error number into a static buffer is not thread-safe */
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
-index f3fe305..ce69d19 100644
+index f3fe30575733..ce69d19d0faa 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -1,58 +1,10 @@
@@ -77879,13 +84451,15 @@
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index efa6bca..a5e7789 100644
+index efa6bcaa67a4..a5e77896f8fb 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -77933,9 +84507,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -77979,23 +84551,24 @@
!verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
return 0;
-+ if (DANETLS_ENABLED(dane))
+- /*
+- * If dane->trecs is an empty stack, we'll fail, since the user enabled
+- * DANE. If none of the TLSA records were usable, and it makes sense to
+- * keep going with an unauthenticated handshake, they can handle that in
+- * the verify callback, or not set SSL_VERIFY_PEER.
+- */
+ if (DANETLS_ENABLED(dane))
+- return dane_verify(ctx);
+- return verify_chain(ctx);
+ ret = dane_verify(ctx);
+ else
+ ret = verify_chain(ctx);
+
- /*
-- * If dane->trecs is an empty stack, we'll fail, since the user enabled
-- * DANE. If none of the TLSA records were usable, and it makes sense to
-- * keep going with an unauthenticated handshake, they can handle that in
-- * the verify callback, or not set SSL_VERIFY_PEER.
++ /*
+ * Safety-net. If we are returning an error, we must also set ctx->error,
+ * so that the chain is not considered verified should the error be ignored
+ * (e.g. TLS with SSL_VERIFY_NONE).
- */
-- if (DANETLS_ENABLED(dane))
-- return dane_verify(ctx);
-- return verify_chain(ctx);
++ */
+ if (ret <= 0 && ctx->error == X509_V_OK)
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+ return ret;
@@ -78173,7 +84746,7 @@
continue;
}
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
-index 4a0bed0..f7ecdec 100644
+index 4a0bed021c46..05c785217aa7 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -1,59 +1,10 @@
@@ -78241,8 +84814,42 @@
*/
#include <stdio.h>
+@@ -64,6 +15,7 @@
+ #include <openssl/buffer.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
++#include "internal/x509_int.h"
+
+ #include "x509_lcl.h"
+
+@@ -308,12 +260,11 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+ {
+ void *tmp;
+ if (src) {
+- if (srclen == 0) {
+- tmp = OPENSSL_strdup(src);
++ if (srclen == 0)
+ srclen = strlen(src);
+- } else
+- tmp = OPENSSL_memdup(src, srclen);
+- if (!tmp)
++
++ tmp = OPENSSL_memdup(src, srclen);
++ if (tmp == NULL)
+ return 0;
+ } else {
+ tmp = NULL;
+@@ -321,7 +272,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+ }
+ OPENSSL_free(*pdest);
+ *pdest = tmp;
+- if (pdestlen)
++ if (pdestlen != NULL)
+ *pdestlen = srclen;
+ return 1;
+ }
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
-index ab5f192..43ff668 100644
+index ab5f192a15d7..43ff668b719f 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -1,59 +1,10 @@
@@ -78330,13 +84937,15 @@
long X509_CRL_get_version(X509_CRL *crl)
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
-index 2a5e1ce..6cd22b4 100644
+index 2a5e1ce064e8..6cd22b4aa799 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -78384,9 +84993,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -78399,7 +85006,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
-index e8afcac..6dee297 100644
+index e8afcacd4a1a..6dee297a1913 100644
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -1,58 +1,10 @@
@@ -78468,7 +85075,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
-index 6efcb96..b142485 100644
+index 6efcb96a7b76..b142485dbbd2 100644
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@@ -1,59 +1,10 @@
@@ -78537,7 +85144,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
-index 870b47f..9acab04 100644
+index 870b47f8515d..9acab0440194 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -1,58 +1,10 @@
@@ -78606,7 +85213,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
-index 0f28c58..d9f42ed 100644
+index 0f28c58f2b19..d9f42edaab14 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -1,58 +1,10 @@
@@ -78675,7 +85282,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
-index 7ee99ca..35f4aee 100644
+index 7ee99cafcf82..35f4aeef2a9d 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -1,58 +1,10 @@
@@ -78744,13 +85351,15 @@
#include <stdio.h>
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
-index 0be8405..f4bcea5 100644
+index 0be84057ab8e..f4bcea56d1ee 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -78798,9 +85407,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -78813,7 +85420,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c
-index 3b4dd86..f10f4a4 100644
+index 3b4dd861656c..f10f4a4d8769 100644
--- a/crypto/x509/x_exten.c
+++ b/crypto/x509/x_exten.c
@@ -1,59 +1,10 @@
@@ -78882,13 +85489,15 @@
#include <stddef.h>
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
-index 5e6abeb..f0b35fb 100644
+index 5e6abebbea67..f0b35fb4fadc 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -78936,9 +85545,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -78995,13 +85602,15 @@
p = OPENSSL_malloc(a->canon_enclen);
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
-index 485d768..cc69283 100644
+index 485d768dc45e..cc692834d1fa 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -79049,9 +85658,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -79064,7 +85671,7 @@
#include <stdio.h>
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
-index 2fdf015..c2da95a 100644
+index 2fdf0150038f..c2da95a73ecf 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -1,58 +1,10 @@
@@ -79133,13 +85740,15 @@
#include <stdio.h>
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
-index 3463955..9445430 100644
+index 34639555baae..9445430b47a2 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -79187,9 +85796,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -79288,7 +85895,7 @@
}
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
-index a274ec9..2efa214 100644
+index a274ec98d9f4..2efa214cb200 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -1,59 +1,10 @@
@@ -79358,7 +85965,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/Makefile.in b/crypto/x509v3/Makefile.in
deleted file mode 100644
-index 5598ddb..0000000
+index 5598ddbeafe9..000000000000
--- a/crypto/x509v3/Makefile.in
+++ /dev/null
@@ -1,53 +0,0 @@
@@ -79416,7 +86023,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
-index 4e213f3..332cb87 100644
+index 4e213f3884eb..332cb874742d 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -1,59 +1,10 @@
@@ -79485,7 +86092,7 @@
int name_cmp(const char *name, const char *cmp);
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
-index bdce5a8..e254142 100644
+index bdce5a83bbd5..a9ee30a8d913 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -1,59 +1,10 @@
@@ -79553,8 +86160,18 @@
*/
#include "internal/cryptlib.h"
+@@ -127,6 +78,9 @@ static int policy_cache_new(X509 *x)
+ CERTIFICATEPOLICIES *ext_cpols = NULL;
+ POLICY_MAPPINGS *ext_pmaps = NULL;
+ int i;
++
++ if (x->policy_cache != NULL)
++ return 1;
+ cache = OPENSSL_malloc(sizeof(*cache));
+ if (cache == NULL)
+ return 0;
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
-index 03631d7..6cc74de 100644
+index 03631d7a1035..6cc74deb4675 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -1,59 +1,10 @@
@@ -79623,7 +86240,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h
-index 809dc5e..5daf78d 100644
+index 809dc5e43692..5daf78de4585 100644
--- a/crypto/x509v3/pcy_int.h
+++ b/crypto/x509v3/pcy_int.h
@@ -1,59 +1,10 @@
@@ -79701,7 +86318,7 @@
STACK_OF(X509_POLICY_NODE) *user_policies;
unsigned int flags;
diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c
-index f3ec70d..67f7eaf 100644
+index f3ec70db8a54..67f7eafc6e8d 100644
--- a/crypto/x509v3/pcy_lib.c
+++ b/crypto/x509v3/pcy_lib.c
@@ -1,59 +1,10 @@
@@ -79770,7 +86387,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
-index 415e5dd..ab9dd21 100644
+index 415e5ddf25fb..ab9dd21b7d93 100644
--- a/crypto/x509v3/pcy_map.c
+++ b/crypto/x509v3/pcy_map.c
@@ -1,59 +1,10 @@
@@ -79839,7 +86456,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
-index 581c246..80443bf 100644
+index 581c246b7480..80443bff913e 100644
--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
@@ -1,59 +1,10 @@
@@ -79908,7 +86525,7 @@
#include <openssl/asn1.h>
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
-index b3995d6..8c13c53 100644
+index b3995d64e524..8c13c53fc7fd 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -1,59 +1,10 @@
@@ -79977,7 +86594,7 @@
#include "internal/cryptlib.h"
diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c
-index 4a3d103..a33a63a 100644
+index 4a3d1033e607..a33a63a79584 100644
--- a/crypto/x509v3/tabtest.c
+++ b/crypto/x509v3/tabtest.c
@@ -1,59 +1,10 @@
@@ -80046,7 +86663,7 @@
/*
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
-index 49d0d4d..be8ca5d 100644
+index 49d0d4d3929c..be8ca5dcbb5a 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -1,58 +1,10 @@
@@ -80056,7 +86673,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -80078,8 +86696,7 @@
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
@@ -80144,7 +86761,7 @@
goto done;
}
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
-index edf6396..a7d0b29 100644
+index edf63961c100..d9f770433cfb 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -1,59 +1,10 @@
@@ -80212,8 +86829,25 @@
*/
#include <stdio.h>
+@@ -192,12 +143,16 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+ }
+
+ akeyid->issuer = gens;
++ gen = NULL;
++ gens = NULL;
+ akeyid->serial = serial;
+ akeyid->keyid = ikeyid;
+
+ return akeyid;
+
+ err:
++ sk_GENERAL_NAME_free(gens);
++ GENERAL_NAME_free(gen);
+ X509_NAME_free(isname);
+ ASN1_INTEGER_free(serial);
+ ASN1_OCTET_STRING_free(ikeyid);
diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c
-index cc0c1ed..d6dd6bc 100644
+index cc0c1edf4017..d6dd6bcb9b96 100644
--- a/crypto/x509v3/v3_akeya.c
+++ b/crypto/x509v3/v3_akeya.c
@@ -1,59 +1,10 @@
@@ -80282,7 +86916,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
-index 4b143f9..05dfe36 100644
+index 4b143f95c83f..05dfe36a33c1 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -1,59 +1,10 @@
@@ -80351,7 +86985,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
-index 73cbbd1..af4fcf4 100644
+index 73cbbd1b93e9..af4fcf4cd5c1 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -1,58 +1,10 @@
@@ -80361,7 +86995,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -80406,8 +87041,7 @@
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
@@ -80419,7 +87053,7 @@
/*
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
-index 3c2f88a..3bbf155 100644
+index 3c2f88a62156..3bbf15550d32 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -1,59 +1,10 @@
@@ -80488,7 +87122,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
-index a0db610..4802116 100644
+index a0db610b29ea..4802116ba0d4 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -1,59 +1,10 @@
@@ -80557,7 +87191,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
-index c7d2682..b943877 100644
+index c7d268247da8..4e118c10ab56 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -1,60 +1,12 @@
@@ -80616,8 +87250,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -80627,8 +87262,228 @@
/* extension creation utilities */
#include <stdio.h>
+@@ -65,24 +17,24 @@
+ #include "internal/x509_int.h"
+ #include <openssl/x509v3.h>
+
+-static int v3_check_critical(char **value);
+-static int v3_check_generic(char **value);
++static int v3_check_critical(const char **value);
++static int v3_check_generic(const char **value);
+ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+- int crit, char *value);
+-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
++ int crit, const char *value);
++static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+ int crit, int type,
+ X509V3_CTX *ctx);
+-static char *conf_lhash_get_string(void *db, char *section, char *value);
+-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
++static char *conf_lhash_get_string(void *db, const char *section, const char *value);
++static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
+ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+ int ext_nid, int crit, void *ext_struc);
+-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
++static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+ long *ext_len);
+ /* CONF *conf: Config file */
+ /* char *name: Name */
+ /* char *value: Value */
+-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+- char *value)
++X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
++ const char *value)
+ {
+ int crit;
+ int ext_type;
+@@ -101,7 +53,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+ /* CONF *conf: Config file */
+ /* char *value: Value */
+ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+- char *value)
++ const char *value)
+ {
+ int crit;
+ int ext_type;
+@@ -115,7 +67,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ /* CONF *conf: Config file */
+ /* char *value: Value */
+ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+- int crit, char *value)
++ int crit, const char *value)
+ {
+ const X509V3_EXT_METHOD *method;
+ X509_EXTENSION *ext;
+@@ -136,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ nval = NCONF_get_section(conf, value + 1);
+ else
+ nval = X509V3_parse_list(value);
+- if (sk_CONF_VALUE_num(nval) <= 0) {
++ if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
+ X509V3err(X509V3_F_DO_EXT_NCONF,
+ X509V3_R_INVALID_EXTENSION_STRING);
+ ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
+ value);
++ if (*value != '@')
++ sk_CONF_VALUE_free(nval);
+ return NULL;
+ }
+ ext_struc = method->v2i(method, ctx, nval);
+@@ -232,9 +186,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+ }
+
+ /* Check the extension string for critical flag */
+-static int v3_check_critical(char **value)
++static int v3_check_critical(const char **value)
+ {
+- char *p = *value;
++ const char *p = *value;
+ if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+ return 0;
+ p += 9;
+@@ -245,10 +199,10 @@ static int v3_check_critical(char **value)
+ }
+
+ /* Check extension string for generic extension and return the type */
+-static int v3_check_generic(char **value)
++static int v3_check_generic(const char **value)
+ {
+ int gen_type = 0;
+- char *p = *value;
++ const char *p = *value;
+ if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
+ p += 4;
+ gen_type = 1;
+@@ -265,7 +219,7 @@ static int v3_check_generic(char **value)
+ }
+
+ /* Create a generic extension: for now just handle DER type */
+-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
++static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+ int crit, int gen_type,
+ X509V3_CTX *ctx)
+ {
+@@ -313,7 +267,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+
+ }
+
+-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
++static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+ long *ext_len)
+ {
+ ASN1_TYPE *typ;
+@@ -343,7 +297,7 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
+ * file section to an extension STACK.
+ */
+
+-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+ STACK_OF(X509_EXTENSION) **sk)
+ {
+ X509_EXTENSION *ext;
+@@ -370,7 +324,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+ * Convenience functions to add extensions to a certificate, CRL and request
+ */
+
+-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert)
+ {
+ STACK_OF(X509_EXTENSION) **sk = NULL;
+@@ -381,7 +335,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+
+ /* Same as above but for a CRL */
+
+-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_CRL *crl)
+ {
+ STACK_OF(X509_EXTENSION) **sk = NULL;
+@@ -392,7 +346,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+
+ /* Add extensions to certificate request */
+
+-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_REQ *req)
+ {
+ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+@@ -448,12 +402,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+ ctx->db_meth->free_section(ctx->db, section);
+ }
+
+-static char *nconf_get_string(void *db, char *section, char *value)
++static char *nconf_get_string(void *db, const char *section, const char *value)
+ {
+ return NCONF_get_string(db, section, value);
+ }
+
+-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
++static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
+ {
+ return NCONF_get_section(db, section);
+ }
+@@ -484,7 +438,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+ /* Old conf compatibility functions */
+
+ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *name, char *value)
++ const char *name, const char *value)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+@@ -494,19 +448,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+ /* LHASH *conf: Config file */
+ /* char *value: Value */
+ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+- X509V3_CTX *ctx, int ext_nid, char *value)
++ X509V3_CTX *ctx, int ext_nid, const char *value)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+ }
+
+-static char *conf_lhash_get_string(void *db, char *section, char *value)
++static char *conf_lhash_get_string(void *db, const char *section, const char *value)
+ {
+ return CONF_get_string(db, section, value);
+ }
+
+-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
++static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
+ {
+ return CONF_get_section(db, section);
+ }
+@@ -525,7 +479,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
+ }
+
+ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *section, X509 *cert)
++ const char *section, X509 *cert)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+@@ -535,7 +489,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+ /* Same as above but for a CRL */
+
+ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *section, X509_CRL *crl)
++ const char *section, X509_CRL *crl)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+@@ -545,7 +499,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+ /* Add extensions to certificate request */
+
+ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *section, X509_REQ *req)
++ const char *section, X509_REQ *req)
+ {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
-index b4dd3ad..fe722b1 100644
+index b4dd3ad9feb1..81d0d996a93c 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -1,59 +1,10 @@
@@ -80704,8 +87559,16 @@
goto err;
}
pol->policyid = pobj;
+@@ -343,6 +295,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+ if (!nos || !sk_CONF_VALUE_num(nos)) {
+ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
+ X509V3_conf_err(cnf);
++ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+ goto err;
+ }
+ ret = nref_nos(nref->noticenos, nos);
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
-index d9442a2..221eedf 100644
+index d9442a2a526c..c4c77f185109 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -1,59 +1,10 @@
@@ -80773,8 +87636,22 @@
*/
#include <stdio.h>
+@@ -199,10 +150,10 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value)
+ const char *bnam;
+ int i, ret = 0;
+ rsk = X509V3_parse_list(value);
+- if (!rsk)
+- return 0;
+- if (*preas)
++ if (rsk == NULL)
+ return 0;
++ if (*preas != NULL)
++ goto err;
+ for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
+ bnam = sk_CONF_VALUE_value(rsk, i)->name;
+ if (*preas == NULL) {
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
-index 26ef657..03daef9 100644
+index 26ef657fe6c6..03daef9947e8 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -1,59 +1,10 @@
@@ -80843,7 +87720,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
-index 354b828..bae755e 100644
+index 354b828470d3..bae755e3f2c9 100644
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -1,59 +1,10 @@
@@ -80912,7 +87789,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
-index d225d0d..8d11997 100644
+index d225d0d5a480..8d1199748c86 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -1,59 +1,10 @@
@@ -80981,7 +87858,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
-index 073a2bb..e509fba 100644
+index 073a2bbc6e5b..5e230df7d00b 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -1,59 +1,10 @@
@@ -81049,8 +87926,30 @@
*/
#include <stdio.h>
+@@ -90,7 +41,7 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
+ }
+
+ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+- X509V3_CTX *ctx, char *str)
++ X509V3_CTX *ctx, const char *str)
+ {
+ ASN1_IA5STRING *ia5;
+ if (!str) {
+@@ -100,10 +51,9 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+ }
+ if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+ goto err;
+- if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str,
+- strlen(str))) {
++ if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+ ASN1_IA5STRING_free(ia5);
+- goto err;
++ return NULL;
+ }
+ #ifdef CHARSET_EBCDIC
+ ebcdic2ascii(ia5->data, ia5->data, ia5->length);
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
-index 16e25fa..bec8c42 100644
+index 16e25fa1028a..bec8c425b053 100644
--- a/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
@@ -1,59 +1,10 @@
@@ -81119,7 +88018,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
-index fc4dd92..a644c33 100644
+index fc4dd927f04c..a644c3362380 100644
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -1,59 +1,10 @@
@@ -81188,7 +88087,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
-index a82050f..20b7d96 100644
+index a82050f3c24d..20b7d96e355c 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -1,60 +1,12 @@
@@ -81247,8 +88146,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -81259,7 +88159,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
-index 31e37a0..e6775eb 100644
+index 31e37a0fe86b..e6775ebaf912 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -1,59 +1,10 @@
@@ -81328,7 +88228,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
-index cadedef..2c05edb 100644
+index cadedef62969..2c05edb828fc 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -1,7 +1,12 @@
@@ -81347,7 +88247,7 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c
-index 99bf325..e6f7a91 100644
+index 99bf32504019..e6f7a91794a5 100644
--- a/crypto/x509v3/v3_pcia.c
+++ b/crypto/x509v3/v3_pcia.c
@@ -1,7 +1,12 @@
@@ -81366,7 +88266,7 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
-index 89960ca..24f7ff4 100644
+index 89960cafe15f..24f7ff49e57c 100644
--- a/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
@@ -1,59 +1,10 @@
@@ -81435,7 +88335,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
-index 9f0c5da..ed82bca 100644
+index 9f0c5da7425b..ed82bca8ba52 100644
--- a/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
@@ -1,59 +1,10 @@
@@ -81504,7 +88404,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
-index 1e7324b..959b678 100644
+index 1e7324bb847b..73f4ec246701 100644
--- a/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
@@ -1,59 +1,10 @@
@@ -81572,8 +88472,61 @@
*/
#include <stdio.h>
+@@ -113,9 +64,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+ {
+- POLICY_MAPPINGS *pmaps;
+- POLICY_MAPPING *pmap;
+- ASN1_OBJECT *obj1, *obj2;
++ POLICY_MAPPINGS *pmaps = NULL;
++ POLICY_MAPPING *pmap = NULL;
++ ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
+ CONF_VALUE *val;
+ int i;
+
+@@ -127,30 +78,33 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ if (!val->value || !val->name) {
+- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+- return NULL;
++ goto err;
+ }
+ obj1 = OBJ_txt2obj(val->name, 0);
+ obj2 = OBJ_txt2obj(val->value, 0);
+ if (!obj1 || !obj2) {
+- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+- return NULL;
++ goto err;
+ }
+ pmap = POLICY_MAPPING_new();
+ if (pmap == NULL) {
+- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+- return NULL;
++ goto err;
+ }
+ pmap->issuerDomainPolicy = obj1;
+ pmap->subjectDomainPolicy = obj2;
++ obj1 = obj2 = NULL;
+ sk_POLICY_MAPPING_push(pmaps, pmap);
+ }
+ return pmaps;
++ err:
++ ASN1_OBJECT_free(obj1);
++ ASN1_OBJECT_free(obj2);
++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
++ return NULL;
+ }
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
-index 457bd95..8666636 100644
+index 457bd95bf71e..86666363a106 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -1,60 +1,12 @@
@@ -81632,8 +88585,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -81644,7 +88598,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
-index ae82fd1..b757d8e 100644
+index ae82fd181cd0..92a8b1d86a79 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -1,59 +1,10 @@
@@ -81712,8 +88666,54 @@
*/
#include <stdio.h>
+@@ -229,7 +180,7 @@ int X509_PURPOSE_add(int id, int trust, int flags,
+ ptmp->sname = OPENSSL_strdup(sname);
+ if (!ptmp->name || !ptmp->sname) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ /* Keep the dynamic flag of existing entry */
+ ptmp->flags &= X509_PURPOSE_DYNAMIC;
+@@ -246,14 +197,21 @@ int X509_PURPOSE_add(int id, int trust, int flags,
+ if (xptable == NULL
+ && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+- return 0;
++ goto err;
+ }
+ }
+ return 1;
++ err:
++ if (idx == -1) {
++ OPENSSL_free(ptmp->name);
++ OPENSSL_free(ptmp->sname);
++ OPENSSL_free(ptmp);
++ }
++ return 0;
+ }
+
+ static void xptable_free(X509_PURPOSE *p)
+@@ -880,3 +838,12 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+ X509_check_purpose(x, -1, -1);
+ return x->skid;
+ }
++
++long X509_get_pathlen(X509 *x)
++{
++ /* Called for side effect of caching extensions */
++ if (X509_check_purpose(x, -1, -1) != 1
++ || (x->ex_flags & EXFLAG_BCONS) == 0)
++ return -1;
++ return x->ex_pathlen;
++}
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
-index e633cd8..4838b9b 100644
+index e633cd821767..4838b9b3fee2 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -1,59 +1,10 @@
@@ -81782,7 +88782,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
-index 0f8ac5e..5338466 100644
+index 0f8ac5e72e37..5338466b88a5 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -1,59 +1,10 @@
@@ -81851,7 +88851,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c
-index 286db1d..fec6724 100644
+index 286db1d1f95b..fec67243f8d3 100644
--- a/crypto/x509v3/v3_tlsf.c
+++ b/crypto/x509v3/v3_tlsf.c
@@ -1,58 +1,10 @@
@@ -81928,7 +88928,7 @@
if (j < OSSL_NELEM(tls_feature_tbl))
tlsextid = tls_feature_tbl[j].num;
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
-index ae9645d..6fb672f 100644
+index ae9645d6873a..ad83de00acef 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1,60 +1,12 @@
@@ -81987,8 +88987,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -81998,6 +88999,15 @@
/* X509 v3 extension utilities */
#include <stdio.h>
+@@ -170,7 +122,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+ return strtmp;
+ }
+
+-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
++ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
+ {
+ BIGNUM *bn = NULL;
+ ASN1_INTEGER *aint;
@@ -1177,19 +1129,17 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
{
unsigned char c;
@@ -82024,7 +89034,7 @@
out[0] = num >> 8;
out[1] = num & 0xff;
diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
-index 95a24a5..966ab90 100644
+index 95a24a590490..966ab90bc412 100644
--- a/crypto/x509v3/v3conf.c
+++ b/crypto/x509v3/v3conf.c
@@ -1,59 +1,10 @@
@@ -82093,7 +89103,7 @@
#include <stdio.h>
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
-index e399b29..1f838bc 100644
+index e399b294b8f1..1f838bc018d1 100644
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -1,61 +1,11 @@
@@ -82226,7 +89236,7 @@
"policy when proxy language requires no policy"},
{ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
-index 2c8902e..7431a4e 100644
+index 2c8902ee155d..7431a4ea61e3 100644
--- a/crypto/x509v3/v3prin.c
+++ b/crypto/x509v3/v3prin.c
@@ -1,59 +1,10 @@
@@ -82295,7 +89305,7 @@
#include <stdio.h>
diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl
-index db5aa4a..4946688 100644
+index db5aa4aa361d..285ad1ba7dba 100644
--- a/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
@@ -1,4 +1,11 @@
@@ -82311,7 +89321,16 @@
$flavour = shift;
$output = shift;
-@@ -217,6 +224,28 @@ OPENSSL_cleanse:
+@@ -11,7 +18,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
+@@ -217,6 +224,28 @@ print<<___;
jne .Little
ret
.size OPENSSL_cleanse,.-OPENSSL_cleanse
@@ -82341,7 +89360,7 @@
print<<___ if (!$win64);
diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index 48c4cf2..99ffa1d 100644
+index 48c4cf204b73..99ffa1d2fbbd 100644
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -1,4 +1,10 @@
@@ -82390,7 +89409,7 @@
my $lastdiff = "ebx";
diff --git a/demos/bio/Makefile.in b/demos/bio/Makefile.in
deleted file mode 100644
-index 04c5dc7..0000000
+index 04c5dc7e4e35..000000000000
--- a/demos/bio/Makefile.in
+++ /dev/null
@@ -1,23 +0,0 @@
@@ -82418,7 +89437,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c
-index 630b166..9e136e5 100644
+index 630b16677959..9e136e563d0b 100644
--- a/demos/bio/client-arg.c
+++ b/demos/bio/client-arg.c
@@ -1,3 +1,12 @@
@@ -82435,7 +89454,7 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c
-index 4e4d4bc..66b5cac 100644
+index 4e4d4bc8df24..66b5cac47ce5 100644
--- a/demos/bio/client-conf.c
+++ b/demos/bio/client-conf.c
@@ -1,3 +1,12 @@
@@ -82452,7 +89471,7 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
-index 240132c..106a089 100644
+index 240132cef911..106a089dafa7 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -1,3 +1,12 @@
@@ -82469,7 +89488,7 @@
* A minimal program to serve an SSL connection.
* It uses blocking.
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
-index 16dba40..284bc30 100644
+index 16dba40ff573..284bc3094426 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -1,3 +1,12 @@
@@ -82486,7 +89505,7 @@
* A minimal program to do SSL to a passed host and port.
* It is actually using non-blocking IO but in a very simple manner
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
-index b2a43a9..4e9b7bd 100644
+index b2a43a93876b..4e9b7bdcb08d 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -1,4 +1,13 @@
@@ -82504,7 +89523,7 @@
* SSL_CONF API with the command line. cc -I../../include server-arg.c
* -L../.. -lssl -lcrypto -ldl
diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c
-index 51291da..77b456a 100644
+index 51291da4b885..77b456a459ea 100644
--- a/demos/bio/server-cmod.c
+++ b/demos/bio/server-cmod.c
@@ -1,4 +1,13 @@
@@ -82522,7 +89541,7 @@
* set most server parameters.
*/
diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c
-index db624ba..32abefd 100644
+index db624ba1fbaa..32abefdf1d2c 100644
--- a/demos/bio/server-conf.c
+++ b/demos/bio/server-conf.c
@@ -1,4 +1,13 @@
@@ -82540,7 +89559,7 @@
* the SSL_CONF API with a configuration file. cc -I../../include saccept.c
* -L../.. -lssl -lcrypto -ldl
diff --git a/demos/cms/cms_comp.c b/demos/cms/cms_comp.c
-index f902d20..0d548f9 100644
+index f902d20e6d1a..0d548f93ca8c 100644
--- a/demos/cms/cms_comp.c
+++ b/demos/cms/cms_comp.c
@@ -1,3 +1,12 @@
@@ -82557,7 +89576,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c
-index 3b23e8d..8f2e9ae 100644
+index 3b23e8d30b5c..8f2e9aecb21f 100644
--- a/demos/cms/cms_ddec.c
+++ b/demos/cms/cms_ddec.c
@@ -1,4 +1,13 @@
@@ -82575,7 +89594,7 @@
* arise this is an example....
*/
diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
-index 22181c2..4f9428b 100644
+index 22181c25ffd9..4f9428b4e71a 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -1,3 +1,12 @@
@@ -82592,7 +89611,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c
-index 8aa82aa..adba69b 100644
+index 8aa82aa808d0..adba69b96dbd 100644
--- a/demos/cms/cms_denc.c
+++ b/demos/cms/cms_denc.c
@@ -1,4 +1,13 @@
@@ -82610,7 +89629,7 @@
* arise this is an example....
*/
diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
-index f4ba542..4d17d72 100644
+index f4ba5428eeed..4d17d720c63b 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -1,3 +1,12 @@
@@ -82627,7 +89646,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c
-index 8b5a64d..15bd5b8 100644
+index 8b5a64d95715..15bd5b8dd950 100644
--- a/demos/cms/cms_sign.c
+++ b/demos/cms/cms_sign.c
@@ -1,3 +1,12 @@
@@ -82644,7 +89663,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
-index 9fdd035..14ebf27 100644
+index 9fdd0353bfc9..14ebf2777520 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -1,3 +1,12 @@
@@ -82661,7 +89680,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/cms/cms_uncomp.c b/demos/cms/cms_uncomp.c
-index 2c10b81..3e3b4c4 100644
+index 2c10b8120ea3..3e3b4c4c6e95 100644
--- a/demos/cms/cms_uncomp.c
+++ b/demos/cms/cms_uncomp.c
@@ -1,3 +1,12 @@
@@ -82678,7 +89697,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c
-index c6e83c0..43c10e2 100644
+index c6e83c054a42..43c10e2513c8 100644
--- a/demos/cms/cms_ver.c
+++ b/demos/cms/cms_ver.c
@@ -1,3 +1,12 @@
@@ -82695,7 +89714,7 @@
#include <openssl/pem.h>
#include <openssl/cms.h>
diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c
-index e0240e5..cc4d0b5 100644
+index e0240e58698c..cc4d0b5ee99a 100644
--- a/demos/evp/aesccm.c
+++ b/demos/evp/aesccm.c
@@ -1,4 +1,13 @@
@@ -82713,7 +89732,7 @@
* self test but uses the application level EVP APIs.
*/
diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c
-index 72028a0..17b0ef4 100644
+index 72028a04a063..17b0ef47484f 100644
--- a/demos/evp/aesgcm.c
+++ b/demos/evp/aesgcm.c
@@ -1,4 +1,13 @@
@@ -82731,7 +89750,7 @@
* self test but uses the application level EVP APIs.
*/
diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c
-index 3739814..3b87d7a 100644
+index 373981469d10..3b87d7a4ae23 100644
--- a/demos/pkcs12/pkread.c
+++ b/demos/pkcs12/pkread.c
@@ -1,3 +1,11 @@
@@ -82747,7 +89766,7 @@
#include <stdio.h>
#include <stdlib.h>
diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c
-index d04a22b..e14cf83 100644
+index d04a22b8eb39..e14cf8327d62 100644
--- a/demos/pkcs12/pkwrite.c
+++ b/demos/pkcs12/pkwrite.c
@@ -1,3 +1,11 @@
@@ -82763,7 +89782,7 @@
#include <stdio.h>
#include <stdlib.h>
diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c
-index f1a987a..c4d1b09 100644
+index f1a987a34e25..c4d1b090d972 100644
--- a/demos/smime/smdec.c
+++ b/demos/smime/smdec.c
@@ -1,3 +1,12 @@
@@ -82780,7 +89799,7 @@
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c
-index 79fe2d0..5d36e9a 100644
+index 79fe2d0e1073..5d36e9a49794 100644
--- a/demos/smime/smenc.c
+++ b/demos/smime/smenc.c
@@ -1,3 +1,12 @@
@@ -82797,7 +89816,7 @@
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c
-index 8505e71..ba0adb3 100644
+index 8505e7140b74..ba0adb3974be 100644
--- a/demos/smime/smsign.c
+++ b/demos/smime/smsign.c
@@ -1,3 +1,12 @@
@@ -82814,7 +89833,7 @@
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c
-index 415ecf3..2b7f45b 100644
+index 415ecf395f85..2b7f45b294a2 100644
--- a/demos/smime/smsign2.c
+++ b/demos/smime/smsign2.c
@@ -1,3 +1,12 @@
@@ -82831,7 +89850,7 @@
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
diff --git a/demos/smime/smver.c b/demos/smime/smver.c
-index 13ba18b..75411c4 100644
+index 13ba18b9b924..75411c40d015 100644
--- a/demos/smime/smver.c
+++ b/demos/smime/smver.c
@@ -1,3 +1,12 @@
@@ -82848,7 +89867,7 @@
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
-index 35a40aa..ed30d6a 100644
+index 35a40aae9d81..ed30d6a2d1b5 100644
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -1,4 +1,3 @@
@@ -82874,7 +89893,7 @@
Sign the request:
-@@ -169,7 +168,7 @@ be wrong. In this case the command:
+@@ -169,7 +168,7 @@ directly (for example Win32) and the default configuration file location may
perl -S CA.pl
@@ -82898,7 +89917,7 @@
+
=cut
diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod
-index fdaae40..6679108 100644
+index fdaae40d8b29..10a5aba51d8d 100644
--- a/doc/apps/asn1parse.pod
+++ b/doc/apps/asn1parse.pod
@@ -92,7 +92,7 @@ L<ASN1_generate_nconf(3)> format. If B<file> only is
@@ -82910,7 +89929,7 @@
=item B<-strictpem>
-@@ -104,24 +104,24 @@ END marker in a PEM file.
+@@ -104,28 +104,28 @@ END marker in a PEM file.
=back
@@ -82944,6 +89963,11 @@
.....
+-This example is part of a self signed certificate. Each line starts with the
++This example is part of a self-signed certificate. Each line starts with the
+ offset in decimal. B<d=XX> specifies the current depth. The depth is increased
+ within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
+ (tag and length octets) of the current type. B<l=XX> gives the length of
@@ -133,27 +133,27 @@ the contents octets.
The B<-i> option can be used to make the output more readable.
@@ -82991,7 +90015,7 @@
+
=cut
diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
-index cd7cad7..cd7eda3 100644
+index cd7cad742895..9bf123919092 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -1,4 +1,3 @@
@@ -82999,6 +90023,24 @@
=pod
=head1 NAME
+@@ -62,7 +61,7 @@ and their status.
+
+ The options descriptions will be divided into each purpose.
+
+-=head1 CA OPTIONS
++=head1 COMMAND OPTIONS
+
+ =over 4
+
+@@ -90,7 +89,7 @@ signed by the CA.
+
+ =item B<-ss_cert filename>
+
+-a single self signed certificate to be signed by the CA.
++a single self-signed certificate to be signed by the CA.
+
+ =item B<-spkac filename>
+
@@ -101,7 +100,7 @@ section for information on the required input and output format.
=item B<-infiles>
@@ -83053,7 +90095,7 @@
It is however possible to create SPKACs using the B<spkac> utility.
The file should contain the variable SPKAC set to the value of
-@@ -581,18 +580,18 @@ A sample configuration file with the relevant sections for B<ca>:
+@@ -581,18 +580,18 @@ Generate a CRL
[ ca ]
default_ca = CA_default # The default ca section
@@ -83076,7 +90118,7 @@
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
-@@ -600,9 +599,9 @@ A sample configuration file with the relevant sections for B<ca>:
+@@ -600,9 +599,9 @@ Generate a CRL
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
@@ -83098,6 +90140,20 @@
if corrupted it can be difficult to fix. It is theoretically possible
to rebuild the index file from all the issued certificates and a current
CRL: however there is no option to do this.
+@@ -644,11 +643,11 @@ CRL: however there is no option to do this.
+ V2 CRL features like delta CRLs are not currently supported.
+
+ Although several requests can be input and handled at once it is only
+-possible to include one SPKAC or self signed certificate.
++possible to include one SPKAC or self-signed certificate.
+
+ =head1 BUGS
+
+-The use of an in memory text database can cause problems when large
++The use of an in-memory text database can cause problems when large
+ numbers of certificates are present because, as the name implies
+ the database has to be kept in memory.
+
@@ -704,6 +703,15 @@ then even if a certificate is issued with CA:TRUE it will not be valid.
=head1 SEE ALSO
@@ -83116,9 +90172,18 @@
=cut
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
-index 9788fa3..a8a7c87 100644
+index 9788fa31f0e4..c39207765398 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-ciphers - SSL cipher display and cipher list tool.
++ciphers - SSL cipher display and cipher list tool
+
+ =head1 SYNOPSIS
+
@@ -17,6 +17,7 @@ B<openssl> B<ciphers>
[B<-tls1_2>]
[B<-s>]
@@ -83157,6 +90222,15 @@
=item B<-v>
Verbose output: For each ciphersuite, list details as provided by
+@@ -242,7 +246,7 @@ Cipher suites using authenticated ephemeral ECDH key agreement.
+
+ =item B<AECDH>
+
+-Anonymous Elliptic Curve Diffie Hellman cipher suites.
++Anonymous Elliptic Curve Diffie-Hellman cipher suites.
+
+ =item B<aDSS>, B<DSS>
+
@@ -390,7 +394,7 @@ relevant specification and their OpenSSL equivalents. It should be noted,
that several cipher suite names do not include the authentication used,
e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
@@ -83193,8 +90267,22 @@
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
-@@ -706,4 +710,13 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(3)>
+@@ -660,6 +664,13 @@ Note: these ciphers can also be used in SSL v3.
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
++=head2 Older names used by OpenSSL
++
++The following names are accepted by older releases:
++
++ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
++ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
++
+ =head1 NOTES
+
+ Some compiled versions of OpenSSL may not include all the ciphers
+@@ -706,4 +717,13 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(3)>
+
The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
+=head1 COPYRIGHT
@@ -83208,7 +90296,7 @@
+
=cut
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
-index 42c3514..4a2b604 100644
+index 42c351489cd4..4a2b604a8344 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -47,6 +47,7 @@ B<openssl> B<cms>
@@ -83359,7 +90447,7 @@
Verify a message and extract the signer's certificate if successful:
-@@ -622,15 +629,15 @@ Verify a message and extract the signer's certificate if successful:
+@@ -622,15 +629,15 @@ Create a signed message, include some additional certificates and
Send encrypted mail using triple DES:
openssl cms -encrypt -in in.txt -from steve at openssl.org \
@@ -83380,7 +90468,7 @@
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
-@@ -647,7 +654,7 @@ it with:
+@@ -647,7 +654,7 @@ signature by line wrapping the base64 encoded structure and surrounding
-----BEGIN PKCS7-----
-----END PKCS7-----
@@ -83389,7 +90477,7 @@
openssl cms -verify -inform PEM -in signature.pem -content content.txt
-@@ -666,17 +673,17 @@ Add a signer to an existing message:
+@@ -666,17 +673,17 @@ alternatively you can base64 decode the signature and use
Sign mail using RSA-PSS:
openssl cms -sign -in message.txt -text -out mail.msg \
@@ -83433,7 +90521,7 @@
+
=cut
diff --git a/doc/apps/config.pod b/doc/apps/config.pod
-index 665a1bb..a9cde89 100644
+index 665a1bbbb010..a9cde8952a7d 100644
--- a/doc/apps/config.pod
+++ b/doc/apps/config.pod
@@ -1,4 +1,3 @@
@@ -83476,7 +90564,7 @@
some_new_oid = 1.2.3.4
some_other_oid = 1.2.3.5
-@@ -111,7 +110,7 @@ by a comma and the numerical OID form. For example:
+@@ -111,7 +110,7 @@ It is also possible to set the value to the long name followed
shortName = some object long name, 1.2.3.4
@@ -83485,7 +90573,7 @@
This ENGINE configuration module has the name B<engines>. The value of this
variable points to a section containing further ENGINE configuration
-@@ -141,7 +140,7 @@ For example:
+@@ -141,7 +140,7 @@ currently supported commands are listed below.
[bar_section]
... "bar" ENGINE specific commands ...
@@ -83503,7 +90591,7 @@
argument to the ctrl command. If the value is the string B<EMPTY> then no
value is sent to the command.
-@@ -190,7 +189,7 @@ For example:
+@@ -190,7 +189,7 @@ value is sent to the command.
# Supply all default algorithms
default_algorithms = ALL
@@ -83512,7 +90600,7 @@
This modules has the name B<alg_section> which points to a section containing
algorithm commands.
-@@ -208,7 +207,7 @@ For example:
+@@ -208,7 +207,7 @@ not FIPS capable then an error occurs.
fips_mode = on
@@ -83554,7 +90642,7 @@
+
=cut
diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod
-index 2deecfe..0edff8d 100644
+index 2deecfec6619..0edff8d0f2ca 100644
--- a/doc/apps/crl.pod
+++ b/doc/apps/crl.pod
@@ -42,7 +42,7 @@ the DER form with header and footer lines.
@@ -83581,10 +90669,19 @@
+
=cut
diff --git a/doc/apps/crl2pkcs7.pod b/doc/apps/crl2pkcs7.pod
-index bc64412..a96699b 100644
+index bc6441267853..4056543cf639 100644
--- a/doc/apps/crl2pkcs7.pod
+++ b/doc/apps/crl2pkcs7.pod
-@@ -74,8 +74,8 @@ Create a PKCS#7 structure from a certificate and CRL:
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
++crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
+
+ =head1 SYNOPSIS
+
+@@ -74,8 +74,8 @@ included in the output file and a CRL is not read from the input file.
Creates a PKCS#7 structure in DER format with no CRL from several
different certificates:
@@ -83610,7 +90707,7 @@
+
=cut
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
-index fc256b2..f0f9844 100644
+index fc256b2d2986..3f1b02ca5154 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -156,7 +156,7 @@ a file or files containing random data used to seed the random number
@@ -83622,10 +90719,15 @@
=item B<-fips-fingerprint>
-@@ -228,4 +228,13 @@ prior to verification.
- The default digest was changed from MD5 to SHA256 in Openssl 1.1.
- The FIPS-related options were removed in OpenSSL 1.1
+@@ -225,7 +225,16 @@ prior to verification.
+ =head1 HISTORY
+
+-The default digest was changed from MD5 to SHA256 in Openssl 1.1.
+-The FIPS-related options were removed in OpenSSL 1.1
++The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
++The FIPS-related options were removed in OpenSSL 1.1.0
++
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -83634,10 +90736,10 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
-index 3557dee..63cc0d3 100644
+index 3557deed814d..addd88a54080 100644
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -44,7 +44,7 @@ additional header and footer lines.
@@ -83649,8 +90751,18 @@
B<-inform> option.
=item B<-in> I<filename>
-@@ -123,7 +123,7 @@ for all available algorithms.
+@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise.
+ =item B<-check>
+
+-check if the parameters are valid primes and generator.
++Performs numerous checks to see if the supplied parameters are valid and
++displays a warning if not.
+
+ =item B<-2>, B<-5>
+
+@@ -123,7 +124,7 @@ for all available algorithms.
+
The program B<dhparam> combines the functionality of the programs B<dh> and
B<gendh> in previous versions of OpenSSL. The B<dh> and B<gendh>
-programs are retained for now but may have different purposes in future
@@ -83658,7 +90770,7 @@
versions of OpenSSL.
=head1 NOTES
-@@ -146,4 +146,13 @@ There should be a way to generate and manipulate DH keys.
+@@ -146,4 +147,13 @@ There should be a way to generate and manipulate DH keys.
L<dsaparam(1)>
@@ -83673,7 +90785,7 @@
+
=cut
diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod
-index 2d370ec..caa0696 100644
+index 2d370ec5ed71..caa06966e502 100644
--- a/doc/apps/dsa.pod
+++ b/doc/apps/dsa.pod
@@ -59,7 +59,7 @@ PKCS#8 format is also accepted.
@@ -83685,7 +90797,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -149,7 +149,7 @@ To encrypt a private key using triple DES:
+@@ -149,7 +149,7 @@ for all available algorithms.
openssl dsa -in key.pem -des3 -out keyout.pem
@@ -83694,7 +90806,7 @@
openssl dsa -in key.pem -outform DER -out keyout.der
-@@ -166,4 +166,13 @@ To just output the public part of a private key:
+@@ -166,4 +166,13 @@ To convert a private key from PEM to DER format:
L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
L<genrsa(1)>
@@ -83709,7 +90821,7 @@
+
=cut
diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod
-index f8eff94..08ad47f 100644
+index f8eff94a063e..08ad47faa65c 100644
--- a/doc/apps/dsaparam.pod
+++ b/doc/apps/dsaparam.pod
@@ -41,7 +41,7 @@ of the B<DER> format base64 encoded with additional header and footer lines.
@@ -83736,7 +90848,7 @@
+
=cut
diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod
-index befb93c..10c5e85 100644
+index befb93c6ec09..10c5e859aac9 100644
--- a/doc/apps/ec.pod
+++ b/doc/apps/ec.pod
@@ -31,7 +31,7 @@ B<openssl> B<ec>
@@ -83775,7 +90887,7 @@
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
is currently not implemented in OpenSSL.
-@@ -170,7 +170,7 @@ To encrypt a private key using triple DES:
+@@ -170,7 +170,7 @@ for all available algorithms.
openssl ec -in key.pem -des3 -out keyout.pem
@@ -83784,7 +90896,7 @@
openssl ec -in key.pem -outform DER -out keyout.der
-@@ -194,4 +194,13 @@ To change the point conversion form to B<compressed>:
+@@ -194,4 +194,13 @@ To convert a private key from PEM to DER format:
L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
@@ -83799,7 +90911,7 @@
+
=cut
diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod
-index c5500b2..e55322c 100644
+index c5500b21fdfd..e55322c9b5e7 100644
--- a/doc/apps/ecparam.pod
+++ b/doc/apps/ecparam.pod
@@ -41,12 +41,12 @@ Print out a usage message.
@@ -83826,7 +90938,7 @@
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
is currently not implemented in OpenSSL.
-@@ -141,7 +141,7 @@ PEM format EC parameters use the header and footer lines:
+@@ -141,7 +141,7 @@ for all available algorithms.
-----END EC PARAMETERS-----
OpenSSL is currently not able to generate new groups and therefore
@@ -83835,7 +90947,7 @@
=head1 EXAMPLES
-@@ -173,4 +173,13 @@ To print out the EC parameters to standard output:
+@@ -173,4 +173,13 @@ B<ecparam> can only create EC parameters from known (named) curves.
L<ec(1)>, L<dsaparam(1)>
@@ -83850,7 +90962,7 @@
+
=cut
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
-index 62e1383..d790992 100644
+index 62e1383277e5..d79099218949 100644
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -257,7 +257,7 @@ authentication tag.
@@ -83883,7 +90995,7 @@
=head1 EXAMPLES
-@@ -299,11 +299,11 @@ Just base64 encode a binary file:
+@@ -299,11 +299,11 @@ authentication tag.
Decode the same file
@@ -83912,7 +91024,7 @@
+
=cut
diff --git a/doc/apps/engine.pod b/doc/apps/engine.pod
-index 467d195..674ab56 100644
+index 467d1953ef43..674ab565d238 100644
--- a/doc/apps/engine.pod
+++ b/doc/apps/engine.pod
@@ -1,4 +1,3 @@
@@ -83937,7 +91049,7 @@
=item B<-post> I<command>
Command-line configuration of engines.
-@@ -92,4 +92,13 @@ To list the capabilities of the I<rsax> engine:
+@@ -92,4 +92,13 @@ See the example below.
[RSA]
(dynamic) Dynamic engine loading support
@@ -83952,10 +91064,10 @@
+
=cut
diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod
-index 7d1fee4..5c6ecd3 100644
+index 7d1fee47cbb2..5ec7b2e39507 100644
--- a/doc/apps/errstr.pod
+++ b/doc/apps/errstr.pod
-@@ -11,7 +11,7 @@ B<openssl errstr error_code>
+@@ -11,10 +11,14 @@ B<openssl errstr error_code>
=head1 DESCRIPTION
Sometimes an application will not load error message and only
@@ -83964,7 +91076,14 @@
display the meaning of the hex code. The hex code is the hex digits after the
second colon.
-@@ -22,7 +22,7 @@ The error code:
++=head1 COMMAND OPTIONS
++
++None.
++
+ =head1 EXAMPLE
+
+ The error code:
+@@ -22,7 +26,7 @@ second colon.
27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
can be displayed with:
@@ -83973,7 +91092,7 @@
openssl errstr 2006D080
to produce the error message:
-@@ -33,4 +33,13 @@ to produce the error message:
+@@ -33,4 +37,13 @@ second colon.
L<err(3)>
@@ -83988,7 +91107,7 @@
+
=cut
diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod
-index f4fef8d..4fd1714 100644
+index f4fef8d5a05a..4fd17147927a 100644
--- a/doc/apps/gendsa.pod
+++ b/doc/apps/gendsa.pod
@@ -79,4 +79,13 @@ much quicker that RSA key generation for example.
@@ -84006,10 +91125,27 @@
+
=cut
diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod
-index 1bb8c60..a916e76 100644
+index 1bb8c6036a6b..8a789463cd1a 100644
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
-@@ -213,12 +213,12 @@ Encrypt output private key using 128 bit AES and the passphrase "hello":
+@@ -73,14 +73,14 @@ implementation. See B<KEY GENERATION OPTIONS> below for more details.
+ =item B<-genparam>
+
+ generate a set of parameters instead of a private key. If used this option must
+-precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
++precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
+
+ =item B<-paramfile filename>
+
+ Some public key algorithms generate a private key based on a set of parameters.
+ They can be supplied using this option. If this option is used the public key
+ algorithm used is determined by the parameters. If used this option must
+-precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
++precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
+ are mutually exclusive.
+
+ =item B<-text>
+@@ -213,12 +213,12 @@ can be used.
Generate a 2048 bit RSA key using 3 as the public exponent:
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
@@ -84024,7 +91160,7 @@
Generate DSA key from parameters:
-@@ -227,7 +227,7 @@ Generate DSA key from parameters:
+@@ -227,7 +227,7 @@ can be used.
Generate 1024 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
@@ -84033,7 +91169,7 @@
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
-@@ -240,8 +240,8 @@ Generate DH key from parameters:
+@@ -240,8 +240,8 @@ can be used.
Generate EC parameters:
openssl genpkey -genparam -algorithm EC -out ecp.pem \
@@ -84044,7 +91180,7 @@
Generate EC key from parameters:
-@@ -250,13 +250,21 @@ Generate EC key from parameters:
+@@ -250,13 +250,21 @@ can be used.
Generate EC key directly:
openssl genpkey -algorithm EC -out eckey.pem \
@@ -84060,9 +91196,9 @@
-=cut
+=head1 COPYRIGHT
+
++Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -84070,7 +91206,7 @@
+
+=cut
diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod
-index 37ced0d..38e83f7 100644
+index 37ced0dee62e..38e83f726194 100644
--- a/doc/apps/genrsa.pod
+++ b/doc/apps/genrsa.pod
@@ -103,5 +103,13 @@ be much larger (typically 1024 bits).
@@ -84079,9 +91215,9 @@
-=cut
+=head1 COPYRIGHT
+
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -84089,9 +91225,18 @@
+
+=cut
diff --git a/doc/apps/nseq.pod b/doc/apps/nseq.pod
-index 198e7f4..6954965 100644
+index 198e7f49d30e..4765aecea843 100644
--- a/doc/apps/nseq.pod
+++ b/doc/apps/nseq.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-nseq - create or examine a netscape certificate sequence
++nseq - create or examine a Netscape certificate sequence
+
+ =head1 SYNOPSIS
+
@@ -72,4 +72,13 @@ It is used by Netscape certificate server for example.
This program needs a few more options: like allowing DER or PEM input and
output files and allowing multiple certificate files to be used.
@@ -84107,7 +91252,7 @@
+
=cut
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
-index c796fd5..50fb4fa 100644
+index c796fd5966d8..75273a9b2574 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -42,6 +42,7 @@ B<openssl> B<ocsp>
@@ -84118,8 +91263,22 @@
[B<-partial_chain>]
[B<-policy arg>]
[B<-policy_check>]
-@@ -195,7 +196,7 @@ Do not load the trusted CA certificates from the default directory location
+@@ -94,7 +95,12 @@ The B<ocsp> command performs many common OCSP tasks. It can be used
+ to print out requests and responses, create requests and send queries
+ to an OCSP responder and behave like a mini OCSP server itself.
+-=head1 OCSP CLIENT OPTIONS
++=head1 COMMAND OPTIONS
++
++This command operates as either a client or a server.
++The options are described below, divided into those two modes.
++
++=head2 OCSP Client Options
+
+ =over 4
+
+@@ -195,7 +201,7 @@ Do not load the trusted CA certificates from the default directory location
+
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
@@ -84127,7 +91286,7 @@
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -265,24 +266,25 @@ only be used for testing purposes.
+@@ -265,28 +271,29 @@ only be used for testing purposes.
=item B<-validity_period nsec>, B<-status_age age>
these options specify the range of times, in seconds, which will be tolerated
@@ -84137,11 +91296,6 @@
-responder and clients clocks may not be precisely synchronised and so such a check
-may fail. To avoid this the B<-validity_period> option can be used to specify an
-acceptable error range in seconds, the default value is 5 minutes.
--
--If the B<notAfter> time is omitted from a response then this means that new status
--information is immediately available. In this case the age of the B<notBefore> field
--is checked to see it is not older than B<age> seconds old. By default this additional
--check is not performed.
+in an OCSP response. Each certificate status response includes a B<notBefore>
+time and an optional B<notAfter> time. The current time should fall between
+these two values, but the interval between the two times may be only a few
@@ -84149,7 +91303,11 @@
+synchronised and so such a check may fail. To avoid this the
+B<-validity_period> option can be used to specify an acceptable error range in
+seconds, the default value is 5 minutes.
-+
+
+-If the B<notAfter> time is omitted from a response then this means that new status
+-information is immediately available. In this case the age of the B<notBefore> field
+-is checked to see it is not older than B<age> seconds old. By default this additional
+-check is not performed.
+If the B<notAfter> time is omitted from a response then this means that new
+status information is immediately available. In this case the age of the
+B<notBefore> field is checked to see it is not older than B<age> seconds old.
@@ -84168,8 +91326,13 @@
=back
-@@ -335,13 +337,13 @@ option.
+-=head1 OCSP SERVER OPTIONS
++=head2 OCSP Server Options
+ =over 4
+
+@@ -335,13 +342,13 @@ option.
+
=item B<-nrequest number>
-The OCSP server will exit after receiving B<number> requests, default unlimited.
@@ -84185,7 +91348,7 @@
=back
-@@ -411,7 +413,7 @@ Create an OCSP request and write it to a file:
+@@ -411,7 +418,7 @@ script using the B<reqin> and B<respout> options.
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
@@ -84194,7 +91357,7 @@
response to a file, print it out in text form, and verify the response:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
-@@ -425,7 +427,7 @@ OCSP server on port 8888 using a standard B<ca> configuration, and a separate
+@@ -425,7 +432,7 @@ OCSP server on port 8888 using a standard B<ca> configuration, and a separate
responder certificate. All requests and responses are printed to a file.
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
@@ -84203,7 +91366,7 @@
As above but exit after processing one request:
-@@ -447,4 +449,13 @@ to a second file.
+@@ -447,4 +454,13 @@ to a second file.
The -no_alt_chains options was first added to OpenSSL 1.1.0.
@@ -84218,7 +91381,7 @@
+
=cut
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
-index 717550d..b63754b 100644
+index 717550d9cf8d..8299d2a26a10 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -1,4 +1,3 @@
@@ -84253,7 +91416,31 @@
=over 10
-@@ -416,4 +415,13 @@ The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
+@@ -351,7 +350,22 @@ RC5 Cipher
+
+ =back
+
+-=head1 PASS PHRASE ARGUMENTS
++=head1 COMMAND OPTIONS
++
++Details of which options are available depend on the specific command.
++This section describes some common options with common behavior.
++
++=head2 Common Options
++
++=over 10
++
++=item B<-help>
++
++Provides a terse summary of all options.
++
++=back
++
++=head2 Pass Phrase Options
+
+ Several commands accept password arguments, typically using B<-passin>
+ and B<-passout> for input and output passwords respectively. These allow
+@@ -416,4 +430,13 @@ The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
For notes on the availability of other commands, see their individual
manual pages.
@@ -84268,7 +91455,7 @@
+
=cut
diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod
-index b784f6c..87dd8d8 100644
+index b784f6ccee1f..87dd8d868c52 100644
--- a/doc/apps/passwd.pod
+++ b/doc/apps/passwd.pod
@@ -84,4 +84,13 @@ B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXj
@@ -84286,7 +91473,7 @@
+
=cut
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
-index d38484b..2f2c4d1 100644
+index d38484bf86f9..2f2c4d143d71 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -1,4 +1,3 @@
@@ -84294,7 +91481,7 @@
=pod
=head1 NAME
-@@ -337,7 +336,7 @@ Output only client certificates to a file:
+@@ -337,7 +336,7 @@ description of all algorithms is contained in the B<pkcs8> manual page.
openssl pkcs12 -in file.p12 -clcerts -out file.pem
Don't encrypt the private key:
@@ -84303,7 +91490,7 @@
openssl pkcs12 -in file.p12 -out file.pem -nodes
Print some info about a PKCS#12 file:
-@@ -357,3 +356,13 @@ Include some extra certificates:
+@@ -357,3 +356,13 @@ description of all algorithms is contained in the B<pkcs8> manual page.
L<pkcs8(1)>
@@ -84318,7 +91505,7 @@
+
+=cut
diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod
-index 6cb015c..8c3c11f 100644
+index 6cb015cded3c..8c3c11f88b9b 100644
--- a/doc/apps/pkcs7.pod
+++ b/doc/apps/pkcs7.pod
@@ -37,7 +37,7 @@ the DER form with header and footer lines.
@@ -84330,7 +91517,7 @@
B<-inform> option.
=item B<-in filename>
-@@ -100,11 +100,20 @@ For compatibility with some CAs it will also accept:
+@@ -100,11 +100,20 @@ for all available algorithms.
There is no option to print out all the fields of a PKCS#7 file.
@@ -84353,7 +91540,7 @@
+
=cut
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
-index 8d28a12..cd6db02 100644
+index 8d28a123a167..cd6db02a59ac 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -18,6 +18,7 @@ B<openssl> B<pkcs8>
@@ -84523,18 +91710,18 @@
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
(3DES):
-@@ -225,14 +253,14 @@ Read a DER unencrypted PKCS#8 format private key:
+@@ -225,14 +253,14 @@ Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
-Convert a private key from any PKCS#8 format to traditional format:
+Convert a private key from any PKCS#8 encrypted format to traditional format:
-+
-+ openssl pkcs8 -in pk8.pem -traditional -out key.pem
- openssl pkcs8 -in pk8.pem -out key.pem
-
-Convert a private key to PKCS#8 format, encrypting with AES-256 and with
++ openssl pkcs8 -in pk8.pem -traditional -out key.pem
++
+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
one million iterations of the password:
@@ -84572,7 +91759,7 @@
+
=cut
diff --git a/doc/apps/pkey.pod b/doc/apps/pkey.pod
-index 5808390..dc736a3 100644
+index 5808390dc547..dc736a3370df 100644
--- a/doc/apps/pkey.pod
+++ b/doc/apps/pkey.pod
@@ -1,4 +1,3 @@
@@ -84619,7 +91806,7 @@
=item B<-text_pub>
-@@ -116,7 +122,7 @@ To encrypt a private key using triple DES:
+@@ -116,7 +122,7 @@ for all available algorithms.
openssl pkey -in key.pem -des3 -out keyout.pem
@@ -84628,7 +91815,7 @@
openssl pkey -in key.pem -outform DER -out keyout.der
-@@ -135,6 +141,15 @@ To just output the public part of a private key:
+@@ -135,6 +141,15 @@ To convert a private key from PEM to DER format:
=head1 SEE ALSO
L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
@@ -84646,7 +91833,7 @@
=cut
diff --git a/doc/apps/pkeyparam.pod b/doc/apps/pkeyparam.pod
-index c3c6dbb..6a8c4a8 100644
+index c3c6dbbed0b6..6a8c4a806bb5 100644
--- a/doc/apps/pkeyparam.pod
+++ b/doc/apps/pkeyparam.pod
@@ -1,4 +1,3 @@
@@ -84681,7 +91868,7 @@
=cut
diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod
-index fed683f..6b8e2bc 100644
+index fed683f5c8e6..91eeda548872 100644
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
@@ -84,11 +84,11 @@ the peer key format PEM, DER or ENGINE. Default is PEM.
@@ -84698,6 +91885,15 @@
=item B<-rev>
+@@ -125,7 +125,7 @@ derive a shared secret using the peer key.
+
+ Use key derivation function B<algorithm>. The supported algorithms are
+ at present B<TLS1-PRF> and B<HKDF>.
+-Note: additional paramers and the KDF output length will normally have to be
++Note: additional parameters and the KDF output length will normally have to be
+ set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
+ for the supported string parameters of each algorithm.
+
@@ -198,7 +198,7 @@ This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for
PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
@@ -84707,7 +91903,7 @@
signed or verified directly instead of using a B<DigestInfo> structure. If a
digest is set then the a B<DigestInfo> structure is used and its the length
must correspond to the digest type.
-@@ -273,3 +273,14 @@ seed consisting of the single byte 0xFF:
+@@ -273,3 +273,14 @@ Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
@@ -84723,7 +91919,7 @@
+
+=cut
diff --git a/doc/apps/rand.pod b/doc/apps/rand.pod
-index 444dcbb..0faf687 100644
+index 444dcbb22f89..0faf6872a271 100644
--- a/doc/apps/rand.pod
+++ b/doc/apps/rand.pod
@@ -57,4 +57,13 @@ Show the output as a hex string.
@@ -84741,7 +91937,7 @@
+
=cut
diff --git a/doc/apps/rehash.pod b/doc/apps/rehash.pod
-index 7ec6511..62e39cf 100644
+index 7ec6511520fc..62e39cf9e22d 100644
--- a/doc/apps/rehash.pod
+++ b/doc/apps/rehash.pod
@@ -125,3 +125,14 @@ Ignored if directories are listed on the command line.
@@ -84760,14 +91956,20 @@
+
+=cut
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
-index 8353e9a..5440de5 100644
+index 8353e9ad49a4..a891c3eeef76 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
-@@ -1,4 +1,3 @@
+@@ -1,9 +1,8 @@
-
=pod
=head1 NAME
+
+-req - PKCS#10 certificate request and certificate generating utility.
++req - PKCS#10 certificate request and certificate generating utility
+
+ =head1 SYNOPSIS
+
@@ -70,7 +69,7 @@ footer lines.
=item B<-outform DER|PEM>
@@ -84822,7 +92024,7 @@
L<x509v3_config(5)> manual page for details of the
extension section format.
-@@ -499,8 +498,8 @@ Generate a self signed root certificate:
+@@ -499,8 +498,8 @@ will be treated as though they were a DirectoryString.
Example of a file pointed to by the B<oid_file> option:
@@ -84833,7 +92035,7 @@
Example of a section pointed to by B<oid_section> making use of variable
expansion:
-@@ -511,34 +510,34 @@ expansion:
+@@ -511,34 +510,34 @@ Example of a section pointed to by B<oid_section> making use of variable
Sample configuration file prompting for field values:
[ req ]
@@ -84886,7 +92088,7 @@
[ v3_ca ]
-@@ -549,27 +548,27 @@ Sample configuration file prompting for field values:
+@@ -549,27 +548,27 @@ Example of a section pointed to by B<oid_section> making use of variable
Sample configuration containing all field values:
@@ -84965,7 +92167,7 @@
=cut
diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod
-index dbb3df5..c3178ab 100644
+index dbb3df56a32b..c3178ab39845 100644
--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@@ -1,4 +1,3 @@
@@ -84991,7 +92193,7 @@
=item B<-noout>
-@@ -176,7 +175,7 @@ To encrypt a private key using triple DES:
+@@ -176,7 +175,7 @@ to the B<rsa> utility with the B<-inform NET> option.
openssl rsa -in key.pem -des3 -out keyout.pem
@@ -85018,7 +92220,7 @@
=cut
diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod
-index 357b722..325c691 100644
+index 357b722431c1..325c6911d6e8 100644
--- a/doc/apps/rsautl.pod
+++ b/doc/apps/rsautl.pod
@@ -61,7 +61,7 @@ the input file is an RSA public key.
@@ -85030,7 +92232,7 @@
=item B<-sign>
-@@ -136,24 +136,24 @@ example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
+@@ -136,24 +136,24 @@ utility in conjunction with B<asn1parse>. Consider the self signed
openssl asn1parse -in pca-cert.pem
@@ -85066,7 +92268,7 @@
The final BIT STRING contains the actual signature. It can be extracted with:
-@@ -161,18 +161,18 @@ The final BIT STRING contains the actual signature. It can be extracted with:
+@@ -161,18 +161,18 @@ utility in conjunction with B<asn1parse>. Consider the self signed
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
The certificate public key can be extracted with:
@@ -85106,7 +92308,7 @@
+
+=cut
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
-index e06af14..f5e3b63 100644
+index e06af14ec95f..f5e3b63ccf34 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -1,4 +1,3 @@
@@ -85122,7 +92324,7 @@
[B<-partial_chain>]
[B<-policy arg>]
[B<-policy_check>]
-@@ -227,7 +227,7 @@ whitespace is ignored in the associated data field. For example:
+@@ -227,7 +227,7 @@ data, with the last of these encoded in hexadecimal. Optional
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
@@ -85164,7 +92366,7 @@
+
=cut
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
-index 08554f4..f887cc6 100644
+index 08554f453046..8e0ff78e691e 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -1,4 +1,3 @@
@@ -85189,6 +92391,24 @@
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+@@ -305,7 +305,7 @@ from the client.
+ =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
+
+ These options make B<s_server> use DTLS protocols instead of TLS.
+-With B<-dtls>, B<s_server> will negotiate any supported DTLS protcol version,
++With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version,
+ whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
+ respectively.
+
+@@ -339,7 +339,7 @@ L<SSL_CTX_set_split_send_fragment(3)> for further information.
+
+ The maximum number of encrypt/decrypt pipelines to be used. This will only have
+ an effect if an engine has been loaded that supports pipelining (e.g. the dasync
+-engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
++engine) and a suitable ciphersuite has been negotiated. The default value is 1.
+ See L<SSL_CTX_set_max_pipelines(3)> for further information.
+
+ =item B<-read_buf int>
@@ -559,4 +559,13 @@ L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
The -no_alt_chains options was first added to OpenSSL 1.1.0.
@@ -85204,7 +92424,7 @@
+
=cut
diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod
-index b9a7dd9..acadd30 100644
+index b9a7dd907829..acadd30025dc 100644
--- a/doc/apps/s_time.pod
+++ b/doc/apps/s_time.pod
@@ -1,4 +1,3 @@
@@ -85227,7 +92447,7 @@
+
=cut
diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod
-index 1407dfa..b3b77b7 100644
+index 1407dfab7d9b..b098528bb8aa 100644
--- a/doc/apps/sess_id.pod
+++ b/doc/apps/sess_id.pod
@@ -1,4 +1,3 @@
@@ -85235,7 +92455,16 @@
=pod
=head1 NAME
-@@ -57,7 +56,7 @@ output if this option is not specified.
+@@ -25,6 +24,8 @@ master key) in human readable format. Since this is a diagnostic tool that
+ needs some knowledge of the SSL protocol to use properly, most users will
+ not need to use it.
+
++=head1 COMMAND OPTIONS
++
+ =over 4
+
+ =item B<-help>
+@@ -57,7 +58,7 @@ output if this option is not specified.
=item B<-text>
prints out the various public or private key components in
@@ -85244,7 +92473,7 @@
=item B<-cert>
-@@ -150,4 +149,13 @@ The cipher and start time should be printed out in human readable form.
+@@ -150,4 +151,13 @@ The cipher and start time should be printed out in human readable form.
L<ciphers(1)>, L<s_server(1)>
@@ -85259,7 +92488,7 @@
+
=cut
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
-index e6323ad..05cefea 100644
+index e6323ad0b026..05cefea7e20f 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -14,6 +14,8 @@ B<openssl> B<smime>
@@ -85346,7 +92575,7 @@
Verify a message and extract the signer's certificate if successful:
-@@ -422,15 +429,15 @@ Verify a message and extract the signer's certificate if successful:
+@@ -422,15 +429,15 @@ Create a signed message, include some additional certificates and
Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -from steve at openssl.org \
@@ -85367,7 +92596,7 @@
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
-@@ -447,7 +454,7 @@ it with:
+@@ -447,7 +454,7 @@ signature by line wrapping the base64 encoded structure and surrounding
-----BEGIN PKCS7-----
-----END PKCS7-----
@@ -85391,7 +92620,7 @@
+
=cut
diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod
-index 7f28382..ab2c7d7 100644
+index 7f28382bafb7..ab2c7d76acff 100644
--- a/doc/apps/speed.pod
+++ b/doc/apps/speed.pod
@@ -77,4 +77,13 @@ the above are tested.
@@ -85409,7 +92638,7 @@
+
=cut
diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod
-index f5ce8a6..35c6a12 100644
+index f5ce8a6afe5c..35c6a128d852 100644
--- a/doc/apps/spkac.pod
+++ b/doc/apps/spkac.pod
@@ -135,4 +135,13 @@ to be used in a "replay attack".
@@ -85427,7 +92656,7 @@
+
=cut
diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
-index e64e5fc..02b2ada 100644
+index e64e5fcf34c5..02b2adaa2f58 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -522,13 +522,13 @@ To create a time stamp request for design1.txt with SHA-1
@@ -85464,7 +92693,7 @@
If you want to use the settings in the config file you could just write:
-@@ -589,20 +589,20 @@ valid response:
+@@ -589,20 +589,20 @@ To add 'granted' status info to a time stamp token thereby creating a
To verify a time stamp reply against a request:
openssl ts -verify -queryfile design1.tsq -in design1.tsr \
@@ -85512,7 +92741,7 @@
+
=cut
diff --git a/doc/apps/tsget.pod b/doc/apps/tsget.pod
-index 34187eb..cf7817a 100644
+index 34187eb7ef5f..cf7817a0e765 100644
--- a/doc/apps/tsget.pod
+++ b/doc/apps/tsget.pod
@@ -33,15 +33,15 @@ line.
@@ -85606,9 +92835,18 @@
+
=cut
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
-index 96d6be4..5d3467e 100644
+index 96d6be4a4db9..051cd624f1f6 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-verify - Utility to verify certificates.
++verify - Utility to verify certificates
+
+ =head1 SYNOPSIS
+
@@ -24,6 +24,7 @@ B<openssl> B<verify>
[B<-ignore_critical>]
[B<-inhibit_any>]
@@ -85630,207 +92868,460 @@
=item B<-partial_chain>
Allow verification to succeed even if a I<complete> chain cannot be built to a
-@@ -533,135 +540,135 @@ B<-issuer_checks> option.
+@@ -203,14 +210,14 @@ effect.
+ A B<file> of additional untrusted certificates (intermediate issuer CAs) used
+ to construct a certificate chain from the subject certificate to a trust-anchor.
+ The B<file> should contain one or more certificates in PEM format.
+-This option can be specified more than once to include untrusted certiificates
++This option can be specified more than once to include untrusted certificates
+ from multiple B<files>.
+
+ =item B<-trusted file>
+
+ A B<file> of trusted certificates, which must be self-signed, unless the
+ B<-partial_chain> option is specified.
+-The B<file> contain one or more certificates in PEM format.
++The B<file> contains one or more certificates in PEM format.
+ With this option, no additional (e.g., default) certificate lists are
+ consulted.
+ That is, the only trust-anchors are those listed in B<file>.
+@@ -333,7 +340,7 @@ CA.
+
+ The process of 'looking up the issuers certificate' itself involves a number of
+ steps.
+-Ater all certificates whose subject name matches the issuer name of the current
++After all certificates whose subject name matches the issuer name of the current
+ certificate are subject to further tests.
+ The relevant authority key identifier components of the current certificate (if
+ present) must match the subject key identifier (if present) and issuer and
+@@ -381,287 +388,287 @@ problem was detected starting with zero for the certificate being verified itsel
+ then 1 for the CA that signed the certificate and so on. Finally a text version
+ of the error number is presented.
+
+-An partial list of the error codes and messages is shown below, this also
++A partial list of the error codes and messages is shown below, this also
+ includes the name of the error code as defined in the header file x509_vfy.h
+ Some of the error codes are defined but never returned: these are described
+ as "unused".
+
+ =over 4
+
+-=item B<0 X509_V_OK: ok>
++=item B<X509_V_OK>
+
+-the operation was successful.
++The operation was successful.
+
+-=item B<1 X509_V_ERR_UNSPECIFIED: unspecified certificate verification error>
++=item B<X509_V_ERR_UNSPECIFIED>
+
+-unspecified error, should not happen.
++Unspecified error; should not happen.
+
+-=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
++=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT>
+
+-the issuer certificate of a looked up certificate could not be found. This
++The issuer certificate of a looked up certificate could not be found. This
+ normally means the list of trusted certificates is not complete.
+
+-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
++=item B<X509_V_ERR_UNABLE_TO_GET_CRL>
+
+-the CRL of a certificate could not be found.
++The CRL of a certificate could not be found.
+
+-=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
++=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE>
+
+-the certificate signature could not be decrypted. This means that the actual signature value
++The certificate signature could not be decrypted. This means that the actual signature value
+ could not be determined rather than it not matching the expected value, this is only
+ meaningful for RSA keys.
+
+-=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
++=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE>
+
+-the CRL signature could not be decrypted: this means that the actual signature value
++The CRL signature could not be decrypted: this means that the actual signature value
+ could not be determined rather than it not matching the expected value. Unused.
+
+-=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
++=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY>
+
+-the public key in the certificate SubjectPublicKeyInfo could not be read.
++The public key in the certificate SubjectPublicKeyInfo could not be read.
+
+-=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
++=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE>
+
+-the signature of the certificate is invalid.
++The signature of the certificate is invalid.
+
+-=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
++=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE>
+
+-the signature of the certificate is invalid.
++The signature of the certificate is invalid.
+
+-=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
++=item B<X509_V_ERR_CERT_NOT_YET_VALID>
+
+-the certificate is not yet valid: the notBefore date is after the current time.
++The certificate is not yet valid: the notBefore date is after the current time.
+
+-=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
++=item B<X509_V_ERR_CERT_HAS_EXPIRED>
+
+-the certificate has expired: that is the notAfter date is before the current time.
++The certificate has expired: that is the notAfter date is before the current time.
+
+-=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
++=item B<X509_V_ERR_CRL_NOT_YET_VALID>
+
+-the CRL is not yet valid.
++The CRL is not yet valid.
+
+-=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
++=item B<X509_V_ERR_CRL_HAS_EXPIRED>
+
+-the CRL has expired.
++The CRL has expired.
+
+-=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
++=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD>
+
+-the certificate notBefore field contains an invalid time.
++The certificate notBefore field contains an invalid time.
+
+-=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
++=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD>
+
+-the certificate notAfter field contains an invalid time.
++The certificate notAfter field contains an invalid time.
+
+-=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
++=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD>
+
+-the CRL lastUpdate field contains an invalid time.
++The CRL lastUpdate field contains an invalid time.
+
+-=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
++=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD>
+
+-the CRL nextUpdate field contains an invalid time.
++The CRL nextUpdate field contains an invalid time.
+
+-=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
++=item B<X509_V_ERR_OUT_OF_MEM>
+
+-an error occurred trying to allocate memory. This should never happen.
++An error occurred trying to allocate memory. This should never happen.
+
+-=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
++=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT>
+
+-the passed certificate is self signed and the same certificate cannot be found in the list of
++The passed certificate is self-signed and the same certificate cannot be found in the list of
+ trusted certificates.
+
+-=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
++=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN>
+
+-the certificate chain could be built up using the untrusted certificates but the root could not
++The certificate chain could be built up using the untrusted certificates but the root could not
+ be found locally.
+
+-=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
++=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY>
+
+-the issuer certificate could not be found: this occurs if the issuer
++The issuer certificate could not be found: this occurs if the issuer
+ certificate of an untrusted certificate cannot be found.
+
+-=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
++=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE>
+
+-no signatures could be verified because the chain contains only one certificate and it is not
++No signatures could be verified because the chain contains only one certificate and it is not
+ self signed.
+
+-=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
++=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG>
+
+-the certificate chain length is greater than the supplied maximum depth. Unused.
++The certificate chain length is greater than the supplied maximum depth. Unused.
+
+-=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
++=item B<X509_V_ERR_CERT_REVOKED>
+
+-the certificate has been revoked.
++The certificate has been revoked.
+
+-=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
++=item B<X509_V_ERR_INVALID_CA>
+
+-a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
++A CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+ with the supplied purpose.
+
+-=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
++=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED>
+
+-the basicConstraints pathlength parameter has been exceeded.
++The basicConstraints pathlength parameter has been exceeded.
+
+-=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
++=item B<X509_V_ERR_INVALID_PURPOSE>
+
+-the supplied certificate cannot be used for the specified purpose.
++The supplied certificate cannot be used for the specified purpose.
+
+-=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
++=item B<X509_V_ERR_CERT_UNTRUSTED>
+
+ the root CA is not marked as trusted for the specified purpose.
+
+-=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
++=item B<X509_V_ERR_CERT_REJECTED>
+
+-the root CA is marked to reject the specified purpose.
++The root CA is marked to reject the specified purpose.
+
+-=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
++=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH>
++
++not used as of OpenSSL 1.1.0 as a result of the deprecation of the
++B<-issuer_checks> option.
++
++=item B<X509_V_ERR_AKID_SKID_MISMATCH>
+
Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
B<-issuer_checks> option.
--=item B<33 X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate>
+-=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
++=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH>
+
+ Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+ B<-issuer_checks> option.
+
+-=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
++=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN>
+
+ Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+ B<-issuer_checks> option.
+
+-=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN: key usage does not include certificate signing>
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER>
--TBA
+-Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+-B<-issuer_checks> option.
+Unable to get CRL issuer certificate.
--=item B<34 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension>
+-=item B<33 X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate>
+=item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION>
-TBA
+Unhandled critical extension.
--=item B<35 X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing>
+-=item B<34 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension>
+=item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN>
-TBA
+Key usage does not include CRL signing.
--=item B<36 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension>
+-=item B<35 X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing>
+=item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION>
-TBA
+Unhandled critical CRL extension.
--=item B<37 X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate has CA markings>
+-=item B<36 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension>
+=item B<X509_V_ERR_INVALID_NON_CA>
-TBA
+Invalid non-CA certificate has CA markings.
--=item B<38 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded>
+-=item B<37 X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate has CA markings>
+=item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED>
-TBA
+Proxy path length constraint exceeded.
--=item B<39 X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature>
+-=item B<38 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded>
+=item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE>
-TBA
+Key usage does not include digital signature.
--=item B<40 X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag>
+-=item B<39 X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature>
+=item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED>
-TBA
+Proxy certificates not allowed, please set the appropriate flag.
--=item B<41 X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+-=item B<40 X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag>
+=item B<X509_V_ERR_INVALID_EXTENSION>
-TBA
+Invalid or inconsistent certificate extension.
--=item B<42 X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+-=item B<41 X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION>
-TBA
+Invalid or inconsistent certificate policy extension.
--=item B<43 X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+-=item B<42 X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY>
-TBA
+No explicit policy.
--=item B<44 X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+-=item B<43 X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE>
-TBA
+Different CRL scope.
--=item B<45 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+-=item B<44 X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE>
-TBA
+Unsupported extension feature.
--=item B<46 X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resources>
+-=item B<45 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+=item B<X509_V_ERR_UNNESTED_RESOURCE>
-TBA
+RFC 3779 resource not subset of parent's resources.
--=item B<47 X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+-=item B<46 X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resources>
+=item B<X509_V_ERR_PERMITTED_VIOLATION>
-TBA
+Permitted subtree violation.
--=item B<48 X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+-=item B<47 X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+=item B<X509_V_ERR_EXCLUDED_VIOLATION>
-TBA
+Excluded subtree violation.
--=item B<49 X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+-=item B<48 X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+=item B<X509_V_ERR_SUBTREE_MINMAX>
-TBA
+Name constraints minimum and maximum not supported.
--=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+-=item B<49 X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+=item B<X509_V_ERR_APPLICATION_VERIFICATION>
--an application specific error. Unused.
+-TBA
+Application verification failure. Unused.
--=item B<51 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+-=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE>
--TBA
+-an application specific error. Unused.
+Unsupported name constraint type.
--=item B<52 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+-=item B<51 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX>
-TBA
+Unsupported or invalid name constraint syntax.
--=item B<53 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax>
+-=item B<52 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+=item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX>
-TBA
+Unsupported or invalid name syntax.
--=item B<54 X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+-=item B<53 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax>
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR>
-TBA
+CRL path validation error.
--=item B<55 X509_V_ERR_PATH_LOOP: Path Loop>
+-=item B<54 X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+=item B<X509_V_ERR_PATH_LOOP>
-TBA
+Path loop.
--=item B<56 X509_V_ERR_SUITE_B_INVALID_VERSION: Suite B: certificate version invalid>
+-=item B<55 X509_V_ERR_PATH_LOOP: Path Loop>
+=item B<X509_V_ERR_SUITE_B_INVALID_VERSION>
-TBA
+Suite B: certificate version invalid.
--=item B<57 X509_V_ERR_SUITE_B_INVALID_ALGORITHM: Suite B: invalid public key algorithm>
+-=item B<56 X509_V_ERR_SUITE_B_INVALID_VERSION: Suite B: certificate version invalid>
+=item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM>
-TBA
+Suite B: invalid public key algorithm.
--=item B<58 X509_V_ERR_SUITE_B_INVALID_CURVE: Suite B: invalid ECC curve>
+-=item B<57 X509_V_ERR_SUITE_B_INVALID_ALGORITHM: Suite B: invalid public key algorithm>
+=item B<X509_V_ERR_SUITE_B_INVALID_CURVE>
-TBA
+Suite B: invalid ECC curve.
--=item B<59 X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Suite B: invalid signature algorithm>
+-=item B<58 X509_V_ERR_SUITE_B_INVALID_CURVE: Suite B: invalid ECC curve>
+=item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM>
-TBA
+Suite B: invalid signature algorithm.
--=item B<60 X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: Suite B: curve not allowed for this LOS>
+-=item B<59 X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Suite B: invalid signature algorithm>
+=item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED>
-TBA
+Suite B: curve not allowed for this LOS.
--=item B<61 X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Suite B: cannot sign P-384 with P-256>
+-=item B<60 X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: Suite B: curve not allowed for this LOS>
+=item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256>
-TBA
+Suite B: cannot sign P-384 with P-256.
--=item B<62 X509_V_ERR_HOSTNAME_MISMATCH: Hostname mismatch>
+-=item B<61 X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Suite B: cannot sign P-384 with P-256>
+=item B<X509_V_ERR_HOSTNAME_MISMATCH>
-TBA
+Hostname mismatch.
--=item B<63 X509_V_ERR_EMAIL_MISMATCH: Email address mismatch>
+-=item B<62 X509_V_ERR_HOSTNAME_MISMATCH: Hostname mismatch>
+=item B<X509_V_ERR_EMAIL_MISMATCH>
-TBA
+Email address mismatch.
--=item B<64 X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch>
+-=item B<63 X509_V_ERR_EMAIL_MISMATCH: Email address mismatch>
+=item B<X509_V_ERR_IP_ADDRESS_MISMATCH>
-TBA
+IP address mismatch.
+-=item B<64 X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch>
+-
+-TBA
+-
-=item B<65 X509_V_ERR_DANE_NO_MATCH: No matching DANE TLSA records>
+=item B<X509_V_ERR_DANE_NO_MATCH>
DANE TLSA authentication is enabled, but no TLSA records matched the
certificate chain.
+@@ -682,7 +689,7 @@ mishandled them.
+
+ Previous versions of this documentation swapped the meaning of the
+ B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
+-B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
++B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
+
+ =head1 SEE ALSO
+
@@ -695,5 +702,13 @@ The B<-show_chain> option was first added to OpenSSL 1.1.0.
The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
is silently ignored.
@@ -85847,7 +93338,7 @@
+
+=cut
diff --git a/doc/apps/version.pod b/doc/apps/version.pod
-index 01f6d2a..a97ed20 100644
+index 01f6d2a0265f..a97ed20445cc 100644
--- a/doc/apps/version.pod
+++ b/doc/apps/version.pod
@@ -68,4 +68,13 @@ ENGINESDIR setting.
@@ -85865,7 +93356,7 @@
+
=cut
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
-index 2dc225b..72ed6cf 100644
+index 2dc225bc090f..cddfc8ce4acf 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -1,4 +1,3 @@
@@ -85983,6 +93474,17 @@
As well as customising the name output format, it is also possible to
customise the actual fields printed using the B<certopt> options when
+@@ -652,8 +655,8 @@ hex dump unsupported extensions.
+
+ =item B<ca_default>
+
+-the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
+-B<no_version>, B<no_sigdump> and B<no_signame>.
++the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>,
++B<no_header>, and B<no_version>.
+
+ =back
+
@@ -703,20 +706,20 @@ Convert a certificate request into a self signed certificate using
extensions for a CA:
@@ -86007,6 +93509,15 @@
=head1 NOTES
+@@ -831,7 +834,7 @@ Otherwise it is the same as a normal SSL server.
+
+ The extended key usage extension must be absent or include the "email
+ protection" OID. Netscape certificate type must be absent or should have the
+-S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
++S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type
+ then the SSL client bit is tolerated as an alternative but a warning is shown:
+ this is because some Verisign certificates don't set the S/MIME bit.
+
@@ -850,7 +853,7 @@ if the keyUsage extension is present.
The extended key usage extension must be absent or include the "email
protection" OID. Netscape certificate type must be absent or must have the
@@ -86043,10 +93554,10 @@
=cut
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
-index 72eec51..6e90b35 100644
+index 72eec511a256..6e90b350b60f 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
-@@ -104,23 +104,23 @@ Examples:
+@@ -104,23 +104,23 @@ and decipherOnly.
This extensions consists of a list of usages indicating purposes for which
the certificate public key can be used for,
@@ -86084,7 +93595,7 @@
Examples:
-@@ -224,7 +224,7 @@ Example:
+@@ -224,7 +224,7 @@ certain values are meaningful, for example OCSP and caIssuers.
authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
@@ -86093,7 +93604,7 @@
This is a multi-valued extension whose options can be either in name:value pair
using the same form as subject alternative name or a single value representing
-@@ -529,5 +529,13 @@ will only recognize the last value. This can be worked around by using the form:
+@@ -529,5 +529,13 @@ Due to the behaviour of the OpenSSL B<conf> library the same field name
L<req(1)>, L<ca(1)>, L<x509(1)>,
L<ASN1_generate_nconf(3)>
@@ -86108,10 +93619,18 @@
=cut
diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod
-index fb10766..9299a51 100644
+index fb1076658e7a..24e0f3800355 100644
--- a/doc/crypto/ASN1_INTEGER_get_int64.pod
+++ b/doc/crypto/ASN1_INTEGER_get_int64.pod
-@@ -119,4 +119,13 @@ ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
+@@ -2,6 +2,7 @@
+
+ =head1 NAME
+
++ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64,
+ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN, - ASN.1 INTEGER and ENUMERATED utilities
+
+ =head1 SYNOPSIS
+@@ -119,4 +120,13 @@ ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
were added to OpenSSL 1.1.0.
@@ -86126,7 +93645,7 @@
+
=cut
diff --git a/doc/crypto/ASN1_OBJECT_new.pod b/doc/crypto/ASN1_OBJECT_new.pod
-index cc9cf43..4c018ef 100644
+index cc9cf43cad32..4c018efffd56 100644
--- a/doc/crypto/ASN1_OBJECT_new.pod
+++ b/doc/crypto/ASN1_OBJECT_new.pod
@@ -39,4 +39,13 @@ ASN1_OBJECT_free() returns no value.
@@ -86144,7 +93663,7 @@
+
=cut
diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod
-index 4c9ad0a..1675169 100644
+index 4c9ad0a31c1b..1675169566f0 100644
--- a/doc/crypto/ASN1_STRING_length.pod
+++ b/doc/crypto/ASN1_STRING_length.pod
@@ -72,12 +72,17 @@ character in big endian format, UTF8String will be in UTF8 format.
@@ -86169,7 +93688,7 @@
=cut
diff --git a/doc/crypto/ASN1_STRING_new.pod b/doc/crypto/ASN1_STRING_new.pod
-index 76e983a..7bd2fc1 100644
+index 76e983a8208c..7bd2fc19210b 100644
--- a/doc/crypto/ASN1_STRING_new.pod
+++ b/doc/crypto/ASN1_STRING_new.pod
@@ -40,8 +40,13 @@ ASN1_STRING_free() does not return a value.
@@ -86189,9 +93708,18 @@
=cut
diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod
-index 2be7f7c..9e555e8 100644
+index 2be7f7caa277..1d5b4fcca177 100644
--- a/doc/crypto/ASN1_STRING_print_ex.pod
+++ b/doc/crypto/ASN1_STRING_print_ex.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines.
++ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines
+
+ =head1 SYNOPSIS
+
@@ -30,7 +30,7 @@ with '.'.
ASN1_STRING_print() is a legacy function which should be avoided in new applications.
@@ -86210,7 +93738,7 @@
B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
instead (including tag and length octets).
-@@ -89,8 +89,13 @@ equivalent to:
+@@ -89,8 +89,13 @@ B<ASN1_STRFLGS_RFC2253> includes all the flags required by RFC2253. It is
L<X509_NAME_print_ex(3)>,
L<ASN1_tag2str(3)>
@@ -86227,10 +93755,19 @@
=cut
diff --git a/doc/crypto/ASN1_TIME_set.pod b/doc/crypto/ASN1_TIME_set.pod
-index d633265..0671615 100644
+index d6332653ec73..457b7218d4cc 100644
--- a/doc/crypto/ASN1_TIME_set.pod
+++ b/doc/crypto/ASN1_TIME_set.pod
-@@ -100,7 +100,7 @@ Determine if one time is later or sooner than the current time:
+@@ -3,7 +3,7 @@
+ =head1 NAME
+
+ ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string,
+-ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions.
++ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions
+
+ =head1 SYNOPSIS
+
+@@ -100,7 +100,7 @@ anyway.
int day, sec;
if (!ASN1_TIME_diff(&day, &sec, NULL, to))
@@ -86254,7 +93791,7 @@
+
=cut
diff --git a/doc/crypto/ASN1_TYPE_get.pod b/doc/crypto/ASN1_TYPE_get.pod
-index 3fc9d2a..d423303 100644
+index 3fc9d2abba37..d4233039e88e 100644
--- a/doc/crypto/ASN1_TYPE_get.pod
+++ b/doc/crypto/ASN1_TYPE_get.pod
@@ -88,4 +88,13 @@ NULL on failure.
@@ -86272,9 +93809,20 @@
+
=cut
diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod
-index a95b2c8..d2e8a17 100644
+index a95b2c8bbbc7..92f624fa24d3 100644
--- a/doc/crypto/ASN1_generate_nconf.pod
+++ b/doc/crypto/ASN1_generate_nconf.pod
+@@ -8,8 +8,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
+
+ #include <openssl/asn1.h>
+
+- ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+- ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
++ ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
++ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+
+ =head1 DESCRIPTION
+
@@ -40,7 +40,7 @@ That is zero or more comma separated modifiers followed by a type
followed by an optional colon and a value. The formats of B<type>,
B<value> and B<modifier> are explained below.
@@ -86332,7 +93880,7 @@
+
=cut
diff --git a/doc/crypto/ASYNC_WAIT_CTX_new.pod b/doc/crypto/ASYNC_WAIT_CTX_new.pod
-index c4e4d0e..364cbb4 100644
+index c4e4d0e38d51..364cbb4e3031 100644
--- a/doc/crypto/ASYNC_WAIT_CTX_new.pod
+++ b/doc/crypto/ASYNC_WAIT_CTX_new.pod
@@ -53,7 +53,7 @@ ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file
@@ -86359,7 +93907,7 @@
+
=cut
diff --git a/doc/crypto/ASYNC_start_job.pod b/doc/crypto/ASYNC_start_job.pod
-index 0e6507b..b5139a3 100644
+index 0e6507b195e7..b5139a34a999 100644
--- a/doc/crypto/ASYNC_start_job.pod
+++ b/doc/crypto/ASYNC_start_job.pod
@@ -111,7 +111,7 @@ for the B<job>. ASYNC_WAIT_CTXs can have a "wait" file descriptor associated
@@ -86371,7 +93919,7 @@
attempting to restart it to see if it is ready to continue.
An example of typical usage might be an async capable engine. User code would
-@@ -267,7 +267,7 @@ The following example demonstrates how to use most of the core async APIs:
+@@ -267,7 +267,7 @@ otherwise.
/* Wait for the job to be woken */
printf("Waiting for the job to be woken up\n");
@@ -86394,8 +93942,131 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/BF_encrypt.pod b/doc/crypto/BF_encrypt.pod
+new file mode 100644
+index 000000000000..6d8cf1fdb438
+--- /dev/null
++++ b/doc/crypto/BF_encrypt.pod
+@@ -0,0 +1,117 @@
++=pod
++
++=head1 NAME
++
++BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
++BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
++
++=head1 SYNOPSIS
++
++ #include <openssl/blowfish.h>
++
++ void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
++
++ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
++ BF_KEY *key, int enc);
++ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
++ long length, BF_KEY *schedule, unsigned char *ivec, int enc);
++ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
++ long length, BF_KEY *schedule, unsigned char *ivec, int *num,
++ int enc);
++ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
++ long length, BF_KEY *schedule, unsigned char *ivec, int *num);
++ const char *BF_options(void);
++
++ void BF_encrypt(BF_LONG *data,const BF_KEY *key);
++ void BF_decrypt(BF_LONG *data,const BF_KEY *key);
++
++=head1 DESCRIPTION
++
++This library implements the Blowfish cipher, which was invented and described
++by Counterpane (see http://www.counterpane.com/blowfish.html ).
++
++Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
++It uses a variable size key, but typically, 128 bit (16 byte) keys are
++considered good for strong encryption. Blowfish can be used in the same
++modes as DES (see L<des_modes(7)>). Blowfish is currently one
++of the faster block ciphers. It is quite a bit faster than DES, and much
++faster than IDEA or RC2.
++
++Blowfish consists of a key setup phase and the actual encryption or decryption
++phase.
++
++BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
++at B<data>.
++
++BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
++It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
++putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
++or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
++B<in> and B<out> must be 64 bits in length, no less. If they are larger,
++everything after the first 64 bits is ignored.
++
++The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
++all operate on variable length data. They all take an initialization vector
++B<ivec> which needs to be passed along into the next call of the same function
++for the same message. B<ivec> may be initialized with anything, but the
++recipient needs to know what it was initialized with, or it won't be able
++to decrypt. Some programs and protocols simplify this, like SSH, where
++B<ivec> is simply initialized to zero.
++BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
++BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
++number of bytes (the amount does not have to be an exact multiple of 8). The
++purpose of the latter two is to simulate stream ciphers, and therefore, they
++need the parameter B<num>, which is a pointer to an integer where the current
++offset in B<ivec> is stored between calls. This integer must be initialized
++to zero when B<ivec> is initialized.
++
++BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
++encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
++putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
++decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
++long initialization vector.
++
++BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
++It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
++putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
++or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
++8 byte long initialization vector. B<num> must point at an integer which must
++be initially zero.
++
++BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
++It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
++the same way.
++
++BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
++encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
++B<data>, using the key B<key>. These functions should not be used unless you
++implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt().
++If you still want to use these functions, you should be aware that they take
++each 32-bit chunk in host-byte order, which is little-endian on little-endian
++platforms and big-endian on big-endian ones.
++
++=head1 RETURN VALUES
++
++None of the functions presented here return any value.
++
++=head1 NOTE
++
++Applications should use the higher level functions
++L<EVP_EncryptInit(3)> etc. instead of calling these
++functions directly.
++
++=head1 SEE ALSO
++
++L<EVP_EncryptInit(3)>,
++L<des_modes(7)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/BIO_ADDR.pod b/doc/crypto/BIO_ADDR.pod
-index a3c9b5c..4b169e8 100644
+index a3c9b5cfaf46..4b169e8a89c4 100644
--- a/doc/crypto/BIO_ADDR.pod
+++ b/doc/crypto/BIO_ADDR.pod
@@ -112,3 +112,14 @@ information they should return isn't available.
@@ -86414,10 +94085,23 @@
+
+=cut
diff --git a/doc/crypto/BIO_ADDRINFO.pod b/doc/crypto/BIO_ADDRINFO.pod
-index 42a26e1..1a3dd08 100644
+index 42a26e19fd6d..9ebf99a81464 100644
--- a/doc/crypto/BIO_ADDRINFO.pod
+++ b/doc/crypto/BIO_ADDRINFO.pod
-@@ -72,7 +72,7 @@ with the given one.
+@@ -2,9 +2,10 @@
+
+ =head1 NAME
+
+-BIO_ADDRINFO, BIO_ADDRINFO_lookup, BIO_ADDRINFO_next, BIO_ADDRINFO_free,
++BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free,
+ BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol,
+-BIO_ADDRINFO_sockaddr, BIO_ADDRINFO_sockaddr_size, BIO_ADDRINFO_address
++BIO_ADDRINFO_address,
++BIO_lookup
+ - BIO_ADDRINFO type and routines
+
+ =head1 SYNOPSIS
+@@ -72,11 +73,18 @@ with the given one.
=head1 RETURN VALUES
BIO_lookup() returns 1 on success and 0 when an error occurred, and
@@ -86426,13 +94110,11 @@
All other functions described here return 0 or B<NULL> when the
information they should return isn't available.
-@@ -80,3 +80,14 @@ information they should return isn't available.
- =head1 SEE ALSO
- L<BIO_lookup(3)>
-+
+-=head1 SEE ALSO
+=head1 COPYRIGHT
-+
+
+-L<BIO_lookup(3)>
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
@@ -86442,7 +94124,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_connect.pod b/doc/crypto/BIO_connect.pod
-index 4c908fb..5194033 100644
+index 4c908fba457e..5194033feb89 100644
--- a/doc/crypto/BIO_connect.pod
+++ b/doc/crypto/BIO_connect.pod
@@ -99,3 +99,14 @@ BIO_get_accept_socket() and BIO_accept() are deprecated since OpenSSL
@@ -86461,7 +94143,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_ctrl.pod b/doc/crypto/BIO_ctrl.pod
-index 722e8b8..d6d0df1 100644
+index 722e8b8f46c9..d6d0df1c5a1c 100644
--- a/doc/crypto/BIO_ctrl.pod
+++ b/doc/crypto/BIO_ctrl.pod
@@ -13,7 +13,7 @@ BIO_get_info_callback, BIO_set_info_callback - BIO control operations
@@ -86502,19 +94184,26 @@
+
+=cut
diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod
-index c25ac51..6c78f7e 100644
+index c25ac51124f0..19df1dd63814 100644
--- a/doc/crypto/BIO_f_base64.pod
+++ b/doc/crypto/BIO_f_base64.pod
-@@ -9,7 +9,7 @@ BIO_f_base64 - base64 BIO filter
+@@ -4,12 +4,14 @@
+
+ BIO_f_base64 - base64 BIO filter
+
++=for comment multiple includes
++
+ =head1 SYNOPSIS
+
#include <openssl/bio.h>
#include <openssl/evp.h>
- const BIO_METHOD * BIO_f_base64(void);
-+ const BIO_METHOD * BIO_f_base64(void);
++ const BIO_METHOD *BIO_f_base64(void);
=head1 DESCRIPTION
-@@ -17,7 +17,7 @@ BIO_f_base64() returns the base64 BIO method. This is a filter
+@@ -17,7 +19,7 @@ BIO_f_base64() returns the base64 BIO method. This is a filter
BIO that base64 encodes any data written through it and decodes
any data read through it.
@@ -86523,7 +94212,7 @@
BIO_flush() on a base64 BIO that is being written through is
used to signal that no more data is to be encoded: this is used
-@@ -63,8 +63,8 @@ data to standard output:
+@@ -63,8 +65,8 @@ Read Base64 encoded data from standard input and write the decoded
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
@@ -86534,7 +94223,7 @@
BIO_flush(bio_out);
BIO_free_all(b64);
-@@ -77,6 +77,13 @@ data following the base64 encoded block to be misinterpreted.
+@@ -77,6 +79,13 @@ data following the base64 encoded block to be misinterpreted.
There should be some way of specifying a test that the BIO can perform
to reliably determine EOF (for example a MIME boundary).
@@ -86551,7 +94240,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod
-index edaa351..68811c3 100644
+index edaa3513df26..68811c3c930f 100644
--- a/doc/crypto/BIO_f_buffer.pod
+++ b/doc/crypto/BIO_f_buffer.pod
@@ -71,3 +71,14 @@ L<BIO_reset(3)>,
@@ -86570,22 +94259,30 @@
+
+=cut
diff --git a/doc/crypto/BIO_f_cipher.pod b/doc/crypto/BIO_f_cipher.pod
-index 947d152..8b8e200 100644
+index 947d1523e31a..87ab3ccc9dfa 100644
--- a/doc/crypto/BIO_f_cipher.pod
+++ b/doc/crypto/BIO_f_cipher.pod
-@@ -9,9 +9,9 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher
+@@ -4,14 +4,16 @@
+
+ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
+
++=for comment multiple includes
++
+ =head1 SYNOPSIS
+
#include <openssl/bio.h>
#include <openssl/evp.h>
- const BIO_METHOD * BIO_f_cipher(void);
+- void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
+- unsigned char *key, unsigned char *iv, int enc);
+ const BIO_METHOD *BIO_f_cipher(void);
- void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
-- unsigned char *key, unsigned char *iv, int enc);
++ void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
+ unsigned char *key, unsigned char *iv, int enc);
int BIO_get_cipher_status(BIO *b)
int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
-@@ -22,7 +22,7 @@ BIO that encrypts any data written through it, and decrypts any data
+@@ -22,7 +24,7 @@ BIO that encrypts any data written through it, and decrypts any data
read from it. It is a BIO wrapper for the cipher routines
EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
@@ -86594,7 +94291,7 @@
BIO_flush() on an encryption BIO that is being written through is
used to signal that no more data is to be encrypted: this is used
-@@ -67,10 +67,13 @@ for failure.
+@@ -67,10 +69,13 @@ for failure.
BIO_get_cipher_ctx() currently always returns 1.
@@ -86613,19 +94310,32 @@
-TBA
+=cut
diff --git a/doc/crypto/BIO_f_md.pod b/doc/crypto/BIO_f_md.pod
-index b0fe014..001f350 100644
+index b0fe0143bdd4..b2c1433d25b3 100644
--- a/doc/crypto/BIO_f_md.pod
+++ b/doc/crypto/BIO_f_md.pod
-@@ -9,7 +9,7 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
+@@ -4,15 +4,17 @@
+
+ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
+
++=for comment multiple includes
++
+ =head1 SYNOPSIS
+
#include <openssl/bio.h>
#include <openssl/evp.h>
- const BIO_METHOD * BIO_f_md(void);
-+ const BIO_METHOD * BIO_f_md(void);
- int BIO_set_md(BIO *b,EVP_MD *md);
- int BIO_get_md(BIO *b,EVP_MD **mdp);
- int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
-@@ -103,7 +103,7 @@ The next example digests data by reading through a chain instead:
+- int BIO_set_md(BIO *b,EVP_MD *md);
+- int BIO_get_md(BIO *b,EVP_MD **mdp);
+- int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
++ const BIO_METHOD *BIO_f_md(void);
++ int BIO_set_md(BIO *b, EVP_MD *md);
++ int BIO_get_md(BIO *b, EVP_MD **mdp);
++ int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
+
+ =head1 DESCRIPTION
+
+@@ -103,7 +105,7 @@ checking has been omitted for clarity.
BIO_set_md(mdtmp, EVP_md5());
bio = BIO_push(mdtmp, bio);
do {
@@ -86634,7 +94344,7 @@
/* Might want to do something with the data here */
} while(rdlen > 0);
-@@ -114,17 +114,17 @@ outputs them. This could be used with the examples above.
+@@ -114,17 +116,17 @@ outputs them. This could be used with the examples above.
unsigned char mdbuf[EVP_MAX_MD_SIZE];
int mdlen;
int i;
@@ -86660,7 +94370,7 @@
} while(mdtmp);
BIO_free_all(bio);
-@@ -142,8 +142,13 @@ separate BIO_ctrl() call.
+@@ -142,8 +144,13 @@ separate BIO_ctrl() call.
Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the
BIO was initialized first.
@@ -86677,7 +94387,7 @@
=cut
diff --git a/doc/crypto/BIO_f_null.pod b/doc/crypto/BIO_f_null.pod
-index 6ee8491..c4e4c66 100644
+index 6ee84915e102..c4e4c667c1d4 100644
--- a/doc/crypto/BIO_f_null.pod
+++ b/doc/crypto/BIO_f_null.pod
@@ -8,7 +8,7 @@ BIO_f_null - null filter
@@ -86706,11 +94416,20 @@
+
+=cut
diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod
-index 46eecd1..9ebd4d1 100644
+index 46eecd11e22d..4c9da6a2cadf 100644
--- a/doc/crypto/BIO_f_ssl.pod
+++ b/doc/crypto/BIO_f_ssl.pod
-@@ -14,15 +14,15 @@ BIO_ssl_shutdown - SSL BIO
+@@ -7,6 +7,8 @@ BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
+ BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
+ BIO_ssl_shutdown - SSL BIO
++=for comment multiple includes
++
+ =head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+@@ -14,15 +16,15 @@ BIO_ssl_shutdown - SSL BIO
+
const BIO_METHOD *BIO_f_ssl(void);
- #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
@@ -86731,7 +94450,7 @@
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-@@ -30,13 +30,13 @@ BIO_ssl_shutdown - SSL BIO
+@@ -30,13 +32,13 @@ BIO_ssl_shutdown - SSL BIO
int BIO_ssl_copy_session_id(BIO *to,BIO *from);
void BIO_ssl_shutdown(BIO *bio);
@@ -86747,7 +94466,7 @@
I/O performed on an SSL BIO communicates using the SSL protocol with
the SSLs read and write BIOs. If an SSL connection is not established
-@@ -63,7 +63,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
+@@ -63,7 +65,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
is 1 client mode is set. If B<client> is 0 server mode is set.
BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
@@ -86756,7 +94475,7 @@
the SSL session is automatically renegotiated. B<num> must be at
least 512 bytes.
-@@ -84,7 +84,7 @@ BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
+@@ -84,7 +86,7 @@ BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
BIO.
@@ -86765,7 +94484,7 @@
BIO chains B<from> and B<to>. It does this by locating the
SSL BIOs in each chain and calling SSL_copy_session_id() on
the internal SSL pointer.
-@@ -124,10 +124,6 @@ Applications do not have to call BIO_do_handshake() but may wish
+@@ -124,10 +126,6 @@ Applications do not have to call BIO_do_handshake() but may wish
to do so to separate the handshake process from other I/O
processing.
@@ -86776,7 +94495,7 @@
=head1 EXAMPLE
This SSL/TLS client example, attempts to retrieve a page from an
-@@ -140,54 +136,48 @@ unencrypted example in L<BIO_s_connect(3)>.
+@@ -140,54 +138,48 @@ unencrypted example in L<BIO_s_connect(3)>.
SSL_CTX *ctx;
SSL *ssl;
@@ -86824,18 +94543,19 @@
+ fprintf(stderr, "Error connecting to server\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
- }
--
-- if(BIO_do_handshake(sbio) <= 0) {
-- fprintf(stderr, "Error establishing SSL connection\n");
-- ERR_print_errors_fp(stderr);
-- /* whatever ... */
++ }
+ if (BIO_do_handshake(sbio) <= 0) {
+ fprintf(stderr, "Error establishing SSL connection\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
}
+- if(BIO_do_handshake(sbio) <= 0) {
+- fprintf(stderr, "Error establishing SSL connection\n");
+- ERR_print_errors_fp(stderr);
+- /* whatever ... */
+- }
+-
- /* Could examine ssl here to get connection info */
+ /* XXX Could examine ssl here to get connection info */
@@ -86852,7 +94572,7 @@
}
BIO_free_all(sbio);
BIO_free(out);
-@@ -203,102 +193,83 @@ a client and also echoes the request to standard output.
+@@ -203,102 +195,83 @@ a client and also echoes the request to standard output.
SSL_CTX *ctx;
SSL *ssl;
@@ -86995,24 +94715,24 @@
BIO_free_all(sbio);
=head1 BUGS
-@@ -310,6 +281,13 @@ explicitly being popped (e.g. a pop higher up the chain). Applications which
+@@ -310,6 +283,13 @@ explicitly being popped (e.g. a pop higher up the chain). Applications which
included workarounds for this bug (e.g. freeing BIOs more than once) should
be modified to handle this fix or they may free up an already freed BIO.
-=head1 SEE ALSO
+=head1 COPYRIGHT
-+
+
+-TBA
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-
--TBA
++
+=cut
diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod
-index 6e65668..c502983 100644
+index 6e65668b4c45..c5029837b01a 100644
--- a/doc/crypto/BIO_find_type.pod
+++ b/doc/crypto/BIO_find_type.pod
@@ -8,35 +8,35 @@ BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
@@ -87021,13 +94741,19 @@
- BIO * BIO_find_type(BIO *b,int bio_type);
- BIO * BIO_next(BIO *b);
--
++ BIO * BIO_find_type(BIO *b,int bio_type);
++ BIO * BIO_next(BIO *b);
+
- #define BIO_method_type(b) ((b)->method->type)
--
++ #define BIO_method_type(b) ((b)->method->type)
+
- #define BIO_TYPE_NONE 0
- #define BIO_TYPE_MEM (1|0x0400)
- #define BIO_TYPE_FILE (2|0x0400)
--
++ #define BIO_TYPE_NONE 0
++ #define BIO_TYPE_MEM (1|0x0400)
++ #define BIO_TYPE_FILE (2|0x0400)
+
- #define BIO_TYPE_FD (4|0x0400|0x0100)
- #define BIO_TYPE_SOCKET (5|0x0400|0x0100)
- #define BIO_TYPE_NULL (6|0x0400)
@@ -87044,19 +94770,6 @@
- #define BIO_TYPE_NULL_FILTER (17|0x0200)
- #define BIO_TYPE_BER (18|0x0200)
- #define BIO_TYPE_BIO (19|0x0400)
--
-- #define BIO_TYPE_DESCRIPTOR 0x0100
-- #define BIO_TYPE_FILTER 0x0200
-- #define BIO_TYPE_SOURCE_SINK 0x0400
-+ BIO * BIO_find_type(BIO *b,int bio_type);
-+ BIO * BIO_next(BIO *b);
-+
-+ #define BIO_method_type(b) ((b)->method->type)
-+
-+ #define BIO_TYPE_NONE 0
-+ #define BIO_TYPE_MEM (1|0x0400)
-+ #define BIO_TYPE_FILE (2|0x0400)
-+
+ #define BIO_TYPE_FD (4|0x0400|0x0100)
+ #define BIO_TYPE_SOCKET (5|0x0400|0x0100)
+ #define BIO_TYPE_NULL (6|0x0400)
@@ -87073,7 +94786,10 @@
+ #define BIO_TYPE_NULL_FILTER (17|0x0200)
+ #define BIO_TYPE_BER (18|0x0200)
+ #define BIO_TYPE_BIO (19|0x0400)
-+
+
+- #define BIO_TYPE_DESCRIPTOR 0x0100
+- #define BIO_TYPE_FILTER 0x0200
+- #define BIO_TYPE_SOURCE_SINK 0x0400
+ #define BIO_TYPE_DESCRIPTOR 0x0100
+ #define BIO_TYPE_FILTER 0x0200
+ #define BIO_TYPE_SOURCE_SINK 0x0400
@@ -87115,7 +94831,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_get_data.pod b/doc/crypto/BIO_get_data.pod
-index 73f8ea5..14f21fa 100644
+index 73f8ea56e5df..14f21fa720e1 100644
--- a/doc/crypto/BIO_get_data.pod
+++ b/doc/crypto/BIO_get_data.pod
@@ -53,4 +53,13 @@ L<bio>, L<BIO_meth_new>
@@ -87133,10 +94849,10 @@
+
=cut
diff --git a/doc/crypto/BIO_get_ex_new_index.pod b/doc/crypto/BIO_get_ex_new_index.pod
-index 4824b5d..21e5bb7 100644
+index 4824b5d9a0c7..21e5bb76abab 100644
--- a/doc/crypto/BIO_get_ex_new_index.pod
+++ b/doc/crypto/BIO_get_ex_new_index.pod
-@@ -23,9 +23,9 @@ crypto structures:
+@@ -23,9 +23,9 @@ The synopsis below is for the X509 structure, but is the same for all
#include <openssl/x509.h>
int X509_get_ex_new_index(long argl, void *argp,
@@ -87164,7 +94880,7 @@
+
=cut
diff --git a/doc/crypto/BIO_meth_new.pod b/doc/crypto/BIO_meth_new.pod
-index de6ce66..2c2db6f 100644
+index de6ce6628ed5..2c2db6f57802 100644
--- a/doc/crypto/BIO_meth_new.pod
+++ b/doc/crypto/BIO_meth_new.pod
@@ -75,7 +75,7 @@ called in response to the application calling BIO_puts(). The parameters for
@@ -87200,7 +94916,7 @@
+
=cut
diff --git a/doc/crypto/BIO_new.pod b/doc/crypto/BIO_new.pod
-index 4c9299b..ca8bb7e 100644
+index 4c9299bb3c1a..8e42e650a21e 100644
--- a/doc/crypto/BIO_new.pod
+++ b/doc/crypto/BIO_new.pod
@@ -8,12 +8,12 @@ BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation
@@ -87222,8 +94938,30 @@
=head1 DESCRIPTION
-@@ -66,6 +66,13 @@ Create a memory BIO:
+@@ -45,27 +45,25 @@ BIO_free_all() and BIO_vfree() do not return values.
+ =head1 NOTES
+
+-Some BIOs (such as memory BIOs) can be used immediately after calling
+-BIO_new(). Others (such as file BIOs) need some additional initialization,
+-and frequently a utility function exists to create and initialize such BIOs.
+-
+ If BIO_free() is called on a BIO chain it will only free one BIO resulting
+ in a memory leak.
+
+-Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
++Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free()
+ on it other than the discarded return value.
+
+-Normally the B<type> argument is supplied by a function which returns a
+-pointer to a BIO_METHOD. There is a naming convention for such functions:
+-a source/sink BIO is normally called BIO_s_*() and a filter BIO
+-BIO_f_*();
+-
+ =head1 EXAMPLE
+
+ Create a memory BIO:
+
BIO *mem = BIO_new(BIO_s_mem());
-=head1 SEE ALSO
@@ -87239,7 +94977,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_new_CMS.pod b/doc/crypto/BIO_new_CMS.pod
-index 0069b8d..b06c224 100644
+index 0069b8d7f0cf..b06c224f7180 100644
--- a/doc/crypto/BIO_new_CMS.pod
+++ b/doc/crypto/BIO_new_CMS.pod
@@ -2,7 +2,7 @@
@@ -87266,7 +95004,7 @@
+
=cut
diff --git a/doc/crypto/BIO_parse_hostserv.pod b/doc/crypto/BIO_parse_hostserv.pod
-index df73ea7..4ee4f46 100644
+index df73ea72c767..4ee4f46a8460 100644
--- a/doc/crypto/BIO_parse_hostserv.pod
+++ b/doc/crypto/BIO_parse_hostserv.pod
@@ -42,26 +42,32 @@ The service part can be a service name or its port number.
@@ -87311,9 +95049,18 @@
+
+=cut
diff --git a/doc/crypto/BIO_push.pod b/doc/crypto/BIO_push.pod
-index 1523e5b..86e2e11 100644
+index 1523e5b6958b..cb19c0b3bab3 100644
--- a/doc/crypto/BIO_push.pod
+++ b/doc/crypto/BIO_push.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain.
++BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain
+
+ =head1 SYNOPSIS
+
@@ -77,4 +77,13 @@ L<bio>
The BIO_set_next() function was added in OpenSSL version 1.1.0.
@@ -87329,7 +95076,7 @@
+
=cut
diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod
-index 90b1c75..45871c1 100644
+index 90b1c7520ffe..45871c1be975 100644
--- a/doc/crypto/BIO_read.pod
+++ b/doc/crypto/BIO_read.pod
@@ -8,10 +8,10 @@ BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
@@ -87363,7 +95110,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod
-index 88877e4..ad7bfaa 100644
+index 88877e4d272b..ad7bfaac4b08 100644
--- a/doc/crypto/BIO_s_accept.pod
+++ b/doc/crypto/BIO_s_accept.pod
@@ -23,9 +23,9 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO
@@ -87449,18 +95196,18 @@
-=head1 SEE ALSO
+=head1 COPYRIGHT
-+
+
+-TBA
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-
--TBA
++
+=cut
diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod
-index 438b5dd..fb66197 100644
+index 438b5dd8f3a5..fb661979d8eb 100644
--- a/doc/crypto/BIO_s_bio.pod
+++ b/doc/crypto/BIO_s_bio.pod
@@ -2,7 +2,7 @@
@@ -87515,7 +95262,7 @@
+
=cut
diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod
-index 4c246e0..d97d589 100644
+index 4c246e0be3e7..d97d5899a521 100644
--- a/doc/crypto/BIO_s_connect.pod
+++ b/doc/crypto/BIO_s_connect.pod
@@ -81,7 +81,7 @@ This return value is an internal pointer which should not be modified.
@@ -87570,7 +95317,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod
-index e9ebdbf..8002ad7 100644
+index e9ebdbf062b0..8002ad7754f3 100644
--- a/doc/crypto/BIO_s_fd.pod
+++ b/doc/crypto/BIO_s_fd.pod
@@ -8,10 +8,10 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
@@ -87612,7 +95359,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_s_file.pod b/doc/crypto/BIO_s_file.pod
-index 5ba0d34..5eb564d 100644
+index 5ba0d34dd4d4..5eb564d8eb50 100644
--- a/doc/crypto/BIO_s_file.pod
+++ b/doc/crypto/BIO_s_file.pod
@@ -10,7 +10,7 @@ BIO_rw_filename - FILE bio
@@ -87640,7 +95387,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod
-index 84abb29..56d10bd 100644
+index 84abb29823ca..56d10bd8dd08 100644
--- a/doc/crypto/BIO_s_mem.pod
+++ b/doc/crypto/BIO_s_mem.pod
@@ -9,8 +9,8 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
@@ -87681,7 +95428,7 @@
Create a read only memory BIO:
-@@ -110,8 +110,14 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
+@@ -110,8 +110,14 @@ There should be an option to set the maximum size of a memory BIO.
BIO_get_mem_ptr(mem, &bptr);
BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
BIO_free(mem);
@@ -87700,7 +95447,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_s_null.pod b/doc/crypto/BIO_s_null.pod
-index 00905ec..5a1d84d 100644
+index 00905ecbea63..5a1d84dd2cfb 100644
--- a/doc/crypto/BIO_s_null.pod
+++ b/doc/crypto/BIO_s_null.pod
@@ -8,7 +8,7 @@ BIO_s_null - null data sink
@@ -87729,7 +95476,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_s_socket.pod b/doc/crypto/BIO_s_socket.pod
-index 13efb50..88aaa88 100644
+index 13efb50edcc4..88aaa88c496e 100644
--- a/doc/crypto/BIO_s_socket.pod
+++ b/doc/crypto/BIO_s_socket.pod
@@ -58,6 +58,13 @@ initialized.
@@ -87749,7 +95496,7 @@
+
+=cut
diff --git a/doc/crypto/BIO_set_callback.pod b/doc/crypto/BIO_set_callback.pod
-index 4759556..219a6dd 100644
+index 47595562457b..219a6dd3ebda 100644
--- a/doc/crypto/BIO_set_callback.pod
+++ b/doc/crypto/BIO_set_callback.pod
@@ -9,16 +9,16 @@ BIO_debug_callback - BIO callback functions
@@ -87792,9 +95539,18 @@
+
+=cut
diff --git a/doc/crypto/BIO_should_retry.pod b/doc/crypto/BIO_should_retry.pod
-index f5b47b3..162e768 100644
+index f5b47b37b4b8..fc728ff9f27e 100644
--- a/doc/crypto/BIO_should_retry.pod
+++ b/doc/crypto/BIO_should_retry.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-BIO_should_retry, BIO_should_read, BIO_should_write,
++BIO_should_read, BIO_should_write,
+ BIO_should_io_special, BIO_retry_type, BIO_should_retry,
+ BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry
+ functions
@@ -11,17 +11,17 @@ functions
#include <openssl/bio.h>
@@ -87804,16 +95560,15 @@
- #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
- #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
- #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
--
-- #define BIO_FLAGS_READ 0x01
-- #define BIO_FLAGS_WRITE 0x02
-- #define BIO_FLAGS_IO_SPECIAL 0x04
+ #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
+ #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
+ #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
+ #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
+ #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
-+
+
+- #define BIO_FLAGS_READ 0x01
+- #define BIO_FLAGS_WRITE 0x02
+- #define BIO_FLAGS_IO_SPECIAL 0x04
+ #define BIO_FLAGS_READ 0x01
+ #define BIO_FLAGS_WRITE 0x02
+ #define BIO_FLAGS_IO_SPECIAL 0x04
@@ -87856,10 +95611,10 @@
+
=cut
diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod
-index f539ae6..3162f18 100644
+index f539ae6c0297..754bcf3c3abe 100644
--- a/doc/crypto/BN_BLINDING_new.pod
+++ b/doc/crypto/BN_BLINDING_new.pod
-@@ -2,8 +2,8 @@
+@@ -2,26 +2,26 @@
=head1 NAME
@@ -87869,8 +95624,11 @@
+BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread,
BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags,
- BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions.
-@@ -13,15 +13,15 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
+-BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions.
++BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions
+
+ =head1 SYNOPSIS
+
#include <openssl/bn.h>
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
@@ -87928,7 +95686,7 @@
+
=cut
diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod
-index df432c7..f2edd49 100644
+index df432c77cbcd..f2edd49a9770 100644
--- a/doc/crypto/BN_CTX_new.pod
+++ b/doc/crypto/BN_CTX_new.pod
@@ -64,4 +64,13 @@ L<BN_CTX_start(3)>
@@ -87946,7 +95704,7 @@
+
=cut
diff --git a/doc/crypto/BN_CTX_start.pod b/doc/crypto/BN_CTX_start.pod
-index 2e23be2..372da50 100644
+index 2e23be27a7af..372da506d9d3 100644
--- a/doc/crypto/BN_CTX_start.pod
+++ b/doc/crypto/BN_CTX_start.pod
@@ -45,4 +45,13 @@ can be obtained by L<ERR_get_error(3)>.
@@ -87964,7 +95722,7 @@
+
=cut
diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod
-index 3ad2274..72cc09f 100644
+index 3ad227458da8..72cc09f67aea 100644
--- a/doc/crypto/BN_add.pod
+++ b/doc/crypto/BN_add.pod
@@ -115,4 +115,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
@@ -87982,7 +95740,7 @@
+
=cut
diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod
-index 1bbe31b..35bdcf4 100644
+index 1bbe31b0ceb0..35bdcf45c6eb 100644
--- a/doc/crypto/BN_add_word.pod
+++ b/doc/crypto/BN_add_word.pod
@@ -49,4 +49,13 @@ B<(BN_ULONG)-1> if an error occurred.
@@ -88000,7 +95758,7 @@
+
=cut
diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
-index cbd5d34..8098fd9 100644
+index cbd5d340e1a3..8098fd9df586 100644
--- a/doc/crypto/BN_bn2bin.pod
+++ b/doc/crypto/BN_bn2bin.pod
@@ -51,11 +51,12 @@ hexadecimal and decimal encoding of B<a> respectively. For negative
@@ -88048,7 +95806,7 @@
+
=cut
diff --git a/doc/crypto/BN_cmp.pod b/doc/crypto/BN_cmp.pod
-index 6c33314..ec00571 100644
+index 6c3331476646..ec005718a1c4 100644
--- a/doc/crypto/BN_cmp.pod
+++ b/doc/crypto/BN_cmp.pod
@@ -39,4 +39,13 @@ the condition is true, 0 otherwise.
@@ -88066,7 +95824,7 @@
+
=cut
diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod
-index 0a00884..b044b98 100644
+index 0a00884ff051..b044b98a0bbd 100644
--- a/doc/crypto/BN_copy.pod
+++ b/doc/crypto/BN_copy.pod
@@ -57,4 +57,13 @@ by L<ERR_get_error(3)>.
@@ -88084,10 +95842,10 @@
+
=cut
diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod
-index 8ea3d0b..2757448 100644
+index 8ea3d0bf3cff..2757448c6a70 100644
--- a/doc/crypto/BN_generate_prime.pod
+++ b/doc/crypto/BN_generate_prime.pod
-@@ -39,7 +39,7 @@ Deprecated:
+@@ -39,7 +39,7 @@ for primality
BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
@@ -88111,7 +95869,7 @@
+
=cut
diff --git a/doc/crypto/BN_mod_inverse.pod b/doc/crypto/BN_mod_inverse.pod
-index e54bccf..b4792ad 100644
+index e54bccf5fe65..b4792add8273 100644
--- a/doc/crypto/BN_mod_inverse.pod
+++ b/doc/crypto/BN_mod_inverse.pod
@@ -29,4 +29,13 @@ NULL on error. The error codes can be obtained by L<ERR_get_error(3)>.
@@ -88129,7 +95887,7 @@
+
=cut
diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod
-index b4a09a2..152185f 100644
+index b4a09a26d864..152185f6f24b 100644
--- a/doc/crypto/BN_mod_mul_montgomery.pod
+++ b/doc/crypto/BN_mod_mul_montgomery.pod
@@ -98,4 +98,13 @@ L<BN_CTX_new(3)>
@@ -88147,7 +95905,7 @@
+
=cut
diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod
-index f03feb2..86fb486 100644
+index f03feb2d9635..86fb4863859a 100644
--- a/doc/crypto/BN_mod_mul_reciprocal.pod
+++ b/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -85,4 +85,13 @@ L<BN_CTX_new(3)>
@@ -88165,7 +95923,7 @@
+
=cut
diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod
-index 22596dc..ab7c4e5 100644
+index 22596dcbb367..ab7c4e5ae463 100644
--- a/doc/crypto/BN_new.pod
+++ b/doc/crypto/BN_new.pod
@@ -45,4 +45,13 @@ L<bn(3)>, L<ERR_get_error(3)>
@@ -88183,7 +95941,7 @@
+
=cut
diff --git a/doc/crypto/BN_num_bytes.pod b/doc/crypto/BN_num_bytes.pod
-index 30ee3e5..4680cf7 100644
+index 30ee3e54c781..4680cf7a71e4 100644
--- a/doc/crypto/BN_num_bytes.pod
+++ b/doc/crypto/BN_num_bytes.pod
@@ -49,4 +49,13 @@ more probability).
@@ -88201,7 +95959,7 @@
+
=cut
diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod
-index c4f98b6..c612c50 100644
+index c4f98b69cabd..c612c50a8109 100644
--- a/doc/crypto/BN_rand.pod
+++ b/doc/crypto/BN_rand.pod
@@ -49,4 +49,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
@@ -88219,7 +95977,7 @@
+
=cut
diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod
-index 13bf231..363227a 100644
+index 13bf231cecce..363227ade360 100644
--- a/doc/crypto/BN_set_bit.pod
+++ b/doc/crypto/BN_set_bit.pod
@@ -57,4 +57,13 @@ can be obtained by L<ERR_get_error(3)>.
@@ -88237,7 +95995,7 @@
+
=cut
diff --git a/doc/crypto/BN_swap.pod b/doc/crypto/BN_swap.pod
-index 04582e9..fe7cc84 100644
+index 04582e9fa0f7..fe7cc8482b98 100644
--- a/doc/crypto/BN_swap.pod
+++ b/doc/crypto/BN_swap.pod
@@ -16,4 +16,13 @@ BN_swap() exchanges the values of I<a> and I<b>.
@@ -88255,7 +96013,7 @@
+
=cut
diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod
-index 5334aaa..17e63cf 100644
+index 5334aaa41a00..17e63cf7a954 100644
--- a/doc/crypto/BN_zero.pod
+++ b/doc/crypto/BN_zero.pod
@@ -55,4 +55,13 @@ unsigned long but this value is also returned on error.
@@ -88272,8 +96030,82 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/BUF_MEM_new.pod b/doc/crypto/BUF_MEM_new.pod
+new file mode 100644
+index 000000000000..16fe3daa844c
+--- /dev/null
++++ b/doc/crypto/BUF_MEM_new.pod
+@@ -0,0 +1,68 @@
++=pod
++
++=head1 NAME
++
++BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
++character array structure
++
++standard C library equivalents
++
++=head1 SYNOPSIS
++
++ #include <openssl/buffer.h>
++
++ BUF_MEM *BUF_MEM_new(void);
++
++ #define BUF_MEM_FLAG_SECURE
++
++ BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
++
++ void BUF_MEM_free(BUF_MEM *a);
++
++ int BUF_MEM_grow(BUF_MEM *str, int len);
++
++=head1 DESCRIPTION
++
++The buffer library handles simple character arrays. Buffers are used for
++various purposes in the library, most notably memory BIOs.
++
++BUF_MEM_new() allocates a new buffer of zero size.
++
++BUF_MEM_new_ex() allocates a buffer with the specified flags.
++The flag B<BUF_MEM_FLAG_SECURE> specifies that the B<data> pointer
++should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
++
++BUF_MEM_free() frees up an already existing buffer. The data is zeroed
++before freeing up in case the buffer contains sensitive data.
++
++BUF_MEM_grow() changes the size of an already existing buffer to
++B<len>. Any data already in the buffer is preserved if it increases in
++size.
++
++=head1 RETURN VALUES
++
++BUF_MEM_new() returns the buffer or NULL on error.
++
++BUF_MEM_free() has no return value.
++
++BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
++
++=head1 SEE ALSO
++
++L<bio(3)>,
++L<CRYPTO_secure_malloc(3)>.
++
++=head1 HISTORY
++
++BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/CMS_add0_cert.pod b/doc/crypto/CMS_add0_cert.pod
-index dc2cf46..5b0cc2a 100644
+index dc2cf46837ef..5b0cc2a25ca1 100644
--- a/doc/crypto/CMS_add0_cert.pod
+++ b/doc/crypto/CMS_add0_cert.pod
@@ -20,7 +20,7 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
@@ -88309,7 +96141,7 @@
+
=cut
diff --git a/doc/crypto/CMS_add1_recipient_cert.pod b/doc/crypto/CMS_add1_recipient_cert.pod
-index 4efe086..0dae5cf 100644
+index 4efe086b9e33..0dae5cf5fa9f 100644
--- a/doc/crypto/CMS_add1_recipient_cert.pod
+++ b/doc/crypto/CMS_add1_recipient_cert.pod
@@ -2,7 +2,7 @@
@@ -88336,7 +96168,7 @@
+
=cut
diff --git a/doc/crypto/CMS_add1_signer.pod b/doc/crypto/CMS_add1_signer.pod
-index 0f43ea7..458e5e2 100644
+index 0f43ea7230a2..f4738e0637ca 100644
--- a/doc/crypto/CMS_add1_signer.pod
+++ b/doc/crypto/CMS_add1_signer.pod
@@ -2,7 +2,7 @@
@@ -88344,7 +96176,7 @@
=head1 NAME
- CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
-+CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
++CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure
=head1 SYNOPSIS
@@ -88381,7 +96213,7 @@
+
=cut
diff --git a/doc/crypto/CMS_compress.pod b/doc/crypto/CMS_compress.pod
-index e2ead0e..e405108 100644
+index e2ead0e51bbd..e40510831fce 100644
--- a/doc/crypto/CMS_compress.pod
+++ b/doc/crypto/CMS_compress.pod
@@ -69,4 +69,13 @@ L<ERR_get_error(3)>, L<CMS_uncompress(3)>
@@ -88399,7 +96231,7 @@
+
=cut
diff --git a/doc/crypto/CMS_decrypt.pod b/doc/crypto/CMS_decrypt.pod
-index 4b1e97e..b3b196c 100644
+index 4b1e97e8fdba..b3b196c39062 100644
--- a/doc/crypto/CMS_decrypt.pod
+++ b/doc/crypto/CMS_decrypt.pod
@@ -2,7 +2,7 @@
@@ -88426,7 +96258,7 @@
+
=cut
diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod
-index b58b0fc..0ed4262 100644
+index b58b0fcc4ca2..0ed42628c3cf 100644
--- a/doc/crypto/CMS_encrypt.pod
+++ b/doc/crypto/CMS_encrypt.pod
@@ -2,7 +2,7 @@
@@ -88462,7 +96294,7 @@
+
=cut
diff --git a/doc/crypto/CMS_final.pod b/doc/crypto/CMS_final.pod
-index c0f4ef9..264fe7b 100644
+index c0f4ef9df21e..264fe7bc3b1a 100644
--- a/doc/crypto/CMS_final.pod
+++ b/doc/crypto/CMS_final.pod
@@ -2,7 +2,7 @@
@@ -88498,7 +96330,7 @@
+
=cut
diff --git a/doc/crypto/CMS_get0_RecipientInfos.pod b/doc/crypto/CMS_get0_RecipientInfos.pod
-index 93bebb7..9f0b4eb 100644
+index 93bebb7fdab2..9f0b4ebe3a81 100644
--- a/doc/crypto/CMS_get0_RecipientInfos.pod
+++ b/doc/crypto/CMS_get0_RecipientInfos.pod
@@ -34,7 +34,7 @@ CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
@@ -88525,9 +96357,18 @@
+
=cut
diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod
-index e636532..5792386 100644
+index e6365321f17d..303e8754e2aa 100644
--- a/doc/crypto/CMS_get0_SignerInfos.pod
+++ b/doc/crypto/CMS_get0_SignerInfos.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions.
++CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions
+
+ =head1 SYNOPSIS
+
@@ -25,7 +25,7 @@ associated with a specific CMS_SignerInfo structure B<si>. Either the
keyidentifier will be set in B<keyid> or B<both> issuer name and serial number
in B<issuer> and B<sno>.
@@ -88552,7 +96393,7 @@
+
=cut
diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod
-index 80fc303..06b0655 100644
+index 80fc303dead6..06b06551be0b 100644
--- a/doc/crypto/CMS_get0_type.pod
+++ b/doc/crypto/CMS_get0_type.pod
@@ -2,7 +2,7 @@
@@ -88579,7 +96420,7 @@
+
=cut
diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod
-index 81206eb..f27f1a4 100644
+index 81206eb6d75b..79f5f4232dd1 100644
--- a/doc/crypto/CMS_get1_ReceiptRequest.pod
+++ b/doc/crypto/CMS_get1_ReceiptRequest.pod
@@ -2,7 +2,7 @@
@@ -88587,7 +96428,7 @@
=head1 NAME
- CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
-+CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
++CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions
=head1 SYNOPSIS
@@ -88615,7 +96456,7 @@
+
=cut
diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod
-index 39229fd..396deef 100644
+index 39229fd5b15f..396deef7728b 100644
--- a/doc/crypto/CMS_sign.pod
+++ b/doc/crypto/CMS_sign.pod
@@ -2,7 +2,7 @@
@@ -88651,7 +96492,7 @@
+
=cut
diff --git a/doc/crypto/CMS_sign_receipt.pod b/doc/crypto/CMS_sign_receipt.pod
-index 99a0b14..8ea6df1 100644
+index 99a0b14c2f45..8ea6df1fbca3 100644
--- a/doc/crypto/CMS_sign_receipt.pod
+++ b/doc/crypto/CMS_sign_receipt.pod
@@ -2,7 +2,7 @@
@@ -88678,7 +96519,7 @@
+
=cut
diff --git a/doc/crypto/CMS_uncompress.pod b/doc/crypto/CMS_uncompress.pod
-index 44512a4..80f9c0d 100644
+index 44512a485350..80f9c0d168bf 100644
--- a/doc/crypto/CMS_uncompress.pod
+++ b/doc/crypto/CMS_uncompress.pod
@@ -2,7 +2,7 @@
@@ -88705,7 +96546,7 @@
+
=cut
diff --git a/doc/crypto/CMS_verify.pod b/doc/crypto/CMS_verify.pod
-index d4baffe..c2ff57b 100644
+index d4baffe33b7f..c2ff57bcf20a 100644
--- a/doc/crypto/CMS_verify.pod
+++ b/doc/crypto/CMS_verify.pod
@@ -67,7 +67,7 @@ returned.
@@ -88749,7 +96590,7 @@
+
=cut
diff --git a/doc/crypto/CMS_verify_receipt.pod b/doc/crypto/CMS_verify_receipt.pod
-index 15ec54c..193241c 100644
+index 15ec54c2d2a7..193241c620d2 100644
--- a/doc/crypto/CMS_verify_receipt.pod
+++ b/doc/crypto/CMS_verify_receipt.pod
@@ -2,7 +2,7 @@
@@ -88785,7 +96626,7 @@
+
=cut
diff --git a/doc/crypto/CONF_modules_free.pod b/doc/crypto/CONF_modules_free.pod
-index 4a8580c..ac59f37 100644
+index 4a8580c40b26..ac59f3736aef 100644
--- a/doc/crypto/CONF_modules_free.pod
+++ b/doc/crypto/CONF_modules_free.pod
@@ -2,8 +2,8 @@
@@ -88814,7 +96655,7 @@
+
=cut
diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod
-index 84f7184..9e4071f 100644
+index 84f7184c7a5b..9e4071f2b31e 100644
--- a/doc/crypto/CONF_modules_load_file.pod
+++ b/doc/crypto/CONF_modules_load_file.pod
@@ -2,16 +2,16 @@
@@ -88851,8 +96692,164 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/CRYPTO_THREAD_run_once.pod b/doc/crypto/CRYPTO_THREAD_run_once.pod
+new file mode 100644
+index 000000000000..37671b90ebe5
+--- /dev/null
++++ b/doc/crypto/CRYPTO_THREAD_run_once.pod
+@@ -0,0 +1,150 @@
++=pod
++
++=head1 NAME
++
++CRYPTO_THREAD_run_once,
++CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
++CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support
++
++=head1 SYNOPSIS
++
++ #include <openssl/crypto.h>
++
++ CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
++ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
++
++ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
++ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
++ int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
++ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
++ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
++
++ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
++
++=head1 DESCRIPTION
++
++OpenSSL can be safely used in multi-threaded applications provided that
++support for the underlying OS threading API is built-in. Currently, OpenSSL
++supports the pthread and Windows APIs. OpenSSL can also be built without
++any multi-threading support, for example on platforms that don't provide
++any threading support or that provide a threading API that is not yet
++supported by OpenSSL.
++
++The following multi-threading function are provided:
++
++=over 4
++
++=item *
++CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
++The B<once> argument must be a pointer to a static object of type
++B<CRYPTO_ONCE> that was statically initialized to the value
++B<CRYPTO_ONCE_STATIC_INIT>.
++The B<init> argument is a pointer to a function that performs the desired
++exactly once initialization.
++In particular, this can be used to allocate locks in a thread-safe manner,
++which can then be used with the locking functions below.
++
++=item *
++CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
++lock.
++
++=item *
++CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
++
++=item *
++CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
++
++=item *
++CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
++
++=item *
++CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
++
++=item *
++CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
++result of the operation in B<ret>. B<lock> will be locked, unless atomic
++operations are supported on the specific platform. Because of this, if a
++variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must
++be the only way that the variable is modified.
++
++=back
++
++=head1 RETURN VALUES
++
++CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.
++
++CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
++
++CRYPTO_THREAD_lock_frees() returns no value.
++
++The other functions return 1 on success or 0 on error.
++
++=head1 EXAMPLE
++
++This example safely initializes and uses a lock.
++
++ #include <openssl/crypto.h>
++
++ static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
++ static CRYPTO_RWLOCK *lock;
++
++ static void myinit(void)
++ {
++ lock = CRYPTO_THREAD_lock_new();
++ }
++
++ static int mylock(void)
++ {
++ if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
++ return 0;
++ return CRYPTO_THREAD_write_lock(lock);
++ }
++
++ static int myunlock(void)
++ {
++ return CRYPTO_THREAD_unlock(lock);
++ }
++
++ int serialized(void)
++ {
++ int ret = 0;
++
++ if (mylock()) {
++ /* Your code here, do not return without releasing the lock! */
++ ret = ... ;
++ }
++ myunlock();
++ return ret;
++ }
++
++Finalization of locks is an advanced topic, not covered in this example.
++This can only be done at process exit or when a dynamically loaded library is
++no longer in use and is unloaded.
++The simplest solution is to just "leak" the lock in applications and not
++repeatedly load/unload shared libraries that allocate locks.
++
++=head1 NOTES
++
++You can find out if OpenSSL was configured with thread support:
++
++ #include <openssl/opensslconf.h>
++ #if defined(OPENSSL_THREADS)
++ // thread support enabled
++ #else
++ // no thread support
++ #endif
++
++=head1 SEE ALSO
++
++L<crypto(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/CRYPTO_get_ex_new_index.pod b/doc/crypto/CRYPTO_get_ex_new_index.pod
-index e87d1a3..f0e19b1 100644
+index e87d1a3dedf3..f0e19b1eb195 100644
--- a/doc/crypto/CRYPTO_get_ex_new_index.pod
+++ b/doc/crypto/CRYPTO_get_ex_new_index.pod
@@ -12,9 +12,9 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
@@ -88882,8 +96879,544 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/DEFINE_STACK_OF.pod b/doc/crypto/DEFINE_STACK_OF.pod
+new file mode 100644
+index 000000000000..d32fb2177a66
+--- /dev/null
++++ b/doc/crypto/DEFINE_STACK_OF.pod
+@@ -0,0 +1,214 @@
++=pod
++
++=head1 NAME
++
++DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF,
++sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_free,
++sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push,
++sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free,
++sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort,
++sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func -
++stack container
++
++=for comment generic
++
++=head1 SYNOPSIS
++
++ #include <openssl/safestack.h>
++
++ #define STACK_OF(TYPE)
++ #define DEFINE_STACK_OF
++ #define DEFINE_STACK_OF_CONST
++ #define DEFINE_SPECIAL_STACK_OF
++
++ typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
++ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
++ typedef void (*sk_TYPE_freefunc)(TYPE *a);
++
++ int sk_TYPE_num(const STACK_OF(TYPE) *sk);
++ TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
++ STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
++ STACK_OF(TYPE) *sk_TYPE_new_null(void);
++ void sk_TYPE_free(const STACK_OF(TYPE) *sk);
++ void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
++ TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
++ TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
++ int sk_TYPE_push(STACK_OF(TYPE) *sk, TYPE *ptr);
++ int sk_TYPE_unshift(STACK_OF(TYPE) *sk, TYPE *ptr);
++ TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
++ TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
++ void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
++ int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
++ TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, TYPE *ptr);
++ int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
++ int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
++ void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
++ int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
++ STACK_OF(TYPE) *sk_TYPE_dup(STACK_OF(TYPE) *sk);
++ STACK_OF(TYPE) *sk_TYPE_deep_copy(STACK_OF(TYPE) *sk,
++ sk_TYPE_copyfunc copyfunc,
++ sk_TYPE_freefunc freefunc);
++ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, sk_TYPE_compfunc compare);
++
++=head1 DESCRIPTION
++
++Applications can create and use their own stacks by placing any of the macros
++described below in a header file. In the description below, I<TYPE> is used
++as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
++
++DEFINE_STACK_OF(TYPE) creates set of functions for a stack of B<TYPE>. This
++will mean that type B<TYPE> is stored in each stack, the type is referenced by
++STACK_OF(TYPE) and each function name begins with I<sk_TYPE_>. For example:
++
++ TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
++
++DEFINE_STACK_OF_CONST(TYPE) is identical to DEFINE_STACK_OF(TYPE) except
++each element is constant. For example:
++
++ const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
++
++DEFINE_SPECIAL_STACK_OF(FUNCNAME, TYPE) defines a stack of B<TYPE> but
++each function uses B<FUNCNAME> in the function name. For example:
++
++ TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
++
++sk_TYPE_num() returns the number of elements in B<sk> or -1 if B<sk> is
++B<NULL>.
++
++sk_TYPE_value() returns element B<idx> in B<sk>, where B<idx> starts at
++zero. If B<idx> is out of range then B<NULL> is returned.
++
++sk_TYPE_new() allocates a new empty stack using comparison function B<compar>.
++If B<compar> is B<NULL> then no comparison function is used.
++
++sk_TYPE_new_null() allocates a new empty stack with no comparison function.
++
++sk_TYPE_set_cmp_func() sets the comparison function of B<sk> to B<compar>.
++The previous comparison function is returned or B<NULL> if there was
++no previous comparison function.
++
++sk_TYPE_free() frees up the B<sk> structure. It does B<not> free up any
++elements of B<sk>. After this call B<sk> is no longer valid.
++
++sk_TYPE_zero() sets the number of elements in B<sk> to zero. It does not free
++B<sk> so after this call B<sk> is still valid.
++
++sk_TYPE_pop_free() frees up all elements of B<sk> and B<sk> itself. The
++free function freefunc() is called on each element to free it.
++
++sk_TYPE_delete() deletes element B<i> from B<sk>. It returns the deleted
++element or B<NULL> if B<i> is out of range.
++
++sk_TYPE_delete_ptr() deletes element matching B<ptr> from B<sk>. It returns
++the deleted element or B<NULL> if no element matching B<ptr> was found.
++
++sk_TYPE_insert() inserts B<ptr> into B<sk> at position B<idx>. Any existing
++elements at or after B<idx> are moved downwards. If B<idx> is out of range
++the new element is appended to B<sk>. sk_TYPE_insert() either returns the
++number of elements in B<sk> after the new element is inserted or zero if
++an error (such as memory allocation failure) occurred.
++
++sk_TYPE_push() appends B<ptr> to B<sk> it is equivalent to:
++
++ sk_TYPE_insert(sk, ptr, -1);
++
++sk_TYPE_unshift() inserts B<ptr> at the start of B<sk> it is equivalent to:
++
++ sk_TYPE_insert(sk, ptr, 0);
++
++sk_TYPE_pop() returns and removes the last element from B<sk>.
++
++sk_TYPE_shift() returns and removes the first element from B<sk>.
++
++sk_TYPE_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
++element. The new element value is returned or B<NULL> if an error occurred:
++this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
++
++sk_TYPE_find() and sk_TYPE_find_ex() search B<sk> using the supplied
++comparison function for an element matching B<ptr>. sk_TYPE_find() returns
++the index of the first matching element or B<-1> if there is no match.
++sk_TYPE_find_ex() returns a matching element or the nearest element that
++does not match B<ptr>. Note: if a comparison function is set then B<sk> is
++sorted before the search which may change its order. If no comparison
++function is set then a linear search is made for a pointer matching B<ptr>
++and the stack is not reordered.
++
++sk_TYPE_sort() sorts B<sk> using the supplied comparison function.
++
++sk_TYPE_is_sorted() returns B<1> if B<sk> is sorted and B<0> otherwise.
++
++sk_TYPE_dup() returns a copy of B<sk>. Note the pointers in the copy
++are identical to the original.
++
++sk_TYPE_deep_copy() returns a new stack where each element has been copied.
++Copying is performed by the supplied copyfunc() and freeing by freefunc(). The
++function freefunc() is only called if an error occurs.
++
++=head1 NOTES
++
++Care should be taken when accessing stacks in multi-threaded environments.
++Any operation which increases the size of a stack such as sk_TYPE_insert() or
++sk_push() can "grow" the size of an internal array and cause race conditions
++if the same stack is accessed in a different thread. Operations such as
++sk_find() and sk_sort() can also reorder the stack.
++
++Any comparison function supplied should use a metric suitable
++for use in a binary search operation. That is it should return zero, a
++positive or negative value if B<a> is equal to, greater than
++or less than B<b> respectively.
++
++Care should be taken when checking the return values of the functions
++sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the
++matching element. In particular B<0> indicates a matching first element.
++A failed search is indicated by a B<-1> return value.
++
++=head1 RETURN VALUES
++
++sk_TYPE_num() returns the number of elements in the stack or B<-1> if the
++passed stack is B<NULL>.
++
++sk_TYPE_value() returns a pointer to a stack element or B<NULL> if the
++index is out of range.
++
++sk_TYPE_new() and sk_TYPE_new_null() return an empty stack or B<NULL> if
++an error occurs.
++
++sk_TYPE_set_cmp_func() returns the old comparison function or B<NULL> if
++there was no old comparison function.
++
++sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and sk_TYPE_sort() do
++not return values.
++
++sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr()
++return a pointer to the deleted element or B<NULL> on error.
++
++sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total
++number of elements in the stack and 0 if an error occurred.
++
++sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on
++error.
++
++sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found element
++or B<-1> on error.
++
++sk_TYPE_is_sorted() returns B<1> if the stack is sorted and B<0> if it is
++not.
++
++sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy of the
++stack.
++
++=head1 HISTORY
++
++Before OpenSSL 1.1.0, this was implemented via macros and not inline functions
++and was not a public API.
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/DES_random_key.pod b/doc/crypto/DES_random_key.pod
+new file mode 100644
+index 000000000000..0131093ba9e9
+--- /dev/null
++++ b/doc/crypto/DES_random_key.pod
+@@ -0,0 +1,310 @@
++=pod
++
++=head1 NAME
++
++DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
++DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
++DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
++DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
++DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
++DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
++DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
++DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
++DES_fcrypt, DES_crypt - DES encryption
++
++=head1 SYNOPSIS
++
++ #include <openssl/des.h>
++
++ void DES_random_key(DES_cblock *ret);
++
++ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
++ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
++ int DES_set_key_checked(const_DES_cblock *key,
++ DES_key_schedule *schedule);
++ void DES_set_key_unchecked(const_DES_cblock *key,
++ DES_key_schedule *schedule);
++
++ void DES_set_odd_parity(DES_cblock *key);
++ int DES_is_weak_key(const_DES_cblock *key);
++
++ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
++ DES_key_schedule *ks, int enc);
++ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
++ DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
++ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
++ DES_key_schedule *ks1, DES_key_schedule *ks2,
++ DES_key_schedule *ks3, int enc);
++
++ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
++ long length, DES_key_schedule *schedule, DES_cblock *ivec,
++ int enc);
++ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
++ int numbits, long length, DES_key_schedule *schedule,
++ DES_cblock *ivec, int enc);
++ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
++ int numbits, long length, DES_key_schedule *schedule,
++ DES_cblock *ivec);
++ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
++ long length, DES_key_schedule *schedule, DES_cblock *ivec,
++ int enc);
++ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
++ long length, DES_key_schedule *schedule, DES_cblock *ivec,
++ int *num, int enc);
++ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
++ long length, DES_key_schedule *schedule, DES_cblock *ivec,
++ int *num);
++
++ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
++ long length, DES_key_schedule *schedule, DES_cblock *ivec,
++ const_DES_cblock *inw, const_DES_cblock *outw, int enc);
++
++ void DES_ede2_cbc_encrypt(const unsigned char *input,
++ unsigned char *output, long length, DES_key_schedule *ks1,
++ DES_key_schedule *ks2, DES_cblock *ivec, int enc);
++ void DES_ede2_cfb64_encrypt(const unsigned char *in,
++ unsigned char *out, long length, DES_key_schedule *ks1,
++ DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
++ void DES_ede2_ofb64_encrypt(const unsigned char *in,
++ unsigned char *out, long length, DES_key_schedule *ks1,
++ DES_key_schedule *ks2, DES_cblock *ivec, int *num);
++
++ void DES_ede3_cbc_encrypt(const unsigned char *input,
++ unsigned char *output, long length, DES_key_schedule *ks1,
++ DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
++ int enc);
++ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
++ long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
++ DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
++ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
++ long length, DES_key_schedule *ks1,
++ DES_key_schedule *ks2, DES_key_schedule *ks3,
++ DES_cblock *ivec, int *num);
++
++ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
++ long length, DES_key_schedule *schedule,
++ const_DES_cblock *ivec);
++ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
++ long length, int out_count, DES_cblock *seed);
++ void DES_string_to_key(const char *str, DES_cblock *key);
++ void DES_string_to_2keys(const char *str, DES_cblock *key1,
++ DES_cblock *key2);
++
++ char *DES_fcrypt(const char *buf, const char *salt, char *ret);
++ char *DES_crypt(const char *buf, const char *salt);
++
++=head1 DESCRIPTION
++
++This library contains a fast implementation of the DES encryption
++algorithm.
++
++There are two phases to the use of DES encryption. The first is the
++generation of a I<DES_key_schedule> from a key, the second is the
++actual encryption. A DES key is of type I<DES_cblock>. This type is
++consists of 8 bytes with odd parity. The least significant bit in
++each byte is the parity bit. The key schedule is an expanded form of
++the key; it is used to speed the encryption process.
++
++DES_random_key() generates a random key. The PRNG must be seeded
++prior to using this function (see L<rand(3)>). If the PRNG
++could not generate a secure key, 0 is returned.
++
++Before a DES key can be used, it must be converted into the
++architecture dependent I<DES_key_schedule> via the
++DES_set_key_checked() or DES_set_key_unchecked() function.
++
++DES_set_key_checked() will check that the key passed is of odd parity
++and is not a week or semi-weak key. If the parity is wrong, then -1
++is returned. If the key is a weak key, then -2 is returned. If an
++error is returned, the key schedule is not generated.
++
++DES_set_key() works like
++DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
++otherwise like DES_set_key_unchecked(). These functions are available
++for compatibility; it is recommended to use a function that does not
++depend on a global variable.
++
++DES_set_odd_parity() sets the parity of the passed I<key> to odd.
++
++DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
++is ok.
++
++The following routines mostly operate on an input and output stream of
++I<DES_cblock>s.
++
++DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
++decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
++(ECB) mode. It always transforms the input data, pointed to by
++I<input>, into the output data, pointed to by the I<output> argument.
++If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
++(cleartext) is encrypted in to the I<output> (ciphertext) using the
++key_schedule specified by the I<schedule> argument, previously set via
++I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
++ciphertext) is decrypted into the I<output> (now cleartext). Input
++and output may overlap. DES_ecb_encrypt() does not return a value.
++
++DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
++three-key Triple-DES encryption in ECB mode. This involves encrypting
++the input with I<ks1>, decrypting with the key schedule I<ks2>, and
++then encrypting with I<ks3>. This routine greatly reduces the chances
++of brute force breaking of DES and has the advantage of if I<ks1>,
++I<ks2> and I<ks3> are the same, it is equivalent to just encryption
++using ECB mode and I<ks1> as the key.
++
++The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
++encryption by using I<ks1> for the final encryption.
++
++DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
++(CBC) mode of DES. If the I<encrypt> argument is non-zero, the
++routine cipher-block-chain encrypts the cleartext data pointed to by
++the I<input> argument into the ciphertext pointed to by the I<output>
++argument, using the key schedule provided by the I<schedule> argument,
++and initialization vector provided by the I<ivec> argument. If the
++I<length> argument is not an integral multiple of eight bytes, the
++last block is copied to a temporary area and zero filled. The output
++is always an integral multiple of eight bytes.
++
++DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and
++I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
++(unlike the iv) and are as such, part of the key. So the key is sort
++of 24 bytes. This is much better than CBC DES.
++
++DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
++three keys. This means that each DES operation inside the CBC mode is
++an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
++
++The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
++reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
++This form of Triple-DES is used by the RSAREF library.
++
++DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
++chaining mode used by Kerberos v4. Its parameters are the same as
++DES_ncbc_encrypt().
++
++DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
++method takes an array of characters as input and outputs and array of
++characters. It does not require any padding to 8 character groups.
++Note: the I<ivec> variable is changed and the new changed value needs to
++be passed to the next call to this function. Since this function runs
++a complete DES ECB encryption per I<numbits>, this function is only
++suggested for use when sending small numbers of characters.
++
++DES_cfb64_encrypt()
++implements CFB mode of DES with 64bit feedback. Why is this
++useful you ask? Because this routine will allow you to encrypt an
++arbitrary number of bytes, no 8 byte padding. Each call to this
++routine will encrypt the input bytes to output and then update ivec
++and num. num contains 'how far' we are though ivec. If this does
++not make much sense, read more about cfb mode of DES :-).
++
++DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
++DES_cfb64_encrypt() except that Triple-DES is used.
++
++DES_ofb_encrypt() encrypts using output feedback mode. This method
++takes an array of characters as input and outputs and array of
++characters. It does not require any padding to 8 character groups.
++Note: the I<ivec> variable is changed and the new changed value needs to
++be passed to the next call to this function. Since this function runs
++a complete DES ECB encryption per numbits, this function is only
++suggested for use when sending small numbers of characters.
++
++DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
++Feed Back mode.
++
++DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
++DES_ofb64_encrypt(), using Triple-DES.
++
++The following functions are included in the DES library for
++compatibility with the MIT Kerberos library.
++
++DES_cbc_cksum() produces an 8 byte checksum based on the input stream
++(via CBC encryption). The last 4 bytes of the checksum are returned
++and the complete 8 bytes are placed in I<output>. This function is
++used by Kerberos v4. Other applications should use
++L<EVP_DigestInit(3)> etc. instead.
++
++DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
++checksum from the input bytes. The algorithm can be iterated over the
++input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is
++non-NULL, the 8 bytes generated by each pass are written into
++I<output>.
++
++The following are DES-based transformations:
++
++DES_fcrypt() is a fast version of the Unix crypt(3) function. This
++version takes only a small amount of space relative to other fast
++crypt() implementations. This is different to the normal crypt in
++that the third parameter is the buffer that the return value is
++written into. It needs to be at least 14 bytes long. This function
++is thread safe, unlike the normal crypt.
++
++DES_crypt() is a faster replacement for the normal system crypt().
++This function calls DES_fcrypt() with a static array passed as the
++third parameter. This mostly emulates the normal non-thread-safe semantics
++of crypt(3).
++The B<salt> must be two ASCII characters.
++
++DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
++buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
++using I<sched> for the key and I<iv> as a starting vector. The actual
++data send down I<fd> consists of 4 bytes (in network byte order)
++containing the length of the following encrypted data. The encrypted
++data then follows, padded with random data out to a multiple of 8
++bytes.
++
++=head1 BUGS
++
++DES_3cbc_encrypt() is flawed and must not be used in applications.
++
++DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
++instead.
++
++DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
++What this means is that if you set numbits to 12, and length to 2, the
++first 12 bits will come from the 1st input byte and the low half of
++the second input byte. The second 12 bits will have the low 8 bits
++taken from the 3rd input byte and the top 4 bits taken from the 4th
++input byte. The same holds for output. This function has been
++implemented this way because most people will be using a multiple of 8
++and because once you get into pulling bytes input bytes apart things
++get ugly!
++
++DES_string_to_key() is available for backward compatibility with the
++MIT library. New applications should use a cryptographic hash function.
++The same applies for DES_string_to_2key().
++
++=head1 NOTES
++
++The B<des> library was written to be source code compatible with
++the MIT Kerberos library.
++
++Applications should use the higher level functions
++L<EVP_EncryptInit(3)> etc. instead of calling these
++functions directly.
++
++Single-key DES is insecure due to its short key size. ECB mode is
++not suitable for most applications; see L<des_modes(7)>.
++
++=head1 HISTORY
++
++The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt()
++be two ASCII characters was first enforced in
++OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B<A>
++if both character were not present, and could crash when given non-ASCII
++on some platforms.
++
++=head1 SEE ALSO
++
++L<des_modes(7)>,
++L<EVP_EncryptInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod
-index b37decc..de0847a 100644
+index b37decc4902e..de0847a94df6 100644
--- a/doc/crypto/DH_generate_key.pod
+++ b/doc/crypto/DH_generate_key.pod
@@ -42,4 +42,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
@@ -88901,7 +97434,7 @@
+
=cut
diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
-index 93d7b9c..71fa436 100644
+index 93d7b9c3b4d1..8970aae444f3 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -2,7 +2,6 @@
@@ -88921,7 +97454,65 @@
A callback function may be used to provide feedback about the progress
of the key generation. If B<cb> is not B<NULL>, it will be
-@@ -73,4 +72,13 @@ a usable generator.
+@@ -38,12 +37,41 @@ number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)>
+ is called. See L<BN_generate_prime(3)> for information on
+ the BN_GENCB_call() function.
+
+-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
+-a safe prime, and that B<g> is a suitable generator. In the case of an
+-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
+-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
+-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
+-checked, i.e. it does not equal 2 or 5.
++DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
++value of B<*codes> is updated with any problems found. If B<*codes> is zero then
++no problems were found, otherwise the following bits may be set:
++
++=over 4
++
++=item DH_CHECK_P_NOT_PRIME
++
++The parameter B<p> is not prime.
++
++=item DH_CHECK_P_NOT_SAFE_PRIME
++
++The parameter B<p> is not a safe prime and no B<q> value is present.
++
++=item DH_UNABLE_TO_CHECK_GENERATOR
++
++The generator B<g> cannot be checked for suitability.
++
++=item DH_NOT_SUITABLE_GENERATOR
++
++The generator B<g> is not suitable.
++
++=item DH_CHECK_Q_NOT_PRIME
++
++The parameter B<q> is not prime.
++
++=item DH_CHECK_INVALID_Q_VALUE
++
++The parameter B<q> is invalid.
++
++=item DH_CHECK_INVALID_J_VALUE
++
++The parameter B<j> is invalid.
++
++=back
+
+ =head1 RETURN VALUES
+
+@@ -63,14 +91,18 @@ hours before finding a suitable prime.
+ The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters()
+ are not to be used in signature schemes.
+
+-=head1 BUGS
+-
+-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
+-a usable generator.
+-
+ =head1 SEE ALSO
+
L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>,
L<DH_free(3)>
@@ -88936,7 +97527,7 @@
+
=cut
diff --git a/doc/crypto/DH_get0_pqg.pod b/doc/crypto/DH_get0_pqg.pod
-index bcbecf3..6c6b661 100644
+index bcbecf37a6f5..6c6b66108691 100644
--- a/doc/crypto/DH_get0_pqg.pod
+++ b/doc/crypto/DH_get0_pqg.pod
@@ -47,7 +47,9 @@ be. The values point to the internal representation of the public key and
@@ -88979,11 +97570,21 @@
+
=cut
diff --git a/doc/crypto/DH_meth_new.pod b/doc/crypto/DH_meth_new.pod
-index 73222be..33e8db5 100644
+index 73222be7e4d0..bcf559215fb1 100644
--- a/doc/crypto/DH_meth_new.pod
+++ b/doc/crypto/DH_meth_new.pod
-@@ -145,4 +145,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
+@@ -49,8 +49,7 @@ DH_meth_set_generate_params - Routines to build up DH methods
+ The B<DH_METHOD> type is a structure used for the provision of custom DH
+ implementations. It provides a set of of functions used by OpenSSL for the
+-implementation of the various DH capabilities. See the L<dh(3)> page for more
+-information.
++implementation of the various DH capabilities.
+
+ DH_meth_new() creates a new B<DH_METHOD> structure. It should be given a
+ unique B<name> and a set of B<flags>. The B<name> should be a NULL terminated
+@@ -145,4 +144,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
+
The functions described here were added in OpenSSL version 1.1.0.
+=head1 COPYRIGHT
@@ -88997,7 +97598,7 @@
+
=cut
diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod
-index 450039c..959a470 100644
+index 450039c72816..959a470ec4ae 100644
--- a/doc/crypto/DH_new.pod
+++ b/doc/crypto/DH_new.pod
@@ -34,4 +34,13 @@ L<dh(3)>, L<ERR_get_error(3)>,
@@ -89015,11 +97616,19 @@
+
=cut
diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod
-index fe26b01..b10d91f 100644
+index fe26b0148340..cd75a9b5490f 100644
--- a/doc/crypto/DH_set_method.pod
+++ b/doc/crypto/DH_set_method.pod
-@@ -74,4 +74,13 @@ returns a pointer to the newly allocated structure.
+@@ -8,7 +8,6 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
+ =head1 SYNOPSIS
+ #include <openssl/dh.h>
+- #include <openssl/engine.h>
+
+ void DH_set_default_method(const DH_METHOD *meth);
+
+@@ -74,4 +73,13 @@ returns a pointer to the newly allocated structure.
+
L<dh(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
+=head1 COPYRIGHT
@@ -89033,7 +97642,7 @@
+
=cut
diff --git a/doc/crypto/DH_size.pod b/doc/crypto/DH_size.pod
-index f961eaa..8c1d151 100644
+index f961eaa8dbb2..8c1d151fcf5e 100644
--- a/doc/crypto/DH_size.pod
+++ b/doc/crypto/DH_size.pod
@@ -35,4 +35,13 @@ L<BN_num_bits(3)>
@@ -89051,7 +97660,7 @@
+
=cut
diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod
-index 82cff7d..d12b088 100644
+index 82cff7d4c1d3..d12b08812e30 100644
--- a/doc/crypto/DSA_SIG_new.pod
+++ b/doc/crypto/DSA_SIG_new.pod
@@ -36,4 +36,13 @@ DSA_SIG_free() returns no value.
@@ -89069,7 +97678,7 @@
+
=cut
diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod
-index 6c7cb3c..5e56d20 100644
+index 6c7cb3ca93f9..5e56d209441f 100644
--- a/doc/crypto/DSA_do_sign.pod
+++ b/doc/crypto/DSA_do_sign.pod
@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA signature operations
@@ -89096,7 +97705,7 @@
+
=cut
diff --git a/doc/crypto/DSA_dup_DH.pod b/doc/crypto/DSA_dup_DH.pod
-index 350e8aa..6967ef3 100644
+index 350e8aa3c190..6967ef3dcf30 100644
--- a/doc/crypto/DSA_dup_DH.pod
+++ b/doc/crypto/DSA_dup_DH.pod
@@ -29,4 +29,13 @@ Be careful to avoid small subgroup attacks when using this.
@@ -89114,7 +97723,7 @@
+
=cut
diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod
-index bf396ed..4781abe 100644
+index bf396ed58276..4781abed7a9b 100644
--- a/doc/crypto/DSA_generate_key.pod
+++ b/doc/crypto/DSA_generate_key.pod
@@ -27,4 +27,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
@@ -89132,7 +97741,7 @@
+
=cut
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
-index b639db6..87e4eff 100644
+index b639db6d8497..87e4eff055dc 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -9,15 +9,15 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
@@ -89169,7 +97778,7 @@
+
=cut
diff --git a/doc/crypto/DSA_get0_pqg.pod b/doc/crypto/DSA_get0_pqg.pod
-index 1c835f0..95173bc 100644
+index 1c835f012817..95173bca6840 100644
--- a/doc/crypto/DSA_get0_pqg.pod
+++ b/doc/crypto/DSA_get0_pqg.pod
@@ -44,7 +44,9 @@ be. The values point to the internal representation of the public key and
@@ -89212,7 +97821,7 @@
+
=cut
diff --git a/doc/crypto/DSA_meth_new.pod b/doc/crypto/DSA_meth_new.pod
-index 84584f1..68f744a 100644
+index 84584f1ce0b5..68f744abc360 100644
--- a/doc/crypto/DSA_meth_new.pod
+++ b/doc/crypto/DSA_meth_new.pod
@@ -174,11 +174,20 @@ DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or
@@ -89238,7 +97847,7 @@
+
=cut
diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod
-index 320839c..a967ab5 100644
+index 320839c87cf2..a967ab5da511 100644
--- a/doc/crypto/DSA_new.pod
+++ b/doc/crypto/DSA_new.pod
@@ -36,4 +36,13 @@ L<dsa(3)>, L<ERR_get_error(3)>,
@@ -89256,11 +97865,19 @@
+
=cut
diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod
-index 1d56cca..7d1fe62 100644
+index 1d56ccaab289..a64725f7e472 100644
--- a/doc/crypto/DSA_set_method.pod
+++ b/doc/crypto/DSA_set_method.pod
-@@ -37,7 +37,7 @@ been set as a default for DSA, so this function is no longer recommended.
+@@ -8,7 +8,6 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
+ =head1 SYNOPSIS
+ #include <openssl/dsa.h>
+- #include <openssl/engine.h>
+
+ void DSA_set_default_method(const DSA_METHOD *meth);
+
+@@ -37,7 +36,7 @@ been set as a default for DSA, so this function is no longer recommended.
+
DSA_get_default_method() returns a pointer to the current default
DSA_METHOD. However, the meaningfulness of this result is dependent on
-whether the ENGINE API is being used, so this function is no longer
@@ -89268,7 +97885,7 @@
recommended.
DSA_set_method() selects B<meth> to perform all operations using the key
-@@ -74,4 +74,13 @@ fails. Otherwise it returns a pointer to the newly allocated structure.
+@@ -74,4 +73,13 @@ fails. Otherwise it returns a pointer to the newly allocated structure.
L<dsa(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)>
@@ -89283,7 +97900,7 @@
+
=cut
diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod
-index 1071cca..ba0f6b8 100644
+index 1071ccab4c80..ba0f6b863ecf 100644
--- a/doc/crypto/DSA_sign.pod
+++ b/doc/crypto/DSA_sign.pod
@@ -8,14 +8,14 @@ DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
@@ -89321,7 +97938,7 @@
+
=cut
diff --git a/doc/crypto/DSA_size.pod b/doc/crypto/DSA_size.pod
-index 4333d6d..7c12146 100644
+index 4333d6ddf824..7c121469a197 100644
--- a/doc/crypto/DSA_size.pod
+++ b/doc/crypto/DSA_size.pod
@@ -26,4 +26,13 @@ The size in bytes.
@@ -89338,10 +97955,271 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/ECDSA_SIG_new.pod b/doc/crypto/ECDSA_SIG_new.pod
+new file mode 100644
+index 000000000000..691989074d87
+--- /dev/null
++++ b/doc/crypto/ECDSA_SIG_new.pod
+@@ -0,0 +1,197 @@
++=pod
++
++=head1 NAME
++
++ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size,
++ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup,
++ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature
++algorithm (ECDSA) functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/ecdsa.h>
++
++ ECDSA_SIG *ECDSA_SIG_new(void);
++ void ECDSA_SIG_free(ECDSA_SIG *sig);
++ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig);
++ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
++ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
++ int ECDSA_size(const EC_KEY *eckey);
++
++ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
++ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
++ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
++ EC_KEY *eckey);
++
++ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
++ const unsigned char *sig, int siglen, EC_KEY *eckey);
++ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
++ const ECDSA_SIG *sig, EC_KEY* eckey);
++
++ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
++ const BIGNUM *kinv, const BIGNUM *rp,
++ EC_KEY *eckey);
++ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
++ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
++ unsigned char *sig, unsigned int *siglen,
++ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
++
++=head1 DESCRIPTION
++
++Note: these functions provide a low level interface to ECDSA. Most
++applications should use the higher level B<EVP> interface such as
++L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead.
++
++B<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the
++B<r> and B<s> value of an ECDSA signature (see X9.62 or FIPS 186-2).
++
++ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
++function also allocates the BIGNUMs) and initializes it.
++
++ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
++
++ECDSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
++in B<sig>. The values can then be examined or initialised.
++
++i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B<sig> and
++writes the encoded signature to B<*pp> (note: if B<pp> is NULL i2d_ECDSA_SIG()
++returns the expected length in bytes of the DER encoded signature).
++i2d_ECDSA_SIG() returns the length of the DER encoded signature (or 0 on
++error).
++
++d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns the decoded
++signature in a newly allocated B<ECDSA_SIG> structure. B<*sig> points to the
++buffer containing the DER encoded signature of size B<len>.
++
++ECDSA_size() returns the maximum length of a DER encoded ECDSA signature
++created with the private EC key B<eckey>.
++
++ECDSA_sign() computes a digital signature of the B<dgstlen> bytes hash value
++B<dgst> using the private EC key B<eckey>. The DER encoded signatures is
++stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig> must
++point to ECDSA_size(eckey) bytes of memory. The parameter B<type> is currently
++ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with B<kinv>
++and B<rp> set to NULL.
++
++ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned
++as a newly allocated B<ECDSA_SIG> structure (or NULL on error). ECDSA_do_sign()
++is a wrapper function for ECDSA_do_sign_ex() with B<kinv> and B<rp> set to
++NULL.
++
++ECDSA_verify() verifies that the signature in B<sig> of size B<siglen> is a
++valid ECDSA signature of the hash value B<dgst> of size B<dgstlen> using the
++public key B<eckey>. The parameter B<type> is ignored.
++
++ECDSA_do_verify() is similar to ECDSA_verify() except the signature is
++presented in the form of a pointer to an B<ECDSA_SIG> structure.
++
++The remaining functions utilise the internal B<kinv> and B<r> values used
++during signature computation. Most applications will never need to call these
++and some external ECDSA ENGINE implementations may not support them at all if
++either B<kinv> or B<r> is not B<NULL>.
++
++ECDSA_sign_setup() may be used to precompute parts of the signing operation.
++B<eckey> is the private EC key and B<ctx> is a pointer to B<BN_CTX> structure
++(or NULL). The precomputed values or returned in B<kinv> and B<rp> and can be
++used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
++
++ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes hash value
++B<dgst> using the private EC key B<eckey> and the optional pre-computed values
++B<kinv> and B<rp>. The DER encoded signatures is stored in B<sig> and it's
++length is returned in B<sig_len>. Note: B<sig> must point to ECDSA_size(eckey)
++bytes of memory. The parameter B<type> is ignored.
++
++ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is
++returned as a newly allocated B<ECDSA_SIG> structure (or NULL on error).
++
++=head1 RETURN VALUES
++
++ECDSA_size() returns the maximum length signature or 0 on error.
++
++ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful
++or 0 on error.
++
++ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated
++B<ECDSA_SIG> structure or NULL on error.
++
++ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
++signature, 0 for an invalid signature and -1 on error.
++The error codes can be obtained by L<ERR_get_error(3)>.
++
++=head1 EXAMPLES
++
++Creating an ECDSA signature of a given SHA-256 hash value using the
++named curve prime256v1 (aka P-256).
++
++First step: create an EC_KEY object (note: this part is B<not> ECDSA
++specific)
++
++ int ret;
++ ECDSA_SIG *sig;
++ EC_KEY *eckey;
++ eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++ if (eckey == NULL) {
++ /* error */
++ }
++ if (EC_KEY_generate_key(eckey) == 0) {
++ /* error */
++ }
++
++Second step: compute the ECDSA signature of a SHA-256 hash value
++using ECDSA_do_sign():
++
++ sig = ECDSA_do_sign(digest, 32, eckey);
++ if (sig == NULL) {
++ /* error */
++ }
++
++or using ECDSA_sign():
++
++ unsigned char *buffer, *pp;
++ int buf_len;
++ buf_len = ECDSA_size(eckey);
++ buffer = OPENSSL_malloc(buf_len);
++ pp = buffer;
++ if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
++ /* error */
++ }
++
++Third step: verify the created ECDSA signature using ECDSA_do_verify():
++
++ ret = ECDSA_do_verify(digest, 32, sig, eckey);
++
++or using ECDSA_verify():
++
++ ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
++
++and finally evaluate the return value:
++
++ if (ret == 1) {
++ /* signature ok */
++ } else if (ret == 0) {
++ /* incorrect signature */
++ } else {
++ /* error */
++ }
++
++=head1 CONFORMING TO
++
++ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
++(Digital Signature Standard, DSS)
++
++=head1 SEE ALSO
++
++L<dsa(3)>,
++L<EVP_DigestSignInit(3)>,
++L<EVP_DigestVerifyInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/ECPKParameters_print.pod b/doc/crypto/ECPKParameters_print.pod
+new file mode 100644
+index 000000000000..20b9cc7fe066
+--- /dev/null
++++ b/doc/crypto/ECPKParameters_print.pod
+@@ -0,0 +1,43 @@
++=pod
++
++=head1 NAME
++
++ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities
++
++=head1 SYNOPSIS
++
++ #include <openssl/ec.h>
++
++ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
++ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
++
++=head1 DESCRIPTION
++
++The ECPKParameters represent the public parameters for an
++B<EC_GROUP> structure, which represents a curve.
++
++The ECPKParameters_print() and ECPKParameters_print_fp() functions print
++a human-readable output of the public parameters of the EC_GROUP to B<bp>
++or B<fp>. The output lines are indented by B<off> spaces.
++
++=head1 RETURN VALUES
++
++ECPKParameters_print() and ECPKParameters_print_fp()
++return 1 for success and 0 if an error occurs.
++
++=head1 SEE ALSO
++
++L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
++L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
++L<EC_GFp_simple_method(3)>,
++
++=head1 COPYRIGHT
++
++Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/EC_GFp_simple_method.pod b/doc/crypto/EC_GFp_simple_method.pod
-index 2a21c93..1a02d5d 100644
+index 2a21c9393bbf..89c590eb2a1c 100644
--- a/doc/crypto/EC_GFp_simple_method.pod
+++ b/doc/crypto/EC_GFp_simple_method.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining B<EC_METHOD> objects.
++EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects
+
+ =head1 SYNOPSIS
+
@@ -57,4 +57,13 @@ L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<d2i_ECPKParameters(3)>,
L<BN_mod_mul_montgomery(3)>
@@ -89357,11 +98235,25 @@
+
=cut
diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod
-index 3af5bbf..69909bd 100644
+index 3af5bbfdf98b..e10199e7d181 100644
--- a/doc/crypto/EC_GROUP_copy.pod
+++ b/doc/crypto/EC_GROUP_copy.pod
-@@ -46,8 +46,8 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROU
+@@ -2,12 +2,11 @@
+ =head1 NAME
+
+-EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating B<EC_GROUP> objects.
++EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating EC_GROUP objects
+
+ =head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+- #include <openssl/bn.h>
+
+ int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+ EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+@@ -46,8 +45,8 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROU
+
int EC_GROUP_get_basis_type(const EC_GROUP *);
int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
- int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
@@ -89371,7 +98263,7 @@
=head1 DESCRIPTION
-@@ -86,26 +86,25 @@ applications would have to explicitly set the named curve form) in OpenSSL
+@@ -86,26 +85,25 @@ applications would have to explicitly set the named curve form) in OpenSSL
1.1.0 and later the named curve form is the default.
The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA).
@@ -89407,7 +98299,7 @@
For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two
possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
-@@ -186,4 +185,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
+@@ -186,4 +184,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -89422,10 +98314,26 @@
+
=cut
diff --git a/doc/crypto/EC_GROUP_new.pod b/doc/crypto/EC_GROUP_new.pod
-index bbd3dfb..822ff83 100644
+index bbd3dfb54a5a..7cf0f007d7ec 100644
--- a/doc/crypto/EC_GROUP_new.pod
+++ b/doc/crypto/EC_GROUP_new.pod
-@@ -78,10 +78,10 @@ provided. The return value is the total number of curves available (whether that
+@@ -7,13 +7,12 @@ EC_GROUP_new_from_ecpkparameters,
+ EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp,
+ EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp,
+ EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m,
+-EC_get_builtin_curves - Functions for creating and destroying B<EC_GROUP>
+-objects.
++EC_get_builtin_curves - Functions for creating and destroying EC_GROUP
++objects
+
+ =head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+- #include <openssl/bn.h>
+
+ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+@@ -78,10 +77,10 @@ provided. The return value is the total number of curves available (whether that
not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available.
The EC_builtin_curve structure is defined as follows:
@@ -89440,7 +98348,7 @@
Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
-@@ -108,4 +108,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_copy(3)>,
+@@ -108,4 +107,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_copy(3)>,
L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -89454,11 +98362,96 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/EC_KEY_get_enc_flags.pod b/doc/crypto/EC_KEY_get_enc_flags.pod
+new file mode 100644
+index 000000000000..abc55c148f0c
+--- /dev/null
++++ b/doc/crypto/EC_KEY_get_enc_flags.pod
+@@ -0,0 +1,59 @@
++=pod
++
++=head1 NAME
++
++EC_KEY_get_enc_flags, EC_KEY_set_enc_flags
++- Get and set flags for encoding EC_KEY structures
++
++=head1 SYNOPSIS
++
++ #include <openssl/ec.h>
++
++ unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
++ void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
++
++=head1 DESCRIPTION
++
++The format of the external representation of the public key written by
++i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is
++described by the point_conversion_form. See L<EC_GROUP_copy(3)>
++for a description of point_conversion_form.
++
++When reading a private key encoded without an associated public key (e.g. if
++EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates
++the missing public key automatically. Private keys encoded without parameters
++(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using
++d2i_ECPrivateKey().
++
++The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the
++value of the encoding flags for the B<key>. There are two encoding flags
++currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags
++define the behaviour of how the B<key> is converted into ASN1 in a call to
++i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for
++the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is
++set then the public key is not encoded along with the private key.
++
++=head1 RETURN VALUES
++
++EC_KEY_get_enc_flags() returns the value of the current encoding flags for the
++EC_KEY.
++
++=head1 SEE ALSO
++
++L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
++L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
++L<EC_POINT_add(3)>,
++L<EC_GFp_simple_method(3)>,
++L<d2i_ECPKParameters(3)>,
++L<d2i_ECPrivateKey(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod
-index 6bfd180..5b3fe05 100644
+index 6bfd1804cd1f..548165bc43c2 100644
--- a/doc/crypto/EC_KEY_new.pod
+++ b/doc/crypto/EC_KEY_new.pod
-@@ -171,4 +171,13 @@ L<EC_POINT_add(3)>,
+@@ -6,17 +6,16 @@ EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
+ EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref,
+ EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
+ EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
+-EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
++EC_KEY_get_conv_form,
+ EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult,
+ EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates,
+ EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct,
+ EC_KEY_priv2buf - Functions for creating, destroying and manipulating
+-EC_KEY objects.
++EC_KEY objects
+
+ =head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+- #include <openssl/bn.h>
+
+ EC_KEY *EC_KEY_new(void);
+ int EC_KEY_get_flags(const EC_KEY *key);
+@@ -171,4 +170,13 @@ L<EC_POINT_add(3)>,
L<EC_GFp_simple_method(3)>,
L<d2i_ECPKParameters(3)>
@@ -89473,10 +98466,24 @@
+
=cut
diff --git a/doc/crypto/EC_POINT_add.pod b/doc/crypto/EC_POINT_add.pod
-index eaa7f52..5b44cbd 100644
+index eaa7f527869d..c029de42b165 100644
--- a/doc/crypto/EC_POINT_add.pod
+++ b/doc/crypto/EC_POINT_add.pod
-@@ -69,4 +69,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+@@ -2,12 +2,11 @@
+
+ =head1 NAME
+
+-EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on B<EC_POINT> objects.
++EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects
+
+ =head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+- #include <openssl/bn.h>
+
+ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+@@ -69,4 +68,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
L<EC_POINT_new(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -89491,10 +98498,24 @@
+
=cut
diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod
-index 8e11f0b..89b0c0a 100644
+index 8e11f0b1bec0..0bf08d430f33 100644
--- a/doc/crypto/EC_POINT_new.pod
+++ b/doc/crypto/EC_POINT_new.pod
-@@ -182,4 +182,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+@@ -10,12 +10,11 @@ EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m,
+ EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m,
+ EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point,
+ EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and
+-manipulating B<EC_POINT> objects.
++manipulating EC_POINT objects
+
+ =head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+- #include <openssl/bn.h>
+
+ EC_POINT *EC_POINT_new(const EC_GROUP *group);
+ void EC_POINT_free(EC_POINT *point);
+@@ -182,4 +181,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
@@ -89508,8 +98529,589 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/ENGINE_add.pod b/doc/crypto/ENGINE_add.pod
+new file mode 100644
+index 000000000000..a934d96ec4fe
+--- /dev/null
++++ b/doc/crypto/ENGINE_add.pod
+@@ -0,0 +1,575 @@
++=pod
++
++=head1 NAME
++
++engine - ENGINE cryptographic module support
++
++=head1 SYNOPSIS
++
++ #include <openssl/engine.h>
++
++ ENGINE *ENGINE_get_first(void);
++ ENGINE *ENGINE_get_last(void);
++ ENGINE *ENGINE_get_next(ENGINE *e);
++ ENGINE *ENGINE_get_prev(ENGINE *e);
++
++ int ENGINE_add(ENGINE *e);
++ int ENGINE_remove(ENGINE *e);
++
++ ENGINE *ENGINE_by_id(const char *id);
++
++ int ENGINE_init(ENGINE *e);
++ int ENGINE_finish(ENGINE *e);
++
++ void ENGINE_load_builtin_engines(void);
++
++ ENGINE *ENGINE_get_default_RSA(void);
++ ENGINE *ENGINE_get_default_DSA(void);
++ ENGINE *ENGINE_get_default_ECDH(void);
++ ENGINE *ENGINE_get_default_ECDSA(void);
++ ENGINE *ENGINE_get_default_DH(void);
++ ENGINE *ENGINE_get_default_RAND(void);
++ ENGINE *ENGINE_get_cipher_engine(int nid);
++ ENGINE *ENGINE_get_digest_engine(int nid);
++
++ int ENGINE_set_default_RSA(ENGINE *e);
++ int ENGINE_set_default_DSA(ENGINE *e);
++ int ENGINE_set_default_ECDH(ENGINE *e);
++ int ENGINE_set_default_ECDSA(ENGINE *e);
++ int ENGINE_set_default_DH(ENGINE *e);
++ int ENGINE_set_default_RAND(ENGINE *e);
++ int ENGINE_set_default_ciphers(ENGINE *e);
++ int ENGINE_set_default_digests(ENGINE *e);
++ int ENGINE_set_default_string(ENGINE *e, const char *list);
++
++ int ENGINE_set_default(ENGINE *e, unsigned int flags);
++
++ unsigned int ENGINE_get_table_flags(void);
++ void ENGINE_set_table_flags(unsigned int flags);
++
++ int ENGINE_register_RSA(ENGINE *e);
++ void ENGINE_unregister_RSA(ENGINE *e);
++ void ENGINE_register_all_RSA(void);
++ int ENGINE_register_DSA(ENGINE *e);
++ void ENGINE_unregister_DSA(ENGINE *e);
++ void ENGINE_register_all_DSA(void);
++ int ENGINE_register_ECDH(ENGINE *e);
++ void ENGINE_unregister_ECDH(ENGINE *e);
++ void ENGINE_register_all_ECDH(void);
++ int ENGINE_register_ECDSA(ENGINE *e);
++ void ENGINE_unregister_ECDSA(ENGINE *e);
++ void ENGINE_register_all_ECDSA(void);
++ int ENGINE_register_DH(ENGINE *e);
++ void ENGINE_unregister_DH(ENGINE *e);
++ void ENGINE_register_all_DH(void);
++ int ENGINE_register_RAND(ENGINE *e);
++ void ENGINE_unregister_RAND(ENGINE *e);
++ void ENGINE_register_all_RAND(void);
++ int ENGINE_register_ciphers(ENGINE *e);
++ void ENGINE_unregister_ciphers(ENGINE *e);
++ void ENGINE_register_all_ciphers(void);
++ int ENGINE_register_digests(ENGINE *e);
++ void ENGINE_unregister_digests(ENGINE *e);
++ void ENGINE_register_all_digests(void);
++ int ENGINE_register_complete(ENGINE *e);
++ int ENGINE_register_all_complete(void);
++
++ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
++ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
++ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
++ long i, void *p, void (*f)(void), int cmd_optional);
++ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
++ int cmd_optional);
++
++ ENGINE *ENGINE_new(void);
++ int ENGINE_free(ENGINE *e);
++ int ENGINE_up_ref(ENGINE *e);
++
++ int ENGINE_set_id(ENGINE *e, const char *id);
++ int ENGINE_set_name(ENGINE *e, const char *name);
++ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
++ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
++ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
++ int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
++ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
++ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
++ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
++ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
++ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
++ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
++ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
++ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
++ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
++ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
++ int ENGINE_set_flags(ENGINE *e, int flags);
++ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
++
++ const char *ENGINE_get_id(const ENGINE *e);
++ const char *ENGINE_get_name(const ENGINE *e);
++ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
++ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
++ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
++ const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
++ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
++ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
++ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
++ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
++ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
++ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
++ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
++ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
++ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
++ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
++ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
++ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
++ int ENGINE_get_flags(const ENGINE *e);
++ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
++
++ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
++ UI_METHOD *ui_method, void *callback_data);
++ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
++ UI_METHOD *ui_method, void *callback_data);
++
++ void ENGINE_add_conf_module(void);
++
++Deprecated:
++
++ #if OPENSSL_API_COMPAT < 0x10100000L
++ void ENGINE_cleanup(void)
++ #endif
++
++=head1 DESCRIPTION
++
++These functions create, manipulate, and use cryptographic modules in the
++form of B<ENGINE> objects. These objects act as containers for
++implementations of cryptographic algorithms, and support a
++reference-counted mechanism to allow them to be dynamically loaded in and
++out of the running application.
++
++The cryptographic functionality that can be provided by an B<ENGINE>
++implementation includes the following abstractions;
++
++ RSA_METHOD - for providing alternative RSA implementations
++ DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
++ - similarly for other OpenSSL APIs
++ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
++ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
++ key-loading - loading public and/or private EVP_PKEY keys
++
++=head2 Reference counting and handles
++
++Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
++treated as handles - ie. not only as pointers, but also as references to
++the underlying ENGINE object. Ie. one should obtain a new reference when
++making copies of an ENGINE pointer if the copies will be used (and
++released) independently.
++
++ENGINE objects have two levels of reference-counting to match the way in
++which the objects are used. At the most basic level, each ENGINE pointer is
++inherently a B<structural> reference - a structural reference is required
++to use the pointer value at all, as this kind of reference is a guarantee
++that the structure can not be deallocated until the reference is released.
++
++However, a structural reference provides no guarantee that the ENGINE is
++initialised and able to use any of its cryptographic
++implementations. Indeed it's quite possible that most ENGINEs will not
++initialise at all in typical environments, as ENGINEs are typically used to
++support specialised hardware. To use an ENGINE's functionality, you need a
++B<functional> reference. This kind of reference can be considered a
++specialised form of structural reference, because each functional reference
++implicitly contains a structural reference as well - however to avoid
++difficult-to-find programming bugs, it is recommended to treat the two
++kinds of reference independently. If you have a functional reference to an
++ENGINE, you have a guarantee that the ENGINE has been initialised and
++is ready to perform cryptographic operations, and will remain initialised
++until after you have released your reference.
++
++I<Structural references>
++
++This basic type of reference is used for instantiating new ENGINEs,
++iterating across OpenSSL's internal linked-list of loaded
++ENGINEs, reading information about an ENGINE, etc. Essentially a structural
++reference is sufficient if you only need to query or manipulate the data of
++an ENGINE implementation rather than use its functionality.
++
++The ENGINE_new() function returns a structural reference to a new (empty)
++ENGINE object. There are other ENGINE API functions that return structural
++references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
++ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
++released by a corresponding to call to the ENGINE_free() function - the
++ENGINE object itself will only actually be cleaned up and deallocated when
++the last structural reference is released.
++
++It should also be noted that many ENGINE API function calls that accept a
++structural reference will internally obtain another reference - typically
++this happens whenever the supplied ENGINE will be needed by OpenSSL after
++the function has returned. Eg. the function to add a new ENGINE to
++OpenSSL's internal list is ENGINE_add() - if this function returns success,
++then OpenSSL will have stored a new structural reference internally so the
++caller is still responsible for freeing their own reference with
++ENGINE_free() when they are finished with it. In a similar way, some
++functions will automatically release the structural reference passed to it
++if part of the function's job is to do so. Eg. the ENGINE_get_next() and
++ENGINE_get_prev() functions are used for iterating across the internal
++ENGINE list - they will return a new structural reference to the next (or
++previous) ENGINE in the list or NULL if at the end (or beginning) of the
++list, but in either case the structural reference passed to the function is
++released on behalf of the caller.
++
++To clarify a particular function's handling of references, one should
++always consult that function's documentation "man" page, or failing that
++the openssl/engine.h header file includes some hints.
++
++I<Functional references>
++
++As mentioned, functional references exist when the cryptographic
++functionality of an ENGINE is required to be available. A functional
++reference can be obtained in one of two ways; from an existing structural
++reference to the required ENGINE, or by asking OpenSSL for the default
++operational ENGINE for a given cryptographic purpose.
++
++To obtain a functional reference from an existing structural reference,
++call the ENGINE_init() function. This returns zero if the ENGINE was not
++already operational and couldn't be successfully initialised (eg. lack of
++system drivers, no special hardware attached, etc), otherwise it will
++return non-zero to indicate that the ENGINE is now operational and will
++have allocated a new B<functional> reference to the ENGINE. All functional
++references are released by calling ENGINE_finish() (which removes the
++implicit structural reference as well).
++
++The second way to get a functional reference is by asking OpenSSL for a
++default implementation for a given task, eg. by ENGINE_get_default_RSA(),
++ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
++section, though they are not usually required by application programmers as
++they are used automatically when creating and using the relevant
++algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
++
++=head2 Default implementations
++
++For each supported abstraction, the ENGINE code maintains an internal table
++of state to control which implementations are available for a given
++abstraction and which should be used by default. These implementations are
++registered in the tables and indexed by an 'nid' value, because
++abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
++algorithms and modes, and ENGINEs can support arbitrarily many of them.
++In the case of other abstractions like RSA, DSA, etc, there is only one
++"algorithm" so all implementations implicitly register using the same 'nid'
++index.
++
++When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
++when calling RSA_new_method(NULL)), a "get_default" call will be made to the
++ENGINE subsystem to process the corresponding state table and return a
++functional reference to an initialised ENGINE whose implementation should be
++used. If no ENGINE should (or can) be used, it will return NULL and the caller
++will operate with a NULL ENGINE handle - this usually equates to using the
++conventional software implementation. In the latter case, OpenSSL will from
++then on behave the way it used to before the ENGINE API existed.
++
++Each state table has a flag to note whether it has processed this
++"get_default" query since the table was last modified, because to process
++this question it must iterate across all the registered ENGINEs in the
++table trying to initialise each of them in turn, in case one of them is
++operational. If it returns a functional reference to an ENGINE, it will
++also cache another reference to speed up processing future queries (without
++needing to iterate across the table). Likewise, it will cache a NULL
++response if no ENGINE was available so that future queries won't repeat the
++same iteration unless the state table changes. This behaviour can also be
++changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
++ENGINE_set_table_flags()), no attempted initialisations will take place,
++instead the only way for the state table to return a non-NULL ENGINE to the
++"get_default" query will be if one is expressly set in the table. Eg.
++ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
++that it also sets the state table's cached response for the "get_default"
++query. In the case of abstractions like EVP_CIPHER, where implementations are
++indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
++value.
++
++=head2 Application requirements
++
++This section will explain the basic things an application programmer should
++support to make the most useful elements of the ENGINE functionality
++available to the user. The first thing to consider is whether the
++programmer wishes to make alternative ENGINE modules available to the
++application and user. OpenSSL maintains an internal linked list of
++"visible" ENGINEs from which it has to operate - at start-up, this list is
++empty and in fact if an application does not call any ENGINE API calls and
++it uses static linking against openssl, then the resulting application
++binary will not contain any alternative ENGINE code at all. So the first
++consideration is whether any/all available ENGINE implementations should be
++made visible to OpenSSL - this is controlled by calling the various "load"
++functions.
++
++Having called any of these functions, ENGINE objects would have been
++dynamically allocated and populated with these implementations and linked
++into OpenSSL's internal linked list. At this point it is important to
++mention an important API function;
++
++ void ENGINE_cleanup(void)
++
++If no ENGINE API functions are called at all in an application, then there
++are no inherent memory leaks to worry about from the ENGINE functionality.
++However, prior to OpenSSL 1.1.0 if any ENGINEs are loaded, even if they are
++never registered or used, it was necessary to use the ENGINE_cleanup() function
++to correspondingly cleanup before program exit, if the caller wishes to avoid
++memory leaks. This mechanism used an internal callback registration table
++so that any ENGINE API functionality that knows it requires cleanup can
++register its cleanup details to be called during ENGINE_cleanup(). This
++approach allowed ENGINE_cleanup() to clean up after any ENGINE functionality
++at all that your program uses, yet doesn't automatically create linker
++dependencies to all possible ENGINE functionality - only the cleanup
++callbacks required by the functionality you do use will be required by the
++linker. From OpenSSL 1.1.0 it is no longer necessary to explicitly call
++ENGINE_cleanup and this function is deprecated. Cleanup automatically takes
++place at program exit.
++
++The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
++the program and loaded into memory at run-time) does not mean they are
++"registered" or called into use by OpenSSL automatically - that behaviour
++is something for the application to control. Some applications
++will want to allow the user to specify exactly which ENGINE they want used
++if any is to be used at all. Others may prefer to load all support and have
++OpenSSL automatically use at run-time any ENGINE that is able to
++successfully initialise - ie. to assume that this corresponds to
++acceleration hardware attached to the machine or some such thing. There are
++probably numerous other ways in which applications may prefer to handle
++things, so we will simply illustrate the consequences as they apply to a
++couple of simple cases and leave developers to consider these and the
++source code to openssl's builtin utilities as guides.
++
++I<Using a specific ENGINE implementation>
++
++Here we'll assume an application has been configured by its user or admin
++to want to use the "ACME" ENGINE if it is available in the version of
++OpenSSL the application was compiled with. If it is available, it should be
++used by default for all RSA, DSA, and symmetric cipher operations, otherwise
++OpenSSL should use its builtin software as per usual. The following code
++illustrates how to approach this;
++
++ ENGINE *e;
++ const char *engine_id = "ACME";
++ ENGINE_load_builtin_engines();
++ e = ENGINE_by_id(engine_id);
++ if(!e)
++ /* the engine isn't available */
++ return;
++ if(!ENGINE_init(e)) {
++ /* the engine couldn't initialise, release 'e' */
++ ENGINE_free(e);
++ return;
++ }
++ if(!ENGINE_set_default_RSA(e))
++ /* This should only happen when 'e' can't initialise, but the previous
++ * statement suggests it did. */
++ abort();
++ ENGINE_set_default_DSA(e);
++ ENGINE_set_default_ciphers(e);
++ /* Release the functional reference from ENGINE_init() */
++ ENGINE_finish(e);
++ /* Release the structural reference from ENGINE_by_id() */
++ ENGINE_free(e);
++
++I<Automatically using builtin ENGINE implementations>
++
++Here we'll assume we want to load and register all ENGINE implementations
++bundled with OpenSSL, such that for any cryptographic algorithm required by
++OpenSSL - if there is an ENGINE that implements it and can be initialised,
++it should be used. The following code illustrates how this can work;
++
++ /* Load all bundled ENGINEs into memory and make them visible */
++ ENGINE_load_builtin_engines();
++ /* Register all of them for every algorithm they collectively implement */
++ ENGINE_register_all_complete();
++
++That's all that's required. Eg. the next time OpenSSL tries to set up an
++RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
++ENGINE_init() and if any of those succeed, that ENGINE will be set as the
++default for RSA use from then on.
++
++=head2 Advanced configuration support
++
++There is a mechanism supported by the ENGINE framework that allows each
++ENGINE implementation to define an arbitrary set of configuration
++"commands" and expose them to OpenSSL and any applications based on
++OpenSSL. This mechanism is entirely based on the use of name-value pairs
++and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
++applications want to provide a transparent way for users to provide
++arbitrary configuration "directives" directly to such ENGINEs. It is also
++possible for the application to dynamically interrogate the loaded ENGINE
++implementations for the names, descriptions, and input flags of their
++available "control commands", providing a more flexible configuration
++scheme. However, if the user is expected to know which ENGINE device he/she
++is using (in the case of specialised hardware, this goes without saying)
++then applications may not need to concern themselves with discovering the
++supported control commands and simply prefer to pass settings into ENGINEs
++exactly as they are provided by the user.
++
++Before illustrating how control commands work, it is worth mentioning what
++they are typically used for. Broadly speaking there are two uses for
++control commands; the first is to provide the necessary details to the
++implementation (which may know nothing at all specific to the host system)
++so that it can be initialised for use. This could include the path to any
++driver or config files it needs to load, required network addresses,
++smart-card identifiers, passwords to initialise protected devices,
++logging information, etc etc. This class of commands typically needs to be
++passed to an ENGINE B<before> attempting to initialise it, ie. before
++calling ENGINE_init(). The other class of commands consist of settings or
++operations that tweak certain behaviour or cause certain operations to take
++place, and these commands may work either before or after ENGINE_init(), or
++in some cases both. ENGINE implementations should provide indications of
++this in the descriptions attached to builtin control commands and/or in
++external product documentation.
++
++I<Issuing control commands to an ENGINE>
++
++Let's illustrate by example; a function for which the caller supplies the
++name of the ENGINE it wishes to use, a table of string-pairs for use before
++initialisation, and another table for use after initialisation. Note that
++the string-pairs used for control commands consist of a command "name"
++followed by the command "parameter" - the parameter could be NULL in some
++cases but the name can not. This function should initialise the ENGINE
++(issuing the "pre" commands beforehand and the "post" commands afterwards)
++and set it as the default for everything except RAND and then return a
++boolean success or failure.
++
++ int generic_load_engine_fn(const char *engine_id,
++ const char **pre_cmds, int pre_num,
++ const char **post_cmds, int post_num)
++ {
++ ENGINE *e = ENGINE_by_id(engine_id);
++ if(!e) return 0;
++ while(pre_num--) {
++ if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
++ fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
++ pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
++ ENGINE_free(e);
++ return 0;
++ }
++ pre_cmds += 2;
++ }
++ if(!ENGINE_init(e)) {
++ fprintf(stderr, "Failed initialisation\n");
++ ENGINE_free(e);
++ return 0;
++ }
++ /* ENGINE_init() returned a functional reference, so free the structural
++ * reference from ENGINE_by_id(). */
++ ENGINE_free(e);
++ while(post_num--) {
++ if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
++ fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
++ post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
++ ENGINE_finish(e);
++ return 0;
++ }
++ post_cmds += 2;
++ }
++ ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
++ /* Success */
++ return 1;
++ }
++
++Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
++relax the semantics of the function - if set non-zero it will only return
++failure if the ENGINE supported the given command name but failed while
++executing it, if the ENGINE doesn't support the command name it will simply
++return success without doing anything. In this case we assume the user is
++only supplying commands specific to the given ENGINE so we set this to
++FALSE.
++
++I<Discovering supported control commands>
++
++It is possible to discover at run-time the names, numerical-ids, descriptions
++and input parameters of the control commands supported by an ENGINE using a
++structural reference. Note that some control commands are defined by OpenSSL
++itself and it will intercept and handle these control commands on behalf of the
++ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
++openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
++implemented by ENGINEs should be numbered from. Any command value lower than
++this symbol is considered a "generic" command is handled directly by the
++OpenSSL core routines.
++
++It is using these "core" control commands that one can discover the control
++commands implemented by a given ENGINE, specifically the commands;
++
++ #define ENGINE_HAS_CTRL_FUNCTION 10
++ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
++ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
++ #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
++ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
++ #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
++ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
++ #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
++ #define ENGINE_CTRL_GET_CMD_FLAGS 18
++
++Whilst these commands are automatically processed by the OpenSSL framework code,
++they use various properties exposed by each ENGINE to process these
++queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
++it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
++the ENGINE's flags, and it can expose an array of control command descriptions.
++If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
++simply pass all these "core" control commands directly to the ENGINE's ctrl()
++handler (and thus, it must have supplied one), so it is up to the ENGINE to
++reply to these "discovery" commands itself. If that flag is not set, then the
++OpenSSL framework code will work with the following rules;
++
++ if no ctrl() handler supplied;
++ ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
++ all other commands fail.
++ if a ctrl() handler was supplied but no array of control commands;
++ ENGINE_HAS_CTRL_FUNCTION returns TRUE,
++ all other commands fail.
++ if a ctrl() handler and array of control commands was supplied;
++ ENGINE_HAS_CTRL_FUNCTION returns TRUE,
++ all other commands proceed processing ...
++
++If the ENGINE's array of control commands is empty then all other commands will
++fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
++the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
++identifier of a command supported by the ENGINE and returns the next command
++identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
++name for a command and returns the corresponding identifier or fails if no such
++command name exists, and the remaining commands take a command identifier and
++return properties of the corresponding commands. All except
++ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
++or populate a supplied character buffer with a copy of the command name or
++description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
++possible values;
++
++ #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
++ #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
++ #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
++ #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
++
++If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
++informational to the caller - this flag will prevent the command being usable
++for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
++"INTERNAL" commands are not intended to be exposed to text-based configuration
++by applications, administrations, users, etc. These can support arbitrary
++operations via ENGINE_ctrl(), including passing to and/or from the control
++commands data of any arbitrary type. These commands are supported in the
++discovery mechanisms simply to allow applications to determine if an ENGINE
++supports certain specific commands it might want to use (eg. application "foo"
++might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
++and ENGINE could therefore decide whether or not to support this "foo"-specific
++extension).
++
++=head1 SEE ALSO
++
++L<OPENSSL_init_crypto(3)>, L<RSA_new_method(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
++
++=head1 HISTORY
++
++ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and
++ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by
++OPENSSL_init_crypto().
++
++=head1 COPYRIGHT
++
++Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod
-index 3f0e36a..10e250f 100644
+index 3f0e36ade4a3..10e250f445da 100644
--- a/doc/crypto/ERR_GET_LIB.pod
+++ b/doc/crypto/ERR_GET_LIB.pod
@@ -48,4 +48,13 @@ L<err(3)>, L<ERR_get_error(3)>
@@ -89527,7 +99129,7 @@
+
=cut
diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod
-index e54e34c..892c67f 100644
+index e54e34c46db3..892c67fcf977 100644
--- a/doc/crypto/ERR_clear_error.pod
+++ b/doc/crypto/ERR_clear_error.pod
@@ -22,4 +22,13 @@ ERR_clear_error() has no return value.
@@ -89545,7 +99147,7 @@
+
=cut
diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod
-index 81ca61c..12f4f72 100644
+index 81ca61c9db81..12f4f72be591 100644
--- a/doc/crypto/ERR_error_string.pod
+++ b/doc/crypto/ERR_error_string.pod
@@ -62,4 +62,13 @@ none is registered for the error code.
@@ -89563,7 +99165,7 @@
+
=cut
diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod
-index aa5047e..a7efc74 100644
+index aa5047e0c11f..a7efc74d6a51 100644
--- a/doc/crypto/ERR_get_error.pod
+++ b/doc/crypto/ERR_get_error.pod
@@ -67,4 +67,13 @@ The error code, or 0 if there is no error in the queue.
@@ -89581,10 +99183,10 @@
+
=cut
diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod
-index 68c006f..15f8000 100644
+index 68c006fd3c3d..15f8000c4e5f 100644
--- a/doc/crypto/ERR_load_crypto_strings.pod
+++ b/doc/crypto/ERR_load_crypto_strings.pod
-@@ -21,7 +21,7 @@ Deprecated:
+@@ -21,7 +21,7 @@ load and free error strings
#if OPENSSL_API_COMPAT < 0x10100000L
void SSL_load_error_strings(void);
#endif
@@ -89608,7 +99210,7 @@
+
=cut
diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod
-index 0e212a0..8071d96 100644
+index 0e212a026999..8071d96eff26 100644
--- a/doc/crypto/ERR_load_strings.pod
+++ b/doc/crypto/ERR_load_strings.pod
@@ -45,4 +45,13 @@ ERR_get_next_error_library() returns a new library number.
@@ -89626,7 +99228,7 @@
+
=cut
diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod
-index aec8a10..4a19a59 100644
+index aec8a1029abd..4a19a59ec458 100644
--- a/doc/crypto/ERR_print_errors.pod
+++ b/doc/crypto/ERR_print_errors.pod
@@ -41,4 +41,13 @@ ERR_print_errors() and ERR_print_errors_fp() return no values.
@@ -89644,11 +99246,48 @@
+
=cut
diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod
-index f0a82f6..9b02976 100644
+index f0a82f6156da..9ddf534bbec1 100644
--- a/doc/crypto/ERR_put_error.pod
+++ b/doc/crypto/ERR_put_error.pod
-@@ -36,4 +36,13 @@ no values.
+@@ -27,6 +27,36 @@ L<ERR_load_strings(3)> can be used to register
+ error strings so that the application can a generate human-readable
+ error messages for the error code.
++=head2 Reporting errors
++
++Each sub-library has a specific macro XXXerr() that is used to report
++errors. Its first argument is a function code B<XXX_F_...>, the second
++argument is a reason code B<XXX_R_...>. Function codes are derived
++from the function names; reason codes consist of textual error
++descriptions. For example, the function ssl3_read_bytes() reports a
++"handshake failure" as follows:
++
++ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
++
++Function and reason codes should consist of upper case characters,
++numbers and underscores only. The error file generation script translates
++function codes into function names by looking in the header files
++for an appropriate function name, if none is found it just uses
++the capitalized form such as "SSL3_READ_BYTES" in the above example.
++
++The trailing section of a reason code (after the "_R_") is translated
++into lower case and underscores changed to spaces.
++
++When you are using new function or reason codes, run B<make errors>.
++The necessary B<#define>s will then automatically be added to the
++sub-library's header file.
++
++Although a library will normally report errors using its own specific
++XXXerr macro, another library's macro can be used. This is normally
++only done when a library wants to include ASN1 code which must use
++the ASN1err() macro.
++
++
+ =head1 RETURN VALUES
+
+ ERR_put_error() and ERR_add_error_data() return
+@@ -36,4 +66,13 @@ no values.
+
L<err(3)>, L<ERR_load_strings(3)>
+=head1 COPYRIGHT
@@ -89662,7 +99301,7 @@
+
=cut
diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod
-index b011182..f985104 100644
+index b011182c47af..f985104cda0f 100644
--- a/doc/crypto/ERR_remove_state.pod
+++ b/doc/crypto/ERR_remove_state.pod
@@ -2,44 +2,52 @@
@@ -89684,21 +99323,21 @@
void ERR_remove_state(unsigned long pid);
#endif
--=head1 DESCRIPTION
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void ERR_remove_thread_state(void *);
+ #endif
++
+ =head1 DESCRIPTION
-ERR_remove_thread_state() frees the error queue associated with the current
-thread.
-+=head1 DESCRIPTION
++The functions described here were used to free the error queue
++associated with the current or specificed thread.
-Since error queue data structures are allocated automatically for new
-threads, they must be freed when threads are terminated in order to
-avoid memory leaks.
-+The functions described here were used to free the error queue
-+associated with the current or specificed thread.
-
+-
-ERR_remove_state is deprecated and has been replaced by
-ERR_remove_thread_state. Any argument to this function is ignored and
-calling ERR_remove_state is equivalent to B<ERR_remove_thread_state()>.
@@ -89737,7 +99376,7 @@
=cut
diff --git a/doc/crypto/ERR_set_mark.pod b/doc/crypto/ERR_set_mark.pod
-index d30f1c0..9c55f5a 100644
+index d30f1c00774c..9c55f5a7bb20 100644
--- a/doc/crypto/ERR_set_mark.pod
+++ b/doc/crypto/ERR_set_mark.pod
@@ -31,4 +31,13 @@ implies that the stack became empty, otherwise 1.
@@ -89755,7 +99394,7 @@
+
=cut
diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
-index c2470df..003afb2 100644
+index c2470df20276..003afb27e8e7 100644
--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -44,7 +44,7 @@ defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
@@ -89783,7 +99422,7 @@
=cut
diff --git a/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod b/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
-index fc1d914..3a57fcd 100644
+index fc1d914ed895..3a57fcdb677a 100644
--- a/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
+++ b/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
@@ -39,4 +39,13 @@ cipher data for the EVP_CIPHER_CTX.
@@ -89801,7 +99440,7 @@
+
=cut
diff --git a/doc/crypto/EVP_CIPHER_meth_new.pod b/doc/crypto/EVP_CIPHER_meth_new.pod
-index 499133f..f9b1f6e 100644
+index 499133f647dc..f9b1f6e0dd8d 100644
--- a/doc/crypto/EVP_CIPHER_meth_new.pod
+++ b/doc/crypto/EVP_CIPHER_meth_new.pod
@@ -19,7 +19,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
@@ -89827,9 +99466,14 @@
The available flags are:
-=over 4
--
++=over
+
-=over 4
--
++=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
++EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
++EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
++EVP_CIPH_OCB_MODE
+
-=item The cipher modes:
-
-=over 4
@@ -89849,14 +99493,9 @@
-=item EVP_CIPH_GCM_MODE
-
-=item EVP_CIPH_CCM_MODE
-+=over
-
+-
-=item EVP_CIPH_XTS_MODE
-+=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
-+EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
-+EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
-+EVP_CIPH_OCB_MODE
-
+-
-=item EVP_CIPH_WRAP_MODE
-
-=item EVP_CIPH_OCB_MODE
@@ -89905,7 +99544,7 @@
+
=cut
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
-index 7ce5695..750a51e 100644
+index 7ce569540f93..750a51ef5f55 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -32,10 +32,10 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
@@ -89965,7 +99604,7 @@
+
=cut
diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod
-index 4b9eb21..c97a732 100644
+index 4b9eb212becb..c97a732b6870 100644
--- a/doc/crypto/EVP_DigestSignInit.pod
+++ b/doc/crypto/EVP_DigestSignInit.pod
@@ -9,7 +9,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func
@@ -90005,7 +99644,7 @@
+
=cut
diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod
-index cc740b7..15db70e 100644
+index cc740b7a7438..15db70ec58fd 100644
--- a/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/doc/crypto/EVP_DigestVerifyInit.pod
@@ -9,7 +9,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat
@@ -90046,7 +99685,7 @@
=cut
diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
new file mode 100644
-index 0000000..f653226
+index 000000000000..f65322617d80
--- /dev/null
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -0,0 +1,155 @@
@@ -90206,7 +99845,7 @@
+
+=cut
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
-index b42b64c..b185ea7 100644
+index b42b64c1782c..b185ea7587a1 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -40,14 +40,14 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
@@ -90277,10 +99916,23 @@
- char intext[] = "Some Crypto Text";
- EVP_CIPHER_CTX ctx;
- FILE *out;
--
++ {
++ unsigned char outbuf[1024];
++ int outlen, tmplen;
++ /* Bogus key and IV: we'd normally set these from
++ * another source.
++ */
++ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
++ unsigned char iv[] = {1,2,3,4,5,6,7,8};
++ char intext[] = "Some Crypto Text";
++ EVP_CIPHER_CTX ctx;
++ FILE *out;
+
- ctx = EVP_CIPHER_CTX_new();
- EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
--
++ ctx = EVP_CIPHER_CTX_new();
++ EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+
- if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
- {
- /* Error */
@@ -90298,21 +99950,6 @@
- EVP_CIPHER_CTX_free(ctx);
- /* Need binary mode for fopen because encrypted data is
- * binary data. Also cannot use strlen() on it because
-+ {
-+ unsigned char outbuf[1024];
-+ int outlen, tmplen;
-+ /* Bogus key and IV: we'd normally set these from
-+ * another source.
-+ */
-+ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
-+ unsigned char iv[] = {1,2,3,4,5,6,7,8};
-+ char intext[] = "Some Crypto Text";
-+ EVP_CIPHER_CTX ctx;
-+ FILE *out;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
-+
+ if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
+ {
+ /* Error */
@@ -90362,17 +99999,35 @@
- */
- unsigned char key[] = "0123456789abcdeF";
- unsigned char iv[] = "1234567887654321";
--
++ {
++ /* Allow enough space in output buffer for additional block */
++ unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
++ int inlen, outlen;
++ EVP_CIPHER_CTX *ctx;
++ /* Bogus key and IV: we'd normally set these from
++ * another source.
++ */
++ unsigned char key[] = "0123456789abcdeF";
++ unsigned char iv[] = "1234567887654321";
+
- /* Don't set key or IV right away; we want to check lengths */
- ctx = EVP_CIPHER_CTX_new();
- EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
- do_encrypt);
- OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
--
++ /* Don't set key or IV right away; we want to check lengths */
++ ctx = EVP_CIPHER_CTX_new();
++ EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
++ do_encrypt);
++ OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
++ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+
- /* Now we can set key and IV */
- EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
--
++ /* Now we can set key and IV */
++ EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
+
- for(;;)
- {
- inlen = fread(inbuf, 1, 1024, in);
@@ -90392,31 +100047,6 @@
- return 0;
- }
- fwrite(outbuf, 1, outlen, out);
--
-- EVP_CIPHER_CTX_free(ctx);
-- return 1;
-- }
-+ {
-+ /* Allow enough space in output buffer for additional block */
-+ unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
-+ int inlen, outlen;
-+ EVP_CIPHER_CTX *ctx;
-+ /* Bogus key and IV: we'd normally set these from
-+ * another source.
-+ */
-+ unsigned char key[] = "0123456789abcdeF";
-+ unsigned char iv[] = "1234567887654321";
-+
-+ /* Don't set key or IV right away; we want to check lengths */
-+ ctx = EVP_CIPHER_CTX_new();
-+ EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
-+ do_encrypt);
-+ OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
-+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
-+
-+ /* Now we can set key and IV */
-+ EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
-+
+ for(;;)
+ {
+ inlen = fread(inbuf, 1, 1024, in);
@@ -90436,7 +100066,10 @@
+ return 0;
+ }
+ fwrite(outbuf, 1, outlen, out);
-+
+
+- EVP_CIPHER_CTX_free(ctx);
+- return 1;
+- }
+ EVP_CIPHER_CTX_free(ctx);
+ return 1;
+ }
@@ -90458,7 +100091,7 @@
+
=cut
diff --git a/doc/crypto/EVP_MD_meth_new.pod b/doc/crypto/EVP_MD_meth_new.pod
-index 0bab127..c222e37 100644
+index 0bab12700797..c222e37e2fde 100644
--- a/doc/crypto/EVP_MD_meth_new.pod
+++ b/doc/crypto/EVP_MD_meth_new.pod
@@ -157,4 +157,13 @@ L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
@@ -90476,7 +100109,7 @@
+
=cut
diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod
-index e207b01..293b4eb 100644
+index e207b012e387..293b4eb398c4 100644
--- a/doc/crypto/EVP_OpenInit.pod
+++ b/doc/crypto/EVP_OpenInit.pod
@@ -9,7 +9,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
@@ -90513,7 +100146,7 @@
=cut
diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
-index cc27e54..c9b7fdd 100644
+index cc27e54b0ccb..c9b7fdd476af 100644
--- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
@@ -90543,9 +100176,18 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_CTX_new.pod b/doc/crypto/EVP_PKEY_CTX_new.pod
-index 5fb5d58..30b5794 100644
+index 5fb5d58f0978..eff94cd94364 100644
--- a/doc/crypto/EVP_PKEY_CTX_new.pod
+++ b/doc/crypto/EVP_PKEY_CTX_new.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions.
++EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions
+
+ =head1 SYNOPSIS
+
@@ -50,4 +50,13 @@ L<EVP_PKEY_new(3)>
These functions were first added to OpenSSL 1.0.0.
@@ -90561,7 +100203,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod
-index 8a5ef98..8ce79c3 100644
+index 8a5ef98e7f47..8ce79c354d34 100644
--- a/doc/crypto/EVP_PKEY_HKDF.pod
+++ b/doc/crypto/EVP_PKEY_HKDF.pod
@@ -116,4 +116,13 @@ L<EVP_PKEY_CTX_new(3)>,
@@ -90579,7 +100221,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
-index e2264fc..5c8dd9d 100644
+index e2264fc34d04..5c8dd9ddaa7a 100644
--- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
+++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
@@ -96,4 +96,13 @@ L<EVP_PKEY_CTX_new(3)>,
@@ -90597,10 +100239,21 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod
-index 9e0107f..4e1f78b 100644
+index 9e0107fb0db3..7c9e582a81a4 100644
--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
-@@ -56,6 +56,15 @@ keys match, 0 if they don't match, -1 if the key types are different and
+@@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
+ doesn't use parameters.
+
+ The function EVP_PKEY_copy_parameters() copies the parameters from key
+-B<from> to key B<to>.
++B<from> to key B<to>. An error is returned if the parameters are missing in
++B<from> or present in both B<from> and B<to> and mismatch. If the parameters
++in B<from> and B<to> are both present and match this function has no effect.
+
+ The function EVP_PKEY_cmp_parameters() compares the parameters of keys
+ B<a> and B<b>.
+@@ -56,6 +58,15 @@ keys match, 0 if they don't match, -1 if the key types are different and
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
@@ -90618,7 +100271,7 @@
=cut
diff --git a/doc/crypto/EVP_PKEY_decrypt.pod b/doc/crypto/EVP_PKEY_decrypt.pod
-index e94f3a8..ca732ed 100644
+index e94f3a8a0277..ca732ed0f918 100644
--- a/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/doc/crypto/EVP_PKEY_decrypt.pod
@@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
@@ -90632,7 +100285,7 @@
=head1 DESCRIPTION
-@@ -50,30 +50,30 @@ Decrypt data using OAEP (for RSA keys):
+@@ -50,30 +50,30 @@ indicates the operation is not supported by the public key algorithm.
EVP_PKEY_CTX *ctx;
unsigned char *out, *in;
@@ -90693,11 +100346,20 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_derive.pod b/doc/crypto/EVP_PKEY_derive.pod
-index f6f3ac7..8c57735 100644
+index f6f3ac7786d6..f70a0b8d9b88 100644
--- a/doc/crypto/EVP_PKEY_derive.pod
+++ b/doc/crypto/EVP_PKEY_derive.pod
-@@ -57,23 +57,23 @@ Derive shared secret (for example DH or EC keys):
+@@ -2,7 +2,7 @@
+ =head1 NAME
+
+-EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret.
++EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret
+
+ =head1 SYNOPSIS
+
+@@ -57,23 +57,23 @@ indicates the operation is not supported by the public key algorithm.
+
ctx = EVP_PKEY_CTX_new(pkey);
if (!ctx)
- /* Error occurred */
@@ -90742,7 +100404,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_encrypt.pod b/doc/crypto/EVP_PKEY_encrypt.pod
-index 819d864..9dc8499 100644
+index 819d8643cafb..d75f3f22cd93 100644
--- a/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/doc/crypto/EVP_PKEY_encrypt.pod
@@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
@@ -90756,7 +100418,16 @@
=head1 DESCRIPTION
-@@ -54,30 +54,30 @@ set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
+@@ -43,7 +43,7 @@ indicates the operation is not supported by the public key algorithm.
+
+ =head1 EXAMPLE
+
+-Encrypt data using OAEP (for RSA keys). See also L<pem(3)> or
++Encrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)> or
+ L<d2i_X509(3)> for means to load a public key. You may also simply
+ set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
+
+@@ -54,30 +54,30 @@ L<d2i_X509(3)> for means to load a public key. You may also simply
EVP_PKEY_CTX *ctx;
ENGINE *eng;
unsigned char *out, *in;
@@ -90817,7 +100488,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_get_default_digest.pod b/doc/crypto/EVP_PKEY_get_default_digest.pod
-index 8ac104e..3dce5c5 100644
+index 8ac104efef2a..3dce5c59a8f0 100644
--- a/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ b/doc/crypto/EVP_PKEY_get_default_digest.pod
@@ -38,4 +38,13 @@ L<EVP_PKEY_verify_recover(3)>,
@@ -90835,7 +100506,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod
-index c86e013..ec803c9 100644
+index c86e01352353..ec803c9d9f35 100644
--- a/doc/crypto/EVP_PKEY_keygen.pod
+++ b/doc/crypto/EVP_PKEY_keygen.pod
@@ -28,7 +28,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen
@@ -90847,7 +100518,7 @@
generated key is written to B<ppkey>.
The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
-@@ -95,15 +95,15 @@ Generate a 2048 bit RSA key:
+@@ -95,15 +95,15 @@ the public key algorithm.
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
@@ -90867,7 +100538,7 @@
Generate a key from a set of parameters:
-@@ -115,13 +115,13 @@ Generate a key from a set of parameters:
+@@ -115,13 +115,13 @@ the public key algorithm.
/* Assumed param is set up already */
ctx = EVP_PKEY_CTX_new(param);
if (!ctx)
@@ -90884,7 +100555,7 @@
Example of generation callback for OpenSSL public key implementations:
-@@ -130,19 +130,19 @@ Example of generation callback for OpenSSL public key implementations:
+@@ -130,19 +130,19 @@ the public key algorithm.
EVP_PKEY_CTX_set_app_data(ctx, status_bio);
static int genpkey_cb(EVP_PKEY_CTX *ctx)
@@ -90939,10 +100610,18 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_new.pod b/doc/crypto/EVP_PKEY_new.pod
-index 05ac087..2d9f121 100644
+index 05ac08795e2c..956d6990028e 100644
--- a/doc/crypto/EVP_PKEY_new.pod
+++ b/doc/crypto/EVP_PKEY_new.pod
-@@ -9,7 +9,7 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions.
+@@ -2,14 +2,14 @@
+
+ =head1 NAME
+
+-EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions.
++EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions
+
+ =head1 SYNOPSIS
+
#include <openssl/evp.h>
EVP_PKEY *EVP_PKEY_new(void);
@@ -90975,10 +100654,18 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_print_private.pod b/doc/crypto/EVP_PKEY_print_private.pod
-index 8664c49..f122c03 100644
+index 8664c4926f5d..9f1d324f81be 100644
--- a/doc/crypto/EVP_PKEY_print_private.pod
+++ b/doc/crypto/EVP_PKEY_print_private.pod
-@@ -9,11 +9,11 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public ke
+@@ -2,18 +2,18 @@
+
+ =head1 NAME
+
+-EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines.
++EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines
+
+ =head1 SYNOPSIS
+
#include <openssl/evp.h>
int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
@@ -91024,9 +100711,18 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
-index c7fd8e9..5620d6c 100644
+index c7fd8e94b96d..c6cdcf94dbff 100644
--- a/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
+@@ -6,7 +6,7 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+ EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+ EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
+ EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
+-EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions.
++EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
+
+ =head1 SYNOPSIS
+
@@ -105,4 +105,13 @@ type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
L<EVP_PKEY_new(3)>
@@ -91042,7 +100738,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod
-index f189206..9b3c8d4 100644
+index f189206676d1..9b3c8d4593fe 100644
--- a/doc/crypto/EVP_PKEY_sign.pod
+++ b/doc/crypto/EVP_PKEY_sign.pod
@@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
@@ -91056,7 +100752,7 @@
=head1 DESCRIPTION
-@@ -66,25 +66,25 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
+@@ -66,25 +66,25 @@ indicates the operation is not supported by the public key algorithm.
*/
ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
if (!ctx)
@@ -91112,7 +100808,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_verify.pod b/doc/crypto/EVP_PKEY_verify.pod
-index 4952b7f..e84f880 100644
+index 4952b7f4165e..e84f8804197c 100644
--- a/doc/crypto/EVP_PKEY_verify.pod
+++ b/doc/crypto/EVP_PKEY_verify.pod
@@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke
@@ -91126,7 +100822,7 @@
=head1 DESCRIPTION
-@@ -53,20 +53,20 @@ Verify signature using PKCS#1 and SHA256 digest:
+@@ -53,20 +53,20 @@ the public key algorithm.
EVP_PKEY_CTX *ctx;
unsigned char *md, *sig;
@@ -91174,7 +100870,7 @@
+
=cut
diff --git a/doc/crypto/EVP_PKEY_verify_recover.pod b/doc/crypto/EVP_PKEY_verify_recover.pod
-index 6c2287b..837bc64 100644
+index 6c2287bbd6aa..837bc64ec227 100644
--- a/doc/crypto/EVP_PKEY_verify_recover.pod
+++ b/doc/crypto/EVP_PKEY_verify_recover.pod
@@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using
@@ -91197,7 +100893,7 @@
used.
Sometimes however it is useful to obtain the data originally signed using a
-@@ -58,32 +58,32 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
+@@ -58,32 +58,32 @@ indicates the operation is not supported by the public key algorithm.
EVP_PKEY_CTX *ctx;
unsigned char *rout, *sig;
@@ -91261,7 +100957,7 @@
+
=cut
diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod
-index e920e3e..30bd680 100644
+index e920e3e310bc..30bd6808c198 100644
--- a/doc/crypto/EVP_SealInit.pod
+++ b/doc/crypto/EVP_SealInit.pod
@@ -42,9 +42,9 @@ If the cipher does not require an IV then the B<iv> parameter is ignored
@@ -91291,7 +100987,7 @@
+
=cut
diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
-index 185b113..171dbec 100644
+index 185b113b6427..171dbec409a9 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -60,7 +60,7 @@ transparent to the algorithm used and much more flexible.
@@ -91327,7 +101023,7 @@
+
=cut
diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod
-index 7fb6e63..79bd581 100644
+index 7fb6e633e7f5..79bd5813609c 100644
--- a/doc/crypto/EVP_VerifyInit.pod
+++ b/doc/crypto/EVP_VerifyInit.pod
@@ -51,7 +51,7 @@ transparent to the algorithm used and much more flexible.
@@ -91362,11 +101058,320 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/HMAC.pod b/doc/crypto/HMAC.pod
+new file mode 100644
+index 000000000000..cabb4930b4d0
+--- /dev/null
++++ b/doc/crypto/HMAC.pod
+@@ -0,0 +1,122 @@
++=pod
++
++=head1 NAME
++
++HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final - HMAC message authentication code
++
++=head1 SYNOPSIS
++
++ #include <openssl/hmac.h>
++
++ unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
++ int key_len, const unsigned char *d, int n,
++ unsigned char *md, unsigned int *md_len);
++
++ HMAC_CTX *HMAC_CTX_new(void);
++ int HMAC_CTX_reset(HMAC_CTX *ctx);
++
++ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
++ const EVP_MD *md, ENGINE *impl);
++ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
++ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
++
++ void HMAC_CTX_free(HMAC_CTX *ctx);
++
++Deprecated:
++
++ #if OPENSSL_API_COMPAT < 0x10100000L
++ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
++ const EVP_MD *md);
++ #endif
++
++=head1 DESCRIPTION
++
++HMAC is a MAC (message authentication code), i.e. a keyed hash
++function used for message authentication, which is based on a hash
++function.
++
++HMAC() computes the message authentication code of the B<n> bytes at
++B<d> using the hash function B<evp_md> and the key B<key> which is
++B<key_len> bytes long.
++
++It places the result in B<md> (which must have space for the output of
++the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
++If B<md> is NULL, the digest is placed in a static array. The size of
++the output is placed in B<md_len>, unless it is B<NULL>.
++
++B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
++
++HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
++
++HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
++resources, making it suitable for new computations as if it was newly
++created with HMAC_CTX_new().
++
++HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
++releases any associated resources and finally frees the B<HMAC_CTX>
++itself.
++
++The following functions may be used if the message is not completely
++stored in memory:
++
++HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
++function B<evp_md> and the key B<key> which is B<key_len> bytes
++long. It is deprecated and only included for backward compatibility
++with OpenSSL 0.9.6b.
++
++HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
++the function B<evp_md> and key B<key>. Either can be NULL, in which
++case the existing one will be reused. B<ctx> must have been created
++with HMAC_CTX_new() before the first use of an B<HMAC_CTX> in this
++function. B<N.B. HMAC_Init() had this undocumented behaviour in
++previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
++programs that expect it will cause them to stop working>.
++
++HMAC_Update() can be called repeatedly with chunks of the message to
++be authenticated (B<len> bytes at B<data>).
++
++HMAC_Final() places the message authentication code in B<md>, which
++must have space for the hash function output.
++
++=head1 RETURN VALUES
++
++HMAC() returns a pointer to the message authentication code or NULL if
++an error occurred.
++
++HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
++B<NULL> if an error occurred.
++
++HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1
++for success or 0 if an error occurred.
++
++HMAC_CTX_free() do not return values.
++
++=head1 CONFORMING TO
++
++RFC 2104
++
++=head1 SEE ALSO
++
++L<sha(3)>, L<evp(3)>
++
++=head1 HISTORY
++
++HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.
++
++HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.
++
++HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1.
++
++HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
++versions of OpenSSL before 1.0.0.
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/MD5.pod b/doc/crypto/MD5.pod
+new file mode 100644
+index 000000000000..78da750796eb
+--- /dev/null
++++ b/doc/crypto/MD5.pod
+@@ -0,0 +1,101 @@
++=pod
++
++=head1 NAME
++
++MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
++MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/md2.h>
++
++ unsigned char *MD2(const unsigned char *d, unsigned long n,
++ unsigned char *md);
++
++ int MD2_Init(MD2_CTX *c);
++ int MD2_Update(MD2_CTX *c, const unsigned char *data,
++ unsigned long len);
++ int MD2_Final(unsigned char *md, MD2_CTX *c);
++
++
++ #include <openssl/md4.h>
++
++ unsigned char *MD4(const unsigned char *d, unsigned long n,
++ unsigned char *md);
++
++ int MD4_Init(MD4_CTX *c);
++ int MD4_Update(MD4_CTX *c, const void *data,
++ unsigned long len);
++ int MD4_Final(unsigned char *md, MD4_CTX *c);
++
++
++ #include <openssl/md5.h>
++
++ unsigned char *MD5(const unsigned char *d, unsigned long n,
++ unsigned char *md);
++
++ int MD5_Init(MD5_CTX *c);
++ int MD5_Update(MD5_CTX *c, const void *data,
++ unsigned long len);
++ int MD5_Final(unsigned char *md, MD5_CTX *c);
++
++=head1 DESCRIPTION
++
++MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
++
++MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
++of the B<n> bytes at B<d> and place it in B<md> (which must have space
++for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
++bytes of output). If B<md> is NULL, the digest is placed in a static
++array.
++
++The following functions may be used if the message is not completely
++stored in memory:
++
++MD2_Init() initializes a B<MD2_CTX> structure.
++
++MD2_Update() can be called repeatedly with chunks of the message to
++be hashed (B<len> bytes at B<data>).
++
++MD2_Final() places the message digest in B<md>, which must have space
++for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
++
++MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
++MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
++
++Applications should use the higher level functions
++L<EVP_DigestInit(3)>
++etc. instead of calling the hash functions directly.
++
++=head1 NOTE
++
++MD2, MD4, and MD5 are recommended only for compatibility with existing
++applications. In new applications, SHA-1 or RIPEMD-160 should be
++preferred.
++
++=head1 RETURN VALUES
++
++MD2(), MD4(), and MD5() return pointers to the hash value.
++
++MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
++MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
++success, 0 otherwise.
++
++=head1 CONFORMING TO
++
++RFC 1319, RFC 1320, RFC 1321
++
++=head1 SEE ALSO
++
++L<EVP_DigestInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/MDC2_Init.pod b/doc/crypto/MDC2_Init.pod
+new file mode 100644
+index 000000000000..f7db71b460d3
+--- /dev/null
++++ b/doc/crypto/MDC2_Init.pod
+@@ -0,0 +1,68 @@
++=pod
++
++=head1 NAME
++
++MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
++
++=head1 SYNOPSIS
++
++ #include <openssl/mdc2.h>
++
++ unsigned char *MDC2(const unsigned char *d, unsigned long n,
++ unsigned char *md);
++
++ int MDC2_Init(MDC2_CTX *c);
++ int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
++ unsigned long len);
++ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
++
++=head1 DESCRIPTION
++
++MDC2 is a method to construct hash functions with 128 bit output from
++block ciphers. These functions are an implementation of MDC2 with
++DES.
++
++MDC2() computes the MDC2 message digest of the B<n>
++bytes at B<d> and places it in B<md> (which must have space for
++MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
++is placed in a static array.
++
++The following functions may be used if the message is not completely
++stored in memory:
++
++MDC2_Init() initializes a B<MDC2_CTX> structure.
++
++MDC2_Update() can be called repeatedly with chunks of the message to
++be hashed (B<len> bytes at B<data>).
++
++MDC2_Final() places the message digest in B<md>, which must have space
++for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
++
++Applications should use the higher level functions
++L<EVP_DigestInit(3)> etc. instead of calling the
++hash functions directly.
++
++=head1 RETURN VALUES
++
++MDC2() returns a pointer to the hash value.
++
++MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
++
++=head1 CONFORMING TO
++
++ISO/IEC 10118-2, with DES
++
++=head1 SEE ALSO
++
++L<EVP_DigestInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
-index d777d7c..ac34a40 100644
+index d777d7ca5303..ac34a40225cb 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
-@@ -42,7 +42,7 @@ Deprecated:
+@@ -42,7 +42,7 @@ functions
The ASN1 object utility functions process ASN1_OBJECT structures which are
a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
@@ -91384,7 +101389,7 @@
numerical form of the object, B<sn> the short name and B<ln> the
long name. A new NID is returned for the created object.
-@@ -127,7 +127,7 @@ Create an object for B<commonName>:
+@@ -127,7 +127,7 @@ is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
Check if an object is B<commonName>
if (OBJ_obj2nid(obj) == NID_commonName)
@@ -91393,7 +101398,7 @@
Create a new NID and initialize an object from it:
-@@ -136,14 +136,14 @@ Create a new NID and initialize an object from it:
+@@ -136,14 +136,14 @@ Check if an object is B<commonName>
new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
obj = OBJ_nid2obj(new_nid);
@@ -91425,17 +101430,21 @@
+
=cut
diff --git a/doc/crypto/OCSP_REQUEST_new.pod b/doc/crypto/OCSP_REQUEST_new.pod
-index b74f56a..82de0d5 100644
+index b74f56a2326c..97c2337d108c 100644
--- a/doc/crypto/OCSP_REQUEST_new.pod
+++ b/doc/crypto/OCSP_REQUEST_new.pod
-@@ -1,5 +1,7 @@
+@@ -1,8 +1,10 @@
=pod
+=head1 NAME
+
OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign,
OCSP_request_add1_cert, OCSP_request_onereq_count,
- OCSP_request_onereq_get0 - OCSP request functions.
+-OCSP_request_onereq_get0 - OCSP request functions.
++OCSP_request_onereq_get0 - OCSP request functions
+
+ =head1 SYNOPSIS
+
@@ -104,4 +106,13 @@ L<OCSP_response_find_status(3)>,
L<OCSP_response_status(3)>,
L<OCSP_sendreq_new(3)>
@@ -91451,17 +101460,20 @@
+
=cut
diff --git a/doc/crypto/OCSP_cert_to_id.pod b/doc/crypto/OCSP_cert_to_id.pod
-index ac11ba7..bd06417 100644
+index ac11ba7b5991..0e37937feac7 100644
--- a/doc/crypto/OCSP_cert_to_id.pod
+++ b/doc/crypto/OCSP_cert_to_id.pod
-@@ -1,5 +1,7 @@
+@@ -1,7 +1,9 @@
=pod
+=head1 NAME
+
OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp,
- OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions.
+-OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions.
++OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions
+ =head1 SYNOPSIS
+
@@ -75,4 +77,13 @@ L<OCSP_response_find_status(3)>,
L<OCSP_response_status(3)>,
L<OCSP_sendreq_new(3)>
@@ -91477,17 +101489,19 @@
+
=cut
diff --git a/doc/crypto/OCSP_request_add1_nonce.pod b/doc/crypto/OCSP_request_add1_nonce.pod
-index a95000e..4162c70 100644
+index a95000e2f76b..dab42c67be35 100644
--- a/doc/crypto/OCSP_request_add1_nonce.pod
+++ b/doc/crypto/OCSP_request_add1_nonce.pod
-@@ -1,5 +1,7 @@
+@@ -1,6 +1,8 @@
=pod
+-OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions.
+=head1 NAME
+
- OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions.
++OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions
=head1 SYNOPSIS
+
@@ -70,4 +72,13 @@ L<OCSP_response_find_status(3)>,
L<OCSP_response_status(3)>,
L<OCSP_sendreq_new(3)>
@@ -91503,17 +101517,19 @@
+
=cut
diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod
-index 2a14189..8baeb2f 100644
+index 2a1418955a54..a7394343fdc3 100644
--- a/doc/crypto/OCSP_response_find_status.pod
+++ b/doc/crypto/OCSP_response_find_status.pod
-@@ -1,5 +1,7 @@
+@@ -1,6 +1,8 @@
=pod
+-OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
+=head1 NAME
+
- OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
++OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions
=head1 SYNOPSIS
+
@@ -106,4 +108,13 @@ L<OCSP_REQUEST_new(3)>,
L<OCSP_response_status(3)>,
L<OCSP_sendreq_new(3)>
@@ -91529,17 +101545,20 @@
+
=cut
diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod
-index 5195b2a..8cae3ae 100644
+index 5195b2a94425..08738d251553 100644
--- a/doc/crypto/OCSP_response_status.pod
+++ b/doc/crypto/OCSP_response_status.pod
-@@ -1,5 +1,7 @@
+@@ -1,7 +1,9 @@
=pod
+=head1 NAME
+
OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
- OCSP_RESPONSE_free - OCSP response functions.
+-OCSP_RESPONSE_free - OCSP response functions.
++OCSP_RESPONSE_free - OCSP response functions
+ =head1 SYNOPSIS
+
@@ -21,7 +23,7 @@ B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B<OCSP_RESPONSE_STATUS_TRYLATER>
B<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or B<OCSP_RESPONSE_STATUS_UNAUTHORIZED>.
@@ -91564,7 +101583,7 @@
+
=cut
diff --git a/doc/crypto/OCSP_sendreq_new.pod b/doc/crypto/OCSP_sendreq_new.pod
-index 1d5599a..c7fdc9b 100644
+index 1d5599a6258e..c7fdc9b12e6f 100644
--- a/doc/crypto/OCSP_sendreq_new.pod
+++ b/doc/crypto/OCSP_sendreq_new.pod
@@ -110,4 +110,13 @@ L<OCSP_REQUEST_new(3)>,
@@ -91582,7 +101601,7 @@
+
=cut
diff --git a/doc/crypto/OPENSSL_Applink.pod b/doc/crypto/OPENSSL_Applink.pod
-index e54de12..59f46eb 100644
+index e54de12cc89e..59f46ebbebe6 100644
--- a/doc/crypto/OPENSSL_Applink.pod
+++ b/doc/crypto/OPENSSL_Applink.pod
@@ -18,4 +18,13 @@ expected to implement it, but to compile provided module with
@@ -91599,8 +101618,348 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/OPENSSL_LH_COMPFUNC.pod b/doc/crypto/OPENSSL_LH_COMPFUNC.pod
+new file mode 100644
+index 000000000000..372f0d952c16
+--- /dev/null
++++ b/doc/crypto/OPENSSL_LH_COMPFUNC.pod
+@@ -0,0 +1,264 @@
++=pod
++
++=head1 NAME
++
++DECLARE_LHASH_OF,
++OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC,
++LHASH_DOALL_ARG_FN_TYPE,
++lh_TYPE_new, lh_TYPE_free,
++lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,
++lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table
++
++=for comment generic
++
++=head1 SYNOPSIS
++
++ #include <openssl/lhash.h>
++
++ DECLARE_LHASH_OF(TYPE);
++
++ LHASH *lh_TYPE_new();
++ void lh_TYPE_free(LHASH_OF(TYPE *table);
++
++ TYPE *lh_TYPE_insert(LHASH_OF(TYPE *table, TYPE *data);
++ TYPE *lh_TYPE_delete(LHASH_OF(TYPE *table, TYPE *data);
++ TYPE *lh_retrieve(LHASH_OFTYPE *table, TYPE *data);
++
++ void lh_TYPE_doall(LHASH_OF(TYPE *table, OPENSSL_LH_DOALL_FUNC func);
++ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
++ TYPE, TYPE *arg);
++
++ int lh_TYPE_error(LHASH_OF(TYPE) *table);
++
++ typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
++ typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
++ typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
++ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
++
++=head1 DESCRIPTION
++
++This library implements type-checked dynamic hash tables. The hash
++table entries can be arbitrary structures. Usually they consist of key
++and value fields. In the description here, I<TYPE> is used a placeholder
++for any of the OpenSSL datatypes, such as I<SSL_SESSION>.
++
++lh_TYPE_new() creates a new B<LHASH_OF(TYPE)> structure to store
++arbitrary data entries, and provides the 'hash' and 'compare'
++callbacks to be used in organising the table's entries. The B<hash>
++callback takes a pointer to a table entry as its argument and returns
++an unsigned long hash value for its key field. The hash value is
++normally truncated to a power of 2, so make sure that your hash
++function returns well mixed low order bits. The B<compare> callback
++takes two arguments (pointers to two hash table entries), and returns
++0 if their keys are equal, non-zero otherwise. If your hash table
++will contain items of some particular type and the B<hash> and
++B<compare> callbacks hash/compare these types, then the
++B<DECLARE_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
++used to create callback wrappers of the prototypes required by
++lh_TYPE_new(). These provide per-variable casts before calling the
++type-specific callbacks written by the application author. These
++macros, as well as those used for the "doall" callbacks, are defined
++as;
++
++ #define DECLARE_LHASH_HASH_FN(name, o_type) \
++ unsigned long name##_LHASH_HASH(const void *);
++ #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
++ unsigned long name##_LHASH_HASH(const void *arg) { \
++ const o_type *a = arg; \
++ return name##_hash(a); }
++ #define LHASH_HASH_FN(name) name##_LHASH_HASH
++
++ #define DECLARE_LHASH_COMP_FN(name, o_type) \
++ int name##_LHASH_COMP(const void *, const void *);
++ #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
++ int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
++ const o_type *a = arg1; \
++ const o_type *b = arg2; \
++ return name##_cmp(a,b); }
++ #define LHASH_COMP_FN(name) name##_LHASH_COMP
++
++ #define DECLARE_LHASH_DOALL_FN(name, o_type) \
++ void name##_LHASH_DOALL(void *);
++ #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
++ void name##_LHASH_DOALL(void *arg) { \
++ o_type *a = arg; \
++ name##_doall(a); }
++ #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
++
++ #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
++ void name##_LHASH_DOALL_ARG(void *, void *);
++ #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
++ void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
++ o_type *a = arg1; \
++ a_type *b = arg2; \
++ name##_doall_arg(a, b); }
++ #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
++
++ An example of a hash table storing (pointers to) structures of type 'STUFF'
++ could be defined as follows;
++
++ /* Calculates the hash value of 'tohash' (implemented elsewhere) */
++ unsigned long STUFF_hash(const STUFF *tohash);
++ /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
++ int stuff_cmp(const STUFF *arg1, const STUFF *arg2);
++ /* Create the type-safe wrapper functions for use in the LHASH internals */
++ static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF);
++ static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF);
++ /* ... */
++ int main(int argc, char *argv[]) {
++ /* Create the new hash table using the hash/compare wrappers */
++ LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
++ LHASH_COMP_FN(STUFF_cmp));
++ /* ... */
++ }
++
++lh_TYPE_free() frees the B<LHASH_OF(TYPE)> structure
++B<table>. Allocated hash table entries will not be freed; consider
++using lh_TYPE_doall() to deallocate any remaining entries in the
++hash table (see below).
++
++lh_TYPE_insert() inserts the structure pointed to by B<data> into
++B<table>. If there already is an entry with the same key, the old
++value is replaced. Note that lh_TYPE_insert() stores pointers, the
++data are not copied.
++
++lh_TYPE_delete() deletes an entry from B<table>.
++
++lh_TYPE_retrieve() looks up an entry in B<table>. Normally, B<data>
++is a structure with the key field(s) set; the function will return a
++pointer to a fully populated structure.
++
++lh_TYPE_doall() will, for every entry in the hash table, call
++B<func> with the data item as its parameter. For lh_TYPE_doall()
++and lh_TYPE_doall_arg(), function pointer casting should be avoided
++in the callbacks (see B<NOTE>) - instead use the declare/implement
++macros to create type-checked wrappers that cast variables prior to
++calling your type-specific callbacks. An example of this is
++illustrated here where the callback is used to cleanup resources for
++items in the hash table prior to the hashtable itself being
++deallocated:
++
++ /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
++ void STUFF_cleanup_doall(STUFF *a);
++ /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
++ IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF)
++ /* ... then later in the code ... */
++ /* So to run "STUFF_cleanup" against all items in a hash table ... */
++ lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
++ /* Then the hash table itself can be deallocated */
++ lh_STUFF_free(hashtable);
++
++When doing this, be careful if you delete entries from the hash table
++in your callbacks: the table may decrease in size, moving the item
++that you are currently on down lower in the hash table - this could
++cause some entries to be skipped during the iteration. The second
++best solution to this problem is to set hash-E<gt>down_load=0 before
++you start (which will stop the hash table ever decreasing in size).
++The best solution is probably to avoid deleting items from the hash
++table inside a "doall" callback!
++
++lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that
++B<func> will be called with B<arg> as the second argument and B<func>
++should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
++that is passed both the table entry and an extra argument). As with
++lh_doall(), you can instead choose to declare your callback with a
++prototype matching the types you are dealing with and use the
++declare/implement macros to create compatible wrappers that cast
++variables before calling your type-specific callbacks. An example of
++this is demonstrated here (printing all hash table entries to a BIO
++that is provided by the caller):
++
++ /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
++ void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio);
++ /* Implement a prototype-compatible wrapper for "STUFF_print" */
++ static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO)
++ /* ... then later in the code ... */
++ /* Print out the entire hashtable to a particular BIO */
++ lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
++ logging_bio);
++
++
++lh_TYPE_error() can be used to determine if an error occurred in the last
++operation.
++
++=head1 RETURN VALUES
++
++lh_TYPE_new() returns B<NULL> on error, otherwise a pointer to the new
++B<LHASH> structure.
++
++When a hash table entry is replaced, lh_TYPE_insert() returns the value
++being replaced. B<NULL> is returned on normal operation and on error.
++
++lh_TYPE_delete() returns the entry being deleted. B<NULL> is returned if
++there is no such value in the hash table.
++
++lh_TYPE_retrieve() returns the hash table entry if it has been found,
++B<NULL> otherwise.
++
++lh_TYPE_error() returns 1 if an error occurred in the last operation, 0
++otherwise.
++
++lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values.
++
++=head1 NOTE
++
++The various LHASH macros and callback types exist to make it possible
++to write type-checked code without resorting to function-prototype
++casting - an evil that makes application code much harder to
++audit/verify and also opens the window of opportunity for stack
++corruption and other hard-to-find bugs. It also, apparently, violates
++ANSI-C.
++
++The LHASH code regards table entries as constant data. As such, it
++internally represents lh_insert()'d items with a "const void *"
++pointer type. This is why callbacks such as those used by lh_doall()
++and lh_doall_arg() declare their prototypes with "const", even for the
++parameters that pass back the table items' data pointers - for
++consistency, user-provided data is "const" at all times as far as the
++LHASH code is concerned. However, as callers are themselves providing
++these pointers, they can choose whether they too should be treating
++all such parameters as constant.
++
++As an example, a hash table may be maintained by code that, for
++reasons of encapsulation, has only "const" access to the data being
++indexed in the hash table (ie. it is returned as "const" from
++elsewhere in their code) - in this case the LHASH prototypes are
++appropriate as-is. Conversely, if the caller is responsible for the
++life-time of the data in question, then they may well wish to make
++modifications to table item passed back in the lh_doall() or
++lh_doall_arg() callbacks (see the "STUFF_cleanup" example above). If
++so, the caller can either cast the "const" away (if they're providing
++the raw callbacks themselves) or use the macros to declare/implement
++the wrapper functions without "const" types.
++
++Callers that only have "const" access to data they're indexing in a
++table, yet declare callbacks without constant types (or cast the
++"const" away themselves), are therefore creating their own risks/bugs
++without being encouraged to do so by the API. On a related note,
++those auditing code should pay special attention to any instances of
++DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
++without any "const" qualifiers.
++
++=head1 BUGS
++
++lh_TYPE_insert() returns B<NULL> both for success and error.
++
++=head1 SEE ALSO
++
++L<lh_stats(3)>
++
++=head1 HISTORY
++
++In OpenSSL 1.0.0, the lhash interface was revamped for better
++type checking.
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/OPENSSL_LH_stats.pod b/doc/crypto/OPENSSL_LH_stats.pod
+new file mode 100644
+index 000000000000..c454a47eef25
+--- /dev/null
++++ b/doc/crypto/OPENSSL_LH_stats.pod
+@@ -0,0 +1,64 @@
++=pod
++
++=head1 NAME
++
++OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats,
++OPENSSL_LH_stats_bio,
++OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics
++
++=head1 SYNOPSIS
++
++ #include <openssl/lhash.h>
++
++ void OPENSSL_LH_stats(LHASH *table, FILE *out);
++ void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
++ void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
++
++ void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
++ void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
++ void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
++
++=head1 DESCRIPTION
++
++The B<LHASH> structure records statistics about most aspects of
++accessing the hash table. This is mostly a legacy of Eric Young
++writing this library for the reasons of implementing what looked like
++a nice algorithm rather than for a particular software product.
++
++OPENSSL_LH_stats() prints out statistics on the size of the hash table, how
++many entries are in it, and the number and result of calls to the
++routines in this library.
++
++OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the
++hash table.
++
++OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the
++hash table. It prints the 'load' and the 'actual load'. The load is
++the average number of data items per 'bucket' in the hash table. The
++'actual load' is the average number of items per 'bucket', but only
++for buckets which contain entries. So the 'actual load' is the
++average number of searches that will need to find an item in the hash
++table, while the 'load' is the average number that will be done to
++record a miss.
++
++OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio()
++are the same as the above, except that the output goes to a B<BIO>.
++
++=head1 RETURN VALUES
++
++These functions do not return values.
++
++=head1 SEE ALSO
++
++L<bio(3)>, L<lhash(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
-index d87d719..9cc1ed1 100644
+index d87d7197e5dd..9cc1ed1d9c0d 100644
--- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -94,4 +94,13 @@ The version number.
@@ -91618,7 +101977,7 @@
+
=cut
diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
-index 77061a0..1a8af86 100644
+index 77061a00ce72..1a8af869c05b 100644
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -61,4 +61,13 @@ L<CONF_modules_load_file(3)>
@@ -91636,7 +101995,7 @@
+
=cut
diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod
-index 90156d2..363d158 100644
+index 90156d21901b..363d158853b6 100644
--- a/doc/crypto/OPENSSL_ia32cap.pod
+++ b/doc/crypto/OPENSSL_ia32cap.pod
@@ -94,3 +94,14 @@ and RORX;
@@ -91655,7 +102014,7 @@
+
+=cut
diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod
-index e701b1d..8caa361 100644
+index e701b1d703b5..a35325b3f256 100644
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -16,8 +16,9 @@ initialisation and deinitialisation functions
@@ -91670,7 +102029,26 @@
=head1 DESCRIPTION
-@@ -208,8 +209,8 @@ using static linking should also call OPENSSL_thread_stop().
+@@ -202,14 +203,24 @@ platforms this is done in response to a DLL_THREAD_DETACH message being sent to
+ the libcrypto32.dll entry point. Some windows functions may cause threads to exit
+ without sending this message (for example ExitProcess()). If the application
+ uses such functions, then the application must free up OpenSSL resources
+-directly via a call to OPENSSL_thread_stop(). Similarly this message will
+-also not be sent if OpenSSL is linked statically, and therefore applications
+-using static linking should also call OPENSSL_thread_stop().
++directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
++message will also not be sent if OpenSSL is linked statically, and therefore
++applications using static linking should also call OPENSSL_thread_stop() on each
++thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
++threads are not destroyed until after FreeLibrary() is called then each thread
++should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
++
++On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
++multi-threaded and if dlclose() is subsequently called prior to the threads
++being destroyed then OpenSSL will not be able to deallocate resources associated
++with those threads. The application should either call OPENSSL_thread_stop() on
++each thread prior to the dlclose() call, or alternatively the original dlopen()
++call should use the RTLD_NODELETE flag (where available on the platform).
=head1 RETURN VALUES
@@ -91681,7 +102059,7 @@
=head1 SEE ALSO
-@@ -218,6 +219,16 @@ L<OPENSSL_init_ssl(3)>
+@@ -218,6 +229,16 @@ L<OPENSSL_init_ssl(3)>
=head1 HISTORY
The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
@@ -91700,7 +102078,7 @@
=cut
diff --git a/doc/crypto/OPENSSL_instrument_bus.pod b/doc/crypto/OPENSSL_instrument_bus.pod
-index 4ed83e4..42286f1 100644
+index 4ed83e4950b7..42286f1f5e50 100644
--- a/doc/crypto/OPENSSL_instrument_bus.pod
+++ b/doc/crypto/OPENSSL_instrument_bus.pod
@@ -40,3 +40,14 @@ not available on current platform. For reference, on x86 'flush cache
@@ -91719,7 +102097,7 @@
+
+=cut
diff --git a/doc/crypto/OPENSSL_load_builtin_modules.pod b/doc/crypto/OPENSSL_load_builtin_modules.pod
-index 20ca44c..112718a 100644
+index 20ca44c3b4f3..112718a68a07 100644
--- a/doc/crypto/OPENSSL_load_builtin_modules.pod
+++ b/doc/crypto/OPENSSL_load_builtin_modules.pod
@@ -24,15 +24,15 @@ ENGINE_add_conf_module() adds just the ENGINE configuration module.
@@ -91756,7 +102134,7 @@
+
=cut
diff --git a/doc/crypto/OPENSSL_malloc.pod b/doc/crypto/OPENSSL_malloc.pod
-index 7ce00b2..ca21698 100644
+index 7ce00b28a812..ca2169890339 100644
--- a/doc/crypto/OPENSSL_malloc.pod
+++ b/doc/crypto/OPENSSL_malloc.pod
@@ -4,7 +4,7 @@
@@ -91798,7 +102176,7 @@
+
=cut
diff --git a/doc/crypto/OPENSSL_secure_malloc.pod b/doc/crypto/OPENSSL_secure_malloc.pod
-index 2a04931..9bc05e5 100644
+index 2a04931cec19..9bc05e5ee6e4 100644
--- a/doc/crypto/OPENSSL_secure_malloc.pod
+++ b/doc/crypto/OPENSSL_secure_malloc.pod
@@ -16,13 +16,13 @@ CYRPTO_secure_malloc_used - secure heap storage
@@ -91896,7 +102274,7 @@
+
=cut
diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod
-index 10f3b8f..aaa28dd 100644
+index 10f3b8fbabf1..aaa28dd6a937 100644
--- a/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ b/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -78,4 +78,13 @@ The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(),
@@ -91913,19 +102291,752 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/PEM_read.pod b/doc/crypto/PEM_read.pod
+new file mode 100644
+index 000000000000..c0bd010e40de
+--- /dev/null
++++ b/doc/crypto/PEM_read.pod
+@@ -0,0 +1,130 @@
++=pod
++
++=head1 NAME
++
++PEM_write, PEM_write_bio,
++PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO,
++pem_password_cb
++- PEM encoding routines
++
++=head1 SYNOPSIS
++
++ #include <openssl/pem.h>
++
++ int PEM_write(FILE *fp, const char *name, const char *header,
++ const unsigned char *data, long len)
++ int PEM_write_bio(BIO *bp, const char *name, const char *header,
++ const unsigned char *data, long len)
++
++ int PEM_read(FILE *fp, char **name, char **header,
++ unsigned char **data, long *len);
++ int PEM_read_bio(BIO *bp, char **name, char **header,
++ unsigned char **data, long *len);
++
++ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
++ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
++ pem_password_cb *cb, void *u);
++
++ typedef int pem_password_cb (char *buf, int size, int rwflag, void *u);
++
++=head1 DESCRIPTION
++
++These functions read and write PEM-encoded objects, using the PEM
++type B<name>, any additional B<header> information, and the raw
++B<data> of length B<len>.
++
++PEM is the term used for binary content encoding first defined in IETF
++RFC 1421. The content is a series of base64-encoded lines, surrounded
++by begin/end markers each on their own line. For example:
++
++ -----BEGIN PRIVATE KEY-----
++ MIICdg....
++ ... bhTQ==
++ -----END PRIVATE KEY-----
++
++Optional header line(s) may appear after the begin line, and their
++existence depends on the type of object being written or read.
++
++PEM_write() writes to the file B<fp>, while PEM_write_bio() writes to
++the BIO B<bp>. The B<name> is the name to use in the marker, the
++B<header> is the header value or NULL, and B<data> and B<len> specify
++the data and its length.
++
++The final B<data> buffer is typically an ASN.1 object which can be decoded with
++the B<d2i> function appropriate to the type B<name>; see L<d2i_X509(3)>
++for examples.
++
++PEM_read() reads from the file B<fp>, while PEM_read_bio() reads
++from the BIO B<bp>.
++Both skip any non-PEM data that precedes the start of the next PEM object.
++When an object is successfuly retrieved, the type name from the "----BEGIN
++<type>-----" is returned via the B<name> argument, any encapsulation headers
++are returned in B<header> and the base64-decoded content and its length are
++returned via B<data> and B<len> respectively.
++The B<name>, B<header> and B<data> pointers are allocated via OPENSSL_malloc()
++and should be freed by the caller via OPENSSL_free() when no longer needed.
++
++PEM_get_EVP_CIPHER_INFO() can be used to determine the B<data> returned by
++PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher
++and IV.
++The caller passes a pointer to structure of type B<EVP_CIPHER_INFO> via the
++B<cinfo> argument and the B<header> returned via PEM_read() or PEM_read_bio().
++If the call is succesful 1 is retured and the cipher and IV are stored at the
++address pointed to by B<cinfo>.
++When the header is malformed, or not supported or when the cipher is unknown
++or some internal error happens 0 is returned.
++This function is deprecated, see B<NOTES> below.
++
++PEM_do_header() can then be used to decrypt the data if the header
++indicates encryption.
++The B<cinfo> argument is a pointer to the structure initialized by the previous
++call to PEM_get_EVP_CIPHER_INFO().
++The B<data> and B<len> arguments are those returned by the previous call to
++PEM_read() or PEM_read_bio().
++The B<cb> and B<u> arguments make it possible to override the default password
++prompt function as described in L<PEM_read_PrivateKey(3)>.
++On successful completion the B<data> is decrypted in place, and B<len> is
++updated to indicate the plaintext length.
++This function is deprecated, see B<NOTES> below.
++
++If the data is a priori known to not be encrypted, then neither PEM_do_header()
++nor PEM_get_EVP_CIPHER_INFO() need be called.
++
++=head1 RETURN VALUES
++
++PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter
++includes the case when no more PEM objects remain in the input file.
++To distinguish end of file from more serious errors the caller must peek at the
++error stack and check for B<PEM_R_NO_START_LINE>, which indicates that no more
++PEM objects were found. See L<ERR_peek_last_error(3)>, L<ERR_GET_REASON(3)>.
++
++PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on
++failure.
++The B<data> is likely meaningless if these functions fail.
++
++=head1 NOTES
++
++The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated.
++This is because the underlying PEM encryption format is obsolete, and should
++be avoided.
++It uses an encryption format with an OpenSSL-specific key-derivation function,
++which employs MD5 with an iteration count of 1!
++Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5
++v2.0 PBE.
++See L<PEM_write_PrivateKey(3)> and L<d2i_PKCS8PrivateKey_bio(3)>.
++
++=head1 SEE ALSO
++
++L<ERR_peek_last_error(3)>, L<ERR_GET_LIB(3)>,
++L<d2i_PKCS8PrivateKey_bio(3)>.
++
++=head1 COPYRIGHT
++
++Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/PEM_read_CMS.pod b/doc/crypto/PEM_read_CMS.pod
+new file mode 100644
+index 000000000000..5a799f9e89db
+--- /dev/null
++++ b/doc/crypto/PEM_read_CMS.pod
+@@ -0,0 +1,94 @@
++=pod
++
++=head1 NAME
++
++PEM_read_CMS,
++PEM_read_bio_CMS,
++PEM_write_CMS,
++PEM_write_bio_CMS,
++PEM_write_DHxparams,
++PEM_write_bio_DHxparams,
++PEM_read_ECPKParameters,
++PEM_read_bio_ECPKParameters,
++PEM_write_ECPKParameters,
++PEM_write_bio_ECPKParameters,
++PEM_read_ECPrivateKey,
++PEM_write_ECPrivateKey,
++PEM_write_bio_ECPrivateKey,
++PEM_read_EC_PUBKEY,
++PEM_read_bio_EC_PUBKEY,
++PEM_write_EC_PUBKEY,
++PEM_write_bio_EC_PUBKEY,
++PEM_read_NETSCAPE_CERT_SEQUENCE,
++PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
++PEM_write_NETSCAPE_CERT_SEQUENCE,
++PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
++PEM_read_PKCS8,
++PEM_read_bio_PKCS8,
++PEM_write_PKCS8,
++PEM_write_bio_PKCS8,
++PEM_write_PKCS8_PRIV_KEY_INFO,
++PEM_read_bio_PKCS8_PRIV_KEY_INFO,
++PEM_read_PKCS8_PRIV_KEY_INFO,
++PEM_write_bio_PKCS8_PRIV_KEY_INFO,
++PEM_read_SSL_SESSION,
++PEM_read_bio_SSL_SESSION,
++PEM_write_SSL_SESSION,
++PEM_write_bio_SSL_SESSION
++- PEM object encoding routines
++
++=for comment generic
++
++=head1 SYNOPSIS
++
++ #include <openssl/pem.h>
++
++ #define DECLARE_PEM_rw(name, TYPE) ...
++
++ TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
++ TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
++ int PEM_write_TYPE(FILE *fp, const TYPE *a);
++ int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
++
++=head1 DESCRIPTION
++
++In the description below, I<TYPE> is used
++as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
++
++These routines convert between local instances of ASN1 datatypes and
++the PEM encoding. For more information on the templates, see
++L<ASN1_ITEM(3)>. For more information on the lower-level routines used
++by the functions here, see L<PEM_read(3)>.
++
++PEM_read_TYPE() reads a PEM-encoded object of I<TYPE> from the file B<fp>
++and returns it. The B<cb> and B<u> parameters are as described in
++L<pem_password_cb(3)>.
++
++PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from the BIO B<bp>.
++
++PEM_write_TYPE() writes the PEM encoding of the object B<a> to the file B<fp>.
++
++PEM_write_bio_TYPE() similarly writes to the BIO B<bp>.
++
++=head1 RETURN VALUES
++
++PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated
++object, which should be released by calling TYPE_free(), or NULL on error.
++
++PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes written
++or zero on error.
++
++=head1 SEE ALSO
++
++L<PEM_read(3)>
++
++=head1 COPYRIGHT
++
++Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/PEM_read_bio_PrivateKey.pod b/doc/crypto/PEM_read_bio_PrivateKey.pod
+new file mode 100644
+index 000000000000..f35519607cfb
+--- /dev/null
++++ b/doc/crypto/PEM_read_bio_PrivateKey.pod
+@@ -0,0 +1,478 @@
++=pod
++
++=head1 NAME
++
++PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
++PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
++PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
++PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
++PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
++PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
++PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
++PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
++PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
++PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
++PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
++PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
++PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
++PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
++PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
++PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
++PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
++PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
++PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
++PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
++PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
++PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
++
++=head1 SYNOPSIS
++
++ #include <openssl/pem.h>
++
++ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
++ pem_password_cb *cb, void *u);
++ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
++ const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++
++ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
++ char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
++ char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
++ char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
++ char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++
++ EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
++ pem_password_cb *cb, void *u);
++ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
++ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
++
++ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
++ pem_password_cb *cb, void *u);
++ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++
++ RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
++ pem_password_cb *cb, void *u);
++ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
++ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
++
++ RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
++ pem_password_cb *cb, void *u);
++ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
++ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
++
++ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
++ pem_password_cb *cb, void *u);
++ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
++ unsigned char *kstr, int klen,
++ pem_password_cb *cb, void *u);
++
++ DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
++ pem_password_cb *cb, void *u);
++ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
++ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
++
++ DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
++ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
++ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
++ int PEM_write_DSAparams(FILE *fp, DSA *x);
++
++ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
++ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
++ int PEM_write_bio_DHparams(BIO *bp, DH *x);
++ int PEM_write_DHparams(FILE *fp, DH *x);
++
++ X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
++ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
++ int PEM_write_bio_X509(BIO *bp, X509 *x);
++ int PEM_write_X509(FILE *fp, X509 *x);
++
++ X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
++ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
++ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
++ int PEM_write_X509_AUX(FILE *fp, X509 *x);
++
++ X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
++ pem_password_cb *cb, void *u);
++ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
++ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
++ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
++ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
++
++ X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
++ pem_password_cb *cb, void *u);
++ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
++ pem_password_cb *cb, void *u);
++ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
++ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
++
++ PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
++ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
++ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
++ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
++
++=head1 DESCRIPTION
++
++The PEM functions read or write structures in PEM format. In
++this sense PEM format is simply base64 encoded data surrounded
++by header lines.
++
++For more details about the meaning of arguments see the
++B<PEM FUNCTION ARGUMENTS> section.
++
++Each operation has four functions associated with it. For
++clarity the term "B<foobar> functions" will be used to collectively
++refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
++PEM_write_bio_foobar() and PEM_write_foobar() functions.
++
++The B<PrivateKey> functions read or write a private key in PEM format using an
++EVP_PKEY structure. The write routines use PKCS#8 private key format and are
++equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
++handle traditional and PKCS#8 format encrypted and unencrypted keys.
++
++PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy
++"traditional" format.
++
++PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
++key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
++PKCS#5 v2.0 password based encryption algorithms. The B<cipher> argument
++specifies the encryption algorithm to use: unlike some other PEM routines the
++encryption is applied at the PKCS#8 level and not in the PEM headers. If
++B<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
++structure is used instead.
++
++PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
++also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
++it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
++to use is specified in the B<nid> parameter and should be the NID of the
++corresponding OBJECT IDENTIFIER (see NOTES section).
++
++The B<PUBKEY> functions process a public key using an EVP_PKEY
++structure. The public key is encoded as a SubjectPublicKeyInfo
++structure.
++
++The B<RSAPrivateKey> functions process an RSA private key using an
++RSA structure. The write routines uses traditional format. The read
++routines handles the same formats as the B<PrivateKey>
++functions but an error occurs if the private key is not RSA.
++
++The B<RSAPublicKey> functions process an RSA public key using an
++RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
++structure.
++
++The B<RSA_PUBKEY> functions also process an RSA public key using
++an RSA structure. However the public key is encoded using a
++SubjectPublicKeyInfo structure and an error occurs if the public
++key is not RSA.
++
++The B<DSAPrivateKey> functions process a DSA private key using a
++DSA structure. The write routines uses traditional format. The read
++routines handles the same formats as the B<PrivateKey>
++functions but an error occurs if the private key is not DSA.
++
++The B<DSA_PUBKEY> functions process a DSA public key using
++a DSA structure. The public key is encoded using a
++SubjectPublicKeyInfo structure and an error occurs if the public
++key is not DSA.
++
++The B<DSAparams> functions process DSA parameters using a DSA
++structure. The parameters are encoded using a Dss-Parms structure
++as defined in RFC2459.
++
++The B<DHparams> functions process DH parameters using a DH
++structure. The parameters are encoded using a PKCS#3 DHparameter
++structure.
++
++The B<X509> functions process an X509 certificate using an X509
++structure. They will also process a trusted X509 certificate but
++any trust settings are discarded.
++
++The B<X509_AUX> functions process a trusted X509 certificate using
++an X509 structure.
++
++The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
++certificate request using an X509_REQ structure. The B<X509_REQ>
++write functions use B<CERTIFICATE REQUEST> in the header whereas
++the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
++(as required by some CAs). The B<X509_REQ> read functions will
++handle either form so there are no B<X509_REQ_NEW> read functions.
++
++The B<X509_CRL> functions process an X509 CRL using an X509_CRL
++structure.
++
++The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
++structure.
++
++=head1 PEM FUNCTION ARGUMENTS
++
++The PEM functions have many common arguments.
++
++The B<bp> BIO parameter (if present) specifies the BIO to read from
++or write to.
++
++The B<fp> FILE parameter (if present) specifies the FILE pointer to
++read from or write to.
++
++The PEM read functions all take an argument B<TYPE **x> and return
++a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
++uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
++NULL but B<*x> is NULL then the structure returned will be written
++to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
++to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
++Irrespective of the value of B<x> a pointer to the structure is always
++returned (or NULL if an error occurred).
++
++The PEM functions which write private keys take an B<enc> parameter
++which specifies the encryption algorithm to use, encryption is done
++at the PEM level. If this parameter is set to NULL then the private
++key is written in unencrypted form.
++
++The B<cb> argument is the callback to use when querying for the pass
++phrase used for encrypted PEM structures (normally only private keys).
++
++For the PEM write routines if the B<kstr> parameter is not NULL then
++B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
++ignored.
++
++If the B<cb> parameters is set to NULL and the B<u> parameter is not
++NULL then the B<u> parameter is interpreted as a null terminated string
++to use as the passphrase. If both B<cb> and B<u> are NULL then the
++default callback routine is used which will typically prompt for the
++passphrase on the current terminal with echoing turned off.
++
++The default passphrase callback is sometimes inappropriate (for example
++in a GUI application) so an alternative can be supplied. The callback
++routine has the following form:
++
++ int cb(char *buf, int size, int rwflag, void *u);
++
++B<buf> is the buffer to write the passphrase to. B<size> is the maximum
++length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
++which is set to 0 when reading and 1 when writing. A typical routine
++will ask the user to verify the passphrase (for example by prompting
++for it twice) if B<rwflag> is 1. The B<u> parameter has the same
++value as the B<u> parameter passed to the PEM routine. It allows
++arbitrary data to be passed to the callback by the application
++(for example a window handle in a GUI application). The callback
++B<must> return the number of characters in the passphrase or 0 if
++an error occurred.
++
++=head1 EXAMPLES
++
++Although the PEM routines take several arguments in almost all applications
++most of them are set to 0 or NULL.
++
++Read a certificate in PEM format from a BIO:
++
++ X509 *x;
++ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
++ if (x == NULL) {
++ /* Error */
++ }
++
++Alternative method:
++
++ X509 *x = NULL;
++ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
++ /* Error */
++ }
++
++Write a certificate to a BIO:
++
++ if (!PEM_write_bio_X509(bp, x)) {
++ /* Error */
++ }
++
++Write a private key (using traditional format) to a BIO using
++triple DES encryption, the pass phrase is prompted for:
++
++ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
++ /* Error */
++ }
++
++Write a private key (using PKCS#8 format) to a BIO using triple
++DES encryption, using the pass phrase "hello":
++
++ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
++ /* Error */
++ }
++
++Read a private key from a BIO using a pass phrase callback:
++
++ key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
++ if (key == NULL) {
++ /* Error */
++ }
++
++Skeleton pass phrase callback:
++
++ int pass_cb(char *buf, int size, int rwflag, void *u)
++ {
++ int len;
++ char *tmp;
++
++ /* We'd probably do something else if 'rwflag' is 1 */
++ printf("Enter pass phrase for \"%s\"\n", (char *)u);
++
++ /* get pass phrase, length 'len' into 'tmp' */
++ tmp = "hello";
++ len = strlen(tmp);
++ if (len <= 0)
++ return 0;
++
++ if (len > size)
++ len = size;
++ memcpy(buf, tmp, len);
++ return len;
++ }
++
++=head1 NOTES
++
++The old B<PrivateKey> write routines are retained for compatibility.
++New applications should write private keys using the
++PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
++because they are more secure (they use an iteration count of 2048 whereas
++the traditional routines use a count of 1) unless compatibility with older
++versions of OpenSSL is important.
++
++The B<PrivateKey> read routines can be used in all applications because
++they handle all formats transparently.
++
++A frequent cause of problems is attempting to use the PEM routines like
++this:
++
++ X509 *x;
++ PEM_read_bio_X509(bp, &x, 0, NULL);
++
++this is a bug because an attempt will be made to reuse the data at B<x>
++which is an uninitialised pointer.
++
++=head1 PEM ENCRYPTION FORMAT
++
++These old B<PrivateKey> routines use a non standard technique for encryption.
++
++The private key (or other data) takes the following form:
++
++ -----BEGIN RSA PRIVATE KEY-----
++ Proc-Type: 4,ENCRYPTED
++ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
++
++ ...base64 encoded data...
++ -----END RSA PRIVATE KEY-----
++
++The line beginning with I<Proc-Type> contains the version and the
++protection on the encapsulated data. The line beginning I<DEK-Info>
++contains two comma separated values: the encryption algorithm name as
++used by EVP_get_cipherbyname() and an initialization vector used by the
++cipher encoded as a set of hexadecimal digits. After those two lines is
++the base64-encoded encrypted data.
++
++The encryption key is derived using EVP_BytesToKey(). The cipher's
++initialization vector is passed to EVP_BytesToKey() as the B<salt>
++parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
++(regardless of the size of the initialization vector). The user's
++password is passed to EVP_BytesToKey() using the B<data> and B<datal>
++parameters. Finally, the library uses an iteration count of 1 for
++EVP_BytesToKey().
++
++The B<key> derived by EVP_BytesToKey() along with the original initialization
++vector is then used to decrypt the encrypted data. The B<iv> produced by
++EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
++the function.
++
++The pseudo code to derive the key would look similar to:
++
++ EVP_CIPHER* cipher = EVP_des_ede3_cbc();
++ EVP_MD* md = EVP_md5();
++
++ unsigned int nkey = EVP_CIPHER_key_length(cipher);
++ unsigned int niv = EVP_CIPHER_iv_length(cipher);
++ unsigned char key[nkey];
++ unsigned char iv[niv];
++
++ memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
++ rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
++ if (rc != nkey) {
++ /* Error */
++ }
++
++ /* On success, use key and iv to initialize the cipher */
++
++=head1 BUGS
++
++The PEM read routines in some versions of OpenSSL will not correctly reuse
++an existing structure. Therefore the following:
++
++ PEM_read_bio_X509(bp, &x, 0, NULL);
++
++where B<x> already contains a valid certificate, may not work, whereas:
++
++ X509_free(x);
++ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
++
++is guaranteed to work.
++
++=head1 RETURN CODES
++
++The read routines return either a pointer to the structure read or NULL
++if an error occurred.
++
++The write routines return 1 for success or 0 for failure.
++
++=head1 HISTORY
++
++The old Netscape certificate sequences were no longer documented
++in OpenSSL 1.1; applications should use the PKCS7 standard instead
++as they will be formally deprecated in a future releases.
++
++=head1 SEE ALSO
++
++L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/PEM_write_bio_CMS_stream.pod b/doc/crypto/PEM_write_bio_CMS_stream.pod
-index 35260c1..f6b0fed 100644
+index 35260c1e52b1..c73fafd44bdc 100644
--- a/doc/crypto/PEM_write_bio_CMS_stream.pod
+++ b/doc/crypto/PEM_write_bio_CMS_stream.pod
-@@ -2,7 +2,7 @@
+@@ -2,12 +2,11 @@
=head1 NAME
- PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
-+PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
++PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format
=head1 SYNOPSIS
+ #include <openssl/cms.h>
+- #include <openssl/pem.h>
+
+ int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+@@ -31,6 +30,7 @@ PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.
+ L<ERR_get_error(3)>, L<CMS_sign(3)>,
+ L<CMS_verify(3)>, L<CMS_encrypt(3)>
+ L<CMS_decrypt(3)>,
++L<PEM_write(3)>,
+ L<SMIME_write_CMS(3)>,
+ L<i2d_CMS_bio_stream(3)>
+
@@ -38,4 +38,13 @@ L<i2d_CMS_bio_stream(3)>
PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
@@ -91941,11 +103052,25 @@
+
=cut
diff --git a/doc/crypto/PEM_write_bio_PKCS7_stream.pod b/doc/crypto/PEM_write_bio_PKCS7_stream.pod
-index 121d418..175d724 100644
+index 121d41836271..77f97aaa2bbc 100644
--- a/doc/crypto/PEM_write_bio_PKCS7_stream.pod
+++ b/doc/crypto/PEM_write_bio_PKCS7_stream.pod
-@@ -38,4 +38,13 @@ L<i2d_PKCS7_bio_stream(3)>
+@@ -2,12 +2,11 @@
+ =head1 NAME
+
+-PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format.
++PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format
+
+ =head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+- #include <openssl/pem.h>
+
+ int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+@@ -38,4 +37,13 @@ L<i2d_PKCS7_bio_stream(3)>
+
PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
+=head1 COPYRIGHT
@@ -91959,7 +103084,7 @@
+
=cut
diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod
-index 46b24c5..6408af1 100644
+index 46b24c59986c..6408af1ed1ad 100644
--- a/doc/crypto/PKCS12_create.pod
+++ b/doc/crypto/PKCS12_create.pod
@@ -9,7 +9,7 @@ PKCS12_create - create a PKCS#12 structure
@@ -91996,7 +103121,7 @@
=cut
diff --git a/doc/crypto/PKCS12_newpass.pod b/doc/crypto/PKCS12_newpass.pod
new file mode 100644
-index 0000000..b910511
+index 000000000000..b91051195f9b
--- /dev/null
+++ b/doc/crypto/PKCS12_newpass.pod
@@ -0,0 +1,103 @@
@@ -92104,7 +103229,7 @@
+
+=cut
diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod
-index f02220e..2dfa7e2 100644
+index f02220e358ee..2dfa7e259b17 100644
--- a/doc/crypto/PKCS12_parse.pod
+++ b/doc/crypto/PKCS12_parse.pod
@@ -50,4 +50,13 @@ Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
@@ -92122,7 +103247,7 @@
+
=cut
diff --git a/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/doc/crypto/PKCS5_PBKDF2_HMAC.pod
-index b04e476..5cc2caa 100644
+index b04e476a81e3..5cc2caa5fbf4 100644
--- a/doc/crypto/PKCS5_PBKDF2_HMAC.pod
+++ b/doc/crypto/PKCS5_PBKDF2_HMAC.pod
@@ -14,8 +14,8 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines w
@@ -92161,7 +103286,7 @@
=cut
diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod
-index 90cf506..4ed8aa7 100644
+index 90cf5062f14f..4ed8aa77fa4e 100644
--- a/doc/crypto/PKCS7_decrypt.pod
+++ b/doc/crypto/PKCS7_decrypt.pod
@@ -45,4 +45,13 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify().
@@ -92179,7 +103304,7 @@
+
=cut
diff --git a/doc/crypto/PKCS7_encrypt.pod b/doc/crypto/PKCS7_encrypt.pod
-index 12475cf..4e1afc9 100644
+index 12475cf60187..4e1afc916feb 100644
--- a/doc/crypto/PKCS7_encrypt.pod
+++ b/doc/crypto/PKCS7_encrypt.pod
@@ -30,7 +30,7 @@ bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
@@ -92215,7 +103340,7 @@
+
=cut
diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod
-index 2593ed1..b5a52da 100644
+index 2593ed19e8aa..b5a52da9a279 100644
--- a/doc/crypto/PKCS7_sign.pod
+++ b/doc/crypto/PKCS7_sign.pod
@@ -15,7 +15,7 @@ PKCS7_sign - create a PKCS#7 signedData structure
@@ -92242,9 +103367,18 @@
+
=cut
diff --git a/doc/crypto/PKCS7_sign_add_signer.pod b/doc/crypto/PKCS7_sign_add_signer.pod
-index 580a9a1..0be301e 100644
+index 580a9a14e33d..c2a06e7a776d 100644
--- a/doc/crypto/PKCS7_sign_add_signer.pod
+++ b/doc/crypto/PKCS7_sign_add_signer.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-PKCS7_sign_add_signer - add a signer PKCS7 signed data structure.
++PKCS7_sign_add_signer - add a signer PKCS7 signed data structure
+
+ =head1 SYNOPSIS
+
@@ -44,7 +44,7 @@ digest value from the PKCS7 structure: to add a signer to an existing structure.
An error occurs if a matching digest value cannot be found to copy. The
returned PKCS7 structure will be valid and finalized when this flag is set.
@@ -92278,7 +103412,7 @@
+
=cut
diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod
-index b013e33..51694e7 100644
+index b013e3394254..51694e7c47ad 100644
--- a/doc/crypto/PKCS7_verify.pod
+++ b/doc/crypto/PKCS7_verify.pod
@@ -61,7 +61,7 @@ Any of the following flags (ored together) can be passed in the B<flags> paramet
@@ -92314,10 +103448,58 @@
+
=cut
diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod
-index d54e1f5..9561c2a 100644
+index d54e1f5bd948..46de165a9795 100644
--- a/doc/crypto/RAND_add.pod
+++ b/doc/crypto/RAND_add.pod
-@@ -68,4 +68,13 @@ The other functions do not return values.
+@@ -15,8 +15,10 @@ entropy to the PRNG
+
+ int RAND_status(void);
+
++ #if OPENSSL_API_COMPAT < 0x10100000L
+ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
++ #endif
+
+ =head1 DESCRIPTION
+
+@@ -42,30 +44,36 @@ or L<RAND_load_file(3)>.
+
+ RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+
+-RAND_event() collects the entropy from Windows events such as mouse
+-movements and other user interaction. It should be called with the
+-B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+-the window procedure. It will estimate the entropy contained in the
+-event message (if any), and add it to the PRNG. The program can then
+-process the messages as usual.
+-
+-The RAND_screen() function is available for the convenience of Windows
+-programmers. It adds the current contents of the screen to the PRNG.
+-For applications that can catch Windows events, seeding the PRNG by
+-calling RAND_event() is a significantly better source of
+-randomness. It should be noted that both methods cannot be used on
+-servers that run without user interaction.
++RAND_event() and RAND_screen() are deprecated and should not be called.
+
+ =head1 RETURN VALUES
+
+-RAND_status() and RAND_event() return 1 if the PRNG has been seeded
++RAND_status() returns 1 if the PRNG has been seeded
+ with enough data, 0 otherwise.
+
++RAND_event() calls RAND_poll() and returns RAND_status().
++
++RAND_screen calls RAND_poll().
++
+ The other functions do not return values.
+
++=head1 HISTORY
++
++RAND_event() and RAND_screen() are deprecated since OpenSSL
++1.1.0. Use the functions described above instead.
++
+ =head1 SEE ALSO
+
L<rand(3)>, L<RAND_egd(3)>,
L<RAND_load_file(3)>, L<RAND_cleanup(3)>
@@ -92332,7 +103514,7 @@
+
=cut
diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod
-index 03c6e7f..684215c 100644
+index 03c6e7f22d10..684215cea3bb 100644
--- a/doc/crypto/RAND_bytes.pod
+++ b/doc/crypto/RAND_bytes.pod
@@ -46,4 +46,13 @@ method.
@@ -92350,7 +103532,7 @@
+
=cut
diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod
-index fd3f81c..2640c7d 100644
+index fd3f81c5f60e..2640c7d2c731 100644
--- a/doc/crypto/RAND_cleanup.pod
+++ b/doc/crypto/RAND_cleanup.pod
@@ -30,4 +30,13 @@ L<rand(3)>
@@ -92368,7 +103550,7 @@
+
=cut
diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod
-index 4c68113..fcc57c0 100644
+index 4c6811380907..fcc57c06f9de 100644
--- a/doc/crypto/RAND_egd.pod
+++ b/doc/crypto/RAND_egd.pod
@@ -75,4 +75,13 @@ success, and -1 if the connection failed. The PRNG state is not considered.
@@ -92386,7 +103568,7 @@
+
=cut
diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod
-index 6bc779a..133b8d2 100644
+index 6bc779aae9ff..133b8d2311e0 100644
--- a/doc/crypto/RAND_load_file.pod
+++ b/doc/crypto/RAND_load_file.pod
@@ -45,4 +45,13 @@ error.
@@ -92404,7 +103586,7 @@
+
=cut
diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod
-index 6a421a2..02fe90c 100644
+index 6a421a208442..02fe90ca89e0 100644
--- a/doc/crypto/RAND_set_rand_method.pod
+++ b/doc/crypto/RAND_set_rand_method.pod
@@ -42,7 +42,7 @@ API is being used, so this function is no longer recommended.
@@ -92430,30 +103612,189 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/RC4_set_key.pod b/doc/crypto/RC4_set_key.pod
+new file mode 100644
+index 000000000000..fe5d2d14857c
+--- /dev/null
++++ b/doc/crypto/RC4_set_key.pod
+@@ -0,0 +1,66 @@
++=pod
++
++=head1 NAME
++
++RC4_set_key, RC4 - RC4 encryption
++
++=head1 SYNOPSIS
++
++ #include <openssl/rc4.h>
++
++ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
++
++ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
++ unsigned char *outdata);
++
++=head1 DESCRIPTION
++
++This library implements the Alleged RC4 cipher, which is described for
++example in I<Applied Cryptography>. It is believed to be compatible
++with RC4[TM], a proprietary cipher of RSA Security Inc.
++
++RC4 is a stream cipher with variable key length. Typically, 128 bit
++(16 byte) keys are used for strong encryption, but shorter insecure
++key sizes have been widely used due to export restrictions.
++
++RC4 consists of a key setup phase and the actual encryption or
++decryption phase.
++
++RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
++key at B<data>.
++
++RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
++B<key> and places the result at B<outdata>. Repeated RC4() calls with
++the same B<key> yield a continuous key stream.
++
++Since RC4 is a stream cipher (the input is XORed with a pseudo-random
++key stream to produce the output), decryption uses the same function
++calls as encryption.
++
++=head1 RETURN VALUES
++
++RC4_set_key() and RC4() do not return values.
++
++=head1 NOTE
++
++Applications should use the higher level functions
++L<EVP_EncryptInit(3)> etc. instead of calling these
++functions directly.
++
++It is difficult to securely use stream ciphers. For example, do not perform
++multiple encryptions using the same key stream.
++
++=head1 SEE ALSO
++
++L<EVP_EncryptInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+diff --git a/doc/crypto/RIPEMD160_init.pod b/doc/crypto/RIPEMD160_init.pod
+new file mode 100644
+index 000000000000..a372e32ca325
+--- /dev/null
++++ b/doc/crypto/RIPEMD160_init.pod
+@@ -0,0 +1,72 @@
++=pod
++
++=head1 NAME
++
++RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
++RIPEMD-160 hash function
++
++=head1 SYNOPSIS
++
++ #include <openssl/ripemd.h>
++
++ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
++ unsigned char *md);
++
++ int RIPEMD160_Init(RIPEMD160_CTX *c);
++ int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
++ unsigned long len);
++ int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
++
++=head1 DESCRIPTION
++
++RIPEMD-160 is a cryptographic hash function with a
++160 bit output.
++
++RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
++bytes at B<d> and places it in B<md> (which must have space for
++RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
++is placed in a static array.
++
++The following functions may be used if the message is not completely
++stored in memory:
++
++RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
++
++RIPEMD160_Update() can be called repeatedly with chunks of the message to
++be hashed (B<len> bytes at B<data>).
++
++RIPEMD160_Final() places the message digest in B<md>, which must have
++space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
++the B<RIPEMD160_CTX>.
++
++=head1 RETURN VALUES
++
++RIPEMD160() returns a pointer to the hash value.
++
++RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
++success, 0 otherwise.
++
++=head1 NOTE
++
++Applications should use the higher level functions
++L<EVP_DigestInit(3)> etc. instead of calling these
++functions directly.
++
++=head1 CONFORMING TO
++
++ISO/IEC 10118-3 (draft) (??)
++
++=head1 SEE ALSO
++
++L<EVP_DigestInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod
-index a323949..7258b08 100644
+index a3239495879d..33d49d37206a 100644
--- a/doc/crypto/RSA_blinding_on.pod
+++ b/doc/crypto/RSA_blinding_on.pod
-@@ -36,4 +36,13 @@ RSA_blinding_off() returns no value.
+@@ -32,8 +32,13 @@ RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
- L<rsa(3)>, L<rand(3)>
+ RSA_blinding_off() returns no value.
+-=head1 SEE ALSO
+=head1 COPYRIGHT
-+
+
+-L<rsa(3)>, L<rand(3)>
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
-index 8fd7d1f..69df864 100644
+index 8fd7d1f176b9..a8b1002fef68 100644
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
-@@ -73,4 +73,13 @@ L<ERR_get_error(3)>
+@@ -66,11 +66,19 @@ provide their own verifiers.
+ =head1 SEE ALSO
+ L<BN_is_prime_ex(3)>,
+-L<rsa(3)>,
+ L<ERR_get_error(3)>
+
+ =head1 HISTORY
+
RSA_check_key_ex() appeared after OpenSSL 1.0.2.
+=head1 COPYRIGHT
@@ -92467,13 +103808,18 @@
+
=cut
diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod
-index 380bf12..aec321a 100644
+index 380bf123e01c..a8fab52cb95c 100644
--- a/doc/crypto/RSA_generate_key.pod
+++ b/doc/crypto/RSA_generate_key.pod
-@@ -75,4 +75,13 @@ RSA_generate_key() goes into an infinite loop for illegal input values.
- L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
- L<RSA_free(3)>, L<BN_generate_prime(3)>
+@@ -72,7 +72,16 @@ RSA_generate_key() goes into an infinite loop for illegal input values.
+ =head1 SEE ALSO
+
+-L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
+-L<RSA_free(3)>, L<BN_generate_prime(3)>
++L<ERR_get_error(3)>, L<rand(3)>,
++L<RSA_generate_key(3)>, L<BN_generate_prime(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -92482,10 +103828,10 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/crypto/RSA_get0_key.pod b/doc/crypto/RSA_get0_key.pod
-index 5caf9dd..19c7f3d 100644
+index 5caf9dd72ec1..19c7f3d3345f 100644
--- a/doc/crypto/RSA_get0_key.pod
+++ b/doc/crypto/RSA_get0_key.pod
@@ -43,10 +43,13 @@ by the caller.
@@ -92536,11 +103882,19 @@
+
=cut
diff --git a/doc/crypto/RSA_meth_new.pod b/doc/crypto/RSA_meth_new.pod
-index e6499b7..c5a78fc 100644
+index e6499b7342a5..19743d12401d 100644
--- a/doc/crypto/RSA_meth_new.pod
+++ b/doc/crypto/RSA_meth_new.pod
-@@ -222,4 +222,13 @@ L<RSA_set_method(3)>, L<RSA_size(3)>, L<RSA_get0_key(3)>
+@@ -215,11 +215,20 @@ success or 0 on failure.
+ =head1 SEE ALSO
+
+-L<rsa(3)>, L<RSA_new(3)>, L<RSA_generate_key(3)>, L<RSA_sign(3)>,
++L<RSA_new(3)>, L<RSA_generate_key(3)>, L<RSA_sign(3)>,
+ L<RSA_set_method(3)>, L<RSA_size(3)>, L<RSA_get0_key(3)>
+
+ =head1 HISTORY
+
The functions described here were added in OpenSSL version 1.1.0.
+=head1 COPYRIGHT
@@ -92554,10 +103908,15 @@
+
=cut
diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod
-index 4910557..c3441ca 100644
+index 4910557f314f..3317920741e4 100644
--- a/doc/crypto/RSA_new.pod
+++ b/doc/crypto/RSA_new.pod
-@@ -35,4 +35,13 @@ L<ERR_get_error(3)>, L<rsa(3)>,
+@@ -31,8 +31,17 @@ RSA_free() returns no value.
+
+ =head1 SEE ALSO
+
+-L<ERR_get_error(3)>, L<rsa(3)>,
++L<ERR_get_error(3)>,
L<RSA_generate_key(3)>,
L<RSA_new_method(3)>
@@ -92572,7 +103931,7 @@
+
=cut
diff --git a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
-index fe81e5f..3089944 100644
+index fe81e5fb419a..30899440ad1c 100644
--- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -110,4 +110,13 @@ L<RSA_public_encrypt(3)>,
@@ -92590,13 +103949,16 @@
+
=cut
diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod
-index df09726..fb5bcb7 100644
+index df09726eb454..1367478f93c7 100644
--- a/doc/crypto/RSA_print.pod
+++ b/doc/crypto/RSA_print.pod
-@@ -40,4 +40,13 @@ These functions return 1 on success, 0 on error.
+@@ -38,6 +38,15 @@ These functions return 1 on success, 0 on error.
- L<dh(3)>, L<dsa(3)>, L<rsa(3)>, L<BN_bn2bin(3)>
+ =head1 SEE ALSO
+-L<dh(3)>, L<dsa(3)>, L<rsa(3)>, L<BN_bn2bin(3)>
++L<BN_bn2bin(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -92605,10 +103967,95 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+ =cut
+diff --git a/doc/crypto/RSA_private_decrypt.pod b/doc/crypto/RSA_private_decrypt.pod
+new file mode 100644
+index 000000000000..fa6c4053643f
+--- /dev/null
++++ b/doc/crypto/RSA_private_decrypt.pod
+@@ -0,0 +1,79 @@
++=pod
+
- =cut
++=head1 NAME
++
++RSA_private_decrypt,
++RSA_private_encrypt,
++RSA_public_decrypt,
++RSA_sign,
++RSA_verify,
++RSA_sign_ASN1_OCTET_STRING,
++RSA_verify_ASN1_OCTET_STRING
++- RSA public key cryptosystem
++
++=head1 SYNOPSIS
++
++ #include <openssl/rsa.h>
++
++ int RSA_private_decrypt(int flen, unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding);
++ int RSA_private_encrypt(int flen, unsigned char *from,
++ unsigned char *to, RSA *rsa,int padding);
++ int RSA_public_decrypt(int flen, unsigned char *from,
++ unsigned char *to, RSA *rsa,int padding);
++
++ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
++ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
++ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
++ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
++
++ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
++ unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
++ RSA *rsa);
++ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
++ unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
++ RSA *rsa);
++
++=head1 DESCRIPTION
++
++These functions implement RSA public key encryption and signatures
++as defined in PKCS #1 v2.0 [RFC 2437].
++
++The B<RSA> structure represents public and private RSA keys.
++
++Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
++either directly or by the use of B<ENGINE> modules. In some cases (eg. an
++ENGINE providing support for hardware-embedded keys), these BIGNUM values
++will not be used by the implementation or may be used for alternative data
++storage. For this reason, applications should generally avoid using RSA
++structure elements directly and instead use API functions to query or
++modify keys.
++
++=head1 CONFORMING TO
++
++SSL, PKCS #1 v2.0
++
++=head1 SEE ALSO
++
++L<bn(3)>, L<dsa(3)>, L<dh(3)>,
++L<rand(3)>, L<engine(3)>, L<RSA_new(3)>, L<RSA_set0_key(3)>
++L<RSA_public_encrypt(3)>,
++L<RSA_size(3)>,
++L<RSA_generate_key(3)>,
++L<RSA_check_key(3)>,
++L<RSA_blinding_on(3)>,
++L<RSA_set_method(3)>, L<RSA_print(3)>,
++L<RSA_get_ex_new_index(3)>,
++L<RSA_sign_ASN1_OCTET_STRING(3)>,
++L<RSA_padding_add_PKCS1_type_1(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod
-index fa4830c..4b307a0 100644
+index fa4830c97e31..7870371936cd 100644
--- a/doc/crypto/RSA_private_encrypt.pod
+++ b/doc/crypto/RSA_private_encrypt.pod
@@ -11,7 +11,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
@@ -92620,8 +104067,12 @@
unsigned char *to, RSA *rsa, int padding);
=head1 DESCRIPTION
-@@ -62,4 +62,13 @@ obtained by L<ERR_get_error(3)>.
- L<ERR_get_error(3)>, L<rsa(3)>,
+@@ -59,7 +59,16 @@ obtained by L<ERR_get_error(3)>.
+
+ =head1 SEE ALSO
+
+-L<ERR_get_error(3)>, L<rsa(3)>,
++L<ERR_get_error(3)>,
L<RSA_sign(3)>, L<RSA_verify(3)>
+=head1 COPYRIGHT
@@ -92635,11 +104086,15 @@
+
=cut
diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod
-index 57f1f18..c371dac 100644
+index 57f1f18583d7..2f78c274847f 100644
--- a/doc/crypto/RSA_public_encrypt.pod
+++ b/doc/crypto/RSA_public_encrypt.pod
-@@ -76,4 +76,13 @@ SSL, PKCS #1 v2.0
- L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
+@@ -73,7 +73,16 @@ SSL, PKCS #1 v2.0
+
+ =head1 SEE ALSO
+
+-L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
++L<ERR_get_error(3)>, L<rand(3)>,
L<RSA_size(3)>
+=head1 COPYRIGHT
@@ -92653,7 +104108,7 @@
+
=cut
diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
-index a3572f1..f8695ed 100644
+index a3572f1c8908..7e7d27cf93c4 100644
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
@@ -43,7 +43,7 @@ been set as a default for RSA, so this function is no longer recommended.
@@ -92741,10 +104196,13 @@
} RSA_METHOD;
-@@ -168,4 +168,13 @@ not currently exist).
+@@ -166,6 +166,15 @@ not currently exist).
- L<rsa(3)>, L<RSA_new(3)>
+ =head1 SEE ALSO
+-L<rsa(3)>, L<RSA_new(3)>
++L<RSA_new(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -92753,17 +104211,19 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod
-index 94fae37..4c6f149 100644
+index 94fae37e7ad0..64418a565343 100644
--- a/doc/crypto/RSA_sign.pod
+++ b/doc/crypto/RSA_sign.pod
-@@ -51,6 +51,15 @@ SSL, PKCS #1 v2.0
+@@ -50,7 +50,16 @@ SSL, PKCS #1 v2.0
+ =head1 SEE ALSO
L<ERR_get_error(3)>,
- L<rsa(3)>, L<RSA_private_encrypt(3)>,
+-L<rsa(3)>, L<RSA_private_encrypt(3)>,
-L<RSA_public_decrypt(3)>
++L<RSA_private_encrypt(3)>,
+L<RSA_public_decrypt(3)>
+
+=head1 COPYRIGHT
@@ -92777,11 +104237,15 @@
=cut
diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
-index 2ba2b47..499bf43 100644
+index 2ba2b477f398..16303c9f907b 100644
--- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
-@@ -51,4 +51,13 @@ L<ERR_get_error(3)>,
- L<rand(3)>, L<rsa(3)>, L<RSA_sign(3)>,
+@@ -48,7 +48,16 @@ These functions serve no recognizable purpose.
+ =head1 SEE ALSO
+
+ L<ERR_get_error(3)>,
+-L<rand(3)>, L<rsa(3)>, L<RSA_sign(3)>,
++L<rand(3)>, L<RSA_sign(3)>,
L<RSA_verify(3)>
+=head1 COPYRIGHT
@@ -92795,11 +104259,18 @@
+
=cut
diff --git a/doc/crypto/RSA_size.pod b/doc/crypto/RSA_size.pod
-index eff8cdc..4ae29da 100644
+index eff8cdc49632..eb6e4813611b 100644
--- a/doc/crypto/RSA_size.pod
+++ b/doc/crypto/RSA_size.pod
-@@ -34,4 +34,13 @@ L<rsa(3)>, L<BN_num_bits(3)>
+@@ -28,10 +28,19 @@ The size.
+ =head1 SEE ALSO
+
+-L<rsa(3)>, L<BN_num_bits(3)>
++L<BN_num_bits(3)>
+
+ =head1 HISTORY
+
RSA_bits() was added in OpenSSL 1.1.0.
+=head1 COPYRIGHT
@@ -92812,8 +104283,122 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/SHA256_Init.pod b/doc/crypto/SHA256_Init.pod
+new file mode 100644
+index 000000000000..f3565bb2f480
+--- /dev/null
++++ b/doc/crypto/SHA256_Init.pod
+@@ -0,0 +1,108 @@
++=pod
++
++=head1 NAME
++
++SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update,
++SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384,
++SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
++SHA512_Final - Secure Hash Algorithm
++
++=head1 SYNOPSIS
++
++ #include <openssl/sha.h>
++
++ int SHA1_Init(SHA_CTX *c);
++ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
++ int SHA1_Final(unsigned char *md, SHA_CTX *c);
++ unsigned char *SHA1(const unsigned char *d, size_t n,
++ unsigned char *md);
++
++ int SHA224_Init(SHA256_CTX *c);
++ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
++ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
++ unsigned char *SHA224(const unsigned char *d, size_t n,
++ unsigned char *md);
++
++ int SHA256_Init(SHA256_CTX *c);
++ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
++ int SHA256_Final(unsigned char *md, SHA256_CTX *c);
++ unsigned char *SHA256(const unsigned char *d, size_t n,
++ unsigned char *md);
++
++ int SHA384_Init(SHA512_CTX *c);
++ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
++ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
++ unsigned char *SHA384(const unsigned char *d, size_t n,
++ unsigned char *md);
++
++ int SHA512_Init(SHA512_CTX *c);
++ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
++ int SHA512_Final(unsigned char *md, SHA512_CTX *c);
++ unsigned char *SHA512(const unsigned char *d, size_t n,
++ unsigned char *md);
++
++=head1 DESCRIPTION
++
++Applications should use the higher level functions
++L<EVP_DigestInit(3)> etc. instead of calling the hash
++functions directly.
++
++SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
++160 bit output.
++
++SHA1() computes the SHA-1 message digest of the B<n>
++bytes at B<d> and places it in B<md> (which must have space for
++SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
++is placed in a static array. Note: setting B<md> to NULL is B<not thread safe>.
++
++The following functions may be used if the message is not completely
++stored in memory:
++
++SHA1_Init() initializes a B<SHA_CTX> structure.
++
++SHA1_Update() can be called repeatedly with chunks of the message to
++be hashed (B<len> bytes at B<data>).
++
++SHA1_Final() places the message digest in B<md>, which must have space
++for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
++
++The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the
++same way as for the SHA1 functions. Note that SHA224 and SHA256 use a
++B<SHA256_CTX> object instead of B<SHA_CTX>. SHA384 and SHA512 use B<SHA512_CTX>.
++The buffer B<md> must have space for the output from the SHA variant being used
++(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and
++SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the
++SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if
++B<md> is NULL.
++
++The predecessor of SHA-1, SHA, is also implemented, but it should be
++used only when backward compatibility is required.
++
++=head1 RETURN VALUES
++
++SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
++value.
++
++SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256,
++SHA384 and SHA512 functions return 1 for success, 0 otherwise.
++
++=head1 CONFORMING TO
++
++US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash
++Standard),
++ANSI X9.30
++
++=head1 SEE ALSO
++
++L<EVP_DigestInit(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/SMIME_read_CMS.pod b/doc/crypto/SMIME_read_CMS.pod
-index 4b7c14d..8e06e59 100644
+index 4b7c14d2599d..efde0bda549b 100644
--- a/doc/crypto/SMIME_read_CMS.pod
+++ b/doc/crypto/SMIME_read_CMS.pod
@@ -2,7 +2,7 @@
@@ -92821,7 +104406,7 @@
=head1 NAME
- SMIME_read_CMS - parse S/MIME message.
-+SMIME_read_CMS - parse S/MIME message.
++SMIME_read_CMS - parse S/MIME message
=head1 SYNOPSIS
@@ -92840,9 +104425,18 @@
+
=cut
diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod
-index e96038b..6e4db5a 100644
+index e96038b13253..86d5cc3048d8 100644
--- a/doc/crypto/SMIME_read_PKCS7.pod
+++ b/doc/crypto/SMIME_read_PKCS7.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SMIME_read_PKCS7 - parse S/MIME message.
++SMIME_read_PKCS7 - parse S/MIME message
+
+ =head1 SYNOPSIS
+
@@ -66,4 +66,13 @@ L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>,
L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
L<PKCS7_decrypt(3)>
@@ -92858,7 +104452,7 @@
+
=cut
diff --git a/doc/crypto/SMIME_write_CMS.pod b/doc/crypto/SMIME_write_CMS.pod
-index 0895825..008143f 100644
+index 0895825ff38e..d58baeb746db 100644
--- a/doc/crypto/SMIME_write_CMS.pod
+++ b/doc/crypto/SMIME_write_CMS.pod
@@ -2,7 +2,7 @@
@@ -92866,7 +104460,7 @@
=head1 NAME
- SMIME_write_CMS - convert CMS structure to S/MIME format.
-+SMIME_write_CMS - convert CMS structure to S/MIME format.
++SMIME_write_CMS - convert CMS structure to S/MIME format
=head1 SYNOPSIS
@@ -92885,9 +104479,18 @@
+
=cut
diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod
-index 6e272cf..1da51f7 100644
+index 6e272cfde7a9..b57312386e2e 100644
--- a/doc/crypto/SMIME_write_PKCS7.pod
+++ b/doc/crypto/SMIME_write_PKCS7.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
++SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format
+
+ =head1 SYNOPSIS
+
@@ -58,4 +58,13 @@ L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
L<PKCS7_decrypt(3)>
@@ -92902,8 +104505,205 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/UI_new.pod b/doc/crypto/UI_new.pod
+new file mode 100644
+index 000000000000..78981c1478e0
+--- /dev/null
++++ b/doc/crypto/UI_new.pod
+@@ -0,0 +1,191 @@
++=pod
++
++=head1 NAME
++
++UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
++UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
++UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
++UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
++UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
++UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
++UI_set_method, UI_OpenSSL, ERR_load_UI_strings - user interface
++
++=head1 SYNOPSIS
++
++ #include <openssl/ui.h>
++
++ typedef struct ui_st UI;
++ typedef struct ui_method_st UI_METHOD;
++
++ UI *UI_new(void);
++ UI *UI_new_method(const UI_METHOD *method);
++ void UI_free(UI *ui);
++
++ int UI_add_input_string(UI *ui, const char *prompt, int flags,
++ char *result_buf, int minsize, int maxsize);
++ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
++ char *result_buf, int minsize, int maxsize);
++ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
++ char *result_buf, int minsize, int maxsize, const char *test_buf);
++ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
++ char *result_buf, int minsize, int maxsize, const char *test_buf);
++ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
++ const char *ok_chars, const char *cancel_chars,
++ int flags, char *result_buf);
++ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
++ const char *ok_chars, const char *cancel_chars,
++ int flags, char *result_buf);
++ int UI_add_info_string(UI *ui, const char *text);
++ int UI_dup_info_string(UI *ui, const char *text);
++ int UI_add_error_string(UI *ui, const char *text);
++ int UI_dup_error_string(UI *ui, const char *text);
++
++ /* These are the possible flags. They can be or'ed together. */
++ #define UI_INPUT_FLAG_ECHO 0x01
++ #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
++
++ char *UI_construct_prompt(UI *ui_method,
++ const char *object_desc, const char *object_name);
++
++ void *UI_add_user_data(UI *ui, void *user_data);
++ void *UI_get0_user_data(UI *ui);
++
++ const char *UI_get0_result(UI *ui, int i);
++
++ int UI_process(UI *ui);
++
++ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
++ #define UI_CTRL_PRINT_ERRORS 1
++ #define UI_CTRL_IS_REDOABLE 2
++
++ void UI_set_default_method(const UI_METHOD *meth);
++ const UI_METHOD *UI_get_default_method(void);
++ const UI_METHOD *UI_get_method(UI *ui);
++ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
++
++ UI_METHOD *UI_OpenSSL(void);
++
++=head1 DESCRIPTION
++
++UI stands for User Interface, and is general purpose set of routines to
++prompt the user for text-based information. Through user-written methods
++(see L<ui_create(3)>), prompting can be done in any way
++imaginable, be it plain text prompting, through dialog boxes or from a
++cell phone.
++
++All the functions work through a context of the type UI. This context
++contains all the information needed to prompt correctly as well as a
++reference to a UI_METHOD, which is an ordered vector of functions that
++carry out the actual prompting.
++
++The first thing to do is to create a UI with UI_new() or UI_new_method(),
++then add information to it with the UI_add or UI_dup functions. Also,
++user-defined random data can be passed down to the underlying method
++through calls to UI_add_user_data. The default UI method doesn't care
++about these data, but other methods might. Finally, use UI_process()
++to actually perform the prompting and UI_get0_result() to find the result
++to the prompt.
++
++A UI can contain more than one prompt, which are performed in the given
++sequence. Each prompt gets an index number which is returned by the
++UI_add and UI_dup functions, and has to be used to get the corresponding
++result with UI_get0_result().
++
++The functions are as follows:
++
++UI_new() creates a new UI using the default UI method. When done with
++this UI, it should be freed using UI_free().
++
++UI_new_method() creates a new UI using the given UI method. When done with
++this UI, it should be freed using UI_free().
++
++UI_OpenSSL() returns the built-in UI method (note: not the default one,
++since the default can be changed. See further on). This method is the
++most machine/OS dependent part of OpenSSL and normally generates the
++most problems when porting.
++
++UI_free() removes a UI from memory, along with all other pieces of memory
++that's connected to it, like duplicated input strings, results and others.
++If B<ui> is NULL nothing is done.
++
++UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
++as well as flags and a result buffer and the desired minimum and maximum
++sizes of the result, not counting the final NUL character. The given
++information is used to prompt for information, for example a password,
++and to verify a password (i.e. having the user enter it twice and check
++that the same string was entered twice). UI_add_verify_string() takes
++and extra argument that should be a pointer to the result buffer of the
++input string that it's supposed to verify, or verification will fail.
++
++UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
++in a boolean way, with a single character for yes and a different character
++for no. A set of characters that can be used to cancel the prompt is given
++as well. The prompt itself is divided in two, one part being the
++descriptive text (given through the I<prompt> argument) and one describing
++the possible answers (given through the I<action_desc> argument).
++
++UI_add_info_string() and UI_add_error_string() add strings that are shown at
++the same time as the prompt for extra information or to show an error string.
++The difference between the two is only conceptual. With the builtin method,
++there's no technical difference between them. Other methods may make a
++difference between them, however.
++
++The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
++UI_add_input_string() and will have the users response be echoed (when
++prompting for a password, this flag should obviously not be used, and
++UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
++sort will be used (completely depending on the application and the UI
++method).
++
++UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
++UI_dup_info_string() and UI_dup_error_string() are basically the same
++as their UI_add counterparts, except that they make their own copies
++of all strings.
++
++UI_construct_prompt() is a helper function that can be used to create
++a prompt from two pieces of information: an description and a name.
++The default constructor (if there is none provided by the method used)
++creates a string "Enter I<description> for I<name>:". With the
++description "pass phrase" and the file name "foo.key", that becomes
++"Enter pass phrase for foo.key:". Other methods may create whatever
++string and may include encodings that will be processed by the other
++method functions.
++
++UI_add_user_data() adds a piece of memory for the method to use at any
++time. The builtin UI method doesn't care about this info. Note that several
++calls to this function doesn't add data, it replaces the previous blob
++with the one given as argument.
++
++UI_get0_user_data() retrieves the data that has last been given to the
++UI with UI_add_user_data().
++
++UI_get0_result() returns a pointer to the result buffer associated with
++the information indexed by I<i>.
++
++UI_process() goes through the information given so far, does all the printing
++and prompting and returns.
++
++UI_ctrl() adds extra control for the application author. For now, it
++understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
++print the OpenSSL error stack as part of processing the UI, and
++UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
++be used again or not.
++
++UI_set_default_method() changes the default UI method to the one given.
++
++UI_get_default_method() returns a pointer to the current default UI method.
++
++UI_get_method() returns the UI method associated with a given UI.
++
++UI_set_method() changes the UI method associated with a given UI.
++
++=head1 COPYRIGHT
++
++Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/X509V3_get_d2i.pod b/doc/crypto/X509V3_get_d2i.pod
-index b502e81..30264ff 100644
+index b502e815a218..30264ff338e7 100644
--- a/doc/crypto/X509V3_get_d2i.pod
+++ b/doc/crypto/X509V3_get_d2i.pod
@@ -112,7 +112,7 @@ determine the precise reason by checking the value of B<*crit>.
@@ -92971,10 +104771,73 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/X509_ALGOR_dup.pod b/doc/crypto/X509_ALGOR_dup.pod
+new file mode 100644
+index 000000000000..8f6c9b05eb81
+--- /dev/null
++++ b/doc/crypto/X509_ALGOR_dup.pod
+@@ -0,0 +1,48 @@
++=pod
++
++=head1 NAME
++
++X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
++ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
++ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
++ X509_ALGOR *alg);
++ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
++ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
++
++=head1 DESCRIPTION
++
++X509_ALGOR_dup() returns a copy of B<alg>.
++
++X509_ALGOR_set0() sets the algorithm OID of B<alg> to B<aobj> and the
++associated parameter type to B<ptype> with value B<pval>. If B<ptype> is
++B<V_ASN1_UNDEF> the parameter is omitted, otherwise B<ptype> and B<pval> have
++the same meaning as the B<type> and B<value> parameters to ASN1_TYPE_set().
++All the supplied parameters are used internally so must B<NOT> be freed after
++this call.
++
++X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the
++algorithm OID in B<*paobj> and the associated parameter in B<*pptype>
++and B<*ppval> from the B<AlgorithmIdentifier> B<alg>.
++
++X509_ALGOR_set_md() sets the B<AlgorithmIdentifier> B<alg> to appropriate
++values for the message digest B<md>.
++
++X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
++encodings and non-zero otherwise.
++
++=head1 COPYRIGHT
++
++Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/X509_CRL_get0_by_serial.pod b/doc/crypto/X509_CRL_get0_by_serial.pod
-index d00dab9..1b32cd7 100644
+index d00dab9cb16f..add849038ddf 100644
--- a/doc/crypto/X509_CRL_get0_by_serial.pod
+++ b/doc/crypto/X509_CRL_get0_by_serial.pod
+@@ -6,7 +6,7 @@ X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED,
+ X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate,
+ X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate,
+ X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility
+-functions.
++functions
+
+ =head1 SYNOPSIS
+
@@ -100,4 +100,13 @@ L<X509_sign(3)>,
L<X509V3_get_d2i(3)>,
L<X509_verify_cert(3)>
@@ -92990,15 +104853,23 @@
+
=cut
diff --git a/doc/crypto/X509_EXTENSION_set_object.pod b/doc/crypto/X509_EXTENSION_set_object.pod
-index 6afef2b..f3cf414 100644
+index 6afef2b06410..fb94d2379f9b 100644
--- a/doc/crypto/X509_EXTENSION_set_object.pod
+++ b/doc/crypto/X509_EXTENSION_set_object.pod
-@@ -1,3 +1,5 @@
+@@ -1,10 +1,12 @@
+=pod
+
=head1 NAME
X509_EXTENSION_set_object, X509_EXTENSION_set_critical,
+ X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID,
+ X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object,
+ X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility
+-functions.
++functions
+
+ =head1 SYNOPSIS
+
@@ -81,3 +83,14 @@ X509_EXTENSION_get_data() returns an B<ASN1_OCTET_STRING> pointer.
=head1 SEE ALSO
@@ -93015,7 +104886,7 @@
+
+=cut
diff --git a/doc/crypto/X509_LOOKUP_hash_dir.pod b/doc/crypto/X509_LOOKUP_hash_dir.pod
-index dfb9e21..e9aafa3 100644
+index dfb9e214e4a3..08fa731238f8 100644
--- a/doc/crypto/X509_LOOKUP_hash_dir.pod
+++ b/doc/crypto/X509_LOOKUP_hash_dir.pod
@@ -51,7 +51,7 @@ L<X509_STORE_set_default_paths(3)>.
@@ -93045,15 +104916,22 @@
B<X509_LOOKUP_hash_dir> is a more advanced method, which loads
certificates and CRLs on demand, and caches them in memory once
-@@ -118,5 +118,13 @@ L<X509_STORE_load_locations(3)>,
+@@ -113,10 +113,19 @@ hashed names for all files with .pem suffix in a given directory.
+
+ =head1 SEE ALSO
+
+-L<pem(3)>, L<d2i_X509_bio(3)>,
++L<PEM_read_PrivateKey(3)>,
++L<d2i_X509_bio(3)>,
+ L<X509_STORE_load_locations(3)>,
L<X609_store_add_lookup(3)>,
L<SSL_CTX_load_verify_locations(3)>,
-=cut
+=head1 COPYRIGHT
+
++Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -93061,7 +104939,7 @@
+
+=cut
diff --git a/doc/crypto/X509_NAME_ENTRY_get_object.pod b/doc/crypto/X509_NAME_ENTRY_get_object.pod
-index 2cb96c5..363a89b 100644
+index 2cb96c5764a6..363a89b56c5e 100644
--- a/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -35,17 +35,17 @@ X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
@@ -93098,10 +104976,10 @@
-=head1 HISTORY
+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-TBA
++Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -93109,7 +104987,7 @@
=cut
diff --git a/doc/crypto/X509_NAME_add_entry_by_txt.pod b/doc/crypto/X509_NAME_add_entry_by_txt.pod
-index c10ea0f..0b00278 100644
+index c10ea0fb77dc..0b002781aab4 100644
--- a/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ b/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -61,7 +61,7 @@ to 0. This adds a new entry to the end of B<name> as a single valued
@@ -93121,7 +104999,7 @@
B<set> determines how the new type is added. If it is zero a
new RDN is created.
-@@ -80,16 +80,16 @@ Create an B<X509_NAME> structure:
+@@ -80,16 +80,16 @@ always set to zero.
X509_NAME *nm;
nm = X509_NAME_new();
if (nm == NULL)
@@ -93161,8 +105039,52 @@
+L<https://www.openssl.org/source/license.html>.
=cut
+diff --git a/doc/crypto/X509_NAME_get0_der.pod b/doc/crypto/X509_NAME_get0_der.pod
+new file mode 100644
+index 000000000000..722fadb944e1
+--- /dev/null
++++ b/doc/crypto/X509_NAME_get0_der.pod
+@@ -0,0 +1,38 @@
++=pod
++
++=head1 NAME
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
++ X509_NAME *nm)
++
++
++=head1 DESCRIPTION
++
++The function X509_NAME_get0_der() returns an internal pointer to the
++encoding of an B<X509_NAME> structure in B<*pder> and consisting of
++B<*pderlen> bytes. It is useful for applications that wish to examine
++the encoding of an B<X509_NAME> structure without copying it.
++
++=head1 RETURN VALUES
++
++The function X509_NAME_get0_der() returns 1 for success and 0 if an error
++occurred.
++
++=head1 SEE ALSO
++
++L<d2i_X509(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod
-index e6dfff3..e84642a 100644
+index e6dfff3713d2..e84642ae11e9 100644
--- a/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -44,7 +44,7 @@ B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
@@ -93174,7 +105096,7 @@
=head1 NOTES
-@@ -76,10 +76,10 @@ Process all entries:
+@@ -76,10 +76,10 @@ can be determined first by checking OBJ_nid2obj(nid) is not NULL.
X509_NAME_ENTRY *e;
for (i = 0; i < X509_NAME_entry_count(nm); i++)
@@ -93189,7 +105111,7 @@
Process all commonName entries:
-@@ -88,13 +88,13 @@ Process all commonName entries:
+@@ -88,13 +88,13 @@ can be determined first by checking OBJ_nid2obj(nid) is not NULL.
loc = -1;
for (;;)
@@ -93227,9 +105149,18 @@
=cut
diff --git a/doc/crypto/X509_NAME_print_ex.pod b/doc/crypto/X509_NAME_print_ex.pod
-index 0d8e5fe..9e35c5c 100644
+index 0d8e5fe6415e..9d928245bb81 100644
--- a/doc/crypto/X509_NAME_print_ex.pod
+++ b/doc/crypto/X509_NAME_print_ex.pod
+@@ -3,7 +3,7 @@
+ =head1 NAME
+
+ X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+-X509_NAME_oneline - X509_NAME printing routines.
++X509_NAME_oneline - X509_NAME printing routines
+
+ =head1 SYNOPSIS
+
@@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing routines.
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
@@ -93274,13 +105205,238 @@
=cut
diff --git a/doc/crypto/X509_PUBKEY.pod b/doc/crypto/X509_PUBKEY.pod
-index 7b85ffa..36da685 100644
+deleted file mode 100644
+index 7b85ffa16d62..000000000000
--- a/doc/crypto/X509_PUBKEY.pod
-+++ b/doc/crypto/X509_PUBKEY.pod
-@@ -108,4 +108,13 @@ L<d2i_X509(3)>,
- L<ERR_get_error(3)>,
- L<X509_get_pubkey(3)>,
-
++++ /dev/null
+@@ -1,111 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0,
+-X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
+-i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
+-X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509_PUBKEY *X509_PUBKEY_new(void);
+- void X509_PUBKEY_free(X509_PUBKEY *a);
+-
+- int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+- EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+- EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+-
+- EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+- int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+-
+- EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+- EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+-
+- int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+- int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+-
+- int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+- int ptype, void *pval,
+- unsigned char *penc, int penclen);
+- int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+- const unsigned char **pk, int *ppklen,
+- X509_ALGOR **pa, X509_PUBKEY *pub);
+-
+-=head1 DESCRIPTION
+-
+-The B<X509_PUBKEY> structure represents the ASN.1 B<SubjectPublicKeyInfo>
+-structure defined in RFC5280 and used in certificates and certificate requests.
+-
+-X509_PUBKEY_new() allocates and initializes an B<X509_PUBKEY> structure.
+-
+-X509_PUBKEY_free() frees up B<X509_PUBKEY> structure B<a>. If B<a> is NULL
+-nothing is done.
+-
+-X509_PUBKEY_set() sets the public key in B<*x> to the public key contained
+-in the B<EVP_PKEY> structure B<pkey>. If B<*x> is not NULL any existing
+-public key structure will be freed.
+-
+-X509_PUBKEY_get0() returns the public key contained in B<key>. The returned
+-value is an internal pointer which B<MUST NOT> be freed after use.
+-
+-X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference
+-count on the returned key is incremented so it B<MUST> be freed using
+-EVP_PKEY_free() after use.
+-
+-d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
+-using B<SubjectPublicKeyInfo> format. They otherise follow the conventions of
+-other ASN.1 functions such as d2i_X509().
+-
+-d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
+-similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a
+-B<BIO> or B<FILE> pointer.
+-
+-X509_PUBKEY_set0_param() sets the public key parameters of B<pub>. The
+-OID associated with the algorithm is set to B<aobj>. The type of the
+-algorithm parameters is set to B<type> using the structure B<pval>.
+-The encoding of the public key itself is set to the B<penclen>
+-bytes contained in buffer B<penc>. On success ownership of all the supplied
+-parameters is passed to B<pub> so they must not be freed after the
+-call.
+-
+-X509_PUBKEY_get0_param() retrieves the public key parameters from B<pub>,
+-B<*ppkalg> is set to the associated OID and the encoding consists of
+-B<*ppklen> bytes at B<*pk>, B<*pa> is set to the associated
+-AlgorithmIdentifier for the public key. If the value of any of these
+-parameters is not required it can be set to B<NULL>. All of the
+-retrieved pointers are internal and must not be freed after the
+-call.
+-
+-=head1 NOTES
+-
+-The B<X509_PUBKEY> functions can be used to encode and decode public keys
+-in a standard format.
+-
+-In many cases applications will not call the B<X509_PUBKEY> functions
+-directly: they will instead call wrapper functions such as X509_get0_pubkey().
+-
+-=head1 RETURN VALUES
+-
+-If the allocation fails, X509_PUBKEY_new() returns B<NULL> and sets an error
+-code that can be obtained by L<ERR_get_error(3)>.
+-
+-Otherwise it returns a pointer to the newly allocated structure.
+-
+-X509_PUBKEY_free() does not return a value.
+-
+-X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an B<EVP_PKEY>
+-structure or B<NULL> if an error occurs.
+-
+-X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
+-return 1 for success and 0 if an error occurred.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>,
+-L<ERR_get_error(3)>,
+-L<X509_get_pubkey(3)>,
+-
+-=cut
+diff --git a/doc/crypto/X509_PUBKEY_new.pod b/doc/crypto/X509_PUBKEY_new.pod
+new file mode 100644
+index 000000000000..0e8a14abb53b
+--- /dev/null
++++ b/doc/crypto/X509_PUBKEY_new.pod
+@@ -0,0 +1,120 @@
++=pod
++
++=head1 NAME
++
++X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0,
++X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
++i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
++X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ X509_PUBKEY *X509_PUBKEY_new(void);
++ void X509_PUBKEY_free(X509_PUBKEY *a);
++
++ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
++ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
++ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
++
++ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
++ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
++
++ EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
++ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
++
++ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
++ int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
++
++ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
++ int ptype, void *pval,
++ unsigned char *penc, int penclen);
++ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
++ const unsigned char **pk, int *ppklen,
++ X509_ALGOR **pa, X509_PUBKEY *pub);
++
++=head1 DESCRIPTION
++
++The B<X509_PUBKEY> structure represents the ASN.1 B<SubjectPublicKeyInfo>
++structure defined in RFC5280 and used in certificates and certificate requests.
++
++X509_PUBKEY_new() allocates and initializes an B<X509_PUBKEY> structure.
++
++X509_PUBKEY_free() frees up B<X509_PUBKEY> structure B<a>. If B<a> is NULL
++nothing is done.
++
++X509_PUBKEY_set() sets the public key in B<*x> to the public key contained
++in the B<EVP_PKEY> structure B<pkey>. If B<*x> is not NULL any existing
++public key structure will be freed.
++
++X509_PUBKEY_get0() returns the public key contained in B<key>. The returned
++value is an internal pointer which B<MUST NOT> be freed after use.
++
++X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference
++count on the returned key is incremented so it B<MUST> be freed using
++EVP_PKEY_free() after use.
++
++d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
++using B<SubjectPublicKeyInfo> format. They otherise follow the conventions of
++other ASN.1 functions such as d2i_X509().
++
++d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
++similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a
++B<BIO> or B<FILE> pointer.
++
++X509_PUBKEY_set0_param() sets the public key parameters of B<pub>. The
++OID associated with the algorithm is set to B<aobj>. The type of the
++algorithm parameters is set to B<type> using the structure B<pval>.
++The encoding of the public key itself is set to the B<penclen>
++bytes contained in buffer B<penc>. On success ownership of all the supplied
++parameters is passed to B<pub> so they must not be freed after the
++call.
++
++X509_PUBKEY_get0_param() retrieves the public key parameters from B<pub>,
++B<*ppkalg> is set to the associated OID and the encoding consists of
++B<*ppklen> bytes at B<*pk>, B<*pa> is set to the associated
++AlgorithmIdentifier for the public key. If the value of any of these
++parameters is not required it can be set to B<NULL>. All of the
++retrieved pointers are internal and must not be freed after the
++call.
++
++=head1 NOTES
++
++The B<X509_PUBKEY> functions can be used to encode and decode public keys
++in a standard format.
++
++In many cases applications will not call the B<X509_PUBKEY> functions
++directly: they will instead call wrapper functions such as X509_get0_pubkey().
++
++=head1 RETURN VALUES
++
++If the allocation fails, X509_PUBKEY_new() returns B<NULL> and sets an error
++code that can be obtained by L<ERR_get_error(3)>.
++
++Otherwise it returns a pointer to the newly allocated structure.
++
++X509_PUBKEY_free() does not return a value.
++
++X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an B<EVP_PKEY>
++structure or B<NULL> if an error occurs.
++
++X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
++return 1 for success and 0 if an error occurred.
++
++=head1 SEE ALSO
++
++L<d2i_X509(3)>,
++L<ERR_get_error(3)>,
++L<X509_get_pubkey(3)>,
++
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -93290,12 +105446,50 @@
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
- =cut
++=cut
+diff --git a/doc/crypto/X509_SIG_get0.pod b/doc/crypto/X509_SIG_get0.pod
+new file mode 100644
+index 000000000000..1d61497c1c6a
+--- /dev/null
++++ b/doc/crypto/X509_SIG_get0.pod
+@@ -0,0 +1,32 @@
++=pod
++
++=head1 NAME
++
++X509_SIG_get0 - Get DigestInfo functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
++ X509_SIG *sig);
++
++=head1 DESCRIPTION
++
++X509_SIG_get0() returns pointers to the algorithm identifier and digest
++value in B<sig>. These values can then be examined or initialised.
++
++=head1 SEE ALSO
++
++L<d2i_X509(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod
-index 1cc6bb5..428e500 100644
+index 1cc6bb5e8fe8..d4163d7acf4d 100644
--- a/doc/crypto/X509_STORE_CTX_get_error.pod
+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
-@@ -3,20 +3,24 @@
+@@ -3,20 +3,23 @@
=head1 NAME
X509_STORE_CTX_get_error, X509_STORE_CTX_set_error,
@@ -93311,7 +105505,7 @@
=head1 SYNOPSIS
#include <openssl/x509.h>
- #include <openssl/x509_vfy.h>
+- #include <openssl/x509_vfy.h>
- int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
@@ -93328,7 +105522,7 @@
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-@@ -39,11 +43,27 @@ non-negative integer representing where in the certificate chain the error
+@@ -39,11 +42,28 @@ non-negative integer representing where in the certificate chain the error
occurred. If it is zero it occurred in the end entity certificate, one if
it is the certificate which signed the end entity certificate and so on.
@@ -93352,7 +105546,8 @@
+Once such a I<saved> certificate is no longer needed it can be freed with
+L<X509_free(3)>.
+
-+X509_STORE_CTX_get0_cert() returns the leaf certificate being verified.
++X509_STORE_CTX_get0_cert() retrieves an internal pointer to the
++certificate being verified by the B<ctx>.
+
X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
call to X509_verify_cert() is successful. If the call to X509_verify_cert()
@@ -93365,13 +105560,13 @@
+L<X509_verify_cert(3)>,
+L<X509_up_ref(3)>,
+L<X509_free(3)>.
-+
-+=head1 COPYRIGHT
-=head1 HISTORY
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
++=head1 COPYRIGHT
-TBA
++Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
++
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -93379,10 +105574,22 @@
=cut
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
-index 17517b3..7b9952c 100644
+index 17517b3e1682..1f4d4107236c 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
-@@ -24,7 +24,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+@@ -7,11 +7,9 @@ X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert,
+ X509_STORE_CTX_set0_crls,
+ X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
+ X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param,
+-X509_STORE_CTX_get0_cert,
+ X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,
+ X509_STORE_CTX_get_num_untrusted,
+ X509_STORE_CTX_set_default,
+-X509_STORE_CTX_get_verify_cb,
+ X509_STORE_CTX_set_verify,
+ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+
+@@ -24,7 +22,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
@@ -93391,7 +105598,15 @@
void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-@@ -47,6 +47,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+@@ -37,7 +35,6 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+- X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+ STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+@@ -47,6 +44,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify);
@@ -93399,7 +105614,17 @@
=head1 DESCRIPTION
-@@ -115,6 +116,23 @@ find an appropriate set of parameters from B<name>.
+@@ -96,9 +94,6 @@ for example in a PKCS#7 structure.
+ X509_STORE_CTX_get0_param() retrieves an internal pointer
+ to the verification parameters associated with B<ctx>.
+
+-X509_STORE_CTX_get0_cert() retrieves an internal pointer to the
+-certificate being verified by the B<ctx>.
+-
+ X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the
+ stack of untrusted certifieds associated with B<ctx>.
+
+@@ -115,6 +110,23 @@ find an appropriate set of parameters from B<name>.
X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
that were used in building the chain following a call to X509_verify_cert().
@@ -93423,7 +105648,7 @@
=head1 NOTES
The certificates and CRLs in a store are used internally and should B<not>
-@@ -147,6 +165,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
+@@ -147,6 +159,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
used.
@@ -93433,7 +105658,7 @@
=head1 SEE ALSO
L<X509_verify_cert(3)>
-@@ -156,5 +177,17 @@ L<X509_VERIFY_PARAM_set_flags(3)>
+@@ -156,5 +171,17 @@ L<X509_VERIFY_PARAM_set_flags(3)>
X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
@@ -93452,7 +105677,7 @@
=cut
diff --git a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
-index e89b806..1305f32 100644
+index e89b8060f71c..1305f32c59e8 100644
--- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
+++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
@@ -14,7 +14,7 @@ X509_STORE_CTX_set_verify_cb - get and set verification callback
@@ -93528,11 +105753,17 @@
- {
- X509 *err_cert;
- int err,depth;
--
++ {
++ X509 *err_cert;
++ int err,depth;
+
- err_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
--
++ err_cert = X509_STORE_CTX_get_current_cert(ctx);
++ err = X509_STORE_CTX_get_error(ctx);
++ depth = X509_STORE_CTX_get_error_depth(ctx);
+
- BIO_printf(bio_err,"depth=%d ",depth);
- if (err_cert)
- {
@@ -93571,18 +105802,6 @@
- }
- if (err == X509_V_OK && ok == 2)
- /* print out policies */
--
-- BIO_printf(bio_err,"verify return:%d\n",ok);
-- return(ok);
-- }
-+ {
-+ X509 *err_cert;
-+ int err,depth;
-+
-+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
-+ err = X509_STORE_CTX_get_error(ctx);
-+ depth = X509_STORE_CTX_get_error_depth(ctx);
-+
+ BIO_printf(bio_err,"depth=%d ",depth);
+ if (err_cert)
+ {
@@ -93621,7 +105840,10 @@
+ }
+ if (err == X509_V_OK && ok == 2)
+ /* print out policies */
-+
+
+- BIO_printf(bio_err,"verify return:%d\n",ok);
+- return(ok);
+- }
+ BIO_printf(bio_err,"verify return:%d\n",ok);
+ return(ok);
+ }
@@ -93644,7 +105866,7 @@
=cut
diff --git a/doc/crypto/X509_STORE_get0_param.pod b/doc/crypto/X509_STORE_get0_param.pod
new file mode 100644
-index 0000000..2144f2b
+index 000000000000..2144f2b0ae40
--- /dev/null
+++ b/doc/crypto/X509_STORE_get0_param.pod
@@ -0,0 +1,57 @@
@@ -93706,7 +105928,7 @@
+
+=cut
diff --git a/doc/crypto/X509_STORE_new.pod b/doc/crypto/X509_STORE_new.pod
-index 37cabb5..0d0656f 100644
+index 37cabb5c5588..0d0656f2de8c 100644
--- a/doc/crypto/X509_STORE_new.pod
+++ b/doc/crypto/X509_STORE_new.pod
@@ -32,5 +32,19 @@ X509_STORE_free() does not return values.
@@ -93730,7 +105952,7 @@
=cut
diff --git a/doc/crypto/X509_STORE_set_verify_cb_func.pod b/doc/crypto/X509_STORE_set_verify_cb_func.pod
-index 67092db..7e66b23 100644
+index 67092db5382e..7e66b23e04b7 100644
--- a/doc/crypto/X509_STORE_set_verify_cb_func.pod
+++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod
@@ -9,10 +9,10 @@ X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callb
@@ -93779,7 +106001,7 @@
+
=cut
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-index 04f5215..4b8e177 100644
+index 04f521506fc0..4b8e1775e8a2 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -11,7 +11,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
@@ -93883,7 +106105,7 @@
+
=cut
diff --git a/doc/crypto/X509_check_ca.pod b/doc/crypto/X509_check_ca.pod
-index 87b6c26..fbeacde 100644
+index 87b6c26d5572..fbeacdecb9a7 100644
--- a/doc/crypto/X509_check_ca.pod
+++ b/doc/crypto/X509_check_ca.pod
@@ -33,4 +33,13 @@ L<X509_verify_cert(3)>,
@@ -93901,7 +106123,7 @@
+
=cut
diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod
-index d35ade8..9384815 100644
+index d35ade8cb918..93848152b5ec 100644
--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
@@ -9,11 +9,11 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert
@@ -93934,7 +106156,7 @@
+
=cut
diff --git a/doc/crypto/X509_check_issued.pod b/doc/crypto/X509_check_issued.pod
-index 0830e82..8e4b111 100644
+index 0830e82d70ea..8e4b1117ca88 100644
--- a/doc/crypto/X509_check_issued.pod
+++ b/doc/crypto/X509_check_issued.pod
@@ -15,7 +15,7 @@ certificate
@@ -93960,10 +106182,325 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/X509_dup.pod b/doc/crypto/X509_dup.pod
+new file mode 100644
+index 000000000000..e1dd91c3382b
+--- /dev/null
++++ b/doc/crypto/X509_dup.pod
+@@ -0,0 +1,300 @@
++=pod
++
++=head1 NAME
++
++DECLARE_ASN1_FUNCTIONS,
++IMPLEMENT_ASN1_FUNCTIONS,
++ASN1_ITEM,
++ACCESS_DESCRIPTION_free,
++ACCESS_DESCRIPTION_new,
++ASIdOrRange_free,
++ASIdOrRange_new,
++ASIdentifierChoice_free,
++ASIdentifierChoice_new,
++ASIdentifiers_free,
++ASIdentifiers_new,
++ASRange_free,
++ASRange_new,
++AUTHORITY_INFO_ACCESS_free,
++AUTHORITY_INFO_ACCESS_new,
++AUTHORITY_KEYID_free,
++AUTHORITY_KEYID_new,
++BASIC_CONSTRAINTS_free,
++BASIC_CONSTRAINTS_new,
++CERTIFICATEPOLICIES_free,
++CERTIFICATEPOLICIES_new,
++CMS_ContentInfo_free,
++CMS_ContentInfo_new,
++CMS_ContentInfo_print_ctx,
++CMS_ReceiptRequest_free,
++CMS_ReceiptRequest_new,
++CRL_DIST_POINTS_free,
++CRL_DIST_POINTS_new,
++DIRECTORYSTRING_free,
++DIRECTORYSTRING_new,
++DISPLAYTEXT_free,
++DISPLAYTEXT_new,
++DIST_POINT_NAME_free,
++DIST_POINT_NAME_new,
++DIST_POINT_free,
++DIST_POINT_new,
++DSAparams_dup,
++EDIPARTYNAME_free,
++EDIPARTYNAME_new,
++ESS_CERT_ID_dup,
++ESS_CERT_ID_free,
++ESS_CERT_ID_new,
++ESS_ISSUER_SERIAL_dup,
++ESS_ISSUER_SERIAL_free,
++ESS_ISSUER_SERIAL_new,
++ESS_SIGNING_CERT_dup,
++ESS_SIGNING_CERT_free,
++ESS_SIGNING_CERT_new,
++EXTENDED_KEY_USAGE_free,
++EXTENDED_KEY_USAGE_new,
++GENERAL_NAMES_free,
++GENERAL_NAMES_new,
++GENERAL_NAME_dup,
++GENERAL_NAME_free,
++GENERAL_NAME_new,
++GENERAL_SUBTREE_free,
++GENERAL_SUBTREE_new,
++IPAddressChoice_free,
++IPAddressChoice_new,
++IPAddressFamily_free,
++IPAddressFamily_new,
++IPAddressOrRange_free,
++IPAddressOrRange_new,
++IPAddressRange_free,
++IPAddressRange_new,
++ISSUING_DIST_POINT_free,
++ISSUING_DIST_POINT_new,
++NAME_CONSTRAINTS_free,
++NAME_CONSTRAINTS_new,
++NETSCAPE_CERT_SEQUENCE_free,
++NETSCAPE_CERT_SEQUENCE_new,
++NETSCAPE_SPKAC_free,
++NETSCAPE_SPKAC_new,
++NETSCAPE_SPKI_free,
++NETSCAPE_SPKI_new,
++NOTICEREF_free,
++NOTICEREF_new,
++OCSP_BASICRESP_free,
++OCSP_BASICRESP_new,
++OCSP_CERTID_dup,
++OCSP_CERTID_new,
++OCSP_CERTSTATUS_free,
++OCSP_CERTSTATUS_new,
++OCSP_CRLID_free,
++OCSP_CRLID_new,
++OCSP_ONEREQ_free,
++OCSP_ONEREQ_new,
++OCSP_REQINFO_free,
++OCSP_REQINFO_new,
++OCSP_RESPBYTES_free,
++OCSP_RESPBYTES_new,
++OCSP_RESPDATA_free,
++OCSP_RESPDATA_new,
++OCSP_RESPID_free,
++OCSP_RESPID_new,
++OCSP_RESPONSE_new,
++OCSP_REVOKEDINFO_free,
++OCSP_REVOKEDINFO_new,
++OCSP_SERVICELOC_free,
++OCSP_SERVICELOC_new,
++OCSP_SIGNATURE_free,
++OCSP_SIGNATURE_new,
++OCSP_SINGLERESP_free,
++OCSP_SINGLERESP_new,
++OTHERNAME_free,
++OTHERNAME_new,
++PBE2PARAM_free,
++PBE2PARAM_new,
++PBEPARAM_free,
++PBEPARAM_new,
++PBKDF2PARAM_free,
++PBKDF2PARAM_new,
++PKCS12_BAGS_free,
++PKCS12_BAGS_new,
++PKCS12_MAC_DATA_free,
++PKCS12_MAC_DATA_new,
++PKCS12_SAFEBAG_free,
++PKCS12_SAFEBAG_new,
++PKCS12_free,
++PKCS12_new,
++PKCS7_DIGEST_free,
++PKCS7_DIGEST_new,
++PKCS7_ENCRYPT_free,
++PKCS7_ENCRYPT_new,
++PKCS7_ENC_CONTENT_free,
++PKCS7_ENC_CONTENT_new,
++PKCS7_ENVELOPE_free,
++PKCS7_ENVELOPE_new,
++PKCS7_ISSUER_AND_SERIAL_free,
++PKCS7_ISSUER_AND_SERIAL_new,
++PKCS7_RECIP_INFO_free,
++PKCS7_RECIP_INFO_new,
++PKCS7_SIGNED_free,
++PKCS7_SIGNED_new,
++PKCS7_SIGNER_INFO_free,
++PKCS7_SIGNER_INFO_new,
++PKCS7_SIGN_ENVELOPE_free,
++PKCS7_SIGN_ENVELOPE_new,
++PKCS7_dup,
++PKCS7_free,
++PKCS7_new,
++PKCS7_print_ctx,
++PKCS8_PRIV_KEY_INFO_free,
++PKCS8_PRIV_KEY_INFO_new,
++PKEY_USAGE_PERIOD_free,
++PKEY_USAGE_PERIOD_new,
++POLICYINFO_free,
++POLICYINFO_new,
++POLICYQUALINFO_free,
++POLICYQUALINFO_new,
++POLICY_CONSTRAINTS_free,
++POLICY_CONSTRAINTS_new,
++POLICY_MAPPING_free,
++POLICY_MAPPING_new,
++PROXY_CERT_INFO_EXTENSION_free,
++PROXY_CERT_INFO_EXTENSION_new,
++PROXY_POLICY_free,
++PROXY_POLICY_new,
++RSAPrivateKey_dup,
++RSAPublicKey_dup,
++RSA_OAEP_PARAMS_free,
++RSA_OAEP_PARAMS_new,
++RSA_PSS_PARAMS_free,
++RSA_PSS_PARAMS_new,
++SCT_LIST_free,
++SXNETID_free,
++SXNETID_new,
++SXNET_free,
++SXNET_new,
++TLS_FEATURE_free,
++TLS_FEATURE_new,
++TS_ACCURACY_dup,
++TS_ACCURACY_free,
++TS_ACCURACY_new,
++TS_MSG_IMPRINT_dup,
++TS_MSG_IMPRINT_free,
++TS_MSG_IMPRINT_new,
++TS_REQ_dup,
++TS_REQ_free,
++TS_REQ_new,
++TS_RESP_dup,
++TS_RESP_free,
++TS_RESP_new,
++TS_STATUS_INFO_dup,
++TS_STATUS_INFO_free,
++TS_STATUS_INFO_new,
++TS_TST_INFO_dup,
++TS_TST_INFO_free,
++TS_TST_INFO_new,
++USERNOTICE_free,
++USERNOTICE_new,
++X509_ALGOR_free,
++X509_ALGOR_new,
++X509_ATTRIBUTE_dup,
++X509_ATTRIBUTE_free,
++X509_ATTRIBUTE_new,
++X509_CERT_AUX_free,
++X509_CERT_AUX_new,
++X509_CINF_free,
++X509_CINF_new,
++X509_CRL_INFO_free,
++X509_CRL_INFO_new,
++X509_CRL_METHOD_free,
++X509_CRL_METHOD_new,
++X509_CRL_dup,
++X509_CRL_free,
++X509_CRL_new,
++X509_EXTENSION_dup,
++X509_EXTENSION_free,
++X509_EXTENSION_new,
++X509_NAME_ENTRY_dup,
++X509_NAME_ENTRY_free,
++X509_NAME_ENTRY_new,
++X509_NAME_dup,
++X509_NAME_free,
++X509_NAME_new,
++X509_REQ_INFO_free,
++X509_REQ_INFO_new,
++X509_REQ_dup,
++X509_REQ_free,
++X509_REQ_new,
++X509_REVOKED_dup,
++X509_REVOKED_free,
++X509_REVOKED_new,
++X509_SIG_free,
++X509_SIG_new,
++X509_VAL_free,
++X509_VAL_new,
++X509_dup,
++- ASN1 object utilities
++
++=head1 SYNOPSIS
++
++ #include <openssl/asn1t.h>
++
++ #define DECLARE_ASN1_FUNCTIONS(type) ...
++ #define IMPLEMENT_ASN1_FUNCTIONS(stname) ...
++
++ typedef struct ASN1_ITEM_st ASN1_ITEM;
++
++ extern const ASN1_ITEM TYPE_it;
++ TYPE *TYPE_new(void);
++ TYPE *TYPE_dup(TYPE *a);
++ void TYPE_free(TYPE *a);
++ int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
++
++
++=head1 DESCRIPTION
++
++In the description below, I<TYPE> is used
++as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
++
++The OpenSSL ASN1 parsing library templates are like a data-driven bytecode
++interpreter.
++Every ASN1 object as a global variable, TYPE_it, that describes the item
++such as its fields. (On systems which cannot export variables from shared
++libraries, the global is instead a function which returns a pointer to a
++static variable.
++
++The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files
++to generate the function declarations.
++
++The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file
++to generate the function bodies.
++
++
++TYPE_new() allocates an empty object of the indicated type.
++The object returned must be released by calling TYPE_free().
++
++TYPE_dup() copies an existing object.
++
++TYPE_free() releases the object and all pointers and sub-objects
++within it.
++
++TYPE_print_ctx() prints the object B<a> on the specified BIO B<out>.
++Each line will be prefixed with B<indent> spaces.
++The B<pctx> specifies the printing context and is for internal
++use; use NULL to get the default behavior. If a print function is
++user-defined, then pass in any B<pctx> down to any nested calls.
++
++=head1 RETURN VALUES
++
++TYPE_new() and TYPE_dup() return a pointer to the object or NULL on failure.
++
++TYPE_print_ctx() returns 1 on success or zero on failure.
++
++=head1 COPYRIGHT
++
++Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/X509_get0_signature.pod b/doc/crypto/X509_get0_signature.pod
-index 8758684..d86f238 100644
+index 875868448270..7de22360f241 100644
--- a/doc/crypto/X509_get0_signature.pod
+++ b/doc/crypto/X509_get0_signature.pod
+@@ -4,7 +4,7 @@
+
+ X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
+ X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
+-X509_CRL_get_signature_nid - signature information.
++X509_CRL_get_signature_nid - signature information
+
+ =head1 SYNOPSIS
+
@@ -82,4 +82,13 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added
to OpenSSL 1.1.0.
@@ -93979,7 +106516,7 @@
+
=cut
diff --git a/doc/crypto/X509_get0_uids.pod b/doc/crypto/X509_get0_uids.pod
-index a61c267..ccdded6 100644
+index a61c267449c6..ccdded685045 100644
--- a/doc/crypto/X509_get0_uids.pod
+++ b/doc/crypto/X509_get0_uids.pod
@@ -44,4 +44,13 @@ L<X509_sign(3)>,
@@ -93997,13 +106534,57 @@
+
=cut
diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod
-index c6e2486..ac17795 100644
+index c6e24864ebd6..1452cc8a3625 100644
--- a/doc/crypto/X509_get_extension_flags.pod
+++ b/doc/crypto/X509_get_extension_flags.pod
-@@ -127,4 +127,13 @@ is absent or an error occurred during parsing.
+@@ -2,13 +2,15 @@
+ =head1 NAME
+
++X509_get_pathlen,
+ X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
+-retrieve certificate extension flags.
++retrieve certificate extension data
+
+ =head1 SYNOPSIS
+
+ #include <openssl/x509v3.h>
+
++ long X509_get_pathlen(X509 *x);
+ uint32_t X509_get_extension_flags(X509 *x);
+ uint32_t X509_get_key_usage(X509 *x);
+ uint32_t X509_get_extended_key_usage(X509 *x);
+@@ -16,7 +18,11 @@ retrieve certificate extension flags.
+
+ =head1 DESCRIPTION
+
+-These functions retrieve flags related to commonly used certificate extensions.
++These functions retrieve information related to commonly used certificate extensions.
++
++X509_get_pathlen() retrieves the path length extension from a certificate.
++This extension is used to limit the length of a cert chain that may be
++issued from that CA.
+
+ X509_get_extension_flags() retrieves general information about a certificate,
+ it will return one or more of the following flags ored together.
+@@ -115,6 +121,9 @@ X509_get_ext_d2i().
+
+ =head1 RETURN VALUE
+
++X509_get_pathlen() returns the path length value, or -1 if the extension
++is not present.
++
+ X509_get_extension_flags(), X509_get_key_usage() and
+ X509_get_extended_key_usage() return sets of flags corresponding to the
+ certificate extension values.
+@@ -127,4 +136,17 @@ is absent or an error occurred during parsing.
+
L<X509_check_purpose(3)>
++=head1 HISTORY
++
++X509_get_pathlen() was added in OpenSSL 1.1.0.
++
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -94015,20 +106596,22 @@
+
=cut
diff --git a/doc/crypto/X509_get_pubkey.pod b/doc/crypto/X509_get_pubkey.pod
-index c2fb5c0..4fe7dbc 100644
+index c2fb5c0836c2..2a5718fd2979 100644
--- a/doc/crypto/X509_get_pubkey.pod
+++ b/doc/crypto/X509_get_pubkey.pod
-@@ -3,8 +3,8 @@
+@@ -3,9 +3,9 @@
=head1 NAME
X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY,
-X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey,
-X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request
+-public key.
+X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey,
+X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request
- public key.
++public key
=head1 SYNOPSIS
+
@@ -37,7 +37,7 @@ must not be freed up after use.
X509_set_pubkey() attempts to set the public key for certificate B<x> to
B<pkey>. The key B<pkey> should be freed up after use.
@@ -94054,9 +106637,18 @@
=cut
diff --git a/doc/crypto/X509_get_serialNumber.pod b/doc/crypto/X509_get_serialNumber.pod
-index 42ba257..f51e30d 100644
+index 42ba25791bab..4f1b033ade66 100644
--- a/doc/crypto/X509_get_serialNumber.pod
+++ b/doc/crypto/X509_get_serialNumber.pod
+@@ -3,7 +3,7 @@
+ =head1 NAME
+
+ X509_get_serialNumber, X509_set_serialNumber - get or set certificate serial
+-number.
++number
+
+ =head1 SYNOPSIS
+
@@ -52,4 +52,13 @@ L<X509_verify_cert(3)>
X509_get_serialNumber() and X509_set_serialNumber() are available in
all versions of OpenSSL.
@@ -94072,9 +106664,18 @@
+
=cut
diff --git a/doc/crypto/X509_get_subject_name.pod b/doc/crypto/X509_get_subject_name.pod
-index dcbf969..8f1b30c 100644
+index dcbf969ce0b2..fbff0cfb6b6c 100644
--- a/doc/crypto/X509_get_subject_name.pod
+++ b/doc/crypto/X509_get_subject_name.pod
+@@ -5,7 +5,7 @@
+ X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name,
+ X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name,
+ X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or
+-subject names.
++subject names
+
+ =head1 SYNOPSIS
+
@@ -74,4 +74,13 @@ L<X509_sign(3)>,
L<X509V3_get_d2i(3)>,
L<X509_verify_cert(3)>
@@ -94090,9 +106691,18 @@
+
=cut
diff --git a/doc/crypto/X509_get_version.pod b/doc/crypto/X509_get_version.pod
-index b02f12b..1878967 100644
+index b02f12bd785e..d970962911fd 100644
--- a/doc/crypto/X509_get_version.pod
+++ b/doc/crypto/X509_get_version.pod
+@@ -4,7 +4,7 @@
+
+ X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version,
+ X509_CRL_get_version, X509_CRL_set_version - get or set certificate,
+-certificate request or CRL version.
++certificate request or CRL version
+
+ =head1 SYNOPSIS
+
@@ -71,4 +71,13 @@ L<X509_verify_cert(3)>
X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are
functions in OpenSSL 1.1.0, in previous versions they were macros.
@@ -94108,7 +106718,7 @@
+
=cut
diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod
-index 8db6cdb..0b9126e 100644
+index 8db6cdb245e4..0b9126ecf993 100644
--- a/doc/crypto/X509_new.pod
+++ b/doc/crypto/X509_new.pod
@@ -10,7 +10,7 @@ X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
@@ -94144,9 +106754,18 @@
+
=cut
diff --git a/doc/crypto/X509_sign.pod b/doc/crypto/X509_sign.pod
-index fa24360..59fa175 100644
+index fa243601aa3f..9429280b0128 100644
--- a/doc/crypto/X509_sign.pod
+++ b/doc/crypto/X509_sign.pod
+@@ -4,7 +4,7 @@
+
+ X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx,
+ X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify -
+-sign or verify certificate, certificate request or CRL signature.
++sign or verify certificate, certificate request or CRL signature
+
+ =head1 SYNOPSIS
+
@@ -87,4 +87,13 @@ versions of OpenSSL.
X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added
to OpenSSL 1.0.1.
@@ -94162,7 +106781,7 @@
+
=cut
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
-index a84ef00..74acf8d 100644
+index a84ef0008939..74acf8df71fe 100644
--- a/doc/crypto/X509_verify_cert.pod
+++ b/doc/crypto/X509_verify_cert.pod
@@ -31,12 +31,13 @@ Applications rarely call this function directly but it is used by
@@ -94200,9 +106819,18 @@
+
=cut
diff --git a/doc/crypto/X509v3_get_ext_by_NID.pod b/doc/crypto/X509v3_get_ext_by_NID.pod
-index b11d663..11ff8a3 100644
+index b11d663509f2..f29b0fb9b41f 100644
--- a/doc/crypto/X509v3_get_ext_by_NID.pod
+++ b/doc/crypto/X509v3_get_ext_by_NID.pod
+@@ -12,7 +12,7 @@ X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical,
+ X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count,
+ X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ,
+ X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext,
+-X509_REVOKED_add_ext - extension stack utility functions.
++X509_REVOKED_add_ext - extension stack utility functions
+
+ =head1 SYNOPSIS
+
@@ -75,7 +75,7 @@ extension after B<lastpos> or from the beginning if <lastpos> is B<-1>. If
the extension is found its index is returned otherwise B<-1> is returned.
@@ -94228,11 +106856,21 @@
+
+=cut
diff --git a/doc/crypto/bio.pod b/doc/crypto/bio.pod
-index fc1da92..cf44a74 100644
+index fc1da92fa707..5a305c6a2979 100644
--- a/doc/crypto/bio.pod
+++ b/doc/crypto/bio.pod
-@@ -8,9 +8,6 @@ bio - I/O abstraction
+@@ -1,16 +1,15 @@
+ =pod
++=for comment openssl_manual_section 7
++
+ =head1 NAME
+
+-bio - I/O abstraction
++bio - Basic I/O abstraction
+
+ =head1 SYNOPSIS
+
#include <openssl/bio.h>
-TBA
@@ -94241,7 +106879,36 @@
=head1 DESCRIPTION
A BIO is an I/O abstraction, it hides many of the underlying I/O
-@@ -53,3 +50,14 @@ L<BIO_s_mem(3)>,
+@@ -37,6 +36,28 @@ BIO and one or more filter BIOs. Data read from or written to the
+ first BIO then traverses the chain to the end (normally a source/sink
+ BIO).
+
++
++Some BIOs (such as memory BIOs) can be used immediately after calling
++BIO_new(). Others (such as file BIOs) need some additional initialization,
++and frequently a utility function exists to create and initialize such BIOs.
++
++If BIO_free() is called on a BIO chain it will only free one BIO resulting
++in a memory leak.
++
++Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
++on it other than the discarded return value.
++
++Normally the B<type> argument is supplied by a function which returns a
++pointer to a BIO_METHOD. There is a naming convention for such functions:
++a source/sink BIO is normally called BIO_s_*() and a filter BIO
++BIO_f_*();
++
++=head1 EXAMPLE
++
++Create a memory BIO:
++
++ BIO *mem = BIO_new(BIO_s_mem());
++
+ =head1 SEE ALSO
+
+ L<BIO_ctrl(3)>,
+@@ -53,3 +74,15 @@ L<BIO_s_mem(3)>,
L<BIO_s_null(3)>, L<BIO_s_socket(3)>,
L<BIO_set_callback(3)>,
L<BIO_should_retry(3)>
@@ -94256,173 +106923,672 @@
+L<https://www.openssl.org/source/license.html>.
+
+=cut
++
diff --git a/doc/crypto/blowfish.pod b/doc/crypto/blowfish.pod
-index 25b954c..182cb87 100644
+deleted file mode 100644
+index 25b954c0cbbe..000000000000
--- a/doc/crypto/blowfish.pod
-+++ b/doc/crypto/blowfish.pod
-@@ -14,12 +14,12 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
- void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
- BF_KEY *key, int enc);
- void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
++++ /dev/null
+@@ -1,108 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+-BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/blowfish.h>
+-
+- void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+-
+- void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+- BF_KEY *key, int enc);
+- void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int enc);
-+ long length, BF_KEY *schedule, unsigned char *ivec, int enc);
- void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+- void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int *num,
-+ long length, BF_KEY *schedule, unsigned char *ivec, int *num,
- int enc);
- void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+- int enc);
+- void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int *num);
-+ long length, BF_KEY *schedule, unsigned char *ivec, int *num);
- const char *BF_options(void);
-
- void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-@@ -52,7 +52,7 @@ everything after the first 64 bits is ignored.
-
- The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
- all operate on variable length data. They all take an initialization vector
+- const char *BF_options(void);
+-
+- void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+- void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+-
+-=head1 DESCRIPTION
+-
+-This library implements the Blowfish cipher, which was invented and described
+-by Counterpane (see http://www.counterpane.com/blowfish.html ).
+-
+-Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+-It uses a variable size key, but typically, 128 bit (16 byte) keys are
+-considered good for strong encryption. Blowfish can be used in the same
+-modes as DES (see L<des_modes(7)>). Blowfish is currently one
+-of the faster block ciphers. It is quite a bit faster than DES, and much
+-faster than IDEA or RC2.
+-
+-Blowfish consists of a key setup phase and the actual encryption or decryption
+-phase.
+-
+-BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
+-at B<data>.
+-
+-BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
+-It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
+-putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
+-or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
+-B<in> and B<out> must be 64 bits in length, no less. If they are larger,
+-everything after the first 64 bits is ignored.
+-
+-The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
+-all operate on variable length data. They all take an initialization vector
-B<ivec> which needs to be passed along into the next call of the same function
-+B<ivec> which needs to be passed along into the next call of the same function
- for the same message. B<ivec> may be initialized with anything, but the
- recipient needs to know what it was initialized with, or it won't be able
- to decrypt. Some programs and protocols simplify this, like SSH, where
-@@ -105,4 +105,13 @@ functions directly.
- L<EVP_EncryptInit(3)>,
- L<des_modes(7)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-for the same message. B<ivec> may be initialized with anything, but the
+-recipient needs to know what it was initialized with, or it won't be able
+-to decrypt. Some programs and protocols simplify this, like SSH, where
+-B<ivec> is simply initialized to zero.
+-BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
+-BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+-number of bytes (the amount does not have to be an exact multiple of 8). The
+-purpose of the latter two is to simulate stream ciphers, and therefore, they
+-need the parameter B<num>, which is a pointer to an integer where the current
+-offset in B<ivec> is stored between calls. This integer must be initialized
+-to zero when B<ivec> is initialized.
+-
+-BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
+-encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
+-putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
+-decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
+-long initialization vector.
+-
+-BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
+-It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
+-putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
+-or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
+-8 byte long initialization vector. B<num> must point at an integer which must
+-be initially zero.
+-
+-BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
+-It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
+-the same way.
+-
+-BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
+-encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
+-B<data>, using the key B<key>. These functions should not be used unless you
+-implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt().
+-If you still want to use these functions, you should be aware that they take
+-each 32-bit chunk in host-byte order, which is little-endian on little-endian
+-platforms and big-endian on big-endian ones.
+-
+-=head1 RETURN VALUES
+-
+-None of the functions presented here return any value.
+-
+-=head1 NOTE
+-
+-Applications should use the higher level functions
+-L<EVP_EncryptInit(3)> etc. instead of calling these
+-functions directly.
+-
+-=head1 SEE ALSO
+-
+-L<EVP_EncryptInit(3)>,
+-L<des_modes(7)>
+-
+-=cut
diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod
-index 37d638d..6d87d11 100644
+deleted file mode 100644
+index 37d638d9bb0c..000000000000
--- a/doc/crypto/bn.pod
-+++ b/doc/crypto/bn.pod
-@@ -129,24 +129,24 @@ bn - multiprecision integer arithmetics
- BN_CTX *ctx);
-
- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
++++ /dev/null
+@@ -1,188 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-bn - multiprecision integer arithmetics
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/bn.h>
+-
+- BIGNUM *BN_new(void);
+- void BN_free(BIGNUM *a);
+- void BN_clear(BIGNUM *a);
+- void BN_clear_free(BIGNUM *a);
+-
+- BN_CTX *BN_CTX_new(void);
+- BN_CTX *BN_CTX_secure_new(void);
+- void BN_CTX_free(BN_CTX *c);
+-
+- BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+- BIGNUM *BN_dup(const BIGNUM *a);
+-
+- BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
+-
+- int BN_num_bytes(const BIGNUM *a);
+- int BN_num_bits(const BIGNUM *a);
+- int BN_num_bits_word(BN_ULONG w);
+-
+- void BN_set_negative(BIGNUM *a, int n);
+- int BN_is_negative(const BIGNUM *a);
+-
+- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+- BN_CTX *ctx);
+- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+- int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+- int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+- BN_CTX *ctx);
+- int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+- BN_CTX *ctx);
+- int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+- BN_CTX *ctx);
+- int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+- const BIGNUM *m, BN_CTX *ctx);
+- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+-
+- int BN_add_word(BIGNUM *a, BN_ULONG w);
+- int BN_sub_word(BIGNUM *a, BN_ULONG w);
+- int BN_mul_word(BIGNUM *a, BN_ULONG w);
+- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+-
+- int BN_cmp(BIGNUM *a, BIGNUM *b);
+- int BN_ucmp(BIGNUM *a, BIGNUM *b);
+- int BN_is_zero(BIGNUM *a);
+- int BN_is_one(BIGNUM *a);
+- int BN_is_word(BIGNUM *a, BN_ULONG w);
+- int BN_is_odd(BIGNUM *a);
+-
+- int BN_zero(BIGNUM *a);
+- int BN_one(BIGNUM *a);
+- const BIGNUM *BN_value_one(void);
+- int BN_set_word(BIGNUM *a, unsigned long w);
+- unsigned long BN_get_word(BIGNUM *a);
+-
+- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+- int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+- int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+-
+- int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
+- const BIGNUM *rem, BN_GENCB *cb);
+-
+- int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+-
+- int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
+- int do_trial_division, BN_GENCB *cb);
+-
+- int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+- BN_GENCB *BN_GENCB_new(void);
+- void BN_GENCB_free(BN_GENCB *cb);
+- void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), void *cb_arg);
+- void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), void *cb_arg);
+- void *BN_GENCB_get_arg(BN_GENCB *cb);
+-
+- int BN_set_bit(BIGNUM *a, int n);
+- int BN_clear_bit(BIGNUM *a, int n);
+- int BN_is_bit_set(const BIGNUM *a, int n);
+- int BN_mask_bits(BIGNUM *a, int n);
+- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+- int BN_lshift1(BIGNUM *r, BIGNUM *a);
+- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+- int BN_rshift1(BIGNUM *r, BIGNUM *a);
+-
+- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+- char *BN_bn2hex(const BIGNUM *a);
+- char *BN_bn2dec(const BIGNUM *a);
+- int BN_hex2bn(BIGNUM **a, const char *str);
+- int BN_dec2bn(BIGNUM **a, const char *str);
+- int BN_print(BIO *fp, const BIGNUM *a);
+- int BN_print_fp(FILE *fp, const BIGNUM *a);
+- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+-
+- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+- BN_CTX *ctx);
+-
+- BN_RECP_CTX *BN_RECP_CTX_new(void);
+- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+- BN_RECP_CTX *recp, BN_CTX *ctx);
+-
+- BN_MONT_CTX *BN_MONT_CTX_new(void);
+- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+- BN_MONT_CTX *mont, BN_CTX *ctx);
+- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+- BN_CTX *ctx);
+- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+- BN_CTX *ctx);
+-
+- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
- BIGNUM *mod);
-+ BIGNUM *mod);
- void BN_BLINDING_free(BN_BLINDING *b);
- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+- void BN_BLINDING_free(BN_BLINDING *b);
+- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx);
-+ BN_CTX *ctx);
- int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
+- int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
- BN_CTX *ctx);
-+ BN_CTX *ctx);
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
-+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-+ BN_MONT_CTX *m_ctx);
-
- =head1 DESCRIPTION
-
-@@ -185,4 +185,13 @@ L<BN_mod_mul_reciprocal(3)>,
- L<BN_mod_mul_montgomery(3)>,
- L<BN_BLINDING_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-=head1 DESCRIPTION
+-
+-This library performs arithmetic operations on integers of arbitrary
+-size. It was written for use in public key cryptography, such as RSA
+-and Diffie-Hellman.
+-
+-It uses dynamic memory allocation for storing its data structures.
+-That means that there is no limit on the size of the numbers
+-manipulated by these functions, but return values must always be
+-checked in case a memory allocation error has occurred.
+-
+-The basic object in this library is a B<BIGNUM>. It is used to hold a
+-single large integer. This type should be considered opaque and fields
+-should not be modified or accessed directly.
+-
+-The creation of B<BIGNUM> objects is described in L<BN_new(3)>;
+-L<BN_add(3)> describes most of the arithmetic operations.
+-Comparison is described in L<BN_cmp(3)>; L<BN_zero(3)>
+-describes certain assignments, L<BN_rand(3)> the generation of
+-random numbers, L<BN_generate_prime(3)> deals with prime
+-numbers and L<BN_set_bit(3)> with bit operations. The conversion
+-of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)>.
+-
+-=head1 SEE ALSO
+-
+-L<bn_internal(3)>,
+-L<dh(3)>, L<err(3)>, L<rand(3)>, L<rsa(3)>,
+-L<BN_new(3)>, L<BN_CTX_new(3)>,
+-L<BN_copy(3)>, L<BN_swap(3)>, L<BN_num_bytes(3)>,
+-L<BN_add(3)>, L<BN_add_word(3)>,
+-L<BN_cmp(3)>, L<BN_zero(3)>, L<BN_rand(3)>,
+-L<BN_generate_prime(3)>, L<BN_set_bit(3)>,
+-L<BN_bn2bin(3)>, L<BN_mod_inverse(3)>,
+-L<BN_mod_mul_reciprocal(3)>,
+-L<BN_mod_mul_montgomery(3)>,
+-L<BN_BLINDING_new(3)>
+-
+-=cut
diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod
-index e609a08..07e72aa 100644
+deleted file mode 100644
+index e609a0810c6f..000000000000
--- a/doc/crypto/bn_internal.pod
-+++ b/doc/crypto/bn_internal.pod
-@@ -95,8 +95,8 @@ is the number of words being used, so for a value of 4, bn.d[0]=4 and
- bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
- B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
-
++++ /dev/null
+@@ -1,238 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+-bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+-bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+-bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+-bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+-bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+-bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+-library internal functions
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/bn.h>
+-
+- BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+- BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+- BN_ULONG w);
+- void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+- BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+- BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+- int num);
+- BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+- int num);
+-
+- void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+- void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+- void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+- void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+-
+- int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+-
+- void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+- int nb);
+- void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+- void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+- int dna,int dnb,BN_ULONG *tmp);
+- void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+- int n, int tna,int tnb, BN_ULONG *tmp);
+- void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+- int n2, BN_ULONG *tmp);
+- void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
+- int n2, BN_ULONG *tmp);
+-
+- void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+- void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+-
+- void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+- void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+- void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+-
+- BIGNUM *bn_expand(BIGNUM *a, int bits);
+- BIGNUM *bn_wexpand(BIGNUM *a, int n);
+- BIGNUM *bn_expand2(BIGNUM *a, int n);
+- void bn_fix_top(BIGNUM *a);
+-
+- void bn_check_top(BIGNUM *a);
+- void bn_print(BIGNUM *a);
+- void bn_dump(BN_ULONG *d, int n);
+- void bn_set_max(BIGNUM *a);
+- void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+- void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+-
+-=head1 DESCRIPTION
+-
+-This page documents the internal functions used by the OpenSSL
+-B<BIGNUM> implementation. They are described here to facilitate
+-debugging and extending the library. They are I<not> to be used by
+-applications.
+-
+-=head2 The BIGNUM structure
+-
+- typedef struct bignum_st BIGNUM;
+-
+- struct bignum_st
+- {
+- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
+- int top; /* Index of last used d +1. */
+- /* The next are internal book keeping for bn_expand. */
+- int dmax; /* Size of the d array. */
+- int neg; /* one if the number is negative */
+- int flags;
+- };
+-
+-
+-The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
+-least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+-in size, depending on the 'number of bits' (B<BITS2>) specified in
+-C<openssl/bn.h>.
+-
+-B<dmax> is the size of the B<d> array that has been allocated. B<top>
+-is the number of words being used, so for a value of 4, bn.d[0]=4 and
+-bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
+-B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+-
-B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
-flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and
-+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
-+flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and
- BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
- structure B<b>.
-
-@@ -235,4 +235,13 @@ and bn_set_max() are defined as empty macros.
-
- L<bn(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+-structure B<b>.
+-
+-Various routines in this library require the use of temporary
+-B<BIGNUM> variables during their execution. Since dynamic memory
+-allocation to create B<BIGNUM>s is rather expensive when used in
+-conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+-used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+-L<BN_CTX_start(3)>.
+-
+-=head2 Low-level arithmetic operations
+-
+-These functions are implemented in C and for several platforms in
+-assembly language:
+-
+-bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+-arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
+-in B<rp>, and returns the high word (carry).
+-
+-bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+-word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
+-the result in B<rp>, and returns the high word (carry).
+-
+-bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+-B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
+-word-wise, and places the low and high bytes of the result in B<rp>.
+-
+-bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
+-by B<d> and returns the result.
+-
+-bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+-arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
+-result in B<rp>, and returns the high word (carry).
+-
+-bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+-arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
+-result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+-otherwise).
+-
+-bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+-B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
+-result in B<r>.
+-
+-bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+-B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
+-result in B<r>.
+-
+-bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+-B<b> and the 8 word array B<r>.
+-
+-bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+-B<b> and the 16 word array B<r>.
+-
+-The following functions are implemented in C:
+-
+-bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+-and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
+-less than B<b>.
+-
+-bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+-word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+-array B<r>. It computes B<a>*B<b> and places the result in B<r>.
+-
+-bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+-arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
+-B<a>*B<b> and places the result in B<r>.
+-
+-bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+-on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+-(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+-word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
+-B<a>*B<b> and places the result in B<r>.
+-
+-bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+-operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+-B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
+-
+-bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+-B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+-and B<b>.
+-
+-bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
+-B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
+-array B<tmp>.
+-
+-BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+-factors have the same size: bn_mul_comba8() is used if they are 8
+-words long, bn_mul_recursive() if they are larger than
+-B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+-size, and bn_mul_part_recursive() for others that are larger than
+-B<BN_MULL_SIZE_NORMAL>.
+-
+-bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+-B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+-
+-The implementations use the following macros which, depending on the
+-architecture, may use "long long" C operations or inline assembler.
+-They are defined in C<bn_lcl.h>.
+-
+-mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+-low word of the result in B<r> and the high word in B<c>.
+-
+-mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+-places the low word of the result in B<r> and the high word in B<c>.
+-
+-sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+-of the result in B<r0> and the high word in B<r1>.
+-
+-=head2 Size changes
+-
+-bn_expand() ensures that B<b> has enough space for a B<bits> bit
+-number. bn_wexpand() ensures that B<b> has enough space for an
+-B<n> word number. If the number has to be expanded, both macros
+-call bn_expand2(), which allocates a new B<d> array and copies the
+-data. They return B<NULL> on error, B<b> otherwise.
+-
+-The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+-significant non-zero word plus one when B<a> has shrunk.
+-
+-=head2 Debugging
+-
+-bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+-E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort.
+-
+-bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+-(in reverse order, i.e. most significant word first) to stderr.
+-
+-bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
+-This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+-B<BIGNUM> that contains the B<n> low or high words of B<a>.
+-
+-If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+-and bn_set_max() are defined as empty macros.
+-
+-=head1 SEE ALSO
+-
+-L<bn(3)>
+-
+-=cut
diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
-index a2543e8..16fe3da 100644
+deleted file mode 100644
+index a2543e8be041..000000000000
--- a/doc/crypto/buffer.pod
-+++ b/doc/crypto/buffer.pod
-@@ -17,9 +17,9 @@ standard C library equivalents
-
- BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
-
++++ /dev/null
+@@ -1,59 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+-character array structure
+-
+-standard C library equivalents
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/buffer.h>
+-
+- BUF_MEM *BUF_MEM_new(void);
+-
+- #define BUF_MEM_FLAG_SECURE
+-
+- BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+-
- void BUF_MEM_free(BUF_MEM *a);
-+ void BUF_MEM_free(BUF_MEM *a);
-
+-
- int BUF_MEM_grow(BUF_MEM *str, int len);
-+ int BUF_MEM_grow(BUF_MEM *str, int len);
-
- =head1 DESCRIPTION
-
-@@ -56,4 +56,13 @@ L<CRYPTO_secure_malloc(3)>.
-
- BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-=head1 DESCRIPTION
+-
+-The buffer library handles simple character arrays. Buffers are used for
+-various purposes in the library, most notably memory BIOs.
+-
+-BUF_MEM_new() allocates a new buffer of zero size.
+-
+-BUF_MEM_new_ex() allocates a buffer with the specified flags.
+-The flag B<BUF_MEM_FLAG_SECURE> specifies that the B<data> pointer
+-should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
+-
+-BUF_MEM_free() frees up an already existing buffer. The data is zeroed
+-before freeing up in case the buffer contains sensitive data.
+-
+-BUF_MEM_grow() changes the size of an already existing buffer to
+-B<len>. Any data already in the buffer is preserved if it increases in
+-size.
+-
+-=head1 RETURN VALUES
+-
+-BUF_MEM_new() returns the buffer or NULL on error.
+-
+-BUF_MEM_free() has no return value.
+-
+-BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
+-
+-=head1 SEE ALSO
+-
+-L<bio(3)>,
+-L<CRYPTO_secure_malloc(3)>.
+-
+-=head1 HISTORY
+-
+-BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
+-
+-=cut
diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod
-index 6e23c1a..7870fb8 100644
+index 6e23c1a882ed..6ed3a90e21aa 100644
--- a/doc/crypto/crypto.pod
+++ b/doc/crypto/crypto.pod
-@@ -4,8 +4,6 @@
+@@ -1,11 +1,15 @@
+ =pod
++=for comment openssl_manual_section:7
++
+ =head1 NAME
+
crypto - OpenSSL cryptographic library
--=head1 SYNOPSIS
--
+ =head1 SYNOPSIS
+
++See the individual manual pages for details.
++
=head1 DESCRIPTION
The OpenSSL B<crypto> library implements a wide range of cryptographic
-@@ -46,4 +44,13 @@ so both (B<x> and B<obj> above) should be freed up.
+@@ -14,8 +18,6 @@ by this library are used by the OpenSSL implementations of SSL, TLS
+ and S/MIME, and they have also been used to implement SSH, OpenPGP, and
+ other cryptographic standards.
+-=head1 OVERVIEW
+-
+ B<libcrypto> consists of a number of sub-libraries that implement the
+ individual algorithms.
+
+@@ -24,8 +26,6 @@ cryptography and key agreement, certificate handling, cryptographic
+ hash functions, cryptographic pseudo-random number generator, and
+ various utilities.
+
+-See the individual manual pages for details.
+-
+ =head1 NOTES
+
+ Some of the newer functions follow a naming convention using the numbers
+@@ -42,8 +42,21 @@ The B<1> function uses a copy of the supplied structure pointer
+ (or in some cases increases its link count) in the parent and
+ so both (B<x> and B<obj> above) should be freed up.
+
++=head1 RETURN VALUES
++
++See the individual manual pages for details.
++
+ =head1 SEE ALSO
+
L<openssl(1)>, L<ssl(3)>
+=head1 COPYRIGHT
@@ -94436,47 +107602,84 @@
+
=cut
diff --git a/doc/crypto/d2i_ASN1_OBJECT.pod b/doc/crypto/d2i_ASN1_OBJECT.pod
-index 32c6b05..331335e 100644
+deleted file mode 100644
+index 32c6b0505387..000000000000
--- a/doc/crypto/d2i_ASN1_OBJECT.pod
-+++ b/doc/crypto/d2i_ASN1_OBJECT.pod
-@@ -22,8 +22,13 @@ described in the L<d2i_X509(3)> manual page.
-
- L<d2i_X509(3)>
-
++++ /dev/null
+@@ -1,29 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/objects.h>
+-
+- ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
+- int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+-
+-=head1 DESCRIPTION
+-
+-These functions decode and encode an ASN1 OBJECT IDENTIFIER.
+-
+-Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod
-index e3142cb..4f1d90f 100644
+deleted file mode 100644
+index e3142cbc132c..000000000000
--- a/doc/crypto/d2i_CMS_ContentInfo.pod
-+++ b/doc/crypto/d2i_CMS_ContentInfo.pod
-@@ -22,4 +22,13 @@ described in the L<d2i_X509(3)> manual page.
-
- L<d2i_X509(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
++++ /dev/null
+@@ -1,25 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_CMS_ContentInfo, i2d_CMS_ContentInfo - CMS ContentInfo functions
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/cms.h>
+-
+- CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, unsigned char **pp, long length);
+- int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **pp);
+-
+-=head1 DESCRIPTION
+-
+-These functions decode and encode an CMS ContentInfo structure.
+-
+-Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
+-=cut
diff --git a/doc/crypto/d2i_DHparams.pod b/doc/crypto/d2i_DHparams.pod
-index f13d0b5..6ef62fb 100644
+index f13d0b59d2fa..cd1c162b406b 100644
--- a/doc/crypto/d2i_DHparams.pod
+++ b/doc/crypto/d2i_DHparams.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
++d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions
+
+ =head1 SYNOPSIS
+
@@ -23,8 +23,13 @@ described in the L<d2i_X509(3)> manual page.
L<d2i_X509(3)>
@@ -94494,108 +107697,311 @@
=cut
diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod
-index 1344b00..d38f131 100644
+deleted file mode 100644
+index 1344b00a46f1..000000000000
--- a/doc/crypto/d2i_DSAPublicKey.pod
-+++ b/doc/crypto/d2i_DSAPublicKey.pod
-@@ -66,7 +66,7 @@ i2d_X509() described in the L<d2i_X509(3)> manual page.
- The B<DSA> structure passed to the private key encoding functions should have
- all the private key components present.
-
++++ /dev/null
+@@ -1,91 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+-d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSAparams, i2d_DSAparams,
+-d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding and parsing functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/dsa.h>
+- #include <openssl/x509.h>
+-
+- DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+-
+- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+-
+- DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+-
+- int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+-
+- DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+- DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+-
+- int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+- int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+-
+- DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+-
+- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+-
+- DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+-
+- int i2d_DSAparams(const DSA *a, unsigned char **pp);
+-
+- DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
+-
+- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+-
+-=head1 DESCRIPTION
+-
+-d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
+-components structure.
+-
+-d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
+-a SubjectPublicKeyInfo (certificate public key) structure.
+-
+-d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), i2d_DSA_PUBKEY_bio() and
+-i2d_DSA_PUBKEY_fp() are similar to d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY()
+-except they decode or encode using a B<BIO> or B<FILE> pointer.
+-
+-d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
+-components.
+-
+-d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
+-a B<Dss-Parms> structure as defined in RFC2459.
+-
+-d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
+-B<Dss-Sig-Value> structure as defined in RFC2459.
+-
+-The usage of all of these functions is similar to the d2i_X509() and
+-i2d_X509() described in the L<d2i_X509(3)> manual page.
+-
+-=head1 NOTES
+-
+-The B<DSA> structure passed to the private key encoding functions should have
+-all the private key components present.
+-
-The data encoded by the private key functions is unencrypted and therefore
-+The data encoded by the private key functions is unencrypted and therefore
- offers no private key security.
-
- The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
-@@ -84,8 +84,13 @@ B<priv_key> fields respectively.
-
- L<d2i_X509(3)>
-
+-offers no private key security.
+-
+-The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
+-functions when encoding public keys because they use a standard format.
+-
+-The B<DSAPublicKey> functions use a non standard format which is a
+-B<SEQUENCE> consisting of the B<p>, B<q>, B<g> and B<pub_key> fields
+-respectively.
+-
+-The B<DSAPrivateKey> functions also use a non standard structure consisting
+-consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
+-B<priv_key> fields respectively.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/d2i_ECPKParameters.pod b/doc/crypto/d2i_ECPKParameters.pod
-index abb6f4f..560795f 100644
+deleted file mode 100644
+index abb6f4f1a4e6..000000000000
--- a/doc/crypto/d2i_ECPKParameters.pod
-+++ b/doc/crypto/d2i_ECPKParameters.pod
-@@ -15,7 +15,7 @@ d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParamete
- #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
- #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
++++ /dev/null
+@@ -1,84 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp, ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/ec.h>
+-
+- EC_GROUP *d2i_ECPKParameters(EC_GROUP **px, const unsigned char **in, long len);
+- int i2d_ECPKParameters(const EC_GROUP *x, unsigned char **out);
+- #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
+- #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
+- #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
+- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
+- #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
- (unsigned char *)(x))
-+ (unsigned char *)(x))
- int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
- int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-
-@@ -25,7 +25,7 @@ d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParamete
- The ECPKParameters encode and decode routines encode and parse the public parameters for an
- B<EC_GROUP> structure, which represents a curve.
-
+- int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+- int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+-
+-
+-=head1 DESCRIPTION
+-
+-The ECPKParameters encode and decode routines encode and parse the public parameters for an
+-B<EC_GROUP> structure, which represents a curve.
+-
-d2i_ECPKParameters() attempts to decode B<len> bytes at B<*in>. If
-+d2i_ECPKParameters() attempts to decode B<len> bytes at B<*in>. If
- successful a pointer to the B<EC_GROUP> structure is returned. If an error
- occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
- returned structure is written to B<*px>. If B<*px> is not B<NULL>
-@@ -38,7 +38,7 @@ i2d_ECPKParameters() encodes the structure pointed to by B<x> into DER format.
- If B<out> is not B<NULL> is writes the DER encoded data to the buffer
- at B<*out>, and increments it to point after the data just written.
- If the return value is negative an error occurred, otherwise it
+-successful a pointer to the B<EC_GROUP> structure is returned. If an error
+-occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+-returned structure is written to B<*px>. If B<*px> is not B<NULL>
+-then it is assumed that B<*px> contains a valid B<EC_GROUP>
+-structure and an attempt is made to reuse it. If the call is
+-successful B<*in> is incremented to the byte following the
+-parsed data.
+-
+-i2d_ECPKParameters() encodes the structure pointed to by B<x> into DER format.
+-If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+-at B<*out>, and increments it to point after the data just written.
+-If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data.
-+returns the length of the encoded data.
-
- If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded
- data written to it. In this case B<*out> is not incremented and it points to
-@@ -73,7 +73,7 @@ i2d_ECPKParameters() returns the number of bytes successfully encoded or a negat
- value if an error occurs.
-
- i2d_ECPKParameters_bio(), i2d_ECPKParameters_fp(), ECPKParameters_print and ECPKParameters_print_fp
+-
+-If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded
+-data written to it. In this case B<*out> is not incremented and it points to
+-the start of the data just written.
+-
+-d2i_ECPKParameters_bio() is similar to d2i_ECPKParameters() except it attempts
+-to parse data from BIO B<bp>.
+-
+-d2i_ECPKParameters_fp() is similar to d2i_ECPKParameters() except it attempts
+-to parse data from FILE pointer B<fp>.
+-
+-i2d_ECPKParameters_bio() is similar to i2d_ECPKParameters() except it writes
+-the encoding of the structure B<x> to BIO B<bp> and it
+-returns 1 for success and 0 for failure.
+-
+-i2d_ECPKParameters_fp() is similar to i2d_ECPKParameters() except it writes
+-the encoding of the structure B<x> to BIO B<bp> and it
+-returns 1 for success and 0 for failure.
+-
+-These functions are very similar to the X509 functions described in L<d2i_X509(3)>,
+-where further notes and examples are available.
+-
+-The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output
+-of the public parameters of the EC_GROUP to B<bp> or B<fp>. The output lines are indented by B<off> spaces.
+-
+-=head1 RETURN VALUES
+-
+-d2i_ECPKParameters(), d2i_ECPKParameters_bio() and d2i_ECPKParameters_fp() return a valid B<EC_GROUP> structure
+-or B<NULL> if an error occurs.
+-
+-i2d_ECPKParameters() returns the number of bytes successfully encoded or a negative
+-value if an error occurs.
+-
+-i2d_ECPKParameters_bio(), i2d_ECPKParameters_fp(), ECPKParameters_print and ECPKParameters_print_fp
-return 1 for success and 0 if an error occurs.
-+return 1 for success and 0 if an error occurs.
-
- =head1 SEE ALSO
-
-@@ -81,4 +81,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
- L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
- L<EC_GFp_simple_method(3)>, L<d2i_X509(3)>
-
-+=head1 COPYRIGHT
+-
+-=head1 SEE ALSO
+-
+-L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+-L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+-L<EC_GFp_simple_method(3)>, L<d2i_X509(3)>
+-
+-=cut
+diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod
+deleted file mode 100644
+index 08595791333f..000000000000
+--- a/doc/crypto/d2i_ECPrivateKey.pod
++++ /dev/null
+@@ -1,67 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-i2d_ECPrivateKey, d2i_ECPrivate_key - Encode and decode functions for saving and
+-reading EC_KEY structures
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/ec.h>
+-
+- EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+- int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+-
+- unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
+- void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+-
+-=head1 DESCRIPTION
+-
+-The ECPrivateKey encode and decode routines encode and parse an
+-B<EC_KEY> structure into a binary format (ASN.1 DER) and back again.
+-
+-These functions are similar to the d2i_X509() functions, and you should refer to
+-that page for a detailed description (see L<d2i_X509(3)>).
+-
+-The format of the external representation of the public key written by
+-i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is
+-described by the point_conversion_form. See L<EC_GROUP_copy(3)>
+-for a description of point_conversion_form.
+-
+-When reading a private key encoded without an associated public key (e.g. if
+-EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey generates
+-the missing public key automatically. Private keys encoded without parameters
+-(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using
+-d2i_ECPrivateKey.
+-
+-The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the
+-value of the encoding flags for the B<key>. There are two encoding flags
+-currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags
+-define the behaviour of how the B<key> is converted into ASN1 in a call to
+-i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for
+-the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is
+-set then the public key is not encoded along with the private key.
+-
+-=head1 RETURN VALUES
+-
+-d2i_ECPrivateKey() returns a valid B<EC_KEY> structure or B<NULL> if an error
+-occurs. The error code that can be obtained by
+-L<ERR_get_error(3)>.
+-
+-i2d_ECPrivateKey() returns the number of bytes successfully encoded or a
+-negative value if an error occurs. The error code can be obtained by
+-L<ERR_get_error(3)>.
+-
+-EC_KEY_get_enc_flags returns the value of the current encoding flags for the
+-EC_KEY.
+-
+-=head1 SEE ALSO
+-
+-L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
+-L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
+-L<EC_POINT_add(3)>,
+-L<EC_GFp_simple_method(3)>,
+-L<d2i_ECPKParameters(3)>,
+-L<d2i_ECPrivateKey(3)>
+-
+-=cut
+diff --git a/doc/crypto/d2i_Netscape_RSA.pod b/doc/crypto/d2i_Netscape_RSA.pod
+new file mode 100644
+index 000000000000..ee39bd817a26
+--- /dev/null
++++ b/doc/crypto/d2i_Netscape_RSA.pod
+@@ -0,0 +1,38 @@
++=pod
+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
++=head1 NAME
+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
++i2d_Netscape_RSA,
++d2i_Netscape_RSA
++- insecure RSA public and private key encoding functions
+
- =cut
-diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod
-index 0859579..6cd24f2 100644
---- a/doc/crypto/d2i_ECPrivateKey.pod
-+++ b/doc/crypto/d2i_ECPrivateKey.pod
-@@ -64,4 +64,13 @@ L<EC_GFp_simple_method(3)>,
- L<d2i_ECPKParameters(3)>,
- L<d2i_ECPrivateKey(3)>
-
++=head1 SYNOPSIS
++
++ #include <openssl/rsa.h>
++
++ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
++ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
++
++=head1 DESCRIPTION
++
++These functions decode and encode an RSA private
++key in NET format. These functions are present to provide compatibility
++with very old software. This format has some severe security weaknesses
++and should be avoided if possible.
++
++These functions are similar to the B<d2i_RSAPrivateKey> functions.
++
++=head1 SEE ALSO
++
++L<d2i_RSAPrivateKey(3)>
++
+=head1 COPYRIGHT
+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
- =cut
++=cut
diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey.pod
-index cc20479..9170fd5 100644
+index cc204790cebb..164d93ff4f67 100644
--- a/doc/crypto/d2i_PKCS8PrivateKey.pod
+++ b/doc/crypto/d2i_PKCS8PrivateKey.pod
@@ -14,20 +14,20 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private
@@ -94627,10 +108033,22 @@
=head1 DESCRIPTION
-@@ -49,4 +49,13 @@ to memory BIOs, see L<BIO_s_mem(3)> for details.
+@@ -35,7 +35,7 @@ The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
+ PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
- L<pem(3)>
+ Other than the use of DER as opposed to PEM these functions are identical to the
+-corresponding B<PEM> function as described in the L<pem(3)> manual page.
++corresponding B<PEM> function as described in L<PEM_read_PrivateKey(3)>.
+ =head1 NOTES
+
+@@ -47,6 +47,15 @@ to memory BIOs, see L<BIO_s_mem(3)> for details.
+
+ =head1 SEE ALSO
+
+-L<pem(3)>
++L<PEM_read_PrivateKey(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -94639,20 +108057,21 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/crypto/d2i_PrivateKey.pod b/doc/crypto/d2i_PrivateKey.pod
new file mode 100644
-index 0000000..efadaeb
+index 000000000000..a221b0f93fa9
--- /dev/null
+++ b/doc/crypto/d2i_PrivateKey.pod
-@@ -0,0 +1,68 @@
+@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
-+d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode
-+functions for reading and saving EVP_PKEY structures.
++d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey,
++d2i_PrivateKey_bio, d2i_PrivateKey_fp
++- decode and encode functions for reading and saving EVP_PKEY structures
+
+=head1 SYNOPSIS
+
@@ -94664,6 +108083,9 @@
+ long length);
+ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
++ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
++ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
++
+=head1 DESCRIPTION
+
+d2i_PrivateKey() decodes a private key using algorithm B<type>. It attempts to
@@ -94677,8 +108099,7 @@
+i2d_PrivateKey() encodes B<key>. It uses a key specific format or, if none is
+defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
+
-+These functions are similar to the d2i_X509() functions, and you should refer to
-+that page for a detailed description (see L<d2i_X509(3)>).
++These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>.
+
+=head1 NOTES
+
@@ -94716,373 +108137,1309 @@
+
+=cut
diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod
-index 946fe0f..8b6e12d 100644
+deleted file mode 100644
+index 946fe0f9071b..000000000000
--- a/doc/crypto/d2i_RSAPublicKey.pod
-+++ b/doc/crypto/d2i_RSAPublicKey.pod
-@@ -60,8 +60,8 @@ described in the L<d2i_X509(3)> manual page.
- The B<RSA> structure passed to the private key encoding functions should have
- all the PKCS#1 private key components present.
-
++++ /dev/null
+@@ -1,78 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+-d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp,
+-i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_Netscape_RSA,
+-d2i_Netscape_RSA - RSA public and private key encoding functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/rsa.h>
+- #include <openssl/x509.h>
+-
+- RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
+-
+- int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+-
+- RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+-
+- int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+-
+- RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+- RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+-
+- int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
+- int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
+-
+- RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
+-
+- int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+-
+- int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+-
+- RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
+-
+-=head1 DESCRIPTION
+-
+-d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1
+-RSAPublicKey structure.
+-
+-d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
+-a SubjectPublicKeyInfo (certificate public key) structure.
+-
+-d2i_RSA_PUBKEY_bio(), d2i_RSA_PUBKEY_fp(), i2d_RSA_PUBKEY_bio() and
+-i2d_RSA_PUBKEY_fp() are similar to d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY()
+-except they decode or encode using a B<BIO> or B<FILE> pointer.
+-
+-d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1
+-RSAPrivateKey structure.
+-
+-d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
+-NET format.
+-
+-The usage of all of these functions is similar to the d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-=head1 NOTES
+-
+-The B<RSA> structure passed to the private key encoding functions should have
+-all the PKCS#1 private key components present.
+-
-The data encoded by the private key functions is unencrypted and therefore
-offers no private key security.
-+The data encoded by the private key functions is unencrypted and therefore
-+offers no private key security.
-
- The NET format functions are present to provide compatibility with certain very
- old software. This format has some severe security weaknesses and should be
-@@ -71,8 +71,13 @@ avoided if possible.
-
- L<d2i_X509(3)>
-
+-
+-The NET format functions are present to provide compatibility with certain very
+-old software. This format has some severe security weaknesses and should be
+-avoided if possible.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
-index 3cd2509..422edfc 100644
+index 3cd2509d8b04..06546a4875e2 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
-@@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions
+@@ -2,83 +2,425 @@
- #include <openssl/x509.h>
+ =head1 NAME
+-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+-i2d_X509_fp - X509 encode and decode functions
++d2i_ACCESS_DESCRIPTION,
++d2i_ASIdOrRange,
++d2i_ASIdentifierChoice,
++d2i_ASIdentifiers,
++d2i_ASN1_BIT_STRING,
++d2i_ASN1_BMPSTRING,
++d2i_ASN1_ENUMERATED,
++d2i_ASN1_GENERALIZEDTIME,
++d2i_ASN1_GENERALSTRING,
++d2i_ASN1_IA5STRING,
++d2i_ASN1_INTEGER,
++d2i_ASN1_NULL,
++d2i_ASN1_OBJECT,
++d2i_ASN1_OCTET_STRING,
++d2i_ASN1_PRINTABLE,
++d2i_ASN1_PRINTABLESTRING,
++d2i_ASN1_SEQUENCE_ANY,
++d2i_ASN1_SET_ANY,
++d2i_ASN1_T61STRING,
++d2i_ASN1_TIME,
++d2i_ASN1_TYPE,
++d2i_ASN1_UINTEGER,
++d2i_ASN1_UNIVERSALSTRING,
++d2i_ASN1_UTCTIME,
++d2i_ASN1_UTF8STRING,
++d2i_ASN1_VISIBLESTRING,
++d2i_ASRange,
++d2i_AUTHORITY_INFO_ACCESS,
++d2i_AUTHORITY_KEYID,
++d2i_BASIC_CONSTRAINTS,
++d2i_CERTIFICATEPOLICIES,
++d2i_CMS_ContentInfo,
++d2i_CMS_ReceiptRequest,
++d2i_CMS_bio,
++d2i_CRL_DIST_POINTS,
++d2i_DHxparams,
++d2i_DIRECTORYSTRING,
++d2i_DISPLAYTEXT,
++d2i_DIST_POINT,
++d2i_DIST_POINT_NAME,
++d2i_DSAPrivateKey,
++d2i_DSAPrivateKey_bio,
++d2i_DSAPrivateKey_fp,
++d2i_DSAPublicKey,
++d2i_DSA_PUBKEY_bio,
++d2i_DSA_PUBKEY_fp,
++d2i_DSA_SIG,
++d2i_DSAparams,
++d2i_ECPKParameters,
++d2i_ECParameters,
++d2i_ECPrivateKey,
++d2i_ECPrivateKey_bio,
++d2i_ECPrivateKey_fp,
++d2i_EC_PUBKEY,
++d2i_EC_PUBKEY_bio,
++d2i_EC_PUBKEY_fp,
++d2i_EDIPARTYNAME,
++d2i_ESS_CERT_ID,
++d2i_ESS_ISSUER_SERIAL,
++d2i_ESS_SIGNING_CERT,
++d2i_EXTENDED_KEY_USAGE,
++d2i_GENERAL_NAME,
++d2i_GENERAL_NAMES,
++d2i_IPAddressChoice,
++d2i_IPAddressFamily,
++d2i_IPAddressOrRange,
++d2i_IPAddressRange,
++d2i_ISSUING_DIST_POINT,
++d2i_NETSCAPE_CERT_SEQUENCE,
++d2i_NETSCAPE_SPKAC,
++d2i_NETSCAPE_SPKI,
++d2i_NOTICEREF,
++d2i_OCSP_BASICRESP,
++d2i_OCSP_CERTID,
++d2i_OCSP_CERTSTATUS,
++d2i_OCSP_CRLID,
++d2i_OCSP_ONEREQ,
++d2i_OCSP_REQINFO,
++d2i_OCSP_REQUEST,
++d2i_OCSP_RESPBYTES,
++d2i_OCSP_RESPDATA,
++d2i_OCSP_RESPID,
++d2i_OCSP_RESPONSE,
++d2i_OCSP_REVOKEDINFO,
++d2i_OCSP_SERVICELOC,
++d2i_OCSP_SIGNATURE,
++d2i_OCSP_SINGLERESP,
++d2i_OTHERNAME,
++d2i_PBE2PARAM,
++d2i_PBEPARAM,
++d2i_PBKDF2PARAM,
++d2i_PKCS12,
++d2i_PKCS12_BAGS,
++d2i_PKCS12_MAC_DATA,
++d2i_PKCS12_SAFEBAG,
++d2i_PKCS12_bio,
++d2i_PKCS12_fp,
++d2i_PKCS7,
++d2i_PKCS7_DIGEST,
++d2i_PKCS7_ENCRYPT,
++d2i_PKCS7_ENC_CONTENT,
++d2i_PKCS7_ENVELOPE,
++d2i_PKCS7_ISSUER_AND_SERIAL,
++d2i_PKCS7_RECIP_INFO,
++d2i_PKCS7_SIGNED,
++d2i_PKCS7_SIGNER_INFO,
++d2i_PKCS7_SIGN_ENVELOPE,
++d2i_PKCS7_bio,
++d2i_PKCS7_fp,
++d2i_PKCS8_PRIV_KEY_INFO,
++d2i_PKCS8_PRIV_KEY_INFO_bio,
++d2i_PKCS8_PRIV_KEY_INFO_fp,
++d2i_PKCS8_bio,
++d2i_PKCS8_fp,
++d2i_PKEY_USAGE_PERIOD,
++d2i_POLICYINFO,
++d2i_POLICYQUALINFO,
++d2i_PROXY_CERT_INFO_EXTENSION,
++d2i_PROXY_POLICY,
++d2i_PublicKey,
++d2i_RSAPrivateKey,
++d2i_RSAPrivateKey_bio,
++d2i_RSAPrivateKey_fp,
++d2i_RSAPublicKey,
++d2i_RSAPublicKey_bio,
++d2i_RSAPublicKey_fp,
++d2i_RSA_OAEP_PARAMS,
++d2i_RSA_PSS_PARAMS,
++d2i_RSA_PUBKEY,
++d2i_RSA_PUBKEY_bio,
++d2i_RSA_PUBKEY_fp,
++d2i_SCT_LIST,
++d2i_SXNET,
++d2i_SXNETID,
++d2i_TS_ACCURACY,
++d2i_TS_MSG_IMPRINT,
++d2i_TS_MSG_IMPRINT_bio,
++d2i_TS_MSG_IMPRINT_fp,
++d2i_TS_REQ,
++d2i_TS_REQ_bio,
++d2i_TS_REQ_fp,
++d2i_TS_RESP,
++d2i_TS_RESP_bio,
++d2i_TS_RESP_fp,
++d2i_TS_STATUS_INFO,
++d2i_TS_TST_INFO,
++d2i_TS_TST_INFO_bio,
++d2i_TS_TST_INFO_fp,
++d2i_USERNOTICE,
++d2i_X509,
++d2i_X509_ALGOR,
++d2i_X509_ALGORS,
++d2i_X509_ATTRIBUTE,
++d2i_X509_CERT_AUX,
++d2i_X509_CINF,
++d2i_X509_CRL,
++d2i_X509_CRL_INFO,
++d2i_X509_CRL_bio,
++d2i_X509_CRL_fp,
++d2i_X509_EXTENSION,
++d2i_X509_EXTENSIONS,
++d2i_X509_NAME,
++d2i_X509_NAME_ENTRY,
++d2i_X509_PUBKEY,
++d2i_X509_REQ,
++d2i_X509_REQ_INFO,
++d2i_X509_REQ_bio,
++d2i_X509_REQ_fp,
++d2i_X509_REVOKED,
++d2i_X509_SIG,
++d2i_X509_VAL,
++i2d_ACCESS_DESCRIPTION,
++i2d_ASIdOrRange,
++i2d_ASIdentifierChoice,
++i2d_ASIdentifiers,
++i2d_ASN1_BIT_STRING,
++i2d_ASN1_BMPSTRING,
++i2d_ASN1_ENUMERATED,
++i2d_ASN1_GENERALIZEDTIME,
++i2d_ASN1_GENERALSTRING,
++i2d_ASN1_IA5STRING,
++i2d_ASN1_INTEGER,
++i2d_ASN1_NULL,
++i2d_ASN1_OBJECT,
++i2d_ASN1_OCTET_STRING,
++i2d_ASN1_PRINTABLE,
++i2d_ASN1_PRINTABLESTRING,
++i2d_ASN1_SEQUENCE_ANY,
++i2d_ASN1_SET_ANY,
++i2d_ASN1_T61STRING,
++i2d_ASN1_TIME,
++i2d_ASN1_TYPE,
++i2d_ASN1_UNIVERSALSTRING,
++i2d_ASN1_UTCTIME,
++i2d_ASN1_UTF8STRING,
++i2d_ASN1_VISIBLESTRING,
++i2d_ASN1_bio_stream,
++i2d_ASRange,
++i2d_AUTHORITY_INFO_ACCESS,
++i2d_AUTHORITY_KEYID,
++i2d_BASIC_CONSTRAINTS,
++i2d_CERTIFICATEPOLICIES,
++i2d_CMS_ContentInfo,
++i2d_CMS_ReceiptRequest,
++i2d_CMS_bio,
++i2d_CRL_DIST_POINTS,
++i2d_DHxparams,
++i2d_DIRECTORYSTRING,
++i2d_DISPLAYTEXT,
++i2d_DIST_POINT,
++i2d_DIST_POINT_NAME,
++i2d_DSAPrivateKey,
++i2d_DSAPrivateKey_bio,
++i2d_DSAPrivateKey_fp,
++i2d_DSAPublicKey,
++i2d_DSA_PUBKEY_bio,
++i2d_DSA_PUBKEY_fp,
++i2d_DSA_SIG,
++i2d_DSAparams,
++i2d_ECPKParameters,
++i2d_ECParameters,
++i2d_ECPrivateKey,
++i2d_ECPrivateKey_bio,
++i2d_ECPrivateKey_fp,
++i2d_EC_PUBKEY,
++i2d_EC_PUBKEY_bio,
++i2d_EC_PUBKEY_fp,
++i2d_EDIPARTYNAME,
++i2d_ESS_CERT_ID,
++i2d_ESS_ISSUER_SERIAL,
++i2d_ESS_SIGNING_CERT,
++i2d_EXTENDED_KEY_USAGE,
++i2d_GENERAL_NAME,
++i2d_GENERAL_NAMES,
++i2d_IPAddressChoice,
++i2d_IPAddressFamily,
++i2d_IPAddressOrRange,
++i2d_IPAddressRange,
++i2d_ISSUING_DIST_POINT,
++i2d_NETSCAPE_CERT_SEQUENCE,
++i2d_NETSCAPE_SPKAC,
++i2d_NETSCAPE_SPKI,
++i2d_NOTICEREF,
++i2d_OCSP_BASICRESP,
++i2d_OCSP_CERTID,
++i2d_OCSP_CERTSTATUS,
++i2d_OCSP_CRLID,
++i2d_OCSP_ONEREQ,
++i2d_OCSP_REQINFO,
++i2d_OCSP_REQUEST,
++i2d_OCSP_RESPBYTES,
++i2d_OCSP_RESPDATA,
++i2d_OCSP_RESPID,
++i2d_OCSP_RESPONSE,
++i2d_OCSP_REVOKEDINFO,
++i2d_OCSP_SERVICELOC,
++i2d_OCSP_SIGNATURE,
++i2d_OCSP_SINGLERESP,
++i2d_OTHERNAME,
++i2d_PBE2PARAM,
++i2d_PBEPARAM,
++i2d_PBKDF2PARAM,
++i2d_PKCS12,
++i2d_PKCS12_BAGS,
++i2d_PKCS12_MAC_DATA,
++i2d_PKCS12_SAFEBAG,
++i2d_PKCS12_bio,
++i2d_PKCS12_fp,
++i2d_PKCS7,
++i2d_PKCS7_DIGEST,
++i2d_PKCS7_ENCRYPT,
++i2d_PKCS7_ENC_CONTENT,
++i2d_PKCS7_ENVELOPE,
++i2d_PKCS7_ISSUER_AND_SERIAL,
++i2d_PKCS7_NDEF,
++i2d_PKCS7_RECIP_INFO,
++i2d_PKCS7_SIGNED,
++i2d_PKCS7_SIGNER_INFO,
++i2d_PKCS7_SIGN_ENVELOPE,
++i2d_PKCS7_bio,
++i2d_PKCS7_fp,
++i2d_PKCS8PrivateKeyInfo_bio,
++i2d_PKCS8PrivateKeyInfo_fp,
++i2d_PKCS8_PRIV_KEY_INFO,
++i2d_PKCS8_PRIV_KEY_INFO_bio,
++i2d_PKCS8_PRIV_KEY_INFO_fp,
++i2d_PKCS8_bio,
++i2d_PKCS8_fp,
++i2d_PKEY_USAGE_PERIOD,
++i2d_POLICYINFO,
++i2d_POLICYQUALINFO,
++i2d_PROXY_CERT_INFO_EXTENSION,
++i2d_PROXY_POLICY,
++i2d_PublicKey,
++i2d_RSAPrivateKey,
++i2d_RSAPrivateKey_bio,
++i2d_RSAPrivateKey_fp,
++i2d_RSAPublicKey,
++i2d_RSAPublicKey_bio,
++i2d_RSAPublicKey_fp,
++i2d_RSA_OAEP_PARAMS,
++i2d_RSA_PSS_PARAMS,
++i2d_RSA_PUBKEY,
++i2d_RSA_PUBKEY_bio,
++i2d_RSA_PUBKEY_fp,
++i2d_SCT_LIST,
++i2d_SXNET,
++i2d_SXNETID,
++i2d_TS_ACCURACY,
++i2d_TS_MSG_IMPRINT,
++i2d_TS_MSG_IMPRINT_bio,
++i2d_TS_MSG_IMPRINT_fp,
++i2d_TS_REQ,
++i2d_TS_REQ_bio,
++i2d_TS_REQ_fp,
++i2d_TS_RESP,
++i2d_TS_RESP_bio,
++i2d_TS_RESP_fp,
++i2d_TS_STATUS_INFO,
++i2d_TS_TST_INFO,
++i2d_TS_TST_INFO_bio,
++i2d_TS_TST_INFO_fp,
++i2d_USERNOTICE,
++i2d_X509,
++i2d_X509_ALGOR,
++i2d_X509_ALGORS,
++i2d_X509_ATTRIBUTE,
++i2d_X509_CERT_AUX,
++i2d_X509_CINF,
++i2d_X509_CRL,
++i2d_X509_CRL_INFO,
++i2d_X509_CRL_bio,
++i2d_X509_CRL_fp,
++i2d_X509_EXTENSION,
++i2d_X509_EXTENSIONS,
++i2d_X509_NAME,
++i2d_X509_NAME_ENTRY,
++i2d_X509_PUBKEY,
++i2d_X509_REQ,
++i2d_X509_REQ_INFO,
++i2d_X509_REQ_bio,
++i2d_X509_REQ_fp,
++i2d_X509_REVOKED,
++i2d_X509_SIG,
++i2d_X509_VAL,
++- convert objects from/to ASN.1/DER representation
++
++=for comment generic
+
+ =head1 SYNOPSIS
+
+- #include <openssl/x509.h>
++ TYPE *d2i_TYPE(TYPE **a, unsigned char **pp, long length);
++ TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
++ TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
+
- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
-+ X509 *d2i_X509(X509 **px, const unsigned char **in, long len);
-+ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
- int i2d_X509(X509 *x, unsigned char **out);
-+ int i2d_X509_AUX(X509 *x, unsigned char **out);
+- int i2d_X509(X509 *x, unsigned char **out);
+-
+- X509 *d2i_X509_bio(BIO *bp, X509 **x);
+- X509 *d2i_X509_fp(FILE *fp, X509 **x);
+-
+- int i2d_X509_bio(BIO *bp, X509 *x);
+- int i2d_X509_fp(FILE *fp, X509 *x);
+-
+- int i2d_re_X509_tbs(X509 *x, unsigned char **out);
++ int i2d_TYPE(TYPE *a, unsigned char **pp);
++ int i2d_TYPE_fp(FILE *fp, TYPE *a);
++ int i2d_TYPE_bio(BIO *bp, TYPE *a);
- X509 *d2i_X509_bio(BIO *bp, X509 **x);
- X509 *d2i_X509_fp(FILE *fp, X509 **x);
-@@ -25,7 +27,7 @@ i2d_X509_fp - X509 encode and decode functions
- The X509 encode and decode routines encode and parse an
- B<X509> structure, which represents an X509 certificate.
+ =head1 DESCRIPTION
+-The X509 encode and decode routines encode and parse an
+-B<X509> structure, which represents an X509 certificate.
++In the description here, I<TYPE> is used a placeholder
++for any of the OpenSSL datatypes, such as I<X509_CRL>.
+
-d2i_X509() attempts to decode B<len> bytes at B<*in>. If
-+d2i_X509() attempts to decode B<len> bytes at B<*in>. If
- successful a pointer to the B<X509> structure is returned. If an error
- occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
- returned structure is written to B<*px>. If B<*px> is not B<NULL>
-@@ -37,17 +39,27 @@ below, and the discussion in the RETURN VALUES section).
- If the call is successful B<*in> is incremented to the byte following the
- parsed data.
+-successful a pointer to the B<X509> structure is returned. If an error
+-occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+-returned structure is written to B<*px>. If B<*px> is not B<NULL>
+-then it is assumed that B<*px> contains a valid B<X509>
+-structure and an attempt is made to reuse it. This "reuse" capability is present
+-for historical compatibility but its use is B<strongly discouraged> (see BUGS
+-below, and the discussion in the RETURN VALUES section).
++These functions convert OpenSSL objects to and from their ASN.1/DER
++encoding. Unlike the C structures which can have pointers to sub-objects
++within, the DER is a serialized encoding, suitable for sending over the
++network, writing to a file, and so on.
-+d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of
-+an X509 certificate followed by auxiliary trust information.
-+This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
-+This function should not be called on untrusted input.
-+
- i2d_X509() encodes the structure pointed to by B<x> into DER format.
- If B<out> is not B<NULL> is writes the DER encoded data to the buffer
- at B<*out>, and increments it to point after the data just written.
- If the return value is negative an error occurred, otherwise it
+-If the call is successful B<*in> is incremented to the byte following the
+-parsed data.
++d2i_TYPE() attempts to decode B<len> bytes at B<*in>. If successful a
++pointer to the B<TYPE> structure is returned and B<*in> is incremented to
++the byte following the parsed data. If B<a> is not B<NULL> then a pointer
++to the returned structure is also written to B<*a>. If an error occurred
++then B<NULL> is returned.
+
+-i2d_X509() encodes the structure pointed to by B<x> into DER format.
+-If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+-at B<*out>, and increments it to point after the data just written.
+-If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data.
++On a successful return, if B<*a> is not B<NULL> then it is assumed that B<*a>
++contains a valid B<TYPE> structure and an attempt is made to reuse it. This
++"reuse" capability is present for historical compatibility but its use is
++B<strongly discouraged> (see BUGS below, and the discussion in the RETURN
++VALUES section).
+
+-If B<*out> is B<NULL> memory will be
+-allocated for a buffer and the encoded data written to it. In this
+-case B<*out> is not incremented and it points to the start of the
+-data just written.
+-
+-d2i_X509_bio() is similar to d2i_X509() except it attempts
++d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts
+ to parse data from BIO B<bp>.
+
+-d2i_X509_fp() is similar to d2i_X509() except it attempts
++d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts
+ to parse data from FILE pointer B<fp>.
+
+-i2d_X509_bio() is similar to i2d_X509() except it writes
+-the encoding of the structure B<x> to BIO B<bp> and it
++i2d_TYPE() encodes the structure pointed to by B<a> into DER format.
++If B<out> is not B<NULL>, it writes the DER encoded data to the buffer
++at B<*out>, and increments it to point after the data just written.
++If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data.
++
++If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded
++data written to it. In this case B<*out> is not incremented and it points
++to the start of the data just written.
++
++i2d_TYPE_bio() is similar to i2d_TYPE() except it writes
++the encoding of the structure B<a> to BIO B<bp> and it
+ returns 1 for success and 0 for failure.
- If B<*out> is B<NULL> memory will be
- allocated for a buffer and the encoded data written to it. In this
- case B<*out> is not incremented and it points to the start of the
- data just written.
+-i2d_X509_fp() is similar to i2d_X509() except it writes
+-the encoding of the structure B<x> to BIO B<bp> and it
++i2d_TYPE_fp() is similar to i2d_TYPE() except it writes
++the encoding of the structure B<a> to BIO B<bp> and it
+ returns 1 for success and 0 for failure.
-+i2d_X509_AUX() is similar to i2d_X509(), but the encoded output contains both
-+the certificate and any auxiliary trust information.
-+This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
-+Note, this is a non-standard OpenSSL-specific data format.
+-i2d_re_X509_tbs() is similar to i2d_X509() except it encodes
+-only the TBSCertificate portion of the certificate.
++These routines do not encrypt private keys and therefore offer no
++security; use L<PEM_write_PrivateKey(3)> or similar for writing to files.
+
+ =head1 NOTES
+
+-The letters B<i> and B<d> in for example B<i2d_X509> stand for
+-"internal" (that is an internal C structure) and "DER". So
+-B<i2d_X509> converts from internal to DER. The "re" in
+-B<i2d_re_X509_tbs> stands for "re-encode", and ensures that a fresh
+-encoding is generated in case the object has been modified after
+-creation (see the BUGS section).
++The letters B<i> and B<d> in B<i2d_TYPE> stand for
++"internal" (that is, an internal C structure) and "DER" respectively.
++So B<i2d_TYPE> converts from internal to DER.
+
+ The functions can also understand B<BER> forms.
+
+-The actual X509 structure passed to i2d_X509() must be a valid
+-populated B<X509> structure it can B<not> simply be fed with an
+-empty structure such as that returned by X509_new().
++The actual TYPE structure passed to i2d_TYPE() must be a valid
++populated B<TYPE> structure -- it B<cannot> simply be fed with an
++empty structure such as that returned by TYPE_new().
+
+ The encoded data is in binary form and may contain embedded zeroes.
+ Therefore any FILE pointers or BIOs should be opened in binary mode.
+@@ -88,10 +430,58 @@ of the encoded structure.
+ The ways that B<*in> and B<*out> are incremented after the operation
+ can trap the unwary. See the B<WARNINGS> section for some common
+ errors.
+-
+-The reason for the auto increment behaviour is to reflect a typical
++The reason for this-auto increment behaviour is to reflect a typical
+ usage of ASN1 functions: after one structure is encoded or decoded
+-another will processed after it.
++another will be processed after it.
+
- d2i_X509_bio() is similar to d2i_X509() except it attempts
- to parse data from BIO B<bp>.
++The following points about the data types might be useful:
++
++=over
++
++=item B<ASN1_OBJECT>
++
++Represents an ASN1 OBJECT IDENTIFIER.
++
++=item B<DHparams>
++
++Represents a PKCS#3 DH parameters structure.
++
++=item B<DHparamx>
++
++Represents a ANSI X9.42 DH parameters structure.
++
++=item B<DSA_PUBKEY>
++
++Represents a DSA public key using a B<SubjectPublicKeyInfo> structure.
++
++=item B<DSAPublicKey, DSAPrivateKey>
++
++Use a non-standard OpenSSL format and should be avoided; use B<DSA_PUBKEY>,
++B<PEM_write_PrivateKey(3)>, or similar instead.
++
++=item B<RSAPublicKey>
++
++Represents a PKCS#1 RSA public key structure.
++
++=item B<X509_ALGOR>
++
++Represents an B<AlogrithmIdentifier> structure as used in IETF RFC 6960 and
++elsewhere.
++
++=item B<X509_Name>
++
++Represents a B<Name> type as used for subject and issuer names in
++IETF RFC 6960 and elsewhere.
++
++=item B<X509_REQ>
++
++Represents a PKCS#10 certificate request.
++
++=item B<X509_SIG>
++
++Represents the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
++
++=back
-@@ -103,7 +115,7 @@ Allocate and encode the DER encoding of an X509 structure:
+ =head1 EXAMPLES
+
+@@ -103,7 +493,7 @@ another will processed after it.
buf = NULL;
len = i2d_X509(x, &buf);
if (len < 0)
- /* error */
-+ /* error */
++ /* error */
Attempt to decode a buffer:
-@@ -143,7 +155,7 @@ mistake is to attempt to use a buffer directly as follows:
+@@ -111,12 +501,11 @@ another will processed after it.
+ unsigned char *buf, *p;
+ int len;
+
+- /* Something to setup buf and len */
++ /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = d2i_X509(NULL, &p, len);
+-
+ if (x == NULL)
+- /* Some error */
++ /* error */
+
+ Alternative technique:
+
+@@ -124,17 +513,16 @@ another will processed after it.
+ unsigned char *buf, *p;
+ int len;
+
+- /* Something to setup buf and len */
++ /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = NULL;
+
+- if (!d2i_X509(&x, &p, len))
+- /* Some error */
+-
++ if (d2i_X509(&x, &p, len) == NULL)
++ /* error */
+
+ =head1 WARNINGS
+
+-The use of temporary variable is mandatory. A common
++Using a temporary variable is mandatory. A common
+ mistake is to attempt to use a buffer directly as follows:
+
+ int len;
+@@ -142,24 +530,22 @@ The use of temporary variable is mandatory. A common
+
len = i2d_X509(x, NULL);
buf = OPENSSL_malloc(len);
- if (buf == NULL)
+- if (buf == NULL)
- /* error */
-+ /* error */
+-
++ ...
+ i2d_X509(x, &buf);
+- /* Other stuff ... */
++ ...
+ OPENSSL_free(buf);
- i2d_X509(x, &buf);
- /* Other stuff ... */
-@@ -159,7 +171,7 @@ Another trap to avoid is misuse of the B<xp> argument to d2i_X509():
+ This code will result in B<buf> apparently containing garbage because
+ it was incremented after the call to point after the data just written.
+ Also B<buf> will no longer contain the pointer allocated by OPENSSL_malloc()
+-and the subsequent call to OPENSSL_free() may well crash.
++and the subsequent call to OPENSSL_free() is likely to crash.
+
+-Another trap to avoid is misuse of the B<xp> argument to d2i_X509():
++Another trap to avoid is misuse of the B<a> argument to d2i_TYPE():
+
X509 *x;
- if (!d2i_X509(&x, &p, len))
+- if (!d2i_X509(&x, &p, len))
- /* Some error */
-+ /* Some error */
++ if (d2i_X509(&x, &p, len) == NULL)
++ /* error */
This will probably crash somewhere in d2i_X509(). The reason for this
is that the variable B<x> is uninitialized and an attempt will be made to
-@@ -169,7 +181,7 @@ happen.
+@@ -169,66 +555,44 @@ happen.
=head1 BUGS
-In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
-+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
++In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when
B<*px> is valid is broken and some parts of the reused structure may
persist if they are not present in the new one. As a result the use
of this "reuse" behaviour is strongly discouraged.
-@@ -207,10 +219,10 @@ state.
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
+-i2d_X509() will not return an error in many versions of OpenSSL,
++i2d_TYPE() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+-fields entirely and will not be parsed by d2i_X509(). This may be
+-fixed in future so code should not assume that i2d_X509() will
++fields entirely and will not be parsed by d2i_TYPE(). This may be
++fixed in future so code should not assume that i2d_TYPE() will
+ always succeed.
+
+-The encoding of the TBSCertificate portion of a certificate is cached
+-in the B<X509> structure internally to improve encoding performance
+-and to ensure certificate signatures are verified correctly in some
+-certificates with broken (non-DER) encodings.
+-
+-Any function which encodes an X509 structure such as i2d_X509(),
+-i2d_X509_fp() or i2d_X509_bio() may return a stale encoding if the
+-B<X509> structure has been modified after deserialization or previous
+-serialization.
+-
+-If, after modification, the B<X509> object is re-signed with X509_sign(),
+-the encoding is automatically renewed. Otherwise, the encoding of the
+-TBSCertificate portion of the B<X509> can be manually renewed by calling
+-i2d_re_X509_tbs().
++Any function which encodes a structure (i2d_TYPE(),
++i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the
++structure has been modified after deserialization or previous
++serialization. This is because some objects cache the encoding for
++efficiency reasons.
+
+ =head1 RETURN VALUES
+
+-d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+-or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)>. If the "reuse" capability has been used
+-with a valid X509 structure being passed in via B<px> then the object is not
+-freed in the event of error but may be in a potentially invalid or inconsistent
+-state.
++d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B<TYPE> structure
++or B<NULL> if an error occurs. If the "reuse" capability has been used with
++a valid structure being passed in via B<a>, then the object is not freed in
++the event of error but may be in a potentially invalid or inconsistent state.
+
+-i2d_X509() returns the number of bytes successfully encoded or a negative
+-value if an error occurs. The error code can be obtained by
-L<ERR_get_error(3)>.
-+L<ERR_get_error(3)>.
++i2d_TYPE() returns the number of bytes successfully encoded or a negative
++value if an error occurs.
-i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
-occurs The error code can be obtained by L<ERR_get_error(3)>.
-+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
-+occurs The error code can be obtained by L<ERR_get_error(3)>.
++i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error
++occurs.
- =head1 SEE ALSO
+-=head1 SEE ALSO
++=head1 COPYRIGHT
-@@ -231,4 +243,13 @@ L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
-
-+=head1 COPYRIGHT
+-L<ERR_get_error(3)>
+-L<X509_CRL_get0_by_serial(3)>,
+-L<X509_get0_signature(3)>,
+-L<X509_get_ext_d2i(3)>,
+-L<X509_get_extension_flags(3)>,
+-L<X509_get_pubkey(3)>,
+-L<X509_get_subject_name(3)>,
+-L<X509_get_version(3)>,
+-L<X509_NAME_add_entry_by_txt(3)>,
+-L<X509_NAME_ENTRY_get_object(3)>,
+-L<X509_NAME_get_index_by_NID(3)>,
+-L<X509_NAME_print_ex(3)>,
+-L<X509_new(3)>,
+-L<X509_sign(3)>,
+-L<X509V3_get_d2i(3)>,
+-L<X509_verify_cert(3)>
++Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/crypto/d2i_X509_ALGOR.pod b/doc/crypto/d2i_X509_ALGOR.pod
-index fb8a75d..01fc506 100644
+deleted file mode 100644
+index fb8a75d26e6b..000000000000
--- a/doc/crypto/d2i_X509_ALGOR.pod
-+++ b/doc/crypto/d2i_X509_ALGOR.pod
-@@ -48,8 +48,13 @@ encodings and non-zero otherwise.
-
- L<d2i_X509(3)>
-
++++ /dev/null
+@@ -1,55 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_X509_ALGOR, i2d_X509_ALGOR, X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
+- int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
+- X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
+- int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+- void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+- X509_ALGOR *alg);
+- void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+- int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+-
+-=head1 DESCRIPTION
+-
+-The functions d2i_X509() and i2d_X509() decode and encode an B<X509_ALGOR>
+-structure which is equivalent to the B<AlgorithmIdentifier> structure.
+-
+-Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-X509_ALGOR_dup() returns a copy of B<alg>.
+-
+-X509_ALGOR_set0() sets the algorithm OID of B<alg> to B<aobj> and the
+-associated parameter type to B<ptype> with value B<pval>. If B<ptype> is
+-B<V_ASN1_UNDEF> the parameter is omitted, otherwise B<ptype> and B<pval> have
+-the same meaning as the B<type> and B<value> parameters to ASN1_TYPE_set().
+-All the supplied parameters are used internally so must B<NOT> be freed after
+-this call.
+-
+-X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the
+-algorithm OID in B<*paobj> and the associated parameter in B<*pptype>
+-and B<*ppval> from the B<AlgorithmIdentifier> B<alg>.
+-
+-X509_ALGOR_set_md() sets the B<AlgorithmIdentifier> B<alg> to appropriate
+-values for the message digest B<md>.
+-
+-X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
+-encodings and non-zero otherwise.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/d2i_X509_CRL.pod b/doc/crypto/d2i_X509_CRL.pod
-index 96f5a4d..ac6ffef 100644
+deleted file mode 100644
+index 96f5a4deedfa..000000000000
--- a/doc/crypto/d2i_X509_CRL.pod
-+++ b/doc/crypto/d2i_X509_CRL.pod
-@@ -32,8 +32,13 @@ described in the L<d2i_X509(3)> manual page.
-
- L<d2i_X509(3)>
-
++++ /dev/null
+@@ -1,39 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_X509_CRL_fp,
+-i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_re_X509_CRL_tbs - CRL functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
+- int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
+-
+- X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
+- X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
+-
+- int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
+- int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
+-
+- int i2d_re_X509_CRL_tbs(X509_CRL *x, unsigned char **out);
+-
+-=head1 DESCRIPTION
+-
+-These functions decode and encode an X509 CRL (certificate revocation
+-list).
+-
+-Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod
-index d1d32df..f30ebab 100644
+deleted file mode 100644
+index d1d32dfcd87c..000000000000
--- a/doc/crypto/d2i_X509_NAME.pod
-+++ b/doc/crypto/d2i_X509_NAME.pod
-@@ -32,14 +32,23 @@ the encoding of an B<X509_NAME> structure without copying it.
-
- =head1 RETURN VALUES
-
++++ /dev/null
+@@ -1,45 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
+- int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+-
+- int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
+- X509_NAME *nm)
+-
+-
+-=head1 DESCRIPTION
+-
+-The functions d2i_X509_NAME() and i2d_X509_NAME() decode and encode an
+-B<X509_NAME> structure which is the same as the B<Name> type defined in
+-RFC3280 (and elsewhere) and used for example in certificate subject and
+-issuer names.
+-
+-Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-The function X509_NAME_get0_der() returns an internal pointer to the
+-encoding of an B<X509_NAME> structure in B<*pder> and consisting of
+-B<*pderlen> bytes. It is useful for applications that wish to examine
+-the encoding of an B<X509_NAME> structure without copying it.
+-
+-=head1 RETURN VALUES
+-
-=head1 SEE ALSO
-
- The meanings of the return values of d2i_X509_NAME() and i2d_X509_NAME()
- are similar to those for d2i_X509() and i2d_X509().
-
- The function X509_NAME_get0_der() returns 1 for success and 0 if an error
- occurred.
-
-+=head1 SEE ALSO
-+
- L<d2i_X509(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-The meanings of the return values of d2i_X509_NAME() and i2d_X509_NAME()
+-are similar to those for d2i_X509() and i2d_X509().
+-
+-The function X509_NAME_get0_der() returns 1 for success and 0 if an error
+-occurred.
+-
+-L<d2i_X509(3)>
+-
+-=cut
diff --git a/doc/crypto/d2i_X509_REQ.pod b/doc/crypto/d2i_X509_REQ.pod
-index 0d66da7..23d3c5f 100644
+deleted file mode 100644
+index 0d66da7d76c9..000000000000
--- a/doc/crypto/d2i_X509_REQ.pod
-+++ b/doc/crypto/d2i_X509_REQ.pod
-@@ -32,8 +32,13 @@ described in the L<d2i_X509(3)> manual page.
-
- L<d2i_X509(3)>
-
++++ /dev/null
+@@ -1,39 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+-i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_re_X509_REQ_tbs - PKCS#10 certificate
+-request functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);
+- int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
+-
+- X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
+- X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
+-
+- int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
+- int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
+-
+- int i2d_re_X509_REQ_tbs(X509_REQ *x, unsigned char **out);
+-
+-=head1 DESCRIPTION
+-
+-These functions decode and encode a PKCS#10 certificate request.
+-
+-Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/d2i_X509_SIG.pod b/doc/crypto/d2i_X509_SIG.pod
-index 08d0876..ac1abe3 100644
+deleted file mode 100644
+index 08d08766ceda..000000000000
--- a/doc/crypto/d2i_X509_SIG.pod
-+++ b/doc/crypto/d2i_X509_SIG.pod
-@@ -29,8 +29,13 @@ value in B<sig>. These values can then be examined or initialised.
-
- L<d2i_X509(3)>
-
++++ /dev/null
+@@ -1,36 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/x509.h>
+-
+- X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
+- int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+- void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
+- X509_SIG *sig);
+-
+-=head1 DESCRIPTION
+-
+-The functions d2i_X509_SIG() and i2d_X509_SIG() decode and encode an
+-X509_SIG structure which is equivalent to the B<DigestInfo> structure
+-defined in PKCS#1 and PKCS#7.
+-
+-Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
+-described in the L<d2i_X509(3)> manual page.
+-
+-X509_SIG_get0() returns pointers to the algorithm identifier and digest
+-value in B<sig>. These values can then be examined or initialised.
+-
+-=head1 SEE ALSO
+-
+-L<d2i_X509(3)>
+-
-=head1 HISTORY
-+=head1 COPYRIGHT
-
+-
-TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
-index 19b6662..7ccadbc 100644
+deleted file mode 100644
+index 19b6662f0f90..000000000000
--- a/doc/crypto/des.pod
-+++ b/doc/crypto/des.pod
-@@ -10,7 +10,7 @@ DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
- DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
- DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
- DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
++++ /dev/null
+@@ -1,320 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+-DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
+-DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
+-DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
+-DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
+-DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
+-DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+-DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
-DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
-+DES_fcrypt, DES_crypt - DES encryption
-
- =head1 SYNOPSIS
-
-@@ -28,16 +28,16 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
- void DES_set_odd_parity(DES_cblock *key);
- int DES_is_weak_key(const_DES_cblock *key);
-
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/des.h>
+-
+- void DES_random_key(DES_cblock *ret);
+-
+- int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+- int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+- int DES_set_key_checked(const_DES_cblock *key,
+- DES_key_schedule *schedule);
+- void DES_set_key_unchecked(const_DES_cblock *key,
+- DES_key_schedule *schedule);
+-
+- void DES_set_odd_parity(DES_cblock *key);
+- int DES_is_weak_key(const_DES_cblock *key);
+-
- void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks, int enc);
+- DES_key_schedule *ks, int enc);
- void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
-+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+- DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2,
-+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-+ DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, int enc);
-
+- DES_key_schedule *ks3, int enc);
+-
- void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc);
- void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
- int numbits, long length, DES_key_schedule *schedule,
-@@ -45,8 +45,8 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
- void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
- int numbits, long length, DES_key_schedule *schedule,
- DES_cblock *ivec);
+- int enc);
+- void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+- int numbits, long length, DES_key_schedule *schedule,
+- DES_cblock *ivec, int enc);
+- void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+- int numbits, long length, DES_key_schedule *schedule,
+- DES_cblock *ivec);
- void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc);
- void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-@@ -55,8 +55,8 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int *num);
-
+- int enc);
+- void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+- long length, DES_key_schedule *schedule, DES_cblock *ivec,
+- int *num, int enc);
+- void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+- long length, DES_key_schedule *schedule, DES_cblock *ivec,
+- int *num);
+-
- void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
- const_DES_cblock *inw, const_DES_cblock *outw, int enc);
-
- void DES_ede2_cbc_encrypt(const unsigned char *input,
-@@ -73,18 +73,18 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
- unsigned char *output, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
- int enc);
+- const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+-
+- void DES_ede2_cbc_encrypt(const unsigned char *input,
+- unsigned char *output, long length, DES_key_schedule *ks1,
+- DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+- void DES_ede2_cfb64_encrypt(const unsigned char *in,
+- unsigned char *out, long length, DES_key_schedule *ks1,
+- DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
+- void DES_ede2_ofb64_encrypt(const unsigned char *in,
+- unsigned char *out, long length, DES_key_schedule *ks1,
+- DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+-
+- void DES_ede3_cbc_encrypt(const unsigned char *input,
+- unsigned char *output, long length, DES_key_schedule *ks1,
+- DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
+- int enc);
- void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+- DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
- void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
-+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, DES_key_schedule *ks1,
-+ DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec, int *num);
-
+- DES_cblock *ivec, int *num);
+-
- DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
- long length, DES_key_schedule *schedule,
-+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
-+ long length, DES_key_schedule *schedule,
- const_DES_cblock *ivec);
+- const_DES_cblock *ivec);
- DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
- long length, int out_count, DES_cblock *seed);
- void DES_string_to_key(const char *str, DES_cblock *key);
- void DES_string_to_2keys(const char *str, DES_cblock *key1,
-@@ -93,11 +93,6 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
- char *DES_fcrypt(const char *buf, const char *salt, char *ret);
- char *DES_crypt(const char *buf, const char *salt);
-
+- long length, int out_count, DES_cblock *seed);
+- void DES_string_to_key(const char *str, DES_cblock *key);
+- void DES_string_to_2keys(const char *str, DES_cblock *key1,
+- DES_cblock *key2);
+-
+- char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+- char *DES_crypt(const char *buf, const char *salt);
+-
- int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
- DES_cblock *iv);
- int DES_enc_write(int fd, const void *buf, int len,
- DES_key_schedule *sched, DES_cblock *iv);
-
- =head1 DESCRIPTION
-
- This library contains a fast implementation of the DES encryption
-@@ -132,7 +127,7 @@ depend on a global variable.
- DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-
- DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
+-=head1 DESCRIPTION
+-
+-This library contains a fast implementation of the DES encryption
+-algorithm.
+-
+-There are two phases to the use of DES encryption. The first is the
+-generation of a I<DES_key_schedule> from a key, the second is the
+-actual encryption. A DES key is of type I<DES_cblock>. This type is
+-consists of 8 bytes with odd parity. The least significant bit in
+-each byte is the parity bit. The key schedule is an expanded form of
+-the key; it is used to speed the encryption process.
+-
+-DES_random_key() generates a random key. The PRNG must be seeded
+-prior to using this function (see L<rand(3)>). If the PRNG
+-could not generate a secure key, 0 is returned.
+-
+-Before a DES key can be used, it must be converted into the
+-architecture dependent I<DES_key_schedule> via the
+-DES_set_key_checked() or DES_set_key_unchecked() function.
+-
+-DES_set_key_checked() will check that the key passed is of odd parity
+-and is not a week or semi-weak key. If the parity is wrong, then -1
+-is returned. If the key is a weak key, then -2 is returned. If an
+-error is returned, the key schedule is not generated.
+-
+-DES_set_key() works like
+-DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
+-otherwise like DES_set_key_unchecked(). These functions are available
+-for compatibility; it is recommended to use a function that does not
+-depend on a global variable.
+-
+-DES_set_odd_parity() sets the parity of the passed I<key> to odd.
+-
+-DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
-is ok.
-+is ok.
-
- The following routines mostly operate on an input and output stream of
- I<DES_cblock>s.
-@@ -256,25 +251,6 @@ containing the length of the following encrypted data. The encrypted
- data then follows, padded with random data out to a multiple of 8
- bytes.
-
+-
+-The following routines mostly operate on an input and output stream of
+-I<DES_cblock>s.
+-
+-DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
+-decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
+-(ECB) mode. It always transforms the input data, pointed to by
+-I<input>, into the output data, pointed to by the I<output> argument.
+-If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
+-(cleartext) is encrypted in to the I<output> (ciphertext) using the
+-key_schedule specified by the I<schedule> argument, previously set via
+-I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
+-ciphertext) is decrypted into the I<output> (now cleartext). Input
+-and output may overlap. DES_ecb_encrypt() does not return a value.
+-
+-DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
+-three-key Triple-DES encryption in ECB mode. This involves encrypting
+-the input with I<ks1>, decrypting with the key schedule I<ks2>, and
+-then encrypting with I<ks3>. This routine greatly reduces the chances
+-of brute force breaking of DES and has the advantage of if I<ks1>,
+-I<ks2> and I<ks3> are the same, it is equivalent to just encryption
+-using ECB mode and I<ks1> as the key.
+-
+-The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
+-encryption by using I<ks1> for the final encryption.
+-
+-DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
+-(CBC) mode of DES. If the I<encrypt> argument is non-zero, the
+-routine cipher-block-chain encrypts the cleartext data pointed to by
+-the I<input> argument into the ciphertext pointed to by the I<output>
+-argument, using the key schedule provided by the I<schedule> argument,
+-and initialization vector provided by the I<ivec> argument. If the
+-I<length> argument is not an integral multiple of eight bytes, the
+-last block is copied to a temporary area and zero filled. The output
+-is always an integral multiple of eight bytes.
+-
+-DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and
+-I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
+-(unlike the iv) and are as such, part of the key. So the key is sort
+-of 24 bytes. This is much better than CBC DES.
+-
+-DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
+-three keys. This means that each DES operation inside the CBC mode is
+-an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+-
+-The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
+-reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
+-This form of Triple-DES is used by the RSAREF library.
+-
+-DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+-chaining mode used by Kerberos v4. Its parameters are the same as
+-DES_ncbc_encrypt().
+-
+-DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
+-method takes an array of characters as input and outputs and array of
+-characters. It does not require any padding to 8 character groups.
+-Note: the I<ivec> variable is changed and the new changed value needs to
+-be passed to the next call to this function. Since this function runs
+-a complete DES ECB encryption per I<numbits>, this function is only
+-suggested for use when sending small numbers of characters.
+-
+-DES_cfb64_encrypt()
+-implements CFB mode of DES with 64bit feedback. Why is this
+-useful you ask? Because this routine will allow you to encrypt an
+-arbitrary number of bytes, no 8 byte padding. Each call to this
+-routine will encrypt the input bytes to output and then update ivec
+-and num. num contains 'how far' we are though ivec. If this does
+-not make much sense, read more about cfb mode of DES :-).
+-
+-DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
+-DES_cfb64_encrypt() except that Triple-DES is used.
+-
+-DES_ofb_encrypt() encrypts using output feedback mode. This method
+-takes an array of characters as input and outputs and array of
+-characters. It does not require any padding to 8 character groups.
+-Note: the I<ivec> variable is changed and the new changed value needs to
+-be passed to the next call to this function. Since this function runs
+-a complete DES ECB encryption per numbits, this function is only
+-suggested for use when sending small numbers of characters.
+-
+-DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
+-Feed Back mode.
+-
+-DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
+-DES_ofb64_encrypt(), using Triple-DES.
+-
+-The following functions are included in the DES library for
+-compatibility with the MIT Kerberos library.
+-
+-DES_cbc_cksum() produces an 8 byte checksum based on the input stream
+-(via CBC encryption). The last 4 bytes of the checksum are returned
+-and the complete 8 bytes are placed in I<output>. This function is
+-used by Kerberos v4. Other applications should use
+-L<EVP_DigestInit(3)> etc. instead.
+-
+-DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
+-checksum from the input bytes. The algorithm can be iterated over the
+-input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is
+-non-NULL, the 8 bytes generated by each pass are written into
+-I<output>.
+-
+-The following are DES-based transformations:
+-
+-DES_fcrypt() is a fast version of the Unix crypt(3) function. This
+-version takes only a small amount of space relative to other fast
+-crypt() implementations. This is different to the normal crypt in
+-that the third parameter is the buffer that the return value is
+-written into. It needs to be at least 14 bytes long. This function
+-is thread safe, unlike the normal crypt.
+-
+-DES_crypt() is a faster replacement for the normal system crypt().
+-This function calls DES_fcrypt() with a static array passed as the
+-third parameter. This emulates the normal non-thread safe semantics
+-of crypt(3).
+-
+-DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
+-buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
+-using I<sched> for the key and I<iv> as a starting vector. The actual
+-data send down I<fd> consists of 4 bytes (in network byte order)
+-containing the length of the following encrypted data. The encrypted
+-data then follows, padded with random data out to a multiple of 8
+-bytes.
+-
-DES_enc_read() is used to read I<len> bytes from file descriptor
-I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to
-have come from DES_enc_write() and is decrypted using I<sched> for
@@ -95102,25 +109459,51 @@
-default), DES_pcbc_encrypt is used. If set to I<DES_CBC_MODE>
-DES_cbc_encrypt is used.
-
- =head1 BUGS
-
- DES_3cbc_encrypt() is flawed and must not be used in applications.
-@@ -317,4 +293,13 @@ not suitable for most applications; see L<des_modes(7)>.
- L<des_modes(7)>,
- L<EVP_EncryptInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-=head1 BUGS
+-
+-DES_3cbc_encrypt() is flawed and must not be used in applications.
+-
+-DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
+-instead.
+-
+-DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
+-What this means is that if you set numbits to 12, and length to 2, the
+-first 12 bits will come from the 1st input byte and the low half of
+-the second input byte. The second 12 bits will have the low 8 bits
+-taken from the 3rd input byte and the top 4 bits taken from the 4th
+-input byte. The same holds for output. This function has been
+-implemented this way because most people will be using a multiple of 8
+-and because once you get into pulling bytes input bytes apart things
+-get ugly!
+-
+-DES_string_to_key() is available for backward compatibility with the
+-MIT library. New applications should use a cryptographic hash function.
+-The same applies for DES_string_to_2key().
+-
+-=head1 CONFORMING TO
+-
+-ANSI X3.106
+-
+-The B<des> library was written to be source code compatible with
+-the MIT Kerberos library.
+-
+-=head1 NOTES
+-
+-Applications should use the higher level functions
+-L<EVP_EncryptInit(3)> etc. instead of calling these
+-functions directly.
+-
+-Single-key DES is insecure due to its short key size. ECB mode is
+-not suitable for most applications; see L<des_modes(7)>.
+-
+-=head1 SEE ALSO
+-
+-L<des_modes(7)>,
+-L<EVP_EncryptInit(3)>
+-
+-=cut
diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod
-index bd6a358..5107b77 100644
+index bd6a358aeb88..5107b77c8d46 100644
--- a/doc/crypto/des_modes.pod
+++ b/doc/crypto/des_modes.pod
@@ -240,16 +240,24 @@ This text was been written in large parts by Eric Young in his original
@@ -95145,9 +109528,9 @@
-=cut
+=head1 COPYRIGHT
+
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -95155,329 +109538,1085 @@
+
+=cut
diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod
-index b1eaa48..b56c27c 100644
+deleted file mode 100644
+index b1eaa480b7e2..000000000000
--- a/doc/crypto/dh.pod
-+++ b/doc/crypto/dh.pod
-@@ -9,15 +9,15 @@ dh - Diffie-Hellman key agreement
- #include <openssl/dh.h>
- #include <openssl/engine.h>
-
++++ /dev/null
+@@ -1,61 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-dh - Diffie-Hellman key agreement
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/dh.h>
+- #include <openssl/engine.h>
+-
- DH * DH_new(void);
- void DH_free(DH *dh);
-+ DH * DH_new(void);
-+ void DH_free(DH *dh);
-
+-
- DH * DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int, int, void *), void *cb_arg);
- int DH_check(const DH *dh, int *codes);
-+ DH * DH_generate_parameters(int prime_len, int generator,
-+ void (*callback)(int, int, void *), void *cb_arg);
-+ int DH_check(const DH *dh, int *codes);
-
+-
- int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-+ int DH_generate_key(DH *dh);
-+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
- void DH_set_default_method(const DH_METHOD *meth);
- const DH_METHOD *DH_get_default_method(void);
-@@ -25,11 +25,11 @@ dh - Diffie-Hellman key agreement
- DH *DH_new_method(ENGINE *engine);
- const DH_METHOD *DH_OpenSSL(void);
-
+-
+- void DH_set_default_method(const DH_METHOD *meth);
+- const DH_METHOD *DH_get_default_method(void);
+- int DH_set_method(DH *dh, const DH_METHOD *meth);
+- DH *DH_new_method(ENGINE *engine);
+- const DH_METHOD *DH_OpenSSL(void);
+-
- DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
- int i2d_DHparams(const DH *a, unsigned char **pp);
-+ DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
-+ int i2d_DHparams(const DH *a, unsigned char **pp);
-
+-
- int DHparams_print_fp(FILE *fp, const DH *x);
- int DHparams_print(BIO *bp, const DH *x);
-+ int DHparams_print_fp(FILE *fp, const DH *x);
-+ int DHparams_print(BIO *bp, const DH *x);
-
- =head1 DESCRIPTION
-
-@@ -56,6 +56,15 @@ L<DH_set_method(3)>, L<DH_new(3)>,
- L<DH_get_ex_new_index(3)>,
- L<DH_generate_parameters(3)>,
- L<DH_compute_key(3)>, L<DH_get0_pqg(3)>, L<DH_meth_new(3)>, L<d2i_DHparams(3)>,
+-
+-=head1 DESCRIPTION
+-
+-These functions implement the Diffie-Hellman key agreement protocol.
+-The generation of shared DH parameters is described in
+-L<DH_generate_parameters(3)>; L<DH_generate_key(3)> describes how
+-to perform a key agreement.
+-
+-The B<DH> structure consists of several BIGNUM components. The prime B<p>, the
+-generate B<g>, the Private key B<priv_key> and the public key B<pub_key>.
+-Optionally there may also be an additional parameter B<q>.
+-
+-Note that DH keys may use non-standard B<DH_METHOD> implementations,
+-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+-ENGINE providing support for hardware-embedded keys), these BIGNUM values
+-will not be used by the implementation or may be used for alternative data
+-storage.
+-
+-=head1 SEE ALSO
+-
+-L<dhparam(1)>, L<bn(3)>, L<dsa(3)>, L<err(3)>,
+-L<rand(3)>, L<rsa(3)>, L<engine(3)>,
+-L<DH_set_method(3)>, L<DH_new(3)>,
+-L<DH_get_ex_new_index(3)>,
+-L<DH_generate_parameters(3)>,
+-L<DH_compute_key(3)>, L<DH_get0_pqg(3)>, L<DH_meth_new(3)>, L<d2i_DHparams(3)>,
-L<RSA_print(3)>
-+L<RSA_print(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod
-index 9cf1c49..2850c1d 100644
+deleted file mode 100644
+index 9cf1c49c87f2..000000000000
--- a/doc/crypto/dsa.pod
-+++ b/doc/crypto/dsa.pod
-@@ -9,25 +9,25 @@ dsa - Digital Signature Algorithm
- #include <openssl/dsa.h>
- #include <openssl/engine.h>
-
++++ /dev/null
+@@ -1,109 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-dsa - Digital Signature Algorithm
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/dsa.h>
+- #include <openssl/engine.h>
+-
- DSA * DSA_new(void);
- void DSA_free(DSA *dsa);
-+ DSA * DSA_new(void);
-+ void DSA_free(DSA *dsa);
-
+-
- int DSA_size(const DSA *dsa);
-+ int DSA_size(const DSA *dsa);
-
+-
- DSA * DSA_generate_parameters(int bits, unsigned char *seed,
-+ DSA * DSA_generate_parameters(int bits, unsigned char *seed,
- int seed_len, int *counter_ret, unsigned long *h_ret,
+- int seed_len, int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *), void *cb_arg);
-+ void (*callback)(int, int, void *), void *cb_arg);
-
+-
- DH * DSA_dup_DH(const DSA *r);
-+ DH * DSA_dup_DH(const DSA *r);
-
+-
- int DSA_generate_key(DSA *dsa);
-+ int DSA_generate_key(DSA *dsa);
-
+-
- int DSA_sign(int dummy, const unsigned char *dgst, int len,
- unsigned char *sigret, unsigned int *siglen, DSA *dsa);
- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-+ int DSA_sign(int dummy, const unsigned char *dgst, int len,
-+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
-+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
- BIGNUM **rp);
+- BIGNUM **rp);
- int DSA_verify(int dummy, const unsigned char *dgst, int len,
- const unsigned char *sigbuf, int siglen, DSA *dsa);
-+ int DSA_verify(int dummy, const unsigned char *dgst, int len,
-+ const unsigned char *sigbuf, int siglen, DSA *dsa);
-
- void DSA_set_default_method(const DSA_METHOD *meth);
- const DSA_METHOD *DSA_get_default_method(void);
-@@ -36,25 +36,25 @@ dsa - Digital Signature Algorithm
- const DSA_METHOD *DSA_OpenSSL(void);
-
- DSA_SIG *DSA_SIG_new(void);
+-
+- void DSA_set_default_method(const DSA_METHOD *meth);
+- const DSA_METHOD *DSA_get_default_method(void);
+- int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+- DSA *DSA_new_method(ENGINE *engine);
+- const DSA_METHOD *DSA_OpenSSL(void);
+-
+- DSA_SIG *DSA_SIG_new(void);
- void DSA_SIG_free(DSA_SIG *a);
- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-+ void DSA_SIG_free(DSA_SIG *a);
-+ int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+-
+- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa);
-
+-
- DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
- DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
- DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
- int i2d_DSAparams(const DSA *a,unsigned char **pp);
-+ DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
-+ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
-+ DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
-+ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-+ int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-+ int i2d_DSAparams(const DSA *a,unsigned char **pp);
-
+-
- int DSAparams_print(BIO *bp, const DSA *x);
- int DSAparams_print_fp(FILE *fp, const DSA *x);
- int DSA_print(BIO *bp, const DSA *x, int off);
- int DSA_print_fp(FILE *bp, const DSA *x, int off);
-+ int DSAparams_print(BIO *bp, const DSA *x);
-+ int DSAparams_print_fp(FILE *fp, const DSA *x);
-+ int DSA_print(BIO *bp, const DSA *x, int off);
-+ int DSA_print_fp(FILE *bp, const DSA *x, int off);
-
- =head1 DESCRIPTION
-
-@@ -69,11 +69,11 @@ The B<DSA> structure consists of several BIGNUM components.
-
- struct
- {
+-
+-=head1 DESCRIPTION
+-
+-These functions implement the Digital Signature Algorithm (DSA). The
+-generation of shared DSA parameters is described in
+-L<DSA_generate_parameters(3)>;
+-L<DSA_generate_key(3)> describes how to
+-generate a signature key. Signature generation and verification are
+-described in L<DSA_sign(3)>.
+-
+-The B<DSA> structure consists of several BIGNUM components.
+-
+- struct
+- {
- BIGNUM *p; // prime number (public)
- BIGNUM *q; // 160-bit subprime, q | p-1 (public)
- BIGNUM *g; // generator of subgroup (public)
- BIGNUM *priv_key; // private key x
- BIGNUM *pub_key; // public key y = g^x
-+ BIGNUM *p; // prime number (public)
-+ BIGNUM *q; // 160-bit subprime, q | p-1 (public)
-+ BIGNUM *g; // generator of subgroup (public)
-+ BIGNUM *priv_key; // private key x
-+ BIGNUM *pub_key; // public key y = g^x
- // ...
- }
- DSA;
-@@ -106,4 +106,13 @@ L<DSA_sign(3)>, L<DSA_set_method(3)>,
- L<DSA_get_ex_new_index(3)>,
- L<RSA_print(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+- // ...
+- }
+- DSA;
+-
+-In public keys, B<priv_key> is NULL.
+-
+-Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+-ENGINE providing support for hardware-embedded keys), these BIGNUM values
+-will not be used by the implementation or may be used for alternative data
+-storage. For this reason, applications should generally avoid using DSA
+-structure elements directly and instead use API functions to query or
+-modify keys.
+-
+-=head1 CONFORMING TO
+-
+-US Federal Information Processing Standard FIPS 186 (Digital Signature
+-Standard, DSS), ANSI X9.30
+-
+-=head1 SEE ALSO
+-
+-L<bn(3)>, L<dh(3)>, L<err(3)>, L<rand(3)>,
+-L<rsa(3)>, L<sha(3)>, L<engine(3)>,
+-L<DSA_new(3)>,
+-L<DSA_size(3)>,
+-L<DSA_generate_parameters(3)>,
+-L<DSA_dup_DH(3)>,
+-L<DSA_generate_key(3)>,
+-L<DSA_sign(3)>, L<DSA_set_method(3)>,
+-L<DSA_get_ex_new_index(3)>,
+-L<RSA_print(3)>
+-
+-=cut
diff --git a/doc/crypto/ec.pod b/doc/crypto/ec.pod
-index d6f1381..5e20b4e 100644
+deleted file mode 100644
+index d6f13816add2..000000000000
--- a/doc/crypto/ec.pod
-+++ b/doc/crypto/ec.pod
-@@ -60,34 +60,34 @@ ec - Elliptic Curve functions
- const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
- int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
- int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
++++ /dev/null
+@@ -1,198 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-ec - Elliptic Curve functions
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/ec.h>
+- #include <openssl/bn.h>
+-
+- const EC_METHOD *EC_GFp_simple_method(void);
+- const EC_METHOD *EC_GFp_mont_method(void);
+- const EC_METHOD *EC_GFp_nist_method(void);
+- const EC_METHOD *EC_GFp_nistp224_method(void);
+- const EC_METHOD *EC_GFp_nistp256_method(void);
+- const EC_METHOD *EC_GFp_nistp521_method(void);
+-
+- const EC_METHOD *EC_GF2m_simple_method(void);
+-
+- EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+- void EC_GROUP_free(EC_GROUP *group);
+- void EC_GROUP_clear_free(EC_GROUP *group);
+- int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+- EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+- const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+- int EC_METHOD_get_field_type(const EC_METHOD *meth);
+- int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+- const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+- int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+- int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+- void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+- int EC_GROUP_get_curve_name(const EC_GROUP *group);
+- void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+- int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+- void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+- point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+- unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+- size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+- size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+- int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+- int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+- int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+- int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+- int EC_GROUP_get_degree(const EC_GROUP *group);
+- int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+- int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+- int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+- EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+- EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+- EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+-
+- size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+-
+- EC_POINT *EC_POINT_new(const EC_GROUP *group);
+- void EC_POINT_free(EC_POINT *point);
+- void EC_POINT_clear_free(EC_POINT *point);
+- int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+- EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+- const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+- int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+- int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
-+ const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
- int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+- int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
- const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
-+ const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
- int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+- int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-+ const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
- int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+- int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
- const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-+ const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
- int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+- int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
- const BIGNUM *x, int y_bit, BN_CTX *ctx);
-+ const BIGNUM *x, int y_bit, BN_CTX *ctx);
- int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+- int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-+ const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
- int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+- int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
- const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-+ const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
- int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+- int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
- const BIGNUM *x, int y_bit, BN_CTX *ctx);
-+ const BIGNUM *x, int y_bit, BN_CTX *ctx);
- size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+- size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
- point_conversion_form_t form,
-+ point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *ctx);
- int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
- const unsigned char *buf, size_t len, BN_CTX *ctx);
- BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
+- unsigned char *buf, size_t len, BN_CTX *ctx);
+- int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+- const unsigned char *buf, size_t len, BN_CTX *ctx);
+- BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
- point_conversion_form_t form, BIGNUM *, BN_CTX *);
-+ point_conversion_form_t form, BIGNUM *, BN_CTX *);
- EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
+- EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
- EC_POINT *, BN_CTX *);
-+ EC_POINT *, BN_CTX *);
- char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
+- char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
- point_conversion_form_t form, BN_CTX *);
-+ point_conversion_form_t form, BN_CTX *);
- EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
+- EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
- EC_POINT *, BN_CTX *);
-+ EC_POINT *, BN_CTX *);
-
- int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
- int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
-@@ -104,8 +104,8 @@ ec - Elliptic Curve functions
-
- int EC_GROUP_get_basis_type(const EC_GROUP *);
- int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+-
+- int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+- int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+- int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+- int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+- int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+- int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+- int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+- int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
+- int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+- int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+- int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+- int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+-
+- int EC_GROUP_get_basis_type(const EC_GROUP *);
+- int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
- int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
- unsigned int *k2, unsigned int *k3);
-+ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
-+ unsigned int *k2, unsigned int *k3);
- EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
- int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
- #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-@@ -113,7 +113,7 @@ ec - Elliptic Curve functions
- #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
- #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
+- EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
+- int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
+- #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
+- #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
+- #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
+- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
+- #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
- (unsigned char *)(x))
-+ (unsigned char *)(x))
- int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
- int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-
-@@ -150,14 +150,14 @@ ec - Elliptic Curve functions
-
- EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
- int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
+- int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+- int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+-
+- EC_KEY *EC_KEY_new(void);
+- int EC_KEY_get_flags(const EC_KEY *key);
+- void EC_KEY_set_flags(EC_KEY *key, int flags);
+- void EC_KEY_clear_flags(EC_KEY *key, int flags);
+- EC_KEY *EC_KEY_new_by_curve_name(int nid);
+- void EC_KEY_free(EC_KEY *key);
+- EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+- EC_KEY *EC_KEY_dup(const EC_KEY *src);
+- int EC_KEY_up_ref(EC_KEY *key);
+- const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+- int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+- const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+- int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+- const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+- int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+- unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
+- void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+- point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+- void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+- void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+- int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+- int EC_KEY_generate_key(EC_KEY *key);
+- int EC_KEY_check_key(const EC_KEY *key);
+- int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+-
+- EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+- int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+-
+- EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+- int i2d_ECParameters(EC_KEY *key, unsigned char **out);
+-
+- EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+- int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
- int ECParameters_print(BIO *bp, const EC_KEY *key);
- int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
- int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
- int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
-+ int ECParameters_print(BIO *bp, const EC_KEY *key);
-+ int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
-+ int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
-+ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
- #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
- #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
+- #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
+- #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
-+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
-+ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
- const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
- int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
-
-@@ -195,4 +195,13 @@ L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
- L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
-
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+- const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+- int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+-
+-=head1 DESCRIPTION
+-
+-This library provides an extensive set of functions for performing operations on elliptic curves over finite fields.
+-In general an elliptic curve is one with an equation of the form:
+-
+-y^2 = x^3 + ax + b
+-
+-An B<EC_GROUP> structure is used to represent the definition of an elliptic curve. Points on a curve are stored using an
+-B<EC_POINT> structure. An B<EC_KEY> is used to hold a private/public key pair, where a private key is simply a BIGNUM and a
+-public key is a point on a curve (represented by an B<EC_POINT>).
+-
+-The library contains a number of alternative implementations of the different functions. Each implementation is optimised
+-for different scenarios. No matter which implementation is being used, the interface remains the same. The library
+-handles calling the correct implementation when an interface function is invoked. An implementation is represented by
+-an B<EC_METHOD> structure.
+-
+-The creation and destruction of B<EC_GROUP> objects is described in L<EC_GROUP_new(3)>. Functions for
+-manipulating B<EC_GROUP> objects are described in L<EC_GROUP_copy(3)>.
+-
+-Functions for creating, destroying and manipulating B<EC_POINT> objects are explained in L<EC_POINT_new(3)>,
+-whilst functions for performing mathematical operations and tests on B<EC_POINTs> are covered in L<EC_POINT_add(3)>.
+-
+-For working with private and public keys refer to L<EC_KEY_new(3)>. Implementations are covered in
+-L<EC_GFp_simple_method(3)>.
+-
+-For information on encoding and decoding curve parameters to and from ASN1 see L<d2i_ECPKParameters(3)>.
+-
+-=head1 SEE ALSO
+-
+-L<crypto(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+-L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+-L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
+-
+-
+-=cut
diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod
-index c2e786e..0967f08 100644
+deleted file mode 100644
+index c2e786e89415..000000000000
--- a/doc/crypto/ecdsa.pod
-+++ b/doc/crypto/ecdsa.pod
-@@ -186,4 +186,13 @@ L<rsa(3)>,
- L<EVP_DigestSignInit(3)>,
- L<EVP_DigestVerifyInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
++++ /dev/null
+@@ -1,189 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size,
+-ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup,
+-ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature
+-algorithm (ECDSA) functions.
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/ecdsa.h>
+-
+- ECDSA_SIG *ECDSA_SIG_new(void);
+- void ECDSA_SIG_free(ECDSA_SIG *sig);
+- void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig);
+- int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+- ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+- int ECDSA_size(const EC_KEY *eckey);
+-
+- int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+- ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+- EC_KEY *eckey);
+-
+- int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+- const unsigned char *sig, int siglen, EC_KEY *eckey);
+- int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+- const ECDSA_SIG *sig, EC_KEY* eckey);
+-
+- ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+- const BIGNUM *kinv, const BIGNUM *rp,
+- EC_KEY *eckey);
+- int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+- int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+- unsigned char *sig, unsigned int *siglen,
+- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+-
+-=head1 DESCRIPTION
+-
+-Note: these functions provide a low level interface to ECDSA. Most
+-applications should use the higher level B<EVP> interface such as
+-L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead.
+-
+-B<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the
+-B<r> and B<s> value of an ECDSA signature (see X9.62 or FIPS 186-2).
+-
+-ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
+-function also allocates the BIGNUMs) and initializes it.
+-
+-ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
+-
+-ECDSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
+-in B<sig>. The values can then be examined or initialised.
+-
+-i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B<sig> and
+-writes the encoded signature to B<*pp> (note: if B<pp> is NULL i2d_ECDSA_SIG()
+-returns the expected length in bytes of the DER encoded signature).
+-i2d_ECDSA_SIG() returns the length of the DER encoded signature (or 0 on
+-error).
+-
+-d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns the decoded
+-signature in a newly allocated B<ECDSA_SIG> structure. B<*sig> points to the
+-buffer containing the DER encoded signature of size B<len>.
+-
+-ECDSA_size() returns the maximum length of a DER encoded ECDSA signature
+-created with the private EC key B<eckey>.
+-
+-ECDSA_sign() computes a digital signature of the B<dgstlen> bytes hash value
+-B<dgst> using the private EC key B<eckey>. The DER encoded signatures is
+-stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig> must
+-point to ECDSA_size(eckey) bytes of memory. The parameter B<type> is currently
+-ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with B<kinv>
+-and B<rp> set to NULL.
+-
+-ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned
+-as a newly allocated B<ECDSA_SIG> structure (or NULL on error). ECDSA_do_sign()
+-is a wrapper function for ECDSA_do_sign_ex() with B<kinv> and B<rp> set to
+-NULL.
+-
+-ECDSA_verify() verifies that the signature in B<sig> of size B<siglen> is a
+-valid ECDSA signature of the hash value B<dgst> of size B<dgstlen> using the
+-public key B<eckey>. The parameter B<type> is ignored.
+-
+-ECDSA_do_verify() is similar to ECDSA_verify() except the signature is
+-presented in the form of a pointer to an B<ECDSA_SIG> structure.
+-
+-The remaining functions utilise the internal B<kinv> and B<r> values used
+-during signature computation. Most applications will never need to call these
+-and some external ECDSA ENGINE implementations may not support them at all if
+-either B<kinv> or B<r> is not B<NULL>.
+-
+-ECDSA_sign_setup() may be used to precompute parts of the signing operation.
+-B<eckey> is the private EC key and B<ctx> is a pointer to B<BN_CTX> structure
+-(or NULL). The precomputed values or returned in B<kinv> and B<rp> and can be
+-used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
+-
+-ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes hash value
+-B<dgst> using the private EC key B<eckey> and the optional pre-computed values
+-B<kinv> and B<rp>. The DER encoded signatures is stored in B<sig> and it's
+-length is returned in B<sig_len>. Note: B<sig> must point to ECDSA_size(eckey)
+-bytes of memory. The parameter B<type> is ignored.
+-
+-ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is
+-returned as a newly allocated B<ECDSA_SIG> structure (or NULL on error).
+-
+-=head1 RETURN VALUES
+-
+-ECDSA_size() returns the maximum length signature or 0 on error.
+-
+-ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful
+-or 0 on error.
+-
+-ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated
+-B<ECDSA_SIG> structure or NULL on error.
+-
+-ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
+-signature, 0 for an invalid signature and -1 on error.
+-The error codes can be obtained by L<ERR_get_error(3)>.
+-
+-=head1 EXAMPLES
+-
+-Creating an ECDSA signature of a given SHA-256 hash value using the
+-named curve prime256v1 (aka P-256).
+-
+-First step: create an EC_KEY object (note: this part is B<not> ECDSA
+-specific)
+-
+- int ret;
+- ECDSA_SIG *sig;
+- EC_KEY *eckey;
+- eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+- if (eckey == NULL) {
+- /* error */
+- }
+- if (EC_KEY_generate_key(eckey) == 0) {
+- /* error */
+- }
+-
+-Second step: compute the ECDSA signature of a SHA-256 hash value
+-using ECDSA_do_sign():
+-
+- sig = ECDSA_do_sign(digest, 32, eckey);
+- if (sig == NULL) {
+- /* error */
+- }
+-
+-or using ECDSA_sign():
+-
+- unsigned char *buffer, *pp;
+- int buf_len;
+- buf_len = ECDSA_size(eckey);
+- buffer = OPENSSL_malloc(buf_len);
+- pp = buffer;
+- if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
+- /* error */
+- }
+-
+-Third step: verify the created ECDSA signature using ECDSA_do_verify():
+-
+- ret = ECDSA_do_verify(digest, 32, sig, eckey);
+-
+-or using ECDSA_verify():
+-
+- ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
+-
+-and finally evaluate the return value:
+-
+- if (ret == 1) {
+- /* signature ok */
+- } else if (ret == 0) {
+- /* incorrect signature */
+- } else {
+- /* error */
+- }
+-
+-=head1 CONFORMING TO
+-
+-ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
+-(Digital Signature Standard, DSS)
+-
+-=head1 SEE ALSO
+-
+-L<dsa(3)>,
+-L<rsa(3)>,
+-L<EVP_DigestSignInit(3)>,
+-L<EVP_DigestVerifyInit(3)>
+-
+-=cut
diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
-index 8d1b3df..df12d59 100644
+deleted file mode 100644
+index 8d1b3dfc31f0..000000000000
--- a/doc/crypto/engine.pod
-+++ b/doc/crypto/engine.pod
-@@ -444,7 +444,7 @@ boolean success or failure.
- ENGINE_free(e);
- return 0;
- }
++++ /dev/null
+@@ -1,566 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-engine - ENGINE cryptographic module support
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/engine.h>
+-
+- ENGINE *ENGINE_get_first(void);
+- ENGINE *ENGINE_get_last(void);
+- ENGINE *ENGINE_get_next(ENGINE *e);
+- ENGINE *ENGINE_get_prev(ENGINE *e);
+-
+- int ENGINE_add(ENGINE *e);
+- int ENGINE_remove(ENGINE *e);
+-
+- ENGINE *ENGINE_by_id(const char *id);
+-
+- int ENGINE_init(ENGINE *e);
+- int ENGINE_finish(ENGINE *e);
+-
+- void ENGINE_load_builtin_engines(void);
+-
+- ENGINE *ENGINE_get_default_RSA(void);
+- ENGINE *ENGINE_get_default_DSA(void);
+- ENGINE *ENGINE_get_default_ECDH(void);
+- ENGINE *ENGINE_get_default_ECDSA(void);
+- ENGINE *ENGINE_get_default_DH(void);
+- ENGINE *ENGINE_get_default_RAND(void);
+- ENGINE *ENGINE_get_cipher_engine(int nid);
+- ENGINE *ENGINE_get_digest_engine(int nid);
+-
+- int ENGINE_set_default_RSA(ENGINE *e);
+- int ENGINE_set_default_DSA(ENGINE *e);
+- int ENGINE_set_default_ECDH(ENGINE *e);
+- int ENGINE_set_default_ECDSA(ENGINE *e);
+- int ENGINE_set_default_DH(ENGINE *e);
+- int ENGINE_set_default_RAND(ENGINE *e);
+- int ENGINE_set_default_ciphers(ENGINE *e);
+- int ENGINE_set_default_digests(ENGINE *e);
+- int ENGINE_set_default_string(ENGINE *e, const char *list);
+-
+- int ENGINE_set_default(ENGINE *e, unsigned int flags);
+-
+- unsigned int ENGINE_get_table_flags(void);
+- void ENGINE_set_table_flags(unsigned int flags);
+-
+- int ENGINE_register_RSA(ENGINE *e);
+- void ENGINE_unregister_RSA(ENGINE *e);
+- void ENGINE_register_all_RSA(void);
+- int ENGINE_register_DSA(ENGINE *e);
+- void ENGINE_unregister_DSA(ENGINE *e);
+- void ENGINE_register_all_DSA(void);
+- int ENGINE_register_ECDH(ENGINE *e);
+- void ENGINE_unregister_ECDH(ENGINE *e);
+- void ENGINE_register_all_ECDH(void);
+- int ENGINE_register_ECDSA(ENGINE *e);
+- void ENGINE_unregister_ECDSA(ENGINE *e);
+- void ENGINE_register_all_ECDSA(void);
+- int ENGINE_register_DH(ENGINE *e);
+- void ENGINE_unregister_DH(ENGINE *e);
+- void ENGINE_register_all_DH(void);
+- int ENGINE_register_RAND(ENGINE *e);
+- void ENGINE_unregister_RAND(ENGINE *e);
+- void ENGINE_register_all_RAND(void);
+- int ENGINE_register_ciphers(ENGINE *e);
+- void ENGINE_unregister_ciphers(ENGINE *e);
+- void ENGINE_register_all_ciphers(void);
+- int ENGINE_register_digests(ENGINE *e);
+- void ENGINE_unregister_digests(ENGINE *e);
+- void ENGINE_register_all_digests(void);
+- int ENGINE_register_complete(ENGINE *e);
+- int ENGINE_register_all_complete(void);
+-
+- int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+- int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+- int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+- long i, void *p, void (*f)(void), int cmd_optional);
+- int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+- int cmd_optional);
+-
+- ENGINE *ENGINE_new(void);
+- int ENGINE_free(ENGINE *e);
+- int ENGINE_up_ref(ENGINE *e);
+-
+- int ENGINE_set_id(ENGINE *e, const char *id);
+- int ENGINE_set_name(ENGINE *e, const char *name);
+- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+- int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
+- int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
+- int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+- int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+- int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+- int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+- int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+- int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+- int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+- int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+- int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+- int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+- int ENGINE_set_flags(ENGINE *e, int flags);
+- int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+-
+- const char *ENGINE_get_id(const ENGINE *e);
+- const char *ENGINE_get_name(const ENGINE *e);
+- const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+- const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+- const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
+- const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+- const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+- const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+- ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+- ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+- ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+- ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+- ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+- const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+- const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+- int ENGINE_get_flags(const ENGINE *e);
+- const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+-
+- EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+- UI_METHOD *ui_method, void *callback_data);
+- EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+- UI_METHOD *ui_method, void *callback_data);
+-
+- void ENGINE_add_conf_module(void);
+-
+-Deprecated:
+-
+- #if OPENSSL_API_COMPAT < 0x10100000L
+- void ENGINE_cleanup(void)
+- #endif
+-
+-=head1 DESCRIPTION
+-
+-These functions create, manipulate, and use cryptographic modules in the
+-form of B<ENGINE> objects. These objects act as containers for
+-implementations of cryptographic algorithms, and support a
+-reference-counted mechanism to allow them to be dynamically loaded in and
+-out of the running application.
+-
+-The cryptographic functionality that can be provided by an B<ENGINE>
+-implementation includes the following abstractions;
+-
+- RSA_METHOD - for providing alternative RSA implementations
+- DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+- - similarly for other OpenSSL APIs
+- EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+- EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+- key-loading - loading public and/or private EVP_PKEY keys
+-
+-=head2 Reference counting and handles
+-
+-Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
+-treated as handles - ie. not only as pointers, but also as references to
+-the underlying ENGINE object. Ie. one should obtain a new reference when
+-making copies of an ENGINE pointer if the copies will be used (and
+-released) independently.
+-
+-ENGINE objects have two levels of reference-counting to match the way in
+-which the objects are used. At the most basic level, each ENGINE pointer is
+-inherently a B<structural> reference - a structural reference is required
+-to use the pointer value at all, as this kind of reference is a guarantee
+-that the structure can not be deallocated until the reference is released.
+-
+-However, a structural reference provides no guarantee that the ENGINE is
+-initialised and able to use any of its cryptographic
+-implementations. Indeed it's quite possible that most ENGINEs will not
+-initialise at all in typical environments, as ENGINEs are typically used to
+-support specialised hardware. To use an ENGINE's functionality, you need a
+-B<functional> reference. This kind of reference can be considered a
+-specialised form of structural reference, because each functional reference
+-implicitly contains a structural reference as well - however to avoid
+-difficult-to-find programming bugs, it is recommended to treat the two
+-kinds of reference independently. If you have a functional reference to an
+-ENGINE, you have a guarantee that the ENGINE has been initialised and
+-is ready to perform cryptographic operations, and will remain initialised
+-until after you have released your reference.
+-
+-I<Structural references>
+-
+-This basic type of reference is used for instantiating new ENGINEs,
+-iterating across OpenSSL's internal linked-list of loaded
+-ENGINEs, reading information about an ENGINE, etc. Essentially a structural
+-reference is sufficient if you only need to query or manipulate the data of
+-an ENGINE implementation rather than use its functionality.
+-
+-The ENGINE_new() function returns a structural reference to a new (empty)
+-ENGINE object. There are other ENGINE API functions that return structural
+-references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
+-ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
+-released by a corresponding to call to the ENGINE_free() function - the
+-ENGINE object itself will only actually be cleaned up and deallocated when
+-the last structural reference is released.
+-
+-It should also be noted that many ENGINE API function calls that accept a
+-structural reference will internally obtain another reference - typically
+-this happens whenever the supplied ENGINE will be needed by OpenSSL after
+-the function has returned. Eg. the function to add a new ENGINE to
+-OpenSSL's internal list is ENGINE_add() - if this function returns success,
+-then OpenSSL will have stored a new structural reference internally so the
+-caller is still responsible for freeing their own reference with
+-ENGINE_free() when they are finished with it. In a similar way, some
+-functions will automatically release the structural reference passed to it
+-if part of the function's job is to do so. Eg. the ENGINE_get_next() and
+-ENGINE_get_prev() functions are used for iterating across the internal
+-ENGINE list - they will return a new structural reference to the next (or
+-previous) ENGINE in the list or NULL if at the end (or beginning) of the
+-list, but in either case the structural reference passed to the function is
+-released on behalf of the caller.
+-
+-To clarify a particular function's handling of references, one should
+-always consult that function's documentation "man" page, or failing that
+-the openssl/engine.h header file includes some hints.
+-
+-I<Functional references>
+-
+-As mentioned, functional references exist when the cryptographic
+-functionality of an ENGINE is required to be available. A functional
+-reference can be obtained in one of two ways; from an existing structural
+-reference to the required ENGINE, or by asking OpenSSL for the default
+-operational ENGINE for a given cryptographic purpose.
+-
+-To obtain a functional reference from an existing structural reference,
+-call the ENGINE_init() function. This returns zero if the ENGINE was not
+-already operational and couldn't be successfully initialised (eg. lack of
+-system drivers, no special hardware attached, etc), otherwise it will
+-return non-zero to indicate that the ENGINE is now operational and will
+-have allocated a new B<functional> reference to the ENGINE. All functional
+-references are released by calling ENGINE_finish() (which removes the
+-implicit structural reference as well).
+-
+-The second way to get a functional reference is by asking OpenSSL for a
+-default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+-ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
+-section, though they are not usually required by application programmers as
+-they are used automatically when creating and using the relevant
+-algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
+-
+-=head2 Default implementations
+-
+-For each supported abstraction, the ENGINE code maintains an internal table
+-of state to control which implementations are available for a given
+-abstraction and which should be used by default. These implementations are
+-registered in the tables and indexed by an 'nid' value, because
+-abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
+-algorithms and modes, and ENGINEs can support arbitrarily many of them.
+-In the case of other abstractions like RSA, DSA, etc, there is only one
+-"algorithm" so all implementations implicitly register using the same 'nid'
+-index.
+-
+-When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
+-when calling RSA_new_method(NULL)), a "get_default" call will be made to the
+-ENGINE subsystem to process the corresponding state table and return a
+-functional reference to an initialised ENGINE whose implementation should be
+-used. If no ENGINE should (or can) be used, it will return NULL and the caller
+-will operate with a NULL ENGINE handle - this usually equates to using the
+-conventional software implementation. In the latter case, OpenSSL will from
+-then on behave the way it used to before the ENGINE API existed.
+-
+-Each state table has a flag to note whether it has processed this
+-"get_default" query since the table was last modified, because to process
+-this question it must iterate across all the registered ENGINEs in the
+-table trying to initialise each of them in turn, in case one of them is
+-operational. If it returns a functional reference to an ENGINE, it will
+-also cache another reference to speed up processing future queries (without
+-needing to iterate across the table). Likewise, it will cache a NULL
+-response if no ENGINE was available so that future queries won't repeat the
+-same iteration unless the state table changes. This behaviour can also be
+-changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
+-ENGINE_set_table_flags()), no attempted initialisations will take place,
+-instead the only way for the state table to return a non-NULL ENGINE to the
+-"get_default" query will be if one is expressly set in the table. Eg.
+-ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
+-that it also sets the state table's cached response for the "get_default"
+-query. In the case of abstractions like EVP_CIPHER, where implementations are
+-indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
+-value.
+-
+-=head2 Application requirements
+-
+-This section will explain the basic things an application programmer should
+-support to make the most useful elements of the ENGINE functionality
+-available to the user. The first thing to consider is whether the
+-programmer wishes to make alternative ENGINE modules available to the
+-application and user. OpenSSL maintains an internal linked list of
+-"visible" ENGINEs from which it has to operate - at start-up, this list is
+-empty and in fact if an application does not call any ENGINE API calls and
+-it uses static linking against openssl, then the resulting application
+-binary will not contain any alternative ENGINE code at all. So the first
+-consideration is whether any/all available ENGINE implementations should be
+-made visible to OpenSSL - this is controlled by calling the various "load"
+-functions.
+-
+-Having called any of these functions, ENGINE objects would have been
+-dynamically allocated and populated with these implementations and linked
+-into OpenSSL's internal linked list. At this point it is important to
+-mention an important API function;
+-
+- void ENGINE_cleanup(void)
+-
+-If no ENGINE API functions are called at all in an application, then there
+-are no inherent memory leaks to worry about from the ENGINE functionality.
+-However, prior to OpenSSL 1.1.0 if any ENGINEs are loaded, even if they are
+-never registered or used, it was necessary to use the ENGINE_cleanup() function
+-to correspondingly cleanup before program exit, if the caller wishes to avoid
+-memory leaks. This mechanism used an internal callback registration table
+-so that any ENGINE API functionality that knows it requires cleanup can
+-register its cleanup details to be called during ENGINE_cleanup(). This
+-approach allowed ENGINE_cleanup() to clean up after any ENGINE functionality
+-at all that your program uses, yet doesn't automatically create linker
+-dependencies to all possible ENGINE functionality - only the cleanup
+-callbacks required by the functionality you do use will be required by the
+-linker. From OpenSSL 1.1.0 it is no longer necessary to explicitly call
+-ENGINE_cleanup and this function is deprecated. Cleanup automatically takes
+-place at program exit.
+-
+-The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+-the program and loaded into memory at run-time) does not mean they are
+-"registered" or called into use by OpenSSL automatically - that behaviour
+-is something for the application to control. Some applications
+-will want to allow the user to specify exactly which ENGINE they want used
+-if any is to be used at all. Others may prefer to load all support and have
+-OpenSSL automatically use at run-time any ENGINE that is able to
+-successfully initialise - ie. to assume that this corresponds to
+-acceleration hardware attached to the machine or some such thing. There are
+-probably numerous other ways in which applications may prefer to handle
+-things, so we will simply illustrate the consequences as they apply to a
+-couple of simple cases and leave developers to consider these and the
+-source code to openssl's builtin utilities as guides.
+-
+-I<Using a specific ENGINE implementation>
+-
+-Here we'll assume an application has been configured by its user or admin
+-to want to use the "ACME" ENGINE if it is available in the version of
+-OpenSSL the application was compiled with. If it is available, it should be
+-used by default for all RSA, DSA, and symmetric cipher operations, otherwise
+-OpenSSL should use its builtin software as per usual. The following code
+-illustrates how to approach this;
+-
+- ENGINE *e;
+- const char *engine_id = "ACME";
+- ENGINE_load_builtin_engines();
+- e = ENGINE_by_id(engine_id);
+- if(!e)
+- /* the engine isn't available */
+- return;
+- if(!ENGINE_init(e)) {
+- /* the engine couldn't initialise, release 'e' */
+- ENGINE_free(e);
+- return;
+- }
+- if(!ENGINE_set_default_RSA(e))
+- /* This should only happen when 'e' can't initialise, but the previous
+- * statement suggests it did. */
+- abort();
+- ENGINE_set_default_DSA(e);
+- ENGINE_set_default_ciphers(e);
+- /* Release the functional reference from ENGINE_init() */
+- ENGINE_finish(e);
+- /* Release the structural reference from ENGINE_by_id() */
+- ENGINE_free(e);
+-
+-I<Automatically using builtin ENGINE implementations>
+-
+-Here we'll assume we want to load and register all ENGINE implementations
+-bundled with OpenSSL, such that for any cryptographic algorithm required by
+-OpenSSL - if there is an ENGINE that implements it and can be initialised,
+-it should be used. The following code illustrates how this can work;
+-
+- /* Load all bundled ENGINEs into memory and make them visible */
+- ENGINE_load_builtin_engines();
+- /* Register all of them for every algorithm they collectively implement */
+- ENGINE_register_all_complete();
+-
+-That's all that's required. Eg. the next time OpenSSL tries to set up an
+-RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
+-ENGINE_init() and if any of those succeed, that ENGINE will be set as the
+-default for RSA use from then on.
+-
+-=head2 Advanced configuration support
+-
+-There is a mechanism supported by the ENGINE framework that allows each
+-ENGINE implementation to define an arbitrary set of configuration
+-"commands" and expose them to OpenSSL and any applications based on
+-OpenSSL. This mechanism is entirely based on the use of name-value pairs
+-and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
+-applications want to provide a transparent way for users to provide
+-arbitrary configuration "directives" directly to such ENGINEs. It is also
+-possible for the application to dynamically interrogate the loaded ENGINE
+-implementations for the names, descriptions, and input flags of their
+-available "control commands", providing a more flexible configuration
+-scheme. However, if the user is expected to know which ENGINE device he/she
+-is using (in the case of specialised hardware, this goes without saying)
+-then applications may not need to concern themselves with discovering the
+-supported control commands and simply prefer to pass settings into ENGINEs
+-exactly as they are provided by the user.
+-
+-Before illustrating how control commands work, it is worth mentioning what
+-they are typically used for. Broadly speaking there are two uses for
+-control commands; the first is to provide the necessary details to the
+-implementation (which may know nothing at all specific to the host system)
+-so that it can be initialised for use. This could include the path to any
+-driver or config files it needs to load, required network addresses,
+-smart-card identifiers, passwords to initialise protected devices,
+-logging information, etc etc. This class of commands typically needs to be
+-passed to an ENGINE B<before> attempting to initialise it, ie. before
+-calling ENGINE_init(). The other class of commands consist of settings or
+-operations that tweak certain behaviour or cause certain operations to take
+-place, and these commands may work either before or after ENGINE_init(), or
+-in some cases both. ENGINE implementations should provide indications of
+-this in the descriptions attached to builtin control commands and/or in
+-external product documentation.
+-
+-I<Issuing control commands to an ENGINE>
+-
+-Let's illustrate by example; a function for which the caller supplies the
+-name of the ENGINE it wishes to use, a table of string-pairs for use before
+-initialisation, and another table for use after initialisation. Note that
+-the string-pairs used for control commands consist of a command "name"
+-followed by the command "parameter" - the parameter could be NULL in some
+-cases but the name can not. This function should initialise the ENGINE
+-(issuing the "pre" commands beforehand and the "post" commands afterwards)
+-and set it as the default for everything except RAND and then return a
+-boolean success or failure.
+-
+- int generic_load_engine_fn(const char *engine_id,
+- const char **pre_cmds, int pre_num,
+- const char **post_cmds, int post_num)
+- {
+- ENGINE *e = ENGINE_by_id(engine_id);
+- if(!e) return 0;
+- while(pre_num--) {
+- if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+- fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+- pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+- ENGINE_free(e);
+- return 0;
+- }
- pre_cmds += 2;
-+ pre_cmds += 2;
- }
- if(!ENGINE_init(e)) {
- fprintf(stderr, "Failed initialisation\n");
-@@ -461,7 +461,7 @@ boolean success or failure.
- ENGINE_finish(e);
- return 0;
- }
+- }
+- if(!ENGINE_init(e)) {
+- fprintf(stderr, "Failed initialisation\n");
+- ENGINE_free(e);
+- return 0;
+- }
+- /* ENGINE_init() returned a functional reference, so free the structural
+- * reference from ENGINE_by_id(). */
+- ENGINE_free(e);
+- while(post_num--) {
+- if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+- fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+- post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+- ENGINE_finish(e);
+- return 0;
+- }
- post_cmds += 2;
-+ post_cmds += 2;
- }
- ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
- /* Success */
-@@ -491,15 +491,15 @@ OpenSSL core routines.
- It is using these "core" control commands that one can discover the control
- commands implemented by a given ENGINE, specifically the commands;
-
+- }
+- ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+- /* Success */
+- return 1;
+- }
+-
+-Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
+-relax the semantics of the function - if set non-zero it will only return
+-failure if the ENGINE supported the given command name but failed while
+-executing it, if the ENGINE doesn't support the command name it will simply
+-return success without doing anything. In this case we assume the user is
+-only supplying commands specific to the given ENGINE so we set this to
+-FALSE.
+-
+-I<Discovering supported control commands>
+-
+-It is possible to discover at run-time the names, numerical-ids, descriptions
+-and input parameters of the control commands supported by an ENGINE using a
+-structural reference. Note that some control commands are defined by OpenSSL
+-itself and it will intercept and handle these control commands on behalf of the
+-ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
+-openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
+-implemented by ENGINEs should be numbered from. Any command value lower than
+-this symbol is considered a "generic" command is handled directly by the
+-OpenSSL core routines.
+-
+-It is using these "core" control commands that one can discover the control
+-commands implemented by a given ENGINE, specifically the commands;
+-
- #define ENGINE_HAS_CTRL_FUNCTION 10
- #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
- #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
@@ -95487,125 +110626,288 @@
- #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
- #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
- #define ENGINE_CTRL_GET_CMD_FLAGS 18
-+ #define ENGINE_HAS_CTRL_FUNCTION 10
-+ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
-+ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
-+ #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
-+ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
-+ #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
-+ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
-+ #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
-+ #define ENGINE_CTRL_GET_CMD_FLAGS 18
-
- Whilst these commands are automatically processed by the OpenSSL framework code,
- they use various properties exposed by each ENGINE to process these
-@@ -535,10 +535,10 @@ or populate a supplied character buffer with a copy of the command name or
- description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
- possible values;
-
+-
+-Whilst these commands are automatically processed by the OpenSSL framework code,
+-they use various properties exposed by each ENGINE to process these
+-queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
+-it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
+-the ENGINE's flags, and it can expose an array of control command descriptions.
+-If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
+-simply pass all these "core" control commands directly to the ENGINE's ctrl()
+-handler (and thus, it must have supplied one), so it is up to the ENGINE to
+-reply to these "discovery" commands itself. If that flag is not set, then the
+-OpenSSL framework code will work with the following rules;
+-
+- if no ctrl() handler supplied;
+- ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+- all other commands fail.
+- if a ctrl() handler was supplied but no array of control commands;
+- ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+- all other commands fail.
+- if a ctrl() handler and array of control commands was supplied;
+- ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+- all other commands proceed processing ...
+-
+-If the ENGINE's array of control commands is empty then all other commands will
+-fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
+-the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
+-identifier of a command supported by the ENGINE and returns the next command
+-identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
+-name for a command and returns the corresponding identifier or fails if no such
+-command name exists, and the remaining commands take a command identifier and
+-return properties of the corresponding commands. All except
+-ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+-or populate a supplied character buffer with a copy of the command name or
+-description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
+-possible values;
+-
- #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
- #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
- #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
- #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
-+ #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
-+ #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
-+ #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
-+ #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
-
- If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
- informational to the caller - this flag will prevent the command being usable
-@@ -563,4 +563,13 @@ ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and
- ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by
- OPENSSL_init_crypto().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+-informational to the caller - this flag will prevent the command being usable
+-for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
+-"INTERNAL" commands are not intended to be exposed to text-based configuration
+-by applications, administrations, users, etc. These can support arbitrary
+-operations via ENGINE_ctrl(), including passing to and/or from the control
+-commands data of any arbitrary type. These commands are supported in the
+-discovery mechanisms simply to allow applications to determine if an ENGINE
+-supports certain specific commands it might want to use (eg. application "foo"
+-might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
+-and ENGINE could therefore decide whether or not to support this "foo"-specific
+-extension).
+-
+-=head1 SEE ALSO
+-
+-L<OPENSSL_init_crypto(3)>, L<rsa(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
+-
+-=head1 HISTORY
+-
+-ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and
+-ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by
+-OPENSSL_init_crypto().
+-
+-=cut
diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
-index 33cb19d..b57798e 100644
+deleted file mode 100644
+index 33cb19d0cf43..000000000000
--- a/doc/crypto/err.pod
-+++ b/doc/crypto/err.pod
-@@ -22,7 +22,6 @@ err - error codes
- int ERR_GET_REASON(unsigned long e);
-
- void ERR_clear_error(void);
++++ /dev/null
+@@ -1,199 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-err - error codes
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/err.h>
+-
+- unsigned long ERR_get_error(void);
+- unsigned long ERR_peek_error(void);
+- unsigned long ERR_get_error_line(const char **file, int *line);
+- unsigned long ERR_peek_error_line(const char **file, int *line);
+- unsigned long ERR_get_error_line_data(const char **file, int *line,
+- const char **data, int *flags);
+- unsigned long ERR_peek_error_line_data(const char **file, int *line,
+- const char **data, int *flags);
+-
+- int ERR_GET_LIB(unsigned long e);
+- int ERR_GET_FUNC(unsigned long e);
+- int ERR_GET_REASON(unsigned long e);
+-
+- void ERR_clear_error(void);
- void ERR_remove_thread_state(void);
-
- char *ERR_error_string(unsigned long e, char *buf);
- const char *ERR_lib_error_string(unsigned long e);
-@@ -49,6 +48,10 @@ Deprecated:
- #endif
-
- #if OPENSSL_API_COMPAT < 0x10100000L
-+ void ERR_remove_thread_state(void *);
-+ #endif
-+
-+ #if OPENSSL_API_COMPAT < 0x10100000L
- void ERR_free_strings(void)
- #endif
-
-@@ -71,9 +74,6 @@ messages is described in L<ERR_error_string(3)>.
- L<ERR_clear_error(3)> can be used to clear the
- error queue.
-
+-
+- char *ERR_error_string(unsigned long e, char *buf);
+- const char *ERR_lib_error_string(unsigned long e);
+- const char *ERR_func_error_string(unsigned long e);
+- const char *ERR_reason_error_string(unsigned long e);
+-
+- void ERR_print_errors(BIO *bp);
+- void ERR_print_errors_fp(FILE *fp);
+-
+- void ERR_load_crypto_strings(void);
+-
+- void ERR_put_error(int lib, int func, int reason, const char *file,
+- int line);
+- void ERR_add_error_data(int num, ...);
+-
+- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+- unsigned long ERR_PACK(int lib, int func, int reason);
+- int ERR_get_next_error_library(void);
+-
+-Deprecated:
+-
+- #if OPENSSL_API_COMPAT < 0x10000000L
+- void ERR_remove_state(unsigned long pid);
+- #endif
+-
+- #if OPENSSL_API_COMPAT < 0x10100000L
+- void ERR_free_strings(void)
+- #endif
+-
+-
+-=head1 DESCRIPTION
+-
+-When a call to the OpenSSL library fails, this is usually signaled
+-by the return value, and an error code is stored in an error queue
+-associated with the current thread. The B<err> library provides
+-functions to obtain these error codes and textual error messages.
+-
+-The L<ERR_get_error(3)> manpage describes how to
+-access error codes.
+-
+-Error codes contain information about where the error occurred, and
+-what went wrong. L<ERR_GET_LIB(3)> describes how to
+-extract this information. A method to obtain human-readable error
+-messages is described in L<ERR_error_string(3)>.
+-
+-L<ERR_clear_error(3)> can be used to clear the
+-error queue.
+-
-Note that L<ERR_remove_thread_state(3)> should be used to
-avoid memory leaks when threads are terminated.
-
- =head1 ADDING NEW ERROR CODES TO OPENSSL
-
- See L<ERR_put_error(3)> if you want to record error codes in the
-@@ -119,7 +119,7 @@ name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
- C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
- (in B<crypto/err/err_all.c>). Finally, add an entry
-
+-=head1 ADDING NEW ERROR CODES TO OPENSSL
+-
+-See L<ERR_put_error(3)> if you want to record error codes in the
+-OpenSSL error system from within your application.
+-
+-The remainder of this section is of interest only if you want to add
+-new error codes to OpenSSL or add error codes from external libraries.
+-
+-=head2 Reporting errors
+-
+-Each sub-library has a specific macro XXXerr() that is used to report
+-errors. Its first argument is a function code B<XXX_F_...>, the second
+-argument is a reason code B<XXX_R_...>. Function codes are derived
+-from the function names; reason codes consist of textual error
+-descriptions. For example, the function ssl3_read_bytes() reports a
+-"handshake failure" as follows:
+-
+- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+-
+-Function and reason codes should consist of upper case characters,
+-numbers and underscores only. The error file generation script translates
+-function codes into function names by looking in the header files
+-for an appropriate function name, if none is found it just uses
+-the capitalized form such as "SSL3_READ_BYTES" in the above example.
+-
+-The trailing section of a reason code (after the "_R_") is translated
+-into lower case and underscores changed to spaces.
+-
+-When you are using new function or reason codes, run B<make errors>.
+-The necessary B<#define>s will then automatically be added to the
+-sub-library's header file.
+-
+-Although a library will normally report errors using its own specific
+-XXXerr macro, another library's macro can be used. This is normally
+-only done when a library wants to include ASN1 code which must use
+-the ASN1err() macro.
+-
+-=head2 Adding new libraries
+-
+-When adding a new sub-library to OpenSSL, assign it a library number
+-B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
+-name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
+-C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
+-(in B<crypto/err/err_all.c>). Finally, add an entry
+-
- L XXX xxx.h xxx_err.c
-+ L XXX xxx.h xxx_err.c
-
- to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
- Running B<make errors> will then generate a file B<xxx_err.c>, and
-@@ -164,8 +164,6 @@ the header file and generate the C error code file. This will normally
- be done if the external library needs to generate new ASN1 structures
- but it can also be used to add more general purpose error code handling.
-
+-
+-to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
+-Running B<make errors> will then generate a file B<xxx_err.c>, and
+-add all error codes used in the library to B<xxx.h>.
+-
+-Additionally the library include file must have a certain form.
+-Typically it will initially look like this:
+-
+- #ifndef HEADER_XXX_H
+- #define HEADER_XXX_H
+-
+- #ifdef __cplusplus
+- extern "C" {
+- #endif
+-
+- /* Include files */
+-
+- #include <openssl/bio.h>
+- #include <openssl/x509.h>
+-
+- /* Macros, structures and function prototypes */
+-
+-
+- /* BEGIN ERROR CODES */
+-
+-The B<BEGIN ERROR CODES> sequence is used by the error code
+-generation script as the point to place new error codes, any text
+-after this point will be overwritten when B<make errors> is run.
+-The closing #endif etc will be automatically added by the script.
+-
+-The generated C error code file B<xxx_err.c> will load the header
+-files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
+-header file must load any additional header files containing any
+-definitions it uses.
+-
+-=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
+-
+-It is also possible to use OpenSSL's error code scheme in external
+-libraries. The library needs to load its own codes and call the OpenSSL
+-error code insertion script B<mkerr.pl> explicitly to add codes to
+-the header file and generate the C error code file. This will normally
+-be done if the external library needs to generate new ASN1 structures
+-but it can also be used to add more general purpose error code handling.
+-
-TBA more details
-
- =head1 INTERNALS
-
- The error queues are stored in a thread-local storage with one B<ERR_STATE>
-@@ -186,7 +184,6 @@ L<ERR_clear_error(3)>,
- L<ERR_error_string(3)>,
- L<ERR_print_errors(3)>,
- L<ERR_load_crypto_strings(3)>,
+-=head1 INTERNALS
+-
+-The error queues are stored in a thread-local storage with one B<ERR_STATE>
+-entry for each thread. ERR_get_state() returns the current thread's
+-B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
+-codes. When more error codes are added, the old ones are overwritten,
+-on the assumption that the most recent errors are most important.
+-
+-Error strings are also stored in a hash table that can be obtained
+-by calling ERR_get_string_table(void).
+-
+-=head1 SEE ALSO
+-
+-L<CRYPTO_set_locking_callback(3)>,
+-L<ERR_get_error(3)>,
+-L<ERR_GET_LIB(3)>,
+-L<ERR_clear_error(3)>,
+-L<ERR_error_string(3)>,
+-L<ERR_print_errors(3)>,
+-L<ERR_load_crypto_strings(3)>,
-L<ERR_remove_thread_state(3)>,
- L<ERR_put_error(3)>,
- L<ERR_load_strings(3)>,
- L<SSL_get_error(3)>
-@@ -196,4 +193,13 @@ L<SSL_get_error(3)>
- The ERR_load_crypto_strings() function was deprecated in OpenSSL 1.1.0 by
- OPENSSL_init_crypto().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-L<ERR_put_error(3)>,
+-L<ERR_load_strings(3)>,
+-L<SSL_get_error(3)>
+-
+-=head1 HISTORY
+-
+-The ERR_load_crypto_strings() function was deprecated in OpenSSL 1.1.0 by
+-OPENSSL_init_crypto().
+-
+-=cut
diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod
-index 09870b4..c930e7d 100644
+index 09870b44326a..31f459084d00 100644
--- a/doc/crypto/evp.pod
+++ b/doc/crypto/evp.pod
-@@ -61,6 +61,10 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD
+@@ -1,5 +1,7 @@
+ =pod
+
++=for comment openssl_manual_section:7
++
+ =head1 NAME
+
+ evp - high-level cryptographic functions
+@@ -61,6 +63,10 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD
implementation. However, new applications should not typically use this (preferring, for example,
PBKDF2 from PCKS#5).
@@ -95616,7 +110918,7 @@
All the symmetric algorithms (ciphers), digests and asymmetric algorithms
(public key algorithms) can be replaced by L<engine(3)> modules providing alternative
implementations. If ENGINE implementations of ciphers or digests are registered
-@@ -71,7 +75,7 @@ implementations. For more information, consult the engine(3) man page.
+@@ -71,7 +77,7 @@ implementations. For more information, consult the engine(3) man page.
Although low level algorithm specific functions exist for many algorithms
their use is discouraged. They cannot be used with an ENGINE and ENGINE
versions of new algorithms cannot be accessed using the low level functions.
@@ -95625,7 +110927,7 @@
cleanly supported at the low level and some operations are more efficient
using the high level interface.
-@@ -84,6 +88,7 @@ L<EVP_SealInit(3)>,
+@@ -84,6 +90,7 @@ L<EVP_SealInit(3)>,
L<EVP_DigestSignInit(3)>,
L<EVP_SignInit(3)>,
L<EVP_VerifyInit(3)>,
@@ -95633,7 +110935,7 @@
L<EVP_PKEY_new(3)>,
L<EVP_PKEY_set1_RSA(3)>,
L<EVP_PKEY_keygen(3)>,
-@@ -97,4 +102,13 @@ L<EVP_PKEY_derive(3)>,
+@@ -97,4 +104,13 @@ L<EVP_PKEY_derive(3)>,
L<EVP_BytesToKey(3)>,
L<engine(3)>
@@ -95648,34 +110950,126 @@
+
=cut
diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod
-index 57c274c..cabb493 100644
+deleted file mode 100644
+index 57c274cbfe3e..000000000000
--- a/doc/crypto/hmac.pod
-+++ b/doc/crypto/hmac.pod
-@@ -16,7 +16,7 @@ HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC
- int HMAC_CTX_reset(HMAC_CTX *ctx);
-
- int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
++++ /dev/null
+@@ -1,113 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final - HMAC message authentication code
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/hmac.h>
+-
+- unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+- int key_len, const unsigned char *d, int n,
+- unsigned char *md, unsigned int *md_len);
+-
+- HMAC_CTX *HMAC_CTX_new(void);
+- int HMAC_CTX_reset(HMAC_CTX *ctx);
+-
+- int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md, ENGINE *impl);
-+ const EVP_MD *md, ENGINE *impl);
- int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
- int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-
-@@ -110,4 +110,13 @@ HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1.
- HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
- versions of OpenSSL before 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+- int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+- int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+-
+- void HMAC_CTX_free(HMAC_CTX *ctx);
+-
+-Deprecated:
+-
+- #if OPENSSL_API_COMPAT < 0x10100000L
+- int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+- const EVP_MD *md);
+- #endif
+-
+-=head1 DESCRIPTION
+-
+-HMAC is a MAC (message authentication code), i.e. a keyed hash
+-function used for message authentication, which is based on a hash
+-function.
+-
+-HMAC() computes the message authentication code of the B<n> bytes at
+-B<d> using the hash function B<evp_md> and the key B<key> which is
+-B<key_len> bytes long.
+-
+-It places the result in B<md> (which must have space for the output of
+-the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
+-If B<md> is NULL, the digest is placed in a static array. The size of
+-the output is placed in B<md_len>, unless it is B<NULL>.
+-
+-B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
+-
+-HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
+-
+-HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
+-resources, making it suitable for new computations as if it was newly
+-created with HMAC_CTX_new().
+-
+-HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
+-releases any associated resources and finally frees the B<HMAC_CTX>
+-itself.
+-
+-The following functions may be used if the message is not completely
+-stored in memory:
+-
+-HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
+-function B<evp_md> and the key B<key> which is B<key_len> bytes
+-long. It is deprecated and only included for backward compatibility
+-with OpenSSL 0.9.6b.
+-
+-HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
+-the function B<evp_md> and key B<key>. Either can be NULL, in which
+-case the existing one will be reused. B<ctx> must have been created
+-with HMAC_CTX_new() before the first use of an B<HMAC_CTX> in this
+-function. B<N.B. HMAC_Init() had this undocumented behaviour in
+-previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
+-programs that expect it will cause them to stop working>.
+-
+-HMAC_Update() can be called repeatedly with chunks of the message to
+-be authenticated (B<len> bytes at B<data>).
+-
+-HMAC_Final() places the message authentication code in B<md>, which
+-must have space for the hash function output.
+-
+-=head1 RETURN VALUES
+-
+-HMAC() returns a pointer to the message authentication code or NULL if
+-an error occurred.
+-
+-HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
+-B<NULL> if an error occurred.
+-
+-HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1
+-for success or 0 if an error occurred.
+-
+-HMAC_CTX_free() do not return values.
+-
+-=head1 CONFORMING TO
+-
+-RFC 2104
+-
+-=head1 SEE ALSO
+-
+-L<sha(3)>, L<evp(3)>
+-
+-=head1 HISTORY
+-
+-HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.
+-
+-HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.
+-
+-HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1.
+-
+-HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
+-versions of OpenSSL before 1.0.0.
+-
+-=cut
diff --git a/doc/crypto/i2d_CMS_bio_stream.pod b/doc/crypto/i2d_CMS_bio_stream.pod
-index 42b06c2..fd566bb 100644
+index 42b06c2b9f5a..ece7a4800eee 100644
--- a/doc/crypto/i2d_CMS_bio_stream.pod
+++ b/doc/crypto/i2d_CMS_bio_stream.pod
@@ -2,7 +2,7 @@
@@ -95683,7 +111077,7 @@
=head1 NAME
- i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format.
-+i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format.
++i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format
=head1 SYNOPSIS
@@ -95702,9 +111096,18 @@
+
=cut
diff --git a/doc/crypto/i2d_PKCS7_bio_stream.pod b/doc/crypto/i2d_PKCS7_bio_stream.pod
-index 7a96cf9..f22e0e1 100644
+index 7a96cf9591a4..b42940a83cfa 100644
--- a/doc/crypto/i2d_PKCS7_bio_stream.pod
+++ b/doc/crypto/i2d_PKCS7_bio_stream.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-i2d_PKCS7_bio_stream - output PKCS7 structure in BER format.
++i2d_PKCS7_bio_stream - output PKCS7 structure in BER format
+
+ =head1 SYNOPSIS
+
@@ -41,4 +41,13 @@ L<PEM_write_bio_PKCS7_stream(3)>
i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
@@ -95719,413 +111122,737 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/crypto/i2d_re_X509_tbs.pod b/doc/crypto/i2d_re_X509_tbs.pod
+new file mode 100644
+index 000000000000..672c7ab5aec6
+--- /dev/null
++++ b/doc/crypto/i2d_re_X509_tbs.pod
+@@ -0,0 +1,79 @@
++=pod
++
++=head1 NAME
++
++d2i_X509_AUX, i2d_X509_AUX,
++i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs
++- X509 encode and decode functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
++ int i2d_X509_AUX(X509 *x, unsigned char **out);
++ int i2d_re_X509_tbs(X509 *x, unsigned char **out);
++ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
++ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
++
++=head1 DESCRIPTION
++
++The X509 encode and decode routines encode and parse an
++B<X509> structure, which represents an X509 certificate.
++
++d2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to
++consist of an X509 certificate followed by auxiliary trust information.
++This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
++This function should not be called on untrusted input.
++
++i2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output
++contains both the certificate and any auxiliary trust information.
++This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
++Note that this is a non-standard OpenSSL-specific data format.
++
++i2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only
++the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs()
++and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request,
++respectively. The "re" in B<i2d_re_X509_tbs> stands for "re-encode",
++and ensures that a fresh encoding is generated in case the object has been
++modified after creation (see the BUGS section).
++
++The encoding of the TBSCertificate portion of a certificate is cached
++in the B<X509> structure internally to improve encoding performance
++and to ensure certificate signatures are verified correctly in some
++certificates with broken (non-DER) encodings.
++
++If, after modification, the B<X509> object is re-signed with X509_sign(),
++the encoding is automatically renewed. Otherwise, the encoding of the
++TBSCertificate portion of the B<X509> can be manually renewed by calling
++i2d_re_X509_tbs().
++
++=head1 SEE ALSO
++
++L<ERR_get_error(3)>
++L<X509_CRL_get0_by_serial(3)>,
++L<X509_get0_signature(3)>,
++L<X509_get_ext_d2i(3)>,
++L<X509_get_extension_flags(3)>,
++L<X509_get_pubkey(3)>,
++L<X509_get_subject_name(3)>,
++L<X509_get_version(3)>,
++L<X509_NAME_add_entry_by_txt(3)>,
++L<X509_NAME_ENTRY_get_object(3)>,
++L<X509_NAME_get_index_by_NID(3)>,
++L<X509_NAME_print_ex(3)>,
++L<X509_new(3)>,
++L<X509_sign(3)>,
++L<X509V3_get_d2i(3)>,
++L<X509_verify_cert(3)>
++
++=head1 COPYRIGHT
++
++Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/crypto/lh_stats.pod b/doc/crypto/lh_stats.pod
-index fa7bd9d..c454a47 100644
+deleted file mode 100644
+index fa7bd9db8674..000000000000
--- a/doc/crypto/lh_stats.pod
-+++ b/doc/crypto/lh_stats.pod
-@@ -2,20 +2,21 @@
-
- =head1 NAME
-
++++ /dev/null
+@@ -1,54 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
-lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
-lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
-+OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats,
-+OPENSSL_LH_stats_bio,
-+OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics
-
- =head1 SYNOPSIS
-
- #include <openssl/lhash.h>
-
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/lhash.h>
+-
- void lh_stats(LHASH *table, FILE *out);
- void lh_node_stats(LHASH *table, FILE *out);
- void lh_node_usage_stats(LHASH *table, FILE *out);
-+ void OPENSSL_LH_stats(LHASH *table, FILE *out);
-+ void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
-+ void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
-
+-
- void lh_stats_bio(LHASH *table, BIO *out);
- void lh_node_stats_bio(LHASH *table, BIO *out);
- void lh_node_usage_stats_bio(LHASH *table, BIO *out);
-+ void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
-+ void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
-+ void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
-
- =head1 DESCRIPTION
-
-@@ -24,14 +25,14 @@ accessing the hash table. This is mostly a legacy of Eric Young
- writing this library for the reasons of implementing what looked like
- a nice algorithm rather than for a particular software product.
-
+-
+-=head1 DESCRIPTION
+-
+-The B<LHASH> structure records statistics about most aspects of
+-accessing the hash table. This is mostly a legacy of Eric Young
+-writing this library for the reasons of implementing what looked like
+-a nice algorithm rather than for a particular software product.
+-
-lh_stats() prints out statistics on the size of the hash table, how
-+OPENSSL_LH_stats() prints out statistics on the size of the hash table, how
- many entries are in it, and the number and result of calls to the
- routines in this library.
-
+-many entries are in it, and the number and result of calls to the
+-routines in this library.
+-
-lh_node_stats() prints the number of entries for each 'bucket' in the
-+OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the
- hash table.
-
+-hash table.
+-
-lh_node_usage_stats() prints out a short summary of the state of the
-+OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the
- hash table. It prints the 'load' and the 'actual load'. The load is
- the average number of data items per 'bucket' in the hash table. The
- 'actual load' is the average number of items per 'bucket', but only
-@@ -40,7 +41,7 @@ average number of searches that will need to find an item in the hash
- table, while the 'load' is the average number that will be done to
- record a miss.
-
+-hash table. It prints the 'load' and the 'actual load'. The load is
+-the average number of data items per 'bucket' in the hash table. The
+-'actual load' is the average number of items per 'bucket', but only
+-for buckets which contain entries. So the 'actual load' is the
+-average number of searches that will need to find an item in the hash
+-table, while the 'load' is the average number that will be done to
+-record a miss.
+-
-lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
-+OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio()
- are the same as the above, except that the output goes to a B<BIO>.
-
- =head1 RETURN VALUES
-@@ -51,4 +52,13 @@ These functions do not return values.
-
- L<bio(3)>, L<lhash(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-are the same as the above, except that the output goes to a B<BIO>.
+-
+-=head1 RETURN VALUES
+-
+-These functions do not return values.
+-
+-=head1 SEE ALSO
+-
+-L<bio(3)>, L<lhash(3)>
+-
+-=cut
diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod
-index 7d39a67..959e2d6 100644
+deleted file mode 100644
+index 7d39a67bc03a..000000000000
--- a/doc/crypto/lhash.pod
-+++ b/doc/crypto/lhash.pod
-@@ -2,39 +2,45 @@
-
- =head1 NAME
-
++++ /dev/null
+@@ -1,246 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
-lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error - dynamic hash table
-+DECLARE_LHASH_OF,
-+OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC,
-+LHASH_DOALL_ARG_FN_TYPE,
-+lh_TYPE_new, lh_TYPE_free,
-+lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,
-+lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table
-
- =head1 SYNOPSIS
-
- #include <openssl/lhash.h>
-
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/lhash.h>
+-
- DECLARE_LHASH_OF(<type>);
-+ DECLARE_LHASH_OF(TYPE);
-
+-
- LHASH *lh_<type>_new();
- void lh_<type>_free(LHASH_OF(<type> *table);
-+ LHASH *lh_TYPE_new();
-+ void lh_TYPE_free(LHASH_OF(TYPE *table);
-
+-
- <type> *lh_<type>_insert(LHASH_OF(<type> *table, <type> *data);
- <type> *lh_<type>_delete(LHASH_OF(<type> *table, <type> *data);
- <type> *lh_retrieve(LHASH_OF<type> *table, <type> *data);
-+ TYPE *lh_TYPE_insert(LHASH_OF(TYPE *table, TYPE *data);
-+ TYPE *lh_TYPE_delete(LHASH_OF(TYPE *table, TYPE *data);
-+ TYPE *lh_retrieve(LHASH_OFTYPE *table, TYPE *data);
-
+-
- void lh_<type>_doall(LHASH_OF(<type> *table, LHASH_DOALL_FN_TYPE func);
- void lh_<type>_doall_arg(LHASH_OF(<type> *table, LHASH_DOALL_ARG_FN_TYPE func,
- <type2>, <type2> *arg);
-+ void lh_TYPE_doall(LHASH_OF(TYPE *table, OPENSSL_LH_DOALL_FUNC func);
-+ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
-+ TYPE, TYPE *arg);
-
+-
- int lh_<type>_error(LHASH_OF(<type> *table);
-+ int lh_TYPE_error(LHASH_OF(TYPE) *table);
-
+-
- typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
- typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
- typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
-+ typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
-+ typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
-+ typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
- typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
-
- =head1 DESCRIPTION
-
- This library implements type-checked dynamic hash tables. The hash
- table entries can be arbitrary structures. Usually they consist of key
+- typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+-
+-=head1 DESCRIPTION
+-
+-This library implements type-checked dynamic hash tables. The hash
+-table entries can be arbitrary structures. Usually they consist of key
-and value fields.
-+and value fields. In the description here, I<TYPE> is used a placeholder
-+for any of the OpenSSL datatypes, such as I<SSL_SESSION>.
-
+-
-lh_<type>_new() creates a new B<LHASH_OF(<type>> structure to store
-+lh_TYPE_new() creates a new B<LHASH_OF(TYPE)> structure to store
- arbitrary data entries, and provides the 'hash' and 'compare'
- callbacks to be used in organising the table's entries. The B<hash>
- callback takes a pointer to a table entry as its argument and returns
-@@ -47,43 +53,43 @@ will contain items of some particular type and the B<hash> and
- B<compare> callbacks hash/compare these types, then the
- B<DECLARE_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
- used to create callback wrappers of the prototypes required by
+-arbitrary data entries, and provides the 'hash' and 'compare'
+-callbacks to be used in organising the table's entries. The B<hash>
+-callback takes a pointer to a table entry as its argument and returns
+-an unsigned long hash value for its key field. The hash value is
+-normally truncated to a power of 2, so make sure that your hash
+-function returns well mixed low order bits. The B<compare> callback
+-takes two arguments (pointers to two hash table entries), and returns
+-0 if their keys are equal, non-zero otherwise. If your hash table
+-will contain items of some particular type and the B<hash> and
+-B<compare> callbacks hash/compare these types, then the
+-B<DECLARE_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
+-used to create callback wrappers of the prototypes required by
-lh_<type>_new(). These provide per-variable casts before calling the
-+lh_TYPE_new(). These provide per-variable casts before calling the
- type-specific callbacks written by the application author. These
- macros, as well as those used for the "doall" callbacks, are defined
- as;
-
- #define DECLARE_LHASH_HASH_FN(name, o_type) \
+-type-specific callbacks written by the application author. These
+-macros, as well as those used for the "doall" callbacks, are defined
+-as;
+-
+- #define DECLARE_LHASH_HASH_FN(name, o_type) \
- unsigned long name##_LHASH_HASH(const void *);
-+ unsigned long name##_LHASH_HASH(const void *);
- #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
+- #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
- unsigned long name##_LHASH_HASH(const void *arg) { \
- const o_type *a = arg; \
- return name##_hash(a); }
-+ unsigned long name##_LHASH_HASH(const void *arg) { \
-+ const o_type *a = arg; \
-+ return name##_hash(a); }
- #define LHASH_HASH_FN(name) name##_LHASH_HASH
-
- #define DECLARE_LHASH_COMP_FN(name, o_type) \
+- #define LHASH_HASH_FN(name) name##_LHASH_HASH
+-
+- #define DECLARE_LHASH_COMP_FN(name, o_type) \
- int name##_LHASH_COMP(const void *, const void *);
-+ int name##_LHASH_COMP(const void *, const void *);
- #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
+- #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
- int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
- const o_type *a = arg1; \
- const o_type *b = arg2; \
- return name##_cmp(a,b); }
-+ int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-+ const o_type *a = arg1; \
-+ const o_type *b = arg2; \
-+ return name##_cmp(a,b); }
- #define LHASH_COMP_FN(name) name##_LHASH_COMP
-
- #define DECLARE_LHASH_DOALL_FN(name, o_type) \
+- #define LHASH_COMP_FN(name) name##_LHASH_COMP
+-
+- #define DECLARE_LHASH_DOALL_FN(name, o_type) \
- void name##_LHASH_DOALL(void *);
-+ void name##_LHASH_DOALL(void *);
- #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
+- #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
- void name##_LHASH_DOALL(void *arg) { \
- o_type *a = arg; \
- name##_doall(a); }
-+ void name##_LHASH_DOALL(void *arg) { \
-+ o_type *a = arg; \
-+ name##_doall(a); }
- #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
-
- #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+- #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
+-
+- #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
- void name##_LHASH_DOALL_ARG(void *, void *);
-+ void name##_LHASH_DOALL_ARG(void *, void *);
- #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+- #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
- void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
- o_type *a = arg1; \
- a_type *b = arg2; \
- name##_doall_arg(a, b); }
-+ void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-+ o_type *a = arg1; \
-+ a_type *b = arg2; \
-+ name##_doall_arg(a, b); }
- #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-
- An example of a hash table storing (pointers to) structures of type 'STUFF'
-@@ -101,28 +107,28 @@ as;
- /* Create the new hash table using the hash/compare wrappers */
- LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
- LHASH_COMP_FN(STUFF_cmp));
+- #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+-
+- An example of a hash table storing (pointers to) structures of type 'STUFF'
+- could be defined as follows;
+-
+- /* Calculates the hash value of 'tohash' (implemented elsewhere) */
+- unsigned long STUFF_hash(const STUFF *tohash);
+- /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
+- int stuff_cmp(const STUFF *arg1, const STUFF *arg2);
+- /* Create the type-safe wrapper functions for use in the LHASH internals */
+- static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF);
+- static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF);
+- /* ... */
+- int main(int argc, char *argv[]) {
+- /* Create the new hash table using the hash/compare wrappers */
+- LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
+- LHASH_COMP_FN(STUFF_cmp));
- /* ... */
-+ /* ... */
- }
-
+- }
+-
-lh_<type>_free() frees the B<LHASH_OF(<type>> structure
-+lh_TYPE_free() frees the B<LHASH_OF(TYPE)> structure
- B<table>. Allocated hash table entries will not be freed; consider
+-B<table>. Allocated hash table entries will not be freed; consider
-using lh_<type>_doall() to deallocate any remaining entries in the
-+using lh_TYPE_doall() to deallocate any remaining entries in the
- hash table (see below).
-
+-hash table (see below).
+-
-lh_<type>_insert() inserts the structure pointed to by B<data> into
-+lh_TYPE_insert() inserts the structure pointed to by B<data> into
- B<table>. If there already is an entry with the same key, the old
+-B<table>. If there already is an entry with the same key, the old
-value is replaced. Note that lh_<type>_insert() stores pointers, the
-+value is replaced. Note that lh_TYPE_insert() stores pointers, the
- data are not copied.
-
+-data are not copied.
+-
-lh_<type>_delete() deletes an entry from B<table>.
-+lh_TYPE_delete() deletes an entry from B<table>.
-
+-
-lh_<type>_retrieve() looks up an entry in B<table>. Normally, B<data>
-+lh_TYPE_retrieve() looks up an entry in B<table>. Normally, B<data>
- is a structure with the key field(s) set; the function will return a
- pointer to a fully populated structure.
-
+-is a structure with the key field(s) set; the function will return a
+-pointer to a fully populated structure.
+-
-lh_<type>_doall() will, for every entry in the hash table, call
-B<func> with the data item as its parameter. For lh_<type>_doall()
-and lh_<type>_doall_arg(), function pointer casting should be avoided
-+lh_TYPE_doall() will, for every entry in the hash table, call
-+B<func> with the data item as its parameter. For lh_TYPE_doall()
-+and lh_TYPE_doall_arg(), function pointer casting should be avoided
- in the callbacks (see B<NOTE>) - instead use the declare/implement
- macros to create type-checked wrappers that cast variables prior to
- calling your type-specific callbacks. An example of this is
-@@ -149,7 +155,7 @@ you start (which will stop the hash table ever decreasing in size).
- The best solution is probably to avoid deleting items from the hash
- table inside a "doall" callback!
-
+-in the callbacks (see B<NOTE>) - instead use the declare/implement
+-macros to create type-checked wrappers that cast variables prior to
+-calling your type-specific callbacks. An example of this is
+-illustrated here where the callback is used to cleanup resources for
+-items in the hash table prior to the hashtable itself being
+-deallocated:
+-
+- /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+- void STUFF_cleanup_doall(STUFF *a);
+- /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
+- IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF)
+- /* ... then later in the code ... */
+- /* So to run "STUFF_cleanup" against all items in a hash table ... */
+- lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
+- /* Then the hash table itself can be deallocated */
+- lh_STUFF_free(hashtable);
+-
+-When doing this, be careful if you delete entries from the hash table
+-in your callbacks: the table may decrease in size, moving the item
+-that you are currently on down lower in the hash table - this could
+-cause some entries to be skipped during the iteration. The second
+-best solution to this problem is to set hash-E<gt>down_load=0 before
+-you start (which will stop the hash table ever decreasing in size).
+-The best solution is probably to avoid deleting items from the hash
+-table inside a "doall" callback!
+-
-lh_<type>_doall_arg() is the same as lh_<type>_doall() except that
-+lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that
- B<func> will be called with B<arg> as the second argument and B<func>
- should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
- that is passed both the table entry and an extra argument). As with
-@@ -168,28 +174,29 @@ that is provided by the caller):
- /* Print out the entire hashtable to a particular BIO */
- lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
- logging_bio);
+-B<func> will be called with B<arg> as the second argument and B<func>
+-should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
+-that is passed both the table entry and an extra argument). As with
+-lh_doall(), you can instead choose to declare your callback with a
+-prototype matching the types you are dealing with and use the
+-declare/implement macros to create compatible wrappers that cast
+-variables before calling your type-specific callbacks. An example of
+-this is demonstrated here (printing all hash table entries to a BIO
+-that is provided by the caller):
+-
+- /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+- void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio);
+- /* Implement a prototype-compatible wrapper for "STUFF_print" */
+- static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO)
+- /* ... then later in the code ... */
+- /* Print out the entire hashtable to a particular BIO */
+- lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
+- logging_bio);
-
-lh_<type>_error() can be used to determine if an error occurred in the last
-operation. lh_<type>_error() is a macro.
-+
-+
-+lh_TYPE_error() can be used to determine if an error occurred in the last
-+operation.
-
- =head1 RETURN VALUES
-
+-
+-=head1 RETURN VALUES
+-
-lh_<type>_new() returns B<NULL> on error, otherwise a pointer to the new
-+lh_TYPE_new() returns B<NULL> on error, otherwise a pointer to the new
- B<LHASH> structure.
-
+-B<LHASH> structure.
+-
-When a hash table entry is replaced, lh_<type>_insert() returns the value
-+When a hash table entry is replaced, lh_TYPE_insert() returns the value
- being replaced. B<NULL> is returned on normal operation and on error.
-
+-being replaced. B<NULL> is returned on normal operation and on error.
+-
-lh_<type>_delete() returns the entry being deleted. B<NULL> is returned if
-+lh_TYPE_delete() returns the entry being deleted. B<NULL> is returned if
- there is no such value in the hash table.
-
+-there is no such value in the hash table.
+-
-lh_<type>_retrieve() returns the hash table entry if it has been found,
-+lh_TYPE_retrieve() returns the hash table entry if it has been found,
- B<NULL> otherwise.
-
+-B<NULL> otherwise.
+-
-lh_<type>_error() returns 1 if an error occurred in the last operation, 0
-+lh_TYPE_error() returns 1 if an error occurred in the last operation, 0
- otherwise.
-
+-otherwise.
+-
-lh_<type>_free(), lh_<type>_doall() and lh_<type>_doall_arg() return no values.
-+lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values.
-
- =head1 NOTE
-
-@@ -232,7 +239,7 @@ without any "const" qualifiers.
-
- =head1 BUGS
-
+-
+-=head1 NOTE
+-
+-The various LHASH macros and callback types exist to make it possible
+-to write type-checked code without resorting to function-prototype
+-casting - an evil that makes application code much harder to
+-audit/verify and also opens the window of opportunity for stack
+-corruption and other hard-to-find bugs. It also, apparently, violates
+-ANSI-C.
+-
+-The LHASH code regards table entries as constant data. As such, it
+-internally represents lh_insert()'d items with a "const void *"
+-pointer type. This is why callbacks such as those used by lh_doall()
+-and lh_doall_arg() declare their prototypes with "const", even for the
+-parameters that pass back the table items' data pointers - for
+-consistency, user-provided data is "const" at all times as far as the
+-LHASH code is concerned. However, as callers are themselves providing
+-these pointers, they can choose whether they too should be treating
+-all such parameters as constant.
+-
+-As an example, a hash table may be maintained by code that, for
+-reasons of encapsulation, has only "const" access to the data being
+-indexed in the hash table (ie. it is returned as "const" from
+-elsewhere in their code) - in this case the LHASH prototypes are
+-appropriate as-is. Conversely, if the caller is responsible for the
+-life-time of the data in question, then they may well wish to make
+-modifications to table item passed back in the lh_doall() or
+-lh_doall_arg() callbacks (see the "STUFF_cleanup" example above). If
+-so, the caller can either cast the "const" away (if they're providing
+-the raw callbacks themselves) or use the macros to declare/implement
+-the wrapper functions without "const" types.
+-
+-Callers that only have "const" access to data they're indexing in a
+-table, yet declare callbacks without constant types (or cast the
+-"const" away themselves), are therefore creating their own risks/bugs
+-without being encouraged to do so by the API. On a related note,
+-those auditing code should pay special attention to any instances of
+-DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
+-without any "const" qualifiers.
+-
+-=head1 BUGS
+-
-lh_<type>_insert() returns B<NULL> both for success and error.
-+lh_TYPE_insert() returns B<NULL> both for success and error.
-
- =head1 SEE ALSO
-
-@@ -243,4 +250,13 @@ L<lh_stats(3)>
- In OpenSSL 1.0.0, the lhash interface was revamped for better
- type checking.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-=head1 SEE ALSO
+-
+-L<lh_stats(3)>
+-
+-=head1 HISTORY
+-
+-In OpenSSL 1.0.0, the lhash interface was revamped for better
+-type checking.
+-
+-=cut
diff --git a/doc/crypto/md5.pod b/doc/crypto/md5.pod
-index a8c0718..78da750 100644
+deleted file mode 100644
+index a8c0718ea200..000000000000
--- a/doc/crypto/md5.pod
-+++ b/doc/crypto/md5.pod
-@@ -75,7 +75,7 @@ preferred.
-
- =head1 RETURN VALUES
-
++++ /dev/null
+@@ -1,92 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+-MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/md2.h>
+-
+- unsigned char *MD2(const unsigned char *d, unsigned long n,
+- unsigned char *md);
+-
+- int MD2_Init(MD2_CTX *c);
+- int MD2_Update(MD2_CTX *c, const unsigned char *data,
+- unsigned long len);
+- int MD2_Final(unsigned char *md, MD2_CTX *c);
+-
+-
+- #include <openssl/md4.h>
+-
+- unsigned char *MD4(const unsigned char *d, unsigned long n,
+- unsigned char *md);
+-
+- int MD4_Init(MD4_CTX *c);
+- int MD4_Update(MD4_CTX *c, const void *data,
+- unsigned long len);
+- int MD4_Final(unsigned char *md, MD4_CTX *c);
+-
+-
+- #include <openssl/md5.h>
+-
+- unsigned char *MD5(const unsigned char *d, unsigned long n,
+- unsigned char *md);
+-
+- int MD5_Init(MD5_CTX *c);
+- int MD5_Update(MD5_CTX *c, const void *data,
+- unsigned long len);
+- int MD5_Final(unsigned char *md, MD5_CTX *c);
+-
+-=head1 DESCRIPTION
+-
+-MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
+-
+-MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
+-of the B<n> bytes at B<d> and place it in B<md> (which must have space
+-for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
+-bytes of output). If B<md> is NULL, the digest is placed in a static
+-array.
+-
+-The following functions may be used if the message is not completely
+-stored in memory:
+-
+-MD2_Init() initializes a B<MD2_CTX> structure.
+-
+-MD2_Update() can be called repeatedly with chunks of the message to
+-be hashed (B<len> bytes at B<data>).
+-
+-MD2_Final() places the message digest in B<md>, which must have space
+-for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
+-
+-MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
+-MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
+-
+-Applications should use the higher level functions
+-L<EVP_DigestInit(3)>
+-etc. instead of calling the hash functions directly.
+-
+-=head1 NOTE
+-
+-MD2, MD4, and MD5 are recommended only for compatibility with existing
+-applications. In new applications, SHA-1 or RIPEMD-160 should be
+-preferred.
+-
+-=head1 RETURN VALUES
+-
-MD2(), MD4(), and MD5() return pointers to the hash value.
-+MD2(), MD4(), and MD5() return pointers to the hash value.
-
- MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
- MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
-@@ -89,4 +89,13 @@ RFC 1319, RFC 1320, RFC 1321
-
- L<EVP_DigestInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
+-MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
+-success, 0 otherwise.
+-
+-=head1 CONFORMING TO
+-
+-RFC 1319, RFC 1320, RFC 1321
+-
+-=head1 SEE ALSO
+-
+-L<EVP_DigestInit(3)>
+-
+-=cut
diff --git a/doc/crypto/mdc2.pod b/doc/crypto/mdc2.pod
-index f7cc425..f7db71b 100644
+deleted file mode 100644
+index f7cc4257fe8d..000000000000
--- a/doc/crypto/mdc2.pod
-+++ b/doc/crypto/mdc2.pod
-@@ -44,7 +44,7 @@ hash functions directly.
-
- =head1 RETURN VALUES
-
++++ /dev/null
+@@ -1,59 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/mdc2.h>
+-
+- unsigned char *MDC2(const unsigned char *d, unsigned long n,
+- unsigned char *md);
+-
+- int MDC2_Init(MDC2_CTX *c);
+- int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+- unsigned long len);
+- int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+-
+-=head1 DESCRIPTION
+-
+-MDC2 is a method to construct hash functions with 128 bit output from
+-block ciphers. These functions are an implementation of MDC2 with
+-DES.
+-
+-MDC2() computes the MDC2 message digest of the B<n>
+-bytes at B<d> and places it in B<md> (which must have space for
+-MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
+-is placed in a static array.
+-
+-The following functions may be used if the message is not completely
+-stored in memory:
+-
+-MDC2_Init() initializes a B<MDC2_CTX> structure.
+-
+-MDC2_Update() can be called repeatedly with chunks of the message to
+-be hashed (B<len> bytes at B<data>).
+-
+-MDC2_Final() places the message digest in B<md>, which must have space
+-for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
+-
+-Applications should use the higher level functions
+-L<EVP_DigestInit(3)> etc. instead of calling the
+-hash functions directly.
+-
+-=head1 RETURN VALUES
+-
-MDC2() returns a pointer to the hash value.
-+MDC2() returns a pointer to the hash value.
-
- MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
-
-@@ -56,4 +56,13 @@ ISO/IEC 10118-2, with DES
-
- L<EVP_DigestInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
+-
+-=head1 CONFORMING TO
+-
+-ISO/IEC 10118-2, with DES
+-
+-=head1 SEE ALSO
+-
+-L<EVP_DigestInit(3)>
+-
+-=cut
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
-index 5687375..f355196 100644
+deleted file mode 100644
+index 5687375a61bf..000000000000
--- a/doc/crypto/pem.pod
-+++ b/doc/crypto/pem.pod
-@@ -3,7 +3,8 @@
- =head1 NAME
-
- PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
++++ /dev/null
+@@ -1,458 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
-PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
-+PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
-+PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
- PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
- PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
- PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
-@@ -35,6 +36,10 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
- int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-+ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
-+ const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
- int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-@@ -157,19 +162,21 @@ clarity the term "B<foobar> functions" will be used to collectively
- refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
- PEM_write_bio_foobar() and PEM_write_foobar() functions.
-
+-PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
+-PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
+-PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
+-PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
+-PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
+-PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
+-PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
+-PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
+-PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
+-PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
+-PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
+-PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
+-PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
+-PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
+-PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
+-PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
+-PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
+-PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
+-PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/pem.h>
+-
+- EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+- pem_password_cb *cb, void *u);
+- EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+- unsigned char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+- int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+- unsigned char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+-
+- int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+- char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+- int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+- char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+- char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+- int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+- char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+-
+- EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+- pem_password_cb *cb, void *u);
+- EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+- int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+-
+- RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+- pem_password_cb *cb, void *u);
+- RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+- unsigned char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+- int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+- unsigned char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+-
+- RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+- pem_password_cb *cb, void *u);
+- RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+- int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+-
+- RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+- pem_password_cb *cb, void *u);
+- RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+- int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+-
+- DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+- pem_password_cb *cb, void *u);
+- DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+- unsigned char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+- int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+- unsigned char *kstr, int klen,
+- pem_password_cb *cb, void *u);
+-
+- DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+- pem_password_cb *cb, void *u);
+- DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+- int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+-
+- DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+- DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+- int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+- int PEM_write_DSAparams(FILE *fp, DSA *x);
+-
+- DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+- DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+- int PEM_write_bio_DHparams(BIO *bp, DH *x);
+- int PEM_write_DHparams(FILE *fp, DH *x);
+-
+- X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+- X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+- int PEM_write_bio_X509(BIO *bp, X509 *x);
+- int PEM_write_X509(FILE *fp, X509 *x);
+-
+- X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+- X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+- int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+- int PEM_write_X509_AUX(FILE *fp, X509 *x);
+-
+- X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+- pem_password_cb *cb, void *u);
+- X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+- int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+- int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+- int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+-
+- X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+- pem_password_cb *cb, void *u);
+- X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+- pem_password_cb *cb, void *u);
+- int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+- int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+-
+- PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+- PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+- int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+- int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+-
+-=head1 DESCRIPTION
+-
+-The PEM functions read or write structures in PEM format. In
+-this sense PEM format is simply base64 encoded data surrounded
+-by header lines.
+-
+-For more details about the meaning of arguments see the
+-B<PEM FUNCTION ARGUMENTS> section.
+-
+-Each operation has four functions associated with it. For
+-clarity the term "B<foobar> functions" will be used to collectively
+-refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
+-PEM_write_bio_foobar() and PEM_write_foobar() functions.
+-
-The B<PrivateKey> functions read or write a private key in
-PEM format using an EVP_PKEY structure. The write routines use
-"traditional" private key format and can handle both RSA and DSA
-private keys. The read functions can additionally transparently
-handle PKCS#8 format encrypted and unencrypted keys too.
-+The B<PrivateKey> functions read or write a private key in PEM format using an
-+EVP_PKEY structure. The write routines use PKCS#8 private key format and are
-+equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
-+handle traditional and PKCS#8 format encrypted and unencrypted keys.
-
+-
-PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
-write a private key in an EVP_PKEY structure in PKCS#8
-EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
@@ -96133,341 +111860,724 @@
-use: unlike all other PEM routines the encryption is applied at the
-PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
-encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
-+PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy
-+"traditional" format.
-+
-+PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
-+key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
-+PKCS#5 v2.0 password based encryption algorithms. The B<cipher> argument
-+specifies the encryption algorithm to use: unlike some other PEM routines the
-+encryption is applied at the PKCS#8 level and not in the PEM headers. If
-+B<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
-+structure is used instead.
-
- PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
- also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
-@@ -182,7 +189,8 @@ structure. The public key is encoded as a SubjectPublicKeyInfo
- structure.
-
- The B<RSAPrivateKey> functions process an RSA private key using an
+-
+-PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
+-also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
+-it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
+-to use is specified in the B<nid> parameter and should be the NID of the
+-corresponding OBJECT IDENTIFIER (see NOTES section).
+-
+-The B<PUBKEY> functions process a public key using an EVP_PKEY
+-structure. The public key is encoded as a SubjectPublicKeyInfo
+-structure.
+-
+-The B<RSAPrivateKey> functions process an RSA private key using an
-RSA structure. It handles the same formats as the B<PrivateKey>
-+RSA structure. The write routines uses traditional format. The read
-+routines handles the same formats as the B<PrivateKey>
- functions but an error occurs if the private key is not RSA.
-
- The B<RSAPublicKey> functions process an RSA public key using an
-@@ -195,7 +203,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public
- key is not RSA.
-
- The B<DSAPrivateKey> functions process a DSA private key using a
+-functions but an error occurs if the private key is not RSA.
+-
+-The B<RSAPublicKey> functions process an RSA public key using an
+-RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
+-structure.
+-
+-The B<RSA_PUBKEY> functions also process an RSA public key using
+-an RSA structure. However the public key is encoded using a
+-SubjectPublicKeyInfo structure and an error occurs if the public
+-key is not RSA.
+-
+-The B<DSAPrivateKey> functions process a DSA private key using a
-DSA structure. It handles the same formats as the B<PrivateKey>
-+DSA structure. The write routines uses traditional format. The read
-+routines handles the same formats as the B<PrivateKey>
- functions but an error occurs if the private key is not DSA.
-
- The B<DSA_PUBKEY> functions process a DSA public key using
-@@ -216,7 +225,7 @@ structure. They will also process a trusted X509 certificate but
- any trust settings are discarded.
-
- The B<X509_AUX> functions process a trusted X509 certificate using
+-functions but an error occurs if the private key is not DSA.
+-
+-The B<DSA_PUBKEY> functions process a DSA public key using
+-a DSA structure. The public key is encoded using a
+-SubjectPublicKeyInfo structure and an error occurs if the public
+-key is not DSA.
+-
+-The B<DSAparams> functions process DSA parameters using a DSA
+-structure. The parameters are encoded using a Dss-Parms structure
+-as defined in RFC2459.
+-
+-The B<DHparams> functions process DH parameters using a DH
+-structure. The parameters are encoded using a PKCS#3 DHparameter
+-structure.
+-
+-The B<X509> functions process an X509 certificate using an X509
+-structure. They will also process a trusted X509 certificate but
+-any trust settings are discarded.
+-
+-The B<X509_AUX> functions process a trusted X509 certificate using
-an X509 structure.
-+an X509 structure.
-
- The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
- certificate request using an X509_REQ structure. The B<X509_REQ>
-@@ -340,7 +349,7 @@ Skeleton pass phrase callback:
- char *tmp;
-
- /* We'd probably do something else if 'rwflag' is 1 */
+-
+-The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
+-certificate request using an X509_REQ structure. The B<X509_REQ>
+-write functions use B<CERTIFICATE REQUEST> in the header whereas
+-the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
+-(as required by some CAs). The B<X509_REQ> read functions will
+-handle either form so there are no B<X509_REQ_NEW> read functions.
+-
+-The B<X509_CRL> functions process an X509 CRL using an X509_CRL
+-structure.
+-
+-The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
+-structure.
+-
+-=head1 PEM FUNCTION ARGUMENTS
+-
+-The PEM functions have many common arguments.
+-
+-The B<bp> BIO parameter (if present) specifies the BIO to read from
+-or write to.
+-
+-The B<fp> FILE parameter (if present) specifies the FILE pointer to
+-read from or write to.
+-
+-The PEM read functions all take an argument B<TYPE **x> and return
+-a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
+-uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
+-NULL but B<*x> is NULL then the structure returned will be written
+-to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
+-to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
+-Irrespective of the value of B<x> a pointer to the structure is always
+-returned (or NULL if an error occurred).
+-
+-The PEM functions which write private keys take an B<enc> parameter
+-which specifies the encryption algorithm to use, encryption is done
+-at the PEM level. If this parameter is set to NULL then the private
+-key is written in unencrypted form.
+-
+-The B<cb> argument is the callback to use when querying for the pass
+-phrase used for encrypted PEM structures (normally only private keys).
+-
+-For the PEM write routines if the B<kstr> parameter is not NULL then
+-B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
+-ignored.
+-
+-If the B<cb> parameters is set to NULL and the B<u> parameter is not
+-NULL then the B<u> parameter is interpreted as a null terminated string
+-to use as the passphrase. If both B<cb> and B<u> are NULL then the
+-default callback routine is used which will typically prompt for the
+-passphrase on the current terminal with echoing turned off.
+-
+-The default passphrase callback is sometimes inappropriate (for example
+-in a GUI application) so an alternative can be supplied. The callback
+-routine has the following form:
+-
+- int cb(char *buf, int size, int rwflag, void *u);
+-
+-B<buf> is the buffer to write the passphrase to. B<size> is the maximum
+-length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
+-which is set to 0 when reading and 1 when writing. A typical routine
+-will ask the user to verify the passphrase (for example by prompting
+-for it twice) if B<rwflag> is 1. The B<u> parameter has the same
+-value as the B<u> parameter passed to the PEM routine. It allows
+-arbitrary data to be passed to the callback by the application
+-(for example a window handle in a GUI application). The callback
+-B<must> return the number of characters in the passphrase or 0 if
+-an error occurred.
+-
+-=head1 EXAMPLES
+-
+-Although the PEM routines take several arguments in almost all applications
+-most of them are set to 0 or NULL.
+-
+-Read a certificate in PEM format from a BIO:
+-
+- X509 *x;
+- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+- if (x == NULL) {
+- /* Error */
+- }
+-
+-Alternative method:
+-
+- X509 *x = NULL;
+- if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
+- /* Error */
+- }
+-
+-Write a certificate to a BIO:
+-
+- if (!PEM_write_bio_X509(bp, x)) {
+- /* Error */
+- }
+-
+-Write a private key (using traditional format) to a BIO using
+-triple DES encryption, the pass phrase is prompted for:
+-
+- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
+- /* Error */
+- }
+-
+-Write a private key (using PKCS#8 format) to a BIO using triple
+-DES encryption, using the pass phrase "hello":
+-
+- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
+- /* Error */
+- }
+-
+-Read a private key from a BIO using a pass phrase callback:
+-
+- key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+- if (key == NULL) {
+- /* Error */
+- }
+-
+-Skeleton pass phrase callback:
+-
+- int pass_cb(char *buf, int size, int rwflag, void *u)
+- {
+- int len;
+- char *tmp;
+-
+- /* We'd probably do something else if 'rwflag' is 1 */
- printf("Enter pass phrase for \"%s\"\n", (char *)u);
-+ printf("Enter pass phrase for \"%s\"\n", (char *)u);
-
- /* get pass phrase, length 'len' into 'tmp' */
- tmp = "hello";
-@@ -379,7 +388,7 @@ which is an uninitialised pointer.
-
- These old B<PrivateKey> routines use a non standard technique for encryption.
-
+-
+- /* get pass phrase, length 'len' into 'tmp' */
+- tmp = "hello";
+- len = strlen(tmp);
+- if (len <= 0)
+- return 0;
+-
+- if (len > size)
+- len = size;
+- memcpy(buf, tmp, len);
+- return len;
+- }
+-
+-=head1 NOTES
+-
+-The old B<PrivateKey> write routines are retained for compatibility.
+-New applications should write private keys using the
+-PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
+-because they are more secure (they use an iteration count of 2048 whereas
+-the traditional routines use a count of 1) unless compatibility with older
+-versions of OpenSSL is important.
+-
+-The B<PrivateKey> read routines can be used in all applications because
+-they handle all formats transparently.
+-
+-A frequent cause of problems is attempting to use the PEM routines like
+-this:
+-
+- X509 *x;
+- PEM_read_bio_X509(bp, &x, 0, NULL);
+-
+-this is a bug because an attempt will be made to reuse the data at B<x>
+-which is an uninitialised pointer.
+-
+-=head1 PEM ENCRYPTION FORMAT
+-
+-These old B<PrivateKey> routines use a non standard technique for encryption.
+-
-The private key (or other data) takes the following form:
-+The private key (or other data) takes the following form:
-
- -----BEGIN RSA PRIVATE KEY-----
- Proc-Type: 4,ENCRYPTED
-@@ -403,7 +412,7 @@ password is passed to EVP_BytesToKey() using the B<data> and B<datal>
- parameters. Finally, the library uses an iteration count of 1 for
- EVP_BytesToKey().
-
+-
+- -----BEGIN RSA PRIVATE KEY-----
+- Proc-Type: 4,ENCRYPTED
+- DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
+-
+- ...base64 encoded data...
+- -----END RSA PRIVATE KEY-----
+-
+-The line beginning with I<Proc-Type> contains the version and the
+-protection on the encapsulated data. The line beginning I<DEK-Info>
+-contains two comma separated values: the encryption algorithm name as
+-used by EVP_get_cipherbyname() and an initialization vector used by the
+-cipher encoded as a set of hexadecimal digits. After those two lines is
+-the base64-encoded encrypted data.
+-
+-The encryption key is derived using EVP_BytesToKey(). The cipher's
+-initialization vector is passed to EVP_BytesToKey() as the B<salt>
+-parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
+-(regardless of the size of the initialization vector). The user's
+-password is passed to EVP_BytesToKey() using the B<data> and B<datal>
+-parameters. Finally, the library uses an iteration count of 1 for
+-EVP_BytesToKey().
+-
-he B<key> derived by EVP_BytesToKey() along with the original initialization
-+The B<key> derived by EVP_BytesToKey() along with the original initialization
- vector is then used to decrypt the encrypted data. The B<iv> produced by
- EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
- the function.
-@@ -433,7 +442,7 @@ an existing structure. Therefore the following:
-
- PEM_read_bio_X509(bp, &x, 0, NULL);
-
+-vector is then used to decrypt the encrypted data. The B<iv> produced by
+-EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
+-the function.
+-
+-The pseudo code to derive the key would look similar to:
+-
+- EVP_CIPHER* cipher = EVP_des_ede3_cbc();
+- EVP_MD* md = EVP_md5();
+-
+- unsigned int nkey = EVP_CIPHER_key_length(cipher);
+- unsigned int niv = EVP_CIPHER_iv_length(cipher);
+- unsigned char key[nkey];
+- unsigned char iv[niv];
+-
+- memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
+- rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
+- if (rc != nkey) {
+- /* Error */
+- }
+-
+- /* On success, use key and iv to initialize the cipher */
+-
+-=head1 BUGS
+-
+-The PEM read routines in some versions of OpenSSL will not correctly reuse
+-an existing structure. Therefore the following:
+-
+- PEM_read_bio_X509(bp, &x, 0, NULL);
+-
-where B<x> already contains a valid certificate, may not work, whereas:
-+where B<x> already contains a valid certificate, may not work, whereas:
-
- X509_free(x);
- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-@@ -456,3 +465,14 @@ as they will be formally deprecated in a future releases.
- =head1 SEE ALSO
-
- L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff --git a/doc/crypto/pem_read.pod b/doc/crypto/pem_read.pod
-new file mode 100644
-index 0000000..7123dd8
---- /dev/null
-+++ b/doc/crypto/pem_read.pod
-@@ -0,0 +1,101 @@
-+=pod
-+
-+=head1 NAME
-+
-+PEM_read, PEM_read_bio, PEM_do_header - low-level PEM routines
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/pem.h>
-+
-+ int PEM_read(FILE *fp, char **name, char **header,
-+ unsigned char **data, long *len);
-+ int PEM_read_bio(BIO *bp, char **name, char **header,
-+ unsigned char **data, long *len);
-+ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
-+ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
-+ pem_password_cb *cb, void *u);
-+
-+=head1 DESCRIPTION
-+
-+These functions read and decode PEM-encoded objects, returning the
-+PEM type B<name>, any encapsulation B<header> and the decoded
-+B<data> of length B<len>.
-+
-+PEM_read() reads from the stdio file handle B<fp>, while PEM_read_bio() reads
-+from the BIO B<bio>.
-+Both skip any non-PEM data that precedes the start of the next PEM object.
-+When an object is successfuly retrieved, the type name from the "----BEGIN
-+<type>-----" is returned via the B<name> argument, any encapsulation headers
-+are returned in B<header> and the base64-decoded content and its length are
-+returned via B<data> and B<len> respectively.
-+The B<name>, B<header> and B<data> pointers are allocated via OPENSSL_malloc()
-+and should be freed by the caller via OPENSSL_free() when no longer needed.
-+
-+PEM_get_EVP_CIPHER_INFO() can be used to determine the B<data> returned by
-+PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher
-+and IV.
-+The caller passes a pointer to structure of type B<EVP_CIPHER_INFO> via the
-+B<cinfo> argument and the B<header> returned via PEM_read() or PEM_read_bio().
-+If the call is succesful 1 is retured and the cipher and IV are stored at the
-+address pointed to by B<cinfo>.
-+When the header is malformed, or not supported or when the cipher is unknown
-+or some internal error happens 0 is returned.
-+This function is deprecated, see B<NOTES> below.
-+
-+PEM_do_header() can then be used to decrypt the data if the header
-+indicates encryption.
-+The B<cinfo> argument is a pointer to the structure initialized by the previous
-+call to PEM_get_EVP_CIPHER_INFO().
-+The B<data> and B<len> arguments are those returned by the previous call to
-+PEM_read() or PEM_read_bio().
-+The B<cb> and B<u> arguments make it possible to override the default password
-+prompt function as described in L<pem(3)>.
-+On successful completion the B<data> is decrypted in place, and B<len> is
-+updated to indicate the plaintext length.
-+This function is deprecated, see B<NOTES> below.
-+
-+If the data is a priori known to not be encrypted, then neither PEM_do_header()
-+nor PEM_get_EVP_CIPHER_INFO() need be called.
-+
-+The final B<data> buffer is typically an ASN.1 object which can be decoded with
-+the B<d2i> function appropriate to the type B<name>.
-+
-+=head1 RETURN VALUES
-+
-+PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter
-+includes the case when no more PEM objects remain in the input file.
-+To distinguish end of file from more serious errors the caller must peek at the
-+error stack and check for B<PEM_R_NO_START_LINE>, which indicates that no more
-+PEM objects were found. See L<ERR_peek_last_error(3)>, L<ERR_GET_REASON(3)>.
-+
-+PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on
-+failure.
-+The B<data> is likely meaningless if these functions fail.
-+
-+=head1 NOTES
-+
-+The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated.
-+This is because the underlying PEM encryption format is obsolete, and should
-+be avoided.
-+It uses an encryption format with an OpenSSL-specific key-derivation function,
-+which employs MD5 with an iteration count of 1!
-+Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5
-+v2.0 PBE.
-+See L<pkcs8(1)> and L<pem(3)> and L<d2i_PKCS8PrivateKey_bio(3)>.
-+
-+=head1 SEE ALSO
-+
-+L<pem(3)>, L<ERR_peek_last_error(3)>, L<ERR_GET_LIB(3)>, L<pkcs8(1)>,
-+L<d2i_PKCS8PrivateKey_bio(3)>.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
+-
+- X509_free(x);
+- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+-
+-is guaranteed to work.
+-
+-=head1 RETURN CODES
+-
+-The read routines return either a pointer to the structure read or NULL
+-if an error occurred.
+-
+-The write routines return 1 for success or 0 for failure.
+-
+-=head1 HISTORY
+-
+-The old Netscape certificate sequences were no longer documented
+-in OpenSSL 1.1; applications should use the PKCS7 standard instead
+-as they will be formally deprecated in a future releases.
+-
+-=head1 SEE ALSO
+-
+-L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
-index 46de8f7..45a6d6b 100644
+deleted file mode 100644
+index 46de8f775a17..000000000000
--- a/doc/crypto/rand.pod
-+++ b/doc/crypto/rand.pod
-@@ -64,7 +64,7 @@ described in L<RAND_add(3)>. Its state can be saved in a seed file
- seeding process whenever the application is started.
-
- L<RAND_bytes(3)> describes how to obtain random data from the
++++ /dev/null
+@@ -1,77 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-rand - pseudo-random number generator
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/rand.h>
+-
+- int RAND_set_rand_engine(ENGINE *engine);
+-
+- int RAND_bytes(unsigned char *buf, int num);
+- int RAND_pseudo_bytes(unsigned char *buf, int num);
+-
+- void RAND_seed(const void *buf, int num);
+- void RAND_add(const void *buf, int num, int entropy);
+- int RAND_status(void);
+-
+- int RAND_load_file(const char *file, long max_bytes);
+- int RAND_write_file(const char *file);
+- const char *RAND_file_name(char *file, size_t num);
+-
+- int RAND_egd(const char *path);
+-
+- void RAND_set_rand_method(const RAND_METHOD *meth);
+- const RAND_METHOD *RAND_get_rand_method(void);
+- RAND_METHOD *RAND_OpenSSL(void);
+-
+- /* For Win32 only */
+- void RAND_screen(void);
+- int RAND_event(UINT, WPARAM, LPARAM);
+-
+-Deprecated:
+-
+- #if OPENSSL_API_COMPAT < 0x10100000L
+- void RAND_cleanup(void)
+- #endif
+-
+-=head1 DESCRIPTION
+-
+-Since the introduction of the ENGINE API, the recommended way of controlling
+-default implementations is by using the ENGINE API functions. The default
+-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
+-"rand" implementation. Hence, these two functions are no longer the recommended
+-way to control defaults.
+-
+-If an alternative B<RAND_METHOD> implementation is being used (either set
+-directly or as provided by an ENGINE module), then it is entirely responsible
+-for the generation and management of a cryptographically secure PRNG stream. The
+-mechanisms described below relate solely to the software PRNG implementation
+-built in to OpenSSL and used by default.
+-
+-These functions implement a cryptographically secure pseudo-random
+-number generator (PRNG). It is used by other library functions for
+-example to generate random keys, and applications can use it when they
+-need randomness.
+-
+-A cryptographic PRNG must be seeded with unpredictable data such as
+-mouse movements or keys pressed at random by the user. This is
+-described in L<RAND_add(3)>. Its state can be saved in a seed file
+-(see L<RAND_load_file(3)>) to avoid having to go through the
+-seeding process whenever the application is started.
+-
+-L<RAND_bytes(3)> describes how to obtain random data from the
-PRNG.
-+PRNG.
-
- =head1 SEE ALSO
-
-@@ -72,6 +72,15 @@ L<BN_rand(3)>, L<RAND_add(3)>,
- L<RAND_load_file(3)>, L<RAND_egd(3)>,
- L<RAND_bytes(3)>,
- L<RAND_set_rand_method(3)>,
+-
+-=head1 SEE ALSO
+-
+-L<BN_rand(3)>, L<RAND_add(3)>,
+-L<RAND_load_file(3)>, L<RAND_egd(3)>,
+-L<RAND_bytes(3)>,
+-L<RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)>
-+L<RAND_cleanup(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/rc4.pod b/doc/crypto/rc4.pod
-index af2a609..fe5d2d1 100644
+deleted file mode 100644
+index af2a6092eda2..000000000000
--- a/doc/crypto/rc4.pod
-+++ b/doc/crypto/rc4.pod
-@@ -54,4 +54,13 @@ multiple encryptions using the same key stream.
-
- L<EVP_EncryptInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
++++ /dev/null
+@@ -1,57 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-RC4_set_key, RC4 - RC4 encryption
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/rc4.h>
+-
+- void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+-
+- void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+- unsigned char *outdata);
+-
+-=head1 DESCRIPTION
+-
+-This library implements the Alleged RC4 cipher, which is described for
+-example in I<Applied Cryptography>. It is believed to be compatible
+-with RC4[TM], a proprietary cipher of RSA Security Inc.
+-
+-RC4 is a stream cipher with variable key length. Typically, 128 bit
+-(16 byte) keys are used for strong encryption, but shorter insecure
+-key sizes have been widely used due to export restrictions.
+-
+-RC4 consists of a key setup phase and the actual encryption or
+-decryption phase.
+-
+-RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
+-key at B<data>.
+-
+-RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
+-B<key> and places the result at B<outdata>. Repeated RC4() calls with
+-the same B<key> yield a continuous key stream.
+-
+-Since RC4 is a stream cipher (the input is XORed with a pseudo-random
+-key stream to produce the output), decryption uses the same function
+-calls as encryption.
+-
+-=head1 RETURN VALUES
+-
+-RC4_set_key() and RC4() do not return values.
+-
+-=head1 NOTE
+-
+-Applications should use the higher level functions
+-L<EVP_EncryptInit(3)> etc. instead of calling these
+-functions directly.
+-
+-It is difficult to securely use stream ciphers. For example, do not perform
+-multiple encryptions using the same key stream.
+-
+-=head1 SEE ALSO
+-
+-L<EVP_EncryptInit(3)>
+-
+-=cut
diff --git a/doc/crypto/ripemd.pod b/doc/crypto/ripemd.pod
-index c7a94cc..a372e32 100644
+deleted file mode 100644
+index c7a94cc9ab5e..000000000000
--- a/doc/crypto/ripemd.pod
-+++ b/doc/crypto/ripemd.pod
-@@ -41,7 +41,7 @@ the B<RIPEMD160_CTX>.
-
- =head1 RETURN VALUES
-
++++ /dev/null
+@@ -1,63 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
+-RIPEMD-160 hash function
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/ripemd.h>
+-
+- unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+- unsigned char *md);
+-
+- int RIPEMD160_Init(RIPEMD160_CTX *c);
+- int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+- unsigned long len);
+- int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+-
+-=head1 DESCRIPTION
+-
+-RIPEMD-160 is a cryptographic hash function with a
+-160 bit output.
+-
+-RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
+-bytes at B<d> and places it in B<md> (which must have space for
+-RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+-is placed in a static array.
+-
+-The following functions may be used if the message is not completely
+-stored in memory:
+-
+-RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
+-
+-RIPEMD160_Update() can be called repeatedly with chunks of the message to
+-be hashed (B<len> bytes at B<data>).
+-
+-RIPEMD160_Final() places the message digest in B<md>, which must have
+-space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
+-the B<RIPEMD160_CTX>.
+-
+-=head1 RETURN VALUES
+-
-RIPEMD160() returns a pointer to the hash value.
-+RIPEMD160() returns a pointer to the hash value.
-
- RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
- success, 0 otherwise.
-@@ -60,4 +60,13 @@ ISO/IEC 10118-3 (draft) (??)
-
- L<EVP_DigestInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
+-success, 0 otherwise.
+-
+-=head1 NOTE
+-
+-Applications should use the higher level functions
+-L<EVP_DigestInit(3)> etc. instead of calling these
+-functions directly.
+-
+-=head1 CONFORMING TO
+-
+-ISO/IEC 10118-3 (draft) (??)
+-
+-=head1 SEE ALSO
+-
+-L<EVP_DigestInit(3)>
+-
+-=cut
diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod
-index a1341b8..2a2a1e8 100644
+deleted file mode 100644
+index a1341b8d7c1e..000000000000
--- a/doc/crypto/rsa.pod
-+++ b/doc/crypto/rsa.pod
-@@ -18,7 +18,7 @@ rsa - RSA public key cryptosystem
- unsigned char *to, RSA *rsa, int padding);
- int RSA_private_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
++++ /dev/null
+@@ -1,103 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-rsa - RSA public key cryptosystem
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/rsa.h>
+- #include <openssl/engine.h>
+-
+- RSA * RSA_new(void);
+- void RSA_free(RSA *rsa);
+-
+- int RSA_public_encrypt(int flen, unsigned char *from,
+- unsigned char *to, RSA *rsa, int padding);
+- int RSA_private_decrypt(int flen, unsigned char *from,
+- unsigned char *to, RSA *rsa, int padding);
+- int RSA_private_encrypt(int flen, unsigned char *from,
+- unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from,
-+ int RSA_public_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-@@ -98,6 +98,15 @@ L<RSA_set_method(3)>, L<RSA_print(3)>,
- L<RSA_get_ex_new_index(3)>,
- L<RSA_private_encrypt(3)>,
- L<RSA_sign_ASN1_OCTET_STRING(3)>,
+- unsigned char *to, RSA *rsa,int padding);
+-
+- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+-
+- RSA *RSA_generate_key(int num, unsigned long e,
+- void (*callback)(int,int,void *), void *cb_arg);
+-
+- int RSA_check_key(RSA *rsa);
+-
+- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+- void RSA_blinding_off(RSA *rsa);
+-
+- void RSA_set_default_method(const RSA_METHOD *meth);
+- const RSA_METHOD *RSA_get_default_method(void);
+- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+- const RSA_METHOD *RSA_get_method(const RSA *rsa);
+- RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+- RSA_METHOD *RSA_null_method(void);
+- int RSA_flags(const RSA *rsa);
+- RSA *RSA_new_method(ENGINE *engine);
+-
+- int RSA_print(BIO *bp, RSA *x, int offset);
+- int RSA_print_fp(FILE *fp, RSA *x, int offset);
+-
+- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+- unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+- RSA *rsa);
+- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+- RSA *rsa);
+-
+-=head1 DESCRIPTION
+-
+-These functions implement RSA public key encryption and signatures
+-as defined in PKCS #1 v2.0 [RFC 2437].
+-
+-The B<RSA> structure consists of the BIGNUM components B<n>, B<e>,
+-B<d>, B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp>, which represent public
+-as well as private RSA keys.
+-
+-In public keys, the private exponent B<d> and the related secret
+-values B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> are B<NULL>.
+-
+-B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
+-keys, but the RSA operations are much faster when these values are
+-available.
+-
+-Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+-ENGINE providing support for hardware-embedded keys), these BIGNUM values
+-will not be used by the implementation or may be used for alternative data
+-storage. For this reason, applications should generally avoid using RSA
+-structure elements directly and instead use API functions to query or
+-modify keys.
+-
+-=head1 CONFORMING TO
+-
+-SSL, PKCS #1 v2.0
+-
+-=head1 PATENTS
+-
+-RSA was covered by a US patent which expired in September 2000.
+-
+-=head1 SEE ALSO
+-
+-L<rsa(1)>, L<bn(3)>, L<dsa(3)>, L<dh(3)>,
+-L<rand(3)>, L<engine(3)>, L<RSA_new(3)>, L<RSA_set0_key(3)>
+-L<RSA_public_encrypt(3)>,
+-L<RSA_sign(3)>, L<RSA_size(3)>,
+-L<RSA_generate_key(3)>,
+-L<RSA_check_key(3)>,
+-L<RSA_blinding_on(3)>,
+-L<RSA_set_method(3)>, L<RSA_print(3)>,
+-L<RSA_get_ex_new_index(3)>,
+-L<RSA_private_encrypt(3)>,
+-L<RSA_sign_ASN1_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)>
-+L<RSA_padding_add_PKCS1_type_1(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
+-
+-=cut
diff --git a/doc/crypto/sha.pod b/doc/crypto/sha.pod
-index 26f1df3..f3565bb 100644
+deleted file mode 100644
+index 26f1df3ceab0..000000000000
--- a/doc/crypto/sha.pod
-+++ b/doc/crypto/sha.pod
-@@ -81,7 +81,7 @@ used only when backward compatibility is required.
- =head1 RETURN VALUES
-
- SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
++++ /dev/null
+@@ -1,99 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update,
+-SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384,
+-SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
+-SHA512_Final - Secure Hash Algorithm
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/sha.h>
+-
+- int SHA1_Init(SHA_CTX *c);
+- int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+- int SHA1_Final(unsigned char *md, SHA_CTX *c);
+- unsigned char *SHA1(const unsigned char *d, size_t n,
+- unsigned char *md);
+-
+- int SHA224_Init(SHA256_CTX *c);
+- int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+- int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+- unsigned char *SHA224(const unsigned char *d, size_t n,
+- unsigned char *md);
+-
+- int SHA256_Init(SHA256_CTX *c);
+- int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+- int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+- unsigned char *SHA256(const unsigned char *d, size_t n,
+- unsigned char *md);
+-
+- int SHA384_Init(SHA512_CTX *c);
+- int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+- int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+- unsigned char *SHA384(const unsigned char *d, size_t n,
+- unsigned char *md);
+-
+- int SHA512_Init(SHA512_CTX *c);
+- int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+- int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+- unsigned char *SHA512(const unsigned char *d, size_t n,
+- unsigned char *md);
+-
+-=head1 DESCRIPTION
+-
+-Applications should use the higher level functions
+-L<EVP_DigestInit(3)> etc. instead of calling the hash
+-functions directly.
+-
+-SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
+-160 bit output.
+-
+-SHA1() computes the SHA-1 message digest of the B<n>
+-bytes at B<d> and places it in B<md> (which must have space for
+-SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+-is placed in a static array. Note: setting B<md> to NULL is B<not thread safe>.
+-
+-The following functions may be used if the message is not completely
+-stored in memory:
+-
+-SHA1_Init() initializes a B<SHA_CTX> structure.
+-
+-SHA1_Update() can be called repeatedly with chunks of the message to
+-be hashed (B<len> bytes at B<data>).
+-
+-SHA1_Final() places the message digest in B<md>, which must have space
+-for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
+-
+-The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the
+-same way as for the SHA1 functions. Note that SHA224 and SHA256 use a
+-B<SHA256_CTX> object instead of B<SHA_CTX>. SHA384 and SHA512 use B<SHA512_CTX>.
+-The buffer B<md> must have space for the output from the SHA variant being used
+-(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and
+-SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the
+-SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if
+-B<md> is NULL.
+-
+-The predecessor of SHA-1, SHA, is also implemented, but it should be
+-used only when backward compatibility is required.
+-
+-=head1 RETURN VALUES
+-
+-SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
-value.
-+value.
-
- SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256,
- SHA384 and SHA512 functions return 1 for success, 0 otherwise.
-@@ -96,4 +96,13 @@ ANSI X9.30
-
- L<EVP_DigestInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256,
+-SHA384 and SHA512 functions return 1 for success, 0 otherwise.
+-
+-=head1 CONFORMING TO
+-
+-US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash
+-Standard),
+-ANSI X9.30
+-
+-=head1 SEE ALSO
+-
+-L<EVP_DigestInit(3)>
+-
+-=cut
diff --git a/doc/crypto/sk_X509_num.pod b/doc/crypto/sk_X509_num.pod
deleted file mode 100644
-index eebdeb3..0000000
+index eebdeb343de3..000000000000
--- a/doc/crypto/sk_X509_num.pod
+++ /dev/null
@@ -1,200 +0,0 @@
@@ -96671,436 +112781,299 @@
-
-Use of inline functions and application defined stacks first appeared in
-OpenSSL 1.1.0. Previous versions of OpenSSL implemented stacks as macros.
-diff --git a/doc/crypto/stack.pod b/doc/crypto/stack.pod
-new file mode 100644
-index 0000000..1defff0
---- /dev/null
-+++ b/doc/crypto/stack.pod
-@@ -0,0 +1,212 @@
-+=pod
-+
-+=head1 NAME
-+
-+DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF,
-+sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_free,
-+sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push,
-+sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free,
-+sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort,
-+sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func -
-+stack container
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/safestack.h>
-+
-+ #define STACK_OF(TYPE)
-+ #define DEFINE_STACK_OF
-+ #define DEFINE_STACK_OF_CONST
-+ #define DEFINE_SPECIAL_STACK_OF
-+
-+ typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
-+ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
-+ typedef void (*sk_TYPE_freefunc)(TYPE *a);
-+
-+ int sk_TYPE_num(const STACK_OF(TYPE) *sk);
-+ TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
-+ STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
-+ STACK_OF(TYPE) *sk_TYPE_new_null(void);
-+ void sk_TYPE_free(const STACK_OF(TYPE) *sk);
-+ void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
-+ TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
-+ TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ int sk_TYPE_push(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ int sk_TYPE_unshift(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
-+ TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
-+ void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
-+ int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
-+ TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, TYPE *ptr);
-+ int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
-+ int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
-+ STACK_OF(TYPE) *sk_TYPE_dup(STACK_OF(TYPE) *sk);
-+ STACK_OF(TYPE) *sk_TYPE_deep_copy(STACK_OF(TYPE) *sk,
-+ sk_TYPE_copyfunc copyfunc,
-+ sk_TYPE_freefunc freefunc);
-+ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, sk_TYPE_compfunc compare);
-+
-+=head1 DESCRIPTION
-+
-+Applications can create and use their own stacks by placing any of the macros
-+described below in a header file. In the description below, I<TYPE> is used
-+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
-+
-+DEFINE_STACK_OF(TYPE) creates set of functions for a stack of B<TYPE>. This
-+will mean that type B<TYPE> is stored in each stack, the type is referenced by
-+STACK_OF(TYPE) and each function name begins with I<sk_TYPE_>. For example:
-+
-+ TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
-+
-+DEFINE_STACK_OF_CONST(TYPE) is identical to DEFINE_STACK_OF(TYPE) except
-+each element is constant. For example:
-+
-+ const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
-+
-+DEFINE_SPECIAL_STACK_OF(FUNCNAME, TYPE) defines a stack of B<TYPE> but
-+each function uses B<FUNCNAME> in the function name. For example:
-+
-+ TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
-+
-+sk_TYPE_num() returns the number of elements in B<sk> or -1 if B<sk> is
-+B<NULL>.
-+
-+sk_TYPE_value() returns element B<idx> in B<sk>, where B<idx> starts at
-+zero. If B<idx> is out of range then B<NULL> is returned.
-+
-+sk_TYPE_new() allocates a new empty stack using comparison function B<compar>.
-+If B<compar> is B<NULL> then no comparison function is used.
-+
-+sk_TYPE_new_null() allocates a new empty stack with no comparison function.
-+
-+sk_TYPE_set_cmp_func() sets the comparison function of B<sk> to B<compar>.
-+The previous comparison function is returned or B<NULL> if there was
-+no previous comparison function.
-+
-+sk_TYPE_free() frees up the B<sk> structure. It does B<not> free up any
-+elements of B<sk>. After this call B<sk> is no longer valid.
-+
-+sk_TYPE_zero() sets the number of elements in B<sk> to zero. It does not free
-+B<sk> so after this call B<sk> is still valid.
-+
-+sk_TYPE_pop_free() frees up all elements of B<sk> and B<sk> itself. The
-+free function freefunc() is called on each element to free it.
-+
-+sk_TYPE_delete() deletes element B<i> from B<sk>. It returns the deleted
-+element or B<NULL> if B<i> is out of range.
-+
-+sk_TYPE_delete_ptr() deletes element matching B<ptr> from B<sk>. It returns
-+the deleted element or B<NULL> if no element matching B<ptr> was found.
-+
-+sk_TYPE_insert() inserts B<ptr> into B<sk> at position B<idx>. Any existing
-+elements at or after B<idx> are moved downwards. If B<idx> is out of range
-+the new element is appended to B<sk>. sk_TYPE_insert() either returns the
-+number of elements in B<sk> after the new element is inserted or zero if
-+an error (such as memory allocation failure) occurred.
-+
-+sk_TYPE_push() appends B<ptr> to B<sk> it is equivalent to:
-+
-+ sk_TYPE_insert(sk, ptr, -1);
-+
-+sk_TYPE_unshift() inserts B<ptr> at the start of B<sk> it is equivalent to:
-+
-+ sk_TYPE_insert(sk, ptr, 0);
-+
-+sk_TYPE_pop() returns and removes the last element from B<sk>.
-+
-+sk_TYPE_shift() returns and removes the first element from B<sk>.
-+
-+sk_TYPE_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
-+element. The new element value is returned or B<NULL> if an error occurred:
-+this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
-+
-+sk_TYPE_find() and sk_TYPE_find_ex() search B<sk> using the supplied
-+comparison function for an element matching B<ptr>. sk_TYPE_find() returns
-+the index of the first matching element or B<-1> if there is no match.
-+sk_TYPE_find_ex() returns a matching element or the nearest element that
-+does not match B<ptr>. Note: if a comparison function is set then B<sk> is
-+sorted before the search which may change its order. If no comparison
-+function is set then a linear search is made for a pointer matching B<ptr>
-+and the stack is not reordered.
-+
-+sk_TYPE_sort() sorts B<sk> using the supplied comparison function.
-+
-+sk_TYPE_is_sorted() returns B<1> if B<sk> is sorted and B<0> otherwise.
-+
-+sk_TYPE_dup() returns a copy of B<sk>. Note the pointers in the copy
-+are identical to the original.
-+
-+sk_TYPE_deep_copy() returns a new stack where each element has been copied.
-+Copying is performed by the supplied copyfunc() and freeing by freefunc(). The
-+function freefunc() is only called if an error occurs.
-+
-+=head1 NOTES
-+
-+Care should be taken when accessing stacks in multi-threaded environments.
-+Any operation which increases the size of a stack such as sk_TYPE_insert() or
-+sk_push() can "grow" the size of an internal array and cause race conditions
-+if the same stack is accessed in a different thread. Operations such as
-+sk_find() and sk_sort() can also reorder the stack.
-+
-+Any comparison function supplied should use a metric suitable
-+for use in a binary search operation. That is it should return zero, a
-+positive or negative value if B<a> is equal to, greater than
-+or less than B<b> respectively.
-+
-+Care should be taken when checking the return values of the functions
-+sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the
-+matching element. In particular B<0> indicates a matching first element.
-+A failed search is indicated by a B<-1> return value.
-+
-+=head1 RETURN VALUES
-+
-+sk_TYPE_num() returns the number of elements in the stack or B<-1> if the
-+passed stack is B<NULL>.
-+
-+sk_TYPE_value() returns a pointer to a stack element or B<NULL> if the
-+index is out of range.
-+
-+sk_TYPE_new() and sk_TYPE_new_null() return an empty stack or B<NULL> if
-+an error occurs.
-+
-+sk_TYPE_set_cmp_func() returns the old comparison function or B<NULL> if
-+there was no old comparison function.
-+
-+sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and sk_TYPE_sort() do
-+not return values.
-+
-+sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr()
-+return a pointer to the deleted element or B<NULL> on error.
-+
-+sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total
-+number of elements in the stack and 0 if an error occurred.
-+
-+sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on
-+error.
-+
-+sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found element
-+or B<-1> on error.
-+
-+sk_TYPE_is_sorted() returns B<1> if the stack is sorted and B<0> if it is
-+not.
-+
-+sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy of the
-+stack.
-+
-+=head1 HISTORY
-+
-+Before OpenSSL 1.1.0, this was implemented via macros and not inline functions
-+and was not a public API.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
-index 90c5709..37671b9 100644
+deleted file mode 100644
+index 90c57098a469..000000000000
--- a/doc/crypto/threads.pod
-+++ b/doc/crypto/threads.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+CRYPTO_THREAD_run_once,
- CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
- CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support
-
-@@ -9,6 +10,9 @@ CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL threa
-
- #include <openssl/crypto.h>
-
-+ CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
-+ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
-+
- CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
- int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
- int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
-@@ -31,6 +35,16 @@ The following multi-threading function are provided:
- =over 4
-
- =item *
-+CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
-+The B<once> argument must be a pointer to a static object of type
-+B<CRYPTO_ONCE> that was statically initialized to the value
-+B<CRYPTO_ONCE_STATIC_INIT>.
-+The B<init> argument is a pointer to a function that performs the desired
-+exactly once initialization.
-+In particular, this can be used to allocate locks in a thread-safe manner,
-+which can then be used with the locking functions below.
-+
-+=item *
- CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
- lock.
-
-@@ -57,17 +71,62 @@ be the only way that the variable is modified.
-
- =head1 RETURN VALUES
-
-+CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.
-+
- CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
-
- CRYPTO_THREAD_lock_frees() returns no value.
-
- The other functions return 1 on success or 0 on error.
-
-+=head1 EXAMPLE
-+
-+This example safely initializes and uses a lock.
-+
-+ #include <openssl/crypto.h>
-+
-+ static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
-+ static CRYPTO_RWLOCK *lock;
-+
-+ static void myinit(void)
-+ {
-+ lock = CRYPTO_THREAD_lock_new();
-+ }
-+
-+ static int mylock(void)
-+ {
-+ if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
-+ return 0;
-+ return CRYPTO_THREAD_write_lock(lock);
-+ }
-+
-+ static int myunlock(void)
-+ {
-+ return CRYPTO_THREAD_unlock(lock);
-+ }
-+
-+ int serialized(void)
-+ {
-+ int ret = 0;
-+
-+ if (mylock()) {
-+ /* Your code here, do not return without releasing the lock! */
-+ ret = ... ;
-+ }
-+ myunlock();
-+ return ret;
-+ }
-+
-+Finalization of locks is an advanced topic, not covered in this example.
-+This can only be done at process exit or when a dynamically loaded library is
-+no longer in use and is unloaded.
-+The simplest solution is to just "leak" the lock in applications and not
-+repeatedly load/unload shared libraries that allocate locks.
-+
- =head1 NOTES
-
- You can find out if OpenSSL was configured with thread support:
-
++++ /dev/null
+@@ -1,82 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
+-CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/crypto.h>
+-
+- CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+- int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+- int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+- int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+- void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+-
+- int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+-
+-=head1 DESCRIPTION
+-
+-OpenSSL can be safely used in multi-threaded applications provided that
+-support for the underlying OS threading API is built-in. Currently, OpenSSL
+-supports the pthread and Windows APIs. OpenSSL can also be built without
+-any multi-threading support, for example on platforms that don't provide
+-any threading support or that provide a threading API that is not yet
+-supported by OpenSSL.
+-
+-The following multi-threading function are provided:
+-
+-=over 4
+-
+-=item *
+-CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
+-lock.
+-
+-=item *
+-CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
+-
+-=item *
+-CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
+-
+-=item *
+-CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
+-
+-=item *
+-CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
+-
+-=item *
+-CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
+-result of the operation in B<ret>. B<lock> will be locked, unless atomic
+-operations are supported on the specific platform. Because of this, if a
+-variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must
+-be the only way that the variable is modified.
+-
+-=back
+-
+-=head1 RETURN VALUES
+-
+-CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
+-
+-CRYPTO_THREAD_lock_frees() returns no value.
+-
+-The other functions return 1 on success or 0 on error.
+-
+-=head1 NOTES
+-
+-You can find out if OpenSSL was configured with thread support:
+-
- #define OPENSSL_THREAD_DEFINES
- #include <openssl/opensslconf.h>
- #if defined(OPENSSL_THREADS)
- // thread support enabled
-@@ -79,4 +138,13 @@ You can find out if OpenSSL was configured with thread support:
-
- L<crypto(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+- #include <openssl/opensslconf.h>
+- #if defined(OPENSSL_THREADS)
+- // thread support enabled
+- #else
+- // no thread support
+- #endif
+-
+-=head1 SEE ALSO
+-
+-L<crypto(3)>
+-
+-=cut
diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod
-index f03e989..a941265 100644
+deleted file mode 100644
+index f03e9895613c..000000000000
--- a/doc/crypto/ui.pod
-+++ b/doc/crypto/ui.pod
-@@ -22,30 +22,30 @@ UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
- void UI_free(UI *ui);
-
- int UI_add_input_string(UI *ui, const char *prompt, int flags,
++++ /dev/null
+@@ -1,186 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+-UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
+-UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
+-UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
+-UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
+-UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
+-UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/ui.h>
+-
+- typedef struct ui_st UI;
+- typedef struct ui_method_st UI_METHOD;
+-
+- UI *UI_new(void);
+- UI *UI_new_method(const UI_METHOD *method);
+- void UI_free(UI *ui);
+-
+- int UI_add_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
-+ char *result_buf, int minsize, int maxsize);
- int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+- int UI_dup_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
-+ char *result_buf, int minsize, int maxsize);
- int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+- int UI_add_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
-+ char *result_buf, int minsize, int maxsize, const char *test_buf);
- int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+- int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
-+ char *result_buf, int minsize, int maxsize, const char *test_buf);
- int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+- int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
-+ const char *ok_chars, const char *cancel_chars,
-+ int flags, char *result_buf);
- int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+- int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
-+ const char *ok_chars, const char *cancel_chars,
-+ int flags, char *result_buf);
- int UI_add_info_string(UI *ui, const char *text);
- int UI_dup_info_string(UI *ui, const char *text);
- int UI_add_error_string(UI *ui, const char *text);
- int UI_dup_error_string(UI *ui, const char *text);
-
- /* These are the possible flags. They can be or'ed together. */
+- int UI_add_info_string(UI *ui, const char *text);
+- int UI_dup_info_string(UI *ui, const char *text);
+- int UI_add_error_string(UI *ui, const char *text);
+- int UI_dup_error_string(UI *ui, const char *text);
+-
+- /* These are the possible flags. They can be or'ed together. */
- #define UI_INPUT_FLAG_ECHO 0x01
- #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-+ #define UI_INPUT_FLAG_ECHO 0x01
-+ #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-
- char *UI_construct_prompt(UI *ui_method,
+-
+- char *UI_construct_prompt(UI *ui_method,
- const char *object_desc, const char *object_name);
-+ const char *object_desc, const char *object_name);
-
- void *UI_add_user_data(UI *ui, void *user_data);
- void *UI_get0_user_data(UI *ui);
-@@ -55,8 +55,8 @@ UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
- int UI_process(UI *ui);
-
- int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+-
+- void *UI_add_user_data(UI *ui, void *user_data);
+- void *UI_get0_user_data(UI *ui);
+-
+- const char *UI_get0_result(UI *ui, int i);
+-
+- int UI_process(UI *ui);
+-
+- int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
- #define UI_CTRL_PRINT_ERRORS 1
- #define UI_CTRL_IS_REDOABLE 2
-+ #define UI_CTRL_PRINT_ERRORS 1
-+ #define UI_CTRL_IS_REDOABLE 2
-
- void UI_set_default_method(const UI_METHOD *meth);
- const UI_METHOD *UI_get_default_method(void);
-@@ -110,12 +110,12 @@ If B<ui> is NULL nothing is done.
-
- UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
- as well as flags and a result buffer and the desired minimum and maximum
+-
+- void UI_set_default_method(const UI_METHOD *meth);
+- const UI_METHOD *UI_get_default_method(void);
+- const UI_METHOD *UI_get_method(UI *ui);
+- const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+-
+- UI_METHOD *UI_OpenSSL(void);
+-
+-=head1 DESCRIPTION
+-
+-UI stands for User Interface, and is general purpose set of routines to
+-prompt the user for text-based information. Through user-written methods
+-(see L<ui_create(3)>), prompting can be done in any way
+-imaginable, be it plain text prompting, through dialog boxes or from a
+-cell phone.
+-
+-All the functions work through a context of the type UI. This context
+-contains all the information needed to prompt correctly as well as a
+-reference to a UI_METHOD, which is an ordered vector of functions that
+-carry out the actual prompting.
+-
+-The first thing to do is to create a UI with UI_new() or UI_new_method(),
+-then add information to it with the UI_add or UI_dup functions. Also,
+-user-defined random data can be passed down to the underlying method
+-through calls to UI_add_user_data. The default UI method doesn't care
+-about these data, but other methods might. Finally, use UI_process()
+-to actually perform the prompting and UI_get0_result() to find the result
+-to the prompt.
+-
+-A UI can contain more than one prompt, which are performed in the given
+-sequence. Each prompt gets an index number which is returned by the
+-UI_add and UI_dup functions, and has to be used to get the corresponding
+-result with UI_get0_result().
+-
+-The functions are as follows:
+-
+-UI_new() creates a new UI using the default UI method. When done with
+-this UI, it should be freed using UI_free().
+-
+-UI_new_method() creates a new UI using the given UI method. When done with
+-this UI, it should be freed using UI_free().
+-
+-UI_OpenSSL() returns the built-in UI method (note: not the default one,
+-since the default can be changed. See further on). This method is the
+-most machine/OS dependent part of OpenSSL and normally generates the
+-most problems when porting.
+-
+-UI_free() removes a UI from memory, along with all other pieces of memory
+-that's connected to it, like duplicated input strings, results and others.
+-If B<ui> is NULL nothing is done.
+-
+-UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
+-as well as flags and a result buffer and the desired minimum and maximum
-sizes of the result. The given information is used to prompt for
-information, for example a password, and to verify a password (i.e. having
-the user enter it twice and check that the same string was entered twice).
-UI_add_verify_string() takes and extra argument that should be a pointer
-to the result buffer of the input string that it's supposed to verify, or
-verification will fail.
-+sizes of the result, not counting the final NUL character. The given
-+information is used to prompt for information, for example a password,
-+and to verify a password (i.e. having the user enter it twice and check
-+that the same string was entered twice). UI_add_verify_string() takes
-+and extra argument that should be a pointer to the result buffer of the
-+input string that it's supposed to verify, or verification will fail.
-
- UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
- in a boolean way, with a single character for yes and a different character
-@@ -183,4 +183,13 @@ UI_set_method() changes the UI method associated with a given UI.
-
- L<ui_create(3)>, L<ui_compat(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
+-
+-UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
+-in a boolean way, with a single character for yes and a different character
+-for no. A set of characters that can be used to cancel the prompt is given
+-as well. The prompt itself is divided in two, one part being the
+-descriptive text (given through the I<prompt> argument) and one describing
+-the possible answers (given through the I<action_desc> argument).
+-
+-UI_add_info_string() and UI_add_error_string() add strings that are shown at
+-the same time as the prompt for extra information or to show an error string.
+-The difference between the two is only conceptual. With the builtin method,
+-there's no technical difference between them. Other methods may make a
+-difference between them, however.
+-
+-The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
+-UI_add_input_string() and will have the users response be echoed (when
+-prompting for a password, this flag should obviously not be used, and
+-UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
+-sort will be used (completely depending on the application and the UI
+-method).
+-
+-UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
+-UI_dup_info_string() and UI_dup_error_string() are basically the same
+-as their UI_add counterparts, except that they make their own copies
+-of all strings.
+-
+-UI_construct_prompt() is a helper function that can be used to create
+-a prompt from two pieces of information: an description and a name.
+-The default constructor (if there is none provided by the method used)
+-creates a string "Enter I<description> for I<name>:". With the
+-description "pass phrase" and the file name "foo.key", that becomes
+-"Enter pass phrase for foo.key:". Other methods may create whatever
+-string and may include encodings that will be processed by the other
+-method functions.
+-
+-UI_add_user_data() adds a piece of memory for the method to use at any
+-time. The builtin UI method doesn't care about this info. Note that several
+-calls to this function doesn't add data, it replaces the previous blob
+-with the one given as argument.
+-
+-UI_get0_user_data() retrieves the data that has last been given to the
+-UI with UI_add_user_data().
+-
+-UI_get0_result() returns a pointer to the result buffer associated with
+-the information indexed by I<i>.
+-
+-UI_process() goes through the information given so far, does all the printing
+-and prompting and returns.
+-
+-UI_ctrl() adds extra control for the application author. For now, it
+-understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
+-print the OpenSSL error stack as part of processing the UI, and
+-UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
+-be used again or not.
+-
+-UI_set_default_method() changes the default UI method to the one given.
+-
+-UI_get_default_method() returns a pointer to the current default UI method.
+-
+-UI_get_method() returns the UI method associated with a given UI.
+-
+-UI_set_method() changes the UI method associated with a given UI.
+-
+-=head1 SEE ALSO
+-
+-L<ui_create(3)>, L<ui_compat(3)>
+-
+-=cut
diff --git a/doc/crypto/x509.pod b/doc/crypto/x509.pod
-index 8639525..a8969de 100644
+index 863952552583..8319b1527078 100644
--- a/doc/crypto/x509.pod
+++ b/doc/crypto/x509.pod
-@@ -61,4 +61,13 @@ L<d2i_X509_SIG(3)>,
+@@ -1,5 +1,7 @@
+ =pod
+
++=for comment openssl_manual_section:7
++
+ =head1 NAME
+
+ x509 - X.509 certificate handling
+@@ -61,4 +63,13 @@ L<d2i_X509_SIG(3)>,
L<crypto(3)>,
L<x509v3(3)>
@@ -97115,9 +113088,18 @@
+
=cut
diff --git a/doc/ssl/DTLSv1_listen.pod b/doc/ssl/DTLSv1_listen.pod
-index 7416693..ab7621d 100644
+index 741669395dc8..a839d9fec191 100644
--- a/doc/ssl/DTLSv1_listen.pod
+++ b/doc/ssl/DTLSv1_listen.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-DTLSv1_listen - listen for incoming DTLS connections.
++DTLSv1_listen - listen for incoming DTLS connections
+
+ =head1 SYNOPSIS
+
@@ -90,4 +90,13 @@ L<ssl(3)>, L<bio(3)>
DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer"
also changed in OpenSSL 1.1.0.
@@ -97133,7 +113115,7 @@
+
=cut
diff --git a/doc/ssl/OPENSSL_init_ssl.pod b/doc/ssl/OPENSSL_init_ssl.pod
-index 110a282..b963e5e 100644
+index 110a28249060..b963e5e7a926 100644
--- a/doc/ssl/OPENSSL_init_ssl.pod
+++ b/doc/ssl/OPENSSL_init_ssl.pod
@@ -72,4 +72,13 @@ L<OPENSSL_init_crypto(3)>
@@ -97151,7 +113133,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod
-index 296aa32..643eea4 100644
+index 296aa3264f30..643eea4b9478 100644
--- a/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/doc/ssl/SSL_CIPHER_get_name.pod
@@ -112,4 +112,13 @@ rather than a fixed string, in OpenSSL 1.1
@@ -97169,7 +113151,7 @@
+
=cut
diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
-index fe10e1b..c455832 100644
+index fe10e1b45dea..c455832078be 100644
--- a/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -26,7 +26,7 @@ It cannot be set for specific SSL_CTX or SSL objects.
@@ -97196,7 +113178,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CONF_CTX_new.pod b/doc/ssl/SSL_CONF_CTX_new.pod
-index 329e3c7..79f0bbc 100644
+index 329e3c78e4ec..79f0bbc7dd5f 100644
--- a/doc/ssl/SSL_CONF_CTX_new.pod
+++ b/doc/ssl/SSL_CONF_CTX_new.pod
@@ -38,4 +38,13 @@ L<SSL_CONF_cmd_argv(3)>
@@ -97214,7 +113196,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
-index 5083a73..da9e580 100644
+index 5083a73876c1..da9e580244d5 100644
--- a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
+++ b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
@@ -20,7 +20,7 @@ to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value.
@@ -97241,7 +113223,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod
-index 10cfc4d..efd8da3 100644
+index 10cfc4d17f64..efd8da3bc6b6 100644
--- a/doc/ssl/SSL_CONF_CTX_set_flags.pod
+++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod
@@ -72,4 +72,13 @@ L<SSL_CONF_cmd_argv(3)>
@@ -97259,7 +113241,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
-index e7ede42..7e4120f 100644
+index e7ede4284aaf..7e4120f7ce57 100644
--- a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
+++ b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
@@ -44,4 +44,13 @@ L<SSL_CONF_cmd_argv(3)>
@@ -97277,10 +113259,10 @@
+
=cut
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
-index 17b8758..083b33a 100644
+index 17b8758605e2..083b33a1c535 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
-@@ -465,7 +465,7 @@ Set supported signature algorithms:
+@@ -465,7 +465,7 @@ pathname to an absolute pathname.
SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
@@ -97304,9 +113286,18 @@
+
=cut
diff --git a/doc/ssl/SSL_CONF_cmd_argv.pod b/doc/ssl/SSL_CONF_cmd_argv.pod
-index c06b44f..8f38db1 100644
+index c06b44f98cca..15529a597377 100644
--- a/doc/ssl/SSL_CONF_cmd_argv.pod
+++ b/doc/ssl/SSL_CONF_cmd_argv.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SSL_CONF_cmd_argv - SSL configuration command line processing.
++SSL_CONF_cmd_argv - SSL configuration command line processing
+
+ =head1 SYNOPSIS
+
@@ -39,4 +39,13 @@ L<SSL_CONF_cmd(3)>
These functions were first added to OpenSSL 1.0.2
@@ -97322,7 +113313,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_add1_chain_cert.pod b/doc/ssl/SSL_CTX_add1_chain_cert.pod
-index 545b82e..1f0418b 100644
+index 545b82ebcf08..1f0418b249c3 100644
--- a/doc/ssl/SSL_CTX_add1_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add1_chain_cert.pod
@@ -146,4 +146,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>
@@ -97340,7 +113331,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
-index 63cf2b2..e2783de 100644
+index 63cf2b2a9695..e2783de9c770 100644
--- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -68,4 +68,13 @@ L<SSL_add1_chain_cert(3)>
@@ -97358,10 +113349,10 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
-index fb8cf6a..dbdd9f0 100644
+index fb8cf6a9bf77..dbdd9f0c5419 100644
--- a/doc/ssl/SSL_CTX_add_session.pod
+++ b/doc/ssl/SSL_CTX_add_session.pod
-@@ -59,7 +59,7 @@ The following values are returned by all functions:
+@@ -59,7 +59,7 @@ over the sessions that can be resumed if desired.
session was not found in the cache.
=item Z<>1
@@ -97385,9 +113376,18 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_config.pod b/doc/ssl/SSL_CTX_config.pod
-index 0cf93dd..40144f9 100644
+index 0cf93dd99a3c..802c4c359eb4 100644
--- a/doc/ssl/SSL_CTX_config.pod
+++ b/doc/ssl/SSL_CTX_config.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure.
++SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure
+
+ =head1 SYNOPSIS
+
@@ -81,4 +81,13 @@ L<CONF_modules_load_file(3)>
SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0
@@ -97403,7 +113403,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_ctrl.pod b/doc/ssl/SSL_CTX_ctrl.pod
-index b59d267..e8386a5 100644
+index b59d267bfcf7..e8386a59302f 100644
--- a/doc/ssl/SSL_CTX_ctrl.pod
+++ b/doc/ssl/SSL_CTX_ctrl.pod
@@ -31,4 +31,13 @@ supplied via the B<cmd> parameter.
@@ -97421,7 +113421,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
-index 8463a3d..cef109f 100644
+index 8463a3d093e7..cef109f3eb02 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
@@ -71,11 +71,17 @@ The arguments specify the fields of the TLSA record.
@@ -97544,7 +113544,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_flush_sessions.pod b/doc/ssl/SSL_CTX_flush_sessions.pod
-index 103e13f..7639451 100644
+index 103e13fc6822..7639451c5dc4 100644
--- a/doc/ssl/SSL_CTX_flush_sessions.pod
+++ b/doc/ssl/SSL_CTX_flush_sessions.pod
@@ -26,7 +26,7 @@ As sessions will not be reused ones they are expired, they should be
@@ -97580,7 +113580,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod
-index 70a6314..e5cc1aa 100644
+index 70a63142a0c8..e5cc1aab7788 100644
--- a/doc/ssl/SSL_CTX_free.pod
+++ b/doc/ssl/SSL_CTX_free.pod
@@ -39,4 +39,13 @@ SSL_CTX_free() does not provide diagnostic information.
@@ -97598,7 +113598,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod
-index 6fdc2bd..6b93737 100644
+index 6fdc2bd073aa..6b9373745880 100644
--- a/doc/ssl/SSL_CTX_get0_param.pod
+++ b/doc/ssl/SSL_CTX_get0_param.pod
@@ -52,4 +52,13 @@ L<X509_VERIFY_PARAM_set_flags(3)>
@@ -97616,7 +113616,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_get_verify_mode.pod b/doc/ssl/SSL_CTX_get_verify_mode.pod
-index f75c2da..bd10034 100644
+index f75c2dae796e..bd100344d1fc 100644
--- a/doc/ssl/SSL_CTX_get_verify_mode.pod
+++ b/doc/ssl/SSL_CTX_get_verify_mode.pod
@@ -47,4 +47,13 @@ See DESCRIPTION
@@ -97634,7 +113634,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_has_client_custom_ext.pod b/doc/ssl/SSL_CTX_has_client_custom_ext.pod
-index 3a1079d..d9e9a06 100644
+index 3a1079d2b1cb..d9e9a066ea16 100644
--- a/doc/ssl/SSL_CTX_has_client_custom_ext.pod
+++ b/doc/ssl/SSL_CTX_has_client_custom_ext.pod
@@ -25,4 +25,13 @@ Returns 1 if a handler has been set, 0 otherwise.
@@ -97652,7 +113652,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
-index 53e119e..7e78bc6 100644
+index 53e119e7ae54..59d11e03ee4d 100644
--- a/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -2,8 +2,9 @@
@@ -97667,7 +113667,23 @@
=head1 SYNOPSIS
-@@ -144,4 +145,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>,
+@@ -24,9 +25,13 @@ SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
+ which CA certificates for verification purposes are located. The certificates
+ available via B<CAfile> and B<CApath> are trusted.
+
+-SSL_CTX_set_default_verify_paths() specifies that the default locations for
++SSL_CTX_set_default_verify_paths() specifies that the default locations from
+ which CA certificates are loaded should be used. There is one default directory
+-and one default file.
++and one default file. The default CA certificates directory is called "certs" in
++the default OpenSSL directory. Alternatively the SSL_CERT_DIR environment
++variable can be defined to override this location. The default CA certificates
++file is called "cert.pem" in the default OpenSSL directory. Alternatively the
++SSL_CERT_FILE environment variable can be defined to override this location.
+
+ SSL_CTX_set_default_verify_dir() is similar to
+ SSL_CTX_set_default_verify_paths() except that just the default directory is
+@@ -144,4 +149,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>,
L<SSL_CTX_set_cert_store(3)>,
L<SSL_CTX_set_client_CA_list(3)>
@@ -97682,7 +113698,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
-index f2cdc71..69b59bb 100644
+index f2cdc717ef4f..69b59bb5760b 100644
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -17,7 +17,7 @@ functions
@@ -97718,7 +113734,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_sess_number.pod b/doc/ssl/SSL_CTX_sess_number.pod
-index aa82c30..049c04c 100644
+index aa82c30a513e..049c04c44995 100644
--- a/doc/ssl/SSL_CTX_sess_number.pod
+++ b/doc/ssl/SSL_CTX_sess_number.pod
@@ -73,4 +73,13 @@ L<ssl(3)>, L<SSL_set_session(3)>,
@@ -97736,7 +113752,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
-index 3239675..5aef10b 100644
+index 32396759c3e0..5aef10bd8eda 100644
--- a/doc/ssl/SSL_CTX_sess_set_cache_size.pod
+++ b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
@@ -50,4 +50,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
@@ -97754,7 +113770,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
-index b6e266b..d2b0e04 100644
+index b6e266bccb79..d2b0e0473716 100644
--- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
@@ -9,11 +9,11 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
@@ -97796,7 +113812,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_sessions.pod b/doc/ssl/SSL_CTX_sessions.pod
-index 0099b31..bc4a55e 100644
+index 0099b31984c8..bc4a55e1a22a 100644
--- a/doc/ssl/SSL_CTX_sessions.pod
+++ b/doc/ssl/SSL_CTX_sessions.pod
@@ -31,4 +31,13 @@ L<ssl(3)>, L<lhash(3)>,
@@ -97814,7 +113830,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod
-index 4b6d1af..b0276c8 100644
+index 4b6d1af963a2..b0276c80f3a6 100644
--- a/doc/ssl/SSL_CTX_set1_curves.pod
+++ b/doc/ssl/SSL_CTX_set1_curves.pod
@@ -23,7 +23,7 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve
@@ -97850,7 +113866,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set1_sigalgs.pod b/doc/ssl/SSL_CTX_set1_sigalgs.pod
-index a63076c..e9073b9 100644
+index a63076c874d0..e9073b99e348 100644
--- a/doc/ssl/SSL_CTX_set1_sigalgs.pod
+++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod
@@ -101,4 +101,13 @@ All these functions return 1 for success and 0 for failure.
@@ -97868,7 +113884,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
-index 989e145..bfe8b70 100644
+index 989e145464f4..bfe8b70af902 100644
--- a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
+++ b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
@@ -54,7 +54,7 @@ any client certificate chain.
@@ -97895,7 +113911,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_alpn_select_cb.pod b/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
-index 1a3d92c..4859b3c 100644
+index 1a3d92c03aac..4859b3c15faa 100644
--- a/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
+++ b/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
@@ -123,4 +123,13 @@ ALPN protocol not selected.
@@ -97913,7 +113929,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_cert_cb.pod b/doc/ssl/SSL_CTX_set_cert_cb.pod
-index 9152907..eaa7a4e 100644
+index 91529070425e..eaa7a4e3cbb3 100644
--- a/doc/ssl/SSL_CTX_set_cert_cb.pod
+++ b/doc/ssl/SSL_CTX_set_cert_cb.pod
@@ -65,4 +65,13 @@ L<SSL_add1_chain_cert(3)>,
@@ -97931,7 +113947,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_cert_store.pod b/doc/ssl/SSL_CTX_set_cert_store.pod
-index 03a0937..7f7a794 100644
+index 03a0937d5903..7f7a794bdf96 100644
--- a/doc/ssl/SSL_CTX_set_cert_store.pod
+++ b/doc/ssl/SSL_CTX_set_cert_store.pod
@@ -46,7 +46,7 @@ X509_STORE object and its handling becomes available.
@@ -97958,7 +113974,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
-index 6f6fe56..ca614d1 100644
+index 6f6fe56e3a05..ca614d1a22b4 100644
--- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
@@ -26,7 +26,7 @@ SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
@@ -98003,7 +114019,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod
-index 512ca81..4e66917 100644
+index 512ca8174798..4e66917bab8d 100644
--- a/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -62,4 +62,13 @@ L<SSL_CTX_use_certificate(3)>,
@@ -98021,7 +114037,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
-index cc05d77..668fbbb 100644
+index cc05d77bc216..668fbbb906e8 100644
--- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -9,7 +9,7 @@ client certificate
@@ -98057,7 +114073,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
-index 45cef75..aed7d4f 100644
+index 45cef7598ca2..aed7d4f0c105 100644
--- a/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+++ b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
@@ -91,4 +91,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>,
@@ -98075,16 +114091,28 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
-index ec51c75..2ff33f7 100644
+index ec51c75eb4d6..2ff33f78a7c6 100644
--- a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
+++ b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
@@ -33,21 +33,29 @@ The behaviour of the callback is determined by the B<validation_mode> argument,
which can be either of B<SSL_CT_VALIDATION_PERMISSIVE> or
B<SSL_CT_VALIDATION_STRICT> as described below.
-+If B<validation_mode> is equal to B<SSL_CT_VALIDATION_STRICT>, then in a full
-+TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
-+presents no valid SCTs the handshake will be aborted.
+-If B<validation_mode> is equal to B<SSL_CT_VALIDATION_PERMISSIVE>, then the
+-handshake continues regardless of the validation status of any SCTs.
+-The application can inspect the validation status of the SCTs at handshake
+-completion.
+-Note that with session resumption there will not be any SCTs presented during
+-the handshake.
+-Therefore, in applications that delay SCT policy enforcement until after
+-handshake completion, SCT checks should only be performed when the session is
+-not reused.
+-See L<SSL_session_reused(3)>.
+-
+ If B<validation_mode> is equal to B<SSL_CT_VALIDATION_STRICT>, then in a full
+ TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
+ presents no valid SCTs the handshake will be aborted.
+-See L<SSL_set_verify(3)>.
+If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
+despite lack of valid SCTs.
+However, in that case if the verification status before the built-in callback
@@ -98095,25 +114123,14 @@
+status is part of the saved session state.
+See L<SSL_set_verify(3)>, <SSL_get_verify_result(3)>, L<SSL_session_reused(3)>.
+
- If B<validation_mode> is equal to B<SSL_CT_VALIDATION_PERMISSIVE>, then the
--handshake continues regardless of the validation status of any SCTs.
--The application can inspect the validation status of the SCTs at handshake
--completion.
++If B<validation_mode> is equal to B<SSL_CT_VALIDATION_PERMISSIVE>, then the
+handshake continues, and the verification status is not modified, regardless of
+the validation status of any SCTs.
+The application can still inspect the validation status of the SCTs at
+handshake completion.
- Note that with session resumption there will not be any SCTs presented during
- the handshake.
- Therefore, in applications that delay SCT policy enforcement until after
--handshake completion, SCT checks should only be performed when the session is
--not reused.
--See L<SSL_session_reused(3)>.
--
--If B<validation_mode> is equal to B<SSL_CT_VALIDATION_STRICT>, then in a full
--TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
--presents no valid SCTs the handshake will be aborted.
--See L<SSL_set_verify(3)>.
++Note that with session resumption there will not be any SCTs presented during
++the handshake.
++Therefore, in applications that delay SCT policy enforcement until after
+handshake completion, such delayed SCT checks should only be performed when the
+session is not resumed.
@@ -98140,7 +114157,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_ctlog_list_file.pod b/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
-index 9e5798f..737dea9 100644
+index 9e5798f04cf6..737dea9d7cbe 100644
--- a/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
+++ b/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
@@ -51,4 +51,13 @@ the case of an error, the log list may have been partially loaded.
@@ -98158,7 +114175,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod b/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
-index 3fceef9..f179f83 100644
+index 3fceef9258a3..f179f83d1af2 100644
--- a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
+++ b/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
@@ -9,41 +9,41 @@ SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext - custom TLS extens
@@ -98245,7 +114262,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
-index 45a4311..2d407bb 100644
+index 45a43112cbe6..2d407bbc39a2 100644
--- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -101,4 +101,13 @@ first added to OpenSSL 1.1.0
@@ -98263,7 +114280,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod
-index e8459c9..95b7e9e 100644
+index e8459c9e010c..95b7e9e1cad3 100644
--- a/doc/ssl/SSL_CTX_set_generate_session_id.pod
+++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod
@@ -14,7 +14,7 @@ SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_s
@@ -98290,7 +114307,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod
-index 978ce26..b0e845d 100644
+index 978ce265daf7..b0e845daa235 100644
--- a/doc/ssl/SSL_CTX_set_info_callback.pod
+++ b/doc/ssl/SSL_CTX_set_info_callback.pod
@@ -110,44 +110,53 @@ The following example callback function prints state strings, information
@@ -98300,13 +114317,20 @@
- {
- const char *str;
- int w;
--
++ {
++ const char *str;
++ int w;
+
- w=where& ~SSL_ST_MASK;
--
++ w=where& ~SSL_ST_MASK;
+
- if (w & SSL_ST_CONNECT) str="SSL_connect";
- else if (w & SSL_ST_ACCEPT) str="SSL_accept";
- else str="undefined";
--
++ if (w & SSL_ST_CONNECT) str="SSL_connect";
++ else if (w & SSL_ST_ACCEPT) str="SSL_accept";
++ else str="undefined";
+
- if (where & SSL_CB_LOOP)
- {
- BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
@@ -98331,16 +114355,6 @@
- }
- }
- }
-+ {
-+ const char *str;
-+ int w;
-+
-+ w=where& ~SSL_ST_MASK;
-+
-+ if (w & SSL_ST_CONNECT) str="SSL_connect";
-+ else if (w & SSL_ST_ACCEPT) str="SSL_accept";
-+ else str="undefined";
-+
+ if (where & SSL_CB_LOOP)
+ {
+ BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
@@ -98382,7 +114396,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_max_cert_list.pod b/doc/ssl/SSL_CTX_set_max_cert_list.pod
-index 080400c..482751e 100644
+index 080400c58339..482751e73c45 100644
--- a/doc/ssl/SSL_CTX_set_max_cert_list.pod
+++ b/doc/ssl/SSL_CTX_set_max_cert_list.pod
@@ -70,4 +70,13 @@ set value.
@@ -98400,7 +114414,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_min_proto_version.pod b/doc/ssl/SSL_CTX_set_min_proto_version.pod
-index 535ae83..8878514 100644
+index 535ae83e7a42..8878514968e5 100644
--- a/doc/ssl/SSL_CTX_set_min_proto_version.pod
+++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod
@@ -17,7 +17,7 @@ and maximum supported protocol version
@@ -98427,7 +114441,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod
-index d31c18c..1b3e783 100644
+index d31c18c8dbd6..1b3e783ad6b8 100644
--- a/doc/ssl/SSL_CTX_set_mode.pod
+++ b/doc/ssl/SSL_CTX_set_mode.pod
@@ -102,4 +102,13 @@ L<ssl(3)>, L<SSL_read(3)>, L<SSL_write(3)>, L<SSL_get_error(3)>
@@ -98445,7 +114459,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_msg_callback.pod b/doc/ssl/SSL_CTX_set_msg_callback.pod
-index 8f092da..9546e75 100644
+index 8f092da80bbd..9546e75124ae 100644
--- a/doc/ssl/SSL_CTX_set_msg_callback.pod
+++ b/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -91,4 +91,13 @@ I<version> will be B<SSL3_VERSION>.
@@ -98463,7 +114477,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
-index c132568..635b470 100644
+index c1325681e2f2..635b470e1245 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -280,4 +280,13 @@ L<dhparam(1)>
@@ -98481,7 +114495,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_psk_client_callback.pod b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
-index b7f574b..a417508 100644
+index b7f574bddf6d..a4175081c5b6 100644
--- a/doc/ssl/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
@@ -1,34 +1,5 @@
@@ -98556,7 +114570,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
-index 25bb664..d39d747 100644
+index 25bb66486732..d39d747ce741 100644
--- a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+++ b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
@@ -60,4 +60,13 @@ L<ssl(3)>, L<SSL_shutdown(3)>,
@@ -98574,7 +114588,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
-index 771d59d..e70db3c 100644
+index 771d59d6047f..e70db3c2a963 100644
--- a/doc/ssl/SSL_CTX_set_read_ahead.pod
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -50,4 +50,13 @@ and non zero otherwise.
@@ -98592,7 +114606,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_security_level.pod b/doc/ssl/SSL_CTX_set_security_level.pod
-index 2b56472..577b393 100644
+index 2b5647245756..577b3937296e 100644
--- a/doc/ssl/SSL_CTX_set_security_level.pod
+++ b/doc/ssl/SSL_CTX_set_security_level.pod
@@ -15,12 +15,12 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level,
@@ -98644,7 +114658,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
-index 4be9e24..a2e8266 100644
+index 4be9e243bd60..a2e82664d094 100644
--- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -26,7 +26,7 @@ SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
@@ -98671,7 +114685,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
-index 712b518..a873b03 100644
+index 712b5180b81b..a873b0389efd 100644
--- a/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -80,4 +80,13 @@ The operation succeeded.
@@ -98689,7 +114703,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_split_send_fragment.pod b/doc/ssl/SSL_CTX_set_split_send_fragment.pod
-index 9e7ab63..a1f42e2 100644
+index 9e7ab63b9a49..a1f42e2eaf96 100644
--- a/doc/ssl/SSL_CTX_set_split_send_fragment.pod
+++ b/doc/ssl/SSL_CTX_set_split_send_fragment.pod
@@ -58,7 +58,7 @@ explained further below. OpenSSL will only every use more than one pipeline if
@@ -98716,7 +114730,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
-index 5bbc65e..22c0370 100644
+index 5bbc65ef10f3..22c0370b7545 100644
--- a/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -58,4 +58,13 @@ L<SSL_CTX_new(3)>, L<SSL_new(3)>,
@@ -98734,7 +114748,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_timeout.pod b/doc/ssl/SSL_CTX_set_timeout.pod
-index eb9f404..470efdf 100644
+index eb9f40460de4..470efdfc29e4 100644
--- a/doc/ssl/SSL_CTX_set_timeout.pod
+++ b/doc/ssl/SSL_CTX_set_timeout.pod
@@ -56,4 +56,13 @@ L<SSL_SESSION_get_time(3)>,
@@ -98752,31 +114766,41 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
-index b8147ba..b403394 100644
+index b8147baecf98..5c58b2389570 100644
--- a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
+++ b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
-@@ -3,8 +3,9 @@
+@@ -2,9 +2,15 @@
+
=head1 NAME
- SSL_CTX_set_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg,
+-SSL_CTX_set_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg,
-SSL_set_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp,
-SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
-+SSL_CTX_set_tlsext_status_type, SSL_set_tlsext_status_type,
-+SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp - OCSP
-+Certificate Status Request functions
++SSL_CTX_set_tlsext_status_cb,
++SSL_CTX_set_tlsext_status_arg,
++SSL_CTX_set_tlsext_status_type,
++SSL_CTX_get_tlsext_status_type,
++SSL_set_tlsext_status_type,
++SSL_get_tlsext_status_type,
++SSL_get_tlsext_status_ocsp_resp,
++SSL_set_tlsext_status_ocsp_resp
++- OCSP Certificate Status Request functions
=head1 SYNOPSIS
-@@ -14,6 +15,8 @@ SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
+@@ -14,7 +20,11 @@ SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
int (*callback)(SSL *, void *));
long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+ long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
++ long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
+
long SSL_set_tlsext_status_type(SSL *s, int type);
++ long SSL_get_tlsext_status_type(SSL *s);
long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
-@@ -23,16 +26,19 @@ SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
+ long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
+@@ -23,16 +33,28 @@ SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
A client application may request that a server send back an OCSP status response
(also known as OCSP stapling). To do so the client should call the
@@ -98793,7 +114817,9 @@
-SSL_CTX_set_tlsext_status_arg(). Note that the callback will not be called in
-the event of a handshake where session resumption occurs (because there are no
-Certificates exchanged in such a handshake).
-+should be passed in the B<type> argument.
++should be passed in the B<type> argument. Calling
++SSL_CTX_get_tlsext_status_type() will return the type B<TLSEXT_STATUSTYPE_ocsp>
++previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.
+
+The client should additionally provide a callback function to decide what to do
+with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The
@@ -98802,10 +114828,17 @@
+previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the
+callback will not be called in the event of a handshake where session resumption
+occurs (because there are no Certificates exchanged in such a handshake).
++
++On the client side SSL_get_tlsext_status_type() can be used to determine whether
++the client has previously called SSL_set_tlsext_status_type(). It will return
++B<TLSEXT_STATUSTYPE_ocsp> if it has been called or -1 otherwise. On the server
++side SSL_get_tlsext_status_type() can be used to determine whether the client
++requested OCSP stapling. If the client requested it then this function will
++return B<TLSEXT_STATUSTYPE_ocsp>, or -1 otherwise.
The response returned by the server can be obtained via a call to
SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point
-@@ -64,10 +70,23 @@ returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has
+@@ -64,10 +86,31 @@ returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has
occurred).
SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),
@@ -98813,13 +114846,21 @@
-error or 1 on success.
+SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and
+SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.
++
++SSL_CTX_get_tlsext_status_type() returns the value previously set by
++SSL_CTX_set_tlsext_status_type(), or -1 if not set.
SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data
or -1 if there is no OCSP response data.
++SSL_get_tlsext_status_type() returns B<TLSEXT_STATUSTYPE_ocsp> on the client
++side if SSL_set_tlsext_status_type() was previously called, or on the server
++side if the client requested OCSP stapling. Otherwise -1 is returned.
++
+=head1 HISTORY
+
-+SSL_CTX_set_tlsext_status_type() was added in OpenSSL 1.1.0.
++SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and
++SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
@@ -98832,7 +114873,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
-index 3502c1c..5308ccc 100644
+index 3502c1cd2945..5308cccdd8a8 100644
--- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -10,13 +10,13 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
@@ -98873,7 +114914,7 @@
with I<enc> set to 0 indicating that the I<cb> function should retrieve a set
of parameters. In this case I<name> and I<iv> have already been parsed out of
the session ticket. The OpenSSL library expects that the I<name> will be used
-@@ -76,7 +76,7 @@ further processing will occur. The following return values have meaning:
+@@ -76,7 +76,7 @@ The return value of the I<cb> function is used by OpenSSL to determine what
=item Z<>2
@@ -98897,7 +114938,7 @@
the SSL/TLS session will continue by negotiating a set of cryptographic
parameters or using the alternate SSL/TLS resumption mechanism, session ids.
-@@ -133,7 +133,7 @@ Reference Implementation:
+@@ -133,7 +133,7 @@ enable an attacker to obtain the session keys.
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
return -1; /* insufficient random */
}
@@ -98906,7 +114947,7 @@
key = currentkey(); /* something that you need to implement */
if ( !key ) {
/* current key doesn't exist or isn't valid */
-@@ -146,19 +146,19 @@ Reference Implementation:
+@@ -146,19 +146,19 @@ enable an attacker to obtain the session keys.
}
}
memcpy(key_name, key->name, 16);
@@ -98931,7 +114972,7 @@
HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
-@@ -167,7 +167,7 @@ Reference Implementation:
+@@ -167,7 +167,7 @@ enable an attacker to obtain the session keys.
return 2;
}
return 1;
@@ -98955,7 +114996,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
-index 57bf211..b71450a 100644
+index 57bf211075e5..b71450ac7878 100644
--- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
@@ -126,4 +126,13 @@ L<SSL_CTX_set_tmp_rsa_callback(3)>,
@@ -98973,7 +115014,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod
-index d60bb6a..1afd548 100644
+index d60bb6a3eda8..1afd548f48be 100644
--- a/doc/ssl/SSL_CTX_set_verify.pod
+++ b/doc/ssl/SSL_CTX_set_verify.pod
@@ -208,7 +208,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
@@ -99012,7 +115053,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
-index 13bb277..3fd23a4 100644
+index 13bb27702d24..3fd23a410ee1 100644
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -20,7 +20,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
@@ -99089,7 +115130,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-index 12db0da..753074a 100644
+index 12db0daa199f..753074a720bd 100644
--- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -1,41 +1,11 @@
@@ -99167,7 +115208,7 @@
+
=cut
diff --git a/doc/ssl/SSL_CTX_use_serverinfo.pod b/doc/ssl/SSL_CTX_use_serverinfo.pod
-index 318e052..bd496ff 100644
+index 318e052e2b25..bd496ff8c5fb 100644
--- a/doc/ssl/SSL_CTX_use_serverinfo.pod
+++ b/doc/ssl/SSL_CTX_use_serverinfo.pod
@@ -20,8 +20,8 @@ A "serverinfo" extension is returned in response to an empty ClientHello
@@ -99213,7 +115254,7 @@
=cut
diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod
-index 5791da1..1906510 100644
+index 5791da1b5980..1906510e4168 100644
--- a/doc/ssl/SSL_SESSION_free.pod
+++ b/doc/ssl/SSL_SESSION_free.pod
@@ -53,4 +53,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
@@ -99231,7 +115272,7 @@
+
=cut
diff --git a/doc/ssl/SSL_SESSION_get_hostname.pod b/doc/ssl/SSL_SESSION_get_hostname.pod
-index 8b739e3..6fb12be 100644
+index 8b739e30a2d8..6fb12bec373b 100644
--- a/doc/ssl/SSL_SESSION_get_hostname.pod
+++ b/doc/ssl/SSL_SESSION_get_hostname.pod
@@ -25,4 +25,13 @@ L<d2i_SSL_SESSION(3)>,
@@ -99248,8 +115289,58 @@
+L<https://www.openssl.org/source/license.html>.
+
=cut
+diff --git a/doc/ssl/SSL_SESSION_get_protocol_version.pod b/doc/ssl/SSL_SESSION_get_protocol_version.pod
+new file mode 100644
+index 000000000000..a033fdd9bbde
+--- /dev/null
++++ b/doc/ssl/SSL_SESSION_get_protocol_version.pod
+@@ -0,0 +1,44 @@
++=pod
++
++=head1 NAME
++
++SSL_SESSION_get_protocol_version - retrieve session protocol version
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
++
++=head1 DESCRIPTION
++
++SSL_SESSION_get_protocol_version() returns the protocol version number used
++by session B<s>.
++
++=head1 RETURN VALUES
++
++SSL_SESSION_get_protocol_version() returns a number indicating the protocol
++version used for the session; this number matches the constants I<e.g.>
++B<TLS1_VERSION> or B<TLS1_2_VERSION>.
++
++Note that the SSL_SESSION_get_protocol_version() function
++does B<not> perform a null check on the provided session B<s> pointer.
++
++=head1 SEE ALSO
++
++L<ssl(3)>
++
++=head1 HISTORY
++
++SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0
++
++=head1 COPYRIGHT
++
++Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the OpenSSL license (the "License"). You may not use
++this file except in compliance with the License. You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
diff --git a/doc/ssl/SSL_SESSION_get_time.pod b/doc/ssl/SSL_SESSION_get_time.pod
-index dbbf7bf..1dd25da 100644
+index dbbf7bf6ae21..1dd25da990e4 100644
--- a/doc/ssl/SSL_SESSION_get_time.pod
+++ b/doc/ssl/SSL_SESSION_get_time.pod
@@ -52,7 +52,7 @@ valid values.
@@ -99276,7 +115367,7 @@
+
=cut
diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod
-index 92d261f..58f8e08 100644
+index 92d261f8bcc6..58f8e080e9ec 100644
--- a/doc/ssl/SSL_SESSION_has_ticket.pod
+++ b/doc/ssl/SSL_SESSION_has_ticket.pod
@@ -39,4 +39,13 @@ L<SSL_SESSION_free(3)>
@@ -99294,7 +115385,7 @@
+
=cut
diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
-index a827fb5..3248cac 100644
+index a827fb5991aa..3248cacf1e8a 100644
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -18,7 +18,7 @@ B<ssl> by setting an underlying B<BIO>.
@@ -99321,7 +115412,7 @@
+
=cut
diff --git a/doc/ssl/SSL_alert_type_string.pod b/doc/ssl/SSL_alert_type_string.pod
-index c61b61b..6e2768e 100644
+index c61b61bfdc6c..6e2768e8ff43 100644
--- a/doc/ssl/SSL_alert_type_string.pod
+++ b/doc/ssl/SSL_alert_type_string.pod
@@ -217,7 +217,7 @@ point. This message is always a warning.
@@ -99348,7 +115439,7 @@
+
=cut
diff --git a/doc/ssl/SSL_check_chain.pod b/doc/ssl/SSL_check_chain.pod
-index da6d8ab..8691994 100644
+index da6d8ab8e4dc..8691994229a0 100644
--- a/doc/ssl/SSL_check_chain.pod
+++ b/doc/ssl/SSL_check_chain.pod
@@ -82,4 +82,13 @@ for earlier versions of TLS or DTLS.
@@ -99366,7 +115457,7 @@
+
=cut
diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
-index 9a760b5..ed0ad60 100644
+index 9a760b56d253..ed0ad60cbea5 100644
--- a/doc/ssl/SSL_clear.pod
+++ b/doc/ssl/SSL_clear.pod
@@ -72,4 +72,13 @@ L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
@@ -99384,7 +115475,7 @@
+
=cut
diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
-index 8101d4d..df198f9 100644
+index 8101d4de9120..df198f9b2e7c 100644
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -18,7 +18,7 @@ underlying B<BIO>.
@@ -99411,7 +115502,7 @@
+
=cut
diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
-index 01b71ae..ffb71cc 100644
+index 01b71ae45d0f..ffb71cc0b8c7 100644
--- a/doc/ssl/SSL_do_handshake.pod
+++ b/doc/ssl/SSL_do_handshake.pod
@@ -69,4 +69,13 @@ L<SSL_get_error(3)>, L<SSL_connect(3)>,
@@ -99429,7 +115520,7 @@
+
=cut
diff --git a/doc/ssl/SSL_free.pod b/doc/ssl/SSL_free.pod
-index 2715443..eb69a16 100644
+index 27154430385e..eb69a162bc7a 100644
--- a/doc/ssl/SSL_free.pod
+++ b/doc/ssl/SSL_free.pod
@@ -42,4 +42,13 @@ L<SSL_new(3)>, L<SSL_clear(3)>,
@@ -99447,7 +115538,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get0_peer_scts.pod b/doc/ssl/SSL_get0_peer_scts.pod
-index f14ba17..05d39fe 100644
+index f14ba17a19ac..05d39fee8c01 100644
--- a/doc/ssl/SSL_get0_peer_scts.pod
+++ b/doc/ssl/SSL_get0_peer_scts.pod
@@ -33,4 +33,13 @@ SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.
@@ -99465,7 +115556,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_SSL_CTX.pod b/doc/ssl/SSL_get_SSL_CTX.pod
-index ed3a3b2..98b9bc6 100644
+index ed3a3b208b0f..98b9bc67eb84 100644
--- a/doc/ssl/SSL_get_SSL_CTX.pod
+++ b/doc/ssl/SSL_get_SSL_CTX.pod
@@ -23,4 +23,13 @@ The pointer to the SSL_CTX object is returned.
@@ -99483,7 +115574,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_all_async_fds.pod b/doc/ssl/SSL_get_all_async_fds.pod
-index a5064e2..deb81e1 100644
+index a5064e213d06..deb81e1fdf23 100644
--- a/doc/ssl/SSL_get_all_async_fds.pod
+++ b/doc/ssl/SSL_get_all_async_fds.pod
@@ -62,4 +62,13 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
@@ -99501,7 +115592,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod
-index a017392..190e679 100644
+index a01739261152..190e679dd0a6 100644
--- a/doc/ssl/SSL_get_ciphers.pod
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -70,4 +70,13 @@ See DESCRIPTION
@@ -99519,7 +115610,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod
-index 62be122..b6092fe 100644
+index 62be122e16c0..b6092fe32df8 100644
--- a/doc/ssl/SSL_get_client_CA_list.pod
+++ b/doc/ssl/SSL_get_client_CA_list.pod
@@ -9,7 +9,7 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
@@ -99546,7 +115637,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_client_random.pod b/doc/ssl/SSL_get_client_random.pod
-index 3db5a26..46a2aa3 100644
+index 3db5a26b11ac..46a2aa35ea08 100644
--- a/doc/ssl/SSL_get_client_random.pod
+++ b/doc/ssl/SSL_get_client_random.pod
@@ -41,7 +41,7 @@ details.
@@ -99573,7 +115664,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_current_cipher.pod b/doc/ssl/SSL_get_current_cipher.pod
-index 9151203..0fdf60f 100644
+index 9151203e5763..0fdf60f6c186 100644
--- a/doc/ssl/SSL_get_current_cipher.pod
+++ b/doc/ssl/SSL_get_current_cipher.pod
@@ -27,7 +27,7 @@ the B<ssl> object.
@@ -99600,7 +115691,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod
-index 9bde222..875d38a 100644
+index 9bde2227e0e7..875d38a9e6d7 100644
--- a/doc/ssl/SSL_get_default_timeout.pod
+++ b/doc/ssl/SSL_get_default_timeout.pod
@@ -38,4 +38,13 @@ L<SSL_SESSION_get_time(3)>,
@@ -99618,7 +115709,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod
-index 271f849..ddd72f7 100644
+index 271f84966661..ddd72f706516 100644
--- a/doc/ssl/SSL_get_error.pod
+++ b/doc/ssl/SSL_get_error.pod
@@ -95,9 +95,19 @@ using L<SSL_CTX_set_mode(3)> or L<SSL_set_mode(3)> and an asynchronous capable
@@ -99659,7 +115750,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod
-index ecfd090..ba4de3a 100644
+index ecfd090c8059..ba4de3a5602e 100644
--- a/doc/ssl/SSL_get_extms_support.pod
+++ b/doc/ssl/SSL_get_extms_support.pod
@@ -28,4 +28,13 @@ was used.
@@ -99677,7 +115768,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod
-index 8895747..cd5b6ec 100644
+index 8895747cee9e..cd5b6ecf4f10 100644
--- a/doc/ssl/SSL_get_fd.pod
+++ b/doc/ssl/SSL_get_fd.pod
@@ -41,4 +41,13 @@ The file descriptor linked to B<ssl>.
@@ -99695,7 +115786,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_peer_cert_chain.pod b/doc/ssl/SSL_get_peer_cert_chain.pod
-index 1320bcb..2e4f1e4 100644
+index 1320bcbcff46..2e4f1e4185e0 100644
--- a/doc/ssl/SSL_get_peer_cert_chain.pod
+++ b/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -65,4 +65,13 @@ The return value points to the certificate chain presented by the peer.
@@ -99713,7 +115804,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod
-index c605a7c..57ed272 100644
+index c605a7c6f66c..57ed2723ebcc 100644
--- a/doc/ssl/SSL_get_peer_certificate.pod
+++ b/doc/ssl/SSL_get_peer_certificate.pod
@@ -52,4 +52,13 @@ The return value points to the certificate presented by the peer.
@@ -99731,7 +115822,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_psk_identity.pod b/doc/ssl/SSL_get_psk_identity.pod
-index fe62916..d330eee 100644
+index fe6291649cee..d330eee52da4 100644
--- a/doc/ssl/SSL_get_psk_identity.pod
+++ b/doc/ssl/SSL_get_psk_identity.pod
@@ -1,39 +1,9 @@
@@ -99791,7 +115882,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_rbio.pod b/doc/ssl/SSL_get_rbio.pod
-index 4e91ce0..5ac4ca2 100644
+index 4e91ce0643e7..5ac4ca274090 100644
--- a/doc/ssl/SSL_get_rbio.pod
+++ b/doc/ssl/SSL_get_rbio.pod
@@ -37,4 +37,13 @@ The BIO linked to B<ssl>.
@@ -99809,7 +115900,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod
-index d8aa705..99936ad 100644
+index d8aa705ae6d8..99936ad76542 100644
--- a/doc/ssl/SSL_get_session.pod
+++ b/doc/ssl/SSL_get_session.pod
@@ -70,4 +70,13 @@ L<ssl(3)>, L<SSL_free(3)>,
@@ -99827,7 +115918,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_shared_sigalgs.pod b/doc/ssl/SSL_get_shared_sigalgs.pod
-index ad305e6..6a70e90 100644
+index ad305e6b5c78..6a70e9023ba0 100644
--- a/doc/ssl/SSL_get_shared_sigalgs.pod
+++ b/doc/ssl/SSL_get_shared_sigalgs.pod
@@ -65,7 +65,7 @@ The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and
@@ -99854,7 +115945,7 @@
+
=cut
diff --git a/doc/ssl/SSL_get_verify_result.pod b/doc/ssl/SSL_get_verify_result.pod
-index 8b25eb2..3b8b657 100644
+index 8b25eb2fcbf9..3b8b6578468f 100644
--- a/doc/ssl/SSL_get_verify_result.pod
+++ b/doc/ssl/SSL_get_verify_result.pod
@@ -54,4 +54,13 @@ L<ssl(3)>, L<SSL_set_verify_result(3)>,
@@ -99872,13 +115963,46 @@
+
=cut
diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod
-index e0c7034..8d4416f 100644
+index e0c7034f2e3a..23b6497d4f3b 100644
--- a/doc/ssl/SSL_get_version.pod
+++ b/doc/ssl/SSL_get_version.pod
-@@ -47,4 +47,13 @@ This indicates that no version has been set (no connection established).
+@@ -2,7 +2,7 @@
+ =head1 NAME
+
+-SSL_get_version - get the protocol version of a connection.
++SSL_get_version, SSL_is_dtls - get the protocol information of a connection
+
+ =head1 SYNOPSIS
+
+@@ -10,14 +10,18 @@ SSL_get_version - get the protocol version of a connection.
+
+ const char *SSL_get_version(const SSL *ssl);
+
++ int SSL_is_dtls(const SSL *ssl);
++
+ =head1 DESCRIPTION
+
+ SSL_get_version() returns the name of the protocol used for the
+ connection B<ssl>.
+
++SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
++
+ =head1 RETURN VALUES
+
+-The following strings can be returned:
++SSL_get_version() returns one of the following strings:
+
+ =over 4
+
+@@ -47,4 +51,17 @@ This indicates that no version has been set (no connection established).
+
L<ssl(3)>
++=head1 HISTORY
++
++SSL_is_dtls() was added in OpenSSL 1.1.0.
++
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -99890,7 +116014,7 @@
+
=cut
diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod
-index c872858..57b65d5 100644
+index c872858ca348..57b65d5d560e 100644
--- a/doc/ssl/SSL_library_init.pod
+++ b/doc/ssl/SSL_library_init.pod
@@ -21,7 +21,7 @@ OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init().
@@ -99917,10 +116041,10 @@
+
=cut
diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod
-index f9da0c2..cc6a19c 100644
+index f9da0c21ab9b..cc6a19cdea90 100644
--- a/doc/ssl/SSL_load_client_CA_file.pod
+++ b/doc/ssl/SSL_load_client_CA_file.pod
-@@ -30,7 +30,7 @@ Load names of CAs from file and use it as a client CA list:
+@@ -30,7 +30,7 @@ it is not limited to CA certificates.
SSL_CTX *ctx;
STACK_OF(X509_NAME) *cert_names;
@@ -99944,7 +116068,7 @@
+
=cut
diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod
-index f0e0795..a5a3ff9 100644
+index f0e07951e377..a5a3ff98f74d 100644
--- a/doc/ssl/SSL_new.pod
+++ b/doc/ssl/SSL_new.pod
@@ -9,7 +9,7 @@ SSL_new, SSL_up_ref - create a new SSL structure for a connection
@@ -99980,7 +116104,7 @@
+
=cut
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
-index d247fa3..f6ed565 100644
+index d247fa33f9be..f6ed5652a138 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
@@ -56,4 +56,13 @@ L<SSL_CTX_set_split_send_fragment(3)>, L<ssl(3)>
@@ -99998,9 +116122,18 @@
+
=cut
diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
-index e0a9bd4..a3cbe4e 100644
+index e0a9bd47bcee..8dff2448d004 100644
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SSL_read - read bytes from a TLS/SSL connection.
++SSL_read - read bytes from a TLS/SSL connection
+
+ =head1 SYNOPSIS
+
@@ -22,7 +22,7 @@ not already explicitly performed by L<SSL_connect(3)> or
L<SSL_accept(3)>. If the
peer requests a re-negotiation, it will be performed transparently during
@@ -100034,7 +116167,7 @@
+
=cut
diff --git a/doc/ssl/SSL_rstate_string.pod b/doc/ssl/SSL_rstate_string.pod
-index 7309483..7775913 100644
+index 7309483ce936..7775913beba8 100644
--- a/doc/ssl/SSL_rstate_string.pod
+++ b/doc/ssl/SSL_rstate_string.pod
@@ -56,4 +56,13 @@ The read state is unknown. This should never happen.
@@ -100052,7 +116185,7 @@
+
=cut
diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
-index 4a738fa..eda66b2 100644
+index 4a738fa3200a..eda66b2bc89d 100644
--- a/doc/ssl/SSL_session_reused.pod
+++ b/doc/ssl/SSL_session_reused.pod
@@ -42,4 +42,13 @@ A session was reused.
@@ -100070,10 +116203,10 @@
+
=cut
diff --git a/doc/ssl/SSL_set1_host.pod b/doc/ssl/SSL_set1_host.pod
-index 0ef2448..b77d41f 100644
+index 0ef244843841..3339a0e803b5 100644
--- a/doc/ssl/SSL_set1_host.pod
+++ b/doc/ssl/SSL_set1_host.pod
-@@ -2,8 +2,8 @@
+@@ -2,13 +2,12 @@
=head1 NAME
@@ -100084,7 +116217,12 @@
=head1 SYNOPSIS
-@@ -72,8 +72,6 @@ applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
+ #include <openssl/ssl.h>
+- #include <openssl/x509_vfy.h>
+
+ int SSL_set1_host(SSL *s, const char *hostname);
+ int SSL_add1_host(SSL *s, const char *hostname);
+@@ -72,8 +71,6 @@ applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
matched. Otherwise, it returns the matched peername. To determine
whether verification succeeded call L<SSL_get_verify_result(3)>.
@@ -100093,7 +116231,7 @@
=head1 EXAMPLE
Suppose "smtp.example.com" is the MX host of the domain "example.com".
-@@ -112,4 +110,13 @@ L<SSL_dane_enable(3)>.
+@@ -112,4 +109,13 @@ L<SSL_dane_enable(3)>.
These functions were first added to OpenSSL 1.1.0.
@@ -100108,7 +116246,7 @@
+
=cut
diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod
-index 3e87ee1..6d16233 100644
+index 3e87ee157eba..6d162339a54a 100644
--- a/doc/ssl/SSL_set_bio.pod
+++ b/doc/ssl/SSL_set_bio.pod
@@ -40,4 +40,13 @@ L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>
@@ -100126,7 +116264,7 @@
+
=cut
diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod
-index 4c3626c..60c18a4 100644
+index 4c3626c25903..60c18a4510b9 100644
--- a/doc/ssl/SSL_set_connect_state.pod
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -52,4 +52,13 @@ L<SSL_write(3)>, L<SSL_read(3)>,
@@ -100144,7 +116282,7 @@
+
=cut
diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
-index faf1d17..e1f9988 100644
+index faf1d171916d..e1f9988db554 100644
--- a/doc/ssl/SSL_set_fd.pod
+++ b/doc/ssl/SSL_set_fd.pod
@@ -51,4 +51,13 @@ L<SSL_get_fd(3)>, L<SSL_set_bio(3)>,
@@ -100162,7 +116300,7 @@
+
=cut
diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
-index c9e31c4..0a8a208 100644
+index c9e31c45fb5a..0a8a208a970b 100644
--- a/doc/ssl/SSL_set_session.pod
+++ b/doc/ssl/SSL_set_session.pod
@@ -54,4 +54,13 @@ L<SSL_get_session(3)>,
@@ -100180,7 +116318,7 @@
+
=cut
diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
-index 91d7697..ecdf60c 100644
+index 91d76970365c..ecdf60cff353 100644
--- a/doc/ssl/SSL_set_shutdown.pod
+++ b/doc/ssl/SSL_set_shutdown.pod
@@ -69,4 +69,13 @@ L<ssl(3)>, L<SSL_shutdown(3)>,
@@ -100198,7 +116336,7 @@
+
=cut
diff --git a/doc/ssl/SSL_set_verify_result.pod b/doc/ssl/SSL_set_verify_result.pod
-index 2c6d0b4..8738d78 100644
+index 2c6d0b476078..8738d7828c1f 100644
--- a/doc/ssl/SSL_set_verify_result.pod
+++ b/doc/ssl/SSL_set_verify_result.pod
@@ -35,4 +35,13 @@ L<ssl(3)>, L<SSL_get_verify_result(3)>,
@@ -100216,7 +116354,7 @@
+
=cut
diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
-index 169079a..e8ec454 100644
+index 169079af5096..e8ec4546a3c7 100644
--- a/doc/ssl/SSL_shutdown.pod
+++ b/doc/ssl/SSL_shutdown.pod
@@ -12,7 +12,7 @@ SSL_shutdown - shut down a TLS/SSL connection
@@ -100252,7 +116390,7 @@
+
=cut
diff --git a/doc/ssl/SSL_state_string.pod b/doc/ssl/SSL_state_string.pod
-index 0d2ba61..a2f59e8 100644
+index 0d2ba61bbf86..a2f59e84e8e1 100644
--- a/doc/ssl/SSL_state_string.pod
+++ b/doc/ssl/SSL_state_string.pod
@@ -42,4 +42,13 @@ Detailed description of possible states to be included later.
@@ -100270,7 +116408,7 @@
+
=cut
diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod
-index e8b426c..e179d6b 100644
+index e8b426c7b550..e179d6befac6 100644
--- a/doc/ssl/SSL_want.pod
+++ b/doc/ssl/SSL_want.pod
@@ -2,7 +2,9 @@
@@ -100332,9 +116470,18 @@
+
=cut
diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
-index 1fff854..671796b 100644
+index 1fff8548c8b3..5ab079042e24 100644
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SSL_write - write bytes to a TLS/SSL connection.
++SSL_write - write bytes to a TLS/SSL connection
+
+ =head1 SYNOPSIS
+
@@ -22,7 +22,7 @@ not already explicitly performed by L<SSL_connect(3)> or
L<SSL_accept(3)>. If the
peer requests a re-negotiation, it will be performed transparently during
@@ -100368,13 +116515,72 @@
+
=cut
diff --git a/doc/ssl/d2i_SSL_SESSION.pod b/doc/ssl/d2i_SSL_SESSION.pod
-index 985d158..628c7e4 100644
+index 985d1580f9bc..d6b17071f65c 100644
--- a/doc/ssl/d2i_SSL_SESSION.pod
+++ b/doc/ssl/d2i_SSL_SESSION.pod
-@@ -73,4 +73,13 @@ When the session is not valid, B<0> is returned and no operation is performed.
+@@ -13,28 +13,8 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 repre
+
+ =head1 DESCRIPTION
+
+-d2i_SSL_SESSION() transforms the external ASN1 representation of an SSL/TLS
+-session, stored as binary data at location B<pp> with length B<length>, into
+-an SSL_SESSION object.
+-
+-i2d_SSL_SESSION() transforms the SSL_SESSION object B<in> into the ASN1
+-representation and stores it into the memory location pointed to by B<pp>.
+-The length of the resulting ASN1 representation is returned. If B<pp> is
+-the NULL pointer, only the length is calculated and returned.
+-
+-=head1 NOTES
+-
+-The SSL_SESSION object is built from several malloc()ed parts, it can
+-therefore not be moved, copied or stored directly. In order to store
+-session data on disk or into a database, it must be transformed into
+-a binary ASN1 representation.
+-
+-When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
+-allocated. The reference count is 1, so that the session must be
+-explicitly removed using L<SSL_SESSION_free(3)>,
+-unless the SSL_SESSION object is completely taken over, when being called
+-inside the get_session_cb() (see
+-L<SSL_CTX_sess_set_get_cb(3)>).
++These functions decode and encode an SSL_SESSION object.
++For encoding details see L<d2i_X509(3)>.
+
+ SSL_SESSION objects keep internal link information about the session cache
+ list, when being inserted into one SSL_CTX object's session cache.
+@@ -42,23 +22,6 @@ One SSL_SESSION object, regardless of its reference count, must therefore
+ only be used with one SSL_CTX object (and the SSL objects created
+ from this SSL_CTX object).
+
+-When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
+-large enough to hold the binary representation of the session. There is no
+-known limit on the size of the created ASN1 representation, so the necessary
+-amount of space should be obtained by first calling i2d_SSL_SESSION() with
+-B<pp=NULL>, and obtain the size needed, then allocate the memory and
+-call i2d_SSL_SESSION() again.
+-Note that this will advance the value contained in B<*pp> so it is necessary
+-to save a copy of the original allocation.
+-For example:
+- int i,j;
+- char *p, *temp;
+- i = i2d_SSL_SESSION(sess, NULL);
+- p = temp = malloc(i);
+- j = i2d_SSL_SESSION(sess, &temp);
+- assert(i == j);
+- assert(p+i == temp);
+-
+ =head1 RETURN VALUES
+
+ d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
+@@ -71,6 +34,16 @@ When the session is not valid, B<0> is returned and no operation is performed.
+ =head1 SEE ALSO
+
L<ssl(3)>, L<SSL_SESSION_free(3)>,
- L<SSL_CTX_sess_set_get_cb(3)>
-
+-L<SSL_CTX_sess_set_get_cb(3)>
++L<SSL_CTX_sess_set_get_cb(3)>,
++L<d2i_X509(3)>
++
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -100383,26 +116589,30 @@
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
-+
+
=cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
-index 7e2cd85..ee14781 100644
+index 7e2cd85ffead..589fc2dbd949 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
-@@ -1,12 +1,9 @@
+@@ -1,12 +1,15 @@
-
=pod
++=for comment openssl_manual_section:7
++
=head1 NAME
SSL - OpenSSL SSL/TLS library
--=head1 SYNOPSIS
--
+ =head1 SYNOPSIS
+
++See the individual manual pages for details.
++
=head1 DESCRIPTION
The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
-@@ -111,7 +108,7 @@ it's already included by ssl.h>.
+@@ -111,7 +114,7 @@ it's already included by ssl.h>.
Currently the OpenSSL B<ssl> library exports 214 API functions.
They are documented in the following:
@@ -100411,7 +116621,7 @@
Here we document the various API functions which deal with the SSL/TLS
protocol methods defined in B<SSL_METHOD> structures.
-@@ -182,7 +179,7 @@ Constructor for the SSLv3 SSL_METHOD structure for servers.
+@@ -182,7 +185,7 @@ Constructor for the SSLv3 SSL_METHOD structure for servers.
=back
@@ -100420,7 +116630,7 @@
Here we document the various API functions which deal with the SSL/TLS
ciphers defined in B<SSL_CIPHER> structures.
-@@ -214,7 +211,7 @@ in the specification the first time).
+@@ -214,7 +217,7 @@ in the specification the first time).
=back
@@ -100429,7 +116639,7 @@
Here we document the various API functions which deal with the SSL/TLS
protocol context defined in the B<SSL_CTX> structure.
-@@ -265,13 +262,13 @@ protocol context defined in the B<SSL_CTX> structure.
+@@ -265,13 +268,13 @@ protocol context defined in the B<SSL_CTX> structure.
=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
@@ -100445,7 +116655,7 @@
=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
-@@ -380,19 +377,19 @@ Use the file path to locate trusted CA certificates.
+@@ -380,19 +383,19 @@ Use the file path to locate trusted CA certificates.
=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
@@ -100468,7 +116678,7 @@
=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
-@@ -405,11 +402,9 @@ Use the file path to locate trusted CA certificates.
+@@ -405,11 +408,9 @@ Use the file path to locate trusted CA certificates.
=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
@@ -100481,7 +116691,7 @@
Here we document the various API functions which deal with the SSL/TLS
sessions defined in the B<SSL_SESSION> structures.
-@@ -448,7 +443,7 @@ sessions defined in the B<SSL_SESSION> structures.
+@@ -448,7 +449,7 @@ sessions defined in the B<SSL_SESSION> structures.
=back
@@ -100490,8 +116700,17 @@
Here we document the various API functions which deal with the SSL/TLS
connection defined in the B<SSL> structure.
-@@ -595,11 +590,11 @@ fresh handle for each connection.
+@@ -521,6 +522,8 @@ fresh handle for each connection.
+ =item const char *B<SSL_get_cipher>(const SSL *ssl);
+
++=item int B<SSL_is_dtls>(const SSL *ssl);
++
+ =item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
+
+ =item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
+@@ -595,11 +598,11 @@ fresh handle for each connection.
+
=item int B<SSL_is_init_finished>(SSL *ssl);
-=item STACK *B<SSL_load_client_CA_file>(char *file);
@@ -100504,7 +116723,7 @@
=item long B<SSL_num_renegotiations>(SSL *ssl);
-@@ -683,19 +678,19 @@ Returns the current handshake state.
+@@ -683,19 +686,19 @@ Returns the current handshake state.
=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
@@ -100527,15 +116746,26 @@
=item int B<SSL_version>(const SSL *ssl);
-@@ -808,5 +803,13 @@ in OpenSSL 1.1.0.
+@@ -723,6 +726,10 @@ Returns the current handshake state.
+
+ =back
+
++=head1 RETURN VALUES
++
++See the individual manual pages for details.
++
+ =head1 SEE ALSO
+
+ L<openssl(1)>, L<crypto(3)>,
+@@ -808,5 +815,13 @@ in OpenSSL 1.1.0.
The return type of B<SSL_copy_session_id> was changed from void to int in
OpenSSL 1.1.0.
-=cut
+=head1 COPYRIGHT
+
++Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
@@ -100543,13 +116773,15 @@
+
+=cut
diff --git a/e_os.h b/e_os.h
-index 0124e5e..700d7d0 100644
+index 0124e5e67faa..495133563586 100644
--- a/e_os.h
+++ b/e_os.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -100597,9 +116829,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -100654,7 +116884,7 @@
# ifdef USE_SOCKETS
# ifdef OPENSSL_NO_SOCK
# elif defined(WINDOWS) || defined(MSDOS)
-@@ -517,12 +469,15 @@ struct servent *PASCAL getservbyname(const char *, const char *);
+@@ -517,12 +469,17 @@ struct servent *PASCAL getservbyname(const char *, const char *);
# if defined(OPENSSL_SYS_WINDOWS)
# define strcasecmp _stricmp
# define strncasecmp _strnicmp
@@ -100668,7 +116898,9 @@
+# define open _open
+# define fdopen _fdopen
+# define close _close
-+# define strdup _strdup
++# ifndef strdup
++# define strdup _strdup
++# endif
+# define unlink _unlink
+# endif
+# else
@@ -100676,7 +116908,7 @@
# endif
/* vxworks */
-@@ -552,13 +507,6 @@ struct servent *getservbyname(const char *name, const char *proto);
+@@ -552,13 +509,6 @@ struct servent *getservbyname(const char *name, const char *proto);
# endif
/* end vxworks */
@@ -100692,7 +116924,7 @@
#ifdef __cplusplus
diff --git a/engines/Makefile.in b/engines/Makefile.in
deleted file mode 100644
-index e37c4e2..0000000
+index e37c4e2be98b..000000000000
--- a/engines/Makefile.in
+++ /dev/null
@@ -1,119 +0,0 @@
@@ -100817,7 +117049,7 @@
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/engines/afalg/Makefile.in b/engines/afalg/Makefile.in
deleted file mode 100644
-index 8a7408f..0000000
+index 8a7408fbcb70..000000000000
--- a/engines/afalg/Makefile.in
+++ /dev/null
@@ -1,75 +0,0 @@
@@ -100897,7 +117129,7 @@
- ../../include/openssl/pkcs7.h ../../include/openssl/async.h e_afalg.h \
- e_afalg_err.h
diff --git a/engines/afalg/build.info b/engines/afalg/build.info
-index 5aba447..d096279 100644
+index 5aba44716ae9..d0962792acfa 100644
--- a/engines/afalg/build.info
+++ b/engines/afalg/build.info
@@ -9,7 +9,7 @@ IF[{- !$disabled{"engine"} -}]
@@ -100910,7 +117142,7 @@
ENDIF
ENDIF
diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c
-index d8599a1..ec2a57e 100644
+index d8599a165b60..2d6fa58b9f77 100644
--- a/engines/afalg/e_afalg.c
+++ b/engines/afalg/e_afalg.c
@@ -1,55 +1,10 @@
@@ -100984,8 +117216,68 @@
static int afalg_cipher_nids[] = {
NID_aes_128_cbc
+@@ -139,27 +94,27 @@ static int afalg_cipher_nids[] = {
+
+ static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+
+-static inline int io_setup(unsigned n, aio_context_t *ctx)
++static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
+ {
+ return syscall(__NR_io_setup, n, ctx);
+ }
+
+-static inline int eventfd(int n)
++static ossl_inline int eventfd(int n)
+ {
+ return syscall(__NR_eventfd, n);
+ }
+
+-static inline int io_destroy(aio_context_t ctx)
++static ossl_inline int io_destroy(aio_context_t ctx)
+ {
+ return syscall(__NR_io_destroy, ctx);
+ }
+
+-static inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
++static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
+ {
+ return syscall(__NR_io_submit, ctx, n, iocb);
+ }
+
+-static inline int io_getevents(aio_context_t ctx, long min, long max,
++static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
+ struct io_event *events,
+ struct timespec *timeout)
+ {
+@@ -275,7 +230,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+ memset(cb, '\0', sizeof(*cb));
+ cb->aio_fildes = sfd;
+ cb->aio_lio_opcode = IOCB_CMD_PREAD;
+- cb->aio_buf = (unsigned long)buf;
++ cb->aio_buf = (uint64_t)buf;
+ cb->aio_offset = 0;
+ cb->aio_data = 0;
+ cb->aio_nbytes = len;
+@@ -355,7 +310,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+ return 1;
+ }
+
+-static inline void afalg_set_op_sk(struct cmsghdr *cmsg,
++static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
+ const unsigned int op)
+ {
+ cmsg->cmsg_level = SOL_ALG;
+@@ -377,7 +332,7 @@ static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
+ memcpy(aiv->iv, iv, len);
+ }
+
+-static inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
++static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
+ const int klen)
+ {
+ int ret;
diff --git a/engines/afalg/e_afalg.h b/engines/afalg/e_afalg.h
-index 8b589e4..8f4d2d1 100644
+index 8b589e4b4b67..8f4d2d11f1d4 100644
--- a/engines/afalg/e_afalg.h
+++ b/engines/afalg/e_afalg.h
@@ -1,59 +1,14 @@
@@ -101057,7 +117349,7 @@
# ifdef ALG_DEBUG
# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
diff --git a/engines/afalg/e_afalg_err.c b/engines/afalg/e_afalg_err.c
-index 71c4a01..ca394ed 100644
+index 71c4a010d655..ca394edb7b8d 100644
--- a/engines/afalg/e_afalg_err.c
+++ b/engines/afalg/e_afalg_err.c
@@ -1,55 +1,10 @@
@@ -101123,7 +117415,7 @@
/*
diff --git a/engines/afalg/e_afalg_err.h b/engines/afalg/e_afalg_err.h
-index 64468c3..21abc97 100644
+index 64468c38687e..21abc979c6a5 100644
--- a/engines/afalg/e_afalg_err.h
+++ b/engines/afalg/e_afalg_err.h
@@ -1,55 +1,16 @@
@@ -101206,7 +117498,7 @@
void ERR_unload_AFALG_strings(void);
void ERR_AFALG_error(int function, int reason, char *file, int line);
diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl
-index 1a22dc8..bf6b312 100644
+index 1a22dc88e48c..bf6b312cd1b8 100644
--- a/engines/asm/e_padlock-x86.pl
+++ b/engines/asm/e_padlock-x86.pl
@@ -1,4 +1,11 @@
@@ -101223,7 +117515,7 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl
-index 07c0a6d..bf57da7 100644
+index 07c0a6d08448..da285abc61dd 100644
--- a/engines/asm/e_padlock-x86_64.pl
+++ b/engines/asm/e_padlock-x86_64.pl
@@ -1,4 +1,11 @@
@@ -101239,8 +117531,17 @@
# ====================================================================
# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+@@ -23,7 +30,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+ ( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
+ die "can't locate x86_64-xlate.pl";
+
+-open OUT,"| \"$^X\" $xlate $flavour $output";
++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+ *STDOUT=*OUT;
+
+ $code=".text\n";
diff --git a/engines/build.info b/engines/build.info
-index 065d412..850ecac 100644
+index 065d4121ef5e..850ecac8b624 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -12,19 +12,19 @@ IF[{- !$disabled{"engine"} -}]
@@ -101267,8 +117568,15 @@
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+diff --git a/engines/capierr.bat b/engines/capierr.bat
+deleted file mode 100644
+index 274ffac2fe63..000000000000
+--- a/engines/capierr.bat
++++ /dev/null
+@@ -1 +0,0 @@
+-perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c
diff --git a/engines/e_capi.c b/engines/e_capi.c
-index 5bf0fe9..f2d5c3e 100644
+index 5bf0fe94b330..f2d5c3e09128 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1,54 +1,10 @@
@@ -101278,7 +117586,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -101304,8 +117613,7 @@
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
@@ -101534,7 +117842,7 @@
return 1;
}
diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c
-index 1de6f25..64e963a 100644
+index 1de6f25ab044..64e963a5eb9d 100644
--- a/engines/e_capi_err.c
+++ b/engines/e_capi_err.c
@@ -1,55 +1,10 @@
@@ -101600,7 +117908,7 @@
/*
diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
-index 01ec2ef..bbaffad 100644
+index 01ec2efaec0b..bbaffada3d89 100644
--- a/engines/e_capi_err.h
+++ b/engines/e_capi_err.h
@@ -1,55 +1,16 @@
@@ -101683,7 +117991,7 @@
static void ERR_unload_CAPI_strings(void);
static void ERR_CAPI_error(int function, int reason, char *file, int line);
diff --git a/engines/e_chil.c b/engines/e_chil.c
-index b09d525..0fb7aa4 100644
+index b09d5259a951..8d81b46fec5b 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -1,60 +1,10 @@
@@ -101752,7 +118060,40 @@
*/
#include <stdio.h>
-@@ -1262,7 +1212,7 @@ static int hwcrhk_insert_card(const char *prompt_info,
+@@ -359,8 +309,10 @@ static int bind_helper(ENGINE *e)
+ # endif
+
+ chil_lock = CRYPTO_THREAD_lock_new();
+- if (chil_lock == NULL)
++ if (chil_lock == NULL) {
++ HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
+ return 0;
++ }
+
+ if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
+ !ENGINE_set_name(e, engine_hwcrhk_name) ||
+@@ -689,7 +641,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+ CRYPTO_THREAD_write_lock(chil_lock);
+ BIO_free(logstream);
+ logstream = NULL;
+- if (BIO_up_ref(bio)
++ if (BIO_up_ref(bio))
+ logstream = bio;
+ else
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
+@@ -1142,8 +1094,10 @@ static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
+ HWCryptoHook_CallerContext * cactx)
+ {
+ mt->lock = CRYPTO_THREAD_lock_new();
+- if (mt->lock == NULL)
++ if (mt->lock == NULL) {
++ HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
+ return 1; /* failure */
++ }
+ return 0; /* success */
+ }
+
+@@ -1262,7 +1216,7 @@ static int hwcrhk_insert_card(const char *prompt_info,
ui = UI_new_method(ui_method);
if (ui) {
@@ -101762,7 +118103,7 @@
/*
* Despite what the documentation says wrong_info can be an empty
diff --git a/engines/e_chil_err.c b/engines/e_chil_err.c
-index 2cfcab2..0058684 100644
+index 2cfcab290d03..0058684f79c2 100644
--- a/engines/e_chil_err.c
+++ b/engines/e_chil_err.c
@@ -1,55 +1,10 @@
@@ -101828,7 +118169,7 @@
/*
diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
-index 3d961b9..42fdd19 100644
+index 3d961b9340bd..b0f0dd98d3d5 100644
--- a/engines/e_chil_err.h
+++ b/engines/e_chil_err.h
@@ -1,55 +1,16 @@
@@ -101910,8 +118251,17 @@
static void ERR_load_HWCRHK_strings(void);
static void ERR_unload_HWCRHK_strings(void);
static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+@@ -82,6 +39,8 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+ # define HWCRHK_F_HWCRHK_MOD_EXP 107
+ # define HWCRHK_F_HWCRHK_RAND_BYTES 108
+ # define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
++# define HWCRHK_F_BIND_HELPER 110
++# define HWCRHK_F_HWCRHK_MUTEX_INIT 111
+
+ /* Reason codes. */
+ # define HWCRHK_R_ALREADY_LOADED 100
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
-index 27a5602..ed3f00a 100644
+index 27a560236419..ed3f00adb6d6 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -1,53 +1,10 @@
@@ -101920,7 +118270,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -101951,8 +118302,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -101983,7 +118333,7 @@
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
diff --git a/engines/e_dasync_err.c b/engines/e_dasync_err.c
-index 3b462ba..a9e7765 100644
+index 3b462ba85129..a9e776531428 100644
--- a/engines/e_dasync_err.c
+++ b/engines/e_dasync_err.c
@@ -1,55 +1,10 @@
@@ -102049,7 +118399,7 @@
/*
diff --git a/engines/e_dasync_err.h b/engines/e_dasync_err.h
-index 304eeef..b01fead 100644
+index 304eeef5e99b..b01fead2acb1 100644
--- a/engines/e_dasync_err.h
+++ b/engines/e_dasync_err.h
@@ -1,55 +1,16 @@
@@ -102132,7 +118482,7 @@
static void ERR_unload_DASYNC_strings(void);
static void ERR_DASYNC_error(int function, int reason, char *file, int line);
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
-index e641a44..b4c83cb 100644
+index e641a44c169d..b4c83cb7c3f8 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -1,53 +1,10 @@
@@ -102141,7 +118491,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -102172,8 +118523,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -102195,7 +118545,7 @@
/*
diff --git a/engines/e_ossltest_err.c b/engines/e_ossltest_err.c
-index 5e5355d..71d0578 100644
+index 5e5355d2143e..71d05788d1c4 100644
--- a/engines/e_ossltest_err.c
+++ b/engines/e_ossltest_err.c
@@ -1,55 +1,10 @@
@@ -102261,7 +118611,7 @@
/*
diff --git a/engines/e_ossltest_err.h b/engines/e_ossltest_err.h
-index b30509d..a323c39 100644
+index b30509dc406a..a323c398f6e2 100644
--- a/engines/e_ossltest_err.h
+++ b/engines/e_ossltest_err.h
@@ -1,55 +1,16 @@
@@ -102344,7 +118694,7 @@
static void ERR_unload_OSSLTEST_strings(void);
static void ERR_OSSLTEST_error(int function, int reason, char *file, int line);
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index dab6c44..77cebe3 100644
+index dab6c44b1ef2..77cebe3de6f8 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -1,65 +1,10 @@
@@ -102429,8 +118779,34 @@
# define COMPILE_HW_PADLOCK
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *ENGINE_padlock(void);
+diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h
+index 2bafffe9f6c3..c3dcd56f4fc5 100644
+--- a/engines/vendor_defns/hwcryptohook.h
++++ b/engines/vendor_defns/hwcryptohook.h
+@@ -1,3 +1,12 @@
++/*
++ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
+ /*-
+ * ModExp / RSA (with/without KM) plugin API
+ *
+@@ -64,8 +73,6 @@
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+- *
+- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
+ */
+
+ #ifndef HWCRYPTOHOOK_H
diff --git a/external/perl/transfer/Text/Template.pm b/external/perl/transfer/Text/Template.pm
-index d018e6b..7dbfe3f 100644
+index d018e6b04816..7dbfe3f84f4d 100644
--- a/external/perl/transfer/Text/Template.pm
+++ b/external/perl/transfer/Text/Template.pm
@@ -1,4 +1,9 @@
@@ -102446,14 +118822,17 @@
diff --git a/fuzz/README.md b/fuzz/README.md
new file mode 100644
-index 0000000..948590d
+index 000000000000..e9ec88b8c6b9
--- /dev/null
+++ b/fuzz/README.md
-@@ -0,0 +1,47 @@
+@@ -0,0 +1,70 @@
+# I Can Haz Fuzz?
+
-+Or, how to fuzz OpenSSL with libfuzzer.
++LibFuzzer
++=========
+
++Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
++
+Starting from a vanilla+OpenSSH server Ubuntu install.
+
+Use Chrome's handy recent build of clang. Older versions may also work.
@@ -102484,7 +118863,10 @@
+
+Configure for fuzzing:
+
-+ $ CC=clang ./config enable-fuzz enable-asan enable-ubsan no-shared
++ $ CC=clang ./config enable-fuzz-libfuzzer \
++ --with-fuzzer-include=../../svn-work/Fuzzer \
++ --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
++ enable-asan enable-ubsan no-shared
+ $ sudo apt-get install make
+ $ LDCMD=clang++ make -j
+ $ fuzz/helper.py <fuzzer> <arguments>
@@ -102497,12 +118879,29 @@
+`fuzz/corpora/<fuzzer>-crash/`. You can reproduce the crash with
+
+ $ fuzz/<fuzzer> <crashfile>
++
++AFL
++===
++
++Configure for fuzzing:
++
++ $ sudo apt-get install afl-clang
++ $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
++ $ make
++
++Run one of the fuzzers:
++
++ $ afl-fuzz fuzz/<fuzzer> -i fuzz/corpora/<fuzzer> -o fuzz/corpora/<fuzzer>/out <fuzzer> <arguments>
++
++Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
++need any command line arguments, but, for example, `asn1` needs the name of a
++data type.
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
new file mode 100644
-index 0000000..fc129a8
+index 000000000000..66825f1b2cb1
--- /dev/null
+++ b/fuzz/asn1.c
-@@ -0,0 +1,86 @@
+@@ -0,0 +1,70 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -102531,67 +118930,51 @@
+#include <openssl/x509v3.h>
+#include "fuzzer.h"
+
-+static const ASN1_ITEM *item_type;
++static const ASN1_ITEM *item_type[] = {
++ ASN1_ITEM_rptr(ASN1_SEQUENCE),
++ ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS),
++ ASN1_ITEM_rptr(BIGNUM),
++ ASN1_ITEM_rptr(ECPARAMETERS),
++ ASN1_ITEM_rptr(ECPKPARAMETERS),
++ ASN1_ITEM_rptr(GENERAL_NAME),
++ ASN1_ITEM_rptr(GENERAL_SUBTREE),
++ ASN1_ITEM_rptr(NAME_CONSTRAINTS),
++ ASN1_ITEM_rptr(OCSP_BASICRESP),
++ ASN1_ITEM_rptr(OCSP_RESPONSE),
++ ASN1_ITEM_rptr(PKCS12),
++ ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
++ ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
++ ASN1_ITEM_rptr(PKCS7),
++ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN),
++ ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY),
++ ASN1_ITEM_rptr(PKCS7_DIGEST),
++ ASN1_ITEM_rptr(PKCS7_ENC_CONTENT),
++ ASN1_ITEM_rptr(PKCS7_ENCRYPT),
++ ASN1_ITEM_rptr(PKCS7_ENVELOPE),
++ ASN1_ITEM_rptr(PKCS7_RECIP_INFO),
++ ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE),
++ ASN1_ITEM_rptr(PKCS7_SIGNED),
++ ASN1_ITEM_rptr(PKCS7_SIGNER_INFO),
++ ASN1_ITEM_rptr(POLICY_CONSTRAINTS),
++ ASN1_ITEM_rptr(POLICY_MAPPINGS),
++ ASN1_ITEM_rptr(SXNET),
++ //ASN1_ITEM_rptr(TS_RESP), want to do this, but type is hidden, however d2i exists...
++ ASN1_ITEM_rptr(X509),
++ ASN1_ITEM_rptr(X509_CRL),
++ NULL
++};
+
-+int LLVMFuzzerInitialize(int *argc, char ***argv) {
-+ const char *cmd;
-+ OPENSSL_assert(*argc > 1);
-+
-+ cmd = (*argv)[1];
-+ (*argv)[1] = (*argv)[0];
-+ ++*argv;
-+ --*argc;
-+
-+ // TODO: make this work like d2i_test.c does, once its decided what the
-+ // common scheme is!
-+#define Y(t) if (!strcmp(cmd, #t)) item_type = ASN1_ITEM_rptr(t)
-+#define X(t) else Y(t)
-+
-+ Y(ASN1_SEQUENCE);
-+ X(AUTHORITY_INFO_ACCESS);
-+ X(BIGNUM);
-+ X(ECPARAMETERS);
-+ X(ECPKPARAMETERS);
-+ X(GENERAL_NAME);
-+ X(GENERAL_SUBTREE);
-+ X(NAME_CONSTRAINTS);
-+ X(OCSP_BASICRESP);
-+ X(OCSP_RESPONSE);
-+ X(PKCS12);
-+ X(PKCS12_AUTHSAFES);
-+ X(PKCS12_SAFEBAGS);
-+ X(PKCS7);
-+ X(PKCS7_ATTR_SIGN);
-+ X(PKCS7_ATTR_VERIFY);
-+ X(PKCS7_DIGEST);
-+ X(PKCS7_ENC_CONTENT);
-+ X(PKCS7_ENCRYPT);
-+ X(PKCS7_ENVELOPE);
-+ X(PKCS7_RECIP_INFO);
-+ X(PKCS7_SIGN_ENVELOPE);
-+ X(PKCS7_SIGNED);
-+ X(PKCS7_SIGNER_INFO);
-+ X(POLICY_CONSTRAINTS);
-+ X(POLICY_MAPPINGS);
-+ X(SXNET);
-+ //X(TS_RESP); want to do this, but type is hidden, however d2i exists...
-+ X(X509);
-+ X(X509_CRL);
-+ else
-+ OPENSSL_assert(!"Bad type");
-+
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
++ for (int n = 0; item_type[n] != NULL; ++n) {
++ const uint8_t *b = buf;
++ ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);
++ ASN1_item_free(o, item_type[n]);
++ }
+ return 0;
+}
-+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ const uint8_t *b = buf;
-+ ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type);
-+ ASN1_item_free(o, item_type);
-+ return 0;
-+}
diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c
new file mode 100644
-index 0000000..63104fb
+index 000000000000..2fe420b140be
--- /dev/null
+++ b/fuzz/asn1parse.c
@@ -0,0 +1,29 @@
@@ -102615,7 +118998,7 @@
+#include <openssl/x509v3.h>
+#include "fuzzer.h"
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ static BIO *bio_out;
+
+ if (bio_out == NULL)
@@ -102626,7 +119009,7 @@
+}
diff --git a/fuzz/bignum.c b/fuzz/bignum.c
new file mode 100644
-index 0000000..28a439e
+index 000000000000..643e6e7c6582
--- /dev/null
+++ b/fuzz/bignum.c
@@ -0,0 +1,91 @@
@@ -102649,7 +119032,7 @@
+#include <openssl/bn.h>
+#include "fuzzer.h"
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ int success = 0;
+ static BN_CTX *ctx;
+ static BN_MONT_CTX *mont;
@@ -102723,7 +119106,7 @@
+}
diff --git a/fuzz/bndiv.c b/fuzz/bndiv.c
new file mode 100644
-index 0000000..c897de9
+index 000000000000..521281109bbc
--- /dev/null
+++ b/fuzz/bndiv.c
@@ -0,0 +1,101 @@
@@ -102746,7 +119129,7 @@
+#include <openssl/bn.h>
+#include "fuzzer.h"
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ int success = 0;
+ static BN_CTX *ctx;
+ static BIGNUM *b1;
@@ -102830,42 +119213,55 @@
+}
diff --git a/fuzz/build.info b/fuzz/build.info
new file mode 100644
-index 0000000..29d14b3
+index 000000000000..762ddf83a5d0
--- /dev/null
+++ b/fuzz/build.info
-@@ -0,0 +1,29 @@
-+PROGRAMS=server asn1 asn1parse cms conf bignum bndiv
+@@ -0,0 +1,42 @@
++{- use File::Spec::Functions;
++ our $ex_inc = $withargs{fuzzer_include} &&
++ (file_name_is_absolute($withargs{fuzzer_include}) ?
++ $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
++ our $ex_lib = $withargs{fuzzer_lib} &&
++ (file_name_is_absolute($withargs{fuzzer_lib}) ?
++ $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
++ ""
++-}
++PROGRAMS=asn1 asn1parse bignum bndiv cms conf ct server
+
-+SOURCE[server]=server.c
-+INCLUDE[server]=../include ../../../svn-work/Fuzzer
-+DEPEND[server]=../libcrypto ../libssl ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[asn1]=asn1.c driver.c
++INCLUDE[asn1]=../include {- $ex_inc -}
++DEPEND[asn1]=../libcrypto {- $ex_lib -}
+
-+SOURCE[asn1]=asn1.c
-+INCLUDE[asn1]=../include ../../../svn-work/Fuzzer
-+DEPEND[asn1]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[asn1parse]=asn1parse.c driver.c
++INCLUDE[asn1parse]=../include {- $ex_inc -}
++DEPEND[asn1parse]=../libcrypto {- $ex_lib -}
+
-+SOURCE[asn1parse]=asn1parse.c
-+INCLUDE[asn1parse]=../include ../../../svn-work/Fuzzer
-+DEPEND[asn1parse]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[bignum]=bignum.c driver.c
++INCLUDE[bignum]=../include {- $ex_inc -}
++DEPEND[bignum]=../libcrypto {- $ex_lib -}
+
-+SOURCE[cms]=cms.c
-+INCLUDE[cms]=../include ../../../svn-work/Fuzzer
-+DEPEND[cms]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[bndiv]=bndiv.c driver.c
++INCLUDE[bndiv]=../include {- $ex_inc -}
++DEPEND[bndiv]=../libcrypto {- $ex_lib -}
+
-+SOURCE[conf]=conf.c
-+INCLUDE[conf]=../include ../../../svn-work/Fuzzer
-+DEPEND[conf]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[cms]=cms.c driver.c
++INCLUDE[cms]=../include {- $ex_inc -}
++DEPEND[cms]=../libcrypto {- $ex_lib -}
+
-+SOURCE[bignum]=bignum.c
-+INCLUDE[bignum]=../include ../../../svn-work/Fuzzer
-+DEPEND[bignum]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[conf]=conf.c driver.c
++INCLUDE[conf]=../include {- $ex_inc -}
++DEPEND[conf]=../libcrypto {- $ex_lib -}
+
-+SOURCE[bndiv]=bndiv.c
-+INCLUDE[bndiv]=../include ../../../svn-work/Fuzzer
-+DEPEND[bndiv]=../libcrypto ../../../svn-work/Fuzzer/libFuzzer
++SOURCE[ct]=ct.c driver.c
++INCLUDE[ct]=../include {- $ex_inc -}
++DEPEND[ct]=../libcrypto {- $ex_lib -}
++
++SOURCE[server]=server.c driver.c
++INCLUDE[server]=../include {- $ex_inc -}
++DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
diff --git a/fuzz/cms.c b/fuzz/cms.c
new file mode 100644
-index 0000000..7b4fc3d
+index 000000000000..71f691f61b78
--- /dev/null
+++ b/fuzz/cms.c
@@ -0,0 +1,26 @@
@@ -102887,7 +119283,7 @@
+#include <openssl/cms.h>
+#include "fuzzer.h"
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ BIO *in = BIO_new(BIO_s_mem());
+ OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+ CMS_ContentInfo *i = d2i_CMS_bio(in, NULL);
@@ -102897,7 +119293,7 @@
+}
diff --git a/fuzz/conf.c b/fuzz/conf.c
new file mode 100644
-index 0000000..3e3f7f1
+index 000000000000..d10d6c7f33cb
--- /dev/null
+++ b/fuzz/conf.c
@@ -0,0 +1,30 @@
@@ -102918,7 +119314,7 @@
+#include <openssl/conf.h>
+#include "fuzzer.h"
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ CONF *conf = NCONF_new(NULL);
+ BIO *in = BIO_new(BIO_s_mem());
+ long eline;
@@ -102931,9 +119327,5952 @@
+
+ return 0;
+}
+diff --git a/fuzz/corpora/asn1/0038f2648f9d85ca000d979a47e033ca8bc6394a b/fuzz/corpora/asn1/0038f2648f9d85ca000d979a47e033ca8bc6394a
+new file mode 100644
+index 000000000000..d553fdbcb63d
+Binary files /dev/null and b/fuzz/corpora/asn1/0038f2648f9d85ca000d979a47e033ca8bc6394a differ
+diff --git a/fuzz/corpora/asn1/004fde691e02dee629e8cdfaa0c24547c347141f b/fuzz/corpora/asn1/004fde691e02dee629e8cdfaa0c24547c347141f
+new file mode 100644
+index 000000000000..59fc862763cd
+Binary files /dev/null and b/fuzz/corpora/asn1/004fde691e02dee629e8cdfaa0c24547c347141f differ
+diff --git a/fuzz/corpora/asn1/0062037092a90ea8befd394d434e0da0228412dd b/fuzz/corpora/asn1/0062037092a90ea8befd394d434e0da0228412dd
+new file mode 100644
+index 000000000000..da8efc4c4133
+Binary files /dev/null and b/fuzz/corpora/asn1/0062037092a90ea8befd394d434e0da0228412dd differ
+diff --git a/fuzz/corpora/asn1/011fe67b8b998ede5f2a0bc4a9dcbf9f7528a361 b/fuzz/corpora/asn1/011fe67b8b998ede5f2a0bc4a9dcbf9f7528a361
+new file mode 100644
+index 000000000000..1ab3c5045d4e
+Binary files /dev/null and b/fuzz/corpora/asn1/011fe67b8b998ede5f2a0bc4a9dcbf9f7528a361 differ
+diff --git a/fuzz/corpora/asn1/01958694fd6b912bf5deddbd493bdbf5d343d6be b/fuzz/corpora/asn1/01958694fd6b912bf5deddbd493bdbf5d343d6be
+new file mode 100644
+index 000000000000..2c4e45f4cb66
+Binary files /dev/null and b/fuzz/corpora/asn1/01958694fd6b912bf5deddbd493bdbf5d343d6be differ
+diff --git a/fuzz/corpora/asn1/01b89ecef9df3a4453e02bda3fddbfec0c5a640d b/fuzz/corpora/asn1/01b89ecef9df3a4453e02bda3fddbfec0c5a640d
+new file mode 100644
+index 000000000000..6f4855a2f7bf
+Binary files /dev/null and b/fuzz/corpora/asn1/01b89ecef9df3a4453e02bda3fddbfec0c5a640d differ
+diff --git a/fuzz/corpora/asn1/02131a7f74fa9f89c293c7f151e679c8658a5b96 b/fuzz/corpora/asn1/02131a7f74fa9f89c293c7f151e679c8658a5b96
+new file mode 100644
+index 000000000000..c666dc108583
+Binary files /dev/null and b/fuzz/corpora/asn1/02131a7f74fa9f89c293c7f151e679c8658a5b96 differ
+diff --git a/fuzz/corpora/asn1/02278a3ae35012e12965b8a2015f3ccd392783b7 b/fuzz/corpora/asn1/02278a3ae35012e12965b8a2015f3ccd392783b7
+new file mode 100644
+index 000000000000..5f187ac9bea9
+Binary files /dev/null and b/fuzz/corpora/asn1/02278a3ae35012e12965b8a2015f3ccd392783b7 differ
+diff --git a/fuzz/corpora/asn1/023fc8e4d6056ae6243fe52f22dd234b748c264e b/fuzz/corpora/asn1/023fc8e4d6056ae6243fe52f22dd234b748c264e
+new file mode 100644
+index 000000000000..c3bd3a831d7d
+Binary files /dev/null and b/fuzz/corpora/asn1/023fc8e4d6056ae6243fe52f22dd234b748c264e differ
+diff --git a/fuzz/corpora/asn1/032fdf73e40dd9a0842d772d6c1978199b04f061 b/fuzz/corpora/asn1/032fdf73e40dd9a0842d772d6c1978199b04f061
+new file mode 100644
+index 000000000000..5718a46ebfe9
+Binary files /dev/null and b/fuzz/corpora/asn1/032fdf73e40dd9a0842d772d6c1978199b04f061 differ
+diff --git a/fuzz/corpora/asn1/034abb3d8944d99e148d812cc128e16306693798 b/fuzz/corpora/asn1/034abb3d8944d99e148d812cc128e16306693798
+new file mode 100644
+index 000000000000..0215c81ce1f3
+Binary files /dev/null and b/fuzz/corpora/asn1/034abb3d8944d99e148d812cc128e16306693798 differ
+diff --git a/fuzz/corpora/asn1/0359dfe5ee4a8238b219643798917e80e132d48f b/fuzz/corpora/asn1/0359dfe5ee4a8238b219643798917e80e132d48f
+new file mode 100644
+index 000000000000..017938048989
+Binary files /dev/null and b/fuzz/corpora/asn1/0359dfe5ee4a8238b219643798917e80e132d48f differ
+diff --git a/fuzz/corpora/asn1/03832a4b6abf7de0a77ee8dad5825988cc0a51b9 b/fuzz/corpora/asn1/03832a4b6abf7de0a77ee8dad5825988cc0a51b9
+new file mode 100644
+index 000000000000..1fa832f39efc
+Binary files /dev/null and b/fuzz/corpora/asn1/03832a4b6abf7de0a77ee8dad5825988cc0a51b9 differ
+diff --git a/fuzz/corpora/asn1/03fae71300a987496e7ddc3b93b876ec527aeb76 b/fuzz/corpora/asn1/03fae71300a987496e7ddc3b93b876ec527aeb76
+new file mode 100644
+index 000000000000..003fdafe150a
+Binary files /dev/null and b/fuzz/corpora/asn1/03fae71300a987496e7ddc3b93b876ec527aeb76 differ
+diff --git a/fuzz/corpora/asn1/04334d79eeab2fb460825a7d7ff58b0daf7670de b/fuzz/corpora/asn1/04334d79eeab2fb460825a7d7ff58b0daf7670de
+new file mode 100644
+index 000000000000..8b4d78472b23
+Binary files /dev/null and b/fuzz/corpora/asn1/04334d79eeab2fb460825a7d7ff58b0daf7670de differ
+diff --git a/fuzz/corpora/asn1/0470a8fbbba97f667b9fdad4a38dc9acabb0bcb3 b/fuzz/corpora/asn1/0470a8fbbba97f667b9fdad4a38dc9acabb0bcb3
+new file mode 100644
+index 000000000000..81d81f03a296
+Binary files /dev/null and b/fuzz/corpora/asn1/0470a8fbbba97f667b9fdad4a38dc9acabb0bcb3 differ
+diff --git a/fuzz/corpora/asn1/04c217878b9140b85a2c5fba014a2636ed0dd619 b/fuzz/corpora/asn1/04c217878b9140b85a2c5fba014a2636ed0dd619
+new file mode 100644
+index 000000000000..74fe7529a284
+Binary files /dev/null and b/fuzz/corpora/asn1/04c217878b9140b85a2c5fba014a2636ed0dd619 differ
+diff --git a/fuzz/corpora/asn1/04d1c8ee5a5f1de1396a2a5a0d926e9b45730dbf b/fuzz/corpora/asn1/04d1c8ee5a5f1de1396a2a5a0d926e9b45730dbf
+new file mode 100644
+index 000000000000..288f964db412
+Binary files /dev/null and b/fuzz/corpora/asn1/04d1c8ee5a5f1de1396a2a5a0d926e9b45730dbf differ
+diff --git a/fuzz/corpora/asn1/0502adfb06b1d0592cbbd03a75878d886494bf10 b/fuzz/corpora/asn1/0502adfb06b1d0592cbbd03a75878d886494bf10
+new file mode 100644
+index 000000000000..7ee5e4006a22
+Binary files /dev/null and b/fuzz/corpora/asn1/0502adfb06b1d0592cbbd03a75878d886494bf10 differ
+diff --git a/fuzz/corpora/asn1/050448f43aa4ad6aa56213597fa8b824a4910324 b/fuzz/corpora/asn1/050448f43aa4ad6aa56213597fa8b824a4910324
+new file mode 100644
+index 000000000000..4bc3c6565dd9
+Binary files /dev/null and b/fuzz/corpora/asn1/050448f43aa4ad6aa56213597fa8b824a4910324 differ
+diff --git a/fuzz/corpora/asn1/051e7b67a918c0685a7a4d1914f3b4e595cd7fe1 b/fuzz/corpora/asn1/051e7b67a918c0685a7a4d1914f3b4e595cd7fe1
+new file mode 100644
+index 000000000000..73ad1abf85ae
+Binary files /dev/null and b/fuzz/corpora/asn1/051e7b67a918c0685a7a4d1914f3b4e595cd7fe1 differ
+diff --git a/fuzz/corpora/asn1/0552c21bd124d3b64b123b5885c1b47b543acaf5 b/fuzz/corpora/asn1/0552c21bd124d3b64b123b5885c1b47b543acaf5
+new file mode 100644
+index 000000000000..0b2dae79ad45
+Binary files /dev/null and b/fuzz/corpora/asn1/0552c21bd124d3b64b123b5885c1b47b543acaf5 differ
+diff --git a/fuzz/corpora/asn1/0579c52350b995c92299db593b37637325ec8a03 b/fuzz/corpora/asn1/0579c52350b995c92299db593b37637325ec8a03
+new file mode 100644
+index 000000000000..5db3261962d4
+Binary files /dev/null and b/fuzz/corpora/asn1/0579c52350b995c92299db593b37637325ec8a03 differ
+diff --git a/fuzz/corpora/asn1/0603d8dc286d468542a4bf499b3f0f328a0e9aaa b/fuzz/corpora/asn1/0603d8dc286d468542a4bf499b3f0f328a0e9aaa
+new file mode 100644
+index 000000000000..047a2274fda9
+Binary files /dev/null and b/fuzz/corpora/asn1/0603d8dc286d468542a4bf499b3f0f328a0e9aaa differ
+diff --git a/fuzz/corpora/asn1/061df34c0207bc4bc1e95c48898cf28f85ca8d9c b/fuzz/corpora/asn1/061df34c0207bc4bc1e95c48898cf28f85ca8d9c
+new file mode 100644
+index 000000000000..0cc8c9c84e74
+Binary files /dev/null and b/fuzz/corpora/asn1/061df34c0207bc4bc1e95c48898cf28f85ca8d9c differ
+diff --git a/fuzz/corpora/asn1/0620396baaa22645942751152dd2420e0b77dbc7 b/fuzz/corpora/asn1/0620396baaa22645942751152dd2420e0b77dbc7
+new file mode 100644
+index 000000000000..1812de62c788
+Binary files /dev/null and b/fuzz/corpora/asn1/0620396baaa22645942751152dd2420e0b77dbc7 differ
+diff --git a/fuzz/corpora/asn1/0654f0aeea85f442ce3e52edd75dadec839da0c1 b/fuzz/corpora/asn1/0654f0aeea85f442ce3e52edd75dadec839da0c1
+new file mode 100644
+index 000000000000..79812f8ee91d
+Binary files /dev/null and b/fuzz/corpora/asn1/0654f0aeea85f442ce3e52edd75dadec839da0c1 differ
+diff --git a/fuzz/corpora/asn1/067bb95301a59746a2df1a8df7eb39c1f54892fe b/fuzz/corpora/asn1/067bb95301a59746a2df1a8df7eb39c1f54892fe
+new file mode 100644
+index 000000000000..124673870f9b
+Binary files /dev/null and b/fuzz/corpora/asn1/067bb95301a59746a2df1a8df7eb39c1f54892fe differ
+diff --git a/fuzz/corpora/asn1/0686990c6145f993958446de3a64671a3da72a2c b/fuzz/corpora/asn1/0686990c6145f993958446de3a64671a3da72a2c
+new file mode 100644
+index 000000000000..0f51e800c878
+Binary files /dev/null and b/fuzz/corpora/asn1/0686990c6145f993958446de3a64671a3da72a2c differ
+diff --git a/fuzz/corpora/asn1/069669b70190b1b367eb9538f01e1155e6a5e51c b/fuzz/corpora/asn1/069669b70190b1b367eb9538f01e1155e6a5e51c
+new file mode 100644
+index 000000000000..bd190bbb2a64
+Binary files /dev/null and b/fuzz/corpora/asn1/069669b70190b1b367eb9538f01e1155e6a5e51c differ
+diff --git a/fuzz/corpora/asn1/06dc1baf83752dd36f0d8aed38cd05b9ddfae6b5 b/fuzz/corpora/asn1/06dc1baf83752dd36f0d8aed38cd05b9ddfae6b5
+new file mode 100644
+index 000000000000..b5571366125d
+Binary files /dev/null and b/fuzz/corpora/asn1/06dc1baf83752dd36f0d8aed38cd05b9ddfae6b5 differ
+diff --git a/fuzz/corpora/asn1/076c71cc7eb5a3b4edd4e3cca44980a1755e451e b/fuzz/corpora/asn1/076c71cc7eb5a3b4edd4e3cca44980a1755e451e
+new file mode 100644
+index 000000000000..0c232adfdc0b
+Binary files /dev/null and b/fuzz/corpora/asn1/076c71cc7eb5a3b4edd4e3cca44980a1755e451e differ
+diff --git a/fuzz/corpora/asn1/07760ff895c28ad8a704607fabb4b61a4787bfa0 b/fuzz/corpora/asn1/07760ff895c28ad8a704607fabb4b61a4787bfa0
+new file mode 100644
+index 000000000000..fd1c6ef40f31
+Binary files /dev/null and b/fuzz/corpora/asn1/07760ff895c28ad8a704607fabb4b61a4787bfa0 differ
+diff --git a/fuzz/corpora/asn1/07866d533047438eb325bddf3850a3fbe59fe810 b/fuzz/corpora/asn1/07866d533047438eb325bddf3850a3fbe59fe810
+new file mode 100644
+index 000000000000..eca481bacd2f
+Binary files /dev/null and b/fuzz/corpora/asn1/07866d533047438eb325bddf3850a3fbe59fe810 differ
+diff --git a/fuzz/corpora/asn1/07e31c3690d3ecf63f3fa1d949e91250582fc4c3 b/fuzz/corpora/asn1/07e31c3690d3ecf63f3fa1d949e91250582fc4c3
+new file mode 100644
+index 000000000000..3f7eaab97a53
+Binary files /dev/null and b/fuzz/corpora/asn1/07e31c3690d3ecf63f3fa1d949e91250582fc4c3 differ
+diff --git a/fuzz/corpora/asn1/07fef83836f229eff9c68e38d894720474fde20c b/fuzz/corpora/asn1/07fef83836f229eff9c68e38d894720474fde20c
+new file mode 100644
+index 000000000000..dafde2831940
+Binary files /dev/null and b/fuzz/corpora/asn1/07fef83836f229eff9c68e38d894720474fde20c differ
+diff --git a/fuzz/corpora/asn1/082bfd3569e69c7a2eb3a80224776c95a4ffce1d b/fuzz/corpora/asn1/082bfd3569e69c7a2eb3a80224776c95a4ffce1d
+new file mode 100644
+index 000000000000..c5e3f252d572
+Binary files /dev/null and b/fuzz/corpora/asn1/082bfd3569e69c7a2eb3a80224776c95a4ffce1d differ
+diff --git a/fuzz/corpora/asn1/088ce0ca4a24cd615fba9bf56450da859ecbe3d5 b/fuzz/corpora/asn1/088ce0ca4a24cd615fba9bf56450da859ecbe3d5
+new file mode 100644
+index 000000000000..4a176c63a514
+Binary files /dev/null and b/fuzz/corpora/asn1/088ce0ca4a24cd615fba9bf56450da859ecbe3d5 differ
+diff --git a/fuzz/corpora/asn1/08a40da2dc8f14e2db1e665f23efe0ca582fd068 b/fuzz/corpora/asn1/08a40da2dc8f14e2db1e665f23efe0ca582fd068
+new file mode 100644
+index 000000000000..37d7a6d133b8
+Binary files /dev/null and b/fuzz/corpora/asn1/08a40da2dc8f14e2db1e665f23efe0ca582fd068 differ
+diff --git a/fuzz/corpora/asn1/08c053ce82d877200f2b8078e5000a111f6022f4 b/fuzz/corpora/asn1/08c053ce82d877200f2b8078e5000a111f6022f4
+new file mode 100644
+index 000000000000..3a71baf3e94e
+Binary files /dev/null and b/fuzz/corpora/asn1/08c053ce82d877200f2b8078e5000a111f6022f4 differ
+diff --git a/fuzz/corpora/asn1/08e482c90e5b9aad50eaba3d354b41820a2a70e7 b/fuzz/corpora/asn1/08e482c90e5b9aad50eaba3d354b41820a2a70e7
+new file mode 100644
+index 000000000000..be48e7b00303
+Binary files /dev/null and b/fuzz/corpora/asn1/08e482c90e5b9aad50eaba3d354b41820a2a70e7 differ
+diff --git a/fuzz/corpora/asn1/08fce54918f8dae0877167812e7fd50c685d1aa9 b/fuzz/corpora/asn1/08fce54918f8dae0877167812e7fd50c685d1aa9
+new file mode 100644
+index 000000000000..462efd408635
+Binary files /dev/null and b/fuzz/corpora/asn1/08fce54918f8dae0877167812e7fd50c685d1aa9 differ
+diff --git a/fuzz/corpora/asn1/0942e62fb131a0bbf4584b69c562cd661333739d b/fuzz/corpora/asn1/0942e62fb131a0bbf4584b69c562cd661333739d
+new file mode 100644
+index 000000000000..2a95b19dcd74
+Binary files /dev/null and b/fuzz/corpora/asn1/0942e62fb131a0bbf4584b69c562cd661333739d differ
+diff --git a/fuzz/corpora/asn1/096153c8554d5b6a7b7f8da8d575c2012450e658 b/fuzz/corpora/asn1/096153c8554d5b6a7b7f8da8d575c2012450e658
+new file mode 100644
+index 000000000000..c86eaa10e6b5
+Binary files /dev/null and b/fuzz/corpora/asn1/096153c8554d5b6a7b7f8da8d575c2012450e658 differ
+diff --git a/fuzz/corpora/asn1/096a5ebf556844e128331fde20b6229d787e9672 b/fuzz/corpora/asn1/096a5ebf556844e128331fde20b6229d787e9672
+new file mode 100644
+index 000000000000..49a8179f9b61
+Binary files /dev/null and b/fuzz/corpora/asn1/096a5ebf556844e128331fde20b6229d787e9672 differ
+diff --git a/fuzz/corpora/asn1/0a93f80c9155d9d3fb5d5c1a670930d1ae930aaf b/fuzz/corpora/asn1/0a93f80c9155d9d3fb5d5c1a670930d1ae930aaf
+new file mode 100644
+index 000000000000..0f533da36fd1
+Binary files /dev/null and b/fuzz/corpora/asn1/0a93f80c9155d9d3fb5d5c1a670930d1ae930aaf differ
+diff --git a/fuzz/corpora/asn1/0aa066154790608eec0db9cc0b441afc2c5cf11f b/fuzz/corpora/asn1/0aa066154790608eec0db9cc0b441afc2c5cf11f
+new file mode 100644
+index 000000000000..0d35918e2a65
+Binary files /dev/null and b/fuzz/corpora/asn1/0aa066154790608eec0db9cc0b441afc2c5cf11f differ
+diff --git a/fuzz/corpora/asn1/0afe9ec795e6e973523f81e5bb830f8bb89164fa b/fuzz/corpora/asn1/0afe9ec795e6e973523f81e5bb830f8bb89164fa
+new file mode 100644
+index 000000000000..543f64e17d6e
+Binary files /dev/null and b/fuzz/corpora/asn1/0afe9ec795e6e973523f81e5bb830f8bb89164fa differ
+diff --git a/fuzz/corpora/asn1/0b1085f22276cbb68a1f567d0453fe8202e554ba b/fuzz/corpora/asn1/0b1085f22276cbb68a1f567d0453fe8202e554ba
+new file mode 100644
+index 000000000000..df03edfb16f9
+Binary files /dev/null and b/fuzz/corpora/asn1/0b1085f22276cbb68a1f567d0453fe8202e554ba differ
+diff --git a/fuzz/corpora/asn1/0b703d4cbe7cd52e75c00424a8e343f63bd1a132 b/fuzz/corpora/asn1/0b703d4cbe7cd52e75c00424a8e343f63bd1a132
+new file mode 100644
+index 000000000000..e70aff116021
+Binary files /dev/null and b/fuzz/corpora/asn1/0b703d4cbe7cd52e75c00424a8e343f63bd1a132 differ
+diff --git a/fuzz/corpora/asn1/0bd7fe6a2b72237c9fd16058a3b5a9dfc79414db b/fuzz/corpora/asn1/0bd7fe6a2b72237c9fd16058a3b5a9dfc79414db
+new file mode 100644
+index 000000000000..1f4d38fdc530
+Binary files /dev/null and b/fuzz/corpora/asn1/0bd7fe6a2b72237c9fd16058a3b5a9dfc79414db differ
+diff --git a/fuzz/corpora/asn1/0c0bf2c7d1e6026deb79d62088c0cc17d976c1c7 b/fuzz/corpora/asn1/0c0bf2c7d1e6026deb79d62088c0cc17d976c1c7
+new file mode 100644
+index 000000000000..ce087f5d3b08
+Binary files /dev/null and b/fuzz/corpora/asn1/0c0bf2c7d1e6026deb79d62088c0cc17d976c1c7 differ
+diff --git a/fuzz/corpora/asn1/0c438a223ac793890989beb93e0b40a675417f70 b/fuzz/corpora/asn1/0c438a223ac793890989beb93e0b40a675417f70
+new file mode 100644
+index 000000000000..a6199332f368
+Binary files /dev/null and b/fuzz/corpora/asn1/0c438a223ac793890989beb93e0b40a675417f70 differ
+diff --git a/fuzz/corpora/asn1/0cbf86f6df5798240e59f520270d6d510056ae6f b/fuzz/corpora/asn1/0cbf86f6df5798240e59f520270d6d510056ae6f
+new file mode 100644
+index 000000000000..1d87b6684676
+Binary files /dev/null and b/fuzz/corpora/asn1/0cbf86f6df5798240e59f520270d6d510056ae6f differ
+diff --git a/fuzz/corpora/asn1/0d5a0f0322cd0765f071d401d57b58a1172aaa1d b/fuzz/corpora/asn1/0d5a0f0322cd0765f071d401d57b58a1172aaa1d
+new file mode 100644
+index 000000000000..3c0456465e28
+Binary files /dev/null and b/fuzz/corpora/asn1/0d5a0f0322cd0765f071d401d57b58a1172aaa1d differ
+diff --git a/fuzz/corpora/asn1/0e513a5074a6d02ce93d9b42aa2c98eddcb90e93 b/fuzz/corpora/asn1/0e513a5074a6d02ce93d9b42aa2c98eddcb90e93
+new file mode 100644
+index 000000000000..38865dbd3af0
+Binary files /dev/null and b/fuzz/corpora/asn1/0e513a5074a6d02ce93d9b42aa2c98eddcb90e93 differ
+diff --git a/fuzz/corpora/asn1/0e67e4b21db103194f77e4d0e81154fb9d06a16e b/fuzz/corpora/asn1/0e67e4b21db103194f77e4d0e81154fb9d06a16e
+new file mode 100644
+index 000000000000..937fbc0c760b
+Binary files /dev/null and b/fuzz/corpora/asn1/0e67e4b21db103194f77e4d0e81154fb9d06a16e differ
+diff --git a/fuzz/corpora/asn1/0e76b4cb03a1ce43cd2a0aa6d89e5bef52cb858c b/fuzz/corpora/asn1/0e76b4cb03a1ce43cd2a0aa6d89e5bef52cb858c
+new file mode 100644
+index 000000000000..e5da445af647
+Binary files /dev/null and b/fuzz/corpora/asn1/0e76b4cb03a1ce43cd2a0aa6d89e5bef52cb858c differ
+diff --git a/fuzz/corpora/asn1/0eb5037935ba1c2791f3b7e9bc8470c3c60d2aff b/fuzz/corpora/asn1/0eb5037935ba1c2791f3b7e9bc8470c3c60d2aff
+new file mode 100644
+index 000000000000..1c8ce6f6a013
+Binary files /dev/null and b/fuzz/corpora/asn1/0eb5037935ba1c2791f3b7e9bc8470c3c60d2aff differ
+diff --git a/fuzz/corpora/asn1/0edb352393021d0db2b80e02bfb287ff11d034d4 b/fuzz/corpora/asn1/0edb352393021d0db2b80e02bfb287ff11d034d4
+new file mode 100644
+index 000000000000..b12f79c9e81f
+Binary files /dev/null and b/fuzz/corpora/asn1/0edb352393021d0db2b80e02bfb287ff11d034d4 differ
+diff --git a/fuzz/corpora/asn1/0f331c5b2532970dc460ab9e92e865f14703ff68 b/fuzz/corpora/asn1/0f331c5b2532970dc460ab9e92e865f14703ff68
+new file mode 100644
+index 000000000000..9cc0602b710d
+Binary files /dev/null and b/fuzz/corpora/asn1/0f331c5b2532970dc460ab9e92e865f14703ff68 differ
+diff --git a/fuzz/corpora/asn1/0f381ed59fa3d001aa16435bf29bbd367a5b5b8c b/fuzz/corpora/asn1/0f381ed59fa3d001aa16435bf29bbd367a5b5b8c
+new file mode 100644
+index 000000000000..cd59e091ed1a
+Binary files /dev/null and b/fuzz/corpora/asn1/0f381ed59fa3d001aa16435bf29bbd367a5b5b8c differ
+diff --git a/fuzz/corpora/asn1/0f6148cea7508438975382bdd10b48fb9685b8e4 b/fuzz/corpora/asn1/0f6148cea7508438975382bdd10b48fb9685b8e4
+new file mode 100644
+index 000000000000..0c5960095aa7
+Binary files /dev/null and b/fuzz/corpora/asn1/0f6148cea7508438975382bdd10b48fb9685b8e4 differ
+diff --git a/fuzz/corpora/asn1/109ba1974132c127add3329c99db0697a0f61390 b/fuzz/corpora/asn1/109ba1974132c127add3329c99db0697a0f61390
+new file mode 100644
+index 000000000000..7216756cb5a7
+Binary files /dev/null and b/fuzz/corpora/asn1/109ba1974132c127add3329c99db0697a0f61390 differ
+diff --git a/fuzz/corpora/asn1/1125fbc423108711ae75f05f148d41f11bd625de b/fuzz/corpora/asn1/1125fbc423108711ae75f05f148d41f11bd625de
+new file mode 100644
+index 000000000000..ae857dabc5c0
+Binary files /dev/null and b/fuzz/corpora/asn1/1125fbc423108711ae75f05f148d41f11bd625de differ
+diff --git a/fuzz/corpora/asn1/12db33ae760866cd039ed903ba8c45ae25f4a1d5 b/fuzz/corpora/asn1/12db33ae760866cd039ed903ba8c45ae25f4a1d5
+new file mode 100644
+index 000000000000..7c5ed426679f
+Binary files /dev/null and b/fuzz/corpora/asn1/12db33ae760866cd039ed903ba8c45ae25f4a1d5 differ
+diff --git a/fuzz/corpora/asn1/13512eb94ff9439bd0c2a57fe735add1d8a2a12b b/fuzz/corpora/asn1/13512eb94ff9439bd0c2a57fe735add1d8a2a12b
+new file mode 100644
+index 000000000000..0264a4d38aa3
+Binary files /dev/null and b/fuzz/corpora/asn1/13512eb94ff9439bd0c2a57fe735add1d8a2a12b differ
+diff --git a/fuzz/corpora/asn1/135ebf86cedc0098413d66d88b88d4c698e0b0e5 b/fuzz/corpora/asn1/135ebf86cedc0098413d66d88b88d4c698e0b0e5
+new file mode 100644
+index 000000000000..c87dd367192e
+Binary files /dev/null and b/fuzz/corpora/asn1/135ebf86cedc0098413d66d88b88d4c698e0b0e5 differ
+diff --git a/fuzz/corpora/asn1/138941acaa97ba86c44c14e52b29092bf3f2fb4f b/fuzz/corpora/asn1/138941acaa97ba86c44c14e52b29092bf3f2fb4f
+new file mode 100644
+index 000000000000..079a8bf00e81
+Binary files /dev/null and b/fuzz/corpora/asn1/138941acaa97ba86c44c14e52b29092bf3f2fb4f differ
+diff --git a/fuzz/corpora/asn1/13d03b52439d6671ec1c40f077b118aea7febdb8 b/fuzz/corpora/asn1/13d03b52439d6671ec1c40f077b118aea7febdb8
+new file mode 100644
+index 000000000000..9d24e3dc1219
+Binary files /dev/null and b/fuzz/corpora/asn1/13d03b52439d6671ec1c40f077b118aea7febdb8 differ
+diff --git a/fuzz/corpora/asn1/13da75fa23c963c97cb98bb5bacc1fa999c30696 b/fuzz/corpora/asn1/13da75fa23c963c97cb98bb5bacc1fa999c30696
+new file mode 100644
+index 000000000000..b417ce81f8a1
+Binary files /dev/null and b/fuzz/corpora/asn1/13da75fa23c963c97cb98bb5bacc1fa999c30696 differ
+diff --git a/fuzz/corpora/asn1/140dfebef80fdb68bd404b9d7df81a75b550cc60 b/fuzz/corpora/asn1/140dfebef80fdb68bd404b9d7df81a75b550cc60
+new file mode 100644
+index 000000000000..039cb01914bb
+Binary files /dev/null and b/fuzz/corpora/asn1/140dfebef80fdb68bd404b9d7df81a75b550cc60 differ
+diff --git a/fuzz/corpora/asn1/142921738558d2c7e9ac200a25320504e90a0df4 b/fuzz/corpora/asn1/142921738558d2c7e9ac200a25320504e90a0df4
+new file mode 100644
+index 000000000000..42d2d911495e
+Binary files /dev/null and b/fuzz/corpora/asn1/142921738558d2c7e9ac200a25320504e90a0df4 differ
+diff --git a/fuzz/corpora/asn1/146a4976dce3f892f5a704eae34f51850f09556a b/fuzz/corpora/asn1/146a4976dce3f892f5a704eae34f51850f09556a
+new file mode 100644
+index 000000000000..2b54e1967d92
+Binary files /dev/null and b/fuzz/corpora/asn1/146a4976dce3f892f5a704eae34f51850f09556a differ
+diff --git a/fuzz/corpora/asn1/147fb3d06bb69e64efa650a3d5d957bf7998a30e b/fuzz/corpora/asn1/147fb3d06bb69e64efa650a3d5d957bf7998a30e
+new file mode 100644
+index 000000000000..b1d9e2f35645
+Binary files /dev/null and b/fuzz/corpora/asn1/147fb3d06bb69e64efa650a3d5d957bf7998a30e differ
+diff --git a/fuzz/corpora/asn1/14f9a2ca6faa9b17ba5062687c27529061b13a6e b/fuzz/corpora/asn1/14f9a2ca6faa9b17ba5062687c27529061b13a6e
+new file mode 100644
+index 000000000000..7458421256bb
+Binary files /dev/null and b/fuzz/corpora/asn1/14f9a2ca6faa9b17ba5062687c27529061b13a6e differ
+diff --git a/fuzz/corpora/asn1/1521570d9d6337a8228276c43543f12d1ca5730f b/fuzz/corpora/asn1/1521570d9d6337a8228276c43543f12d1ca5730f
+new file mode 100644
+index 000000000000..19c8a5e3c45d
+Binary files /dev/null and b/fuzz/corpora/asn1/1521570d9d6337a8228276c43543f12d1ca5730f differ
+diff --git a/fuzz/corpora/asn1/156cf055fa2be07dea41f84b7637756d0469bd97 b/fuzz/corpora/asn1/156cf055fa2be07dea41f84b7637756d0469bd97
+new file mode 100644
+index 000000000000..c1f322ba5455
+Binary files /dev/null and b/fuzz/corpora/asn1/156cf055fa2be07dea41f84b7637756d0469bd97 differ
+diff --git a/fuzz/corpora/asn1/15b9d8e166c03af7e976f8aaca14c6d54d7a4e9e b/fuzz/corpora/asn1/15b9d8e166c03af7e976f8aaca14c6d54d7a4e9e
+new file mode 100644
+index 000000000000..9450f2d0d0e6
+Binary files /dev/null and b/fuzz/corpora/asn1/15b9d8e166c03af7e976f8aaca14c6d54d7a4e9e differ
+diff --git a/fuzz/corpora/asn1/15c1c159bee5ce99ef0f8d0c7b7c3f30219a7ad8 b/fuzz/corpora/asn1/15c1c159bee5ce99ef0f8d0c7b7c3f30219a7ad8
+new file mode 100644
+index 000000000000..793571e7a602
+Binary files /dev/null and b/fuzz/corpora/asn1/15c1c159bee5ce99ef0f8d0c7b7c3f30219a7ad8 differ
+diff --git a/fuzz/corpora/asn1/15d825f06f55d4e7045d0645cdab09fd0e3201c2 b/fuzz/corpora/asn1/15d825f06f55d4e7045d0645cdab09fd0e3201c2
+new file mode 100644
+index 000000000000..8c144c6ed69c
+Binary files /dev/null and b/fuzz/corpora/asn1/15d825f06f55d4e7045d0645cdab09fd0e3201c2 differ
+diff --git a/fuzz/corpora/asn1/163c0cb7ca37c385e5ccaf87e8492fe94b6337d3 b/fuzz/corpora/asn1/163c0cb7ca37c385e5ccaf87e8492fe94b6337d3
+new file mode 100644
+index 000000000000..3c135d2bfe3b
+Binary files /dev/null and b/fuzz/corpora/asn1/163c0cb7ca37c385e5ccaf87e8492fe94b6337d3 differ
+diff --git a/fuzz/corpora/asn1/16529c406c958ca89739d5daba7a96e64cd9b2f7 b/fuzz/corpora/asn1/16529c406c958ca89739d5daba7a96e64cd9b2f7
+new file mode 100644
+index 000000000000..02c2751018ad
+Binary files /dev/null and b/fuzz/corpora/asn1/16529c406c958ca89739d5daba7a96e64cd9b2f7 differ
+diff --git a/fuzz/corpora/asn1/16906ed4b42f24dc5ea064fad45be1619f93c624 b/fuzz/corpora/asn1/16906ed4b42f24dc5ea064fad45be1619f93c624
+new file mode 100644
+index 000000000000..4018a41a2eb8
+Binary files /dev/null and b/fuzz/corpora/asn1/16906ed4b42f24dc5ea064fad45be1619f93c624 differ
+diff --git a/fuzz/corpora/asn1/16a6b569296d4c8098bd4f81cd1d18671b09a1de b/fuzz/corpora/asn1/16a6b569296d4c8098bd4f81cd1d18671b09a1de
+new file mode 100644
+index 000000000000..e669ccea72fa
+Binary files /dev/null and b/fuzz/corpora/asn1/16a6b569296d4c8098bd4f81cd1d18671b09a1de differ
+diff --git a/fuzz/corpora/asn1/16b7c74ca82b178dab3b0c502fc304365aa4e363 b/fuzz/corpora/asn1/16b7c74ca82b178dab3b0c502fc304365aa4e363
+new file mode 100644
+index 000000000000..2e5a1d7f5775
+Binary files /dev/null and b/fuzz/corpora/asn1/16b7c74ca82b178dab3b0c502fc304365aa4e363 differ
+diff --git a/fuzz/corpora/asn1/16c8f8ac7b57bd5b58b41327228e3fa21201db68 b/fuzz/corpora/asn1/16c8f8ac7b57bd5b58b41327228e3fa21201db68
+new file mode 100644
+index 000000000000..75a14e47763e
+Binary files /dev/null and b/fuzz/corpora/asn1/16c8f8ac7b57bd5b58b41327228e3fa21201db68 differ
+diff --git a/fuzz/corpora/asn1/17100650cffbdb34405bc50d0815b6af08bc4860 b/fuzz/corpora/asn1/17100650cffbdb34405bc50d0815b6af08bc4860
+new file mode 100644
+index 000000000000..07a77c530096
+Binary files /dev/null and b/fuzz/corpora/asn1/17100650cffbdb34405bc50d0815b6af08bc4860 differ
+diff --git a/fuzz/corpora/asn1/17339d65fba467948f75a25fb90547a7354457d2 b/fuzz/corpora/asn1/17339d65fba467948f75a25fb90547a7354457d2
+new file mode 100644
+index 000000000000..1af4171e94d7
+Binary files /dev/null and b/fuzz/corpora/asn1/17339d65fba467948f75a25fb90547a7354457d2 differ
+diff --git a/fuzz/corpora/asn1/17480c205d8e14d241319419647b4f750f70deff b/fuzz/corpora/asn1/17480c205d8e14d241319419647b4f750f70deff
+new file mode 100644
+index 000000000000..2b4ad4f7f205
+Binary files /dev/null and b/fuzz/corpora/asn1/17480c205d8e14d241319419647b4f750f70deff differ
+diff --git a/fuzz/corpora/asn1/1761be328da435322035300a09891945afecd6b1 b/fuzz/corpora/asn1/1761be328da435322035300a09891945afecd6b1
+new file mode 100644
+index 000000000000..17bc3583018c
+Binary files /dev/null and b/fuzz/corpora/asn1/1761be328da435322035300a09891945afecd6b1 differ
+diff --git a/fuzz/corpora/asn1/18741e31f9f34c387092adcf8d4e65c472c2bba9 b/fuzz/corpora/asn1/18741e31f9f34c387092adcf8d4e65c472c2bba9
+new file mode 100644
+index 000000000000..b6f210ec1cb7
+Binary files /dev/null and b/fuzz/corpora/asn1/18741e31f9f34c387092adcf8d4e65c472c2bba9 differ
+diff --git a/fuzz/corpora/asn1/18d0a3a22218eeffc99347121734b32632c04868 b/fuzz/corpora/asn1/18d0a3a22218eeffc99347121734b32632c04868
+new file mode 100644
+index 000000000000..e37ffc9ea7a7
+Binary files /dev/null and b/fuzz/corpora/asn1/18d0a3a22218eeffc99347121734b32632c04868 differ
+diff --git a/fuzz/corpora/asn1/18d5cd6fecd1853e1c24f1baf229b9f40fc932f9 b/fuzz/corpora/asn1/18d5cd6fecd1853e1c24f1baf229b9f40fc932f9
+new file mode 100644
+index 000000000000..2b17945fdc65
+Binary files /dev/null and b/fuzz/corpora/asn1/18d5cd6fecd1853e1c24f1baf229b9f40fc932f9 differ
+diff --git a/fuzz/corpora/asn1/18f556b305367d9ead225b0edf4f5136c91381fb b/fuzz/corpora/asn1/18f556b305367d9ead225b0edf4f5136c91381fb
+new file mode 100644
+index 000000000000..64f74f105187
+Binary files /dev/null and b/fuzz/corpora/asn1/18f556b305367d9ead225b0edf4f5136c91381fb differ
+diff --git a/fuzz/corpora/asn1/197d09399a1fe2131f110140b033bd21b360108d b/fuzz/corpora/asn1/197d09399a1fe2131f110140b033bd21b360108d
+new file mode 100644
+index 000000000000..f7b1fdf71f9c
+Binary files /dev/null and b/fuzz/corpora/asn1/197d09399a1fe2131f110140b033bd21b360108d differ
+diff --git a/fuzz/corpora/asn1/19936bc5bc16752c8b096e926dc92ec230893109 b/fuzz/corpora/asn1/19936bc5bc16752c8b096e926dc92ec230893109
+new file mode 100644
+index 000000000000..e74d05e4780c
+Binary files /dev/null and b/fuzz/corpora/asn1/19936bc5bc16752c8b096e926dc92ec230893109 differ
+diff --git a/fuzz/corpora/asn1/19b69c38270838c6e27bfc711d074f249dab0575 b/fuzz/corpora/asn1/19b69c38270838c6e27bfc711d074f249dab0575
+new file mode 100644
+index 000000000000..2d0e8c1b1c17
+Binary files /dev/null and b/fuzz/corpora/asn1/19b69c38270838c6e27bfc711d074f249dab0575 differ
+diff --git a/fuzz/corpora/asn1/19eb8f9a988ab798a16ef562f7eb44fc2ea2a622 b/fuzz/corpora/asn1/19eb8f9a988ab798a16ef562f7eb44fc2ea2a622
+new file mode 100644
+index 000000000000..cb199b83e15e
+Binary files /dev/null and b/fuzz/corpora/asn1/19eb8f9a988ab798a16ef562f7eb44fc2ea2a622 differ
+diff --git a/fuzz/corpora/asn1/1a05c8910568029dcc9658ba357abe9596181958 b/fuzz/corpora/asn1/1a05c8910568029dcc9658ba357abe9596181958
+new file mode 100644
+index 000000000000..63d9bde594ad
+Binary files /dev/null and b/fuzz/corpora/asn1/1a05c8910568029dcc9658ba357abe9596181958 differ
+diff --git a/fuzz/corpora/asn1/1a068b3d21fe9911715dcc1ccb77966a9074fac0 b/fuzz/corpora/asn1/1a068b3d21fe9911715dcc1ccb77966a9074fac0
+new file mode 100644
+index 000000000000..89a5b2b0897a
+Binary files /dev/null and b/fuzz/corpora/asn1/1a068b3d21fe9911715dcc1ccb77966a9074fac0 differ
+diff --git a/fuzz/corpora/asn1/1a0ba76cea02ac6dfa6434c8d12bcf64fbf814e4 b/fuzz/corpora/asn1/1a0ba76cea02ac6dfa6434c8d12bcf64fbf814e4
+new file mode 100644
+index 000000000000..fd00e1856c38
+Binary files /dev/null and b/fuzz/corpora/asn1/1a0ba76cea02ac6dfa6434c8d12bcf64fbf814e4 differ
+diff --git a/fuzz/corpora/asn1/1a3a89ddabd5e921ba52fb95caf81db191c473f7 b/fuzz/corpora/asn1/1a3a89ddabd5e921ba52fb95caf81db191c473f7
+new file mode 100644
+index 000000000000..8dbf739a37c6
+Binary files /dev/null and b/fuzz/corpora/asn1/1a3a89ddabd5e921ba52fb95caf81db191c473f7 differ
+diff --git a/fuzz/corpora/asn1/1a9f9fc4356251ad9f1644b8106b14511b8af3a3 b/fuzz/corpora/asn1/1a9f9fc4356251ad9f1644b8106b14511b8af3a3
+new file mode 100644
+index 000000000000..23e87aaa3db2
+Binary files /dev/null and b/fuzz/corpora/asn1/1a9f9fc4356251ad9f1644b8106b14511b8af3a3 differ
+diff --git a/fuzz/corpora/asn1/1befa63a15051e8da6f881f8954553fe66626d8a b/fuzz/corpora/asn1/1befa63a15051e8da6f881f8954553fe66626d8a
+new file mode 100644
+index 000000000000..bf174ee341ae
+Binary files /dev/null and b/fuzz/corpora/asn1/1befa63a15051e8da6f881f8954553fe66626d8a differ
+diff --git a/fuzz/corpora/asn1/1c07ef6e2d7aa21f2cb045ba66c21a97958950a1 b/fuzz/corpora/asn1/1c07ef6e2d7aa21f2cb045ba66c21a97958950a1
+new file mode 100644
+index 000000000000..34885b1bc0b2
+Binary files /dev/null and b/fuzz/corpora/asn1/1c07ef6e2d7aa21f2cb045ba66c21a97958950a1 differ
+diff --git a/fuzz/corpora/asn1/1c6d255534f4fadca1bfd12bae14c193137bffde b/fuzz/corpora/asn1/1c6d255534f4fadca1bfd12bae14c193137bffde
+new file mode 100644
+index 000000000000..3c3151d4108a
+Binary files /dev/null and b/fuzz/corpora/asn1/1c6d255534f4fadca1bfd12bae14c193137bffde differ
+diff --git a/fuzz/corpora/asn1/1c73068d40308b8f9cea5a81bce0f152ff0cfe6d b/fuzz/corpora/asn1/1c73068d40308b8f9cea5a81bce0f152ff0cfe6d
+new file mode 100644
+index 000000000000..8a8f671402a7
+Binary files /dev/null and b/fuzz/corpora/asn1/1c73068d40308b8f9cea5a81bce0f152ff0cfe6d differ
+diff --git a/fuzz/corpora/asn1/1c963aa8b26ac6dbb3a36e3237143b2f9d7f731d b/fuzz/corpora/asn1/1c963aa8b26ac6dbb3a36e3237143b2f9d7f731d
+new file mode 100644
+index 000000000000..db6f5ad7af9d
+Binary files /dev/null and b/fuzz/corpora/asn1/1c963aa8b26ac6dbb3a36e3237143b2f9d7f731d differ
+diff --git a/fuzz/corpora/asn1/1cb4e301de5c1309c3ea0f77aa60927476cb44c2 b/fuzz/corpora/asn1/1cb4e301de5c1309c3ea0f77aa60927476cb44c2
+new file mode 100644
+index 000000000000..6730a7b978d9
+Binary files /dev/null and b/fuzz/corpora/asn1/1cb4e301de5c1309c3ea0f77aa60927476cb44c2 differ
+diff --git a/fuzz/corpora/asn1/1cfbe241721295c3ab2939e75980430b4d3dd450 b/fuzz/corpora/asn1/1cfbe241721295c3ab2939e75980430b4d3dd450
+new file mode 100644
+index 000000000000..b6d17516817d
+Binary files /dev/null and b/fuzz/corpora/asn1/1cfbe241721295c3ab2939e75980430b4d3dd450 differ
+diff --git a/fuzz/corpora/asn1/1d1e6d169c8d3e31ef0a0de0d6306dcfd2111e47 b/fuzz/corpora/asn1/1d1e6d169c8d3e31ef0a0de0d6306dcfd2111e47
+new file mode 100644
+index 000000000000..07cbf06da008
+Binary files /dev/null and b/fuzz/corpora/asn1/1d1e6d169c8d3e31ef0a0de0d6306dcfd2111e47 differ
+diff --git a/fuzz/corpora/asn1/1d3c7272c1441f264275d4f9af15969d6d77bd4e b/fuzz/corpora/asn1/1d3c7272c1441f264275d4f9af15969d6d77bd4e
+new file mode 100644
+index 000000000000..71e2eaa6222b
+Binary files /dev/null and b/fuzz/corpora/asn1/1d3c7272c1441f264275d4f9af15969d6d77bd4e differ
+diff --git a/fuzz/corpora/asn1/1d47bd4caeaecd08e272dbe2ed4ca5bf077b9086 b/fuzz/corpora/asn1/1d47bd4caeaecd08e272dbe2ed4ca5bf077b9086
+new file mode 100644
+index 000000000000..f8cf36e9984c
+Binary files /dev/null and b/fuzz/corpora/asn1/1d47bd4caeaecd08e272dbe2ed4ca5bf077b9086 differ
+diff --git a/fuzz/corpora/asn1/1e0017b185cd6adb9993f230845e76e565e2ebc9 b/fuzz/corpora/asn1/1e0017b185cd6adb9993f230845e76e565e2ebc9
+new file mode 100644
+index 000000000000..ed192cea42b8
+Binary files /dev/null and b/fuzz/corpora/asn1/1e0017b185cd6adb9993f230845e76e565e2ebc9 differ
+diff --git a/fuzz/corpora/asn1/1e00ab66fdd93834d335c83543295388ec0f5fda b/fuzz/corpora/asn1/1e00ab66fdd93834d335c83543295388ec0f5fda
+new file mode 100644
+index 000000000000..a94bdce48a7f
+Binary files /dev/null and b/fuzz/corpora/asn1/1e00ab66fdd93834d335c83543295388ec0f5fda differ
+diff --git a/fuzz/corpora/asn1/1e11673e33d2d3ab23a2e9fd45fa75cd37cd0235 b/fuzz/corpora/asn1/1e11673e33d2d3ab23a2e9fd45fa75cd37cd0235
+new file mode 100644
+index 000000000000..762d60c176f1
+Binary files /dev/null and b/fuzz/corpora/asn1/1e11673e33d2d3ab23a2e9fd45fa75cd37cd0235 differ
+diff --git a/fuzz/corpora/asn1/1e1bc60a4e726dadbe9ace0a4b59f7557f6bb3f1 b/fuzz/corpora/asn1/1e1bc60a4e726dadbe9ace0a4b59f7557f6bb3f1
+new file mode 100644
+index 000000000000..aaaf6c4d11ec
+Binary files /dev/null and b/fuzz/corpora/asn1/1e1bc60a4e726dadbe9ace0a4b59f7557f6bb3f1 differ
+diff --git a/fuzz/corpora/asn1/1e655f0c24867708cd3cdfe307423638e6c92038 b/fuzz/corpora/asn1/1e655f0c24867708cd3cdfe307423638e6c92038
+new file mode 100644
+index 000000000000..034da00f7e74
+Binary files /dev/null and b/fuzz/corpora/asn1/1e655f0c24867708cd3cdfe307423638e6c92038 differ
+diff --git a/fuzz/corpora/asn1/1ed20b9297ec9329bb0671522873430f0956b563 b/fuzz/corpora/asn1/1ed20b9297ec9329bb0671522873430f0956b563
+new file mode 100644
+index 000000000000..6c103e77087a
+Binary files /dev/null and b/fuzz/corpora/asn1/1ed20b9297ec9329bb0671522873430f0956b563 differ
+diff --git a/fuzz/corpora/asn1/1ee35c88b2f231590e3aa094d45839edc75eb0fa b/fuzz/corpora/asn1/1ee35c88b2f231590e3aa094d45839edc75eb0fa
+new file mode 100644
+index 000000000000..b002602e2df7
+Binary files /dev/null and b/fuzz/corpora/asn1/1ee35c88b2f231590e3aa094d45839edc75eb0fa differ
+diff --git a/fuzz/corpora/asn1/2050ad77b54bbdc1a7123854bff94be61591b348 b/fuzz/corpora/asn1/2050ad77b54bbdc1a7123854bff94be61591b348
+new file mode 100644
+index 000000000000..adae66365b69
+Binary files /dev/null and b/fuzz/corpora/asn1/2050ad77b54bbdc1a7123854bff94be61591b348 differ
+diff --git a/fuzz/corpora/asn1/21917338871a048ce169272745ff797342bec3b9 b/fuzz/corpora/asn1/21917338871a048ce169272745ff797342bec3b9
+new file mode 100644
+index 000000000000..62774d0eb2c1
+Binary files /dev/null and b/fuzz/corpora/asn1/21917338871a048ce169272745ff797342bec3b9 differ
+diff --git a/fuzz/corpora/asn1/21b69111d4bd2c7092164f3d62058573a44f98b8 b/fuzz/corpora/asn1/21b69111d4bd2c7092164f3d62058573a44f98b8
+new file mode 100644
+index 000000000000..fec3b83e0475
+Binary files /dev/null and b/fuzz/corpora/asn1/21b69111d4bd2c7092164f3d62058573a44f98b8 differ
+diff --git a/fuzz/corpora/asn1/2230c7c6bc4e324b8c105e21a58a695f6c05bf1d b/fuzz/corpora/asn1/2230c7c6bc4e324b8c105e21a58a695f6c05bf1d
+new file mode 100644
+index 000000000000..00fa73a186cb
+Binary files /dev/null and b/fuzz/corpora/asn1/2230c7c6bc4e324b8c105e21a58a695f6c05bf1d differ
+diff --git a/fuzz/corpora/asn1/2268e569755a984fa6243895c509c2efadb4f385 b/fuzz/corpora/asn1/2268e569755a984fa6243895c509c2efadb4f385
+new file mode 100644
+index 000000000000..ea761f737508
+Binary files /dev/null and b/fuzz/corpora/asn1/2268e569755a984fa6243895c509c2efadb4f385 differ
+diff --git a/fuzz/corpora/asn1/228d054c2498d91ee609a0ece3e9b176f75b8702 b/fuzz/corpora/asn1/228d054c2498d91ee609a0ece3e9b176f75b8702
+new file mode 100644
+index 000000000000..90c81b7a7f03
+Binary files /dev/null and b/fuzz/corpora/asn1/228d054c2498d91ee609a0ece3e9b176f75b8702 differ
+diff --git a/fuzz/corpora/asn1/22b8677fa5e61d164a9973520a4fc994411d53d8 b/fuzz/corpora/asn1/22b8677fa5e61d164a9973520a4fc994411d53d8
+new file mode 100644
+index 000000000000..0797778eab63
+Binary files /dev/null and b/fuzz/corpora/asn1/22b8677fa5e61d164a9973520a4fc994411d53d8 differ
+diff --git a/fuzz/corpora/asn1/22ba65074f722e194e4f254dfd05feece3544554 b/fuzz/corpora/asn1/22ba65074f722e194e4f254dfd05feece3544554
+new file mode 100644
+index 000000000000..84e596ba9899
+Binary files /dev/null and b/fuzz/corpora/asn1/22ba65074f722e194e4f254dfd05feece3544554 differ
+diff --git a/fuzz/corpora/asn1/22c7b7467e763e11c0b875735bc67f7495ec8971 b/fuzz/corpora/asn1/22c7b7467e763e11c0b875735bc67f7495ec8971
+new file mode 100644
+index 000000000000..d5eedca8a93d
+Binary files /dev/null and b/fuzz/corpora/asn1/22c7b7467e763e11c0b875735bc67f7495ec8971 differ
+diff --git a/fuzz/corpora/asn1/22fdf61f7e1a31595e9c705699b55653a113da08 b/fuzz/corpora/asn1/22fdf61f7e1a31595e9c705699b55653a113da08
+new file mode 100644
+index 000000000000..766f8da67fec
+Binary files /dev/null and b/fuzz/corpora/asn1/22fdf61f7e1a31595e9c705699b55653a113da08 differ
+diff --git a/fuzz/corpora/asn1/2301d12dd043939f9884910c9310062e16665e12 b/fuzz/corpora/asn1/2301d12dd043939f9884910c9310062e16665e12
+new file mode 100644
+index 000000000000..f92a04a7dc2d
+Binary files /dev/null and b/fuzz/corpora/asn1/2301d12dd043939f9884910c9310062e16665e12 differ
+diff --git a/fuzz/corpora/asn1/23888ec012a499d9add5e708e7f78589024443f8 b/fuzz/corpora/asn1/23888ec012a499d9add5e708e7f78589024443f8
+new file mode 100644
+index 000000000000..769dbb309446
+Binary files /dev/null and b/fuzz/corpora/asn1/23888ec012a499d9add5e708e7f78589024443f8 differ
+diff --git a/fuzz/corpora/asn1/238b7bccecb441257f3b64f64ef7026643969d01 b/fuzz/corpora/asn1/238b7bccecb441257f3b64f64ef7026643969d01
+new file mode 100644
+index 000000000000..2a74be56aad1
+Binary files /dev/null and b/fuzz/corpora/asn1/238b7bccecb441257f3b64f64ef7026643969d01 differ
+diff --git a/fuzz/corpora/asn1/23b9b4f7a91481b0e2b6a1c1b0ac3e772d03478b b/fuzz/corpora/asn1/23b9b4f7a91481b0e2b6a1c1b0ac3e772d03478b
+new file mode 100644
+index 000000000000..157c6275efd7
+Binary files /dev/null and b/fuzz/corpora/asn1/23b9b4f7a91481b0e2b6a1c1b0ac3e772d03478b differ
+diff --git a/fuzz/corpora/asn1/23bad5d0182093cf73afe51291b2bd62f1d70602 b/fuzz/corpora/asn1/23bad5d0182093cf73afe51291b2bd62f1d70602
+new file mode 100644
+index 000000000000..de878d6913b0
+Binary files /dev/null and b/fuzz/corpora/asn1/23bad5d0182093cf73afe51291b2bd62f1d70602 differ
+diff --git a/fuzz/corpora/asn1/23d6011c415d9692fd0ea26c7a8874af901ff82c b/fuzz/corpora/asn1/23d6011c415d9692fd0ea26c7a8874af901ff82c
+new file mode 100644
+index 000000000000..f3ffdddd0f33
+Binary files /dev/null and b/fuzz/corpora/asn1/23d6011c415d9692fd0ea26c7a8874af901ff82c differ
+diff --git a/fuzz/corpora/asn1/240b76e7cac6fb08aba0d3e179e210debb9f5489 b/fuzz/corpora/asn1/240b76e7cac6fb08aba0d3e179e210debb9f5489
+new file mode 100644
+index 000000000000..ca9003e548d1
+Binary files /dev/null and b/fuzz/corpora/asn1/240b76e7cac6fb08aba0d3e179e210debb9f5489 differ
+diff --git a/fuzz/corpora/asn1/2429daf99e904bf0e49c41eab58e9e9f582fb271 b/fuzz/corpora/asn1/2429daf99e904bf0e49c41eab58e9e9f582fb271
+new file mode 100644
+index 000000000000..258d006710ab
+Binary files /dev/null and b/fuzz/corpora/asn1/2429daf99e904bf0e49c41eab58e9e9f582fb271 differ
+diff --git a/fuzz/corpora/asn1/24e0a937b69fc7c867190b72230206588cbeb1dc b/fuzz/corpora/asn1/24e0a937b69fc7c867190b72230206588cbeb1dc
+new file mode 100644
+index 000000000000..df33d18e9508
+Binary files /dev/null and b/fuzz/corpora/asn1/24e0a937b69fc7c867190b72230206588cbeb1dc differ
+diff --git a/fuzz/corpora/asn1/254bb13b0222fb6b639a329349ca942ce21bf9c8 b/fuzz/corpora/asn1/254bb13b0222fb6b639a329349ca942ce21bf9c8
+new file mode 100644
+index 000000000000..0df8b8b2871b
+Binary files /dev/null and b/fuzz/corpora/asn1/254bb13b0222fb6b639a329349ca942ce21bf9c8 differ
+diff --git a/fuzz/corpora/asn1/2568e2299910fe70d10a41f1a6f4aad8cde5eda9 b/fuzz/corpora/asn1/2568e2299910fe70d10a41f1a6f4aad8cde5eda9
+new file mode 100644
+index 000000000000..c0201ca2cbc5
+Binary files /dev/null and b/fuzz/corpora/asn1/2568e2299910fe70d10a41f1a6f4aad8cde5eda9 differ
+diff --git a/fuzz/corpora/asn1/258c3722f6f55c8c677a00d523e21c04fe71006b b/fuzz/corpora/asn1/258c3722f6f55c8c677a00d523e21c04fe71006b
+new file mode 100644
+index 000000000000..f230d20ff7dd
+Binary files /dev/null and b/fuzz/corpora/asn1/258c3722f6f55c8c677a00d523e21c04fe71006b differ
+diff --git a/fuzz/corpora/asn1/258e5dc1a2e567d4b0fb7b19358c71f55a588119 b/fuzz/corpora/asn1/258e5dc1a2e567d4b0fb7b19358c71f55a588119
+new file mode 100644
+index 000000000000..b6f49a3f07c2
+Binary files /dev/null and b/fuzz/corpora/asn1/258e5dc1a2e567d4b0fb7b19358c71f55a588119 differ
+diff --git a/fuzz/corpora/asn1/25a0f46987cfab0c601efaa7c24f6c3d438a1e9a b/fuzz/corpora/asn1/25a0f46987cfab0c601efaa7c24f6c3d438a1e9a
+new file mode 100644
+index 000000000000..7ff7ce600235
+Binary files /dev/null and b/fuzz/corpora/asn1/25a0f46987cfab0c601efaa7c24f6c3d438a1e9a differ
+diff --git a/fuzz/corpora/asn1/25a151c6df6b962ed710dcd1db6f1e73222b9bac b/fuzz/corpora/asn1/25a151c6df6b962ed710dcd1db6f1e73222b9bac
+new file mode 100644
+index 000000000000..ac0f42257416
+Binary files /dev/null and b/fuzz/corpora/asn1/25a151c6df6b962ed710dcd1db6f1e73222b9bac differ
+diff --git a/fuzz/corpora/asn1/25c6c63bb819f3b2b5c585fac9930146549b2b46 b/fuzz/corpora/asn1/25c6c63bb819f3b2b5c585fac9930146549b2b46
+new file mode 100644
+index 000000000000..943c708c9df4
+Binary files /dev/null and b/fuzz/corpora/asn1/25c6c63bb819f3b2b5c585fac9930146549b2b46 differ
+diff --git a/fuzz/corpora/asn1/2602870808dcf0cfd8769711da521a4e36305584 b/fuzz/corpora/asn1/2602870808dcf0cfd8769711da521a4e36305584
+new file mode 100644
+index 000000000000..1f01758eb859
+Binary files /dev/null and b/fuzz/corpora/asn1/2602870808dcf0cfd8769711da521a4e36305584 differ
+diff --git a/fuzz/corpora/asn1/26ce4fb388700a94829960923d905c7d64a17289 b/fuzz/corpora/asn1/26ce4fb388700a94829960923d905c7d64a17289
+new file mode 100644
+index 000000000000..47474b671a56
+Binary files /dev/null and b/fuzz/corpora/asn1/26ce4fb388700a94829960923d905c7d64a17289 differ
+diff --git a/fuzz/corpora/asn1/274032d165ba23c575d462dc7324503b0c77f23f b/fuzz/corpora/asn1/274032d165ba23c575d462dc7324503b0c77f23f
+new file mode 100644
+index 000000000000..f01b0795023a
+Binary files /dev/null and b/fuzz/corpora/asn1/274032d165ba23c575d462dc7324503b0c77f23f differ
+diff --git a/fuzz/corpora/asn1/276026734873c5f136a7977097fdf126ec105808 b/fuzz/corpora/asn1/276026734873c5f136a7977097fdf126ec105808
+new file mode 100644
+index 000000000000..db951d0f0081
+Binary files /dev/null and b/fuzz/corpora/asn1/276026734873c5f136a7977097fdf126ec105808 differ
+diff --git a/fuzz/corpora/asn1/2790bc59bcc4fcb8b723e054e924537037d8cce9 b/fuzz/corpora/asn1/2790bc59bcc4fcb8b723e054e924537037d8cce9
+new file mode 100644
+index 000000000000..d275eb282ac8
+Binary files /dev/null and b/fuzz/corpora/asn1/2790bc59bcc4fcb8b723e054e924537037d8cce9 differ
+diff --git a/fuzz/corpora/asn1/27cf87c0b8442959521234a5db06357cce410119 b/fuzz/corpora/asn1/27cf87c0b8442959521234a5db06357cce410119
+new file mode 100644
+index 000000000000..499db7f2da39
+Binary files /dev/null and b/fuzz/corpora/asn1/27cf87c0b8442959521234a5db06357cce410119 differ
+diff --git a/fuzz/corpora/asn1/27f65c19ea22fc48433cf9e3fd84d8cf308b6d64 b/fuzz/corpora/asn1/27f65c19ea22fc48433cf9e3fd84d8cf308b6d64
+new file mode 100644
+index 000000000000..e410e2d5c101
+Binary files /dev/null and b/fuzz/corpora/asn1/27f65c19ea22fc48433cf9e3fd84d8cf308b6d64 differ
+diff --git a/fuzz/corpora/asn1/282263dbe3f55f0ad78656577b16e33b865914b7 b/fuzz/corpora/asn1/282263dbe3f55f0ad78656577b16e33b865914b7
+new file mode 100644
+index 000000000000..470049a119c8
+Binary files /dev/null and b/fuzz/corpora/asn1/282263dbe3f55f0ad78656577b16e33b865914b7 differ
+diff --git a/fuzz/corpora/asn1/2868e5eb39ab9ef34cfe3da20c868bc90b0a420e b/fuzz/corpora/asn1/2868e5eb39ab9ef34cfe3da20c868bc90b0a420e
+new file mode 100644
+index 000000000000..95200d447f71
+Binary files /dev/null and b/fuzz/corpora/asn1/2868e5eb39ab9ef34cfe3da20c868bc90b0a420e differ
+diff --git a/fuzz/corpora/asn1/286a29ff211d6dfbc87f2c2c6a83b34b0f06f741 b/fuzz/corpora/asn1/286a29ff211d6dfbc87f2c2c6a83b34b0f06f741
+new file mode 100644
+index 000000000000..6c566e960eb5
+Binary files /dev/null and b/fuzz/corpora/asn1/286a29ff211d6dfbc87f2c2c6a83b34b0f06f741 differ
+diff --git a/fuzz/corpora/asn1/286cf42c7bd0092de67994ee688ee44c7ffce7e8 b/fuzz/corpora/asn1/286cf42c7bd0092de67994ee688ee44c7ffce7e8
+new file mode 100644
+index 000000000000..7d462089f25f
+Binary files /dev/null and b/fuzz/corpora/asn1/286cf42c7bd0092de67994ee688ee44c7ffce7e8 differ
+diff --git a/fuzz/corpora/asn1/289fe8e5651232538829c69e8030051abd67d7cc b/fuzz/corpora/asn1/289fe8e5651232538829c69e8030051abd67d7cc
+new file mode 100644
+index 000000000000..769f26cec4dd
+Binary files /dev/null and b/fuzz/corpora/asn1/289fe8e5651232538829c69e8030051abd67d7cc differ
+diff --git a/fuzz/corpora/asn1/28a1084fe28431c25765a8b81d40af5eea214340 b/fuzz/corpora/asn1/28a1084fe28431c25765a8b81d40af5eea214340
+new file mode 100644
+index 000000000000..24675c267928
+Binary files /dev/null and b/fuzz/corpora/asn1/28a1084fe28431c25765a8b81d40af5eea214340 differ
+diff --git a/fuzz/corpora/asn1/28e63264622153fbaf072399811b3fd639f7d706 b/fuzz/corpora/asn1/28e63264622153fbaf072399811b3fd639f7d706
+new file mode 100644
+index 000000000000..984b9301150e
+Binary files /dev/null and b/fuzz/corpora/asn1/28e63264622153fbaf072399811b3fd639f7d706 differ
+diff --git a/fuzz/corpora/asn1/299c515ae8722d3c25390383337b1ce7f490a65c b/fuzz/corpora/asn1/299c515ae8722d3c25390383337b1ce7f490a65c
+new file mode 100644
+index 000000000000..55a6aed54745
+Binary files /dev/null and b/fuzz/corpora/asn1/299c515ae8722d3c25390383337b1ce7f490a65c differ
+diff --git a/fuzz/corpora/asn1/29aa0c13b9f412ae32e7e750f1a68c7555ffa1e4 b/fuzz/corpora/asn1/29aa0c13b9f412ae32e7e750f1a68c7555ffa1e4
+new file mode 100644
+index 000000000000..35a1a65730ca
+Binary files /dev/null and b/fuzz/corpora/asn1/29aa0c13b9f412ae32e7e750f1a68c7555ffa1e4 differ
+diff --git a/fuzz/corpora/asn1/29adeb146c70c05bf9865083e5bac6e6de39fcf5 b/fuzz/corpora/asn1/29adeb146c70c05bf9865083e5bac6e6de39fcf5
+new file mode 100644
+index 000000000000..1dc52a3ef2e2
+Binary files /dev/null and b/fuzz/corpora/asn1/29adeb146c70c05bf9865083e5bac6e6de39fcf5 differ
+diff --git a/fuzz/corpora/asn1/29ae6887f41b281016c90897e9ee51899a813582 b/fuzz/corpora/asn1/29ae6887f41b281016c90897e9ee51899a813582
+new file mode 100644
+index 000000000000..888c5cfdcd0b
+Binary files /dev/null and b/fuzz/corpora/asn1/29ae6887f41b281016c90897e9ee51899a813582 differ
+diff --git a/fuzz/corpora/asn1/29b75ea701babb1529b2a27dfac4c4dd555afe61 b/fuzz/corpora/asn1/29b75ea701babb1529b2a27dfac4c4dd555afe61
+new file mode 100644
+index 000000000000..117366889bca
+Binary files /dev/null and b/fuzz/corpora/asn1/29b75ea701babb1529b2a27dfac4c4dd555afe61 differ
+diff --git a/fuzz/corpora/asn1/29d500715988c0b1bad870b28b922860dd559f49 b/fuzz/corpora/asn1/29d500715988c0b1bad870b28b922860dd559f49
+new file mode 100644
+index 000000000000..dd8f1b1e222b
+Binary files /dev/null and b/fuzz/corpora/asn1/29d500715988c0b1bad870b28b922860dd559f49 differ
+diff --git a/fuzz/corpora/asn1/29eaa6bc67968ff5d45704dc9fcf27950c863cc8 b/fuzz/corpora/asn1/29eaa6bc67968ff5d45704dc9fcf27950c863cc8
+new file mode 100644
+index 000000000000..2b8672a98e6a
+Binary files /dev/null and b/fuzz/corpora/asn1/29eaa6bc67968ff5d45704dc9fcf27950c863cc8 differ
+diff --git a/fuzz/corpora/asn1/2a0d22ca1d1394af74e7dee4658b44f99a0e19cf b/fuzz/corpora/asn1/2a0d22ca1d1394af74e7dee4658b44f99a0e19cf
+new file mode 100644
+index 000000000000..8b77169ef790
+Binary files /dev/null and b/fuzz/corpora/asn1/2a0d22ca1d1394af74e7dee4658b44f99a0e19cf differ
+diff --git a/fuzz/corpora/asn1/2a837a1e03b0d434c0d75d9f43f780cc2873f544 b/fuzz/corpora/asn1/2a837a1e03b0d434c0d75d9f43f780cc2873f544
+new file mode 100644
+index 000000000000..2ff38bca431d
+Binary files /dev/null and b/fuzz/corpora/asn1/2a837a1e03b0d434c0d75d9f43f780cc2873f544 differ
+diff --git a/fuzz/corpora/asn1/2aaad08da76eaa70cac287b77c0cceb0c4c78dbd b/fuzz/corpora/asn1/2aaad08da76eaa70cac287b77c0cceb0c4c78dbd
+new file mode 100644
+index 000000000000..4b39084788fa
+Binary files /dev/null and b/fuzz/corpora/asn1/2aaad08da76eaa70cac287b77c0cceb0c4c78dbd differ
+diff --git a/fuzz/corpora/asn1/2ab76f38fef86fda829246ae957106902376d27b b/fuzz/corpora/asn1/2ab76f38fef86fda829246ae957106902376d27b
+new file mode 100644
+index 000000000000..22d93f870cff
+Binary files /dev/null and b/fuzz/corpora/asn1/2ab76f38fef86fda829246ae957106902376d27b differ
+diff --git a/fuzz/corpora/asn1/2abc6a93ce800d9ea7730558e1aa6aad4ead9dfd b/fuzz/corpora/asn1/2abc6a93ce800d9ea7730558e1aa6aad4ead9dfd
+new file mode 100644
+index 000000000000..fa779fcb67c0
+Binary files /dev/null and b/fuzz/corpora/asn1/2abc6a93ce800d9ea7730558e1aa6aad4ead9dfd differ
+diff --git a/fuzz/corpora/asn1/2ac6ce6fb846327a0c32184e87726b0fe8fe0d70 b/fuzz/corpora/asn1/2ac6ce6fb846327a0c32184e87726b0fe8fe0d70
+new file mode 100644
+index 000000000000..17a92bf03e6c
+Binary files /dev/null and b/fuzz/corpora/asn1/2ac6ce6fb846327a0c32184e87726b0fe8fe0d70 differ
+diff --git a/fuzz/corpora/asn1/2aee1e5373981f68fc42991d5d880bfa91e3e514 b/fuzz/corpora/asn1/2aee1e5373981f68fc42991d5d880bfa91e3e514
+new file mode 100644
+index 000000000000..5831e2bde9f4
+Binary files /dev/null and b/fuzz/corpora/asn1/2aee1e5373981f68fc42991d5d880bfa91e3e514 differ
+diff --git a/fuzz/corpora/asn1/2b3e079aaef29487060bc0ffb43eae3dabe04e8b b/fuzz/corpora/asn1/2b3e079aaef29487060bc0ffb43eae3dabe04e8b
+new file mode 100644
+index 000000000000..855f481cb891
+Binary files /dev/null and b/fuzz/corpora/asn1/2b3e079aaef29487060bc0ffb43eae3dabe04e8b differ
+diff --git a/fuzz/corpora/asn1/2b7ef105f42e8599276b8e4d9426095fbeec562f b/fuzz/corpora/asn1/2b7ef105f42e8599276b8e4d9426095fbeec562f
+new file mode 100644
+index 000000000000..6a081cb8f6fb
+Binary files /dev/null and b/fuzz/corpora/asn1/2b7ef105f42e8599276b8e4d9426095fbeec562f differ
+diff --git a/fuzz/corpora/asn1/2be508d4d84a8b47541ff482e1608fdca76cab24 b/fuzz/corpora/asn1/2be508d4d84a8b47541ff482e1608fdca76cab24
+new file mode 100644
+index 000000000000..2619f6dd0991
+Binary files /dev/null and b/fuzz/corpora/asn1/2be508d4d84a8b47541ff482e1608fdca76cab24 differ
+diff --git a/fuzz/corpora/asn1/2c63ec92fe4cb9e0a525b7cf698a4de56d565e8b b/fuzz/corpora/asn1/2c63ec92fe4cb9e0a525b7cf698a4de56d565e8b
+new file mode 100644
+index 000000000000..f2386cd2e867
+Binary files /dev/null and b/fuzz/corpora/asn1/2c63ec92fe4cb9e0a525b7cf698a4de56d565e8b differ
+diff --git a/fuzz/corpora/asn1/2c7de37347c7058f28a98df7cf101275014ccb28 b/fuzz/corpora/asn1/2c7de37347c7058f28a98df7cf101275014ccb28
+new file mode 100644
+index 000000000000..c55534f24c1d
+Binary files /dev/null and b/fuzz/corpora/asn1/2c7de37347c7058f28a98df7cf101275014ccb28 differ
+diff --git a/fuzz/corpora/asn1/2c8e5c79be44522d4352d53996e32f3a670774fd b/fuzz/corpora/asn1/2c8e5c79be44522d4352d53996e32f3a670774fd
+new file mode 100644
+index 000000000000..6189c650e062
+Binary files /dev/null and b/fuzz/corpora/asn1/2c8e5c79be44522d4352d53996e32f3a670774fd differ
+diff --git a/fuzz/corpora/asn1/2d0c85cd8954f77e3627847d781f89278791093d b/fuzz/corpora/asn1/2d0c85cd8954f77e3627847d781f89278791093d
+new file mode 100644
+index 000000000000..8d4f0aaaa5cc
+Binary files /dev/null and b/fuzz/corpora/asn1/2d0c85cd8954f77e3627847d781f89278791093d differ
+diff --git a/fuzz/corpora/asn1/2d151e2767871afbfda4242267f3f8c3efecc044 b/fuzz/corpora/asn1/2d151e2767871afbfda4242267f3f8c3efecc044
+new file mode 100644
+index 000000000000..98122a17080c
+Binary files /dev/null and b/fuzz/corpora/asn1/2d151e2767871afbfda4242267f3f8c3efecc044 differ
+diff --git a/fuzz/corpora/asn1/2d6fb194ecb3d9472a5cb88eedfbd3c64d75f7ef b/fuzz/corpora/asn1/2d6fb194ecb3d9472a5cb88eedfbd3c64d75f7ef
+new file mode 100644
+index 000000000000..0476c4269e80
+Binary files /dev/null and b/fuzz/corpora/asn1/2d6fb194ecb3d9472a5cb88eedfbd3c64d75f7ef differ
+diff --git a/fuzz/corpora/asn1/2d80f315c5a0d78bf4c98a1fc8ad6de2376901d8 b/fuzz/corpora/asn1/2d80f315c5a0d78bf4c98a1fc8ad6de2376901d8
+new file mode 100644
+index 000000000000..53f0140f22f0
+Binary files /dev/null and b/fuzz/corpora/asn1/2d80f315c5a0d78bf4c98a1fc8ad6de2376901d8 differ
+diff --git a/fuzz/corpora/asn1/2e5a4fd1d9458f0a9f575e23e4e496fe64c1e287 b/fuzz/corpora/asn1/2e5a4fd1d9458f0a9f575e23e4e496fe64c1e287
+new file mode 100644
+index 000000000000..54301154c376
+Binary files /dev/null and b/fuzz/corpora/asn1/2e5a4fd1d9458f0a9f575e23e4e496fe64c1e287 differ
+diff --git a/fuzz/corpora/asn1/2ea5a6132619dafbaf60c7971ab8c58ba883eb0f b/fuzz/corpora/asn1/2ea5a6132619dafbaf60c7971ab8c58ba883eb0f
+new file mode 100644
+index 000000000000..6133e1aed084
+Binary files /dev/null and b/fuzz/corpora/asn1/2ea5a6132619dafbaf60c7971ab8c58ba883eb0f differ
+diff --git a/fuzz/corpora/asn1/2ec11642f3840d2b802b820287e3a7896752c524 b/fuzz/corpora/asn1/2ec11642f3840d2b802b820287e3a7896752c524
+new file mode 100644
+index 000000000000..6d262eaa2adf
+Binary files /dev/null and b/fuzz/corpora/asn1/2ec11642f3840d2b802b820287e3a7896752c524 differ
+diff --git a/fuzz/corpora/asn1/2f0c98d261ece1c10c4cf7a896f26be3e3c10725 b/fuzz/corpora/asn1/2f0c98d261ece1c10c4cf7a896f26be3e3c10725
+new file mode 100644
+index 000000000000..2a5e54821c13
+Binary files /dev/null and b/fuzz/corpora/asn1/2f0c98d261ece1c10c4cf7a896f26be3e3c10725 differ
+diff --git a/fuzz/corpora/asn1/2f17fec625b82b28d57da5cb2f21f84975887f26 b/fuzz/corpora/asn1/2f17fec625b82b28d57da5cb2f21f84975887f26
+new file mode 100644
+index 000000000000..447204e0f245
+Binary files /dev/null and b/fuzz/corpora/asn1/2f17fec625b82b28d57da5cb2f21f84975887f26 differ
+diff --git a/fuzz/corpora/asn1/2f35ba09a1c3cfada9a3095668bf3d415096c753 b/fuzz/corpora/asn1/2f35ba09a1c3cfada9a3095668bf3d415096c753
+new file mode 100644
+index 000000000000..688c79ce4d56
+Binary files /dev/null and b/fuzz/corpora/asn1/2f35ba09a1c3cfada9a3095668bf3d415096c753 differ
+diff --git a/fuzz/corpora/asn1/2f3690062b0c5c791dc4a3c8981584f6dc98e501 b/fuzz/corpora/asn1/2f3690062b0c5c791dc4a3c8981584f6dc98e501
+new file mode 100644
+index 000000000000..b2882252fc07
+Binary files /dev/null and b/fuzz/corpora/asn1/2f3690062b0c5c791dc4a3c8981584f6dc98e501 differ
+diff --git a/fuzz/corpora/asn1/2f3747513b466c2f4f6cd7d8b15d6015d74d1444 b/fuzz/corpora/asn1/2f3747513b466c2f4f6cd7d8b15d6015d74d1444
+new file mode 100644
+index 000000000000..c03fa4918861
+Binary files /dev/null and b/fuzz/corpora/asn1/2f3747513b466c2f4f6cd7d8b15d6015d74d1444 differ
+diff --git a/fuzz/corpora/asn1/2fa6dcc1aa3717361187ae962c1f7dee44d63a01 b/fuzz/corpora/asn1/2fa6dcc1aa3717361187ae962c1f7dee44d63a01
+new file mode 100644
+index 000000000000..61f58c04a2f7
+Binary files /dev/null and b/fuzz/corpora/asn1/2fa6dcc1aa3717361187ae962c1f7dee44d63a01 differ
+diff --git a/fuzz/corpora/asn1/2fbcbca97ebd948043a079535faffc43d90efcee b/fuzz/corpora/asn1/2fbcbca97ebd948043a079535faffc43d90efcee
+new file mode 100644
+index 000000000000..de34a22cfe54
+Binary files /dev/null and b/fuzz/corpora/asn1/2fbcbca97ebd948043a079535faffc43d90efcee differ
+diff --git a/fuzz/corpora/asn1/2fc58c8fad13ef6edb1485702ecb77f3990c5122 b/fuzz/corpora/asn1/2fc58c8fad13ef6edb1485702ecb77f3990c5122
+new file mode 100644
+index 000000000000..f1522253c328
+Binary files /dev/null and b/fuzz/corpora/asn1/2fc58c8fad13ef6edb1485702ecb77f3990c5122 differ
+diff --git a/fuzz/corpora/asn1/308c4a1eb9b3b74f9bdd4d59284c516b830e06de b/fuzz/corpora/asn1/308c4a1eb9b3b74f9bdd4d59284c516b830e06de
+new file mode 100644
+index 000000000000..dea896594aa5
+Binary files /dev/null and b/fuzz/corpora/asn1/308c4a1eb9b3b74f9bdd4d59284c516b830e06de differ
+diff --git a/fuzz/corpora/asn1/3091f307e992716bdb62fa83b359d8935258b512 b/fuzz/corpora/asn1/3091f307e992716bdb62fa83b359d8935258b512
+new file mode 100644
+index 000000000000..3972b53f08fc
+Binary files /dev/null and b/fuzz/corpora/asn1/3091f307e992716bdb62fa83b359d8935258b512 differ
+diff --git a/fuzz/corpora/asn1/31bae95d75fbd8521595379199c9a72503ad4fb4 b/fuzz/corpora/asn1/31bae95d75fbd8521595379199c9a72503ad4fb4
+new file mode 100644
+index 000000000000..164ea84f2548
+Binary files /dev/null and b/fuzz/corpora/asn1/31bae95d75fbd8521595379199c9a72503ad4fb4 differ
+diff --git a/fuzz/corpora/asn1/31efd0749e5bd8bb2a721f017ee336d615993c39 b/fuzz/corpora/asn1/31efd0749e5bd8bb2a721f017ee336d615993c39
+new file mode 100644
+index 000000000000..6d8f47514fd5
+Binary files /dev/null and b/fuzz/corpora/asn1/31efd0749e5bd8bb2a721f017ee336d615993c39 differ
+diff --git a/fuzz/corpora/asn1/324ae92dbc48dd4b6fa71e8db0291f0b3ea1491e b/fuzz/corpora/asn1/324ae92dbc48dd4b6fa71e8db0291f0b3ea1491e
+new file mode 100644
+index 000000000000..c01159839b22
+Binary files /dev/null and b/fuzz/corpora/asn1/324ae92dbc48dd4b6fa71e8db0291f0b3ea1491e differ
+diff --git a/fuzz/corpora/asn1/32993b1e22e7c1a062d8daa458e3271743a76218 b/fuzz/corpora/asn1/32993b1e22e7c1a062d8daa458e3271743a76218
+new file mode 100644
+index 000000000000..b47112bc584d
+Binary files /dev/null and b/fuzz/corpora/asn1/32993b1e22e7c1a062d8daa458e3271743a76218 differ
+diff --git a/fuzz/corpora/asn1/32ec115ba802de649770e054c9d36a639f6f8155 b/fuzz/corpora/asn1/32ec115ba802de649770e054c9d36a639f6f8155
+new file mode 100644
+index 000000000000..d379f13486e8
+Binary files /dev/null and b/fuzz/corpora/asn1/32ec115ba802de649770e054c9d36a639f6f8155 differ
+diff --git a/fuzz/corpora/asn1/3345ea88558a21fd3bb53822ecdc33b459046957 b/fuzz/corpora/asn1/3345ea88558a21fd3bb53822ecdc33b459046957
+new file mode 100644
+index 000000000000..8e9377e8ee0d
+Binary files /dev/null and b/fuzz/corpora/asn1/3345ea88558a21fd3bb53822ecdc33b459046957 differ
+diff --git a/fuzz/corpora/asn1/335e71b1cd8a69f6fb0a5c2136f4faa1f337bb25 b/fuzz/corpora/asn1/335e71b1cd8a69f6fb0a5c2136f4faa1f337bb25
+new file mode 100644
+index 000000000000..a9d0bd98194a
+Binary files /dev/null and b/fuzz/corpora/asn1/335e71b1cd8a69f6fb0a5c2136f4faa1f337bb25 differ
+diff --git a/fuzz/corpora/asn1/33640152e3f87368bcbc9124a3d9c67f7eab375e b/fuzz/corpora/asn1/33640152e3f87368bcbc9124a3d9c67f7eab375e
+new file mode 100644
+index 000000000000..536b838f597d
+Binary files /dev/null and b/fuzz/corpora/asn1/33640152e3f87368bcbc9124a3d9c67f7eab375e differ
+diff --git a/fuzz/corpora/asn1/3365e0ec84b9a429141c86cbe2f3ebd3f22a6205 b/fuzz/corpora/asn1/3365e0ec84b9a429141c86cbe2f3ebd3f22a6205
+new file mode 100644
+index 000000000000..f02f3efe7ec8
+Binary files /dev/null and b/fuzz/corpora/asn1/3365e0ec84b9a429141c86cbe2f3ebd3f22a6205 differ
+diff --git a/fuzz/corpora/asn1/3398f7c81fa17a295440d5c6c1734e075fc7961c b/fuzz/corpora/asn1/3398f7c81fa17a295440d5c6c1734e075fc7961c
+new file mode 100644
+index 000000000000..6d6ce05f61a3
+Binary files /dev/null and b/fuzz/corpora/asn1/3398f7c81fa17a295440d5c6c1734e075fc7961c differ
+diff --git a/fuzz/corpora/asn1/33aa7fe8f56534d8dd685a2f5944110d9e4504d8 b/fuzz/corpora/asn1/33aa7fe8f56534d8dd685a2f5944110d9e4504d8
+new file mode 100644
+index 000000000000..98d650f23949
+Binary files /dev/null and b/fuzz/corpora/asn1/33aa7fe8f56534d8dd685a2f5944110d9e4504d8 differ
+diff --git a/fuzz/corpora/asn1/33f3f542543ab87f70e1415f677e499a8233d352 b/fuzz/corpora/asn1/33f3f542543ab87f70e1415f677e499a8233d352
+new file mode 100644
+index 000000000000..c027dd420fd5
+Binary files /dev/null and b/fuzz/corpora/asn1/33f3f542543ab87f70e1415f677e499a8233d352 differ
+diff --git a/fuzz/corpora/asn1/340649abd7da378a2616dfe2df3e848a14e57d82 b/fuzz/corpora/asn1/340649abd7da378a2616dfe2df3e848a14e57d82
+new file mode 100644
+index 000000000000..01dd76856a04
+Binary files /dev/null and b/fuzz/corpora/asn1/340649abd7da378a2616dfe2df3e848a14e57d82 differ
+diff --git a/fuzz/corpora/asn1/342a72acd28c8beabc11ba03cf5cfe5e29fb0657 b/fuzz/corpora/asn1/342a72acd28c8beabc11ba03cf5cfe5e29fb0657
+new file mode 100644
+index 000000000000..2019910638eb
+Binary files /dev/null and b/fuzz/corpora/asn1/342a72acd28c8beabc11ba03cf5cfe5e29fb0657 differ
+diff --git a/fuzz/corpora/asn1/347dd0de7cf0f565ec54d397328f445823c4773d b/fuzz/corpora/asn1/347dd0de7cf0f565ec54d397328f445823c4773d
+new file mode 100644
+index 000000000000..5718ff43fd11
+Binary files /dev/null and b/fuzz/corpora/asn1/347dd0de7cf0f565ec54d397328f445823c4773d differ
+diff --git a/fuzz/corpora/asn1/34f87a6723a129df6b77dd48c3ed7d2b0e93a8f8 b/fuzz/corpora/asn1/34f87a6723a129df6b77dd48c3ed7d2b0e93a8f8
+new file mode 100644
+index 000000000000..68d7e30c3f40
+Binary files /dev/null and b/fuzz/corpora/asn1/34f87a6723a129df6b77dd48c3ed7d2b0e93a8f8 differ
+diff --git a/fuzz/corpora/asn1/3553c9ee5c3061eda35d337eabfc4b1d1fee1018 b/fuzz/corpora/asn1/3553c9ee5c3061eda35d337eabfc4b1d1fee1018
+new file mode 100644
+index 000000000000..dba3e0906502
+Binary files /dev/null and b/fuzz/corpora/asn1/3553c9ee5c3061eda35d337eabfc4b1d1fee1018 differ
+diff --git a/fuzz/corpora/asn1/3557240ca93beec043e641994a209585894ebeb4 b/fuzz/corpora/asn1/3557240ca93beec043e641994a209585894ebeb4
+new file mode 100644
+index 000000000000..79d54893eb2f
+Binary files /dev/null and b/fuzz/corpora/asn1/3557240ca93beec043e641994a209585894ebeb4 differ
+diff --git a/fuzz/corpora/asn1/3558d7b1edf4d3b58973935ee6a3c31d8c9ec086 b/fuzz/corpora/asn1/3558d7b1edf4d3b58973935ee6a3c31d8c9ec086
+new file mode 100644
+index 000000000000..ea8f1e6360cf
+Binary files /dev/null and b/fuzz/corpora/asn1/3558d7b1edf4d3b58973935ee6a3c31d8c9ec086 differ
+diff --git a/fuzz/corpora/asn1/3562d2d60fb420b5a7fd445c97ac1ed26c154983 b/fuzz/corpora/asn1/3562d2d60fb420b5a7fd445c97ac1ed26c154983
+new file mode 100644
+index 000000000000..1dd8e1bc84ef
+Binary files /dev/null and b/fuzz/corpora/asn1/3562d2d60fb420b5a7fd445c97ac1ed26c154983 differ
+diff --git a/fuzz/corpora/asn1/35668d658eb21650f177d3b3309456ee524e0350 b/fuzz/corpora/asn1/35668d658eb21650f177d3b3309456ee524e0350
+new file mode 100644
+index 000000000000..93fbbe858738
+Binary files /dev/null and b/fuzz/corpora/asn1/35668d658eb21650f177d3b3309456ee524e0350 differ
+diff --git a/fuzz/corpora/asn1/35b2b716aea4456bfeae4d08c1736b35fce9cb55 b/fuzz/corpora/asn1/35b2b716aea4456bfeae4d08c1736b35fce9cb55
+new file mode 100644
+index 000000000000..9b8cc690cb46
+Binary files /dev/null and b/fuzz/corpora/asn1/35b2b716aea4456bfeae4d08c1736b35fce9cb55 differ
+diff --git a/fuzz/corpora/asn1/35c48b64dc3351326e0cb0e72428fef18f2f58d7 b/fuzz/corpora/asn1/35c48b64dc3351326e0cb0e72428fef18f2f58d7
+new file mode 100644
+index 000000000000..81b5fdbd5150
+Binary files /dev/null and b/fuzz/corpora/asn1/35c48b64dc3351326e0cb0e72428fef18f2f58d7 differ
+diff --git a/fuzz/corpora/asn1/372c4bd3080e916656916a6e7ef72238ae6a0b41 b/fuzz/corpora/asn1/372c4bd3080e916656916a6e7ef72238ae6a0b41
+new file mode 100644
+index 000000000000..b5cc6aa7d007
+Binary files /dev/null and b/fuzz/corpora/asn1/372c4bd3080e916656916a6e7ef72238ae6a0b41 differ
+diff --git a/fuzz/corpora/asn1/373c20c673904557072807eeb8a3b019a6d4de16 b/fuzz/corpora/asn1/373c20c673904557072807eeb8a3b019a6d4de16
+new file mode 100644
+index 000000000000..7c4c3cbe5304
+Binary files /dev/null and b/fuzz/corpora/asn1/373c20c673904557072807eeb8a3b019a6d4de16 differ
+diff --git a/fuzz/corpora/asn1/3761a14f82e3838372064a842054d0a831551d81 b/fuzz/corpora/asn1/3761a14f82e3838372064a842054d0a831551d81
+new file mode 100644
+index 000000000000..04fb84b65da2
+Binary files /dev/null and b/fuzz/corpora/asn1/3761a14f82e3838372064a842054d0a831551d81 differ
+diff --git a/fuzz/corpora/asn1/37a1a60f88829b65f67c18c4cf96d63e07c53b07 b/fuzz/corpora/asn1/37a1a60f88829b65f67c18c4cf96d63e07c53b07
+new file mode 100644
+index 000000000000..38fb48a489fb
+Binary files /dev/null and b/fuzz/corpora/asn1/37a1a60f88829b65f67c18c4cf96d63e07c53b07 differ
+diff --git a/fuzz/corpora/asn1/37c8f0074d53bc5e5525e341ca9fae8bd721f459 b/fuzz/corpora/asn1/37c8f0074d53bc5e5525e341ca9fae8bd721f459
+new file mode 100644
+index 000000000000..8c4a47ca3650
+Binary files /dev/null and b/fuzz/corpora/asn1/37c8f0074d53bc5e5525e341ca9fae8bd721f459 differ
+diff --git a/fuzz/corpora/asn1/39246e3ddf8d17c63acbb53a9bd98c2be1aaf091 b/fuzz/corpora/asn1/39246e3ddf8d17c63acbb53a9bd98c2be1aaf091
+new file mode 100644
+index 000000000000..f06f7b7ca4bc
+Binary files /dev/null and b/fuzz/corpora/asn1/39246e3ddf8d17c63acbb53a9bd98c2be1aaf091 differ
+diff --git a/fuzz/corpora/asn1/3ac4faff2c509300ae955882135c7613810617c5 b/fuzz/corpora/asn1/3ac4faff2c509300ae955882135c7613810617c5
+new file mode 100644
+index 000000000000..ad9302ab0dc2
+Binary files /dev/null and b/fuzz/corpora/asn1/3ac4faff2c509300ae955882135c7613810617c5 differ
+diff --git a/fuzz/corpora/asn1/3b03f1a607ad2e033db8294bf09593165c2e1451 b/fuzz/corpora/asn1/3b03f1a607ad2e033db8294bf09593165c2e1451
+new file mode 100644
+index 000000000000..36348b58ca20
+Binary files /dev/null and b/fuzz/corpora/asn1/3b03f1a607ad2e033db8294bf09593165c2e1451 differ
+diff --git a/fuzz/corpora/asn1/3b2e9dabca5952e1ccde7dbe8bebab3a396e369d b/fuzz/corpora/asn1/3b2e9dabca5952e1ccde7dbe8bebab3a396e369d
+new file mode 100644
+index 000000000000..eef66966c60c
+Binary files /dev/null and b/fuzz/corpora/asn1/3b2e9dabca5952e1ccde7dbe8bebab3a396e369d differ
+diff --git a/fuzz/corpora/asn1/3b3012c0790befbacce0423b4b9a1731c2b7398b b/fuzz/corpora/asn1/3b3012c0790befbacce0423b4b9a1731c2b7398b
+new file mode 100644
+index 000000000000..263cfbc84b2b
+Binary files /dev/null and b/fuzz/corpora/asn1/3b3012c0790befbacce0423b4b9a1731c2b7398b differ
+diff --git a/fuzz/corpora/asn1/3b62a04053794d2b1aaaf6bbb7bb6aa6d858e0a4 b/fuzz/corpora/asn1/3b62a04053794d2b1aaaf6bbb7bb6aa6d858e0a4
+new file mode 100644
+index 000000000000..327ed3630f6b
+Binary files /dev/null and b/fuzz/corpora/asn1/3b62a04053794d2b1aaaf6bbb7bb6aa6d858e0a4 differ
+diff --git a/fuzz/corpora/asn1/3b688908a8451f19eee475420bc05ba088ee83e5 b/fuzz/corpora/asn1/3b688908a8451f19eee475420bc05ba088ee83e5
+new file mode 100644
+index 000000000000..f7b05ae0b8d9
+Binary files /dev/null and b/fuzz/corpora/asn1/3b688908a8451f19eee475420bc05ba088ee83e5 differ
+diff --git a/fuzz/corpora/asn1/3b91bb66c77cef6dfc2b958cb2fcdda9ad66b1ad b/fuzz/corpora/asn1/3b91bb66c77cef6dfc2b958cb2fcdda9ad66b1ad
+new file mode 100644
+index 000000000000..099815fc7bdc
+Binary files /dev/null and b/fuzz/corpora/asn1/3b91bb66c77cef6dfc2b958cb2fcdda9ad66b1ad differ
+diff --git a/fuzz/corpora/asn1/3c0061faba125d478aa723e41a38b39bbfef2a5a b/fuzz/corpora/asn1/3c0061faba125d478aa723e41a38b39bbfef2a5a
+new file mode 100644
+index 000000000000..a04e196944e7
+Binary files /dev/null and b/fuzz/corpora/asn1/3c0061faba125d478aa723e41a38b39bbfef2a5a differ
+diff --git a/fuzz/corpora/asn1/3c4b1d6f32bea967aa5b715c82bfd1e17978c8c9 b/fuzz/corpora/asn1/3c4b1d6f32bea967aa5b715c82bfd1e17978c8c9
+new file mode 100644
+index 000000000000..6d8ae0dfaff7
+Binary files /dev/null and b/fuzz/corpora/asn1/3c4b1d6f32bea967aa5b715c82bfd1e17978c8c9 differ
+diff --git a/fuzz/corpora/asn1/3cde6c96c7a43b58183fd7ff717d1c79fc115f5e b/fuzz/corpora/asn1/3cde6c96c7a43b58183fd7ff717d1c79fc115f5e
+new file mode 100644
+index 000000000000..640e29f4850f
+Binary files /dev/null and b/fuzz/corpora/asn1/3cde6c96c7a43b58183fd7ff717d1c79fc115f5e differ
+diff --git a/fuzz/corpora/asn1/3d2648b87c8d17bb86586a6efffa133a35b7599b b/fuzz/corpora/asn1/3d2648b87c8d17bb86586a6efffa133a35b7599b
+new file mode 100644
+index 000000000000..9020d0eb161d
+Binary files /dev/null and b/fuzz/corpora/asn1/3d2648b87c8d17bb86586a6efffa133a35b7599b differ
+diff --git a/fuzz/corpora/asn1/3d2b6c5a4be444abd4c2cb87fd2e03c27d3a3712 b/fuzz/corpora/asn1/3d2b6c5a4be444abd4c2cb87fd2e03c27d3a3712
+new file mode 100644
+index 000000000000..5a106db2059a
+Binary files /dev/null and b/fuzz/corpora/asn1/3d2b6c5a4be444abd4c2cb87fd2e03c27d3a3712 differ
+diff --git a/fuzz/corpora/asn1/3da1b82eb5a9d1860dce2ec0b48ad49711714415 b/fuzz/corpora/asn1/3da1b82eb5a9d1860dce2ec0b48ad49711714415
+new file mode 100644
+index 000000000000..d32fae58308c
+Binary files /dev/null and b/fuzz/corpora/asn1/3da1b82eb5a9d1860dce2ec0b48ad49711714415 differ
+diff --git a/fuzz/corpora/asn1/3e41913af4b4331f71009b9d6f049ba83e805444 b/fuzz/corpora/asn1/3e41913af4b4331f71009b9d6f049ba83e805444
+new file mode 100644
+index 000000000000..4eadfc0c0bde
+Binary files /dev/null and b/fuzz/corpora/asn1/3e41913af4b4331f71009b9d6f049ba83e805444 differ
+diff --git a/fuzz/corpora/asn1/3e69affef0faebefd92d39989028740adbc96b49 b/fuzz/corpora/asn1/3e69affef0faebefd92d39989028740adbc96b49
+new file mode 100644
+index 000000000000..dd9c10169eba
+Binary files /dev/null and b/fuzz/corpora/asn1/3e69affef0faebefd92d39989028740adbc96b49 differ
+diff --git a/fuzz/corpora/asn1/3eb4f5c9466de7d4abfaa8b92d56922e33a69cdf b/fuzz/corpora/asn1/3eb4f5c9466de7d4abfaa8b92d56922e33a69cdf
+new file mode 100644
+index 000000000000..1951bd014216
+Binary files /dev/null and b/fuzz/corpora/asn1/3eb4f5c9466de7d4abfaa8b92d56922e33a69cdf differ
+diff --git a/fuzz/corpora/asn1/3ed299615f77d100884da486eaa721268cd6c96b b/fuzz/corpora/asn1/3ed299615f77d100884da486eaa721268cd6c96b
+new file mode 100644
+index 000000000000..f54f9dc3b76c
+Binary files /dev/null and b/fuzz/corpora/asn1/3ed299615f77d100884da486eaa721268cd6c96b differ
+diff --git a/fuzz/corpora/asn1/3f05f1c90e9685ef1b60026715fbf8e293beb85d b/fuzz/corpora/asn1/3f05f1c90e9685ef1b60026715fbf8e293beb85d
+new file mode 100644
+index 000000000000..7f3e4f0707f8
+Binary files /dev/null and b/fuzz/corpora/asn1/3f05f1c90e9685ef1b60026715fbf8e293beb85d differ
+diff --git a/fuzz/corpora/asn1/3f5db940cc48dc28381e9234c8660efa11e5e3ac b/fuzz/corpora/asn1/3f5db940cc48dc28381e9234c8660efa11e5e3ac
+new file mode 100644
+index 000000000000..d6738350fdbe
+Binary files /dev/null and b/fuzz/corpora/asn1/3f5db940cc48dc28381e9234c8660efa11e5e3ac differ
+diff --git a/fuzz/corpora/asn1/3fdae5bfc0c535516a550c3160fdd28d00232c51 b/fuzz/corpora/asn1/3fdae5bfc0c535516a550c3160fdd28d00232c51
+new file mode 100644
+index 000000000000..2b678c9adb79
+Binary files /dev/null and b/fuzz/corpora/asn1/3fdae5bfc0c535516a550c3160fdd28d00232c51 differ
+diff --git a/fuzz/corpora/asn1/3fe916bfaf697e95689700f48833330f29df514a b/fuzz/corpora/asn1/3fe916bfaf697e95689700f48833330f29df514a
+new file mode 100644
+index 000000000000..3672cb84066f
+Binary files /dev/null and b/fuzz/corpora/asn1/3fe916bfaf697e95689700f48833330f29df514a differ
+diff --git a/fuzz/corpora/asn1/40041aa929c8285a65ddb03adbef23803471f009 b/fuzz/corpora/asn1/40041aa929c8285a65ddb03adbef23803471f009
+new file mode 100644
+index 000000000000..a689874b340c
+Binary files /dev/null and b/fuzz/corpora/asn1/40041aa929c8285a65ddb03adbef23803471f009 differ
+diff --git a/fuzz/corpora/asn1/4031667f9c54ae01ee6916583ac7ac91d96ca839 b/fuzz/corpora/asn1/4031667f9c54ae01ee6916583ac7ac91d96ca839
+new file mode 100644
+index 000000000000..a52be33ad036
+Binary files /dev/null and b/fuzz/corpora/asn1/4031667f9c54ae01ee6916583ac7ac91d96ca839 differ
+diff --git a/fuzz/corpora/asn1/4053f77d074ee183247da8b58b5cd9adbbd1f6f9 b/fuzz/corpora/asn1/4053f77d074ee183247da8b58b5cd9adbbd1f6f9
+new file mode 100644
+index 000000000000..8ec20e5cd0a8
+Binary files /dev/null and b/fuzz/corpora/asn1/4053f77d074ee183247da8b58b5cd9adbbd1f6f9 differ
+diff --git a/fuzz/corpora/asn1/40aaec008c2252bacdc761a04e85739e0f8ca76a b/fuzz/corpora/asn1/40aaec008c2252bacdc761a04e85739e0f8ca76a
+new file mode 100644
+index 000000000000..d7a1e42257bf
+Binary files /dev/null and b/fuzz/corpora/asn1/40aaec008c2252bacdc761a04e85739e0f8ca76a differ
+diff --git a/fuzz/corpora/asn1/40b0db62724ee2355ba73338154d5424cbd7d292 b/fuzz/corpora/asn1/40b0db62724ee2355ba73338154d5424cbd7d292
+new file mode 100644
+index 000000000000..51be2708bbb6
+Binary files /dev/null and b/fuzz/corpora/asn1/40b0db62724ee2355ba73338154d5424cbd7d292 differ
+diff --git a/fuzz/corpora/asn1/40b88cab280320a843c7ed36e227d00cc4105b2a b/fuzz/corpora/asn1/40b88cab280320a843c7ed36e227d00cc4105b2a
+new file mode 100644
+index 000000000000..7779a24113cd
+Binary files /dev/null and b/fuzz/corpora/asn1/40b88cab280320a843c7ed36e227d00cc4105b2a differ
+diff --git a/fuzz/corpora/asn1/40c9654a182c8bccb865c8062ebe85257ce51b48 b/fuzz/corpora/asn1/40c9654a182c8bccb865c8062ebe85257ce51b48
+new file mode 100644
+index 000000000000..3252e8356d0c
+Binary files /dev/null and b/fuzz/corpora/asn1/40c9654a182c8bccb865c8062ebe85257ce51b48 differ
+diff --git a/fuzz/corpora/asn1/40f39fc99763d03d89cfa63fa171cc77ad3618d1 b/fuzz/corpora/asn1/40f39fc99763d03d89cfa63fa171cc77ad3618d1
+new file mode 100644
+index 000000000000..8bcbb882f2ed
+Binary files /dev/null and b/fuzz/corpora/asn1/40f39fc99763d03d89cfa63fa171cc77ad3618d1 differ
+diff --git a/fuzz/corpora/asn1/411bd4c74649e74c9390ad1943135e49bb4c35c7 b/fuzz/corpora/asn1/411bd4c74649e74c9390ad1943135e49bb4c35c7
+new file mode 100644
+index 000000000000..353adc9798c2
+Binary files /dev/null and b/fuzz/corpora/asn1/411bd4c74649e74c9390ad1943135e49bb4c35c7 differ
+diff --git a/fuzz/corpora/asn1/41e834f2f34056facbb7870b8d67bee99e8fb364 b/fuzz/corpora/asn1/41e834f2f34056facbb7870b8d67bee99e8fb364
+new file mode 100644
+index 000000000000..6474efd730e9
+Binary files /dev/null and b/fuzz/corpora/asn1/41e834f2f34056facbb7870b8d67bee99e8fb364 differ
+diff --git a/fuzz/corpora/asn1/4216979e0b3808fc27ebc172b049dd5871899ef6 b/fuzz/corpora/asn1/4216979e0b3808fc27ebc172b049dd5871899ef6
+new file mode 100644
+index 000000000000..622ff6bb7659
+Binary files /dev/null and b/fuzz/corpora/asn1/4216979e0b3808fc27ebc172b049dd5871899ef6 differ
+diff --git a/fuzz/corpora/asn1/42a881a817c4599cb2ef96aea02da9418aea649c b/fuzz/corpora/asn1/42a881a817c4599cb2ef96aea02da9418aea649c
+new file mode 100644
+index 000000000000..97488b549952
+Binary files /dev/null and b/fuzz/corpora/asn1/42a881a817c4599cb2ef96aea02da9418aea649c differ
+diff --git a/fuzz/corpora/asn1/42b4211f152e38f55c9f7314e98a5c88083c6f17 b/fuzz/corpora/asn1/42b4211f152e38f55c9f7314e98a5c88083c6f17
+new file mode 100644
+index 000000000000..d8d2543f5147
+Binary files /dev/null and b/fuzz/corpora/asn1/42b4211f152e38f55c9f7314e98a5c88083c6f17 differ
+diff --git a/fuzz/corpora/asn1/42f219f2e07a6eb430073c1b59fa67ff18a79cf6 b/fuzz/corpora/asn1/42f219f2e07a6eb430073c1b59fa67ff18a79cf6
+new file mode 100644
+index 000000000000..0e18226f3e0f
+Binary files /dev/null and b/fuzz/corpora/asn1/42f219f2e07a6eb430073c1b59fa67ff18a79cf6 differ
+diff --git a/fuzz/corpora/asn1/4326c36f02104e87efa40e6bda2eb8301ccb81fb b/fuzz/corpora/asn1/4326c36f02104e87efa40e6bda2eb8301ccb81fb
+new file mode 100644
+index 000000000000..5beebd987b8d
+Binary files /dev/null and b/fuzz/corpora/asn1/4326c36f02104e87efa40e6bda2eb8301ccb81fb differ
+diff --git a/fuzz/corpora/asn1/4341d0776b18e160439874aa78c6e662a23f48bc b/fuzz/corpora/asn1/4341d0776b18e160439874aa78c6e662a23f48bc
+new file mode 100644
+index 000000000000..d9f9811cdd18
+Binary files /dev/null and b/fuzz/corpora/asn1/4341d0776b18e160439874aa78c6e662a23f48bc differ
+diff --git a/fuzz/corpora/asn1/43420658f631a577146d581d543eb3da8ea8a386 b/fuzz/corpora/asn1/43420658f631a577146d581d543eb3da8ea8a386
+new file mode 100644
+index 000000000000..6c35a0fd1445
+Binary files /dev/null and b/fuzz/corpora/asn1/43420658f631a577146d581d543eb3da8ea8a386 differ
+diff --git a/fuzz/corpora/asn1/43456b0093090dae8b39d8f0d57bcd1b53992a8c b/fuzz/corpora/asn1/43456b0093090dae8b39d8f0d57bcd1b53992a8c
+new file mode 100644
+index 000000000000..00f6863ce99c
+Binary files /dev/null and b/fuzz/corpora/asn1/43456b0093090dae8b39d8f0d57bcd1b53992a8c differ
+diff --git a/fuzz/corpora/asn1/4381480925a1dd9332336fe86fb68418d9a5cff8 b/fuzz/corpora/asn1/4381480925a1dd9332336fe86fb68418d9a5cff8
+new file mode 100644
+index 000000000000..fa4ec0cdfd37
+Binary files /dev/null and b/fuzz/corpora/asn1/4381480925a1dd9332336fe86fb68418d9a5cff8 differ
+diff --git a/fuzz/corpora/asn1/43a1f003f0f6b39e7944bedc50486a661e1e1909 b/fuzz/corpora/asn1/43a1f003f0f6b39e7944bedc50486a661e1e1909
+new file mode 100644
+index 000000000000..dafd8b0fc1b5
+Binary files /dev/null and b/fuzz/corpora/asn1/43a1f003f0f6b39e7944bedc50486a661e1e1909 differ
+diff --git a/fuzz/corpora/asn1/43a871a491c09263ab752bc4db1c3cb13da89f40 b/fuzz/corpora/asn1/43a871a491c09263ab752bc4db1c3cb13da89f40
+new file mode 100644
+index 000000000000..6d4430bc6387
+Binary files /dev/null and b/fuzz/corpora/asn1/43a871a491c09263ab752bc4db1c3cb13da89f40 differ
+diff --git a/fuzz/corpora/asn1/43d90ea775f5bd9c961211d1ad97fc748eb67710 b/fuzz/corpora/asn1/43d90ea775f5bd9c961211d1ad97fc748eb67710
+new file mode 100644
+index 000000000000..71b6afafce8b
+Binary files /dev/null and b/fuzz/corpora/asn1/43d90ea775f5bd9c961211d1ad97fc748eb67710 differ
+diff --git a/fuzz/corpora/asn1/43e1afb71dab64f939d325294b142bada6783509 b/fuzz/corpora/asn1/43e1afb71dab64f939d325294b142bada6783509
+new file mode 100644
+index 000000000000..72c9c9390160
+Binary files /dev/null and b/fuzz/corpora/asn1/43e1afb71dab64f939d325294b142bada6783509 differ
+diff --git a/fuzz/corpora/asn1/43f21b4161fd8a0f1a34b234b4c674fce63547fe b/fuzz/corpora/asn1/43f21b4161fd8a0f1a34b234b4c674fce63547fe
+new file mode 100644
+index 000000000000..34eec3312a75
+Binary files /dev/null and b/fuzz/corpora/asn1/43f21b4161fd8a0f1a34b234b4c674fce63547fe differ
+diff --git a/fuzz/corpora/asn1/4434008982b20940d29c48bd4aa311b27de4a066 b/fuzz/corpora/asn1/4434008982b20940d29c48bd4aa311b27de4a066
+new file mode 100644
+index 000000000000..50dea1c1de62
+Binary files /dev/null and b/fuzz/corpora/asn1/4434008982b20940d29c48bd4aa311b27de4a066 differ
+diff --git a/fuzz/corpora/asn1/44ff21ca68ef20751b81bb19a21f98c559d0dddd b/fuzz/corpora/asn1/44ff21ca68ef20751b81bb19a21f98c559d0dddd
+new file mode 100644
+index 000000000000..b89974477bf3
+Binary files /dev/null and b/fuzz/corpora/asn1/44ff21ca68ef20751b81bb19a21f98c559d0dddd differ
+diff --git a/fuzz/corpora/asn1/45b1f6ee705f0f22ae6ee0d93e53cd399db30b7b b/fuzz/corpora/asn1/45b1f6ee705f0f22ae6ee0d93e53cd399db30b7b
+new file mode 100644
+index 000000000000..9e5cdcaced2b
+Binary files /dev/null and b/fuzz/corpora/asn1/45b1f6ee705f0f22ae6ee0d93e53cd399db30b7b differ
+diff --git a/fuzz/corpora/asn1/45c9bd3a3a10f0979b193309643323d97829f409 b/fuzz/corpora/asn1/45c9bd3a3a10f0979b193309643323d97829f409
+new file mode 100644
+index 000000000000..bc1d0bc3f49a
+Binary files /dev/null and b/fuzz/corpora/asn1/45c9bd3a3a10f0979b193309643323d97829f409 differ
+diff --git a/fuzz/corpora/asn1/45ca1bf25acb39689fb2a01d3e106c79a0f5dc55 b/fuzz/corpora/asn1/45ca1bf25acb39689fb2a01d3e106c79a0f5dc55
+new file mode 100644
+index 000000000000..4e6cf5f4b404
+Binary files /dev/null and b/fuzz/corpora/asn1/45ca1bf25acb39689fb2a01d3e106c79a0f5dc55 differ
+diff --git a/fuzz/corpora/asn1/4657b0014550c91575378de9d07358cd9945a1ad b/fuzz/corpora/asn1/4657b0014550c91575378de9d07358cd9945a1ad
+new file mode 100644
+index 000000000000..4b95d84df69c
+Binary files /dev/null and b/fuzz/corpora/asn1/4657b0014550c91575378de9d07358cd9945a1ad differ
+diff --git a/fuzz/corpora/asn1/46601c4f26dea04f02a59da306cde356db7decfa b/fuzz/corpora/asn1/46601c4f26dea04f02a59da306cde356db7decfa
+new file mode 100644
+index 000000000000..f47fb3066ba8
+Binary files /dev/null and b/fuzz/corpora/asn1/46601c4f26dea04f02a59da306cde356db7decfa differ
+diff --git a/fuzz/corpora/asn1/46e5274dba53d0f8c1842490a253818fcb5fd156 b/fuzz/corpora/asn1/46e5274dba53d0f8c1842490a253818fcb5fd156
+new file mode 100644
+index 000000000000..c4295e41d277
+Binary files /dev/null and b/fuzz/corpora/asn1/46e5274dba53d0f8c1842490a253818fcb5fd156 differ
+diff --git a/fuzz/corpora/asn1/46fb2ae2f1006f3f8ad38066170ddbbe3f391e5e b/fuzz/corpora/asn1/46fb2ae2f1006f3f8ad38066170ddbbe3f391e5e
+new file mode 100644
+index 000000000000..09c4dfad22e9
+Binary files /dev/null and b/fuzz/corpora/asn1/46fb2ae2f1006f3f8ad38066170ddbbe3f391e5e differ
+diff --git a/fuzz/corpora/asn1/4723dcf70559a9a56997bccf742966a8b30cf30e b/fuzz/corpora/asn1/4723dcf70559a9a56997bccf742966a8b30cf30e
+new file mode 100644
+index 000000000000..8b9f52db461d
+Binary files /dev/null and b/fuzz/corpora/asn1/4723dcf70559a9a56997bccf742966a8b30cf30e differ
+diff --git a/fuzz/corpora/asn1/474c666326a13573832bbc1903b9929a924b47d6 b/fuzz/corpora/asn1/474c666326a13573832bbc1903b9929a924b47d6
+new file mode 100644
+index 000000000000..bd864e9b8ddc
+Binary files /dev/null and b/fuzz/corpora/asn1/474c666326a13573832bbc1903b9929a924b47d6 differ
+diff --git a/fuzz/corpora/asn1/4788b857063b1bed5689e4b89c07dbe435f6ed39 b/fuzz/corpora/asn1/4788b857063b1bed5689e4b89c07dbe435f6ed39
+new file mode 100644
+index 000000000000..3239cb175f14
+Binary files /dev/null and b/fuzz/corpora/asn1/4788b857063b1bed5689e4b89c07dbe435f6ed39 differ
+diff --git a/fuzz/corpora/asn1/47dc7f60c74b3b9623bfb239ab34748d194d29b3 b/fuzz/corpora/asn1/47dc7f60c74b3b9623bfb239ab34748d194d29b3
+new file mode 100644
+index 000000000000..22ba9b7869c2
+Binary files /dev/null and b/fuzz/corpora/asn1/47dc7f60c74b3b9623bfb239ab34748d194d29b3 differ
+diff --git a/fuzz/corpora/asn1/47f3f4a5d7ba351578752654234c7c0bc57ee094 b/fuzz/corpora/asn1/47f3f4a5d7ba351578752654234c7c0bc57ee094
+new file mode 100644
+index 000000000000..1a8a21ffb63f
+Binary files /dev/null and b/fuzz/corpora/asn1/47f3f4a5d7ba351578752654234c7c0bc57ee094 differ
+diff --git a/fuzz/corpora/asn1/482576a5535d8c3982be84d55500c74292300671 b/fuzz/corpora/asn1/482576a5535d8c3982be84d55500c74292300671
+new file mode 100644
+index 000000000000..8a7260429437
+Binary files /dev/null and b/fuzz/corpora/asn1/482576a5535d8c3982be84d55500c74292300671 differ
+diff --git a/fuzz/corpora/asn1/487f4041e294f53420e7a2afd670704cbbbe0d40 b/fuzz/corpora/asn1/487f4041e294f53420e7a2afd670704cbbbe0d40
+new file mode 100644
+index 000000000000..c308c5aa5348
+Binary files /dev/null and b/fuzz/corpora/asn1/487f4041e294f53420e7a2afd670704cbbbe0d40 differ
+diff --git a/fuzz/corpora/asn1/48a6c40bd98828a07ba2ca53955b60abbe75bc66 b/fuzz/corpora/asn1/48a6c40bd98828a07ba2ca53955b60abbe75bc66
+new file mode 100644
+index 000000000000..599261960d20
+Binary files /dev/null and b/fuzz/corpora/asn1/48a6c40bd98828a07ba2ca53955b60abbe75bc66 differ
+diff --git a/fuzz/corpora/asn1/491c197774060b639747675228f1db2f60b24796 b/fuzz/corpora/asn1/491c197774060b639747675228f1db2f60b24796
+new file mode 100644
+index 000000000000..c4cf4a8f5ec6
+Binary files /dev/null and b/fuzz/corpora/asn1/491c197774060b639747675228f1db2f60b24796 differ
+diff --git a/fuzz/corpora/asn1/492e7aa6b100f2f51b26a59aa8708a46d677f0b2 b/fuzz/corpora/asn1/492e7aa6b100f2f51b26a59aa8708a46d677f0b2
+new file mode 100644
+index 000000000000..a0615b647158
+Binary files /dev/null and b/fuzz/corpora/asn1/492e7aa6b100f2f51b26a59aa8708a46d677f0b2 differ
+diff --git a/fuzz/corpora/asn1/496f5348b89d7fc1030b10820082e4ced0143cc6 b/fuzz/corpora/asn1/496f5348b89d7fc1030b10820082e4ced0143cc6
+new file mode 100644
+index 000000000000..9fa1349610eb
+Binary files /dev/null and b/fuzz/corpora/asn1/496f5348b89d7fc1030b10820082e4ced0143cc6 differ
+diff --git a/fuzz/corpora/asn1/497a9f614c535b99a1cf16746d9f9567a5221733 b/fuzz/corpora/asn1/497a9f614c535b99a1cf16746d9f9567a5221733
+new file mode 100644
+index 000000000000..3ba72b5b02ca
+Binary files /dev/null and b/fuzz/corpora/asn1/497a9f614c535b99a1cf16746d9f9567a5221733 differ
+diff --git a/fuzz/corpora/asn1/49ce2f748871dff3bf9614435341e099e5942106 b/fuzz/corpora/asn1/49ce2f748871dff3bf9614435341e099e5942106
+new file mode 100644
+index 000000000000..5b6565c70ddc
+Binary files /dev/null and b/fuzz/corpora/asn1/49ce2f748871dff3bf9614435341e099e5942106 differ
+diff --git a/fuzz/corpora/asn1/4a2f0006f68e3252b15ad8e9ce69385180be17ad b/fuzz/corpora/asn1/4a2f0006f68e3252b15ad8e9ce69385180be17ad
+new file mode 100644
+index 000000000000..0a4d92686e72
+Binary files /dev/null and b/fuzz/corpora/asn1/4a2f0006f68e3252b15ad8e9ce69385180be17ad differ
+diff --git a/fuzz/corpora/asn1/4b01e0e3bc07ad526ff0957f26a565b12cc0d1ba b/fuzz/corpora/asn1/4b01e0e3bc07ad526ff0957f26a565b12cc0d1ba
+new file mode 100644
+index 000000000000..67f0052e1861
+Binary files /dev/null and b/fuzz/corpora/asn1/4b01e0e3bc07ad526ff0957f26a565b12cc0d1ba differ
+diff --git a/fuzz/corpora/asn1/4b21a6c84b789800f66790726e7bf88c84e52e3a b/fuzz/corpora/asn1/4b21a6c84b789800f66790726e7bf88c84e52e3a
+new file mode 100644
+index 000000000000..0f183e48b766
+Binary files /dev/null and b/fuzz/corpora/asn1/4b21a6c84b789800f66790726e7bf88c84e52e3a differ
+diff --git a/fuzz/corpora/asn1/4b25155fa4d637c1f9df7c411a347a44026e806d b/fuzz/corpora/asn1/4b25155fa4d637c1f9df7c411a347a44026e806d
+new file mode 100644
+index 000000000000..5838756fc61e
+Binary files /dev/null and b/fuzz/corpora/asn1/4b25155fa4d637c1f9df7c411a347a44026e806d differ
+diff --git a/fuzz/corpora/asn1/4b43707a96781339210b724b06e480b29105cb1b b/fuzz/corpora/asn1/4b43707a96781339210b724b06e480b29105cb1b
+new file mode 100644
+index 000000000000..0431455f0aad
+Binary files /dev/null and b/fuzz/corpora/asn1/4b43707a96781339210b724b06e480b29105cb1b differ
+diff --git a/fuzz/corpora/asn1/4c477ccc4d114dfce2dbfd1a38226fc4165ae86b b/fuzz/corpora/asn1/4c477ccc4d114dfce2dbfd1a38226fc4165ae86b
+new file mode 100644
+index 000000000000..efa646b9797e
+Binary files /dev/null and b/fuzz/corpora/asn1/4c477ccc4d114dfce2dbfd1a38226fc4165ae86b differ
+diff --git a/fuzz/corpora/asn1/4c5e53f8933af3aa4adbe9a03f3fa663469c11f3 b/fuzz/corpora/asn1/4c5e53f8933af3aa4adbe9a03f3fa663469c11f3
+new file mode 100644
+index 000000000000..4b8fabe1acf3
+Binary files /dev/null and b/fuzz/corpora/asn1/4c5e53f8933af3aa4adbe9a03f3fa663469c11f3 differ
+diff --git a/fuzz/corpora/asn1/4c6453caefc4907f3f60aeea0b2c4392257f11c4 b/fuzz/corpora/asn1/4c6453caefc4907f3f60aeea0b2c4392257f11c4
+new file mode 100644
+index 000000000000..e4a6ca394a25
+Binary files /dev/null and b/fuzz/corpora/asn1/4c6453caefc4907f3f60aeea0b2c4392257f11c4 differ
+diff --git a/fuzz/corpora/asn1/4c66a05fb19a0ff10ddb4ba6b251e7e7e267fff2 b/fuzz/corpora/asn1/4c66a05fb19a0ff10ddb4ba6b251e7e7e267fff2
+new file mode 100644
+index 000000000000..6af1de77c299
+Binary files /dev/null and b/fuzz/corpora/asn1/4c66a05fb19a0ff10ddb4ba6b251e7e7e267fff2 differ
+diff --git a/fuzz/corpora/asn1/4d56e7e40e8ec69906dd4e34f4798483fb8e14d1 b/fuzz/corpora/asn1/4d56e7e40e8ec69906dd4e34f4798483fb8e14d1
+new file mode 100644
+index 000000000000..c70ddde7a58c
+Binary files /dev/null and b/fuzz/corpora/asn1/4d56e7e40e8ec69906dd4e34f4798483fb8e14d1 differ
+diff --git a/fuzz/corpora/asn1/4d588bb4ceae0f42e84e66b042c3c7fe1a0f1661 b/fuzz/corpora/asn1/4d588bb4ceae0f42e84e66b042c3c7fe1a0f1661
+new file mode 100644
+index 000000000000..779ef57fdba4
+Binary files /dev/null and b/fuzz/corpora/asn1/4d588bb4ceae0f42e84e66b042c3c7fe1a0f1661 differ
+diff --git a/fuzz/corpora/asn1/4d5ec47a2a450e07412dedb7fe05bd241ac93052 b/fuzz/corpora/asn1/4d5ec47a2a450e07412dedb7fe05bd241ac93052
+new file mode 100644
+index 000000000000..37cd1ec44ac0
+Binary files /dev/null and b/fuzz/corpora/asn1/4d5ec47a2a450e07412dedb7fe05bd241ac93052 differ
+diff --git a/fuzz/corpora/asn1/4d5fdaf5d5205917bb14016614b54f7c811a1d87 b/fuzz/corpora/asn1/4d5fdaf5d5205917bb14016614b54f7c811a1d87
+new file mode 100644
+index 000000000000..48ab5da36f72
+Binary files /dev/null and b/fuzz/corpora/asn1/4d5fdaf5d5205917bb14016614b54f7c811a1d87 differ
+diff --git a/fuzz/corpora/asn1/4e1d2949fde78c4cb79fdb0dc60f1b1a5e93ac91 b/fuzz/corpora/asn1/4e1d2949fde78c4cb79fdb0dc60f1b1a5e93ac91
+new file mode 100644
+index 000000000000..b8724d835971
+Binary files /dev/null and b/fuzz/corpora/asn1/4e1d2949fde78c4cb79fdb0dc60f1b1a5e93ac91 differ
+diff --git a/fuzz/corpora/asn1/4eaf7c56b056e25eae8f082e147de1592e749e3d b/fuzz/corpora/asn1/4eaf7c56b056e25eae8f082e147de1592e749e3d
+new file mode 100644
+index 000000000000..61fda715f9cd
+Binary files /dev/null and b/fuzz/corpora/asn1/4eaf7c56b056e25eae8f082e147de1592e749e3d differ
+diff --git a/fuzz/corpora/asn1/4eea7decf9ad9f5d864b9a260d4312bef4986df2 b/fuzz/corpora/asn1/4eea7decf9ad9f5d864b9a260d4312bef4986df2
+new file mode 100644
+index 000000000000..0d21f6be0eef
+Binary files /dev/null and b/fuzz/corpora/asn1/4eea7decf9ad9f5d864b9a260d4312bef4986df2 differ
+diff --git a/fuzz/corpora/asn1/4f8a86330df40d778df9e8d20a5a1608e6c15333 b/fuzz/corpora/asn1/4f8a86330df40d778df9e8d20a5a1608e6c15333
+new file mode 100644
+index 000000000000..1fd3848c8f78
+Binary files /dev/null and b/fuzz/corpora/asn1/4f8a86330df40d778df9e8d20a5a1608e6c15333 differ
+diff --git a/fuzz/corpora/asn1/50040f190b00a2ce5bffc2b8d7645dfd91477e9e b/fuzz/corpora/asn1/50040f190b00a2ce5bffc2b8d7645dfd91477e9e
+new file mode 100644
+index 000000000000..fe777df8d793
+Binary files /dev/null and b/fuzz/corpora/asn1/50040f190b00a2ce5bffc2b8d7645dfd91477e9e differ
+diff --git a/fuzz/corpora/asn1/501787cc1473fe2db03d388035e8655573060083 b/fuzz/corpora/asn1/501787cc1473fe2db03d388035e8655573060083
+new file mode 100644
+index 000000000000..d14843c621c5
+Binary files /dev/null and b/fuzz/corpora/asn1/501787cc1473fe2db03d388035e8655573060083 differ
+diff --git a/fuzz/corpora/asn1/502d566ff6868c354152ff50b6d41438f25d8d1d b/fuzz/corpora/asn1/502d566ff6868c354152ff50b6d41438f25d8d1d
+new file mode 100644
+index 000000000000..ab80bab17ea1
+Binary files /dev/null and b/fuzz/corpora/asn1/502d566ff6868c354152ff50b6d41438f25d8d1d differ
+diff --git a/fuzz/corpora/asn1/503e1b01a4b2923022b75cb826865e676cde9557 b/fuzz/corpora/asn1/503e1b01a4b2923022b75cb826865e676cde9557
+new file mode 100644
+index 000000000000..eb5d361634e4
+Binary files /dev/null and b/fuzz/corpora/asn1/503e1b01a4b2923022b75cb826865e676cde9557 differ
+diff --git a/fuzz/corpora/asn1/503e5c815223cebe94a8198c9e684212f320536a b/fuzz/corpora/asn1/503e5c815223cebe94a8198c9e684212f320536a
+new file mode 100644
+index 000000000000..814b71ada90b
+Binary files /dev/null and b/fuzz/corpora/asn1/503e5c815223cebe94a8198c9e684212f320536a differ
+diff --git a/fuzz/corpora/asn1/504d23921bb6c2f4e4cd5de885845d19f7e24ed4 b/fuzz/corpora/asn1/504d23921bb6c2f4e4cd5de885845d19f7e24ed4
+new file mode 100644
+index 000000000000..9816d1a70050
+Binary files /dev/null and b/fuzz/corpora/asn1/504d23921bb6c2f4e4cd5de885845d19f7e24ed4 differ
+diff --git a/fuzz/corpora/asn1/50d02698a4b89f4c6fd371bd8246a5b55f3327b3 b/fuzz/corpora/asn1/50d02698a4b89f4c6fd371bd8246a5b55f3327b3
+new file mode 100644
+index 000000000000..bd772d97d1e6
+Binary files /dev/null and b/fuzz/corpora/asn1/50d02698a4b89f4c6fd371bd8246a5b55f3327b3 differ
+diff --git a/fuzz/corpora/asn1/50db1f6405d507bf8dab9931c8a23dd7e0a2f854 b/fuzz/corpora/asn1/50db1f6405d507bf8dab9931c8a23dd7e0a2f854
+new file mode 100644
+index 000000000000..3a988d4185c5
+Binary files /dev/null and b/fuzz/corpora/asn1/50db1f6405d507bf8dab9931c8a23dd7e0a2f854 differ
+diff --git a/fuzz/corpora/asn1/50f90fe45f76d9d42ad88068c5792ccc30a9e28e b/fuzz/corpora/asn1/50f90fe45f76d9d42ad88068c5792ccc30a9e28e
+new file mode 100644
+index 000000000000..9eaa66fae83e
+Binary files /dev/null and b/fuzz/corpora/asn1/50f90fe45f76d9d42ad88068c5792ccc30a9e28e differ
+diff --git a/fuzz/corpora/asn1/517b1e9b0d521e9de51af19a3c27a81fff6dfa52 b/fuzz/corpora/asn1/517b1e9b0d521e9de51af19a3c27a81fff6dfa52
+new file mode 100644
+index 000000000000..8c558b32c5fa
+Binary files /dev/null and b/fuzz/corpora/asn1/517b1e9b0d521e9de51af19a3c27a81fff6dfa52 differ
+diff --git a/fuzz/corpora/asn1/518d1458641c0c13246788a7283106579da919ee b/fuzz/corpora/asn1/518d1458641c0c13246788a7283106579da919ee
+new file mode 100644
+index 000000000000..88b5ef857e17
+Binary files /dev/null and b/fuzz/corpora/asn1/518d1458641c0c13246788a7283106579da919ee differ
+diff --git a/fuzz/corpora/asn1/51de03a8e0918a03c9b51ce979b3f4cdf4a5907f b/fuzz/corpora/asn1/51de03a8e0918a03c9b51ce979b3f4cdf4a5907f
+new file mode 100644
+index 000000000000..393b454f5dbe
+Binary files /dev/null and b/fuzz/corpora/asn1/51de03a8e0918a03c9b51ce979b3f4cdf4a5907f differ
+diff --git a/fuzz/corpora/asn1/522361a0abc975468cf3619e50cef8e9a2e99ad8 b/fuzz/corpora/asn1/522361a0abc975468cf3619e50cef8e9a2e99ad8
+new file mode 100644
+index 000000000000..d00304abdbab
+Binary files /dev/null and b/fuzz/corpora/asn1/522361a0abc975468cf3619e50cef8e9a2e99ad8 differ
+diff --git a/fuzz/corpora/asn1/5242b600ea5d85c397417d2dc7516b2ab1ba4032 b/fuzz/corpora/asn1/5242b600ea5d85c397417d2dc7516b2ab1ba4032
+new file mode 100644
+index 000000000000..a3b630b697cb
+Binary files /dev/null and b/fuzz/corpora/asn1/5242b600ea5d85c397417d2dc7516b2ab1ba4032 differ
+diff --git a/fuzz/corpora/asn1/52b9f466f5abbded8f141b271737ffc85a651832 b/fuzz/corpora/asn1/52b9f466f5abbded8f141b271737ffc85a651832
+new file mode 100644
+index 000000000000..419c8561b073
+Binary files /dev/null and b/fuzz/corpora/asn1/52b9f466f5abbded8f141b271737ffc85a651832 differ
+diff --git a/fuzz/corpora/asn1/52fbe4217455e46f686d65bd88c053fa5227b849 b/fuzz/corpora/asn1/52fbe4217455e46f686d65bd88c053fa5227b849
+new file mode 100644
+index 000000000000..fa8761d61d7f
+Binary files /dev/null and b/fuzz/corpora/asn1/52fbe4217455e46f686d65bd88c053fa5227b849 differ
+diff --git a/fuzz/corpora/asn1/5314a3215a396d1a58ef72583719905872586885 b/fuzz/corpora/asn1/5314a3215a396d1a58ef72583719905872586885
+new file mode 100644
+index 000000000000..590a9c12d6f7
+Binary files /dev/null and b/fuzz/corpora/asn1/5314a3215a396d1a58ef72583719905872586885 differ
+diff --git a/fuzz/corpora/asn1/5329a61211868890360772c34fc90da1a567cbaa b/fuzz/corpora/asn1/5329a61211868890360772c34fc90da1a567cbaa
+new file mode 100644
+index 000000000000..630f07ae48ac
+Binary files /dev/null and b/fuzz/corpora/asn1/5329a61211868890360772c34fc90da1a567cbaa differ
+diff --git a/fuzz/corpora/asn1/53fdd60574246da3e577a04c2ac779e4ca13805f b/fuzz/corpora/asn1/53fdd60574246da3e577a04c2ac779e4ca13805f
+new file mode 100644
+index 000000000000..0635c847cc77
+Binary files /dev/null and b/fuzz/corpora/asn1/53fdd60574246da3e577a04c2ac779e4ca13805f differ
+diff --git a/fuzz/corpora/asn1/5484fe5c411a3c005257d793121cf337c4d9104d b/fuzz/corpora/asn1/5484fe5c411a3c005257d793121cf337c4d9104d
+new file mode 100644
+index 000000000000..d6d54598943c
+Binary files /dev/null and b/fuzz/corpora/asn1/5484fe5c411a3c005257d793121cf337c4d9104d differ
+diff --git a/fuzz/corpora/asn1/549176919466b2271fe5c00b71585af29a2fc682 b/fuzz/corpora/asn1/549176919466b2271fe5c00b71585af29a2fc682
+new file mode 100644
+index 000000000000..b9ba55899116
+Binary files /dev/null and b/fuzz/corpora/asn1/549176919466b2271fe5c00b71585af29a2fc682 differ
+diff --git a/fuzz/corpora/asn1/5495e3e04591620b831cae9d05170ef48c1a906f b/fuzz/corpora/asn1/5495e3e04591620b831cae9d05170ef48c1a906f
+new file mode 100644
+index 000000000000..b65d299053c2
+Binary files /dev/null and b/fuzz/corpora/asn1/5495e3e04591620b831cae9d05170ef48c1a906f differ
+diff --git a/fuzz/corpora/asn1/549b88a6998fd2b8022594281f328e81b000ef95 b/fuzz/corpora/asn1/549b88a6998fd2b8022594281f328e81b000ef95
+new file mode 100644
+index 000000000000..3780c58ef7d3
+Binary files /dev/null and b/fuzz/corpora/asn1/549b88a6998fd2b8022594281f328e81b000ef95 differ
+diff --git a/fuzz/corpora/asn1/55c55e21151507bc61e1f1e7913738d3dd2d1003 b/fuzz/corpora/asn1/55c55e21151507bc61e1f1e7913738d3dd2d1003
+new file mode 100644
+index 000000000000..825ef09820cb
+Binary files /dev/null and b/fuzz/corpora/asn1/55c55e21151507bc61e1f1e7913738d3dd2d1003 differ
+diff --git a/fuzz/corpora/asn1/55d51b9f79bec789dccb9fbeaca50885760451ac b/fuzz/corpora/asn1/55d51b9f79bec789dccb9fbeaca50885760451ac
+new file mode 100644
+index 000000000000..9eee00c4e523
+Binary files /dev/null and b/fuzz/corpora/asn1/55d51b9f79bec789dccb9fbeaca50885760451ac differ
+diff --git a/fuzz/corpora/asn1/56127fdbcb3924efb0a8ad8a81375254436efbea b/fuzz/corpora/asn1/56127fdbcb3924efb0a8ad8a81375254436efbea
+new file mode 100644
+index 000000000000..d5884ee751fd
+Binary files /dev/null and b/fuzz/corpora/asn1/56127fdbcb3924efb0a8ad8a81375254436efbea differ
+diff --git a/fuzz/corpora/asn1/5620ec44e81d26a66087472cda215b1bb985b6aa b/fuzz/corpora/asn1/5620ec44e81d26a66087472cda215b1bb985b6aa
+new file mode 100644
+index 000000000000..eccb12d2d623
+Binary files /dev/null and b/fuzz/corpora/asn1/5620ec44e81d26a66087472cda215b1bb985b6aa differ
+diff --git a/fuzz/corpora/asn1/5665400c324f7a63be9896b08696201104fb3e74 b/fuzz/corpora/asn1/5665400c324f7a63be9896b08696201104fb3e74
+new file mode 100644
+index 000000000000..d7213b3eb378
+Binary files /dev/null and b/fuzz/corpora/asn1/5665400c324f7a63be9896b08696201104fb3e74 differ
+diff --git a/fuzz/corpora/asn1/566a896bb1fb79b36d1940a52edacc716f25e819 b/fuzz/corpora/asn1/566a896bb1fb79b36d1940a52edacc716f25e819
+new file mode 100644
+index 000000000000..7d5fe66252dc
+Binary files /dev/null and b/fuzz/corpora/asn1/566a896bb1fb79b36d1940a52edacc716f25e819 differ
+diff --git a/fuzz/corpora/asn1/56a41f661aa646d711ee7a224a6ad572ecae82df b/fuzz/corpora/asn1/56a41f661aa646d711ee7a224a6ad572ecae82df
+new file mode 100644
+index 000000000000..0bf9f721c0fc
+Binary files /dev/null and b/fuzz/corpora/asn1/56a41f661aa646d711ee7a224a6ad572ecae82df differ
+diff --git a/fuzz/corpora/asn1/571ac9a30555ec6ac12bd9889858aa4c7034163d b/fuzz/corpora/asn1/571ac9a30555ec6ac12bd9889858aa4c7034163d
+new file mode 100644
+index 000000000000..3c2ae0759fbd
+Binary files /dev/null and b/fuzz/corpora/asn1/571ac9a30555ec6ac12bd9889858aa4c7034163d differ
+diff --git a/fuzz/corpora/asn1/57354e518efcc5e5cf883932ebb7a01694ce3a63 b/fuzz/corpora/asn1/57354e518efcc5e5cf883932ebb7a01694ce3a63
+new file mode 100644
+index 000000000000..9e65e139b0aa
+Binary files /dev/null and b/fuzz/corpora/asn1/57354e518efcc5e5cf883932ebb7a01694ce3a63 differ
+diff --git a/fuzz/corpora/asn1/5757dbcc950a5bc1484bba2bda2adbb282e0a56c b/fuzz/corpora/asn1/5757dbcc950a5bc1484bba2bda2adbb282e0a56c
+new file mode 100644
+index 000000000000..d6e0b08f9948
+Binary files /dev/null and b/fuzz/corpora/asn1/5757dbcc950a5bc1484bba2bda2adbb282e0a56c differ
+diff --git a/fuzz/corpora/asn1/576958d0461e6564fdaf6489c736d3a08203a0b5 b/fuzz/corpora/asn1/576958d0461e6564fdaf6489c736d3a08203a0b5
+new file mode 100644
+index 000000000000..ffce883a4532
+Binary files /dev/null and b/fuzz/corpora/asn1/576958d0461e6564fdaf6489c736d3a08203a0b5 differ
+diff --git a/fuzz/corpora/asn1/5794645b6cec586cad4e018f3de2c290057b1e5c b/fuzz/corpora/asn1/5794645b6cec586cad4e018f3de2c290057b1e5c
+new file mode 100644
+index 000000000000..f68cfd98624b
+Binary files /dev/null and b/fuzz/corpora/asn1/5794645b6cec586cad4e018f3de2c290057b1e5c differ
+diff --git a/fuzz/corpora/asn1/57b9e35c313481949b981448a2268692455e03c3 b/fuzz/corpora/asn1/57b9e35c313481949b981448a2268692455e03c3
+new file mode 100644
+index 000000000000..a702a7fa96da
+Binary files /dev/null and b/fuzz/corpora/asn1/57b9e35c313481949b981448a2268692455e03c3 differ
+diff --git a/fuzz/corpora/asn1/57d11671807ce903586a9adbba4d70cce7c936af b/fuzz/corpora/asn1/57d11671807ce903586a9adbba4d70cce7c936af
+new file mode 100644
+index 000000000000..c1dc6377e345
+Binary files /dev/null and b/fuzz/corpora/asn1/57d11671807ce903586a9adbba4d70cce7c936af differ
+diff --git a/fuzz/corpora/asn1/58a3939dc19b9204afb26837b920752696eaae01 b/fuzz/corpora/asn1/58a3939dc19b9204afb26837b920752696eaae01
+new file mode 100644
+index 000000000000..1dfb317dfc57
+Binary files /dev/null and b/fuzz/corpora/asn1/58a3939dc19b9204afb26837b920752696eaae01 differ
+diff --git a/fuzz/corpora/asn1/58e8b1e82745e7da3e7159f5c6131873aedf7747 b/fuzz/corpora/asn1/58e8b1e82745e7da3e7159f5c6131873aedf7747
+new file mode 100644
+index 000000000000..6eb1d4a6d0de
+Binary files /dev/null and b/fuzz/corpora/asn1/58e8b1e82745e7da3e7159f5c6131873aedf7747 differ
+diff --git a/fuzz/corpora/asn1/591d570a397de2007edf3f497b7c555d5fe9e61a b/fuzz/corpora/asn1/591d570a397de2007edf3f497b7c555d5fe9e61a
+new file mode 100644
+index 000000000000..9883c392ae23
+Binary files /dev/null and b/fuzz/corpora/asn1/591d570a397de2007edf3f497b7c555d5fe9e61a differ
+diff --git a/fuzz/corpora/asn1/591dc162d20e5885e348d6205aed51678329bfdc b/fuzz/corpora/asn1/591dc162d20e5885e348d6205aed51678329bfdc
+new file mode 100644
+index 000000000000..dbd6e19b0c62
+Binary files /dev/null and b/fuzz/corpora/asn1/591dc162d20e5885e348d6205aed51678329bfdc differ
+diff --git a/fuzz/corpora/asn1/593636cc321f2cfb8aed6dc36de7b24602c166b5 b/fuzz/corpora/asn1/593636cc321f2cfb8aed6dc36de7b24602c166b5
+new file mode 100644
+index 000000000000..b35e5624fcb7
+Binary files /dev/null and b/fuzz/corpora/asn1/593636cc321f2cfb8aed6dc36de7b24602c166b5 differ
+diff --git a/fuzz/corpora/asn1/5941ee847ba6c9711026c022284c82cfce060aa7 b/fuzz/corpora/asn1/5941ee847ba6c9711026c022284c82cfce060aa7
+new file mode 100644
+index 000000000000..48db61316bd9
+Binary files /dev/null and b/fuzz/corpora/asn1/5941ee847ba6c9711026c022284c82cfce060aa7 differ
+diff --git a/fuzz/corpora/asn1/5976f9b03ba132718804953f2229fbe40b0cb70d b/fuzz/corpora/asn1/5976f9b03ba132718804953f2229fbe40b0cb70d
+new file mode 100644
+index 000000000000..5e4cc01fade6
+Binary files /dev/null and b/fuzz/corpora/asn1/5976f9b03ba132718804953f2229fbe40b0cb70d differ
+diff --git a/fuzz/corpora/asn1/59d359e134fb11cf15e4929cf3ee53319faa6b85 b/fuzz/corpora/asn1/59d359e134fb11cf15e4929cf3ee53319faa6b85
+new file mode 100644
+index 000000000000..ec1f1d5847db
+Binary files /dev/null and b/fuzz/corpora/asn1/59d359e134fb11cf15e4929cf3ee53319faa6b85 differ
+diff --git a/fuzz/corpora/asn1/59d90bf638fa99cc6a61b7515c247210298aa07d b/fuzz/corpora/asn1/59d90bf638fa99cc6a61b7515c247210298aa07d
+new file mode 100644
+index 000000000000..01883b1e9cba
+Binary files /dev/null and b/fuzz/corpora/asn1/59d90bf638fa99cc6a61b7515c247210298aa07d differ
+diff --git a/fuzz/corpora/asn1/59f9be943bd1e069f603a404fea419b11eef6b6f b/fuzz/corpora/asn1/59f9be943bd1e069f603a404fea419b11eef6b6f
+new file mode 100644
+index 000000000000..cbd11670a767
+Binary files /dev/null and b/fuzz/corpora/asn1/59f9be943bd1e069f603a404fea419b11eef6b6f differ
+diff --git a/fuzz/corpora/asn1/5a7010fab8c5ab4d6cd20b4d33f0ccbb00b9f1b8 b/fuzz/corpora/asn1/5a7010fab8c5ab4d6cd20b4d33f0ccbb00b9f1b8
+new file mode 100644
+index 000000000000..8aa4569e4e6f
+Binary files /dev/null and b/fuzz/corpora/asn1/5a7010fab8c5ab4d6cd20b4d33f0ccbb00b9f1b8 differ
+diff --git a/fuzz/corpora/asn1/5a94d2a1ee32c5669c3015b48797de52f1edc839 b/fuzz/corpora/asn1/5a94d2a1ee32c5669c3015b48797de52f1edc839
+new file mode 100644
+index 000000000000..533fbc4ce91d
+Binary files /dev/null and b/fuzz/corpora/asn1/5a94d2a1ee32c5669c3015b48797de52f1edc839 differ
+diff --git a/fuzz/corpora/asn1/5aca4e85180a026346c8125ac470314fe4528c02 b/fuzz/corpora/asn1/5aca4e85180a026346c8125ac470314fe4528c02
+new file mode 100644
+index 000000000000..debe95dfbdc6
+Binary files /dev/null and b/fuzz/corpora/asn1/5aca4e85180a026346c8125ac470314fe4528c02 differ
+diff --git a/fuzz/corpora/asn1/5b010498153e2a01f3b7946978f206f3338e38f1 b/fuzz/corpora/asn1/5b010498153e2a01f3b7946978f206f3338e38f1
+new file mode 100644
+index 000000000000..db620e51a4e8
+Binary files /dev/null and b/fuzz/corpora/asn1/5b010498153e2a01f3b7946978f206f3338e38f1 differ
+diff --git a/fuzz/corpora/asn1/5b6d2cd92cb3a8282cf24cfac6b8e7f9e748d652 b/fuzz/corpora/asn1/5b6d2cd92cb3a8282cf24cfac6b8e7f9e748d652
+new file mode 100644
+index 000000000000..210f5f28c5e3
+Binary files /dev/null and b/fuzz/corpora/asn1/5b6d2cd92cb3a8282cf24cfac6b8e7f9e748d652 differ
+diff --git a/fuzz/corpora/asn1/5b99a0ca5deae4b3ae04c1df1b3b421ec0637972 b/fuzz/corpora/asn1/5b99a0ca5deae4b3ae04c1df1b3b421ec0637972
+new file mode 100644
+index 000000000000..bf7f60a37f82
+Binary files /dev/null and b/fuzz/corpora/asn1/5b99a0ca5deae4b3ae04c1df1b3b421ec0637972 differ
+diff --git a/fuzz/corpora/asn1/5bab61eb53176449e25c2c82f172b82cb13ffb9d b/fuzz/corpora/asn1/5bab61eb53176449e25c2c82f172b82cb13ffb9d
+new file mode 100644
+index 000000000000..0d758c9c7bc0
+Binary files /dev/null and b/fuzz/corpora/asn1/5bab61eb53176449e25c2c82f172b82cb13ffb9d differ
+diff --git a/fuzz/corpora/asn1/5bd98188bf891c6613eb1fe5f89af934d51eb413 b/fuzz/corpora/asn1/5bd98188bf891c6613eb1fe5f89af934d51eb413
+new file mode 100644
+index 000000000000..e0a7af419a99
+Binary files /dev/null and b/fuzz/corpora/asn1/5bd98188bf891c6613eb1fe5f89af934d51eb413 differ
+diff --git a/fuzz/corpora/asn1/5c2ddc84133f3ca20420a659c17dc1ec84dd00f3 b/fuzz/corpora/asn1/5c2ddc84133f3ca20420a659c17dc1ec84dd00f3
+new file mode 100644
+index 000000000000..53dc51b25112
+Binary files /dev/null and b/fuzz/corpora/asn1/5c2ddc84133f3ca20420a659c17dc1ec84dd00f3 differ
+diff --git a/fuzz/corpora/asn1/5c9c7b794d67b4d6792f3650b74e83b84d11e950 b/fuzz/corpora/asn1/5c9c7b794d67b4d6792f3650b74e83b84d11e950
+new file mode 100644
+index 000000000000..de4c27a1515e
+Binary files /dev/null and b/fuzz/corpora/asn1/5c9c7b794d67b4d6792f3650b74e83b84d11e950 differ
+diff --git a/fuzz/corpora/asn1/5cd908e696128a6d60a28400d5745aaf69205a6a b/fuzz/corpora/asn1/5cd908e696128a6d60a28400d5745aaf69205a6a
+new file mode 100644
+index 000000000000..261eaf0674a0
+Binary files /dev/null and b/fuzz/corpora/asn1/5cd908e696128a6d60a28400d5745aaf69205a6a differ
+diff --git a/fuzz/corpora/asn1/5d609ad07506bd9f2380674081a46c7266f95d97 b/fuzz/corpora/asn1/5d609ad07506bd9f2380674081a46c7266f95d97
+new file mode 100644
+index 000000000000..985c6e8d82dc
+Binary files /dev/null and b/fuzz/corpora/asn1/5d609ad07506bd9f2380674081a46c7266f95d97 differ
+diff --git a/fuzz/corpora/asn1/5d7bc2b561794af7fbf0f8dc6f69dc1864201c53 b/fuzz/corpora/asn1/5d7bc2b561794af7fbf0f8dc6f69dc1864201c53
+new file mode 100644
+index 000000000000..3856cbd7cce7
+Binary files /dev/null and b/fuzz/corpora/asn1/5d7bc2b561794af7fbf0f8dc6f69dc1864201c53 differ
+diff --git a/fuzz/corpora/asn1/5dcda44f2838ef7398c89043754de98066e774fa b/fuzz/corpora/asn1/5dcda44f2838ef7398c89043754de98066e774fa
+new file mode 100644
+index 000000000000..7293b0a60164
+Binary files /dev/null and b/fuzz/corpora/asn1/5dcda44f2838ef7398c89043754de98066e774fa differ
+diff --git a/fuzz/corpora/asn1/5e27ba66f53d326d81589ff24e905d8ab5e75c20 b/fuzz/corpora/asn1/5e27ba66f53d326d81589ff24e905d8ab5e75c20
+new file mode 100644
+index 000000000000..77fe423fb232
+Binary files /dev/null and b/fuzz/corpora/asn1/5e27ba66f53d326d81589ff24e905d8ab5e75c20 differ
+diff --git a/fuzz/corpora/asn1/5e50aac6a8593ff80ce68427027106be8f515a6c b/fuzz/corpora/asn1/5e50aac6a8593ff80ce68427027106be8f515a6c
+new file mode 100644
+index 000000000000..ce99c6ccf9a9
+Binary files /dev/null and b/fuzz/corpora/asn1/5e50aac6a8593ff80ce68427027106be8f515a6c differ
+diff --git a/fuzz/corpora/asn1/5e899479208b1be5003ec2c44ddfdf2f19371f4c b/fuzz/corpora/asn1/5e899479208b1be5003ec2c44ddfdf2f19371f4c
+new file mode 100644
+index 000000000000..13f754b0a645
+Binary files /dev/null and b/fuzz/corpora/asn1/5e899479208b1be5003ec2c44ddfdf2f19371f4c differ
+diff --git a/fuzz/corpora/asn1/5f06e1811e1d568d1fd118fb96f161eec6fc90af b/fuzz/corpora/asn1/5f06e1811e1d568d1fd118fb96f161eec6fc90af
+new file mode 100644
+index 000000000000..d73fc86527e7
+Binary files /dev/null and b/fuzz/corpora/asn1/5f06e1811e1d568d1fd118fb96f161eec6fc90af differ
+diff --git a/fuzz/corpora/asn1/5f0d55ef8df3847a1cbe25f765148c0b16fbbb98 b/fuzz/corpora/asn1/5f0d55ef8df3847a1cbe25f765148c0b16fbbb98
+new file mode 100644
+index 000000000000..58a07fd1660d
+Binary files /dev/null and b/fuzz/corpora/asn1/5f0d55ef8df3847a1cbe25f765148c0b16fbbb98 differ
+diff --git a/fuzz/corpora/asn1/5f7d06e63acbca61fcb5d3096964fb2063ed05a8 b/fuzz/corpora/asn1/5f7d06e63acbca61fcb5d3096964fb2063ed05a8
+new file mode 100644
+index 000000000000..ce6ce20cafe2
+Binary files /dev/null and b/fuzz/corpora/asn1/5f7d06e63acbca61fcb5d3096964fb2063ed05a8 differ
+diff --git a/fuzz/corpora/asn1/5fa8bd3013e5b0cd31f46d689edf26f3c8152e42 b/fuzz/corpora/asn1/5fa8bd3013e5b0cd31f46d689edf26f3c8152e42
+new file mode 100644
+index 000000000000..a6b74cdf09c3
+Binary files /dev/null and b/fuzz/corpora/asn1/5fa8bd3013e5b0cd31f46d689edf26f3c8152e42 differ
+diff --git a/fuzz/corpora/asn1/60550766d8fedee345f25d983654810ccf99c840 b/fuzz/corpora/asn1/60550766d8fedee345f25d983654810ccf99c840
+new file mode 100644
+index 000000000000..d2f4c6e975bf
+Binary files /dev/null and b/fuzz/corpora/asn1/60550766d8fedee345f25d983654810ccf99c840 differ
+diff --git a/fuzz/corpora/asn1/60790becd4794cef176e1c5e30637205fc6b6c0e b/fuzz/corpora/asn1/60790becd4794cef176e1c5e30637205fc6b6c0e
+new file mode 100644
+index 000000000000..a18b680558ef
+Binary files /dev/null and b/fuzz/corpora/asn1/60790becd4794cef176e1c5e30637205fc6b6c0e differ
+diff --git a/fuzz/corpora/asn1/6087724143cdaef4131365bd2821511ab08517be b/fuzz/corpora/asn1/6087724143cdaef4131365bd2821511ab08517be
+new file mode 100644
+index 000000000000..9f93719502fa
+Binary files /dev/null and b/fuzz/corpora/asn1/6087724143cdaef4131365bd2821511ab08517be differ
+diff --git a/fuzz/corpora/asn1/609409900413f55f0a6219f9e56d8675fadf5776 b/fuzz/corpora/asn1/609409900413f55f0a6219f9e56d8675fadf5776
+new file mode 100644
+index 000000000000..1519e49b6f38
+Binary files /dev/null and b/fuzz/corpora/asn1/609409900413f55f0a6219f9e56d8675fadf5776 differ
+diff --git a/fuzz/corpora/asn1/60cd78b36ad1f71f866244ef78b12c18ff0a4864 b/fuzz/corpora/asn1/60cd78b36ad1f71f866244ef78b12c18ff0a4864
+new file mode 100644
+index 000000000000..e5b72c76199d
+Binary files /dev/null and b/fuzz/corpora/asn1/60cd78b36ad1f71f866244ef78b12c18ff0a4864 differ
+diff --git a/fuzz/corpora/asn1/60ea00f806e06abc29a069921edde1fd812fc22c b/fuzz/corpora/asn1/60ea00f806e06abc29a069921edde1fd812fc22c
+new file mode 100644
+index 000000000000..ecc844d88e12
+Binary files /dev/null and b/fuzz/corpora/asn1/60ea00f806e06abc29a069921edde1fd812fc22c differ
+diff --git a/fuzz/corpora/asn1/60edbc959f962473fc8de88d51e9c5b122186ff6 b/fuzz/corpora/asn1/60edbc959f962473fc8de88d51e9c5b122186ff6
+new file mode 100644
+index 000000000000..6c5c80ff0093
+Binary files /dev/null and b/fuzz/corpora/asn1/60edbc959f962473fc8de88d51e9c5b122186ff6 differ
+diff --git a/fuzz/corpora/asn1/60f4ad72e1ffeee1bf27ace38c3126cf48af78d0 b/fuzz/corpora/asn1/60f4ad72e1ffeee1bf27ace38c3126cf48af78d0
+new file mode 100644
+index 000000000000..0ac31493d573
+Binary files /dev/null and b/fuzz/corpora/asn1/60f4ad72e1ffeee1bf27ace38c3126cf48af78d0 differ
+diff --git a/fuzz/corpora/asn1/61b42cf8fc5a5b2c112d1411f25624c01159b406 b/fuzz/corpora/asn1/61b42cf8fc5a5b2c112d1411f25624c01159b406
+new file mode 100644
+index 000000000000..9b819a9b3117
+Binary files /dev/null and b/fuzz/corpora/asn1/61b42cf8fc5a5b2c112d1411f25624c01159b406 differ
+diff --git a/fuzz/corpora/asn1/61c3891ad4a44c9889dcb66b7f2cd0f4eac71523 b/fuzz/corpora/asn1/61c3891ad4a44c9889dcb66b7f2cd0f4eac71523
+new file mode 100644
+index 000000000000..18b3849c5405
+Binary files /dev/null and b/fuzz/corpora/asn1/61c3891ad4a44c9889dcb66b7f2cd0f4eac71523 differ
+diff --git a/fuzz/corpora/asn1/62255f676d5d9ab0a60a1358226e510c0480a84c b/fuzz/corpora/asn1/62255f676d5d9ab0a60a1358226e510c0480a84c
+new file mode 100644
+index 000000000000..ed5e7b5690d2
+Binary files /dev/null and b/fuzz/corpora/asn1/62255f676d5d9ab0a60a1358226e510c0480a84c differ
+diff --git a/fuzz/corpora/asn1/623357cf63544c927e8d32298af0dd760dba5dd9 b/fuzz/corpora/asn1/623357cf63544c927e8d32298af0dd760dba5dd9
+new file mode 100644
+index 000000000000..4fbfa802cd7a
+Binary files /dev/null and b/fuzz/corpora/asn1/623357cf63544c927e8d32298af0dd760dba5dd9 differ
+diff --git a/fuzz/corpora/asn1/62463d1e05bf3e9965dee1b7bb8ff7898fab473e b/fuzz/corpora/asn1/62463d1e05bf3e9965dee1b7bb8ff7898fab473e
+new file mode 100644
+index 000000000000..ac4d91ca0053
+Binary files /dev/null and b/fuzz/corpora/asn1/62463d1e05bf3e9965dee1b7bb8ff7898fab473e differ
+diff --git a/fuzz/corpora/asn1/62cfc5ed7b2193d16ef9bea535d7bdbc4eb52bb8 b/fuzz/corpora/asn1/62cfc5ed7b2193d16ef9bea535d7bdbc4eb52bb8
+new file mode 100644
+index 000000000000..091b8c620f3d
+Binary files /dev/null and b/fuzz/corpora/asn1/62cfc5ed7b2193d16ef9bea535d7bdbc4eb52bb8 differ
+diff --git a/fuzz/corpora/asn1/62d8d80eae2aff83994c7453ea6d504a41479f2d b/fuzz/corpora/asn1/62d8d80eae2aff83994c7453ea6d504a41479f2d
+new file mode 100644
+index 000000000000..3cb247d9b93a
+Binary files /dev/null and b/fuzz/corpora/asn1/62d8d80eae2aff83994c7453ea6d504a41479f2d differ
+diff --git a/fuzz/corpora/asn1/632357c1fca24ecfbb8f98b057188b73cf127a13 b/fuzz/corpora/asn1/632357c1fca24ecfbb8f98b057188b73cf127a13
+new file mode 100644
+index 000000000000..0429f3ea4507
+Binary files /dev/null and b/fuzz/corpora/asn1/632357c1fca24ecfbb8f98b057188b73cf127a13 differ
+diff --git a/fuzz/corpora/asn1/6328ebbf86790dccc0e28a67c4a6179c93bef283 b/fuzz/corpora/asn1/6328ebbf86790dccc0e28a67c4a6179c93bef283
+new file mode 100644
+index 000000000000..a1f5959206b7
+Binary files /dev/null and b/fuzz/corpora/asn1/6328ebbf86790dccc0e28a67c4a6179c93bef283 differ
+diff --git a/fuzz/corpora/asn1/6358b923bf103ce7eb085240509f3381d4d06e58 b/fuzz/corpora/asn1/6358b923bf103ce7eb085240509f3381d4d06e58
+new file mode 100644
+index 000000000000..6687509d848a
+Binary files /dev/null and b/fuzz/corpora/asn1/6358b923bf103ce7eb085240509f3381d4d06e58 differ
+diff --git a/fuzz/corpora/asn1/63daabb6ec3ec3e11ad110e35aa79441dba503f2 b/fuzz/corpora/asn1/63daabb6ec3ec3e11ad110e35aa79441dba503f2
+new file mode 100644
+index 000000000000..f5cb8e502242
+Binary files /dev/null and b/fuzz/corpora/asn1/63daabb6ec3ec3e11ad110e35aa79441dba503f2 differ
+diff --git a/fuzz/corpora/asn1/63ee80715a5a140e4cd3d7a9f308f3ebfef6380e b/fuzz/corpora/asn1/63ee80715a5a140e4cd3d7a9f308f3ebfef6380e
+new file mode 100644
+index 000000000000..2f05faf1f36f
+Binary files /dev/null and b/fuzz/corpora/asn1/63ee80715a5a140e4cd3d7a9f308f3ebfef6380e differ
+diff --git a/fuzz/corpora/asn1/6400ff67884618922b78ede533b95e894711914e b/fuzz/corpora/asn1/6400ff67884618922b78ede533b95e894711914e
+new file mode 100644
+index 000000000000..656e71ec3cda
+Binary files /dev/null and b/fuzz/corpora/asn1/6400ff67884618922b78ede533b95e894711914e differ
+diff --git a/fuzz/corpora/asn1/64226243d5eb9fb2db47c18ec263a1e0b8e2b691 b/fuzz/corpora/asn1/64226243d5eb9fb2db47c18ec263a1e0b8e2b691
+new file mode 100644
+index 000000000000..9ccfa0df7fdc
+Binary files /dev/null and b/fuzz/corpora/asn1/64226243d5eb9fb2db47c18ec263a1e0b8e2b691 differ
+diff --git a/fuzz/corpora/asn1/6447fdcf23d1e001003ebafa0ea4867d7104ea69 b/fuzz/corpora/asn1/6447fdcf23d1e001003ebafa0ea4867d7104ea69
+new file mode 100644
+index 000000000000..1188bb67d9a3
+Binary files /dev/null and b/fuzz/corpora/asn1/6447fdcf23d1e001003ebafa0ea4867d7104ea69 differ
+diff --git a/fuzz/corpora/asn1/649a3683a0b075ea36a81e9873e73459e6c860ba b/fuzz/corpora/asn1/649a3683a0b075ea36a81e9873e73459e6c860ba
+new file mode 100644
+index 000000000000..55cabed4917e
+Binary files /dev/null and b/fuzz/corpora/asn1/649a3683a0b075ea36a81e9873e73459e6c860ba differ
+diff --git a/fuzz/corpora/asn1/64d1d327ef2615bbb4c26079327aa79c4ea8d328 b/fuzz/corpora/asn1/64d1d327ef2615bbb4c26079327aa79c4ea8d328
+new file mode 100644
+index 000000000000..2489c2ac6674
+Binary files /dev/null and b/fuzz/corpora/asn1/64d1d327ef2615bbb4c26079327aa79c4ea8d328 differ
+diff --git a/fuzz/corpora/asn1/655e08024322f3ae5f14f4285faade81d91d864b b/fuzz/corpora/asn1/655e08024322f3ae5f14f4285faade81d91d864b
+new file mode 100644
+index 000000000000..756a9e14fa65
+Binary files /dev/null and b/fuzz/corpora/asn1/655e08024322f3ae5f14f4285faade81d91d864b differ
+diff --git a/fuzz/corpora/asn1/65af6baf05debb9ead16666e8a3db302a9edb4a6 b/fuzz/corpora/asn1/65af6baf05debb9ead16666e8a3db302a9edb4a6
+new file mode 100644
+index 000000000000..685052bd8cd9
+Binary files /dev/null and b/fuzz/corpora/asn1/65af6baf05debb9ead16666e8a3db302a9edb4a6 differ
+diff --git a/fuzz/corpora/asn1/660c995e7221bbe54b5cb9c9c12ebfdedb8982ec b/fuzz/corpora/asn1/660c995e7221bbe54b5cb9c9c12ebfdedb8982ec
+new file mode 100644
+index 000000000000..60815a8124af
+Binary files /dev/null and b/fuzz/corpora/asn1/660c995e7221bbe54b5cb9c9c12ebfdedb8982ec differ
+diff --git a/fuzz/corpora/asn1/6634deb1ede6cfc778d0e61925ab54ab3ab73623 b/fuzz/corpora/asn1/6634deb1ede6cfc778d0e61925ab54ab3ab73623
+new file mode 100644
+index 000000000000..a830be86b8c0
+Binary files /dev/null and b/fuzz/corpora/asn1/6634deb1ede6cfc778d0e61925ab54ab3ab73623 differ
+diff --git a/fuzz/corpora/asn1/66d9b30d060759f6380306a89c46bee39e905639 b/fuzz/corpora/asn1/66d9b30d060759f6380306a89c46bee39e905639
+new file mode 100644
+index 000000000000..97130a67c5c1
+Binary files /dev/null and b/fuzz/corpora/asn1/66d9b30d060759f6380306a89c46bee39e905639 differ
+diff --git a/fuzz/corpora/asn1/6739c2a2e3eb8a1c3567c7230a5da00e275110a6 b/fuzz/corpora/asn1/6739c2a2e3eb8a1c3567c7230a5da00e275110a6
+new file mode 100644
+index 000000000000..2e8ebc30d025
+Binary files /dev/null and b/fuzz/corpora/asn1/6739c2a2e3eb8a1c3567c7230a5da00e275110a6 differ
+diff --git a/fuzz/corpora/asn1/674cc28412e66915e79e873f1c01f25f32865ccf b/fuzz/corpora/asn1/674cc28412e66915e79e873f1c01f25f32865ccf
+new file mode 100644
+index 000000000000..83030a24e3a6
+Binary files /dev/null and b/fuzz/corpora/asn1/674cc28412e66915e79e873f1c01f25f32865ccf differ
+diff --git a/fuzz/corpora/asn1/6753b44d94e61d32fb28e43157521d0caf6c7987 b/fuzz/corpora/asn1/6753b44d94e61d32fb28e43157521d0caf6c7987
+new file mode 100644
+index 000000000000..47efa2f38ca1
+Binary files /dev/null and b/fuzz/corpora/asn1/6753b44d94e61d32fb28e43157521d0caf6c7987 differ
+diff --git a/fuzz/corpora/asn1/678e8d95e8fb6164c0f2b9cdea80401453df480d b/fuzz/corpora/asn1/678e8d95e8fb6164c0f2b9cdea80401453df480d
+new file mode 100644
+index 000000000000..3f43b62b1ffc
+Binary files /dev/null and b/fuzz/corpora/asn1/678e8d95e8fb6164c0f2b9cdea80401453df480d differ
+diff --git a/fuzz/corpora/asn1/67d0f97e5c0680d8466f721297209dc82c7f2c8b b/fuzz/corpora/asn1/67d0f97e5c0680d8466f721297209dc82c7f2c8b
+new file mode 100644
+index 000000000000..1020fbaa91f4
+Binary files /dev/null and b/fuzz/corpora/asn1/67d0f97e5c0680d8466f721297209dc82c7f2c8b differ
+diff --git a/fuzz/corpora/asn1/684430b6e18c43dfd388ceff00c51b3eb36e1537 b/fuzz/corpora/asn1/684430b6e18c43dfd388ceff00c51b3eb36e1537
+new file mode 100644
+index 000000000000..fa97049d44cf
+Binary files /dev/null and b/fuzz/corpora/asn1/684430b6e18c43dfd388ceff00c51b3eb36e1537 differ
+diff --git a/fuzz/corpora/asn1/6878bf365d3bb7e1447a221d1020e9be59b2b9a5 b/fuzz/corpora/asn1/6878bf365d3bb7e1447a221d1020e9be59b2b9a5
+new file mode 100644
+index 000000000000..f14246799e63
+Binary files /dev/null and b/fuzz/corpora/asn1/6878bf365d3bb7e1447a221d1020e9be59b2b9a5 differ
+diff --git a/fuzz/corpora/asn1/68d1f9fcfbd7ffd2b94dcf530754a4d9439bc381 b/fuzz/corpora/asn1/68d1f9fcfbd7ffd2b94dcf530754a4d9439bc381
+new file mode 100644
+index 000000000000..1a86f89c0392
+Binary files /dev/null and b/fuzz/corpora/asn1/68d1f9fcfbd7ffd2b94dcf530754a4d9439bc381 differ
+diff --git a/fuzz/corpora/asn1/68de0b6d4314e873d72e18c4db14bcf38ec22105 b/fuzz/corpora/asn1/68de0b6d4314e873d72e18c4db14bcf38ec22105
+new file mode 100644
+index 000000000000..e7e7a5c69fe6
+Binary files /dev/null and b/fuzz/corpora/asn1/68de0b6d4314e873d72e18c4db14bcf38ec22105 differ
+diff --git a/fuzz/corpora/asn1/68eda3bb456d468181e72334dc6fb751daef0bb9 b/fuzz/corpora/asn1/68eda3bb456d468181e72334dc6fb751daef0bb9
+new file mode 100644
+index 000000000000..8616705473a5
+Binary files /dev/null and b/fuzz/corpora/asn1/68eda3bb456d468181e72334dc6fb751daef0bb9 differ
+diff --git a/fuzz/corpora/asn1/6992598b7b6dd2421948b740ed4b5814388fcb29 b/fuzz/corpora/asn1/6992598b7b6dd2421948b740ed4b5814388fcb29
+new file mode 100644
+index 000000000000..a3ce7f96d0b4
+Binary files /dev/null and b/fuzz/corpora/asn1/6992598b7b6dd2421948b740ed4b5814388fcb29 differ
+diff --git a/fuzz/corpora/asn1/69bafa8f6f9c13409943f38aaa0ce1cde8cbe7c5 b/fuzz/corpora/asn1/69bafa8f6f9c13409943f38aaa0ce1cde8cbe7c5
+new file mode 100644
+index 000000000000..7c5208b755c1
+Binary files /dev/null and b/fuzz/corpora/asn1/69bafa8f6f9c13409943f38aaa0ce1cde8cbe7c5 differ
+diff --git a/fuzz/corpora/asn1/69d1c137fc2bd55405039dd9ceee0006244edbd2 b/fuzz/corpora/asn1/69d1c137fc2bd55405039dd9ceee0006244edbd2
+new file mode 100644
+index 000000000000..76c524cc019b
+Binary files /dev/null and b/fuzz/corpora/asn1/69d1c137fc2bd55405039dd9ceee0006244edbd2 differ
+diff --git a/fuzz/corpora/asn1/6a294f00e90741c6c4087ee033ef25defaea9f01 b/fuzz/corpora/asn1/6a294f00e90741c6c4087ee033ef25defaea9f01
+new file mode 100644
+index 000000000000..83a3ab778f9d
+Binary files /dev/null and b/fuzz/corpora/asn1/6a294f00e90741c6c4087ee033ef25defaea9f01 differ
+diff --git a/fuzz/corpora/asn1/6a6af9c4f01f7beceb54f969fc28b6af78a21095 b/fuzz/corpora/asn1/6a6af9c4f01f7beceb54f969fc28b6af78a21095
+new file mode 100644
+index 000000000000..fca4c77c81a9
+Binary files /dev/null and b/fuzz/corpora/asn1/6a6af9c4f01f7beceb54f969fc28b6af78a21095 differ
+diff --git a/fuzz/corpora/asn1/6b0df423b23c5d09bb2087c08eac373cad06128a b/fuzz/corpora/asn1/6b0df423b23c5d09bb2087c08eac373cad06128a
+new file mode 100644
+index 000000000000..e21135ab8320
+Binary files /dev/null and b/fuzz/corpora/asn1/6b0df423b23c5d09bb2087c08eac373cad06128a differ
+diff --git a/fuzz/corpora/asn1/6b339dbffaae6e29e127e08cce63326ecc47891b b/fuzz/corpora/asn1/6b339dbffaae6e29e127e08cce63326ecc47891b
+new file mode 100644
+index 000000000000..534b66a5e9b7
+Binary files /dev/null and b/fuzz/corpora/asn1/6b339dbffaae6e29e127e08cce63326ecc47891b differ
+diff --git a/fuzz/corpora/asn1/6ba10191d1260b66d9f3adce2da67de82827db06 b/fuzz/corpora/asn1/6ba10191d1260b66d9f3adce2da67de82827db06
+new file mode 100644
+index 000000000000..21751df85204
+Binary files /dev/null and b/fuzz/corpora/asn1/6ba10191d1260b66d9f3adce2da67de82827db06 differ
+diff --git a/fuzz/corpora/asn1/6bc0e97a1ae092057aab172de1d5f979389a3f7d b/fuzz/corpora/asn1/6bc0e97a1ae092057aab172de1d5f979389a3f7d
+new file mode 100644
+index 000000000000..13a012d3d23f
+Binary files /dev/null and b/fuzz/corpora/asn1/6bc0e97a1ae092057aab172de1d5f979389a3f7d differ
+diff --git a/fuzz/corpora/asn1/6bc16c8f7b5d155b9e483d889598adac1eaf8b40 b/fuzz/corpora/asn1/6bc16c8f7b5d155b9e483d889598adac1eaf8b40
+new file mode 100644
+index 000000000000..4d2b6f55d56a
+Binary files /dev/null and b/fuzz/corpora/asn1/6bc16c8f7b5d155b9e483d889598adac1eaf8b40 differ
+diff --git a/fuzz/corpora/asn1/6bd62279a2f55389047a59534fd01db7da81111f b/fuzz/corpora/asn1/6bd62279a2f55389047a59534fd01db7da81111f
+new file mode 100644
+index 000000000000..a4abf46b4ddc
+Binary files /dev/null and b/fuzz/corpora/asn1/6bd62279a2f55389047a59534fd01db7da81111f differ
+diff --git a/fuzz/corpora/asn1/6c3f36413f8e9deab918912635ce6474ba2e1b73 b/fuzz/corpora/asn1/6c3f36413f8e9deab918912635ce6474ba2e1b73
+new file mode 100644
+index 000000000000..6c2444127b60
+Binary files /dev/null and b/fuzz/corpora/asn1/6c3f36413f8e9deab918912635ce6474ba2e1b73 differ
+diff --git a/fuzz/corpora/asn1/6c48adb5092cc17e90b5b0b56cda68938d9b2699 b/fuzz/corpora/asn1/6c48adb5092cc17e90b5b0b56cda68938d9b2699
+new file mode 100644
+index 000000000000..ccbd661a0d6b
+Binary files /dev/null and b/fuzz/corpora/asn1/6c48adb5092cc17e90b5b0b56cda68938d9b2699 differ
+diff --git a/fuzz/corpora/asn1/6cb5e956f2c9d730489520c6ecd18a5e924530d5 b/fuzz/corpora/asn1/6cb5e956f2c9d730489520c6ecd18a5e924530d5
+new file mode 100644
+index 000000000000..a16eeec1f774
+Binary files /dev/null and b/fuzz/corpora/asn1/6cb5e956f2c9d730489520c6ecd18a5e924530d5 differ
+diff --git a/fuzz/corpora/asn1/6cd5184adee06f90cc8d72b300d9d8b8f44d3fb5 b/fuzz/corpora/asn1/6cd5184adee06f90cc8d72b300d9d8b8f44d3fb5
+new file mode 100644
+index 000000000000..9162a747ec84
+Binary files /dev/null and b/fuzz/corpora/asn1/6cd5184adee06f90cc8d72b300d9d8b8f44d3fb5 differ
+diff --git a/fuzz/corpora/asn1/6d60358f94fe42ab4fb859ae3998e6d2cb202fb9 b/fuzz/corpora/asn1/6d60358f94fe42ab4fb859ae3998e6d2cb202fb9
+new file mode 100644
+index 000000000000..f5bb4aeb5e05
+Binary files /dev/null and b/fuzz/corpora/asn1/6d60358f94fe42ab4fb859ae3998e6d2cb202fb9 differ
+diff --git a/fuzz/corpora/asn1/6dcad75dbb9342c5030749a1d00db619833b2008 b/fuzz/corpora/asn1/6dcad75dbb9342c5030749a1d00db619833b2008
+new file mode 100644
+index 000000000000..c8e94c07286d
+Binary files /dev/null and b/fuzz/corpora/asn1/6dcad75dbb9342c5030749a1d00db619833b2008 differ
+diff --git a/fuzz/corpora/asn1/6e048e136549f39633ae24db9da9f2ddd1d710bf b/fuzz/corpora/asn1/6e048e136549f39633ae24db9da9f2ddd1d710bf
+new file mode 100644
+index 000000000000..a1e9d7a237af
+Binary files /dev/null and b/fuzz/corpora/asn1/6e048e136549f39633ae24db9da9f2ddd1d710bf differ
+diff --git a/fuzz/corpora/asn1/6e2c87aab76767c919cd2f5134b86a3e9ca6b809 b/fuzz/corpora/asn1/6e2c87aab76767c919cd2f5134b86a3e9ca6b809
+new file mode 100644
+index 000000000000..2e54fe167241
+Binary files /dev/null and b/fuzz/corpora/asn1/6e2c87aab76767c919cd2f5134b86a3e9ca6b809 differ
+diff --git a/fuzz/corpora/asn1/6e3de5cbf0e4d7a9d04005e62f28545ca64a5e10 b/fuzz/corpora/asn1/6e3de5cbf0e4d7a9d04005e62f28545ca64a5e10
+new file mode 100644
+index 000000000000..2070c2a54f5c
+Binary files /dev/null and b/fuzz/corpora/asn1/6e3de5cbf0e4d7a9d04005e62f28545ca64a5e10 differ
+diff --git a/fuzz/corpora/asn1/6e5cf4ee0e5b64152af0f38aebef83c7c8d7b396 b/fuzz/corpora/asn1/6e5cf4ee0e5b64152af0f38aebef83c7c8d7b396
+new file mode 100644
+index 000000000000..784c8d0f5f4c
+Binary files /dev/null and b/fuzz/corpora/asn1/6e5cf4ee0e5b64152af0f38aebef83c7c8d7b396 differ
+diff --git a/fuzz/corpora/asn1/6e5ed7741c04c743cc84638ed564f855117177af b/fuzz/corpora/asn1/6e5ed7741c04c743cc84638ed564f855117177af
+new file mode 100644
+index 000000000000..9cdf0ab0ddfb
+Binary files /dev/null and b/fuzz/corpora/asn1/6e5ed7741c04c743cc84638ed564f855117177af differ
+diff --git a/fuzz/corpora/asn1/6e72692cc2fbd4198ac238c1fc659e2cc697a084 b/fuzz/corpora/asn1/6e72692cc2fbd4198ac238c1fc659e2cc697a084
+new file mode 100644
+index 000000000000..ac097f9c0322
+Binary files /dev/null and b/fuzz/corpora/asn1/6e72692cc2fbd4198ac238c1fc659e2cc697a084 differ
+diff --git a/fuzz/corpora/asn1/6f873feb224b4b95073c06d3c1dcaf77a5eec2c9 b/fuzz/corpora/asn1/6f873feb224b4b95073c06d3c1dcaf77a5eec2c9
+new file mode 100644
+index 000000000000..74eebf0692b9
+Binary files /dev/null and b/fuzz/corpora/asn1/6f873feb224b4b95073c06d3c1dcaf77a5eec2c9 differ
+diff --git a/fuzz/corpora/asn1/6f89aa80ce747e206cd60992a37f5fa6a9a53c4d b/fuzz/corpora/asn1/6f89aa80ce747e206cd60992a37f5fa6a9a53c4d
+new file mode 100644
+index 000000000000..1805d94a97ed
+Binary files /dev/null and b/fuzz/corpora/asn1/6f89aa80ce747e206cd60992a37f5fa6a9a53c4d differ
+diff --git a/fuzz/corpora/asn1/6fa8c316293af4de4b84b2554148fea19d6f50d2 b/fuzz/corpora/asn1/6fa8c316293af4de4b84b2554148fea19d6f50d2
+new file mode 100644
+index 000000000000..015b79dca303
+Binary files /dev/null and b/fuzz/corpora/asn1/6fa8c316293af4de4b84b2554148fea19d6f50d2 differ
+diff --git a/fuzz/corpora/asn1/6fddec6ace3ec8a71281c6e3ee1bd4878cb01ceb b/fuzz/corpora/asn1/6fddec6ace3ec8a71281c6e3ee1bd4878cb01ceb
+new file mode 100644
+index 000000000000..92e969bb1018
+Binary files /dev/null and b/fuzz/corpora/asn1/6fddec6ace3ec8a71281c6e3ee1bd4878cb01ceb differ
+diff --git a/fuzz/corpora/asn1/70203839c63f16ae4932d6ef5c07928d83732f9c b/fuzz/corpora/asn1/70203839c63f16ae4932d6ef5c07928d83732f9c
+new file mode 100644
+index 000000000000..dce216668612
+Binary files /dev/null and b/fuzz/corpora/asn1/70203839c63f16ae4932d6ef5c07928d83732f9c differ
+diff --git a/fuzz/corpora/asn1/704dce70f6fa3d3d564478024f566631eb679974 b/fuzz/corpora/asn1/704dce70f6fa3d3d564478024f566631eb679974
+new file mode 100644
+index 000000000000..380a7dee11a5
+Binary files /dev/null and b/fuzz/corpora/asn1/704dce70f6fa3d3d564478024f566631eb679974 differ
+diff --git a/fuzz/corpora/asn1/70a85da4e2d45d07c092a07ffbcda45b6b9e2d4d b/fuzz/corpora/asn1/70a85da4e2d45d07c092a07ffbcda45b6b9e2d4d
+new file mode 100644
+index 000000000000..54b745bd9951
+Binary files /dev/null and b/fuzz/corpora/asn1/70a85da4e2d45d07c092a07ffbcda45b6b9e2d4d differ
+diff --git a/fuzz/corpora/asn1/715fa32b1fde7aede81549d088f70f390fee08bf b/fuzz/corpora/asn1/715fa32b1fde7aede81549d088f70f390fee08bf
+new file mode 100644
+index 000000000000..ec312fedcfe4
+Binary files /dev/null and b/fuzz/corpora/asn1/715fa32b1fde7aede81549d088f70f390fee08bf differ
+diff --git a/fuzz/corpora/asn1/716921aee7e60aa0a21443e5f4d43399b4249ad1 b/fuzz/corpora/asn1/716921aee7e60aa0a21443e5f4d43399b4249ad1
+new file mode 100644
+index 000000000000..8dc61abe02d3
+Binary files /dev/null and b/fuzz/corpora/asn1/716921aee7e60aa0a21443e5f4d43399b4249ad1 differ
+diff --git a/fuzz/corpora/asn1/71cabf52169167fb7b736fdad16fa7eb189d0e5e b/fuzz/corpora/asn1/71cabf52169167fb7b736fdad16fa7eb189d0e5e
+new file mode 100644
+index 000000000000..94a416dc95d6
+Binary files /dev/null and b/fuzz/corpora/asn1/71cabf52169167fb7b736fdad16fa7eb189d0e5e differ
+diff --git a/fuzz/corpora/asn1/71fbf889ec635da1eed7947ba3c739122a5343f3 b/fuzz/corpora/asn1/71fbf889ec635da1eed7947ba3c739122a5343f3
+new file mode 100644
+index 000000000000..6b6c61f0bc1d
+Binary files /dev/null and b/fuzz/corpora/asn1/71fbf889ec635da1eed7947ba3c739122a5343f3 differ
+diff --git a/fuzz/corpora/asn1/72037c8039571dfbb4ab2480b5238430aa477ba2 b/fuzz/corpora/asn1/72037c8039571dfbb4ab2480b5238430aa477ba2
+new file mode 100644
+index 000000000000..3ebe39f419c0
+Binary files /dev/null and b/fuzz/corpora/asn1/72037c8039571dfbb4ab2480b5238430aa477ba2 differ
+diff --git a/fuzz/corpora/asn1/720c0ecc46139b2a1daba3e08c3c3abd112cf38b b/fuzz/corpora/asn1/720c0ecc46139b2a1daba3e08c3c3abd112cf38b
+new file mode 100644
+index 000000000000..4f0847537a23
+Binary files /dev/null and b/fuzz/corpora/asn1/720c0ecc46139b2a1daba3e08c3c3abd112cf38b differ
+diff --git a/fuzz/corpora/asn1/7216ee1a6e4c7f90ec6b00684c29d065db1b18b4 b/fuzz/corpora/asn1/7216ee1a6e4c7f90ec6b00684c29d065db1b18b4
+new file mode 100644
+index 000000000000..a86b1b62b9b7
+Binary files /dev/null and b/fuzz/corpora/asn1/7216ee1a6e4c7f90ec6b00684c29d065db1b18b4 differ
+diff --git a/fuzz/corpora/asn1/723bbb4cf7fe2baab9ade461d2a68bec592dab24 b/fuzz/corpora/asn1/723bbb4cf7fe2baab9ade461d2a68bec592dab24
+new file mode 100644
+index 000000000000..8b29d086b1c6
+Binary files /dev/null and b/fuzz/corpora/asn1/723bbb4cf7fe2baab9ade461d2a68bec592dab24 differ
+diff --git a/fuzz/corpora/asn1/7248a08a00d57e9ea49ea0a4717bf07a47fffde7 b/fuzz/corpora/asn1/7248a08a00d57e9ea49ea0a4717bf07a47fffde7
+new file mode 100644
+index 000000000000..846a9472f033
+Binary files /dev/null and b/fuzz/corpora/asn1/7248a08a00d57e9ea49ea0a4717bf07a47fffde7 differ
+diff --git a/fuzz/corpora/asn1/72ab87bc6a188de6e8998fdca5d1d55e29be20bd b/fuzz/corpora/asn1/72ab87bc6a188de6e8998fdca5d1d55e29be20bd
+new file mode 100644
+index 000000000000..02c96b4816d5
+Binary files /dev/null and b/fuzz/corpora/asn1/72ab87bc6a188de6e8998fdca5d1d55e29be20bd differ
+diff --git a/fuzz/corpora/asn1/72c216181f0e9640844dd73c7b61e713804a5d32 b/fuzz/corpora/asn1/72c216181f0e9640844dd73c7b61e713804a5d32
+new file mode 100644
+index 000000000000..edb458e3c959
+Binary files /dev/null and b/fuzz/corpora/asn1/72c216181f0e9640844dd73c7b61e713804a5d32 differ
+diff --git a/fuzz/corpora/asn1/72df1cad68c213e7d7f9aa83be00e4851763412a b/fuzz/corpora/asn1/72df1cad68c213e7d7f9aa83be00e4851763412a
+new file mode 100644
+index 000000000000..1c67f5279c51
+Binary files /dev/null and b/fuzz/corpora/asn1/72df1cad68c213e7d7f9aa83be00e4851763412a differ
+diff --git a/fuzz/corpora/asn1/73737dd181657162c7c89006ab785402a88251d7 b/fuzz/corpora/asn1/73737dd181657162c7c89006ab785402a88251d7
+new file mode 100644
+index 000000000000..b36a8082c538
+Binary files /dev/null and b/fuzz/corpora/asn1/73737dd181657162c7c89006ab785402a88251d7 differ
+diff --git a/fuzz/corpora/asn1/73bac7a1d5030eab114d9b737e06809776fde47b b/fuzz/corpora/asn1/73bac7a1d5030eab114d9b737e06809776fde47b
+new file mode 100644
+index 000000000000..a9c3739800f9
+Binary files /dev/null and b/fuzz/corpora/asn1/73bac7a1d5030eab114d9b737e06809776fde47b differ
+diff --git a/fuzz/corpora/asn1/74159245d6ad8ed58b0267058cc44850da40ed22 b/fuzz/corpora/asn1/74159245d6ad8ed58b0267058cc44850da40ed22
+new file mode 100644
+index 000000000000..68d8ebf64b5e
+Binary files /dev/null and b/fuzz/corpora/asn1/74159245d6ad8ed58b0267058cc44850da40ed22 differ
+diff --git a/fuzz/corpora/asn1/74660a096dc61cfa2c148166031e46e9cf84d894 b/fuzz/corpora/asn1/74660a096dc61cfa2c148166031e46e9cf84d894
+new file mode 100644
+index 000000000000..ffb672c3d9a9
+Binary files /dev/null and b/fuzz/corpora/asn1/74660a096dc61cfa2c148166031e46e9cf84d894 differ
+diff --git a/fuzz/corpora/asn1/750341de5c4922df584cf4287dc55663a1ebbda0 b/fuzz/corpora/asn1/750341de5c4922df584cf4287dc55663a1ebbda0
+new file mode 100644
+index 000000000000..204303c316a8
+Binary files /dev/null and b/fuzz/corpora/asn1/750341de5c4922df584cf4287dc55663a1ebbda0 differ
+diff --git a/fuzz/corpora/asn1/75486ea84e9dac7ef3c867f36491df4f41663a30 b/fuzz/corpora/asn1/75486ea84e9dac7ef3c867f36491df4f41663a30
+new file mode 100644
+index 000000000000..cb52d9732bb9
+Binary files /dev/null and b/fuzz/corpora/asn1/75486ea84e9dac7ef3c867f36491df4f41663a30 differ
+diff --git a/fuzz/corpora/asn1/754b14b8b9b0118bd84dae57f3cbd7f9ed49699a b/fuzz/corpora/asn1/754b14b8b9b0118bd84dae57f3cbd7f9ed49699a
+new file mode 100644
+index 000000000000..6ac25714bc30
+Binary files /dev/null and b/fuzz/corpora/asn1/754b14b8b9b0118bd84dae57f3cbd7f9ed49699a differ
+diff --git a/fuzz/corpora/asn1/75e18c5154f7b32c57876058bf49bee90218eaba b/fuzz/corpora/asn1/75e18c5154f7b32c57876058bf49bee90218eaba
+new file mode 100644
+index 000000000000..8e49ea45e263
+Binary files /dev/null and b/fuzz/corpora/asn1/75e18c5154f7b32c57876058bf49bee90218eaba differ
+diff --git a/fuzz/corpora/asn1/7643d22dab1e37592dae0d5271e677280a7ef78f b/fuzz/corpora/asn1/7643d22dab1e37592dae0d5271e677280a7ef78f
+new file mode 100644
+index 000000000000..3ff036696404
+Binary files /dev/null and b/fuzz/corpora/asn1/7643d22dab1e37592dae0d5271e677280a7ef78f differ
+diff --git a/fuzz/corpora/asn1/7648423756b1729ae2cf51c4d7a46277ce21f291 b/fuzz/corpora/asn1/7648423756b1729ae2cf51c4d7a46277ce21f291
+new file mode 100644
+index 000000000000..ec8dbf21fce8
+Binary files /dev/null and b/fuzz/corpora/asn1/7648423756b1729ae2cf51c4d7a46277ce21f291 differ
+diff --git a/fuzz/corpora/asn1/76948f6d66cf6a6fb6555be11b723c334eb53eaf b/fuzz/corpora/asn1/76948f6d66cf6a6fb6555be11b723c334eb53eaf
+new file mode 100644
+index 000000000000..84cae8716d2d
+Binary files /dev/null and b/fuzz/corpora/asn1/76948f6d66cf6a6fb6555be11b723c334eb53eaf differ
+diff --git a/fuzz/corpora/asn1/76e901c7a7a1a7f8b8de0187dc2542fd69ffef2c b/fuzz/corpora/asn1/76e901c7a7a1a7f8b8de0187dc2542fd69ffef2c
+new file mode 100644
+index 000000000000..4215b123a4a1
+Binary files /dev/null and b/fuzz/corpora/asn1/76e901c7a7a1a7f8b8de0187dc2542fd69ffef2c differ
+diff --git a/fuzz/corpora/asn1/77314afabb740ebd60c6338831927145817e0d0f b/fuzz/corpora/asn1/77314afabb740ebd60c6338831927145817e0d0f
+new file mode 100644
+index 000000000000..bd0dc67f165f
+Binary files /dev/null and b/fuzz/corpora/asn1/77314afabb740ebd60c6338831927145817e0d0f differ
+diff --git a/fuzz/corpora/asn1/774aed802c2a5abdd688ba6b90931cd376886660 b/fuzz/corpora/asn1/774aed802c2a5abdd688ba6b90931cd376886660
+new file mode 100644
+index 000000000000..4301540b0f27
+Binary files /dev/null and b/fuzz/corpora/asn1/774aed802c2a5abdd688ba6b90931cd376886660 differ
+diff --git a/fuzz/corpora/asn1/7784a455bbb2a502160b9b6059eb31b8eb514d06 b/fuzz/corpora/asn1/7784a455bbb2a502160b9b6059eb31b8eb514d06
+new file mode 100644
+index 000000000000..3ff725c1d191
+Binary files /dev/null and b/fuzz/corpora/asn1/7784a455bbb2a502160b9b6059eb31b8eb514d06 differ
+diff --git a/fuzz/corpora/asn1/779207cb455f8ff8022e39b29643042f7e73d7b6 b/fuzz/corpora/asn1/779207cb455f8ff8022e39b29643042f7e73d7b6
+new file mode 100644
+index 000000000000..dafe281e8227
+Binary files /dev/null and b/fuzz/corpora/asn1/779207cb455f8ff8022e39b29643042f7e73d7b6 differ
+diff --git a/fuzz/corpora/asn1/77bb048bfe689410b5d54bcc860f4acb4c4c4cd1 b/fuzz/corpora/asn1/77bb048bfe689410b5d54bcc860f4acb4c4c4cd1
+new file mode 100644
+index 000000000000..30967ce8fd27
+Binary files /dev/null and b/fuzz/corpora/asn1/77bb048bfe689410b5d54bcc860f4acb4c4c4cd1 differ
+diff --git a/fuzz/corpora/asn1/77d3f1285c1a977062f0ec2c761a45989325baf7 b/fuzz/corpora/asn1/77d3f1285c1a977062f0ec2c761a45989325baf7
+new file mode 100644
+index 000000000000..1d1030dd258f
+Binary files /dev/null and b/fuzz/corpora/asn1/77d3f1285c1a977062f0ec2c761a45989325baf7 differ
+diff --git a/fuzz/corpora/asn1/77efbe986e74000d74ec51fea9f3caa6b4cf4102 b/fuzz/corpora/asn1/77efbe986e74000d74ec51fea9f3caa6b4cf4102
+new file mode 100644
+index 000000000000..8bf88776a070
+Binary files /dev/null and b/fuzz/corpora/asn1/77efbe986e74000d74ec51fea9f3caa6b4cf4102 differ
+diff --git a/fuzz/corpora/asn1/784404910947dbaae8b2a25c58e4f732977c784f b/fuzz/corpora/asn1/784404910947dbaae8b2a25c58e4f732977c784f
+new file mode 100644
+index 000000000000..7601bffcafe3
+Binary files /dev/null and b/fuzz/corpora/asn1/784404910947dbaae8b2a25c58e4f732977c784f differ
+diff --git a/fuzz/corpora/asn1/785206b8d7f0ace6a6f34f17f4972c1040cdeab9 b/fuzz/corpora/asn1/785206b8d7f0ace6a6f34f17f4972c1040cdeab9
+new file mode 100644
+index 000000000000..270ca7af220a
+Binary files /dev/null and b/fuzz/corpora/asn1/785206b8d7f0ace6a6f34f17f4972c1040cdeab9 differ
+diff --git a/fuzz/corpora/asn1/785c1329281d237cb47ee04361377cf651d1ffe4 b/fuzz/corpora/asn1/785c1329281d237cb47ee04361377cf651d1ffe4
+new file mode 100644
+index 000000000000..1bb92330c869
+Binary files /dev/null and b/fuzz/corpora/asn1/785c1329281d237cb47ee04361377cf651d1ffe4 differ
+diff --git a/fuzz/corpora/asn1/786535bed33aa144205c4de4ead086eb68d09672 b/fuzz/corpora/asn1/786535bed33aa144205c4de4ead086eb68d09672
+new file mode 100644
+index 000000000000..d922a97b021d
+Binary files /dev/null and b/fuzz/corpora/asn1/786535bed33aa144205c4de4ead086eb68d09672 differ
+diff --git a/fuzz/corpora/asn1/787b1611297a57a2912ed023317e0b03065f6953 b/fuzz/corpora/asn1/787b1611297a57a2912ed023317e0b03065f6953
+new file mode 100644
+index 000000000000..5bdb6dc8fc74
+Binary files /dev/null and b/fuzz/corpora/asn1/787b1611297a57a2912ed023317e0b03065f6953 differ
+diff --git a/fuzz/corpora/asn1/78d03c717a134ed4bfd13cb25f2c9421210dabdb b/fuzz/corpora/asn1/78d03c717a134ed4bfd13cb25f2c9421210dabdb
+new file mode 100644
+index 000000000000..29281c98aee6
+Binary files /dev/null and b/fuzz/corpora/asn1/78d03c717a134ed4bfd13cb25f2c9421210dabdb differ
+diff --git a/fuzz/corpora/asn1/7943043cce5c94cba3edc6ba727d4de2c92afce7 b/fuzz/corpora/asn1/7943043cce5c94cba3edc6ba727d4de2c92afce7
+new file mode 100644
+index 000000000000..0947ea93c103
+Binary files /dev/null and b/fuzz/corpora/asn1/7943043cce5c94cba3edc6ba727d4de2c92afce7 differ
+diff --git a/fuzz/corpora/asn1/79bab942ad3201c73d1e3ba326c86f081641e3b7 b/fuzz/corpora/asn1/79bab942ad3201c73d1e3ba326c86f081641e3b7
+new file mode 100644
+index 000000000000..940fdc6a6c49
+Binary files /dev/null and b/fuzz/corpora/asn1/79bab942ad3201c73d1e3ba326c86f081641e3b7 differ
+diff --git a/fuzz/corpora/asn1/79e938c8c6782ecc93a2daa2725a780dfbe3f0b8 b/fuzz/corpora/asn1/79e938c8c6782ecc93a2daa2725a780dfbe3f0b8
+new file mode 100644
+index 000000000000..ab92fc812620
+Binary files /dev/null and b/fuzz/corpora/asn1/79e938c8c6782ecc93a2daa2725a780dfbe3f0b8 differ
+diff --git a/fuzz/corpora/asn1/7a0e44e06aff64a55dc8c5cbf511e92f67b6a3b9 b/fuzz/corpora/asn1/7a0e44e06aff64a55dc8c5cbf511e92f67b6a3b9
+new file mode 100644
+index 000000000000..3bc1d1cdb316
+Binary files /dev/null and b/fuzz/corpora/asn1/7a0e44e06aff64a55dc8c5cbf511e92f67b6a3b9 differ
+diff --git a/fuzz/corpora/asn1/7a26246f2e2ae68179eab0d49aa2dbd3f0ca022e b/fuzz/corpora/asn1/7a26246f2e2ae68179eab0d49aa2dbd3f0ca022e
+new file mode 100644
+index 000000000000..060bee4158d8
+Binary files /dev/null and b/fuzz/corpora/asn1/7a26246f2e2ae68179eab0d49aa2dbd3f0ca022e differ
+diff --git a/fuzz/corpora/asn1/7a795eea3179fc6b64c7ad8650d54c092d47972c b/fuzz/corpora/asn1/7a795eea3179fc6b64c7ad8650d54c092d47972c
+new file mode 100644
+index 000000000000..d247b18a1b8a
+Binary files /dev/null and b/fuzz/corpora/asn1/7a795eea3179fc6b64c7ad8650d54c092d47972c differ
+diff --git a/fuzz/corpora/asn1/7af1d8530da60b85d5a3de7ed4d235451d81a0c8 b/fuzz/corpora/asn1/7af1d8530da60b85d5a3de7ed4d235451d81a0c8
+new file mode 100644
+index 000000000000..0cbab42d79fe
+Binary files /dev/null and b/fuzz/corpora/asn1/7af1d8530da60b85d5a3de7ed4d235451d81a0c8 differ
+diff --git a/fuzz/corpora/asn1/7b051999740d7d60ffd85a15f0a45ddb8fe8fddb b/fuzz/corpora/asn1/7b051999740d7d60ffd85a15f0a45ddb8fe8fddb
+new file mode 100644
+index 000000000000..8893ede649f9
+Binary files /dev/null and b/fuzz/corpora/asn1/7b051999740d7d60ffd85a15f0a45ddb8fe8fddb differ
+diff --git a/fuzz/corpora/asn1/7b45c634020ec35736e7776105a777f1460aa17c b/fuzz/corpora/asn1/7b45c634020ec35736e7776105a777f1460aa17c
+new file mode 100644
+index 000000000000..5bf1c067ac83
+Binary files /dev/null and b/fuzz/corpora/asn1/7b45c634020ec35736e7776105a777f1460aa17c differ
+diff --git a/fuzz/corpora/asn1/7b649cc8e3b828ed84806faeacf7da15ee1c56fc b/fuzz/corpora/asn1/7b649cc8e3b828ed84806faeacf7da15ee1c56fc
+new file mode 100644
+index 000000000000..4b8f29a5d1e9
+Binary files /dev/null and b/fuzz/corpora/asn1/7b649cc8e3b828ed84806faeacf7da15ee1c56fc differ
+diff --git a/fuzz/corpora/asn1/7bfc2d1bf62f9ac2fb32cfde53b5fddc13521520 b/fuzz/corpora/asn1/7bfc2d1bf62f9ac2fb32cfde53b5fddc13521520
+new file mode 100644
+index 000000000000..19200f08fa7b
+Binary files /dev/null and b/fuzz/corpora/asn1/7bfc2d1bf62f9ac2fb32cfde53b5fddc13521520 differ
+diff --git a/fuzz/corpora/asn1/7c20e962572534d86ddc8c8fa32cf8a0446eae8a b/fuzz/corpora/asn1/7c20e962572534d86ddc8c8fa32cf8a0446eae8a
+new file mode 100644
+index 000000000000..363614c4d452
+Binary files /dev/null and b/fuzz/corpora/asn1/7c20e962572534d86ddc8c8fa32cf8a0446eae8a differ
+diff --git a/fuzz/corpora/asn1/7c3f10211b3332fc264c0da69181d2fd13a481e3 b/fuzz/corpora/asn1/7c3f10211b3332fc264c0da69181d2fd13a481e3
+new file mode 100644
+index 000000000000..77e8290f8f61
+Binary files /dev/null and b/fuzz/corpora/asn1/7c3f10211b3332fc264c0da69181d2fd13a481e3 differ
+diff --git a/fuzz/corpora/asn1/7ca409147fb5dd5ae866b18e278b4e255f9ba27c b/fuzz/corpora/asn1/7ca409147fb5dd5ae866b18e278b4e255f9ba27c
+new file mode 100644
+index 000000000000..42b1ee72f0e6
+Binary files /dev/null and b/fuzz/corpora/asn1/7ca409147fb5dd5ae866b18e278b4e255f9ba27c differ
+diff --git a/fuzz/corpora/asn1/7ccb11879657cc5761152406275ebb2a89146f3f b/fuzz/corpora/asn1/7ccb11879657cc5761152406275ebb2a89146f3f
+new file mode 100644
+index 000000000000..01517a1a2f24
+Binary files /dev/null and b/fuzz/corpora/asn1/7ccb11879657cc5761152406275ebb2a89146f3f differ
+diff --git a/fuzz/corpora/asn1/7cce3dd6f09f3a3760d49f205d6e8113a191b7bd b/fuzz/corpora/asn1/7cce3dd6f09f3a3760d49f205d6e8113a191b7bd
+new file mode 100644
+index 000000000000..96748b1dd35f
+Binary files /dev/null and b/fuzz/corpora/asn1/7cce3dd6f09f3a3760d49f205d6e8113a191b7bd differ
+diff --git a/fuzz/corpora/asn1/7d0281929713e9e09795d924c72b23bab365c4cc b/fuzz/corpora/asn1/7d0281929713e9e09795d924c72b23bab365c4cc
+new file mode 100644
+index 000000000000..ad0b4ce14118
+Binary files /dev/null and b/fuzz/corpora/asn1/7d0281929713e9e09795d924c72b23bab365c4cc differ
+diff --git a/fuzz/corpora/asn1/7da6a02736b60e5ac97430c718cca7fb27651c25 b/fuzz/corpora/asn1/7da6a02736b60e5ac97430c718cca7fb27651c25
+new file mode 100644
+index 000000000000..4326b00d0c85
+Binary files /dev/null and b/fuzz/corpora/asn1/7da6a02736b60e5ac97430c718cca7fb27651c25 differ
+diff --git a/fuzz/corpora/asn1/7de94fcce96942a6d0532daa805548fcd660c4c2 b/fuzz/corpora/asn1/7de94fcce96942a6d0532daa805548fcd660c4c2
+new file mode 100644
+index 000000000000..13192d6d06bb
+Binary files /dev/null and b/fuzz/corpora/asn1/7de94fcce96942a6d0532daa805548fcd660c4c2 differ
+diff --git a/fuzz/corpora/asn1/7e247fe156db7bf5706af45c3107f67a44272b90 b/fuzz/corpora/asn1/7e247fe156db7bf5706af45c3107f67a44272b90
+new file mode 100644
+index 000000000000..0922216e80c0
+Binary files /dev/null and b/fuzz/corpora/asn1/7e247fe156db7bf5706af45c3107f67a44272b90 differ
+diff --git a/fuzz/corpora/asn1/7f42151b01495732dd95c5abedb31f2f5af81cc2 b/fuzz/corpora/asn1/7f42151b01495732dd95c5abedb31f2f5af81cc2
+new file mode 100644
+index 000000000000..4c1b50194cb0
+Binary files /dev/null and b/fuzz/corpora/asn1/7f42151b01495732dd95c5abedb31f2f5af81cc2 differ
+diff --git a/fuzz/corpora/asn1/7f8665537a5b1d9ab1d501ffdd70a7dd9a8e8dc3 b/fuzz/corpora/asn1/7f8665537a5b1d9ab1d501ffdd70a7dd9a8e8dc3
+new file mode 100644
+index 000000000000..8129b901cdef
+Binary files /dev/null and b/fuzz/corpora/asn1/7f8665537a5b1d9ab1d501ffdd70a7dd9a8e8dc3 differ
+diff --git a/fuzz/corpora/asn1/7fb6a33b347bf5a278ac86f52b29c63000b51507 b/fuzz/corpora/asn1/7fb6a33b347bf5a278ac86f52b29c63000b51507
+new file mode 100644
+index 000000000000..f31fc807a2dd
+Binary files /dev/null and b/fuzz/corpora/asn1/7fb6a33b347bf5a278ac86f52b29c63000b51507 differ
+diff --git a/fuzz/corpora/asn1/7fcf15ce34fbd0c4e2b11517e07bda376e19bf10 b/fuzz/corpora/asn1/7fcf15ce34fbd0c4e2b11517e07bda376e19bf10
+new file mode 100644
+index 000000000000..ab4beb379e01
+Binary files /dev/null and b/fuzz/corpora/asn1/7fcf15ce34fbd0c4e2b11517e07bda376e19bf10 differ
+diff --git a/fuzz/corpora/asn1/8032d7226288d26c1b3005a7462dd9d543cae055 b/fuzz/corpora/asn1/8032d7226288d26c1b3005a7462dd9d543cae055
+new file mode 100644
+index 000000000000..3c81d3bcd440
+Binary files /dev/null and b/fuzz/corpora/asn1/8032d7226288d26c1b3005a7462dd9d543cae055 differ
+diff --git a/fuzz/corpora/asn1/80409fde797b71a270af13fe4db3b36fe2c492ed b/fuzz/corpora/asn1/80409fde797b71a270af13fe4db3b36fe2c492ed
+new file mode 100644
+index 000000000000..195b4d357a96
+Binary files /dev/null and b/fuzz/corpora/asn1/80409fde797b71a270af13fe4db3b36fe2c492ed differ
+diff --git a/fuzz/corpora/asn1/80595b853618f970511be1586bd30082d13f839c b/fuzz/corpora/asn1/80595b853618f970511be1586bd30082d13f839c
+new file mode 100644
+index 000000000000..60857d43101c
+Binary files /dev/null and b/fuzz/corpora/asn1/80595b853618f970511be1586bd30082d13f839c differ
+diff --git a/fuzz/corpora/asn1/809a9b3855e9db5f275e1493cdf46cc15546e92e b/fuzz/corpora/asn1/809a9b3855e9db5f275e1493cdf46cc15546e92e
+new file mode 100644
+index 000000000000..9e20fb2bb3d4
+Binary files /dev/null and b/fuzz/corpora/asn1/809a9b3855e9db5f275e1493cdf46cc15546e92e differ
+diff --git a/fuzz/corpora/asn1/80aef809abcf1c7c16f1f537a38aaac7d26cfd66 b/fuzz/corpora/asn1/80aef809abcf1c7c16f1f537a38aaac7d26cfd66
+new file mode 100644
+index 000000000000..47bf6894fc88
+Binary files /dev/null and b/fuzz/corpora/asn1/80aef809abcf1c7c16f1f537a38aaac7d26cfd66 differ
+diff --git a/fuzz/corpora/asn1/80cbc5c3b88be746a98d0f5edfef29324da70da1 b/fuzz/corpora/asn1/80cbc5c3b88be746a98d0f5edfef29324da70da1
+new file mode 100644
+index 000000000000..b1bd6e8c0508
+Binary files /dev/null and b/fuzz/corpora/asn1/80cbc5c3b88be746a98d0f5edfef29324da70da1 differ
+diff --git a/fuzz/corpora/asn1/81061e12d8ff77c8dc6a90c83f5d010b98d9c4c9 b/fuzz/corpora/asn1/81061e12d8ff77c8dc6a90c83f5d010b98d9c4c9
+new file mode 100644
+index 000000000000..031a4f04bd00
+Binary files /dev/null and b/fuzz/corpora/asn1/81061e12d8ff77c8dc6a90c83f5d010b98d9c4c9 differ
+diff --git a/fuzz/corpora/asn1/8107f5a90504df9a045b6cc85f9f00fc56e1c2ef b/fuzz/corpora/asn1/8107f5a90504df9a045b6cc85f9f00fc56e1c2ef
+new file mode 100644
+index 000000000000..f1da7408d0a5
+Binary files /dev/null and b/fuzz/corpora/asn1/8107f5a90504df9a045b6cc85f9f00fc56e1c2ef differ
+diff --git a/fuzz/corpora/asn1/818a858127a4725e59eb7a117829c681fa95588b b/fuzz/corpora/asn1/818a858127a4725e59eb7a117829c681fa95588b
+new file mode 100644
+index 000000000000..d79defb1c5a3
+Binary files /dev/null and b/fuzz/corpora/asn1/818a858127a4725e59eb7a117829c681fa95588b differ
+diff --git a/fuzz/corpora/asn1/81a40be1e3c09491015457b48fb44d70742d64be b/fuzz/corpora/asn1/81a40be1e3c09491015457b48fb44d70742d64be
+new file mode 100644
+index 000000000000..064023c87a16
+Binary files /dev/null and b/fuzz/corpora/asn1/81a40be1e3c09491015457b48fb44d70742d64be differ
+diff --git a/fuzz/corpora/asn1/81e888429dcecd9ad8180d26924dc39f7175eaac b/fuzz/corpora/asn1/81e888429dcecd9ad8180d26924dc39f7175eaac
+new file mode 100644
+index 000000000000..bb1b8a144af0
+Binary files /dev/null and b/fuzz/corpora/asn1/81e888429dcecd9ad8180d26924dc39f7175eaac differ
+diff --git a/fuzz/corpora/asn1/82087c8200eeb0544454982d65605d6978989a9d b/fuzz/corpora/asn1/82087c8200eeb0544454982d65605d6978989a9d
+new file mode 100644
+index 000000000000..47724e8ba3e4
+Binary files /dev/null and b/fuzz/corpora/asn1/82087c8200eeb0544454982d65605d6978989a9d differ
+diff --git a/fuzz/corpora/asn1/821e1febac3ccbb74c985d836964587199f1143d b/fuzz/corpora/asn1/821e1febac3ccbb74c985d836964587199f1143d
+new file mode 100644
+index 000000000000..5f4efdeb69d9
+Binary files /dev/null and b/fuzz/corpora/asn1/821e1febac3ccbb74c985d836964587199f1143d differ
+diff --git a/fuzz/corpora/asn1/823048b72b17b52866e3aa6a9c41079d0f004767 b/fuzz/corpora/asn1/823048b72b17b52866e3aa6a9c41079d0f004767
+new file mode 100644
+index 000000000000..cd5d8d483c73
+Binary files /dev/null and b/fuzz/corpora/asn1/823048b72b17b52866e3aa6a9c41079d0f004767 differ
+diff --git a/fuzz/corpora/asn1/8232f7ab1d3ed9042f08b388287563a97452bff0 b/fuzz/corpora/asn1/8232f7ab1d3ed9042f08b388287563a97452bff0
+new file mode 100644
+index 000000000000..2ab944087924
+Binary files /dev/null and b/fuzz/corpora/asn1/8232f7ab1d3ed9042f08b388287563a97452bff0 differ
+diff --git a/fuzz/corpora/asn1/82abd18298c62a5e057e9c2f0056846478a4c95f b/fuzz/corpora/asn1/82abd18298c62a5e057e9c2f0056846478a4c95f
+new file mode 100644
+index 000000000000..f7879472b920
+Binary files /dev/null and b/fuzz/corpora/asn1/82abd18298c62a5e057e9c2f0056846478a4c95f differ
+diff --git a/fuzz/corpora/asn1/82af10e6979179c580879735a7482ea2c7342a49 b/fuzz/corpora/asn1/82af10e6979179c580879735a7482ea2c7342a49
+new file mode 100644
+index 000000000000..4c9c9c89477b
+Binary files /dev/null and b/fuzz/corpora/asn1/82af10e6979179c580879735a7482ea2c7342a49 differ
+diff --git a/fuzz/corpora/asn1/82b589affbfd0f5de6128c33e0a441cf030f2f87 b/fuzz/corpora/asn1/82b589affbfd0f5de6128c33e0a441cf030f2f87
+new file mode 100644
+index 000000000000..f474c23b588c
+Binary files /dev/null and b/fuzz/corpora/asn1/82b589affbfd0f5de6128c33e0a441cf030f2f87 differ
+diff --git a/fuzz/corpora/asn1/82e4de8871e52fd6c2c77c9ff90486f4827a53a4 b/fuzz/corpora/asn1/82e4de8871e52fd6c2c77c9ff90486f4827a53a4
+new file mode 100644
+index 000000000000..7bdd6b5abe75
+Binary files /dev/null and b/fuzz/corpora/asn1/82e4de8871e52fd6c2c77c9ff90486f4827a53a4 differ
+diff --git a/fuzz/corpora/asn1/833d2e179ec33ed3e39b1c638ec459f001153113 b/fuzz/corpora/asn1/833d2e179ec33ed3e39b1c638ec459f001153113
+new file mode 100644
+index 000000000000..afa9c41e19eb
+Binary files /dev/null and b/fuzz/corpora/asn1/833d2e179ec33ed3e39b1c638ec459f001153113 differ
+diff --git a/fuzz/corpora/asn1/83fbd0f17b1c24b4840f76a813f3e4a5b82dff6d b/fuzz/corpora/asn1/83fbd0f17b1c24b4840f76a813f3e4a5b82dff6d
+new file mode 100644
+index 000000000000..aa8cf8cb6d83
+Binary files /dev/null and b/fuzz/corpora/asn1/83fbd0f17b1c24b4840f76a813f3e4a5b82dff6d differ
+diff --git a/fuzz/corpora/asn1/844ebc926cf7d88cad633047dd65388278c2f9c2 b/fuzz/corpora/asn1/844ebc926cf7d88cad633047dd65388278c2f9c2
+new file mode 100644
+index 000000000000..d9647662f62c
+Binary files /dev/null and b/fuzz/corpora/asn1/844ebc926cf7d88cad633047dd65388278c2f9c2 differ
+diff --git a/fuzz/corpora/asn1/847c96ff1b673cc26a110fb9b43ee106ee46d97c b/fuzz/corpora/asn1/847c96ff1b673cc26a110fb9b43ee106ee46d97c
+new file mode 100644
+index 000000000000..281a1ddaca51
+Binary files /dev/null and b/fuzz/corpora/asn1/847c96ff1b673cc26a110fb9b43ee106ee46d97c differ
+diff --git a/fuzz/corpora/asn1/856d2aa1ec4d58fdeb3bc21dec78af0e7f12c2b6 b/fuzz/corpora/asn1/856d2aa1ec4d58fdeb3bc21dec78af0e7f12c2b6
+new file mode 100644
+index 000000000000..f46ea1f1e237
+Binary files /dev/null and b/fuzz/corpora/asn1/856d2aa1ec4d58fdeb3bc21dec78af0e7f12c2b6 differ
+diff --git a/fuzz/corpora/asn1/85702e373892e7ebfe865b514fe3abe082e5b94c b/fuzz/corpora/asn1/85702e373892e7ebfe865b514fe3abe082e5b94c
+new file mode 100644
+index 000000000000..7d8a943ccc8a
+Binary files /dev/null and b/fuzz/corpora/asn1/85702e373892e7ebfe865b514fe3abe082e5b94c differ
+diff --git a/fuzz/corpora/asn1/85ccfb771becba620484079efe73fe718779f78a b/fuzz/corpora/asn1/85ccfb771becba620484079efe73fe718779f78a
+new file mode 100644
+index 000000000000..9ee29a06a05d
+Binary files /dev/null and b/fuzz/corpora/asn1/85ccfb771becba620484079efe73fe718779f78a differ
+diff --git a/fuzz/corpora/asn1/8620cd2c396b6225ab16839a26174edbfb5dda53 b/fuzz/corpora/asn1/8620cd2c396b6225ab16839a26174edbfb5dda53
+new file mode 100644
+index 000000000000..deed2a531ae5
+Binary files /dev/null and b/fuzz/corpora/asn1/8620cd2c396b6225ab16839a26174edbfb5dda53 differ
+diff --git a/fuzz/corpora/asn1/86a3c14708e87f6d0f54726c84657843caf064b6 b/fuzz/corpora/asn1/86a3c14708e87f6d0f54726c84657843caf064b6
+new file mode 100644
+index 000000000000..d12b8d3099d5
+Binary files /dev/null and b/fuzz/corpora/asn1/86a3c14708e87f6d0f54726c84657843caf064b6 differ
+diff --git a/fuzz/corpora/asn1/86db813678ae337e8b235922b069f031bba27ace b/fuzz/corpora/asn1/86db813678ae337e8b235922b069f031bba27ace
+new file mode 100644
+index 000000000000..eb114bf828c1
+Binary files /dev/null and b/fuzz/corpora/asn1/86db813678ae337e8b235922b069f031bba27ace differ
+diff --git a/fuzz/corpora/asn1/873c1cd75f69e88a598056097922d6e521ef7a0f b/fuzz/corpora/asn1/873c1cd75f69e88a598056097922d6e521ef7a0f
+new file mode 100644
+index 000000000000..e92f1be7560d
+Binary files /dev/null and b/fuzz/corpora/asn1/873c1cd75f69e88a598056097922d6e521ef7a0f differ
+diff --git a/fuzz/corpora/asn1/87622fc356df18e8ee5ed9f90d39ef52312fcb8d b/fuzz/corpora/asn1/87622fc356df18e8ee5ed9f90d39ef52312fcb8d
+new file mode 100644
+index 000000000000..4da59d4fe2dc
+Binary files /dev/null and b/fuzz/corpora/asn1/87622fc356df18e8ee5ed9f90d39ef52312fcb8d differ
+diff --git a/fuzz/corpora/asn1/8783a8b4c3964ea607b7fd2cc278a8f11df9d7a2 b/fuzz/corpora/asn1/8783a8b4c3964ea607b7fd2cc278a8f11df9d7a2
+new file mode 100644
+index 000000000000..704d94a533fc
+Binary files /dev/null and b/fuzz/corpora/asn1/8783a8b4c3964ea607b7fd2cc278a8f11df9d7a2 differ
+diff --git a/fuzz/corpora/asn1/879b0b0210151c5cac27c06e727895e050d542b8 b/fuzz/corpora/asn1/879b0b0210151c5cac27c06e727895e050d542b8
+new file mode 100644
+index 000000000000..cd6b0c1dbc2d
+Binary files /dev/null and b/fuzz/corpora/asn1/879b0b0210151c5cac27c06e727895e050d542b8 differ
+diff --git a/fuzz/corpora/asn1/87c00366f381be5e353db38f197ecb21301a6183 b/fuzz/corpora/asn1/87c00366f381be5e353db38f197ecb21301a6183
+new file mode 100644
+index 000000000000..4677a35abf9c
+Binary files /dev/null and b/fuzz/corpora/asn1/87c00366f381be5e353db38f197ecb21301a6183 differ
+diff --git a/fuzz/corpora/asn1/87c8c9f34bae510130432fd06cf792888b601f9c b/fuzz/corpora/asn1/87c8c9f34bae510130432fd06cf792888b601f9c
+new file mode 100644
+index 000000000000..7c4cc067da9b
+Binary files /dev/null and b/fuzz/corpora/asn1/87c8c9f34bae510130432fd06cf792888b601f9c differ
+diff --git a/fuzz/corpora/asn1/87eebfef4d8a0f956a0d089e2780392ef11e3409 b/fuzz/corpora/asn1/87eebfef4d8a0f956a0d089e2780392ef11e3409
+new file mode 100644
+index 000000000000..33f9db80e9df
+Binary files /dev/null and b/fuzz/corpora/asn1/87eebfef4d8a0f956a0d089e2780392ef11e3409 differ
+diff --git a/fuzz/corpora/asn1/880223b41ecd68f1221be0a6071e6d1f4a3d4545 b/fuzz/corpora/asn1/880223b41ecd68f1221be0a6071e6d1f4a3d4545
+new file mode 100644
+index 000000000000..f7caa5645b6b
+Binary files /dev/null and b/fuzz/corpora/asn1/880223b41ecd68f1221be0a6071e6d1f4a3d4545 differ
+diff --git a/fuzz/corpora/asn1/885a01f71df1461f84fc8b7057320b2135f5e35c b/fuzz/corpora/asn1/885a01f71df1461f84fc8b7057320b2135f5e35c
+new file mode 100644
+index 000000000000..7c854bcc8ade
+Binary files /dev/null and b/fuzz/corpora/asn1/885a01f71df1461f84fc8b7057320b2135f5e35c differ
+diff --git a/fuzz/corpora/asn1/887c5e98cc74792dc8a83fe305bb38b0a94819ec b/fuzz/corpora/asn1/887c5e98cc74792dc8a83fe305bb38b0a94819ec
+new file mode 100644
+index 000000000000..185404b84e54
+Binary files /dev/null and b/fuzz/corpora/asn1/887c5e98cc74792dc8a83fe305bb38b0a94819ec differ
+diff --git a/fuzz/corpora/asn1/88827fd5fd9c02924296c51f36b78382ca317368 b/fuzz/corpora/asn1/88827fd5fd9c02924296c51f36b78382ca317368
+new file mode 100644
+index 000000000000..91247c92780f
+Binary files /dev/null and b/fuzz/corpora/asn1/88827fd5fd9c02924296c51f36b78382ca317368 differ
+diff --git a/fuzz/corpora/asn1/8891fcf5a5991f54034e500ec6a92f59e5d5123c b/fuzz/corpora/asn1/8891fcf5a5991f54034e500ec6a92f59e5d5123c
+new file mode 100644
+index 000000000000..cf83662c5700
+Binary files /dev/null and b/fuzz/corpora/asn1/8891fcf5a5991f54034e500ec6a92f59e5d5123c differ
+diff --git a/fuzz/corpora/asn1/88ae4816a1e1a163328266cb9ebc9e25268e4ddb b/fuzz/corpora/asn1/88ae4816a1e1a163328266cb9ebc9e25268e4ddb
+new file mode 100644
+index 000000000000..64d2070ba668
+Binary files /dev/null and b/fuzz/corpora/asn1/88ae4816a1e1a163328266cb9ebc9e25268e4ddb differ
+diff --git a/fuzz/corpora/asn1/88dd449a1260b6a53b9a50c74db8ff8daed6b70f b/fuzz/corpora/asn1/88dd449a1260b6a53b9a50c74db8ff8daed6b70f
+new file mode 100644
+index 000000000000..78c8a0a1d508
+Binary files /dev/null and b/fuzz/corpora/asn1/88dd449a1260b6a53b9a50c74db8ff8daed6b70f differ
+diff --git a/fuzz/corpora/asn1/88ff25d2062cde912f4d730cf3d317e73c7e70c7 b/fuzz/corpora/asn1/88ff25d2062cde912f4d730cf3d317e73c7e70c7
+new file mode 100644
+index 000000000000..d1f3ee24c154
+Binary files /dev/null and b/fuzz/corpora/asn1/88ff25d2062cde912f4d730cf3d317e73c7e70c7 differ
+diff --git a/fuzz/corpora/asn1/893a632ee70158b939d3fecd3e65ba63bb8cbf56 b/fuzz/corpora/asn1/893a632ee70158b939d3fecd3e65ba63bb8cbf56
+new file mode 100644
+index 000000000000..3c48bc444ef1
+Binary files /dev/null and b/fuzz/corpora/asn1/893a632ee70158b939d3fecd3e65ba63bb8cbf56 differ
+diff --git a/fuzz/corpora/asn1/896d818f6f3665e1fef03e2265c35c2412dd9b4d b/fuzz/corpora/asn1/896d818f6f3665e1fef03e2265c35c2412dd9b4d
+new file mode 100644
+index 000000000000..1ee1e1ff6065
+Binary files /dev/null and b/fuzz/corpora/asn1/896d818f6f3665e1fef03e2265c35c2412dd9b4d differ
+diff --git a/fuzz/corpora/asn1/898e00843605233f480ad93e60defd5fd2ef22e2 b/fuzz/corpora/asn1/898e00843605233f480ad93e60defd5fd2ef22e2
+new file mode 100644
+index 000000000000..226a73c95b6a
+Binary files /dev/null and b/fuzz/corpora/asn1/898e00843605233f480ad93e60defd5fd2ef22e2 differ
+diff --git a/fuzz/corpora/asn1/899bbd766d0847543a6bf2045581de67d68f0678 b/fuzz/corpora/asn1/899bbd766d0847543a6bf2045581de67d68f0678
+new file mode 100644
+index 000000000000..b7ee10d3e859
+Binary files /dev/null and b/fuzz/corpora/asn1/899bbd766d0847543a6bf2045581de67d68f0678 differ
+diff --git a/fuzz/corpora/asn1/89a666be82ba009d6197622f28f6e999edecd662 b/fuzz/corpora/asn1/89a666be82ba009d6197622f28f6e999edecd662
+new file mode 100644
+index 000000000000..5883432fc968
+Binary files /dev/null and b/fuzz/corpora/asn1/89a666be82ba009d6197622f28f6e999edecd662 differ
+diff --git a/fuzz/corpora/asn1/8a0ce2ee24364256353a9a72d4021c109d0c0c21 b/fuzz/corpora/asn1/8a0ce2ee24364256353a9a72d4021c109d0c0c21
+new file mode 100644
+index 000000000000..351a3af5a32d
+Binary files /dev/null and b/fuzz/corpora/asn1/8a0ce2ee24364256353a9a72d4021c109d0c0c21 differ
+diff --git a/fuzz/corpora/asn1/8a6fafc1f10568cd3d17d8ed38172386a138f777 b/fuzz/corpora/asn1/8a6fafc1f10568cd3d17d8ed38172386a138f777
+new file mode 100644
+index 000000000000..2b0ab7aecd32
+Binary files /dev/null and b/fuzz/corpora/asn1/8a6fafc1f10568cd3d17d8ed38172386a138f777 differ
+diff --git a/fuzz/corpora/asn1/8a74e33adb05d3ce9fa3dd5a380031c5112dcb79 b/fuzz/corpora/asn1/8a74e33adb05d3ce9fa3dd5a380031c5112dcb79
+new file mode 100644
+index 000000000000..fbe6d205099b
+Binary files /dev/null and b/fuzz/corpora/asn1/8a74e33adb05d3ce9fa3dd5a380031c5112dcb79 differ
+diff --git a/fuzz/corpora/asn1/8a8d6f1afcccdb5c4fc4395c1850e1710931d69b b/fuzz/corpora/asn1/8a8d6f1afcccdb5c4fc4395c1850e1710931d69b
+new file mode 100644
+index 000000000000..82fea11cc90a
+Binary files /dev/null and b/fuzz/corpora/asn1/8a8d6f1afcccdb5c4fc4395c1850e1710931d69b differ
+diff --git a/fuzz/corpora/asn1/8a908cd048062f7b53f8208098d2762ed9f2a063 b/fuzz/corpora/asn1/8a908cd048062f7b53f8208098d2762ed9f2a063
+new file mode 100644
+index 000000000000..d97c0e7012e4
+Binary files /dev/null and b/fuzz/corpora/asn1/8a908cd048062f7b53f8208098d2762ed9f2a063 differ
+diff --git a/fuzz/corpora/asn1/8ae28ef4f29bb8d467a4f618a9b8b082d9b97877 b/fuzz/corpora/asn1/8ae28ef4f29bb8d467a4f618a9b8b082d9b97877
+new file mode 100644
+index 000000000000..85fee62b1f4a
+Binary files /dev/null and b/fuzz/corpora/asn1/8ae28ef4f29bb8d467a4f618a9b8b082d9b97877 differ
+diff --git a/fuzz/corpora/asn1/8b0b1cd17952b4550e9c95d5d4e83fe20a2b3c5b b/fuzz/corpora/asn1/8b0b1cd17952b4550e9c95d5d4e83fe20a2b3c5b
+new file mode 100644
+index 000000000000..4e5aea89b242
+Binary files /dev/null and b/fuzz/corpora/asn1/8b0b1cd17952b4550e9c95d5d4e83fe20a2b3c5b differ
+diff --git a/fuzz/corpora/asn1/8b2e5fefaa0ea65b547cdf7a6818f99506573565 b/fuzz/corpora/asn1/8b2e5fefaa0ea65b547cdf7a6818f99506573565
+new file mode 100644
+index 000000000000..9a40430a95fd
+Binary files /dev/null and b/fuzz/corpora/asn1/8b2e5fefaa0ea65b547cdf7a6818f99506573565 differ
+diff --git a/fuzz/corpora/asn1/8b49b37b9ab5497bd5b61ba91894fc7a52f3276d b/fuzz/corpora/asn1/8b49b37b9ab5497bd5b61ba91894fc7a52f3276d
+new file mode 100644
+index 000000000000..512f50d3467d
+Binary files /dev/null and b/fuzz/corpora/asn1/8b49b37b9ab5497bd5b61ba91894fc7a52f3276d differ
+diff --git a/fuzz/corpora/asn1/8b6a5eac7ff98258c8d6353819d13e4a2449a37e b/fuzz/corpora/asn1/8b6a5eac7ff98258c8d6353819d13e4a2449a37e
+new file mode 100644
+index 000000000000..ce047ff9a2ed
+Binary files /dev/null and b/fuzz/corpora/asn1/8b6a5eac7ff98258c8d6353819d13e4a2449a37e differ
+diff --git a/fuzz/corpora/asn1/8b77533df58ecd822a722e47a3c3867507daee48 b/fuzz/corpora/asn1/8b77533df58ecd822a722e47a3c3867507daee48
+new file mode 100644
+index 000000000000..8991e8358c9a
+Binary files /dev/null and b/fuzz/corpora/asn1/8b77533df58ecd822a722e47a3c3867507daee48 differ
+diff --git a/fuzz/corpora/asn1/8c0e33b170e3bce391f2a38acd1a2cbb2f25577b b/fuzz/corpora/asn1/8c0e33b170e3bce391f2a38acd1a2cbb2f25577b
+new file mode 100644
+index 000000000000..83075c682dc3
+Binary files /dev/null and b/fuzz/corpora/asn1/8c0e33b170e3bce391f2a38acd1a2cbb2f25577b differ
+diff --git a/fuzz/corpora/asn1/8ce3ddcdde60b94d995c797f68a21063e1832f96 b/fuzz/corpora/asn1/8ce3ddcdde60b94d995c797f68a21063e1832f96
+new file mode 100644
+index 000000000000..32e816ab0768
+Binary files /dev/null and b/fuzz/corpora/asn1/8ce3ddcdde60b94d995c797f68a21063e1832f96 differ
+diff --git a/fuzz/corpora/asn1/8cf0026638b909339727be711fa1376dd2ed4209 b/fuzz/corpora/asn1/8cf0026638b909339727be711fa1376dd2ed4209
+new file mode 100644
+index 000000000000..0d0fe60dae14
+Binary files /dev/null and b/fuzz/corpora/asn1/8cf0026638b909339727be711fa1376dd2ed4209 differ
+diff --git a/fuzz/corpora/asn1/8d24cd85ea205b03059c5720da865161ac16d2f8 b/fuzz/corpora/asn1/8d24cd85ea205b03059c5720da865161ac16d2f8
+new file mode 100644
+index 000000000000..b598090c81b9
+Binary files /dev/null and b/fuzz/corpora/asn1/8d24cd85ea205b03059c5720da865161ac16d2f8 differ
+diff --git a/fuzz/corpora/asn1/8df2d273378b8695ff1ef255f3741862ea3a52ad b/fuzz/corpora/asn1/8df2d273378b8695ff1ef255f3741862ea3a52ad
+new file mode 100644
+index 000000000000..1b41e7a28609
+Binary files /dev/null and b/fuzz/corpora/asn1/8df2d273378b8695ff1ef255f3741862ea3a52ad differ
+diff --git a/fuzz/corpora/asn1/8ecf323e4cf31be9b325d87ef36853867755e708 b/fuzz/corpora/asn1/8ecf323e4cf31be9b325d87ef36853867755e708
+new file mode 100644
+index 000000000000..982afa3f76c2
+Binary files /dev/null and b/fuzz/corpora/asn1/8ecf323e4cf31be9b325d87ef36853867755e708 differ
+diff --git a/fuzz/corpora/asn1/8ed02239ddb624295685d507cc48fa41e096e6f3 b/fuzz/corpora/asn1/8ed02239ddb624295685d507cc48fa41e096e6f3
+new file mode 100644
+index 000000000000..e9f386934270
+Binary files /dev/null and b/fuzz/corpora/asn1/8ed02239ddb624295685d507cc48fa41e096e6f3 differ
+diff --git a/fuzz/corpora/asn1/8f4230bdeea5d0aeec890ef37eec02ad35fbda4f b/fuzz/corpora/asn1/8f4230bdeea5d0aeec890ef37eec02ad35fbda4f
+new file mode 100644
+index 000000000000..a01bc05c99fe
+Binary files /dev/null and b/fuzz/corpora/asn1/8f4230bdeea5d0aeec890ef37eec02ad35fbda4f differ
+diff --git a/fuzz/corpora/asn1/8f5b0f44be4c2eeeb4e1b17c4bf3a6233f7aa79d b/fuzz/corpora/asn1/8f5b0f44be4c2eeeb4e1b17c4bf3a6233f7aa79d
+new file mode 100644
+index 000000000000..c52371fa9e69
+Binary files /dev/null and b/fuzz/corpora/asn1/8f5b0f44be4c2eeeb4e1b17c4bf3a6233f7aa79d differ
+diff --git a/fuzz/corpora/asn1/8fc97b51cf02fce363816692fd1ae2a71881f074 b/fuzz/corpora/asn1/8fc97b51cf02fce363816692fd1ae2a71881f074
+new file mode 100644
+index 000000000000..3d55e0c2085e
+Binary files /dev/null and b/fuzz/corpora/asn1/8fc97b51cf02fce363816692fd1ae2a71881f074 differ
+diff --git a/fuzz/corpora/asn1/9006f3654315e1a774c69bd84ecb369b22866c62 b/fuzz/corpora/asn1/9006f3654315e1a774c69bd84ecb369b22866c62
+new file mode 100644
+index 000000000000..b4faea8b3017
+Binary files /dev/null and b/fuzz/corpora/asn1/9006f3654315e1a774c69bd84ecb369b22866c62 differ
+diff --git a/fuzz/corpora/asn1/9034f390804eeec8d82ac41b971463c9558c8135 b/fuzz/corpora/asn1/9034f390804eeec8d82ac41b971463c9558c8135
+new file mode 100644
+index 000000000000..0e3128a36b45
+Binary files /dev/null and b/fuzz/corpora/asn1/9034f390804eeec8d82ac41b971463c9558c8135 differ
+diff --git a/fuzz/corpora/asn1/9041c60aae69a62e6aff185bd8f0bc18daf81202 b/fuzz/corpora/asn1/9041c60aae69a62e6aff185bd8f0bc18daf81202
+new file mode 100644
+index 000000000000..3f5255d72e85
+Binary files /dev/null and b/fuzz/corpora/asn1/9041c60aae69a62e6aff185bd8f0bc18daf81202 differ
+diff --git a/fuzz/corpora/asn1/90b9f302a369540a56da56d1d1e3b93e3fd67fcd b/fuzz/corpora/asn1/90b9f302a369540a56da56d1d1e3b93e3fd67fcd
+new file mode 100644
+index 000000000000..c60dc0a4474e
+Binary files /dev/null and b/fuzz/corpora/asn1/90b9f302a369540a56da56d1d1e3b93e3fd67fcd differ
+diff --git a/fuzz/corpora/asn1/910ce1b6b46bfd214113066649ea72341baad636 b/fuzz/corpora/asn1/910ce1b6b46bfd214113066649ea72341baad636
+new file mode 100644
+index 000000000000..99aa6982e929
+Binary files /dev/null and b/fuzz/corpora/asn1/910ce1b6b46bfd214113066649ea72341baad636 differ
+diff --git a/fuzz/corpora/asn1/914738f1ac2661e3f325f07476cc606946f86b35 b/fuzz/corpora/asn1/914738f1ac2661e3f325f07476cc606946f86b35
+new file mode 100644
+index 000000000000..31b88bc28ce4
+Binary files /dev/null and b/fuzz/corpora/asn1/914738f1ac2661e3f325f07476cc606946f86b35 differ
+diff --git a/fuzz/corpora/asn1/916f679d1ab6e6a62cc8046ad9e4bf6aacf5a743 b/fuzz/corpora/asn1/916f679d1ab6e6a62cc8046ad9e4bf6aacf5a743
+new file mode 100644
+index 000000000000..3f5a7e7235b2
+Binary files /dev/null and b/fuzz/corpora/asn1/916f679d1ab6e6a62cc8046ad9e4bf6aacf5a743 differ
+diff --git a/fuzz/corpora/asn1/91824f7bdc1f37152697675a45de653c803d8a18 b/fuzz/corpora/asn1/91824f7bdc1f37152697675a45de653c803d8a18
+new file mode 100644
+index 000000000000..183bea4cb7e6
+Binary files /dev/null and b/fuzz/corpora/asn1/91824f7bdc1f37152697675a45de653c803d8a18 differ
+diff --git a/fuzz/corpora/asn1/91f593336b6bc71179a90a18671df93cae20cbf4 b/fuzz/corpora/asn1/91f593336b6bc71179a90a18671df93cae20cbf4
+new file mode 100644
+index 000000000000..7ebee83b9fcd
+Binary files /dev/null and b/fuzz/corpora/asn1/91f593336b6bc71179a90a18671df93cae20cbf4 differ
+diff --git a/fuzz/corpora/asn1/9210b9d58b04b6fba4c1f38d8845e0efeb0afece b/fuzz/corpora/asn1/9210b9d58b04b6fba4c1f38d8845e0efeb0afece
+new file mode 100644
+index 000000000000..2cdf1a6fbd34
+Binary files /dev/null and b/fuzz/corpora/asn1/9210b9d58b04b6fba4c1f38d8845e0efeb0afece differ
+diff --git a/fuzz/corpora/asn1/922f5d4e8d0e7013da7315f8823a4db5336f1c02 b/fuzz/corpora/asn1/922f5d4e8d0e7013da7315f8823a4db5336f1c02
+new file mode 100644
+index 000000000000..6b1c86398a43
+Binary files /dev/null and b/fuzz/corpora/asn1/922f5d4e8d0e7013da7315f8823a4db5336f1c02 differ
+diff --git a/fuzz/corpora/asn1/93513d0341e9e0147965aff0d7679338c498b8bb b/fuzz/corpora/asn1/93513d0341e9e0147965aff0d7679338c498b8bb
+new file mode 100644
+index 000000000000..78c6933c8425
+Binary files /dev/null and b/fuzz/corpora/asn1/93513d0341e9e0147965aff0d7679338c498b8bb differ
+diff --git a/fuzz/corpora/asn1/936e49167eb568ede1e99aebbb7952cc78bebc9b b/fuzz/corpora/asn1/936e49167eb568ede1e99aebbb7952cc78bebc9b
+new file mode 100644
+index 000000000000..873f6a34a319
+Binary files /dev/null and b/fuzz/corpora/asn1/936e49167eb568ede1e99aebbb7952cc78bebc9b differ
+diff --git a/fuzz/corpora/asn1/93a28fb0be875551cb12a9f8de229264411d909c b/fuzz/corpora/asn1/93a28fb0be875551cb12a9f8de229264411d909c
+new file mode 100644
+index 000000000000..8edf7d672049
+Binary files /dev/null and b/fuzz/corpora/asn1/93a28fb0be875551cb12a9f8de229264411d909c differ
+diff --git a/fuzz/corpora/asn1/93ae59551e70c8cb95c525679d497d7f9fb6c1e1 b/fuzz/corpora/asn1/93ae59551e70c8cb95c525679d497d7f9fb6c1e1
+new file mode 100644
+index 000000000000..00b70d08fe94
+Binary files /dev/null and b/fuzz/corpora/asn1/93ae59551e70c8cb95c525679d497d7f9fb6c1e1 differ
+diff --git a/fuzz/corpora/asn1/941a8df530f66261c0b418bac4e60b9b35ef9646 b/fuzz/corpora/asn1/941a8df530f66261c0b418bac4e60b9b35ef9646
+new file mode 100644
+index 000000000000..fa27529deda5
+Binary files /dev/null and b/fuzz/corpora/asn1/941a8df530f66261c0b418bac4e60b9b35ef9646 differ
+diff --git a/fuzz/corpora/asn1/94e8714901d061ff8d85452f1378536a8b09c3b3 b/fuzz/corpora/asn1/94e8714901d061ff8d85452f1378536a8b09c3b3
+new file mode 100644
+index 000000000000..1e2c6bba7b5c
+Binary files /dev/null and b/fuzz/corpora/asn1/94e8714901d061ff8d85452f1378536a8b09c3b3 differ
+diff --git a/fuzz/corpora/asn1/9534b071925d63417ddb16a3438fbbd74d6696d7 b/fuzz/corpora/asn1/9534b071925d63417ddb16a3438fbbd74d6696d7
+new file mode 100644
+index 000000000000..ba179a56e2f1
+Binary files /dev/null and b/fuzz/corpora/asn1/9534b071925d63417ddb16a3438fbbd74d6696d7 differ
+diff --git a/fuzz/corpora/asn1/959e4e06b866879aa0367192109ac129f0ddba06 b/fuzz/corpora/asn1/959e4e06b866879aa0367192109ac129f0ddba06
+new file mode 100644
+index 000000000000..dec50e9c5989
+Binary files /dev/null and b/fuzz/corpora/asn1/959e4e06b866879aa0367192109ac129f0ddba06 differ
+diff --git a/fuzz/corpora/asn1/95c4ec5d5503a474a5ee75765fa2038b775f5e90 b/fuzz/corpora/asn1/95c4ec5d5503a474a5ee75765fa2038b775f5e90
+new file mode 100644
+index 000000000000..953d56da547c
+Binary files /dev/null and b/fuzz/corpora/asn1/95c4ec5d5503a474a5ee75765fa2038b775f5e90 differ
+diff --git a/fuzz/corpora/asn1/960c7532f20242e9410c68c282a4cd67384fa5ad b/fuzz/corpora/asn1/960c7532f20242e9410c68c282a4cd67384fa5ad
+new file mode 100644
+index 000000000000..e8fe436d47f9
+Binary files /dev/null and b/fuzz/corpora/asn1/960c7532f20242e9410c68c282a4cd67384fa5ad differ
+diff --git a/fuzz/corpora/asn1/9666de4939577fcac9568ecc176712726f5fe03c b/fuzz/corpora/asn1/9666de4939577fcac9568ecc176712726f5fe03c
+new file mode 100644
+index 000000000000..c1137721dc4b
+Binary files /dev/null and b/fuzz/corpora/asn1/9666de4939577fcac9568ecc176712726f5fe03c differ
+diff --git a/fuzz/corpora/asn1/9674aa74b4a7dab5fdf5aee35ef80e79245f0126 b/fuzz/corpora/asn1/9674aa74b4a7dab5fdf5aee35ef80e79245f0126
+new file mode 100644
+index 000000000000..6ef481aacee9
+Binary files /dev/null and b/fuzz/corpora/asn1/9674aa74b4a7dab5fdf5aee35ef80e79245f0126 differ
+diff --git a/fuzz/corpora/asn1/96b0ce868a18ea2f90d5f116dc3fa12bd7eb3dfa b/fuzz/corpora/asn1/96b0ce868a18ea2f90d5f116dc3fa12bd7eb3dfa
+new file mode 100644
+index 000000000000..70eef26b4c32
+Binary files /dev/null and b/fuzz/corpora/asn1/96b0ce868a18ea2f90d5f116dc3fa12bd7eb3dfa differ
+diff --git a/fuzz/corpora/asn1/96dca63eb94223e8d6c50f696b9dc830df586081 b/fuzz/corpora/asn1/96dca63eb94223e8d6c50f696b9dc830df586081
+new file mode 100644
+index 000000000000..9918b59dd453
+Binary files /dev/null and b/fuzz/corpora/asn1/96dca63eb94223e8d6c50f696b9dc830df586081 differ
+diff --git a/fuzz/corpora/asn1/96e63fd5cb95c8430815b825578a65b5d4eed080 b/fuzz/corpora/asn1/96e63fd5cb95c8430815b825578a65b5d4eed080
+new file mode 100644
+index 000000000000..ae26d7ba626c
+Binary files /dev/null and b/fuzz/corpora/asn1/96e63fd5cb95c8430815b825578a65b5d4eed080 differ
+diff --git a/fuzz/corpora/asn1/980724088fb2528667f5fa6efbfe2cfa81c869a5 b/fuzz/corpora/asn1/980724088fb2528667f5fa6efbfe2cfa81c869a5
+new file mode 100644
+index 000000000000..4fa2ce2cb10f
+Binary files /dev/null and b/fuzz/corpora/asn1/980724088fb2528667f5fa6efbfe2cfa81c869a5 differ
+diff --git a/fuzz/corpora/asn1/98681c101a32943869b726cd4a77074239a6a8e2 b/fuzz/corpora/asn1/98681c101a32943869b726cd4a77074239a6a8e2
+new file mode 100644
+index 000000000000..beaf3c832210
+Binary files /dev/null and b/fuzz/corpora/asn1/98681c101a32943869b726cd4a77074239a6a8e2 differ
+diff --git a/fuzz/corpora/asn1/992fcdf649bf5e6eb39893074e212f81224b7bc9 b/fuzz/corpora/asn1/992fcdf649bf5e6eb39893074e212f81224b7bc9
+new file mode 100644
+index 000000000000..25656c6773a7
+Binary files /dev/null and b/fuzz/corpora/asn1/992fcdf649bf5e6eb39893074e212f81224b7bc9 differ
+diff --git a/fuzz/corpora/asn1/99b338e4f75a971f33ad89d0a49a2ceac962e504 b/fuzz/corpora/asn1/99b338e4f75a971f33ad89d0a49a2ceac962e504
+new file mode 100644
+index 000000000000..1e59ba32bc4f
+Binary files /dev/null and b/fuzz/corpora/asn1/99b338e4f75a971f33ad89d0a49a2ceac962e504 differ
+diff --git a/fuzz/corpora/asn1/99d8c9947eaad9e5d380dfa4dfbbb8d3c449748b b/fuzz/corpora/asn1/99d8c9947eaad9e5d380dfa4dfbbb8d3c449748b
+new file mode 100644
+index 000000000000..b2ba63520b37
+Binary files /dev/null and b/fuzz/corpora/asn1/99d8c9947eaad9e5d380dfa4dfbbb8d3c449748b differ
+diff --git a/fuzz/corpora/asn1/99da79027a28ff97a0d96ccb2727eeda2876f2d6 b/fuzz/corpora/asn1/99da79027a28ff97a0d96ccb2727eeda2876f2d6
+new file mode 100644
+index 000000000000..bda6e84c0d4d
+Binary files /dev/null and b/fuzz/corpora/asn1/99da79027a28ff97a0d96ccb2727eeda2876f2d6 differ
+diff --git a/fuzz/corpora/asn1/99eceee168b71ee75f8b6f19d9b86e2b58ca7b68 b/fuzz/corpora/asn1/99eceee168b71ee75f8b6f19d9b86e2b58ca7b68
+new file mode 100644
+index 000000000000..6b3fe69aaf70
+Binary files /dev/null and b/fuzz/corpora/asn1/99eceee168b71ee75f8b6f19d9b86e2b58ca7b68 differ
+diff --git a/fuzz/corpora/asn1/99f2aa95e36f95c2acb0eaf23998f030638f3f15 b/fuzz/corpora/asn1/99f2aa95e36f95c2acb0eaf23998f030638f3f15
+new file mode 100644
+index 000000000000..e49435269d33
+Binary files /dev/null and b/fuzz/corpora/asn1/99f2aa95e36f95c2acb0eaf23998f030638f3f15 differ
+diff --git a/fuzz/corpora/asn1/9a6100004daf4df300835dd1b9f9ea27a97a754e b/fuzz/corpora/asn1/9a6100004daf4df300835dd1b9f9ea27a97a754e
+new file mode 100644
+index 000000000000..50ce390220c5
+Binary files /dev/null and b/fuzz/corpora/asn1/9a6100004daf4df300835dd1b9f9ea27a97a754e differ
+diff --git a/fuzz/corpora/asn1/9a9c951aef9d9c56e2c4e2e4707df1a2e0a317d2 b/fuzz/corpora/asn1/9a9c951aef9d9c56e2c4e2e4707df1a2e0a317d2
+new file mode 100644
+index 000000000000..848240d4535a
+Binary files /dev/null and b/fuzz/corpora/asn1/9a9c951aef9d9c56e2c4e2e4707df1a2e0a317d2 differ
+diff --git a/fuzz/corpora/asn1/9ac9d7d836f6717e8b2eafbf528c7b1ff401df9a b/fuzz/corpora/asn1/9ac9d7d836f6717e8b2eafbf528c7b1ff401df9a
+new file mode 100644
+index 000000000000..d81cce8e9c26
+Binary files /dev/null and b/fuzz/corpora/asn1/9ac9d7d836f6717e8b2eafbf528c7b1ff401df9a differ
+diff --git a/fuzz/corpora/asn1/9aed36ba848099b1714939c9d4c99925c00a442e b/fuzz/corpora/asn1/9aed36ba848099b1714939c9d4c99925c00a442e
+new file mode 100644
+index 000000000000..3ffc9de5498b
+Binary files /dev/null and b/fuzz/corpora/asn1/9aed36ba848099b1714939c9d4c99925c00a442e differ
+diff --git a/fuzz/corpora/asn1/9b1b9f44ce6d0fe7bf917280ffc14f6f2f04496a b/fuzz/corpora/asn1/9b1b9f44ce6d0fe7bf917280ffc14f6f2f04496a
+new file mode 100644
+index 000000000000..80592b9d1eb9
+Binary files /dev/null and b/fuzz/corpora/asn1/9b1b9f44ce6d0fe7bf917280ffc14f6f2f04496a differ
+diff --git a/fuzz/corpora/asn1/9b32b692423581348c1be234febd24e6b9b5d2df b/fuzz/corpora/asn1/9b32b692423581348c1be234febd24e6b9b5d2df
+new file mode 100644
+index 000000000000..b589497b7b48
+Binary files /dev/null and b/fuzz/corpora/asn1/9b32b692423581348c1be234febd24e6b9b5d2df differ
+diff --git a/fuzz/corpora/asn1/9b49faad17f7ef04044cb3c5229e62abb7adc3f5 b/fuzz/corpora/asn1/9b49faad17f7ef04044cb3c5229e62abb7adc3f5
+new file mode 100644
+index 000000000000..9c38d4b9d3fd
+Binary files /dev/null and b/fuzz/corpora/asn1/9b49faad17f7ef04044cb3c5229e62abb7adc3f5 differ
+diff --git a/fuzz/corpora/asn1/9b84cde5162080fe113f53b25eaa9d8e02144beb b/fuzz/corpora/asn1/9b84cde5162080fe113f53b25eaa9d8e02144beb
+new file mode 100644
+index 000000000000..97cbd543c7f5
+Binary files /dev/null and b/fuzz/corpora/asn1/9b84cde5162080fe113f53b25eaa9d8e02144beb differ
+diff --git a/fuzz/corpora/asn1/9b99593353a610c4bee0d6a94a01a3296080c0fb b/fuzz/corpora/asn1/9b99593353a610c4bee0d6a94a01a3296080c0fb
+new file mode 100644
+index 000000000000..5407bf3ddf8b
+Binary files /dev/null and b/fuzz/corpora/asn1/9b99593353a610c4bee0d6a94a01a3296080c0fb differ
+diff --git a/fuzz/corpora/asn1/9bd06618973bcdca98e938da97db69b1e4f2daf0 b/fuzz/corpora/asn1/9bd06618973bcdca98e938da97db69b1e4f2daf0
+new file mode 100644
+index 000000000000..bf045237c2f2
+Binary files /dev/null and b/fuzz/corpora/asn1/9bd06618973bcdca98e938da97db69b1e4f2daf0 differ
+diff --git a/fuzz/corpora/asn1/9bf74ead03e9eed3af40d2647b0082ac3663e191 b/fuzz/corpora/asn1/9bf74ead03e9eed3af40d2647b0082ac3663e191
+new file mode 100644
+index 000000000000..b7a0418e6b1b
+Binary files /dev/null and b/fuzz/corpora/asn1/9bf74ead03e9eed3af40d2647b0082ac3663e191 differ
+diff --git a/fuzz/corpora/asn1/9c2469bd5ebaeee662805eebce7136375fe6042f b/fuzz/corpora/asn1/9c2469bd5ebaeee662805eebce7136375fe6042f
+new file mode 100644
+index 000000000000..e5a6224eb556
+Binary files /dev/null and b/fuzz/corpora/asn1/9c2469bd5ebaeee662805eebce7136375fe6042f differ
+diff --git a/fuzz/corpora/asn1/9c970513ff1ebd7b07bd6073e84cbecc6156f3f9 b/fuzz/corpora/asn1/9c970513ff1ebd7b07bd6073e84cbecc6156f3f9
+new file mode 100644
+index 000000000000..1cb2cc8cb986
+Binary files /dev/null and b/fuzz/corpora/asn1/9c970513ff1ebd7b07bd6073e84cbecc6156f3f9 differ
+diff --git a/fuzz/corpora/asn1/9cfad1f52b0cfbfdbe99857d6be3e39683537722 b/fuzz/corpora/asn1/9cfad1f52b0cfbfdbe99857d6be3e39683537722
+new file mode 100644
+index 000000000000..f1b665791063
+Binary files /dev/null and b/fuzz/corpora/asn1/9cfad1f52b0cfbfdbe99857d6be3e39683537722 differ
+diff --git a/fuzz/corpora/asn1/9d0c3b8ea2f6ac8d314b56b7058e295a3ebde665 b/fuzz/corpora/asn1/9d0c3b8ea2f6ac8d314b56b7058e295a3ebde665
+new file mode 100644
+index 000000000000..253af43f4b70
+Binary files /dev/null and b/fuzz/corpora/asn1/9d0c3b8ea2f6ac8d314b56b7058e295a3ebde665 differ
+diff --git a/fuzz/corpora/asn1/9d3a25473fbeb697cea92d5adbc5b1b9e8bec84b b/fuzz/corpora/asn1/9d3a25473fbeb697cea92d5adbc5b1b9e8bec84b
+new file mode 100644
+index 000000000000..b66ce287ba88
+Binary files /dev/null and b/fuzz/corpora/asn1/9d3a25473fbeb697cea92d5adbc5b1b9e8bec84b differ
+diff --git a/fuzz/corpora/asn1/9d4f1bacbde94a13d1c449f1b229dfa577e38ff1 b/fuzz/corpora/asn1/9d4f1bacbde94a13d1c449f1b229dfa577e38ff1
+new file mode 100644
+index 000000000000..bda87c0a548c
+Binary files /dev/null and b/fuzz/corpora/asn1/9d4f1bacbde94a13d1c449f1b229dfa577e38ff1 differ
+diff --git a/fuzz/corpora/asn1/9daa8bde739a909206c21739b47745a7f3d825a3 b/fuzz/corpora/asn1/9daa8bde739a909206c21739b47745a7f3d825a3
+new file mode 100644
+index 000000000000..623376c7fb8f
+Binary files /dev/null and b/fuzz/corpora/asn1/9daa8bde739a909206c21739b47745a7f3d825a3 differ
+diff --git a/fuzz/corpora/asn1/9ddc262a9a1160b864c68c199215c3d7d27c6cf9 b/fuzz/corpora/asn1/9ddc262a9a1160b864c68c199215c3d7d27c6cf9
+new file mode 100644
+index 000000000000..20d73109ddcd
+Binary files /dev/null and b/fuzz/corpora/asn1/9ddc262a9a1160b864c68c199215c3d7d27c6cf9 differ
+diff --git a/fuzz/corpora/asn1/9de3b1b92a13895bbbc7a5d46cb0e46bc3f5d576 b/fuzz/corpora/asn1/9de3b1b92a13895bbbc7a5d46cb0e46bc3f5d576
+new file mode 100644
+index 000000000000..cf1ef01dc7c0
+Binary files /dev/null and b/fuzz/corpora/asn1/9de3b1b92a13895bbbc7a5d46cb0e46bc3f5d576 differ
+diff --git a/fuzz/corpora/asn1/9e2ae3e67686554425a5b6ae10a45aca9dcf9863 b/fuzz/corpora/asn1/9e2ae3e67686554425a5b6ae10a45aca9dcf9863
+new file mode 100644
+index 000000000000..e9a69603bcf7
+Binary files /dev/null and b/fuzz/corpora/asn1/9e2ae3e67686554425a5b6ae10a45aca9dcf9863 differ
+diff --git a/fuzz/corpora/asn1/9f346af901ed753331e406e2ee407117e2a94c97 b/fuzz/corpora/asn1/9f346af901ed753331e406e2ee407117e2a94c97
+new file mode 100644
+index 000000000000..573c44f97f21
+Binary files /dev/null and b/fuzz/corpora/asn1/9f346af901ed753331e406e2ee407117e2a94c97 differ
+diff --git a/fuzz/corpora/asn1/9f79d183e2a0dd482e3e1238e580f88b0f5bdbaf b/fuzz/corpora/asn1/9f79d183e2a0dd482e3e1238e580f88b0f5bdbaf
+new file mode 100644
+index 000000000000..99c0e181699d
+Binary files /dev/null and b/fuzz/corpora/asn1/9f79d183e2a0dd482e3e1238e580f88b0f5bdbaf differ
+diff --git a/fuzz/corpora/asn1/9f89a8e82ea5aef3eb3dd1de3e361f763939050b b/fuzz/corpora/asn1/9f89a8e82ea5aef3eb3dd1de3e361f763939050b
+new file mode 100644
+index 000000000000..d3921bbb06c3
+Binary files /dev/null and b/fuzz/corpora/asn1/9f89a8e82ea5aef3eb3dd1de3e361f763939050b differ
+diff --git a/fuzz/corpora/asn1/9f9117bf69ab4bdf80f8f62007bf7e6202fb91f8 b/fuzz/corpora/asn1/9f9117bf69ab4bdf80f8f62007bf7e6202fb91f8
+new file mode 100644
+index 000000000000..a5d23c1693ab
+Binary files /dev/null and b/fuzz/corpora/asn1/9f9117bf69ab4bdf80f8f62007bf7e6202fb91f8 differ
+diff --git a/fuzz/corpora/asn1/9f9748e862cd2b9e770f4b7694df48412092f53a b/fuzz/corpora/asn1/9f9748e862cd2b9e770f4b7694df48412092f53a
+new file mode 100644
+index 000000000000..3de7e08525dc
+Binary files /dev/null and b/fuzz/corpora/asn1/9f9748e862cd2b9e770f4b7694df48412092f53a differ
+diff --git a/fuzz/corpora/asn1/9fbc4d2689b68109cb841a86df63772955b44449 b/fuzz/corpora/asn1/9fbc4d2689b68109cb841a86df63772955b44449
+new file mode 100644
+index 000000000000..20a61c159842
+Binary files /dev/null and b/fuzz/corpora/asn1/9fbc4d2689b68109cb841a86df63772955b44449 differ
+diff --git a/fuzz/corpora/asn1/9fbf4ac476aad4d3adc9a10c02bbac772f840fae b/fuzz/corpora/asn1/9fbf4ac476aad4d3adc9a10c02bbac772f840fae
+new file mode 100644
+index 000000000000..44a5ddf11a92
+Binary files /dev/null and b/fuzz/corpora/asn1/9fbf4ac476aad4d3adc9a10c02bbac772f840fae differ
+diff --git a/fuzz/corpora/asn1/9fcb51ac81740dc95a99e6fdfe9e98b9adbfa481 b/fuzz/corpora/asn1/9fcb51ac81740dc95a99e6fdfe9e98b9adbfa481
+new file mode 100644
+index 000000000000..d29e6ca7a46f
+Binary files /dev/null and b/fuzz/corpora/asn1/9fcb51ac81740dc95a99e6fdfe9e98b9adbfa481 differ
+diff --git a/fuzz/corpora/asn1/9fd7ecdd5fa5037383a0ca16cfa09780406d4424 b/fuzz/corpora/asn1/9fd7ecdd5fa5037383a0ca16cfa09780406d4424
+new file mode 100644
+index 000000000000..0a78891d6dce
+Binary files /dev/null and b/fuzz/corpora/asn1/9fd7ecdd5fa5037383a0ca16cfa09780406d4424 differ
+diff --git a/fuzz/corpora/asn1/9fde1796ee4b4ad4fae1644b95f13b7f5bc308b8 b/fuzz/corpora/asn1/9fde1796ee4b4ad4fae1644b95f13b7f5bc308b8
+new file mode 100644
+index 000000000000..54f28907dd3e
+Binary files /dev/null and b/fuzz/corpora/asn1/9fde1796ee4b4ad4fae1644b95f13b7f5bc308b8 differ
+diff --git a/fuzz/corpora/asn1/a002d4213e4d9db742d2fae6498914ef915204ec b/fuzz/corpora/asn1/a002d4213e4d9db742d2fae6498914ef915204ec
+new file mode 100644
+index 000000000000..ce2e90de4621
+Binary files /dev/null and b/fuzz/corpora/asn1/a002d4213e4d9db742d2fae6498914ef915204ec differ
+diff --git a/fuzz/corpora/asn1/a00f74e647be7c45166b9093fd3554c4cc4b593a b/fuzz/corpora/asn1/a00f74e647be7c45166b9093fd3554c4cc4b593a
+new file mode 100644
+index 000000000000..518b2ce86529
+Binary files /dev/null and b/fuzz/corpora/asn1/a00f74e647be7c45166b9093fd3554c4cc4b593a differ
+diff --git a/fuzz/corpora/asn1/a07e5c031e42de34cfdf4c3af177bb1577f2fb91 b/fuzz/corpora/asn1/a07e5c031e42de34cfdf4c3af177bb1577f2fb91
+new file mode 100644
+index 000000000000..e63836b6a89f
+Binary files /dev/null and b/fuzz/corpora/asn1/a07e5c031e42de34cfdf4c3af177bb1577f2fb91 differ
+diff --git a/fuzz/corpora/asn1/a09bc4a4025cc3b02d07e509d430957a0bfdc9f2 b/fuzz/corpora/asn1/a09bc4a4025cc3b02d07e509d430957a0bfdc9f2
+new file mode 100644
+index 000000000000..b093450f125f
+Binary files /dev/null and b/fuzz/corpora/asn1/a09bc4a4025cc3b02d07e509d430957a0bfdc9f2 differ
+diff --git a/fuzz/corpora/asn1/a0a70534c48109a7d67704211fd4df401ad9f54b b/fuzz/corpora/asn1/a0a70534c48109a7d67704211fd4df401ad9f54b
+new file mode 100644
+index 000000000000..c022b01e0464
+Binary files /dev/null and b/fuzz/corpora/asn1/a0a70534c48109a7d67704211fd4df401ad9f54b differ
+diff --git a/fuzz/corpora/asn1/a1642c50bf0d4282f19ba82aedbb191d5d06ba4c b/fuzz/corpora/asn1/a1642c50bf0d4282f19ba82aedbb191d5d06ba4c
+new file mode 100644
+index 000000000000..99da321780be
+Binary files /dev/null and b/fuzz/corpora/asn1/a1642c50bf0d4282f19ba82aedbb191d5d06ba4c differ
+diff --git a/fuzz/corpora/asn1/a16a25ef90950697003c0faa1d0bc5ea6509f64e b/fuzz/corpora/asn1/a16a25ef90950697003c0faa1d0bc5ea6509f64e
+new file mode 100644
+index 000000000000..10a8cd4e900e
+Binary files /dev/null and b/fuzz/corpora/asn1/a16a25ef90950697003c0faa1d0bc5ea6509f64e differ
+diff --git a/fuzz/corpora/asn1/a26014889cd671f49b19c470696e91bf1e00c1c7 b/fuzz/corpora/asn1/a26014889cd671f49b19c470696e91bf1e00c1c7
+new file mode 100644
+index 000000000000..78f039971612
+Binary files /dev/null and b/fuzz/corpora/asn1/a26014889cd671f49b19c470696e91bf1e00c1c7 differ
+diff --git a/fuzz/corpora/asn1/a2c63e31dd34ceb7390cc42ea61fbdb445eb4b60 b/fuzz/corpora/asn1/a2c63e31dd34ceb7390cc42ea61fbdb445eb4b60
+new file mode 100644
+index 000000000000..02e3726d1025
+Binary files /dev/null and b/fuzz/corpora/asn1/a2c63e31dd34ceb7390cc42ea61fbdb445eb4b60 differ
+diff --git a/fuzz/corpora/asn1/a2cbdcebcf8a302aa548eb9723dd23d27334386d b/fuzz/corpora/asn1/a2cbdcebcf8a302aa548eb9723dd23d27334386d
+new file mode 100644
+index 000000000000..a429693a4515
+Binary files /dev/null and b/fuzz/corpora/asn1/a2cbdcebcf8a302aa548eb9723dd23d27334386d differ
+diff --git a/fuzz/corpora/asn1/a342a9f788670caa91037c972855bf562475eb47 b/fuzz/corpora/asn1/a342a9f788670caa91037c972855bf562475eb47
+new file mode 100644
+index 000000000000..1d3eb5fe8f82
+Binary files /dev/null and b/fuzz/corpora/asn1/a342a9f788670caa91037c972855bf562475eb47 differ
+diff --git a/fuzz/corpora/asn1/a3ec72432565d9daccfef2341d7e9aeddba38a3e b/fuzz/corpora/asn1/a3ec72432565d9daccfef2341d7e9aeddba38a3e
+new file mode 100644
+index 000000000000..cf79d1cd4814
+Binary files /dev/null and b/fuzz/corpora/asn1/a3ec72432565d9daccfef2341d7e9aeddba38a3e differ
+diff --git a/fuzz/corpora/asn1/a4070b77485cf4b9e5d91dd71826f95abcca08d4 b/fuzz/corpora/asn1/a4070b77485cf4b9e5d91dd71826f95abcca08d4
+new file mode 100644
+index 000000000000..48610e8c98d2
+Binary files /dev/null and b/fuzz/corpora/asn1/a4070b77485cf4b9e5d91dd71826f95abcca08d4 differ
+diff --git a/fuzz/corpora/asn1/a45fdaa69025c8c49d32cc7df33778e5794ced43 b/fuzz/corpora/asn1/a45fdaa69025c8c49d32cc7df33778e5794ced43
+new file mode 100644
+index 000000000000..559406972b23
+Binary files /dev/null and b/fuzz/corpora/asn1/a45fdaa69025c8c49d32cc7df33778e5794ced43 differ
+diff --git a/fuzz/corpora/asn1/a4aae2f7619f096d6b7ac27ce17784314bf0db35 b/fuzz/corpora/asn1/a4aae2f7619f096d6b7ac27ce17784314bf0db35
+new file mode 100644
+index 000000000000..3c1fcac19ceb
+Binary files /dev/null and b/fuzz/corpora/asn1/a4aae2f7619f096d6b7ac27ce17784314bf0db35 differ
+diff --git a/fuzz/corpora/asn1/a5338467f4baaaf6aa748666e836b2d1dcd0bde0 b/fuzz/corpora/asn1/a5338467f4baaaf6aa748666e836b2d1dcd0bde0
+new file mode 100644
+index 000000000000..888a810f77d9
+Binary files /dev/null and b/fuzz/corpora/asn1/a5338467f4baaaf6aa748666e836b2d1dcd0bde0 differ
+diff --git a/fuzz/corpora/asn1/a58818b73e9c655f36211241a0c00a68f7432e70 b/fuzz/corpora/asn1/a58818b73e9c655f36211241a0c00a68f7432e70
+new file mode 100644
+index 000000000000..54374d5082f5
+Binary files /dev/null and b/fuzz/corpora/asn1/a58818b73e9c655f36211241a0c00a68f7432e70 differ
+diff --git a/fuzz/corpora/asn1/a59efa3fec5990340d4ba974b1010b64cc121336 b/fuzz/corpora/asn1/a59efa3fec5990340d4ba974b1010b64cc121336
+new file mode 100644
+index 000000000000..620bf756510f
+Binary files /dev/null and b/fuzz/corpora/asn1/a59efa3fec5990340d4ba974b1010b64cc121336 differ
+diff --git a/fuzz/corpora/asn1/a6389b30f6e67ada0865c54c3b7ab3f39380a39f b/fuzz/corpora/asn1/a6389b30f6e67ada0865c54c3b7ab3f39380a39f
+new file mode 100644
+index 000000000000..7a7693abc1f1
+Binary files /dev/null and b/fuzz/corpora/asn1/a6389b30f6e67ada0865c54c3b7ab3f39380a39f differ
+diff --git a/fuzz/corpora/asn1/a683d351dac82286e5fd7a07efba7db622e3c523 b/fuzz/corpora/asn1/a683d351dac82286e5fd7a07efba7db622e3c523
+new file mode 100644
+index 000000000000..6c6e6756d10b
+Binary files /dev/null and b/fuzz/corpora/asn1/a683d351dac82286e5fd7a07efba7db622e3c523 differ
+diff --git a/fuzz/corpora/asn1/a6bd9c34749749f848084bc63d0dc38293dbd61e b/fuzz/corpora/asn1/a6bd9c34749749f848084bc63d0dc38293dbd61e
+new file mode 100644
+index 000000000000..899983b27f75
+Binary files /dev/null and b/fuzz/corpora/asn1/a6bd9c34749749f848084bc63d0dc38293dbd61e differ
+diff --git a/fuzz/corpora/asn1/a6ecd4258043273e86857fde2368f2cc8b3a3883 b/fuzz/corpora/asn1/a6ecd4258043273e86857fde2368f2cc8b3a3883
+new file mode 100644
+index 000000000000..3a76214b4eb6
+Binary files /dev/null and b/fuzz/corpora/asn1/a6ecd4258043273e86857fde2368f2cc8b3a3883 differ
+diff --git a/fuzz/corpora/asn1/a6ef86425c6647b25c0d7ab64658237317906f23 b/fuzz/corpora/asn1/a6ef86425c6647b25c0d7ab64658237317906f23
+new file mode 100644
+index 000000000000..7d289362c39b
+Binary files /dev/null and b/fuzz/corpora/asn1/a6ef86425c6647b25c0d7ab64658237317906f23 differ
+diff --git a/fuzz/corpora/asn1/a74c1066517fb1e9ccdc997bb3779100953b2a93 b/fuzz/corpora/asn1/a74c1066517fb1e9ccdc997bb3779100953b2a93
+new file mode 100644
+index 000000000000..9ad149bda031
+Binary files /dev/null and b/fuzz/corpora/asn1/a74c1066517fb1e9ccdc997bb3779100953b2a93 differ
+diff --git a/fuzz/corpora/asn1/a7ce045004a02447d5c52e3db015be522742507b b/fuzz/corpora/asn1/a7ce045004a02447d5c52e3db015be522742507b
+new file mode 100644
+index 000000000000..1d1cc86acdaf
+Binary files /dev/null and b/fuzz/corpora/asn1/a7ce045004a02447d5c52e3db015be522742507b differ
+diff --git a/fuzz/corpora/asn1/a8417902de60c59c4b6b57672306d7bd7234329c b/fuzz/corpora/asn1/a8417902de60c59c4b6b57672306d7bd7234329c
+new file mode 100644
+index 000000000000..d7d928b4b056
+Binary files /dev/null and b/fuzz/corpora/asn1/a8417902de60c59c4b6b57672306d7bd7234329c differ
+diff --git a/fuzz/corpora/asn1/a864dc0fd79e527f95ca8b43b10690af759e9a59 b/fuzz/corpora/asn1/a864dc0fd79e527f95ca8b43b10690af759e9a59
+new file mode 100644
+index 000000000000..f4c31d3c69e0
+Binary files /dev/null and b/fuzz/corpora/asn1/a864dc0fd79e527f95ca8b43b10690af759e9a59 differ
+diff --git a/fuzz/corpora/asn1/a8b2c5eac8e3d066e55336f9081fe884845c9e98 b/fuzz/corpora/asn1/a8b2c5eac8e3d066e55336f9081fe884845c9e98
+new file mode 100644
+index 000000000000..6e3e1e82219d
+Binary files /dev/null and b/fuzz/corpora/asn1/a8b2c5eac8e3d066e55336f9081fe884845c9e98 differ
+diff --git a/fuzz/corpora/asn1/a8d70f617572fa8a37de2ef109b55a30b8ae8c72 b/fuzz/corpora/asn1/a8d70f617572fa8a37de2ef109b55a30b8ae8c72
+new file mode 100644
+index 000000000000..2aa79f0ab0d5
+Binary files /dev/null and b/fuzz/corpora/asn1/a8d70f617572fa8a37de2ef109b55a30b8ae8c72 differ
+diff --git a/fuzz/corpora/asn1/a8e77b676828a43dcbeb882e5f18d37fbfb677e4 b/fuzz/corpora/asn1/a8e77b676828a43dcbeb882e5f18d37fbfb677e4
+new file mode 100644
+index 000000000000..29984e39b180
+Binary files /dev/null and b/fuzz/corpora/asn1/a8e77b676828a43dcbeb882e5f18d37fbfb677e4 differ
+diff --git a/fuzz/corpora/asn1/a8f0616b94fe40936a9f673a9fcd2389f3ea5363 b/fuzz/corpora/asn1/a8f0616b94fe40936a9f673a9fcd2389f3ea5363
+new file mode 100644
+index 000000000000..997da27c9c90
+Binary files /dev/null and b/fuzz/corpora/asn1/a8f0616b94fe40936a9f673a9fcd2389f3ea5363 differ
+diff --git a/fuzz/corpora/asn1/a92986dd6c2b4128f3a076cd88f0f912088edbc7 b/fuzz/corpora/asn1/a92986dd6c2b4128f3a076cd88f0f912088edbc7
+new file mode 100644
+index 000000000000..b01fe7257cf5
+Binary files /dev/null and b/fuzz/corpora/asn1/a92986dd6c2b4128f3a076cd88f0f912088edbc7 differ
+diff --git a/fuzz/corpora/asn1/a92d36595ec955f5029a4dd899463236160940c1 b/fuzz/corpora/asn1/a92d36595ec955f5029a4dd899463236160940c1
+new file mode 100644
+index 000000000000..b78d3760e747
+Binary files /dev/null and b/fuzz/corpora/asn1/a92d36595ec955f5029a4dd899463236160940c1 differ
+diff --git a/fuzz/corpora/asn1/a9ecda2a8770f3337d649388cfe1e9f38e96993f b/fuzz/corpora/asn1/a9ecda2a8770f3337d649388cfe1e9f38e96993f
+new file mode 100644
+index 000000000000..bcd62117aba0
+Binary files /dev/null and b/fuzz/corpora/asn1/a9ecda2a8770f3337d649388cfe1e9f38e96993f differ
+diff --git a/fuzz/corpora/asn1/aa17c0d5ddc38f48d3264e756262b9fb9a71841f b/fuzz/corpora/asn1/aa17c0d5ddc38f48d3264e756262b9fb9a71841f
+new file mode 100644
+index 000000000000..1bcf96334e0b
+Binary files /dev/null and b/fuzz/corpora/asn1/aa17c0d5ddc38f48d3264e756262b9fb9a71841f differ
+diff --git a/fuzz/corpora/asn1/aa6b0782916854a87c63f762f7810abb3d915fc3 b/fuzz/corpora/asn1/aa6b0782916854a87c63f762f7810abb3d915fc3
+new file mode 100644
+index 000000000000..6ab413f7e51b
+Binary files /dev/null and b/fuzz/corpora/asn1/aa6b0782916854a87c63f762f7810abb3d915fc3 differ
+diff --git a/fuzz/corpora/asn1/aa93d1d31bf61d7c41b398859ee9d83044ae1fa0 b/fuzz/corpora/asn1/aa93d1d31bf61d7c41b398859ee9d83044ae1fa0
+new file mode 100644
+index 000000000000..14fb147e717e
+Binary files /dev/null and b/fuzz/corpora/asn1/aa93d1d31bf61d7c41b398859ee9d83044ae1fa0 differ
+diff --git a/fuzz/corpora/asn1/aab6dbccc13a9f9acbbba4ad42a7009343098ea5 b/fuzz/corpora/asn1/aab6dbccc13a9f9acbbba4ad42a7009343098ea5
+new file mode 100644
+index 000000000000..819106c39159
+Binary files /dev/null and b/fuzz/corpora/asn1/aab6dbccc13a9f9acbbba4ad42a7009343098ea5 differ
+diff --git a/fuzz/corpora/asn1/aac965638bea9c6a6619b099c40dc82a8e14e59e b/fuzz/corpora/asn1/aac965638bea9c6a6619b099c40dc82a8e14e59e
+new file mode 100644
+index 000000000000..557bc90b84af
+Binary files /dev/null and b/fuzz/corpora/asn1/aac965638bea9c6a6619b099c40dc82a8e14e59e differ
+diff --git a/fuzz/corpora/asn1/ab21f43f41ce88973e912936629d1d144aa9e154 b/fuzz/corpora/asn1/ab21f43f41ce88973e912936629d1d144aa9e154
+new file mode 100644
+index 000000000000..20d7c136e1cf
+Binary files /dev/null and b/fuzz/corpora/asn1/ab21f43f41ce88973e912936629d1d144aa9e154 differ
+diff --git a/fuzz/corpora/asn1/ab2a9302f8e969d91f4d4f93937bc6e1133e0dcd b/fuzz/corpora/asn1/ab2a9302f8e969d91f4d4f93937bc6e1133e0dcd
+new file mode 100644
+index 000000000000..97f1c6179272
+Binary files /dev/null and b/fuzz/corpora/asn1/ab2a9302f8e969d91f4d4f93937bc6e1133e0dcd differ
+diff --git a/fuzz/corpora/asn1/abfd6900ca58ad6c02f2ed690b02149777487fda b/fuzz/corpora/asn1/abfd6900ca58ad6c02f2ed690b02149777487fda
+new file mode 100644
+index 000000000000..acf2fb97b036
+Binary files /dev/null and b/fuzz/corpora/asn1/abfd6900ca58ad6c02f2ed690b02149777487fda differ
+diff --git a/fuzz/corpora/asn1/ac082f408bcb96a5a8bbc4bfc3885454c972a7f5 b/fuzz/corpora/asn1/ac082f408bcb96a5a8bbc4bfc3885454c972a7f5
+new file mode 100644
+index 000000000000..27aab2005864
+Binary files /dev/null and b/fuzz/corpora/asn1/ac082f408bcb96a5a8bbc4bfc3885454c972a7f5 differ
+diff --git a/fuzz/corpora/asn1/ac43297c80ceafc83bc8d2614f627959a8ab60d3 b/fuzz/corpora/asn1/ac43297c80ceafc83bc8d2614f627959a8ab60d3
+new file mode 100644
+index 000000000000..f42c712cf7b1
+Binary files /dev/null and b/fuzz/corpora/asn1/ac43297c80ceafc83bc8d2614f627959a8ab60d3 differ
+diff --git a/fuzz/corpora/asn1/ac4a51d8c3ef323eb6906f764f5b988e79d1c8bf b/fuzz/corpora/asn1/ac4a51d8c3ef323eb6906f764f5b988e79d1c8bf
+new file mode 100644
+index 000000000000..faa0e2331b35
+Binary files /dev/null and b/fuzz/corpora/asn1/ac4a51d8c3ef323eb6906f764f5b988e79d1c8bf differ
+diff --git a/fuzz/corpora/asn1/ad07d38c3b8d7059eb0454fc036e59647de963cf b/fuzz/corpora/asn1/ad07d38c3b8d7059eb0454fc036e59647de963cf
+new file mode 100644
+index 000000000000..dfb92de43266
+Binary files /dev/null and b/fuzz/corpora/asn1/ad07d38c3b8d7059eb0454fc036e59647de963cf differ
+diff --git a/fuzz/corpora/asn1/ade7917722f6e26ad6de148704a9a3bb99edb943 b/fuzz/corpora/asn1/ade7917722f6e26ad6de148704a9a3bb99edb943
+new file mode 100644
+index 000000000000..2027219ab176
+Binary files /dev/null and b/fuzz/corpora/asn1/ade7917722f6e26ad6de148704a9a3bb99edb943 differ
+diff --git a/fuzz/corpora/asn1/ae024b05e093c126a3874f656343c958800f8085 b/fuzz/corpora/asn1/ae024b05e093c126a3874f656343c958800f8085
+new file mode 100644
+index 000000000000..6791fd9e3694
+Binary files /dev/null and b/fuzz/corpora/asn1/ae024b05e093c126a3874f656343c958800f8085 differ
+diff --git a/fuzz/corpora/asn1/ae32a0d50a64d576ebccfbd9bed50f1da9e1708e b/fuzz/corpora/asn1/ae32a0d50a64d576ebccfbd9bed50f1da9e1708e
+new file mode 100644
+index 000000000000..7a7686886ff3
+Binary files /dev/null and b/fuzz/corpora/asn1/ae32a0d50a64d576ebccfbd9bed50f1da9e1708e differ
+diff --git a/fuzz/corpora/asn1/ae5094270f5aa8d0c3b7b81023740e3374a6a252 b/fuzz/corpora/asn1/ae5094270f5aa8d0c3b7b81023740e3374a6a252
+new file mode 100644
+index 000000000000..0f2f3fce0422
+Binary files /dev/null and b/fuzz/corpora/asn1/ae5094270f5aa8d0c3b7b81023740e3374a6a252 differ
+diff --git a/fuzz/corpora/asn1/ae994f12ed9e5ff7d2386f9b2d7109f69fc4766a b/fuzz/corpora/asn1/ae994f12ed9e5ff7d2386f9b2d7109f69fc4766a
+new file mode 100644
+index 000000000000..c8fa106041a1
+Binary files /dev/null and b/fuzz/corpora/asn1/ae994f12ed9e5ff7d2386f9b2d7109f69fc4766a differ
+diff --git a/fuzz/corpora/asn1/aec13fc131bc8dbd4f5fa80a51c4725df0631248 b/fuzz/corpora/asn1/aec13fc131bc8dbd4f5fa80a51c4725df0631248
+new file mode 100644
+index 000000000000..77eb631b856b
+Binary files /dev/null and b/fuzz/corpora/asn1/aec13fc131bc8dbd4f5fa80a51c4725df0631248 differ
+diff --git a/fuzz/corpora/asn1/aec83ac2b4a3473c885bae268667a91572e56e93 b/fuzz/corpora/asn1/aec83ac2b4a3473c885bae268667a91572e56e93
+new file mode 100644
+index 000000000000..4d78d4d8c3ff
+Binary files /dev/null and b/fuzz/corpora/asn1/aec83ac2b4a3473c885bae268667a91572e56e93 differ
+diff --git a/fuzz/corpora/asn1/aed49402bd0f7b5f0708422927dfcd6dcd9d91b7 b/fuzz/corpora/asn1/aed49402bd0f7b5f0708422927dfcd6dcd9d91b7
+new file mode 100644
+index 000000000000..5d7116a44633
+Binary files /dev/null and b/fuzz/corpora/asn1/aed49402bd0f7b5f0708422927dfcd6dcd9d91b7 differ
+diff --git a/fuzz/corpora/asn1/af29fa0cc557ee1f98479cf4ffdb3a1a164eac07 b/fuzz/corpora/asn1/af29fa0cc557ee1f98479cf4ffdb3a1a164eac07
+new file mode 100644
+index 000000000000..0901c73f089e
+Binary files /dev/null and b/fuzz/corpora/asn1/af29fa0cc557ee1f98479cf4ffdb3a1a164eac07 differ
+diff --git a/fuzz/corpora/asn1/af48e23e25b287edeb3f7d0f874cb9a5af945a98 b/fuzz/corpora/asn1/af48e23e25b287edeb3f7d0f874cb9a5af945a98
+new file mode 100644
+index 000000000000..1d141b1eac4b
+Binary files /dev/null and b/fuzz/corpora/asn1/af48e23e25b287edeb3f7d0f874cb9a5af945a98 differ
+diff --git a/fuzz/corpora/asn1/b0991599fab9b95ef5bfc54f6c88d2ab54517142 b/fuzz/corpora/asn1/b0991599fab9b95ef5bfc54f6c88d2ab54517142
+new file mode 100644
+index 000000000000..c5ee1da1d5f3
+Binary files /dev/null and b/fuzz/corpora/asn1/b0991599fab9b95ef5bfc54f6c88d2ab54517142 differ
+diff --git a/fuzz/corpora/asn1/b0a3d696f5ecd86e4405c446c694283997bfc5e5 b/fuzz/corpora/asn1/b0a3d696f5ecd86e4405c446c694283997bfc5e5
+new file mode 100644
+index 000000000000..6c6457515f92
+Binary files /dev/null and b/fuzz/corpora/asn1/b0a3d696f5ecd86e4405c446c694283997bfc5e5 differ
+diff --git a/fuzz/corpora/asn1/b0a90c44a853c40af8ff74d8150be868f06608c3 b/fuzz/corpora/asn1/b0a90c44a853c40af8ff74d8150be868f06608c3
+new file mode 100644
+index 000000000000..ee482e467244
+Binary files /dev/null and b/fuzz/corpora/asn1/b0a90c44a853c40af8ff74d8150be868f06608c3 differ
+diff --git a/fuzz/corpora/asn1/b0e50ed9b7ff5871b54c599a230b5b4b0b281eca b/fuzz/corpora/asn1/b0e50ed9b7ff5871b54c599a230b5b4b0b281eca
+new file mode 100644
+index 000000000000..e17e025e2a79
+Binary files /dev/null and b/fuzz/corpora/asn1/b0e50ed9b7ff5871b54c599a230b5b4b0b281eca differ
+diff --git a/fuzz/corpora/asn1/b0f8b37f921f06a313a481558a7aee2975d54feb b/fuzz/corpora/asn1/b0f8b37f921f06a313a481558a7aee2975d54feb
+new file mode 100644
+index 000000000000..c5d179fbf00a
+Binary files /dev/null and b/fuzz/corpora/asn1/b0f8b37f921f06a313a481558a7aee2975d54feb differ
+diff --git a/fuzz/corpora/asn1/b183d3d9f06b410062edea83e911f7928198075b b/fuzz/corpora/asn1/b183d3d9f06b410062edea83e911f7928198075b
+new file mode 100644
+index 000000000000..0f00a9026ff8
+Binary files /dev/null and b/fuzz/corpora/asn1/b183d3d9f06b410062edea83e911f7928198075b differ
+diff --git a/fuzz/corpora/asn1/b1b44559ed5788dcd9355f26f6212788f0163d1e b/fuzz/corpora/asn1/b1b44559ed5788dcd9355f26f6212788f0163d1e
+new file mode 100644
+index 000000000000..a82569fd8c76
+Binary files /dev/null and b/fuzz/corpora/asn1/b1b44559ed5788dcd9355f26f6212788f0163d1e differ
+diff --git a/fuzz/corpora/asn1/b1e079bd737c8cc2bd9f9c15fd1f46d14e70d2cc b/fuzz/corpora/asn1/b1e079bd737c8cc2bd9f9c15fd1f46d14e70d2cc
+new file mode 100644
+index 000000000000..c4eac3d78886
+Binary files /dev/null and b/fuzz/corpora/asn1/b1e079bd737c8cc2bd9f9c15fd1f46d14e70d2cc differ
+diff --git a/fuzz/corpora/asn1/b2076cbd4f70750c75fda586c2ea1f2a027c2658 b/fuzz/corpora/asn1/b2076cbd4f70750c75fda586c2ea1f2a027c2658
+new file mode 100644
+index 000000000000..ebca25060c07
+Binary files /dev/null and b/fuzz/corpora/asn1/b2076cbd4f70750c75fda586c2ea1f2a027c2658 differ
+diff --git a/fuzz/corpora/asn1/b24eecf92571d4291104da103d47e051778b42d1 b/fuzz/corpora/asn1/b24eecf92571d4291104da103d47e051778b42d1
+new file mode 100644
+index 000000000000..c654dc723f9e
+Binary files /dev/null and b/fuzz/corpora/asn1/b24eecf92571d4291104da103d47e051778b42d1 differ
+diff --git a/fuzz/corpora/asn1/b25907ba8f4704639af8a2c7a1d574c857a12c6f b/fuzz/corpora/asn1/b25907ba8f4704639af8a2c7a1d574c857a12c6f
+new file mode 100644
+index 000000000000..32ac5d9c7414
+Binary files /dev/null and b/fuzz/corpora/asn1/b25907ba8f4704639af8a2c7a1d574c857a12c6f differ
+diff --git a/fuzz/corpora/asn1/b284165f0a9dba8f191fed7e7e6bc6812fbf46c2 b/fuzz/corpora/asn1/b284165f0a9dba8f191fed7e7e6bc6812fbf46c2
+new file mode 100644
+index 000000000000..b2f443b3e5a4
+Binary files /dev/null and b/fuzz/corpora/asn1/b284165f0a9dba8f191fed7e7e6bc6812fbf46c2 differ
+diff --git a/fuzz/corpora/asn1/b2f462e0391ca09eaa516286329298e8bd1e4fa7 b/fuzz/corpora/asn1/b2f462e0391ca09eaa516286329298e8bd1e4fa7
+new file mode 100644
+index 000000000000..bcc55c7c53fd
+Binary files /dev/null and b/fuzz/corpora/asn1/b2f462e0391ca09eaa516286329298e8bd1e4fa7 differ
+diff --git a/fuzz/corpora/asn1/b30c68bd218e02276428db9d95b6ce2b3bac1bca b/fuzz/corpora/asn1/b30c68bd218e02276428db9d95b6ce2b3bac1bca
+new file mode 100644
+index 000000000000..315be27ae31e
+Binary files /dev/null and b/fuzz/corpora/asn1/b30c68bd218e02276428db9d95b6ce2b3bac1bca differ
+diff --git a/fuzz/corpora/asn1/b3fb646a22a19dff0822effbe4a00decfdbdf699 b/fuzz/corpora/asn1/b3fb646a22a19dff0822effbe4a00decfdbdf699
+new file mode 100644
+index 000000000000..8d7886a2f028
+Binary files /dev/null and b/fuzz/corpora/asn1/b3fb646a22a19dff0822effbe4a00decfdbdf699 differ
+diff --git a/fuzz/corpora/asn1/b429906fd95fba4570b4c24810af72329923baf6 b/fuzz/corpora/asn1/b429906fd95fba4570b4c24810af72329923baf6
+new file mode 100644
+index 000000000000..32c4cb1995aa
+Binary files /dev/null and b/fuzz/corpora/asn1/b429906fd95fba4570b4c24810af72329923baf6 differ
+diff --git a/fuzz/corpora/asn1/b42f689957d011283ec4370b9c3eef1eb49b5e7b b/fuzz/corpora/asn1/b42f689957d011283ec4370b9c3eef1eb49b5e7b
+new file mode 100644
+index 000000000000..8aa39824ee04
+Binary files /dev/null and b/fuzz/corpora/asn1/b42f689957d011283ec4370b9c3eef1eb49b5e7b differ
+diff --git a/fuzz/corpora/asn1/b4c36182d419b63e1a57d2472dae4994777f0423 b/fuzz/corpora/asn1/b4c36182d419b63e1a57d2472dae4994777f0423
+new file mode 100644
+index 000000000000..d25516b26699
+Binary files /dev/null and b/fuzz/corpora/asn1/b4c36182d419b63e1a57d2472dae4994777f0423 differ
+diff --git a/fuzz/corpora/asn1/b57d932b511753ffa7ce49eafdea656348d73974 b/fuzz/corpora/asn1/b57d932b511753ffa7ce49eafdea656348d73974
+new file mode 100644
+index 000000000000..9240901bc807
+Binary files /dev/null and b/fuzz/corpora/asn1/b57d932b511753ffa7ce49eafdea656348d73974 differ
+diff --git a/fuzz/corpora/asn1/b5b40d591eb699bd3e08bf2d0c3d1d3f42654244 b/fuzz/corpora/asn1/b5b40d591eb699bd3e08bf2d0c3d1d3f42654244
+new file mode 100644
+index 000000000000..7d4622582849
+Binary files /dev/null and b/fuzz/corpora/asn1/b5b40d591eb699bd3e08bf2d0c3d1d3f42654244 differ
+diff --git a/fuzz/corpora/asn1/b5ba996b631b60c935d19570769f94e4fe4d7041 b/fuzz/corpora/asn1/b5ba996b631b60c935d19570769f94e4fe4d7041
+new file mode 100644
+index 000000000000..bf4564ecf713
+Binary files /dev/null and b/fuzz/corpora/asn1/b5ba996b631b60c935d19570769f94e4fe4d7041 differ
+diff --git a/fuzz/corpora/asn1/b62f98976c11d79674b019ea78a7ce4d6d78b479 b/fuzz/corpora/asn1/b62f98976c11d79674b019ea78a7ce4d6d78b479
+new file mode 100644
+index 000000000000..6a4f18607c79
+Binary files /dev/null and b/fuzz/corpora/asn1/b62f98976c11d79674b019ea78a7ce4d6d78b479 differ
+diff --git a/fuzz/corpora/asn1/b6358b1d24968c5c683ccafb9fbdb92b68950e36 b/fuzz/corpora/asn1/b6358b1d24968c5c683ccafb9fbdb92b68950e36
+new file mode 100644
+index 000000000000..a02dc9237bfb
+Binary files /dev/null and b/fuzz/corpora/asn1/b6358b1d24968c5c683ccafb9fbdb92b68950e36 differ
+diff --git a/fuzz/corpora/asn1/b653084901825d8c76c1144a8b31619b5ef47476 b/fuzz/corpora/asn1/b653084901825d8c76c1144a8b31619b5ef47476
+new file mode 100644
+index 000000000000..209679246a84
+Binary files /dev/null and b/fuzz/corpora/asn1/b653084901825d8c76c1144a8b31619b5ef47476 differ
+diff --git a/fuzz/corpora/asn1/b65ea113dca0c49e20312857bd38b600b57f2566 b/fuzz/corpora/asn1/b65ea113dca0c49e20312857bd38b600b57f2566
+new file mode 100644
+index 000000000000..86b877439756
+Binary files /dev/null and b/fuzz/corpora/asn1/b65ea113dca0c49e20312857bd38b600b57f2566 differ
+diff --git a/fuzz/corpora/asn1/b69d5ed9e343ad614e7df1b626b169158f866b2e b/fuzz/corpora/asn1/b69d5ed9e343ad614e7df1b626b169158f866b2e
+new file mode 100644
+index 000000000000..eb482941209f
+Binary files /dev/null and b/fuzz/corpora/asn1/b69d5ed9e343ad614e7df1b626b169158f866b2e differ
+diff --git a/fuzz/corpora/asn1/b69f2987565c29c2916e5e2aa098193b2b600ac2 b/fuzz/corpora/asn1/b69f2987565c29c2916e5e2aa098193b2b600ac2
+new file mode 100644
+index 000000000000..9031904ffd20
+Binary files /dev/null and b/fuzz/corpora/asn1/b69f2987565c29c2916e5e2aa098193b2b600ac2 differ
+diff --git a/fuzz/corpora/asn1/b69f9f8655bcc5d094523ef33d23ad2fe6c15b00 b/fuzz/corpora/asn1/b69f9f8655bcc5d094523ef33d23ad2fe6c15b00
+new file mode 100644
+index 000000000000..c1dafe2853dc
+Binary files /dev/null and b/fuzz/corpora/asn1/b69f9f8655bcc5d094523ef33d23ad2fe6c15b00 differ
+diff --git a/fuzz/corpora/asn1/b6a603d5bfe3eb442d4dfdf3d9b970838f541ab6 b/fuzz/corpora/asn1/b6a603d5bfe3eb442d4dfdf3d9b970838f541ab6
+new file mode 100644
+index 000000000000..b7037cb8dab2
+Binary files /dev/null and b/fuzz/corpora/asn1/b6a603d5bfe3eb442d4dfdf3d9b970838f541ab6 differ
+diff --git a/fuzz/corpora/asn1/b7234c04e279d5152a9dddf825bb5c8131018909 b/fuzz/corpora/asn1/b7234c04e279d5152a9dddf825bb5c8131018909
+new file mode 100644
+index 000000000000..0aeb94a396d3
+Binary files /dev/null and b/fuzz/corpora/asn1/b7234c04e279d5152a9dddf825bb5c8131018909 differ
+diff --git a/fuzz/corpora/asn1/b75bfa975ff29f1def9584b6ea2f92985a0ee287 b/fuzz/corpora/asn1/b75bfa975ff29f1def9584b6ea2f92985a0ee287
+new file mode 100644
+index 000000000000..12308c805162
+Binary files /dev/null and b/fuzz/corpora/asn1/b75bfa975ff29f1def9584b6ea2f92985a0ee287 differ
+diff --git a/fuzz/corpora/asn1/b781c0d1375e5aeeb5f5ba878a2434fe9ef3a377 b/fuzz/corpora/asn1/b781c0d1375e5aeeb5f5ba878a2434fe9ef3a377
+new file mode 100644
+index 000000000000..a6d5f84b9ddd
+Binary files /dev/null and b/fuzz/corpora/asn1/b781c0d1375e5aeeb5f5ba878a2434fe9ef3a377 differ
+diff --git a/fuzz/corpora/asn1/b7928d02798591eda06c5e66f1e03d0e6d6ddecf b/fuzz/corpora/asn1/b7928d02798591eda06c5e66f1e03d0e6d6ddecf
+new file mode 100644
+index 000000000000..844a2a7a0624
+Binary files /dev/null and b/fuzz/corpora/asn1/b7928d02798591eda06c5e66f1e03d0e6d6ddecf differ
+diff --git a/fuzz/corpora/asn1/b7b5b8abb1c459f8c19bdb2bfff4d2bc06e7efd3 b/fuzz/corpora/asn1/b7b5b8abb1c459f8c19bdb2bfff4d2bc06e7efd3
+new file mode 100644
+index 000000000000..fe01ba471834
+Binary files /dev/null and b/fuzz/corpora/asn1/b7b5b8abb1c459f8c19bdb2bfff4d2bc06e7efd3 differ
+diff --git a/fuzz/corpora/asn1/b7f629b3cbc87d1ad4593af10c5cbe63fbfdd6d3 b/fuzz/corpora/asn1/b7f629b3cbc87d1ad4593af10c5cbe63fbfdd6d3
+new file mode 100644
+index 000000000000..b085fccdecee
+Binary files /dev/null and b/fuzz/corpora/asn1/b7f629b3cbc87d1ad4593af10c5cbe63fbfdd6d3 differ
+diff --git a/fuzz/corpora/asn1/b81080d19dff603213efedc99f8b7ae786a8597c b/fuzz/corpora/asn1/b81080d19dff603213efedc99f8b7ae786a8597c
+new file mode 100644
+index 000000000000..6eb68c970eb0
+Binary files /dev/null and b/fuzz/corpora/asn1/b81080d19dff603213efedc99f8b7ae786a8597c differ
+diff --git a/fuzz/corpora/asn1/b851695ece5915b60f7f561635e90d68c4ad922f b/fuzz/corpora/asn1/b851695ece5915b60f7f561635e90d68c4ad922f
+new file mode 100644
+index 000000000000..388bd2f9a96a
+Binary files /dev/null and b/fuzz/corpora/asn1/b851695ece5915b60f7f561635e90d68c4ad922f differ
+diff --git a/fuzz/corpora/asn1/b8675bac52efa7842f65ec4e93a51e07f726134f b/fuzz/corpora/asn1/b8675bac52efa7842f65ec4e93a51e07f726134f
+new file mode 100644
+index 000000000000..e2c86017e190
+Binary files /dev/null and b/fuzz/corpora/asn1/b8675bac52efa7842f65ec4e93a51e07f726134f differ
+diff --git a/fuzz/corpora/asn1/b86e0279252e6f7d3370f63caf0148756a7d7a73 b/fuzz/corpora/asn1/b86e0279252e6f7d3370f63caf0148756a7d7a73
+new file mode 100644
+index 000000000000..d4692dae4d12
+Binary files /dev/null and b/fuzz/corpora/asn1/b86e0279252e6f7d3370f63caf0148756a7d7a73 differ
+diff --git a/fuzz/corpora/asn1/b8785e93ee3e8e25e480a58b86027e5cd06ebb66 b/fuzz/corpora/asn1/b8785e93ee3e8e25e480a58b86027e5cd06ebb66
+new file mode 100644
+index 000000000000..d61b5d5d68f2
+Binary files /dev/null and b/fuzz/corpora/asn1/b8785e93ee3e8e25e480a58b86027e5cd06ebb66 differ
+diff --git a/fuzz/corpora/asn1/b8b1085928b17f36cd9d1a76a3c155c1c78e8526 b/fuzz/corpora/asn1/b8b1085928b17f36cd9d1a76a3c155c1c78e8526
+new file mode 100644
+index 000000000000..52024656468a
+Binary files /dev/null and b/fuzz/corpora/asn1/b8b1085928b17f36cd9d1a76a3c155c1c78e8526 differ
+diff --git a/fuzz/corpora/asn1/b8c62ba6f189f0c06b20c8492123ddb679c9f7ad b/fuzz/corpora/asn1/b8c62ba6f189f0c06b20c8492123ddb679c9f7ad
+new file mode 100644
+index 000000000000..8e44bee659db
+Binary files /dev/null and b/fuzz/corpora/asn1/b8c62ba6f189f0c06b20c8492123ddb679c9f7ad differ
+diff --git a/fuzz/corpora/asn1/b904ed98cfcab344f9ab36c86fa73e3f46df2a27 b/fuzz/corpora/asn1/b904ed98cfcab344f9ab36c86fa73e3f46df2a27
+new file mode 100644
+index 000000000000..fc83445c1789
+Binary files /dev/null and b/fuzz/corpora/asn1/b904ed98cfcab344f9ab36c86fa73e3f46df2a27 differ
+diff --git a/fuzz/corpora/asn1/b94e7162e4872e48e9cbb0323f8a519d4fcdb88b b/fuzz/corpora/asn1/b94e7162e4872e48e9cbb0323f8a519d4fcdb88b
+new file mode 100644
+index 000000000000..ce95784bf317
+Binary files /dev/null and b/fuzz/corpora/asn1/b94e7162e4872e48e9cbb0323f8a519d4fcdb88b differ
+diff --git a/fuzz/corpora/asn1/b9a0c10d97bcb75a374f796de8d4e6e5790e1c3e b/fuzz/corpora/asn1/b9a0c10d97bcb75a374f796de8d4e6e5790e1c3e
+new file mode 100644
+index 000000000000..ff3ca04e1e14
+Binary files /dev/null and b/fuzz/corpora/asn1/b9a0c10d97bcb75a374f796de8d4e6e5790e1c3e differ
+diff --git a/fuzz/corpora/asn1/b9f35b887d2360a93149018dc1ecca721fe396b6 b/fuzz/corpora/asn1/b9f35b887d2360a93149018dc1ecca721fe396b6
+new file mode 100644
+index 000000000000..deee761f1048
+Binary files /dev/null and b/fuzz/corpora/asn1/b9f35b887d2360a93149018dc1ecca721fe396b6 differ
+diff --git a/fuzz/corpora/asn1/ba5810ddd2b2da3524bd79c2da972203e08fa718 b/fuzz/corpora/asn1/ba5810ddd2b2da3524bd79c2da972203e08fa718
+new file mode 100644
+index 000000000000..8018266cb5a9
+Binary files /dev/null and b/fuzz/corpora/asn1/ba5810ddd2b2da3524bd79c2da972203e08fa718 differ
+diff --git a/fuzz/corpora/asn1/bab4fb85db4d3c714881ec95bd177a02910f90bd b/fuzz/corpora/asn1/bab4fb85db4d3c714881ec95bd177a02910f90bd
+new file mode 100644
+index 000000000000..1159092d76c5
+Binary files /dev/null and b/fuzz/corpora/asn1/bab4fb85db4d3c714881ec95bd177a02910f90bd differ
+diff --git a/fuzz/corpora/asn1/bad95634b825713d47fd7b0b8ff9b6d6f29a2cd1 b/fuzz/corpora/asn1/bad95634b825713d47fd7b0b8ff9b6d6f29a2cd1
+new file mode 100644
+index 000000000000..9d1ff7285b5f
+Binary files /dev/null and b/fuzz/corpora/asn1/bad95634b825713d47fd7b0b8ff9b6d6f29a2cd1 differ
+diff --git a/fuzz/corpora/asn1/bb1c3593efb89db510c780b0013e130f17c02722 b/fuzz/corpora/asn1/bb1c3593efb89db510c780b0013e130f17c02722
+new file mode 100644
+index 000000000000..855ff42680f0
+Binary files /dev/null and b/fuzz/corpora/asn1/bb1c3593efb89db510c780b0013e130f17c02722 differ
+diff --git a/fuzz/corpora/asn1/bb4678fe9a6536a2d7569b1cadd9f2b4499247ba b/fuzz/corpora/asn1/bb4678fe9a6536a2d7569b1cadd9f2b4499247ba
+new file mode 100644
+index 000000000000..1e3d8bacbb98
+Binary files /dev/null and b/fuzz/corpora/asn1/bb4678fe9a6536a2d7569b1cadd9f2b4499247ba differ
+diff --git a/fuzz/corpora/asn1/bb61fa4c46a8f71af192cf3a025f1789afa41e80 b/fuzz/corpora/asn1/bb61fa4c46a8f71af192cf3a025f1789afa41e80
+new file mode 100644
+index 000000000000..90c68ce309b5
+Binary files /dev/null and b/fuzz/corpora/asn1/bb61fa4c46a8f71af192cf3a025f1789afa41e80 differ
+diff --git a/fuzz/corpora/asn1/bbca1c218f9fff9593a9e31ef14ac381d0124968 b/fuzz/corpora/asn1/bbca1c218f9fff9593a9e31ef14ac381d0124968
+new file mode 100644
+index 000000000000..609da95cf90a
+Binary files /dev/null and b/fuzz/corpora/asn1/bbca1c218f9fff9593a9e31ef14ac381d0124968 differ
+diff --git a/fuzz/corpora/asn1/bbe767a588b6fce1a4ecdb1edbdbc65d3723d049 b/fuzz/corpora/asn1/bbe767a588b6fce1a4ecdb1edbdbc65d3723d049
+new file mode 100644
+index 000000000000..a6ffc07ac704
+Binary files /dev/null and b/fuzz/corpora/asn1/bbe767a588b6fce1a4ecdb1edbdbc65d3723d049 differ
+diff --git a/fuzz/corpora/asn1/bc56e83e436df7d3c66d153f12f7802252065f61 b/fuzz/corpora/asn1/bc56e83e436df7d3c66d153f12f7802252065f61
+new file mode 100644
+index 000000000000..f7a276544346
+Binary files /dev/null and b/fuzz/corpora/asn1/bc56e83e436df7d3c66d153f12f7802252065f61 differ
+diff --git a/fuzz/corpora/asn1/bcaee02b0acd6cd2b84ef105f37d3518e59abf7c b/fuzz/corpora/asn1/bcaee02b0acd6cd2b84ef105f37d3518e59abf7c
+new file mode 100644
+index 000000000000..977dbf4880eb
+Binary files /dev/null and b/fuzz/corpora/asn1/bcaee02b0acd6cd2b84ef105f37d3518e59abf7c differ
+diff --git a/fuzz/corpora/asn1/bccacb0b3c537b9b36adb93efcb968c413dd3d92 b/fuzz/corpora/asn1/bccacb0b3c537b9b36adb93efcb968c413dd3d92
+new file mode 100644
+index 000000000000..c17f85be91e8
+Binary files /dev/null and b/fuzz/corpora/asn1/bccacb0b3c537b9b36adb93efcb968c413dd3d92 differ
+diff --git a/fuzz/corpora/asn1/bcd13ad5ac523fdc4076ab1edc8c380241d8f619 b/fuzz/corpora/asn1/bcd13ad5ac523fdc4076ab1edc8c380241d8f619
+new file mode 100644
+index 000000000000..2bfd431eb87c
+Binary files /dev/null and b/fuzz/corpora/asn1/bcd13ad5ac523fdc4076ab1edc8c380241d8f619 differ
+diff --git a/fuzz/corpora/asn1/bcd2f83b51b3385dcdfcb2881cd8747ae54ac9d1 b/fuzz/corpora/asn1/bcd2f83b51b3385dcdfcb2881cd8747ae54ac9d1
+new file mode 100644
+index 000000000000..f363adcdc06d
+Binary files /dev/null and b/fuzz/corpora/asn1/bcd2f83b51b3385dcdfcb2881cd8747ae54ac9d1 differ
+diff --git a/fuzz/corpora/asn1/bdb5dc6932f539db3109f5c05ed78745f5a95966 b/fuzz/corpora/asn1/bdb5dc6932f539db3109f5c05ed78745f5a95966
+new file mode 100644
+index 000000000000..9c3007c140df
+Binary files /dev/null and b/fuzz/corpora/asn1/bdb5dc6932f539db3109f5c05ed78745f5a95966 differ
+diff --git a/fuzz/corpora/asn1/bdfebc50ffa8e31e96869f571b05873030226589 b/fuzz/corpora/asn1/bdfebc50ffa8e31e96869f571b05873030226589
+new file mode 100644
+index 000000000000..4c8d3ce573b7
+Binary files /dev/null and b/fuzz/corpora/asn1/bdfebc50ffa8e31e96869f571b05873030226589 differ
+diff --git a/fuzz/corpora/asn1/be55cc333dc6a9db401d45ea8365634e30ee97eb b/fuzz/corpora/asn1/be55cc333dc6a9db401d45ea8365634e30ee97eb
+new file mode 100644
+index 000000000000..22187c250b13
+Binary files /dev/null and b/fuzz/corpora/asn1/be55cc333dc6a9db401d45ea8365634e30ee97eb differ
+diff --git a/fuzz/corpora/asn1/be6d130109b9d41bc6ab9ef85825d179591a86a0 b/fuzz/corpora/asn1/be6d130109b9d41bc6ab9ef85825d179591a86a0
+new file mode 100644
+index 000000000000..a36d606f0ac0
+Binary files /dev/null and b/fuzz/corpora/asn1/be6d130109b9d41bc6ab9ef85825d179591a86a0 differ
+diff --git a/fuzz/corpora/asn1/bed7648c8f38c50a7599321805850936ae7c244b b/fuzz/corpora/asn1/bed7648c8f38c50a7599321805850936ae7c244b
+new file mode 100644
+index 000000000000..3bfd9a30946b
+Binary files /dev/null and b/fuzz/corpora/asn1/bed7648c8f38c50a7599321805850936ae7c244b differ
+diff --git a/fuzz/corpora/asn1/bf2fcc17c8073422d2d721a528308962508210f3 b/fuzz/corpora/asn1/bf2fcc17c8073422d2d721a528308962508210f3
+new file mode 100644
+index 000000000000..db56c2b60a11
+Binary files /dev/null and b/fuzz/corpora/asn1/bf2fcc17c8073422d2d721a528308962508210f3 differ
+diff --git a/fuzz/corpora/asn1/bf4b9e44169ecbf5b4692f451c715fc2e490e999 b/fuzz/corpora/asn1/bf4b9e44169ecbf5b4692f451c715fc2e490e999
+new file mode 100644
+index 000000000000..80bb0b06ca4d
+Binary files /dev/null and b/fuzz/corpora/asn1/bf4b9e44169ecbf5b4692f451c715fc2e490e999 differ
+diff --git a/fuzz/corpora/asn1/bf4e9cda2ce9a51804a31861bec70d1ccbaead66 b/fuzz/corpora/asn1/bf4e9cda2ce9a51804a31861bec70d1ccbaead66
+new file mode 100644
+index 000000000000..89fe8d347cf8
+Binary files /dev/null and b/fuzz/corpora/asn1/bf4e9cda2ce9a51804a31861bec70d1ccbaead66 differ
+diff --git a/fuzz/corpora/asn1/bf4ecc4508e9b8dfa04a0231116b24e9eaae4500 b/fuzz/corpora/asn1/bf4ecc4508e9b8dfa04a0231116b24e9eaae4500
+new file mode 100644
+index 000000000000..630120559eed
+Binary files /dev/null and b/fuzz/corpora/asn1/bf4ecc4508e9b8dfa04a0231116b24e9eaae4500 differ
+diff --git a/fuzz/corpora/asn1/bf8312c746a968e8f2372aa36af45a91420c6c82 b/fuzz/corpora/asn1/bf8312c746a968e8f2372aa36af45a91420c6c82
+new file mode 100644
+index 000000000000..5124485ff8cc
+Binary files /dev/null and b/fuzz/corpora/asn1/bf8312c746a968e8f2372aa36af45a91420c6c82 differ
+diff --git a/fuzz/corpora/asn1/bf90f9211402f23b89e14f3311009d6e2e28c9d8 b/fuzz/corpora/asn1/bf90f9211402f23b89e14f3311009d6e2e28c9d8
+new file mode 100644
+index 000000000000..d9708a9a9d49
+Binary files /dev/null and b/fuzz/corpora/asn1/bf90f9211402f23b89e14f3311009d6e2e28c9d8 differ
+diff --git a/fuzz/corpora/asn1/bfa3d685907cd4f0854600753966a9aedd5a749f b/fuzz/corpora/asn1/bfa3d685907cd4f0854600753966a9aedd5a749f
+new file mode 100644
+index 000000000000..5080221dd185
+Binary files /dev/null and b/fuzz/corpora/asn1/bfa3d685907cd4f0854600753966a9aedd5a749f differ
+diff --git a/fuzz/corpora/asn1/bfa63760fca5980adbe8e3c1c44d2516a38d3e1d b/fuzz/corpora/asn1/bfa63760fca5980adbe8e3c1c44d2516a38d3e1d
+new file mode 100644
+index 000000000000..4894a9eebd1a
+Binary files /dev/null and b/fuzz/corpora/asn1/bfa63760fca5980adbe8e3c1c44d2516a38d3e1d differ
+diff --git a/fuzz/corpora/asn1/bfc8cbca58d1be00be1cdf7564ece5ebeb044417 b/fuzz/corpora/asn1/bfc8cbca58d1be00be1cdf7564ece5ebeb044417
+new file mode 100644
+index 000000000000..8b73fb1b2738
+Binary files /dev/null and b/fuzz/corpora/asn1/bfc8cbca58d1be00be1cdf7564ece5ebeb044417 differ
+diff --git a/fuzz/corpora/asn1/bfd404387988c747ba6d949b3b41b2cdc2fd3474 b/fuzz/corpora/asn1/bfd404387988c747ba6d949b3b41b2cdc2fd3474
+new file mode 100644
+index 000000000000..910c9ea1cabd
+Binary files /dev/null and b/fuzz/corpora/asn1/bfd404387988c747ba6d949b3b41b2cdc2fd3474 differ
+diff --git a/fuzz/corpora/asn1/c0495d7328a634f5d1e9f0274f6f320ccc9372f6 b/fuzz/corpora/asn1/c0495d7328a634f5d1e9f0274f6f320ccc9372f6
+new file mode 100644
+index 000000000000..05f655c1b486
+Binary files /dev/null and b/fuzz/corpora/asn1/c0495d7328a634f5d1e9f0274f6f320ccc9372f6 differ
+diff --git a/fuzz/corpora/asn1/c0fafb2ca98578164e3f0e9070c24ff836c41fe3 b/fuzz/corpora/asn1/c0fafb2ca98578164e3f0e9070c24ff836c41fe3
+new file mode 100644
+index 000000000000..e1f5f1e44fde
+Binary files /dev/null and b/fuzz/corpora/asn1/c0fafb2ca98578164e3f0e9070c24ff836c41fe3 differ
+diff --git a/fuzz/corpora/asn1/c103d1b540b181e5d64c3f372826c7ed0bfbb914 b/fuzz/corpora/asn1/c103d1b540b181e5d64c3f372826c7ed0bfbb914
+new file mode 100644
+index 000000000000..3fdd9d797315
+Binary files /dev/null and b/fuzz/corpora/asn1/c103d1b540b181e5d64c3f372826c7ed0bfbb914 differ
+diff --git a/fuzz/corpora/asn1/c113b99ad1eb9fbaf6a23e093e20b82fc304a38f b/fuzz/corpora/asn1/c113b99ad1eb9fbaf6a23e093e20b82fc304a38f
+new file mode 100644
+index 000000000000..8f48611337d5
+Binary files /dev/null and b/fuzz/corpora/asn1/c113b99ad1eb9fbaf6a23e093e20b82fc304a38f differ
+diff --git a/fuzz/corpora/asn1/c115ea15bc049104b6e0d47cc1c7641341f9a25b b/fuzz/corpora/asn1/c115ea15bc049104b6e0d47cc1c7641341f9a25b
+new file mode 100644
+index 000000000000..14df3748fa1f
+Binary files /dev/null and b/fuzz/corpora/asn1/c115ea15bc049104b6e0d47cc1c7641341f9a25b differ
+diff --git a/fuzz/corpora/asn1/c14e5ec18c0f8b27a62d8ddcb999d2bf832012bf b/fuzz/corpora/asn1/c14e5ec18c0f8b27a62d8ddcb999d2bf832012bf
+new file mode 100644
+index 000000000000..ba1cda7aa591
+Binary files /dev/null and b/fuzz/corpora/asn1/c14e5ec18c0f8b27a62d8ddcb999d2bf832012bf differ
+diff --git a/fuzz/corpora/asn1/c1c0a4bfd3711e588a93783e6740eb11f615ffcf b/fuzz/corpora/asn1/c1c0a4bfd3711e588a93783e6740eb11f615ffcf
+new file mode 100644
+index 000000000000..bea928e6871d
+Binary files /dev/null and b/fuzz/corpora/asn1/c1c0a4bfd3711e588a93783e6740eb11f615ffcf differ
+diff --git a/fuzz/corpora/asn1/c2358df3e6212d08c87dcbbb97b3e59587823a97 b/fuzz/corpora/asn1/c2358df3e6212d08c87dcbbb97b3e59587823a97
+new file mode 100644
+index 000000000000..6cd3cb7b1418
+Binary files /dev/null and b/fuzz/corpora/asn1/c2358df3e6212d08c87dcbbb97b3e59587823a97 differ
+diff --git a/fuzz/corpora/asn1/c251194b42687e885a28cf37ce337e9d0b5fe2ed b/fuzz/corpora/asn1/c251194b42687e885a28cf37ce337e9d0b5fe2ed
+new file mode 100644
+index 000000000000..86a19f0ef8a9
+Binary files /dev/null and b/fuzz/corpora/asn1/c251194b42687e885a28cf37ce337e9d0b5fe2ed differ
+diff --git a/fuzz/corpora/asn1/c2582faafd3e80182db4dc645cf6c2a27a2854e0 b/fuzz/corpora/asn1/c2582faafd3e80182db4dc645cf6c2a27a2854e0
+new file mode 100644
+index 000000000000..823d1fff4e2c
+Binary files /dev/null and b/fuzz/corpora/asn1/c2582faafd3e80182db4dc645cf6c2a27a2854e0 differ
+diff --git a/fuzz/corpora/asn1/c2ab035df5749115c8eee6a0dd5e765f178f38a4 b/fuzz/corpora/asn1/c2ab035df5749115c8eee6a0dd5e765f178f38a4
+new file mode 100644
+index 000000000000..812e23ea4465
+Binary files /dev/null and b/fuzz/corpora/asn1/c2ab035df5749115c8eee6a0dd5e765f178f38a4 differ
+diff --git a/fuzz/corpora/asn1/c2aeacaf04e6e3b4802c7189d53aba4c876a9f08 b/fuzz/corpora/asn1/c2aeacaf04e6e3b4802c7189d53aba4c876a9f08
+new file mode 100644
+index 000000000000..d16e870a8d82
+Binary files /dev/null and b/fuzz/corpora/asn1/c2aeacaf04e6e3b4802c7189d53aba4c876a9f08 differ
+diff --git a/fuzz/corpora/asn1/c2c0e18eaf83299082ef657d36e9da8b48a5c82d b/fuzz/corpora/asn1/c2c0e18eaf83299082ef657d36e9da8b48a5c82d
+new file mode 100644
+index 000000000000..e0ac30d8e8d6
+Binary files /dev/null and b/fuzz/corpora/asn1/c2c0e18eaf83299082ef657d36e9da8b48a5c82d differ
+diff --git a/fuzz/corpora/asn1/c2c38db6859b7beca0530390aef7e117d54d4b7e b/fuzz/corpora/asn1/c2c38db6859b7beca0530390aef7e117d54d4b7e
+new file mode 100644
+index 000000000000..b154e9bf9aea
+Binary files /dev/null and b/fuzz/corpora/asn1/c2c38db6859b7beca0530390aef7e117d54d4b7e differ
+diff --git a/fuzz/corpora/asn1/c314cfd591973141b6ea5a8b8788a62bda51819c b/fuzz/corpora/asn1/c314cfd591973141b6ea5a8b8788a62bda51819c
+new file mode 100644
+index 000000000000..059344ffbaa9
+Binary files /dev/null and b/fuzz/corpora/asn1/c314cfd591973141b6ea5a8b8788a62bda51819c differ
+diff --git a/fuzz/corpora/asn1/c3855405f7fe9a3e71e1675bb7d17e49fea7c203 b/fuzz/corpora/asn1/c3855405f7fe9a3e71e1675bb7d17e49fea7c203
+new file mode 100644
+index 000000000000..a03457265aa9
+Binary files /dev/null and b/fuzz/corpora/asn1/c3855405f7fe9a3e71e1675bb7d17e49fea7c203 differ
+diff --git a/fuzz/corpora/asn1/c4454bb197fbbe7b62036a836dd7fe6031b4bf58 b/fuzz/corpora/asn1/c4454bb197fbbe7b62036a836dd7fe6031b4bf58
+new file mode 100644
+index 000000000000..47f38e9778e8
+Binary files /dev/null and b/fuzz/corpora/asn1/c4454bb197fbbe7b62036a836dd7fe6031b4bf58 differ
+diff --git a/fuzz/corpora/asn1/c4876f3a1ec7dae2d997ad2d03558ff7f50b7f8b b/fuzz/corpora/asn1/c4876f3a1ec7dae2d997ad2d03558ff7f50b7f8b
+new file mode 100644
+index 000000000000..86ebac64b1bf
+Binary files /dev/null and b/fuzz/corpora/asn1/c4876f3a1ec7dae2d997ad2d03558ff7f50b7f8b differ
+diff --git a/fuzz/corpora/asn1/c4ce910b7cbc5ab0a0f12687c32141c27650d625 b/fuzz/corpora/asn1/c4ce910b7cbc5ab0a0f12687c32141c27650d625
+new file mode 100644
+index 000000000000..e39e080edd53
+Binary files /dev/null and b/fuzz/corpora/asn1/c4ce910b7cbc5ab0a0f12687c32141c27650d625 differ
+diff --git a/fuzz/corpora/asn1/c506f9b1b1b14a6e2c1e19a995413ef9184405f9 b/fuzz/corpora/asn1/c506f9b1b1b14a6e2c1e19a995413ef9184405f9
+new file mode 100644
+index 000000000000..eafaf30442f5
+Binary files /dev/null and b/fuzz/corpora/asn1/c506f9b1b1b14a6e2c1e19a995413ef9184405f9 differ
+diff --git a/fuzz/corpora/asn1/c512d04dddd4a7c142c1a16da61ec1b35863bdc5 b/fuzz/corpora/asn1/c512d04dddd4a7c142c1a16da61ec1b35863bdc5
+new file mode 100644
+index 000000000000..e848ad82d89b
+Binary files /dev/null and b/fuzz/corpora/asn1/c512d04dddd4a7c142c1a16da61ec1b35863bdc5 differ
+diff --git a/fuzz/corpora/asn1/c51e85735bd1dc27fb43e2995e15c0a1252afa76 b/fuzz/corpora/asn1/c51e85735bd1dc27fb43e2995e15c0a1252afa76
+new file mode 100644
+index 000000000000..488169f2bc5c
+Binary files /dev/null and b/fuzz/corpora/asn1/c51e85735bd1dc27fb43e2995e15c0a1252afa76 differ
+diff --git a/fuzz/corpora/asn1/c53d335e1f6e64c2814f479a827b8165f632ed52 b/fuzz/corpora/asn1/c53d335e1f6e64c2814f479a827b8165f632ed52
+new file mode 100644
+index 000000000000..b91a7d8dd76a
+Binary files /dev/null and b/fuzz/corpora/asn1/c53d335e1f6e64c2814f479a827b8165f632ed52 differ
+diff --git a/fuzz/corpora/asn1/c552f19e4256db53ee77f6e7e834d774d59ad31e b/fuzz/corpora/asn1/c552f19e4256db53ee77f6e7e834d774d59ad31e
+new file mode 100644
+index 000000000000..99ab91554a01
+Binary files /dev/null and b/fuzz/corpora/asn1/c552f19e4256db53ee77f6e7e834d774d59ad31e differ
+diff --git a/fuzz/corpora/asn1/c56674a7b201f8ea14754db1539bf0f8e556ba7d b/fuzz/corpora/asn1/c56674a7b201f8ea14754db1539bf0f8e556ba7d
+new file mode 100644
+index 000000000000..156a76170c41
+Binary files /dev/null and b/fuzz/corpora/asn1/c56674a7b201f8ea14754db1539bf0f8e556ba7d differ
+diff --git a/fuzz/corpora/asn1/c5789b212c7e1c19a406e33081904a9b6aa09686 b/fuzz/corpora/asn1/c5789b212c7e1c19a406e33081904a9b6aa09686
+new file mode 100644
+index 000000000000..f7417273034f
+Binary files /dev/null and b/fuzz/corpora/asn1/c5789b212c7e1c19a406e33081904a9b6aa09686 differ
+diff --git a/fuzz/corpora/asn1/c59a2969cc9c8f2c199de79f7864061b8eb56326 b/fuzz/corpora/asn1/c59a2969cc9c8f2c199de79f7864061b8eb56326
+new file mode 100644
+index 000000000000..09b989b3cd1e
+Binary files /dev/null and b/fuzz/corpora/asn1/c59a2969cc9c8f2c199de79f7864061b8eb56326 differ
+diff --git a/fuzz/corpora/asn1/c614f792b81da3719b78d6a49acdd77eca6013dc b/fuzz/corpora/asn1/c614f792b81da3719b78d6a49acdd77eca6013dc
+new file mode 100644
+index 000000000000..18e892d36c66
+Binary files /dev/null and b/fuzz/corpora/asn1/c614f792b81da3719b78d6a49acdd77eca6013dc differ
+diff --git a/fuzz/corpora/asn1/c61aee43e75521bc756bf1039f81578c0efd8f56 b/fuzz/corpora/asn1/c61aee43e75521bc756bf1039f81578c0efd8f56
+new file mode 100644
+index 000000000000..9be0ead1b6e4
+Binary files /dev/null and b/fuzz/corpora/asn1/c61aee43e75521bc756bf1039f81578c0efd8f56 differ
+diff --git a/fuzz/corpora/asn1/c62c64f00567c5368cae37f4e64e1e82ff785677 b/fuzz/corpora/asn1/c62c64f00567c5368cae37f4e64e1e82ff785677
+new file mode 100644
+index 000000000000..7d6519130e7a
+Binary files /dev/null and b/fuzz/corpora/asn1/c62c64f00567c5368cae37f4e64e1e82ff785677 differ
+diff --git a/fuzz/corpora/asn1/c65cae49f6407b5c878add8d41d97c41b61b5a2d b/fuzz/corpora/asn1/c65cae49f6407b5c878add8d41d97c41b61b5a2d
+new file mode 100644
+index 000000000000..a44c7aa7fee0
+Binary files /dev/null and b/fuzz/corpora/asn1/c65cae49f6407b5c878add8d41d97c41b61b5a2d differ
+diff --git a/fuzz/corpora/asn1/c67bbd9a71520c4abe1880aec486c87d0a73e769 b/fuzz/corpora/asn1/c67bbd9a71520c4abe1880aec486c87d0a73e769
+new file mode 100644
+index 000000000000..3c8447d28fcb
+Binary files /dev/null and b/fuzz/corpora/asn1/c67bbd9a71520c4abe1880aec486c87d0a73e769 differ
+diff --git a/fuzz/corpora/asn1/c6e0d4887f4c6ebad9fb27dc830604c4d8807a34 b/fuzz/corpora/asn1/c6e0d4887f4c6ebad9fb27dc830604c4d8807a34
+new file mode 100644
+index 000000000000..9b8967184f37
+Binary files /dev/null and b/fuzz/corpora/asn1/c6e0d4887f4c6ebad9fb27dc830604c4d8807a34 differ
+diff --git a/fuzz/corpora/asn1/c6eae9723eebac09ca6e44702d78d1ffbc0c4fbd b/fuzz/corpora/asn1/c6eae9723eebac09ca6e44702d78d1ffbc0c4fbd
+new file mode 100644
+index 000000000000..f635dc90c25b
+Binary files /dev/null and b/fuzz/corpora/asn1/c6eae9723eebac09ca6e44702d78d1ffbc0c4fbd differ
+diff --git a/fuzz/corpora/asn1/c73eaf8bd6a4381d19f0f2389f15fce8085f69c9 b/fuzz/corpora/asn1/c73eaf8bd6a4381d19f0f2389f15fce8085f69c9
+new file mode 100644
+index 000000000000..fc1f969c0c2a
+Binary files /dev/null and b/fuzz/corpora/asn1/c73eaf8bd6a4381d19f0f2389f15fce8085f69c9 differ
+diff --git a/fuzz/corpora/asn1/c77149071ec3a13111081d173e47c859eb8a69c5 b/fuzz/corpora/asn1/c77149071ec3a13111081d173e47c859eb8a69c5
+new file mode 100644
+index 000000000000..e3891648736c
+Binary files /dev/null and b/fuzz/corpora/asn1/c77149071ec3a13111081d173e47c859eb8a69c5 differ
+diff --git a/fuzz/corpora/asn1/c795dbf7d0e097eb2fa3ed5bf768b74df42d9993 b/fuzz/corpora/asn1/c795dbf7d0e097eb2fa3ed5bf768b74df42d9993
+new file mode 100644
+index 000000000000..7f3fd3b6ada1
+Binary files /dev/null and b/fuzz/corpora/asn1/c795dbf7d0e097eb2fa3ed5bf768b74df42d9993 differ
+diff --git a/fuzz/corpora/asn1/c7af7044a2d0312192d185b137ba4c4220197da6 b/fuzz/corpora/asn1/c7af7044a2d0312192d185b137ba4c4220197da6
+new file mode 100644
+index 000000000000..a4963a25cb10
+Binary files /dev/null and b/fuzz/corpora/asn1/c7af7044a2d0312192d185b137ba4c4220197da6 differ
+diff --git a/fuzz/corpora/asn1/c832164b3e52986c4bceec5608db3648368ac591 b/fuzz/corpora/asn1/c832164b3e52986c4bceec5608db3648368ac591
+new file mode 100644
+index 000000000000..933b17406132
+Binary files /dev/null and b/fuzz/corpora/asn1/c832164b3e52986c4bceec5608db3648368ac591 differ
+diff --git a/fuzz/corpora/asn1/c8a5926494a4081a39c4efc729f64927efb6237e b/fuzz/corpora/asn1/c8a5926494a4081a39c4efc729f64927efb6237e
+new file mode 100644
+index 000000000000..92114ab493f4
+Binary files /dev/null and b/fuzz/corpora/asn1/c8a5926494a4081a39c4efc729f64927efb6237e differ
+diff --git a/fuzz/corpora/asn1/c8c28e382c12ddd5a05d7072b78ff464c09498a7 b/fuzz/corpora/asn1/c8c28e382c12ddd5a05d7072b78ff464c09498a7
+new file mode 100644
+index 000000000000..ccc1d661492d
+Binary files /dev/null and b/fuzz/corpora/asn1/c8c28e382c12ddd5a05d7072b78ff464c09498a7 differ
+diff --git a/fuzz/corpora/asn1/c916ac453e05de0a058dcace6cb84b78c2e0818a b/fuzz/corpora/asn1/c916ac453e05de0a058dcace6cb84b78c2e0818a
+new file mode 100644
+index 000000000000..3997c7e378e8
+Binary files /dev/null and b/fuzz/corpora/asn1/c916ac453e05de0a058dcace6cb84b78c2e0818a differ
+diff --git a/fuzz/corpora/asn1/c9a3fe25c2940fdb3cf3688e79881b1dc5ca213b b/fuzz/corpora/asn1/c9a3fe25c2940fdb3cf3688e79881b1dc5ca213b
+new file mode 100644
+index 000000000000..57293db79839
+Binary files /dev/null and b/fuzz/corpora/asn1/c9a3fe25c2940fdb3cf3688e79881b1dc5ca213b differ
+diff --git a/fuzz/corpora/asn1/ca086311fb6bf61cc944d2cd927205eaa486a667 b/fuzz/corpora/asn1/ca086311fb6bf61cc944d2cd927205eaa486a667
+new file mode 100644
+index 000000000000..9314e0df0d27
+Binary files /dev/null and b/fuzz/corpora/asn1/ca086311fb6bf61cc944d2cd927205eaa486a667 differ
+diff --git a/fuzz/corpora/asn1/ca1249c3d00f14f1781c7795aa0628e1c6907753 b/fuzz/corpora/asn1/ca1249c3d00f14f1781c7795aa0628e1c6907753
+new file mode 100644
+index 000000000000..18d55778466b
+Binary files /dev/null and b/fuzz/corpora/asn1/ca1249c3d00f14f1781c7795aa0628e1c6907753 differ
+diff --git a/fuzz/corpora/asn1/ca522ab42f16f014bde75753a60102f764c120e1 b/fuzz/corpora/asn1/ca522ab42f16f014bde75753a60102f764c120e1
+new file mode 100644
+index 000000000000..a8e48b62b9b9
+Binary files /dev/null and b/fuzz/corpora/asn1/ca522ab42f16f014bde75753a60102f764c120e1 differ
+diff --git a/fuzz/corpora/asn1/ca6971d594a0fcf099594e7da800fb02b08dea33 b/fuzz/corpora/asn1/ca6971d594a0fcf099594e7da800fb02b08dea33
+new file mode 100644
+index 000000000000..1c0843da5f16
+Binary files /dev/null and b/fuzz/corpora/asn1/ca6971d594a0fcf099594e7da800fb02b08dea33 differ
+diff --git a/fuzz/corpora/asn1/ca777a6a1645ea663c9324bc701b5ffa7fef4c38 b/fuzz/corpora/asn1/ca777a6a1645ea663c9324bc701b5ffa7fef4c38
+new file mode 100644
+index 000000000000..ee28e4b99eeb
+Binary files /dev/null and b/fuzz/corpora/asn1/ca777a6a1645ea663c9324bc701b5ffa7fef4c38 differ
+diff --git a/fuzz/corpora/asn1/cab487c4f446a1da4eb701a7aec7d4877af91198 b/fuzz/corpora/asn1/cab487c4f446a1da4eb701a7aec7d4877af91198
+new file mode 100644
+index 000000000000..36f58dec4bf1
+Binary files /dev/null and b/fuzz/corpora/asn1/cab487c4f446a1da4eb701a7aec7d4877af91198 differ
+diff --git a/fuzz/corpora/asn1/cac677557e542e319f833cef0f3235e05e153693 b/fuzz/corpora/asn1/cac677557e542e319f833cef0f3235e05e153693
+new file mode 100644
+index 000000000000..7e4dea3e688a
+Binary files /dev/null and b/fuzz/corpora/asn1/cac677557e542e319f833cef0f3235e05e153693 differ
+diff --git a/fuzz/corpora/asn1/cafb3fe70238b7264dec1fdfc1aaa76d9e48da3f b/fuzz/corpora/asn1/cafb3fe70238b7264dec1fdfc1aaa76d9e48da3f
+new file mode 100644
+index 000000000000..9e3996785d7d
+Binary files /dev/null and b/fuzz/corpora/asn1/cafb3fe70238b7264dec1fdfc1aaa76d9e48da3f differ
+diff --git a/fuzz/corpora/asn1/cb013c49d5d661170705b6387640304f752f40f2 b/fuzz/corpora/asn1/cb013c49d5d661170705b6387640304f752f40f2
+new file mode 100644
+index 000000000000..5b01964e2103
+Binary files /dev/null and b/fuzz/corpora/asn1/cb013c49d5d661170705b6387640304f752f40f2 differ
+diff --git a/fuzz/corpora/asn1/cb90c414d161f93e973fa22dc9a5844f49d784cf b/fuzz/corpora/asn1/cb90c414d161f93e973fa22dc9a5844f49d784cf
+new file mode 100644
+index 000000000000..d969a7e57560
+Binary files /dev/null and b/fuzz/corpora/asn1/cb90c414d161f93e973fa22dc9a5844f49d784cf differ
+diff --git a/fuzz/corpora/asn1/cbbce2f37f09ed39ee7321a74e0640c0023c9e12 b/fuzz/corpora/asn1/cbbce2f37f09ed39ee7321a74e0640c0023c9e12
+new file mode 100644
+index 000000000000..10f175ffe8f2
+Binary files /dev/null and b/fuzz/corpora/asn1/cbbce2f37f09ed39ee7321a74e0640c0023c9e12 differ
+diff --git a/fuzz/corpora/asn1/cc1acdae1385a3d5be22e9bffff98ebf01d39406 b/fuzz/corpora/asn1/cc1acdae1385a3d5be22e9bffff98ebf01d39406
+new file mode 100644
+index 000000000000..abc71aede2ab
+Binary files /dev/null and b/fuzz/corpora/asn1/cc1acdae1385a3d5be22e9bffff98ebf01d39406 differ
+diff --git a/fuzz/corpora/asn1/cc696f85b1fa524c6cd17b71d0227320bc91969f b/fuzz/corpora/asn1/cc696f85b1fa524c6cd17b71d0227320bc91969f
+new file mode 100644
+index 000000000000..2d53a926b697
+Binary files /dev/null and b/fuzz/corpora/asn1/cc696f85b1fa524c6cd17b71d0227320bc91969f differ
+diff --git a/fuzz/corpora/asn1/cc744d1f970d0cbf0eaea3f4fb35068c84e7ac9d b/fuzz/corpora/asn1/cc744d1f970d0cbf0eaea3f4fb35068c84e7ac9d
+new file mode 100644
+index 000000000000..40f2a5d6ddaf
+Binary files /dev/null and b/fuzz/corpora/asn1/cc744d1f970d0cbf0eaea3f4fb35068c84e7ac9d differ
+diff --git a/fuzz/corpora/asn1/cde0ea70866bbc4da0c517a3558dc33d8cb88f33 b/fuzz/corpora/asn1/cde0ea70866bbc4da0c517a3558dc33d8cb88f33
+new file mode 100644
+index 000000000000..b16d282e776d
+Binary files /dev/null and b/fuzz/corpora/asn1/cde0ea70866bbc4da0c517a3558dc33d8cb88f33 differ
+diff --git a/fuzz/corpora/asn1/ceb3baaaad7d1dae92086d4334b66a4521966bca b/fuzz/corpora/asn1/ceb3baaaad7d1dae92086d4334b66a4521966bca
+new file mode 100644
+index 000000000000..8cfbe220e6a5
+Binary files /dev/null and b/fuzz/corpora/asn1/ceb3baaaad7d1dae92086d4334b66a4521966bca differ
+diff --git a/fuzz/corpora/asn1/ceeaec46384b488b7c980e1fe6f0770c635d1296 b/fuzz/corpora/asn1/ceeaec46384b488b7c980e1fe6f0770c635d1296
+new file mode 100644
+index 000000000000..d98786657185
+Binary files /dev/null and b/fuzz/corpora/asn1/ceeaec46384b488b7c980e1fe6f0770c635d1296 differ
+diff --git a/fuzz/corpora/asn1/ceef2bab1683ac07d7ccaa73bb5bf7dc728af129 b/fuzz/corpora/asn1/ceef2bab1683ac07d7ccaa73bb5bf7dc728af129
+new file mode 100644
+index 000000000000..fcb5c837412b
+Binary files /dev/null and b/fuzz/corpora/asn1/ceef2bab1683ac07d7ccaa73bb5bf7dc728af129 differ
+diff --git a/fuzz/corpora/asn1/cf37e82e369aae15cc07515a340c6fddfc44090f b/fuzz/corpora/asn1/cf37e82e369aae15cc07515a340c6fddfc44090f
+new file mode 100644
+index 000000000000..2d02f478bb64
+Binary files /dev/null and b/fuzz/corpora/asn1/cf37e82e369aae15cc07515a340c6fddfc44090f differ
+diff --git a/fuzz/corpora/asn1/cf3d2eb607f42767731679fbae355a77768d5f75 b/fuzz/corpora/asn1/cf3d2eb607f42767731679fbae355a77768d5f75
+new file mode 100644
+index 000000000000..ff94b0ca1834
+Binary files /dev/null and b/fuzz/corpora/asn1/cf3d2eb607f42767731679fbae355a77768d5f75 differ
+diff --git a/fuzz/corpora/asn1/cf73736c95cf93eae08604fb7c79183d2254831e b/fuzz/corpora/asn1/cf73736c95cf93eae08604fb7c79183d2254831e
+new file mode 100644
+index 000000000000..1bf198c37537
+Binary files /dev/null and b/fuzz/corpora/asn1/cf73736c95cf93eae08604fb7c79183d2254831e differ
+diff --git a/fuzz/corpora/asn1/cfd25b284f78250222c415d54426eaa5735ca1ce b/fuzz/corpora/asn1/cfd25b284f78250222c415d54426eaa5735ca1ce
+new file mode 100644
+index 000000000000..ae05f7cea2e0
+Binary files /dev/null and b/fuzz/corpora/asn1/cfd25b284f78250222c415d54426eaa5735ca1ce differ
+diff --git a/fuzz/corpora/asn1/cff46c769b2bf7a463a2c203ffd24e709412c0e6 b/fuzz/corpora/asn1/cff46c769b2bf7a463a2c203ffd24e709412c0e6
+new file mode 100644
+index 000000000000..f9acd3c65cad
+Binary files /dev/null and b/fuzz/corpora/asn1/cff46c769b2bf7a463a2c203ffd24e709412c0e6 differ
+diff --git a/fuzz/corpora/asn1/d06b4b9f3806ab98c5428feab308240e37417018 b/fuzz/corpora/asn1/d06b4b9f3806ab98c5428feab308240e37417018
+new file mode 100644
+index 000000000000..a53b46323afe
+Binary files /dev/null and b/fuzz/corpora/asn1/d06b4b9f3806ab98c5428feab308240e37417018 differ
+diff --git a/fuzz/corpora/asn1/d08c36aeca33f583e54fb7113f43dccdbe55c76c b/fuzz/corpora/asn1/d08c36aeca33f583e54fb7113f43dccdbe55c76c
+new file mode 100644
+index 000000000000..cd4c098768d2
+Binary files /dev/null and b/fuzz/corpora/asn1/d08c36aeca33f583e54fb7113f43dccdbe55c76c differ
+diff --git a/fuzz/corpora/asn1/d0ba262697fcf0e73ee942f4d92beef266e1f03a b/fuzz/corpora/asn1/d0ba262697fcf0e73ee942f4d92beef266e1f03a
+new file mode 100644
+index 000000000000..ee73562db664
+Binary files /dev/null and b/fuzz/corpora/asn1/d0ba262697fcf0e73ee942f4d92beef266e1f03a differ
+diff --git a/fuzz/corpora/asn1/d0c9808ac83a7816f458b1a1c0eed08a42ef34e9 b/fuzz/corpora/asn1/d0c9808ac83a7816f458b1a1c0eed08a42ef34e9
+new file mode 100644
+index 000000000000..f356857f7f48
+Binary files /dev/null and b/fuzz/corpora/asn1/d0c9808ac83a7816f458b1a1c0eed08a42ef34e9 differ
+diff --git a/fuzz/corpora/asn1/d0cac035368e4c58b2c29b455e5808355c2dc20b b/fuzz/corpora/asn1/d0cac035368e4c58b2c29b455e5808355c2dc20b
+new file mode 100644
+index 000000000000..7b50ea59cc88
+Binary files /dev/null and b/fuzz/corpora/asn1/d0cac035368e4c58b2c29b455e5808355c2dc20b differ
+diff --git a/fuzz/corpora/asn1/d10687f679f2a4988d9455acdd5efa5028ca6739 b/fuzz/corpora/asn1/d10687f679f2a4988d9455acdd5efa5028ca6739
+new file mode 100644
+index 000000000000..f5e7458fb76b
+Binary files /dev/null and b/fuzz/corpora/asn1/d10687f679f2a4988d9455acdd5efa5028ca6739 differ
+diff --git a/fuzz/corpora/asn1/d11fb931c554bd76a4854bde25eeb83b75f6f0a1 b/fuzz/corpora/asn1/d11fb931c554bd76a4854bde25eeb83b75f6f0a1
+new file mode 100644
+index 000000000000..532c492e2f71
+Binary files /dev/null and b/fuzz/corpora/asn1/d11fb931c554bd76a4854bde25eeb83b75f6f0a1 differ
+diff --git a/fuzz/corpora/asn1/d1899b0ae773336398eb7c7967d6e8dc1dd99a85 b/fuzz/corpora/asn1/d1899b0ae773336398eb7c7967d6e8dc1dd99a85
+new file mode 100644
+index 000000000000..2f803a07ca21
+Binary files /dev/null and b/fuzz/corpora/asn1/d1899b0ae773336398eb7c7967d6e8dc1dd99a85 differ
+diff --git a/fuzz/corpora/asn1/d1ec06cccc312e41f9c36d9543444e71e9087116 b/fuzz/corpora/asn1/d1ec06cccc312e41f9c36d9543444e71e9087116
+new file mode 100644
+index 000000000000..eb568ddce1e6
+Binary files /dev/null and b/fuzz/corpora/asn1/d1ec06cccc312e41f9c36d9543444e71e9087116 differ
+diff --git a/fuzz/corpora/asn1/d208e23e7d4d60f58b8f6cc72a656e04d5ff6d64 b/fuzz/corpora/asn1/d208e23e7d4d60f58b8f6cc72a656e04d5ff6d64
+new file mode 100644
+index 000000000000..14f94e6e5093
+Binary files /dev/null and b/fuzz/corpora/asn1/d208e23e7d4d60f58b8f6cc72a656e04d5ff6d64 differ
+diff --git a/fuzz/corpora/asn1/d228811efabae4339673831cf73f93f8b5c2d094 b/fuzz/corpora/asn1/d228811efabae4339673831cf73f93f8b5c2d094
+new file mode 100644
+index 000000000000..70b3b1ca32f5
+Binary files /dev/null and b/fuzz/corpora/asn1/d228811efabae4339673831cf73f93f8b5c2d094 differ
+diff --git a/fuzz/corpora/asn1/d250db8108683fc8473a7a9a5cc20da7b05ca8fb b/fuzz/corpora/asn1/d250db8108683fc8473a7a9a5cc20da7b05ca8fb
+new file mode 100644
+index 000000000000..f596cf36a025
+Binary files /dev/null and b/fuzz/corpora/asn1/d250db8108683fc8473a7a9a5cc20da7b05ca8fb differ
+diff --git a/fuzz/corpora/asn1/d27846995b8ef6883becd689c652488adea60514 b/fuzz/corpora/asn1/d27846995b8ef6883becd689c652488adea60514
+new file mode 100644
+index 000000000000..9518a640d842
+Binary files /dev/null and b/fuzz/corpora/asn1/d27846995b8ef6883becd689c652488adea60514 differ
+diff --git a/fuzz/corpora/asn1/d298b05ec8feb1c984d92a49d6dbfa18749db641 b/fuzz/corpora/asn1/d298b05ec8feb1c984d92a49d6dbfa18749db641
+new file mode 100644
+index 000000000000..b1d0ecab9c03
+Binary files /dev/null and b/fuzz/corpora/asn1/d298b05ec8feb1c984d92a49d6dbfa18749db641 differ
+diff --git a/fuzz/corpora/asn1/d2ee3d8fb6300dcc40b65e5e652f6671df91708e b/fuzz/corpora/asn1/d2ee3d8fb6300dcc40b65e5e652f6671df91708e
+new file mode 100644
+index 000000000000..ecc9c99681d9
+Binary files /dev/null and b/fuzz/corpora/asn1/d2ee3d8fb6300dcc40b65e5e652f6671df91708e differ
+diff --git a/fuzz/corpora/asn1/d32c3f4246bca4178b8ed259c95d0b8fa9e504d0 b/fuzz/corpora/asn1/d32c3f4246bca4178b8ed259c95d0b8fa9e504d0
+new file mode 100644
+index 000000000000..79131bfaca8c
+Binary files /dev/null and b/fuzz/corpora/asn1/d32c3f4246bca4178b8ed259c95d0b8fa9e504d0 differ
+diff --git a/fuzz/corpora/asn1/d3b20e637463df86f2717164efa8997f6da24d4b b/fuzz/corpora/asn1/d3b20e637463df86f2717164efa8997f6da24d4b
+new file mode 100644
+index 000000000000..14571be6c2ee
+Binary files /dev/null and b/fuzz/corpora/asn1/d3b20e637463df86f2717164efa8997f6da24d4b differ
+diff --git a/fuzz/corpora/asn1/d3ba2d2d6c407512bde5d768ba4b496532b20ed3 b/fuzz/corpora/asn1/d3ba2d2d6c407512bde5d768ba4b496532b20ed3
+new file mode 100644
+index 000000000000..5fe8a1f40fbe
+Binary files /dev/null and b/fuzz/corpora/asn1/d3ba2d2d6c407512bde5d768ba4b496532b20ed3 differ
+diff --git a/fuzz/corpora/asn1/d3c32261e7da5e74d8e665b1b6e0bfb53c6e79d4 b/fuzz/corpora/asn1/d3c32261e7da5e74d8e665b1b6e0bfb53c6e79d4
+new file mode 100644
+index 000000000000..484174a8b207
+Binary files /dev/null and b/fuzz/corpora/asn1/d3c32261e7da5e74d8e665b1b6e0bfb53c6e79d4 differ
+diff --git a/fuzz/corpora/asn1/d3d4e1ef0265dcaa8feaa7d22e0c51f403813bd2 b/fuzz/corpora/asn1/d3d4e1ef0265dcaa8feaa7d22e0c51f403813bd2
+new file mode 100644
+index 000000000000..eec96f11dc9e
+Binary files /dev/null and b/fuzz/corpora/asn1/d3d4e1ef0265dcaa8feaa7d22e0c51f403813bd2 differ
+diff --git a/fuzz/corpora/asn1/d493353f3fde51adf42f1db5349b380f77874ab8 b/fuzz/corpora/asn1/d493353f3fde51adf42f1db5349b380f77874ab8
+new file mode 100644
+index 000000000000..4c64cdf52672
+Binary files /dev/null and b/fuzz/corpora/asn1/d493353f3fde51adf42f1db5349b380f77874ab8 differ
+diff --git a/fuzz/corpora/asn1/d51cc1752fd963523433bfcfafea136b83aabc41 b/fuzz/corpora/asn1/d51cc1752fd963523433bfcfafea136b83aabc41
+new file mode 100644
+index 000000000000..aa20daba5c69
+Binary files /dev/null and b/fuzz/corpora/asn1/d51cc1752fd963523433bfcfafea136b83aabc41 differ
+diff --git a/fuzz/corpora/asn1/d56af302c5c2de03ed66118e26e526080c6ba6bc b/fuzz/corpora/asn1/d56af302c5c2de03ed66118e26e526080c6ba6bc
+new file mode 100644
+index 000000000000..aef7d0ceae6a
+Binary files /dev/null and b/fuzz/corpora/asn1/d56af302c5c2de03ed66118e26e526080c6ba6bc differ
+diff --git a/fuzz/corpora/asn1/d5a7d6d8d249df74ec07140643624bf2dd66df1e b/fuzz/corpora/asn1/d5a7d6d8d249df74ec07140643624bf2dd66df1e
+new file mode 100644
+index 000000000000..1b9a1b326ed8
+Binary files /dev/null and b/fuzz/corpora/asn1/d5a7d6d8d249df74ec07140643624bf2dd66df1e differ
+diff --git a/fuzz/corpora/asn1/d5ce8b4f6049da6903b90c72ef528ad9a081b824 b/fuzz/corpora/asn1/d5ce8b4f6049da6903b90c72ef528ad9a081b824
+new file mode 100644
+index 000000000000..636fc56df176
+Binary files /dev/null and b/fuzz/corpora/asn1/d5ce8b4f6049da6903b90c72ef528ad9a081b824 differ
+diff --git a/fuzz/corpora/asn1/d5d12b3796c396f692839da99e3b950fd7d84ae0 b/fuzz/corpora/asn1/d5d12b3796c396f692839da99e3b950fd7d84ae0
+new file mode 100644
+index 000000000000..73c89fb58d9b
+Binary files /dev/null and b/fuzz/corpora/asn1/d5d12b3796c396f692839da99e3b950fd7d84ae0 differ
+diff --git a/fuzz/corpora/asn1/d5e1419cf59fa545f594b795bb05068456622711 b/fuzz/corpora/asn1/d5e1419cf59fa545f594b795bb05068456622711
+new file mode 100644
+index 000000000000..0498243bf502
+Binary files /dev/null and b/fuzz/corpora/asn1/d5e1419cf59fa545f594b795bb05068456622711 differ
+diff --git a/fuzz/corpora/asn1/d65776260a2e30646339ce904b6891ead5e05b1b b/fuzz/corpora/asn1/d65776260a2e30646339ce904b6891ead5e05b1b
+new file mode 100644
+index 000000000000..883ac9dd5cf6
+Binary files /dev/null and b/fuzz/corpora/asn1/d65776260a2e30646339ce904b6891ead5e05b1b differ
+diff --git a/fuzz/corpora/asn1/d65f8af890a2234929571d55aea349b34a363a5c b/fuzz/corpora/asn1/d65f8af890a2234929571d55aea349b34a363a5c
+new file mode 100644
+index 000000000000..2957ea3dd100
+Binary files /dev/null and b/fuzz/corpora/asn1/d65f8af890a2234929571d55aea349b34a363a5c differ
+diff --git a/fuzz/corpora/asn1/d6b3437a84d75565169e0666f1574a880c2d0a6f b/fuzz/corpora/asn1/d6b3437a84d75565169e0666f1574a880c2d0a6f
+new file mode 100644
+index 000000000000..b9f5aa52b243
+Binary files /dev/null and b/fuzz/corpora/asn1/d6b3437a84d75565169e0666f1574a880c2d0a6f differ
+diff --git a/fuzz/corpora/asn1/d6cef9d7438da137f1b8549ebeb9e7bd821acc95 b/fuzz/corpora/asn1/d6cef9d7438da137f1b8549ebeb9e7bd821acc95
+new file mode 100644
+index 000000000000..fd8731ad6380
+Binary files /dev/null and b/fuzz/corpora/asn1/d6cef9d7438da137f1b8549ebeb9e7bd821acc95 differ
+diff --git a/fuzz/corpora/asn1/d7ba85517dc5d25f365119163f3b31645d2b9b96 b/fuzz/corpora/asn1/d7ba85517dc5d25f365119163f3b31645d2b9b96
+new file mode 100644
+index 000000000000..d18d0d971e62
+Binary files /dev/null and b/fuzz/corpora/asn1/d7ba85517dc5d25f365119163f3b31645d2b9b96 differ
+diff --git a/fuzz/corpora/asn1/d81417dd56a6ffeed32e600a07c62e093ebfb379 b/fuzz/corpora/asn1/d81417dd56a6ffeed32e600a07c62e093ebfb379
+new file mode 100644
+index 000000000000..c3298e875652
+Binary files /dev/null and b/fuzz/corpora/asn1/d81417dd56a6ffeed32e600a07c62e093ebfb379 differ
+diff --git a/fuzz/corpora/asn1/d85b9c36d6a89da0413a0b69cfc7383ce5216cfe b/fuzz/corpora/asn1/d85b9c36d6a89da0413a0b69cfc7383ce5216cfe
+new file mode 100644
+index 000000000000..cacc7853e2d8
+Binary files /dev/null and b/fuzz/corpora/asn1/d85b9c36d6a89da0413a0b69cfc7383ce5216cfe differ
+diff --git a/fuzz/corpora/asn1/d896752e473686214676cac834622095316d69d7 b/fuzz/corpora/asn1/d896752e473686214676cac834622095316d69d7
+new file mode 100644
+index 000000000000..2f858bbc5b84
+Binary files /dev/null and b/fuzz/corpora/asn1/d896752e473686214676cac834622095316d69d7 differ
+diff --git a/fuzz/corpora/asn1/d8b4a66a7a65ab700d513dd3a6341ddb504887f4 b/fuzz/corpora/asn1/d8b4a66a7a65ab700d513dd3a6341ddb504887f4
+new file mode 100644
+index 000000000000..ac19b45d1e9e
+Binary files /dev/null and b/fuzz/corpora/asn1/d8b4a66a7a65ab700d513dd3a6341ddb504887f4 differ
+diff --git a/fuzz/corpora/asn1/d8b74e9125e08576fef536c7b0ec136584e59349 b/fuzz/corpora/asn1/d8b74e9125e08576fef536c7b0ec136584e59349
+new file mode 100644
+index 000000000000..f11b69f2bd03
+Binary files /dev/null and b/fuzz/corpora/asn1/d8b74e9125e08576fef536c7b0ec136584e59349 differ
+diff --git a/fuzz/corpora/asn1/d8fd0e6e2f770cdf602e2b4911522b5b1a02c023 b/fuzz/corpora/asn1/d8fd0e6e2f770cdf602e2b4911522b5b1a02c023
+new file mode 100644
+index 000000000000..bce3c4471ead
+Binary files /dev/null and b/fuzz/corpora/asn1/d8fd0e6e2f770cdf602e2b4911522b5b1a02c023 differ
+diff --git a/fuzz/corpora/asn1/d938cf15a84e6dc28eec47bcc26d6092695ed1a0 b/fuzz/corpora/asn1/d938cf15a84e6dc28eec47bcc26d6092695ed1a0
+new file mode 100644
+index 000000000000..ad45ca8f3d63
+Binary files /dev/null and b/fuzz/corpora/asn1/d938cf15a84e6dc28eec47bcc26d6092695ed1a0 differ
+diff --git a/fuzz/corpora/asn1/d95523fd14874a6ec3bb3b687ec5002c0ad6fd42 b/fuzz/corpora/asn1/d95523fd14874a6ec3bb3b687ec5002c0ad6fd42
+new file mode 100644
+index 000000000000..6b805af986f1
+Binary files /dev/null and b/fuzz/corpora/asn1/d95523fd14874a6ec3bb3b687ec5002c0ad6fd42 differ
+diff --git a/fuzz/corpora/asn1/d9d25355f630346731df471d765092ca85892798 b/fuzz/corpora/asn1/d9d25355f630346731df471d765092ca85892798
+new file mode 100644
+index 000000000000..4d24d565a0c2
+Binary files /dev/null and b/fuzz/corpora/asn1/d9d25355f630346731df471d765092ca85892798 differ
+diff --git a/fuzz/corpora/asn1/db11ad058a365789b521edf86165a3a2171db31e b/fuzz/corpora/asn1/db11ad058a365789b521edf86165a3a2171db31e
+new file mode 100644
+index 000000000000..e5b816381c63
+Binary files /dev/null and b/fuzz/corpora/asn1/db11ad058a365789b521edf86165a3a2171db31e differ
+diff --git a/fuzz/corpora/asn1/dc8399f12bd10d918ff17b56f07650d01874aff4 b/fuzz/corpora/asn1/dc8399f12bd10d918ff17b56f07650d01874aff4
+new file mode 100644
+index 000000000000..144b8cb63aa2
+Binary files /dev/null and b/fuzz/corpora/asn1/dc8399f12bd10d918ff17b56f07650d01874aff4 differ
+diff --git a/fuzz/corpora/asn1/dc9688d0068482809a16367855f58e8cb70f6126 b/fuzz/corpora/asn1/dc9688d0068482809a16367855f58e8cb70f6126
+new file mode 100644
+index 000000000000..27689aedc826
+Binary files /dev/null and b/fuzz/corpora/asn1/dc9688d0068482809a16367855f58e8cb70f6126 differ
+diff --git a/fuzz/corpora/asn1/dd2553666a727354f33ae8a700fc75bb8399b806 b/fuzz/corpora/asn1/dd2553666a727354f33ae8a700fc75bb8399b806
+new file mode 100644
+index 000000000000..cb7767bca5ef
+Binary files /dev/null and b/fuzz/corpora/asn1/dd2553666a727354f33ae8a700fc75bb8399b806 differ
+diff --git a/fuzz/corpora/asn1/dd76fc1f5d8bacdfc8a402ba909fa4f148a63dda b/fuzz/corpora/asn1/dd76fc1f5d8bacdfc8a402ba909fa4f148a63dda
+new file mode 100644
+index 000000000000..f9839c371b9e
+Binary files /dev/null and b/fuzz/corpora/asn1/dd76fc1f5d8bacdfc8a402ba909fa4f148a63dda differ
+diff --git a/fuzz/corpora/asn1/dd84fa898efa1a16e5295297cbf504daa4614c59 b/fuzz/corpora/asn1/dd84fa898efa1a16e5295297cbf504daa4614c59
+new file mode 100644
+index 000000000000..0ecb0fbaee90
+Binary files /dev/null and b/fuzz/corpora/asn1/dd84fa898efa1a16e5295297cbf504daa4614c59 differ
+diff --git a/fuzz/corpora/asn1/dda78d795027f81908c9b37a3e3615af00d41768 b/fuzz/corpora/asn1/dda78d795027f81908c9b37a3e3615af00d41768
+new file mode 100644
+index 000000000000..c349fae371ef
+Binary files /dev/null and b/fuzz/corpora/asn1/dda78d795027f81908c9b37a3e3615af00d41768 differ
+diff --git a/fuzz/corpora/asn1/ddefdcdd2850a4eb99fd2db6a223f7764251c229 b/fuzz/corpora/asn1/ddefdcdd2850a4eb99fd2db6a223f7764251c229
+new file mode 100644
+index 000000000000..f9ea3549e173
+Binary files /dev/null and b/fuzz/corpora/asn1/ddefdcdd2850a4eb99fd2db6a223f7764251c229 differ
+diff --git a/fuzz/corpora/asn1/ddf7d6c16a47f1c3d100a6947b954851240b6c66 b/fuzz/corpora/asn1/ddf7d6c16a47f1c3d100a6947b954851240b6c66
+new file mode 100644
+index 000000000000..86ac031ace77
+Binary files /dev/null and b/fuzz/corpora/asn1/ddf7d6c16a47f1c3d100a6947b954851240b6c66 differ
+diff --git a/fuzz/corpora/asn1/de244a672baa4ded14025962ff634317cefb7c10 b/fuzz/corpora/asn1/de244a672baa4ded14025962ff634317cefb7c10
+new file mode 100644
+index 000000000000..cda2f212aa1f
+Binary files /dev/null and b/fuzz/corpora/asn1/de244a672baa4ded14025962ff634317cefb7c10 differ
+diff --git a/fuzz/corpora/asn1/de39ca591b331e0c65dcf5fd9b54ba299f9ee7fc b/fuzz/corpora/asn1/de39ca591b331e0c65dcf5fd9b54ba299f9ee7fc
+new file mode 100644
+index 000000000000..49d1dd6d3b4b
+Binary files /dev/null and b/fuzz/corpora/asn1/de39ca591b331e0c65dcf5fd9b54ba299f9ee7fc differ
+diff --git a/fuzz/corpora/asn1/de483db0a8b45c1791dc4c5ff90d3f9e23725d98 b/fuzz/corpora/asn1/de483db0a8b45c1791dc4c5ff90d3f9e23725d98
+new file mode 100644
+index 000000000000..b4eb4bfd59c8
+Binary files /dev/null and b/fuzz/corpora/asn1/de483db0a8b45c1791dc4c5ff90d3f9e23725d98 differ
+diff --git a/fuzz/corpora/asn1/de7a5d5d91d7d44a2e2b47ec9e7b874aed145b9e b/fuzz/corpora/asn1/de7a5d5d91d7d44a2e2b47ec9e7b874aed145b9e
+new file mode 100644
+index 000000000000..320629d8d6c2
+Binary files /dev/null and b/fuzz/corpora/asn1/de7a5d5d91d7d44a2e2b47ec9e7b874aed145b9e differ
+diff --git a/fuzz/corpora/asn1/def4fe511e92e310b3846948b6ceb8114c295386 b/fuzz/corpora/asn1/def4fe511e92e310b3846948b6ceb8114c295386
+new file mode 100644
+index 000000000000..a917e1fc8c09
+Binary files /dev/null and b/fuzz/corpora/asn1/def4fe511e92e310b3846948b6ceb8114c295386 differ
+diff --git a/fuzz/corpora/asn1/df20dbfbbecb0407157fbe281e9af0323c171c1c b/fuzz/corpora/asn1/df20dbfbbecb0407157fbe281e9af0323c171c1c
+new file mode 100644
+index 000000000000..6a463ae9fc36
+Binary files /dev/null and b/fuzz/corpora/asn1/df20dbfbbecb0407157fbe281e9af0323c171c1c differ
+diff --git a/fuzz/corpora/asn1/df4dfb0d61fa5f98a4e16712892e6819c512ecab b/fuzz/corpora/asn1/df4dfb0d61fa5f98a4e16712892e6819c512ecab
+new file mode 100644
+index 000000000000..475bce9fe439
+Binary files /dev/null and b/fuzz/corpora/asn1/df4dfb0d61fa5f98a4e16712892e6819c512ecab differ
+diff --git a/fuzz/corpora/asn1/df575d994640b4254f5b446213adb80159447c95 b/fuzz/corpora/asn1/df575d994640b4254f5b446213adb80159447c95
+new file mode 100644
+index 000000000000..6a603e9dd7a2
+Binary files /dev/null and b/fuzz/corpora/asn1/df575d994640b4254f5b446213adb80159447c95 differ
+diff --git a/fuzz/corpora/asn1/df83fdd8a01453cb15a3d03e9309640dd19b9439 b/fuzz/corpora/asn1/df83fdd8a01453cb15a3d03e9309640dd19b9439
+new file mode 100644
+index 000000000000..7f0a3f603f9f
+Binary files /dev/null and b/fuzz/corpora/asn1/df83fdd8a01453cb15a3d03e9309640dd19b9439 differ
+diff --git a/fuzz/corpora/asn1/dfb71a3d7a880d52643bb7bc22134c429b4beec2 b/fuzz/corpora/asn1/dfb71a3d7a880d52643bb7bc22134c429b4beec2
+new file mode 100644
+index 000000000000..d1cff29d484a
+Binary files /dev/null and b/fuzz/corpora/asn1/dfb71a3d7a880d52643bb7bc22134c429b4beec2 differ
+diff --git a/fuzz/corpora/asn1/e00cbcf83aa98638a2bac659037652a802717c12 b/fuzz/corpora/asn1/e00cbcf83aa98638a2bac659037652a802717c12
+new file mode 100644
+index 000000000000..8c98d6a06e72
+Binary files /dev/null and b/fuzz/corpora/asn1/e00cbcf83aa98638a2bac659037652a802717c12 differ
+diff --git a/fuzz/corpora/asn1/e0a8a69f818fef7e1c41f30afc6756c7892441f3 b/fuzz/corpora/asn1/e0a8a69f818fef7e1c41f30afc6756c7892441f3
+new file mode 100644
+index 000000000000..efa082c5924f
+Binary files /dev/null and b/fuzz/corpora/asn1/e0a8a69f818fef7e1c41f30afc6756c7892441f3 differ
+diff --git a/fuzz/corpora/asn1/e0b3e6428868b17064320719f3a9eae5733c783f b/fuzz/corpora/asn1/e0b3e6428868b17064320719f3a9eae5733c783f
+new file mode 100644
+index 000000000000..09d5b37df666
+Binary files /dev/null and b/fuzz/corpora/asn1/e0b3e6428868b17064320719f3a9eae5733c783f differ
+diff --git a/fuzz/corpora/asn1/e141b0d61331a6a99faa78e95123dde02fb85345 b/fuzz/corpora/asn1/e141b0d61331a6a99faa78e95123dde02fb85345
+new file mode 100644
+index 000000000000..18796a4c042a
+Binary files /dev/null and b/fuzz/corpora/asn1/e141b0d61331a6a99faa78e95123dde02fb85345 differ
+diff --git a/fuzz/corpora/asn1/e14eb091b4e44f9657be5272fd9f82aad18e8dae b/fuzz/corpora/asn1/e14eb091b4e44f9657be5272fd9f82aad18e8dae
+new file mode 100644
+index 000000000000..832c72c9e67c
+Binary files /dev/null and b/fuzz/corpora/asn1/e14eb091b4e44f9657be5272fd9f82aad18e8dae differ
+diff --git a/fuzz/corpora/asn1/e155376ff28aa73b18fe3830089d332581f872ed b/fuzz/corpora/asn1/e155376ff28aa73b18fe3830089d332581f872ed
+new file mode 100644
+index 000000000000..f038078ccd81
+Binary files /dev/null and b/fuzz/corpora/asn1/e155376ff28aa73b18fe3830089d332581f872ed differ
+diff --git a/fuzz/corpora/asn1/e205605239ec9870db43cc8993bc3fa0c566faa9 b/fuzz/corpora/asn1/e205605239ec9870db43cc8993bc3fa0c566faa9
+new file mode 100644
+index 000000000000..14c82e7152db
+Binary files /dev/null and b/fuzz/corpora/asn1/e205605239ec9870db43cc8993bc3fa0c566faa9 differ
+diff --git a/fuzz/corpora/asn1/e272b05aedd4c0bce220ddf18583273dcd8feb77 b/fuzz/corpora/asn1/e272b05aedd4c0bce220ddf18583273dcd8feb77
+new file mode 100644
+index 000000000000..746c749bd226
+Binary files /dev/null and b/fuzz/corpora/asn1/e272b05aedd4c0bce220ddf18583273dcd8feb77 differ
+diff --git a/fuzz/corpora/asn1/e2baf9343b19e825db7339e364a4f4a263a13dfc b/fuzz/corpora/asn1/e2baf9343b19e825db7339e364a4f4a263a13dfc
+new file mode 100644
+index 000000000000..e43da1fb2e05
+Binary files /dev/null and b/fuzz/corpora/asn1/e2baf9343b19e825db7339e364a4f4a263a13dfc differ
+diff --git a/fuzz/corpora/asn1/e2c6386817ba886e425e487c0350c4a2728195b0 b/fuzz/corpora/asn1/e2c6386817ba886e425e487c0350c4a2728195b0
+new file mode 100644
+index 000000000000..93a19b571191
+Binary files /dev/null and b/fuzz/corpora/asn1/e2c6386817ba886e425e487c0350c4a2728195b0 differ
+diff --git a/fuzz/corpora/asn1/e3168afa0dca3a6eb51f639bf09ca019b938c015 b/fuzz/corpora/asn1/e3168afa0dca3a6eb51f639bf09ca019b938c015
+new file mode 100644
+index 000000000000..f2a9213323ab
+Binary files /dev/null and b/fuzz/corpora/asn1/e3168afa0dca3a6eb51f639bf09ca019b938c015 differ
+diff --git a/fuzz/corpora/asn1/e358875da681b4a9e4a77bae299189864ff4f0d9 b/fuzz/corpora/asn1/e358875da681b4a9e4a77bae299189864ff4f0d9
+new file mode 100644
+index 000000000000..552abc30f0dc
+Binary files /dev/null and b/fuzz/corpora/asn1/e358875da681b4a9e4a77bae299189864ff4f0d9 differ
+diff --git a/fuzz/corpora/asn1/e39ff0d17934a3e6d5e5efee0a3e9ddd74098ae6 b/fuzz/corpora/asn1/e39ff0d17934a3e6d5e5efee0a3e9ddd74098ae6
+new file mode 100644
+index 000000000000..ff14c0e1791a
+Binary files /dev/null and b/fuzz/corpora/asn1/e39ff0d17934a3e6d5e5efee0a3e9ddd74098ae6 differ
+diff --git a/fuzz/corpora/asn1/e3d05e17a87542a524a083b9af17cd4ddaf48951 b/fuzz/corpora/asn1/e3d05e17a87542a524a083b9af17cd4ddaf48951
+new file mode 100644
+index 000000000000..6e8b79188c53
+Binary files /dev/null and b/fuzz/corpora/asn1/e3d05e17a87542a524a083b9af17cd4ddaf48951 differ
+diff --git a/fuzz/corpora/asn1/e425e77b5da7ccfeaf84b09ddc28bef2c9105f95 b/fuzz/corpora/asn1/e425e77b5da7ccfeaf84b09ddc28bef2c9105f95
+new file mode 100644
+index 000000000000..fca0370d9217
+Binary files /dev/null and b/fuzz/corpora/asn1/e425e77b5da7ccfeaf84b09ddc28bef2c9105f95 differ
+diff --git a/fuzz/corpora/asn1/e42a71c7f8169cfe88c011e27f2a15b3a8d3ad9c b/fuzz/corpora/asn1/e42a71c7f8169cfe88c011e27f2a15b3a8d3ad9c
+new file mode 100644
+index 000000000000..38edefea0ab4
+Binary files /dev/null and b/fuzz/corpora/asn1/e42a71c7f8169cfe88c011e27f2a15b3a8d3ad9c differ
+diff --git a/fuzz/corpora/asn1/e49fbf691a5c565ea8cd147a9687edbba9620c3b b/fuzz/corpora/asn1/e49fbf691a5c565ea8cd147a9687edbba9620c3b
+new file mode 100644
+index 000000000000..5be9f543f5d1
+Binary files /dev/null and b/fuzz/corpora/asn1/e49fbf691a5c565ea8cd147a9687edbba9620c3b differ
+diff --git a/fuzz/corpora/asn1/e4a5647a7b06329839b9bf5478df1756dac7ca3e b/fuzz/corpora/asn1/e4a5647a7b06329839b9bf5478df1756dac7ca3e
+new file mode 100644
+index 000000000000..2f2789d57c50
+Binary files /dev/null and b/fuzz/corpora/asn1/e4a5647a7b06329839b9bf5478df1756dac7ca3e differ
+diff --git a/fuzz/corpora/asn1/e4b40d9f940670afadad1b2faeaf7e5a6979774a b/fuzz/corpora/asn1/e4b40d9f940670afadad1b2faeaf7e5a6979774a
+new file mode 100644
+index 000000000000..5f267d38970f
+Binary files /dev/null and b/fuzz/corpora/asn1/e4b40d9f940670afadad1b2faeaf7e5a6979774a differ
+diff --git a/fuzz/corpora/asn1/e4b4840017b2d4c68138b8f5c5e91ca131024140 b/fuzz/corpora/asn1/e4b4840017b2d4c68138b8f5c5e91ca131024140
+new file mode 100644
+index 000000000000..ff4140f0a03d
+Binary files /dev/null and b/fuzz/corpora/asn1/e4b4840017b2d4c68138b8f5c5e91ca131024140 differ
+diff --git a/fuzz/corpora/asn1/e4dc8d9e0b4842f244c1cabac2057b1d00fa2e5a b/fuzz/corpora/asn1/e4dc8d9e0b4842f244c1cabac2057b1d00fa2e5a
+new file mode 100644
+index 000000000000..808748d2721b
+Binary files /dev/null and b/fuzz/corpora/asn1/e4dc8d9e0b4842f244c1cabac2057b1d00fa2e5a differ
+diff --git a/fuzz/corpora/asn1/e51c6868cd1403b3236553883999b9f007c936c6 b/fuzz/corpora/asn1/e51c6868cd1403b3236553883999b9f007c936c6
+new file mode 100644
+index 000000000000..ffe7f3a8a56b
+Binary files /dev/null and b/fuzz/corpora/asn1/e51c6868cd1403b3236553883999b9f007c936c6 differ
+diff --git a/fuzz/corpora/asn1/e546650389899d0942fb766aa7bd5ad8329c0e4f b/fuzz/corpora/asn1/e546650389899d0942fb766aa7bd5ad8329c0e4f
+new file mode 100644
+index 000000000000..022ffa2a6959
+Binary files /dev/null and b/fuzz/corpora/asn1/e546650389899d0942fb766aa7bd5ad8329c0e4f differ
+diff --git a/fuzz/corpora/asn1/e59b983efc65bfe78433c6897a9f68e24eccada8 b/fuzz/corpora/asn1/e59b983efc65bfe78433c6897a9f68e24eccada8
+new file mode 100644
+index 000000000000..774480b025d9
+Binary files /dev/null and b/fuzz/corpora/asn1/e59b983efc65bfe78433c6897a9f68e24eccada8 differ
+diff --git a/fuzz/corpora/asn1/e608a032799e9ed60f4f5ca93141faebceecaa71 b/fuzz/corpora/asn1/e608a032799e9ed60f4f5ca93141faebceecaa71
+new file mode 100644
+index 000000000000..fe9bc6d5fa98
+Binary files /dev/null and b/fuzz/corpora/asn1/e608a032799e9ed60f4f5ca93141faebceecaa71 differ
+diff --git a/fuzz/corpora/asn1/e62ee7979a3895cb9bd6b03fdfd81aa8eaac543a b/fuzz/corpora/asn1/e62ee7979a3895cb9bd6b03fdfd81aa8eaac543a
+new file mode 100644
+index 000000000000..4202ec169bc7
+Binary files /dev/null and b/fuzz/corpora/asn1/e62ee7979a3895cb9bd6b03fdfd81aa8eaac543a differ
+diff --git a/fuzz/corpora/asn1/e6885589ba13c61f7a6c1f494002d3074a8825bc b/fuzz/corpora/asn1/e6885589ba13c61f7a6c1f494002d3074a8825bc
+new file mode 100644
+index 000000000000..f52ec5ad4a13
+Binary files /dev/null and b/fuzz/corpora/asn1/e6885589ba13c61f7a6c1f494002d3074a8825bc differ
+diff --git a/fuzz/corpora/asn1/e7278cea2c80f55dc1271d85802bd0ec9024692c b/fuzz/corpora/asn1/e7278cea2c80f55dc1271d85802bd0ec9024692c
+new file mode 100644
+index 000000000000..1c2c18d32f84
+Binary files /dev/null and b/fuzz/corpora/asn1/e7278cea2c80f55dc1271d85802bd0ec9024692c differ
+diff --git a/fuzz/corpora/asn1/e7ac55e57819e9c78cfe01ba12155009c7fa1295 b/fuzz/corpora/asn1/e7ac55e57819e9c78cfe01ba12155009c7fa1295
+new file mode 100644
+index 000000000000..0aa7046afba5
+Binary files /dev/null and b/fuzz/corpora/asn1/e7ac55e57819e9c78cfe01ba12155009c7fa1295 differ
+diff --git a/fuzz/corpora/asn1/e7eb6d67807e8080abd9b1decc7daeeff43fa01f b/fuzz/corpora/asn1/e7eb6d67807e8080abd9b1decc7daeeff43fa01f
+new file mode 100644
+index 000000000000..d8465181ec27
+Binary files /dev/null and b/fuzz/corpora/asn1/e7eb6d67807e8080abd9b1decc7daeeff43fa01f differ
+diff --git a/fuzz/corpora/asn1/e7fe5753ce00ef69c7b4cd2004f992cd166ccbbe b/fuzz/corpora/asn1/e7fe5753ce00ef69c7b4cd2004f992cd166ccbbe
+new file mode 100644
+index 000000000000..4be253457457
+Binary files /dev/null and b/fuzz/corpora/asn1/e7fe5753ce00ef69c7b4cd2004f992cd166ccbbe differ
+diff --git a/fuzz/corpora/asn1/e83cd87e68e5f159805916695f92b2664a539700 b/fuzz/corpora/asn1/e83cd87e68e5f159805916695f92b2664a539700
+new file mode 100644
+index 000000000000..6e39a72ba58a
+Binary files /dev/null and b/fuzz/corpora/asn1/e83cd87e68e5f159805916695f92b2664a539700 differ
+diff --git a/fuzz/corpora/asn1/e847577e5107ca99ae9e3d4fa75d5252ed99b8fd b/fuzz/corpora/asn1/e847577e5107ca99ae9e3d4fa75d5252ed99b8fd
+new file mode 100644
+index 000000000000..97932529f724
+Binary files /dev/null and b/fuzz/corpora/asn1/e847577e5107ca99ae9e3d4fa75d5252ed99b8fd differ
+diff --git a/fuzz/corpora/asn1/e86c3b0579c2e5bb9721702e447e643f2173a1fc b/fuzz/corpora/asn1/e86c3b0579c2e5bb9721702e447e643f2173a1fc
+new file mode 100644
+index 000000000000..cd76933be009
+Binary files /dev/null and b/fuzz/corpora/asn1/e86c3b0579c2e5bb9721702e447e643f2173a1fc differ
+diff --git a/fuzz/corpora/asn1/e8728bccabf1d92577d843b57a5b65b7fc8e5bff b/fuzz/corpora/asn1/e8728bccabf1d92577d843b57a5b65b7fc8e5bff
+new file mode 100644
+index 000000000000..2a0cf5b6f37f
+Binary files /dev/null and b/fuzz/corpora/asn1/e8728bccabf1d92577d843b57a5b65b7fc8e5bff differ
+diff --git a/fuzz/corpora/asn1/e88d98a2448e67113e6188e25937d94d95046452 b/fuzz/corpora/asn1/e88d98a2448e67113e6188e25937d94d95046452
+new file mode 100644
+index 000000000000..5936c2e3114b
+Binary files /dev/null and b/fuzz/corpora/asn1/e88d98a2448e67113e6188e25937d94d95046452 differ
+diff --git a/fuzz/corpora/asn1/e88e86a0bf12086524ebc75717d94a00e4e601fa b/fuzz/corpora/asn1/e88e86a0bf12086524ebc75717d94a00e4e601fa
+new file mode 100644
+index 000000000000..3b6059eb8dbb
+Binary files /dev/null and b/fuzz/corpora/asn1/e88e86a0bf12086524ebc75717d94a00e4e601fa differ
+diff --git a/fuzz/corpora/asn1/e89143cb73343a6b603ddb650ccdf8026d83c791 b/fuzz/corpora/asn1/e89143cb73343a6b603ddb650ccdf8026d83c791
+new file mode 100644
+index 000000000000..744baa487924
+Binary files /dev/null and b/fuzz/corpora/asn1/e89143cb73343a6b603ddb650ccdf8026d83c791 differ
+diff --git a/fuzz/corpora/asn1/e8f563e6ce58bb9c291a03d9f6b9addb87106fb6 b/fuzz/corpora/asn1/e8f563e6ce58bb9c291a03d9f6b9addb87106fb6
+new file mode 100644
+index 000000000000..9c4b6c287730
+Binary files /dev/null and b/fuzz/corpora/asn1/e8f563e6ce58bb9c291a03d9f6b9addb87106fb6 differ
+diff --git a/fuzz/corpora/asn1/e917cd00f6618dd5ab65b0c7afe41b480136596d b/fuzz/corpora/asn1/e917cd00f6618dd5ab65b0c7afe41b480136596d
+new file mode 100644
+index 000000000000..ac185776dc39
+Binary files /dev/null and b/fuzz/corpora/asn1/e917cd00f6618dd5ab65b0c7afe41b480136596d differ
+diff --git a/fuzz/corpora/asn1/e9731a163f29c6d8397450d58fb27d3bc20e605a b/fuzz/corpora/asn1/e9731a163f29c6d8397450d58fb27d3bc20e605a
+new file mode 100644
+index 000000000000..657a15550e51
+Binary files /dev/null and b/fuzz/corpora/asn1/e9731a163f29c6d8397450d58fb27d3bc20e605a differ
+diff --git a/fuzz/corpora/asn1/e9825d207465ecee6944877111527a1c62759571 b/fuzz/corpora/asn1/e9825d207465ecee6944877111527a1c62759571
+new file mode 100644
+index 000000000000..f6df5f6ca242
+Binary files /dev/null and b/fuzz/corpora/asn1/e9825d207465ecee6944877111527a1c62759571 differ
+diff --git a/fuzz/corpora/asn1/e9a27312b5fb64f20e550bc6feba724129d17def b/fuzz/corpora/asn1/e9a27312b5fb64f20e550bc6feba724129d17def
+new file mode 100644
+index 000000000000..ea7ba8036c03
+Binary files /dev/null and b/fuzz/corpora/asn1/e9a27312b5fb64f20e550bc6feba724129d17def differ
+diff --git a/fuzz/corpora/asn1/e9dc07581e99f3a201be99dec1b06b9aaf1d0fb1 b/fuzz/corpora/asn1/e9dc07581e99f3a201be99dec1b06b9aaf1d0fb1
+new file mode 100644
+index 000000000000..512c2e413b80
+Binary files /dev/null and b/fuzz/corpora/asn1/e9dc07581e99f3a201be99dec1b06b9aaf1d0fb1 differ
+diff --git a/fuzz/corpora/asn1/ea062e1ba249371504dfe0a71633cf2e0a68e149 b/fuzz/corpora/asn1/ea062e1ba249371504dfe0a71633cf2e0a68e149
+new file mode 100644
+index 000000000000..b5d33a5eb43a
+Binary files /dev/null and b/fuzz/corpora/asn1/ea062e1ba249371504dfe0a71633cf2e0a68e149 differ
+diff --git a/fuzz/corpora/asn1/eb05b0f3503c93d940ba8a0e9bb1a941cd430b4e b/fuzz/corpora/asn1/eb05b0f3503c93d940ba8a0e9bb1a941cd430b4e
+new file mode 100644
+index 000000000000..83605f23afab
+Binary files /dev/null and b/fuzz/corpora/asn1/eb05b0f3503c93d940ba8a0e9bb1a941cd430b4e differ
+diff --git a/fuzz/corpora/asn1/eb157c68e50ccac8d7c13b65696bee8e95681187 b/fuzz/corpora/asn1/eb157c68e50ccac8d7c13b65696bee8e95681187
+new file mode 100644
+index 000000000000..a41560ccea43
+Binary files /dev/null and b/fuzz/corpora/asn1/eb157c68e50ccac8d7c13b65696bee8e95681187 differ
+diff --git a/fuzz/corpora/asn1/ebfc321ed8f7263de671c78639200f70a7d7534d b/fuzz/corpora/asn1/ebfc321ed8f7263de671c78639200f70a7d7534d
+new file mode 100644
+index 000000000000..31ad62e87a67
+Binary files /dev/null and b/fuzz/corpora/asn1/ebfc321ed8f7263de671c78639200f70a7d7534d differ
+diff --git a/fuzz/corpora/asn1/ec0fd4f45b2ce610a6cfc298433c8707a84f1967 b/fuzz/corpora/asn1/ec0fd4f45b2ce610a6cfc298433c8707a84f1967
+new file mode 100644
+index 000000000000..50c01aa07911
+Binary files /dev/null and b/fuzz/corpora/asn1/ec0fd4f45b2ce610a6cfc298433c8707a84f1967 differ
+diff --git a/fuzz/corpora/asn1/ec756d79b19b1629bc504d2ed7ae584fa7d24237 b/fuzz/corpora/asn1/ec756d79b19b1629bc504d2ed7ae584fa7d24237
+new file mode 100644
+index 000000000000..b2d34606deeb
+Binary files /dev/null and b/fuzz/corpora/asn1/ec756d79b19b1629bc504d2ed7ae584fa7d24237 differ
+diff --git a/fuzz/corpora/asn1/ecb603afe3bed074223071cc7f541f300adcf18b b/fuzz/corpora/asn1/ecb603afe3bed074223071cc7f541f300adcf18b
+new file mode 100644
+index 000000000000..48828a2f1cc3
+Binary files /dev/null and b/fuzz/corpora/asn1/ecb603afe3bed074223071cc7f541f300adcf18b differ
+diff --git a/fuzz/corpora/asn1/ed14e072e7edae3ca94eeeaa35c73fd185974e80 b/fuzz/corpora/asn1/ed14e072e7edae3ca94eeeaa35c73fd185974e80
+new file mode 100644
+index 000000000000..496f6c3b03f9
+Binary files /dev/null and b/fuzz/corpora/asn1/ed14e072e7edae3ca94eeeaa35c73fd185974e80 differ
+diff --git a/fuzz/corpora/asn1/ed2ee66c7d9b4a75622bedfd21b28255581a01d3 b/fuzz/corpora/asn1/ed2ee66c7d9b4a75622bedfd21b28255581a01d3
+new file mode 100644
+index 000000000000..870f230b7015
+Binary files /dev/null and b/fuzz/corpora/asn1/ed2ee66c7d9b4a75622bedfd21b28255581a01d3 differ
+diff --git a/fuzz/corpora/asn1/ed7af4b11ce8e01084d89f4dc916fce7a7704d2a b/fuzz/corpora/asn1/ed7af4b11ce8e01084d89f4dc916fce7a7704d2a
+new file mode 100644
+index 000000000000..db159d006d37
+Binary files /dev/null and b/fuzz/corpora/asn1/ed7af4b11ce8e01084d89f4dc916fce7a7704d2a differ
+diff --git a/fuzz/corpora/asn1/ed7d45d02385de9250c39ff70bb149221136c199 b/fuzz/corpora/asn1/ed7d45d02385de9250c39ff70bb149221136c199
+new file mode 100644
+index 000000000000..8a3fce58d4cf
+Binary files /dev/null and b/fuzz/corpora/asn1/ed7d45d02385de9250c39ff70bb149221136c199 differ
+diff --git a/fuzz/corpora/asn1/ed9dac18a48ed216607bc8fdebe6c45740036692 b/fuzz/corpora/asn1/ed9dac18a48ed216607bc8fdebe6c45740036692
+new file mode 100644
+index 000000000000..20aa428e761f
+Binary files /dev/null and b/fuzz/corpora/asn1/ed9dac18a48ed216607bc8fdebe6c45740036692 differ
+diff --git a/fuzz/corpora/asn1/edcb2d604244c089728b8f3e7bfa7e37c592f10a b/fuzz/corpora/asn1/edcb2d604244c089728b8f3e7bfa7e37c592f10a
+new file mode 100644
+index 000000000000..eac721bccd8b
+Binary files /dev/null and b/fuzz/corpora/asn1/edcb2d604244c089728b8f3e7bfa7e37c592f10a differ
+diff --git a/fuzz/corpora/asn1/edf5e3c4f8208f16fc354ce59a3541412787f148 b/fuzz/corpora/asn1/edf5e3c4f8208f16fc354ce59a3541412787f148
+new file mode 100644
+index 000000000000..2607d09e34ff
+Binary files /dev/null and b/fuzz/corpora/asn1/edf5e3c4f8208f16fc354ce59a3541412787f148 differ
+diff --git a/fuzz/corpora/asn1/ee06f62c3a3fa8ecdbf12c33cca09884bd8ec885 b/fuzz/corpora/asn1/ee06f62c3a3fa8ecdbf12c33cca09884bd8ec885
+new file mode 100644
+index 000000000000..d732a486a16d
+Binary files /dev/null and b/fuzz/corpora/asn1/ee06f62c3a3fa8ecdbf12c33cca09884bd8ec885 differ
+diff --git a/fuzz/corpora/asn1/ee2e25b85b02111ced3eb884eee2f1fb8a2f46a8 b/fuzz/corpora/asn1/ee2e25b85b02111ced3eb884eee2f1fb8a2f46a8
+new file mode 100644
+index 000000000000..244ce232a0c6
+Binary files /dev/null and b/fuzz/corpora/asn1/ee2e25b85b02111ced3eb884eee2f1fb8a2f46a8 differ
+diff --git a/fuzz/corpora/asn1/ee35f63b68dee29b2464b2257f395a3ed1f4b43d b/fuzz/corpora/asn1/ee35f63b68dee29b2464b2257f395a3ed1f4b43d
+new file mode 100644
+index 000000000000..b5bd90a91026
+Binary files /dev/null and b/fuzz/corpora/asn1/ee35f63b68dee29b2464b2257f395a3ed1f4b43d differ
+diff --git a/fuzz/corpora/asn1/ee97a0ce0de06a8784d082cb3be0b9e7e2e04523 b/fuzz/corpora/asn1/ee97a0ce0de06a8784d082cb3be0b9e7e2e04523
+new file mode 100644
+index 000000000000..d72d4a7cba8f
+Binary files /dev/null and b/fuzz/corpora/asn1/ee97a0ce0de06a8784d082cb3be0b9e7e2e04523 differ
+diff --git a/fuzz/corpora/asn1/eed726934632d1c2ddc8930e2c08b9fcaa6d0f87 b/fuzz/corpora/asn1/eed726934632d1c2ddc8930e2c08b9fcaa6d0f87
+new file mode 100644
+index 000000000000..8796b5f0a567
+Binary files /dev/null and b/fuzz/corpora/asn1/eed726934632d1c2ddc8930e2c08b9fcaa6d0f87 differ
+diff --git a/fuzz/corpora/asn1/ef248ad433f77c804e85e5028b9a36c51522056c b/fuzz/corpora/asn1/ef248ad433f77c804e85e5028b9a36c51522056c
+new file mode 100644
+index 000000000000..9858fe7273c6
+Binary files /dev/null and b/fuzz/corpora/asn1/ef248ad433f77c804e85e5028b9a36c51522056c differ
+diff --git a/fuzz/corpora/asn1/ef474981d39b4e8f30b2fcc9ecaddd21d76f4484 b/fuzz/corpora/asn1/ef474981d39b4e8f30b2fcc9ecaddd21d76f4484
+new file mode 100644
+index 000000000000..f1c17c93cf49
+Binary files /dev/null and b/fuzz/corpora/asn1/ef474981d39b4e8f30b2fcc9ecaddd21d76f4484 differ
+diff --git a/fuzz/corpora/asn1/ef4e7e9829693bd3d30938238f1ab90012ef53ca b/fuzz/corpora/asn1/ef4e7e9829693bd3d30938238f1ab90012ef53ca
+new file mode 100644
+index 000000000000..e9afcdfaac45
+Binary files /dev/null and b/fuzz/corpora/asn1/ef4e7e9829693bd3d30938238f1ab90012ef53ca differ
+diff --git a/fuzz/corpora/asn1/ef6372636281d640dceef3a0992c3d411da0b81a b/fuzz/corpora/asn1/ef6372636281d640dceef3a0992c3d411da0b81a
+new file mode 100644
+index 000000000000..4db4d78dc66b
+Binary files /dev/null and b/fuzz/corpora/asn1/ef6372636281d640dceef3a0992c3d411da0b81a differ
+diff --git a/fuzz/corpora/asn1/ef80be699a8c42d72dbed39b6c61b9fb575d9615 b/fuzz/corpora/asn1/ef80be699a8c42d72dbed39b6c61b9fb575d9615
+new file mode 100644
+index 000000000000..a86acbc8186d
+Binary files /dev/null and b/fuzz/corpora/asn1/ef80be699a8c42d72dbed39b6c61b9fb575d9615 differ
+diff --git a/fuzz/corpora/asn1/ef855687ebd09539a71863668e7425422e137fcb b/fuzz/corpora/asn1/ef855687ebd09539a71863668e7425422e137fcb
+new file mode 100644
+index 000000000000..55cbfbc61573
+Binary files /dev/null and b/fuzz/corpora/asn1/ef855687ebd09539a71863668e7425422e137fcb differ
+diff --git a/fuzz/corpora/asn1/efb7ce6c871246836bafceb3b49126278388f8ea b/fuzz/corpora/asn1/efb7ce6c871246836bafceb3b49126278388f8ea
+new file mode 100644
+index 000000000000..4b4d239af5a1
+Binary files /dev/null and b/fuzz/corpora/asn1/efb7ce6c871246836bafceb3b49126278388f8ea differ
+diff --git a/fuzz/corpora/asn1/efd07a5b74147872316033ed50440c7eb3ba6652 b/fuzz/corpora/asn1/efd07a5b74147872316033ed50440c7eb3ba6652
+new file mode 100644
+index 000000000000..5829862ebe8c
+Binary files /dev/null and b/fuzz/corpora/asn1/efd07a5b74147872316033ed50440c7eb3ba6652 differ
+diff --git a/fuzz/corpora/asn1/efde2daba70aa39dfb377674960a1c1871444601 b/fuzz/corpora/asn1/efde2daba70aa39dfb377674960a1c1871444601
+new file mode 100644
+index 000000000000..8975060856ee
+Binary files /dev/null and b/fuzz/corpora/asn1/efde2daba70aa39dfb377674960a1c1871444601 differ
+diff --git a/fuzz/corpora/asn1/efed2cf9060ba6b4beafea4d2656dd1f42ca2194 b/fuzz/corpora/asn1/efed2cf9060ba6b4beafea4d2656dd1f42ca2194
+new file mode 100644
+index 000000000000..6387ead658ba
+Binary files /dev/null and b/fuzz/corpora/asn1/efed2cf9060ba6b4beafea4d2656dd1f42ca2194 differ
+diff --git a/fuzz/corpora/asn1/f02e59f0bce0fb6b782d287424158bdfc7439201 b/fuzz/corpora/asn1/f02e59f0bce0fb6b782d287424158bdfc7439201
+new file mode 100644
+index 000000000000..f2982bd86d6f
+Binary files /dev/null and b/fuzz/corpora/asn1/f02e59f0bce0fb6b782d287424158bdfc7439201 differ
+diff --git a/fuzz/corpora/asn1/f04d36c7154537330602b2947ffbb737518c8a58 b/fuzz/corpora/asn1/f04d36c7154537330602b2947ffbb737518c8a58
+new file mode 100644
+index 000000000000..7793cfb0125c
+Binary files /dev/null and b/fuzz/corpora/asn1/f04d36c7154537330602b2947ffbb737518c8a58 differ
+diff --git a/fuzz/corpora/asn1/f0a33f1cb07d8679a92ac00a9324011f4f925d53 b/fuzz/corpora/asn1/f0a33f1cb07d8679a92ac00a9324011f4f925d53
+new file mode 100644
+index 000000000000..e09eace9a1c6
+Binary files /dev/null and b/fuzz/corpora/asn1/f0a33f1cb07d8679a92ac00a9324011f4f925d53 differ
+diff --git a/fuzz/corpora/asn1/f0b273220ada531f8fe1fa4a426e3c696ce11cb7 b/fuzz/corpora/asn1/f0b273220ada531f8fe1fa4a426e3c696ce11cb7
+new file mode 100644
+index 000000000000..45035738c52b
+Binary files /dev/null and b/fuzz/corpora/asn1/f0b273220ada531f8fe1fa4a426e3c696ce11cb7 differ
+diff --git a/fuzz/corpora/asn1/f1511e8c2cf556686acffcc68c34f556a8b4637a b/fuzz/corpora/asn1/f1511e8c2cf556686acffcc68c34f556a8b4637a
+new file mode 100644
+index 000000000000..470d30cba807
+Binary files /dev/null and b/fuzz/corpora/asn1/f1511e8c2cf556686acffcc68c34f556a8b4637a differ
+diff --git a/fuzz/corpora/asn1/f24d378b6f7bfe9f2f9617ac61c90457b450c365 b/fuzz/corpora/asn1/f24d378b6f7bfe9f2f9617ac61c90457b450c365
+new file mode 100644
+index 000000000000..7ac61a5671b7
+Binary files /dev/null and b/fuzz/corpora/asn1/f24d378b6f7bfe9f2f9617ac61c90457b450c365 differ
+diff --git a/fuzz/corpora/asn1/f2c858af58049555721ae6714e0118f0353e50b8 b/fuzz/corpora/asn1/f2c858af58049555721ae6714e0118f0353e50b8
+new file mode 100644
+index 000000000000..c507637bac7d
+Binary files /dev/null and b/fuzz/corpora/asn1/f2c858af58049555721ae6714e0118f0353e50b8 differ
+diff --git a/fuzz/corpora/asn1/f33f5228f3855ed4e337902746eb07e33bb2fb22 b/fuzz/corpora/asn1/f33f5228f3855ed4e337902746eb07e33bb2fb22
+new file mode 100644
+index 000000000000..50754c97c359
+Binary files /dev/null and b/fuzz/corpora/asn1/f33f5228f3855ed4e337902746eb07e33bb2fb22 differ
+diff --git a/fuzz/corpora/asn1/f348775afc6098f72eeedc8431421e5bf7bdcdb8 b/fuzz/corpora/asn1/f348775afc6098f72eeedc8431421e5bf7bdcdb8
+new file mode 100644
+index 000000000000..87b17a21b683
+Binary files /dev/null and b/fuzz/corpora/asn1/f348775afc6098f72eeedc8431421e5bf7bdcdb8 differ
+diff --git a/fuzz/corpora/asn1/f373bb55cbf71228f2a0e6b8d549804b94075bf2 b/fuzz/corpora/asn1/f373bb55cbf71228f2a0e6b8d549804b94075bf2
+new file mode 100644
+index 000000000000..0286397a8db4
+Binary files /dev/null and b/fuzz/corpora/asn1/f373bb55cbf71228f2a0e6b8d549804b94075bf2 differ
+diff --git a/fuzz/corpora/asn1/f37a77182bfc1ca161eabe5280e4fcfac7a982e8 b/fuzz/corpora/asn1/f37a77182bfc1ca161eabe5280e4fcfac7a982e8
+new file mode 100644
+index 000000000000..faf974507e6c
+Binary files /dev/null and b/fuzz/corpora/asn1/f37a77182bfc1ca161eabe5280e4fcfac7a982e8 differ
+diff --git a/fuzz/corpora/asn1/f403f889f1f6422208b2d1bc3ed413c20eadc55e b/fuzz/corpora/asn1/f403f889f1f6422208b2d1bc3ed413c20eadc55e
+new file mode 100644
+index 000000000000..8f5271df388f
+Binary files /dev/null and b/fuzz/corpora/asn1/f403f889f1f6422208b2d1bc3ed413c20eadc55e differ
+diff --git a/fuzz/corpora/asn1/f4fc7e0da21b6a9ee00932aeaa4686848aa6ee1c b/fuzz/corpora/asn1/f4fc7e0da21b6a9ee00932aeaa4686848aa6ee1c
+new file mode 100644
+index 000000000000..f6c147f2bf88
+Binary files /dev/null and b/fuzz/corpora/asn1/f4fc7e0da21b6a9ee00932aeaa4686848aa6ee1c differ
+diff --git a/fuzz/corpora/asn1/f505a9d5ccd3e39a260ac49eb08d124cfaacbe2b b/fuzz/corpora/asn1/f505a9d5ccd3e39a260ac49eb08d124cfaacbe2b
+new file mode 100644
+index 000000000000..26136540112a
+Binary files /dev/null and b/fuzz/corpora/asn1/f505a9d5ccd3e39a260ac49eb08d124cfaacbe2b differ
+diff --git a/fuzz/corpora/asn1/f51d84d66f97450eb5385760b9b3a2db05e7e181 b/fuzz/corpora/asn1/f51d84d66f97450eb5385760b9b3a2db05e7e181
+new file mode 100644
+index 000000000000..fa3fd204cd54
+Binary files /dev/null and b/fuzz/corpora/asn1/f51d84d66f97450eb5385760b9b3a2db05e7e181 differ
+diff --git a/fuzz/corpora/asn1/f546bed3364489a7ce91dfd5fc606ab5ee9a89e7 b/fuzz/corpora/asn1/f546bed3364489a7ce91dfd5fc606ab5ee9a89e7
+new file mode 100644
+index 000000000000..c9b0e16ce605
+Binary files /dev/null and b/fuzz/corpora/asn1/f546bed3364489a7ce91dfd5fc606ab5ee9a89e7 differ
+diff --git a/fuzz/corpora/asn1/f563834cc72b4bb82451baad26c037e9616915e4 b/fuzz/corpora/asn1/f563834cc72b4bb82451baad26c037e9616915e4
+new file mode 100644
+index 000000000000..d5b64c14127d
+Binary files /dev/null and b/fuzz/corpora/asn1/f563834cc72b4bb82451baad26c037e9616915e4 differ
+diff --git a/fuzz/corpora/asn1/f5ccf61f843115f7999ffc4aba5c5aa8fac90243 b/fuzz/corpora/asn1/f5ccf61f843115f7999ffc4aba5c5aa8fac90243
+new file mode 100644
+index 000000000000..25f60da37d91
+Binary files /dev/null and b/fuzz/corpora/asn1/f5ccf61f843115f7999ffc4aba5c5aa8fac90243 differ
+diff --git a/fuzz/corpora/asn1/f616d965fcd42108fdbe59e0690e7106a8a3c4d5 b/fuzz/corpora/asn1/f616d965fcd42108fdbe59e0690e7106a8a3c4d5
+new file mode 100644
+index 000000000000..8782a68f845f
+Binary files /dev/null and b/fuzz/corpora/asn1/f616d965fcd42108fdbe59e0690e7106a8a3c4d5 differ
+diff --git a/fuzz/corpora/asn1/f63a74402c57d6bfa05d0250bcd4397742d5a624 b/fuzz/corpora/asn1/f63a74402c57d6bfa05d0250bcd4397742d5a624
+new file mode 100644
+index 000000000000..c99f1bbcadd7
+Binary files /dev/null and b/fuzz/corpora/asn1/f63a74402c57d6bfa05d0250bcd4397742d5a624 differ
+diff --git a/fuzz/corpora/asn1/f65562eaf4d1d745968e144f22b1b57ccd83a29a b/fuzz/corpora/asn1/f65562eaf4d1d745968e144f22b1b57ccd83a29a
+new file mode 100644
+index 000000000000..8299f1f6a083
+Binary files /dev/null and b/fuzz/corpora/asn1/f65562eaf4d1d745968e144f22b1b57ccd83a29a differ
+diff --git a/fuzz/corpora/asn1/f771d285b7e232c7b4fa636e681e89d375941295 b/fuzz/corpora/asn1/f771d285b7e232c7b4fa636e681e89d375941295
+new file mode 100644
+index 000000000000..be1393666c4e
+Binary files /dev/null and b/fuzz/corpora/asn1/f771d285b7e232c7b4fa636e681e89d375941295 differ
+diff --git a/fuzz/corpora/asn1/f85b7db7dcb4123fcd71cff9f2e60e219c45b1ee b/fuzz/corpora/asn1/f85b7db7dcb4123fcd71cff9f2e60e219c45b1ee
+new file mode 100644
+index 000000000000..bc5410e57ed9
+Binary files /dev/null and b/fuzz/corpora/asn1/f85b7db7dcb4123fcd71cff9f2e60e219c45b1ee differ
+diff --git a/fuzz/corpora/asn1/f88bb6fb90f9209e0588ade397efb0c00df3027e b/fuzz/corpora/asn1/f88bb6fb90f9209e0588ade397efb0c00df3027e
+new file mode 100644
+index 000000000000..ba25cf7f1ba4
+Binary files /dev/null and b/fuzz/corpora/asn1/f88bb6fb90f9209e0588ade397efb0c00df3027e differ
+diff --git a/fuzz/corpora/asn1/f8c7d02f588735b5ebabdde73951f1e01075c6ba b/fuzz/corpora/asn1/f8c7d02f588735b5ebabdde73951f1e01075c6ba
+new file mode 100644
+index 000000000000..2eca625d0eff
+Binary files /dev/null and b/fuzz/corpora/asn1/f8c7d02f588735b5ebabdde73951f1e01075c6ba differ
+diff --git a/fuzz/corpora/asn1/f8dbb465067f4670ac42877e07bac66967d4b402 b/fuzz/corpora/asn1/f8dbb465067f4670ac42877e07bac66967d4b402
+new file mode 100644
+index 000000000000..7e46a2ae66ca
+Binary files /dev/null and b/fuzz/corpora/asn1/f8dbb465067f4670ac42877e07bac66967d4b402 differ
+diff --git a/fuzz/corpora/asn1/f944dcd635f9801f7ac90a407fbc479964dec024 b/fuzz/corpora/asn1/f944dcd635f9801f7ac90a407fbc479964dec024
+new file mode 100644
+index 000000000000..def7fcb589b9
+Binary files /dev/null and b/fuzz/corpora/asn1/f944dcd635f9801f7ac90a407fbc479964dec024 differ
+diff --git a/fuzz/corpora/asn1/f959b6b1aeca27fa6b6f628fdce396b7384fec71 b/fuzz/corpora/asn1/f959b6b1aeca27fa6b6f628fdce396b7384fec71
+new file mode 100644
+index 000000000000..195ba98d464e
+Binary files /dev/null and b/fuzz/corpora/asn1/f959b6b1aeca27fa6b6f628fdce396b7384fec71 differ
+diff --git a/fuzz/corpora/asn1/f98bd7e5aa8f66fcc717c7e816d1e96434409fb9 b/fuzz/corpora/asn1/f98bd7e5aa8f66fcc717c7e816d1e96434409fb9
+new file mode 100644
+index 000000000000..59032b800b2b
+Binary files /dev/null and b/fuzz/corpora/asn1/f98bd7e5aa8f66fcc717c7e816d1e96434409fb9 differ
+diff --git a/fuzz/corpora/asn1/f9cf47dd98d30cb705104cef8eb22c9744fdcb39 b/fuzz/corpora/asn1/f9cf47dd98d30cb705104cef8eb22c9744fdcb39
+new file mode 100644
+index 000000000000..4e1becd168db
+Binary files /dev/null and b/fuzz/corpora/asn1/f9cf47dd98d30cb705104cef8eb22c9744fdcb39 differ
+diff --git a/fuzz/corpora/asn1/f9d86a56f98ef37e8351462b42fa4351a2ab63cf b/fuzz/corpora/asn1/f9d86a56f98ef37e8351462b42fa4351a2ab63cf
+new file mode 100644
+index 000000000000..ac0962a98726
+Binary files /dev/null and b/fuzz/corpora/asn1/f9d86a56f98ef37e8351462b42fa4351a2ab63cf differ
+diff --git a/fuzz/corpora/asn1/fa694af9a460eb06684ed5b15d8e9f8cdc90c2e7 b/fuzz/corpora/asn1/fa694af9a460eb06684ed5b15d8e9f8cdc90c2e7
+new file mode 100644
+index 000000000000..0056184bef55
+Binary files /dev/null and b/fuzz/corpora/asn1/fa694af9a460eb06684ed5b15d8e9f8cdc90c2e7 differ
+diff --git a/fuzz/corpora/asn1/fb08572bd3030995fede7791f09de3ff183e6435 b/fuzz/corpora/asn1/fb08572bd3030995fede7791f09de3ff183e6435
+new file mode 100644
+index 000000000000..c78107bf48fe
+Binary files /dev/null and b/fuzz/corpora/asn1/fb08572bd3030995fede7791f09de3ff183e6435 differ
+diff --git a/fuzz/corpora/asn1/fb23e1eb3b0aa44929350df7c0ff014e323361b3 b/fuzz/corpora/asn1/fb23e1eb3b0aa44929350df7c0ff014e323361b3
+new file mode 100644
+index 000000000000..163af59ff35d
+Binary files /dev/null and b/fuzz/corpora/asn1/fb23e1eb3b0aa44929350df7c0ff014e323361b3 differ
+diff --git a/fuzz/corpora/asn1/fb3cf43f5d7bd4da040e3c6c19f7c90ab56d40e0 b/fuzz/corpora/asn1/fb3cf43f5d7bd4da040e3c6c19f7c90ab56d40e0
+new file mode 100644
+index 000000000000..b7edb63a7953
+Binary files /dev/null and b/fuzz/corpora/asn1/fb3cf43f5d7bd4da040e3c6c19f7c90ab56d40e0 differ
+diff --git a/fuzz/corpora/asn1/fb559fd7d93b455cea269c0c45aca7306d817d48 b/fuzz/corpora/asn1/fb559fd7d93b455cea269c0c45aca7306d817d48
+new file mode 100644
+index 000000000000..484ae80d4546
+Binary files /dev/null and b/fuzz/corpora/asn1/fb559fd7d93b455cea269c0c45aca7306d817d48 differ
+diff --git a/fuzz/corpora/asn1/fb814c2f2e7a7df15139402a8cc2f656193ed2da b/fuzz/corpora/asn1/fb814c2f2e7a7df15139402a8cc2f656193ed2da
+new file mode 100644
+index 000000000000..30199314e4b5
+Binary files /dev/null and b/fuzz/corpora/asn1/fb814c2f2e7a7df15139402a8cc2f656193ed2da differ
+diff --git a/fuzz/corpora/asn1/fb918e12154ee2d9908b84be26155d63dd5eba7b b/fuzz/corpora/asn1/fb918e12154ee2d9908b84be26155d63dd5eba7b
+new file mode 100644
+index 000000000000..38c7bc64622c
+Binary files /dev/null and b/fuzz/corpora/asn1/fb918e12154ee2d9908b84be26155d63dd5eba7b differ
+diff --git a/fuzz/corpora/asn1/fb9dece8060a8fb55071102a8c6f7395daa8e774 b/fuzz/corpora/asn1/fb9dece8060a8fb55071102a8c6f7395daa8e774
+new file mode 100644
+index 000000000000..8775c7babe7d
+Binary files /dev/null and b/fuzz/corpora/asn1/fb9dece8060a8fb55071102a8c6f7395daa8e774 differ
+diff --git a/fuzz/corpora/asn1/fbb6242538271ff46d037aa7f4aabb98b9e2d339 b/fuzz/corpora/asn1/fbb6242538271ff46d037aa7f4aabb98b9e2d339
+new file mode 100644
+index 000000000000..aac0bbee6ba8
+Binary files /dev/null and b/fuzz/corpora/asn1/fbb6242538271ff46d037aa7f4aabb98b9e2d339 differ
+diff --git a/fuzz/corpora/asn1/fbcd0a1f430035100f0d20dedab8046aca8ff058 b/fuzz/corpora/asn1/fbcd0a1f430035100f0d20dedab8046aca8ff058
+new file mode 100644
+index 000000000000..c3e66d49ddef
+Binary files /dev/null and b/fuzz/corpora/asn1/fbcd0a1f430035100f0d20dedab8046aca8ff058 differ
+diff --git a/fuzz/corpora/asn1/fc19a179fa1282d32497712ffc43e4a324dfaa27 b/fuzz/corpora/asn1/fc19a179fa1282d32497712ffc43e4a324dfaa27
+new file mode 100644
+index 000000000000..41738e4973ea
+Binary files /dev/null and b/fuzz/corpora/asn1/fc19a179fa1282d32497712ffc43e4a324dfaa27 differ
+diff --git a/fuzz/corpora/asn1/fcaad275048dfcffef5b64ce342d4ca2e0b71e6d b/fuzz/corpora/asn1/fcaad275048dfcffef5b64ce342d4ca2e0b71e6d
+new file mode 100644
+index 000000000000..f92391b81ab5
+Binary files /dev/null and b/fuzz/corpora/asn1/fcaad275048dfcffef5b64ce342d4ca2e0b71e6d differ
+diff --git a/fuzz/corpora/asn1/fcb404dce2ebfc17ead35c050706621b6b312924 b/fuzz/corpora/asn1/fcb404dce2ebfc17ead35c050706621b6b312924
+new file mode 100644
+index 000000000000..0ac64263c037
+Binary files /dev/null and b/fuzz/corpora/asn1/fcb404dce2ebfc17ead35c050706621b6b312924 differ
+diff --git a/fuzz/corpora/asn1/fd0f780ff84f2df9d761c4589318295129eb9497 b/fuzz/corpora/asn1/fd0f780ff84f2df9d761c4589318295129eb9497
+new file mode 100644
+index 000000000000..2811fb7fb1d4
+Binary files /dev/null and b/fuzz/corpora/asn1/fd0f780ff84f2df9d761c4589318295129eb9497 differ
+diff --git a/fuzz/corpora/asn1/fd81a373626aefe6fe35500f5936240e1fd1a1d3 b/fuzz/corpora/asn1/fd81a373626aefe6fe35500f5936240e1fd1a1d3
+new file mode 100644
+index 000000000000..2318e3ba5ae9
+Binary files /dev/null and b/fuzz/corpora/asn1/fd81a373626aefe6fe35500f5936240e1fd1a1d3 differ
+diff --git a/fuzz/corpora/asn1/fd8fd192b1979f29b10e40135756b4204f326af5 b/fuzz/corpora/asn1/fd8fd192b1979f29b10e40135756b4204f326af5
+new file mode 100644
+index 000000000000..c40917b80bce
+Binary files /dev/null and b/fuzz/corpora/asn1/fd8fd192b1979f29b10e40135756b4204f326af5 differ
+diff --git a/fuzz/corpora/asn1/fd9f8d66500870ad0e79b4ccc82af9e9b1f0f6bf b/fuzz/corpora/asn1/fd9f8d66500870ad0e79b4ccc82af9e9b1f0f6bf
+new file mode 100644
+index 000000000000..5bc77f3a148b
+Binary files /dev/null and b/fuzz/corpora/asn1/fd9f8d66500870ad0e79b4ccc82af9e9b1f0f6bf differ
+diff --git a/fuzz/corpora/asn1/fe16c45719dc2db29c18d70955462dea3ff5d656 b/fuzz/corpora/asn1/fe16c45719dc2db29c18d70955462dea3ff5d656
+new file mode 100644
+index 000000000000..a7abaf553c80
+Binary files /dev/null and b/fuzz/corpora/asn1/fe16c45719dc2db29c18d70955462dea3ff5d656 differ
+diff --git a/fuzz/corpora/asn1/fe36f25061b32cc8380fd95afed53369db15f318 b/fuzz/corpora/asn1/fe36f25061b32cc8380fd95afed53369db15f318
+new file mode 100644
+index 000000000000..5a8ac1b640b7
+Binary files /dev/null and b/fuzz/corpora/asn1/fe36f25061b32cc8380fd95afed53369db15f318 differ
+diff --git a/fuzz/corpora/asn1/fe68f68c9c0db5ee947d815c86a2e73754a445aa b/fuzz/corpora/asn1/fe68f68c9c0db5ee947d815c86a2e73754a445aa
+new file mode 100644
+index 000000000000..20192bc59fbe
+Binary files /dev/null and b/fuzz/corpora/asn1/fe68f68c9c0db5ee947d815c86a2e73754a445aa differ
+diff --git a/fuzz/corpora/asn1/fe82b1b58ec63226060c042d5fff2f04b5136478 b/fuzz/corpora/asn1/fe82b1b58ec63226060c042d5fff2f04b5136478
+new file mode 100644
+index 000000000000..bd82e78c83e1
+Binary files /dev/null and b/fuzz/corpora/asn1/fe82b1b58ec63226060c042d5fff2f04b5136478 differ
+diff --git a/fuzz/corpora/asn1/fea6306828d3e2f225b45157dbada634726752cd b/fuzz/corpora/asn1/fea6306828d3e2f225b45157dbada634726752cd
+new file mode 100644
+index 000000000000..0c1d5d078eb4
+Binary files /dev/null and b/fuzz/corpora/asn1/fea6306828d3e2f225b45157dbada634726752cd differ
+diff --git a/fuzz/corpora/asn1/feefce2b4eb17a2a8a2b1f5594a7beedbc59f380 b/fuzz/corpora/asn1/feefce2b4eb17a2a8a2b1f5594a7beedbc59f380
+new file mode 100644
+index 000000000000..8df5b85988fc
+Binary files /dev/null and b/fuzz/corpora/asn1/feefce2b4eb17a2a8a2b1f5594a7beedbc59f380 differ
+diff --git a/fuzz/corpora/asn1/fef983f5aa1e7952b2a01ea5d9ca329812280ec2 b/fuzz/corpora/asn1/fef983f5aa1e7952b2a01ea5d9ca329812280ec2
+new file mode 100644
+index 000000000000..1218a59a40bb
+Binary files /dev/null and b/fuzz/corpora/asn1/fef983f5aa1e7952b2a01ea5d9ca329812280ec2 differ
+diff --git a/fuzz/corpora/asn1/ffa4deae493a35ea87e9595fd8f7228bb351a03e b/fuzz/corpora/asn1/ffa4deae493a35ea87e9595fd8f7228bb351a03e
+new file mode 100644
+index 000000000000..d52fd1651eb9
+Binary files /dev/null and b/fuzz/corpora/asn1/ffa4deae493a35ea87e9595fd8f7228bb351a03e differ
+diff --git a/fuzz/corpora/asn1/ffc0dd2882c738be9dd1f12a86a1bcb2ad29334d b/fuzz/corpora/asn1/ffc0dd2882c738be9dd1f12a86a1bcb2ad29334d
+new file mode 100644
+index 000000000000..cb0d06e158cb
+Binary files /dev/null and b/fuzz/corpora/asn1/ffc0dd2882c738be9dd1f12a86a1bcb2ad29334d differ
+diff --git a/fuzz/corpora/asn1parse-crash/crash-f195c020a28dfc5f2fb6af256b524ddcd93756ed b/fuzz/corpora/asn1parse-crash/crash-f195c020a28dfc5f2fb6af256b524ddcd93756ed
+new file mode 100644
+index 000000000000..b1d81e79354c
+Binary files /dev/null and b/fuzz/corpora/asn1parse-crash/crash-f195c020a28dfc5f2fb6af256b524ddcd93756ed differ
+diff --git a/fuzz/corpora/asn1parse/0b0bf87cecc53f0e7da4bf59f37c9a88f64f8b0e b/fuzz/corpora/asn1parse/0b0bf87cecc53f0e7da4bf59f37c9a88f64f8b0e
+new file mode 100644
+index 000000000000..48a77111b82a
+Binary files /dev/null and b/fuzz/corpora/asn1parse/0b0bf87cecc53f0e7da4bf59f37c9a88f64f8b0e differ
+diff --git a/fuzz/corpora/asn1parse/0d78b58418d80b6860c896caa0ecfdc29519a7f0 b/fuzz/corpora/asn1parse/0d78b58418d80b6860c896caa0ecfdc29519a7f0
+new file mode 100644
+index 000000000000..47e01070147c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/0d78b58418d80b6860c896caa0ecfdc29519a7f0 differ
+diff --git a/fuzz/corpora/asn1parse/0fb8bd9329a4acbe514400248adb19c1f8ba254a b/fuzz/corpora/asn1parse/0fb8bd9329a4acbe514400248adb19c1f8ba254a
+new file mode 100644
+index 000000000000..3993c78d68b9
+Binary files /dev/null and b/fuzz/corpora/asn1parse/0fb8bd9329a4acbe514400248adb19c1f8ba254a differ
+diff --git a/fuzz/corpora/asn1parse/10e36b309c59456495c31c32a5fed6c715c1171a b/fuzz/corpora/asn1parse/10e36b309c59456495c31c32a5fed6c715c1171a
+new file mode 100644
+index 000000000000..354967aa4f69
+Binary files /dev/null and b/fuzz/corpora/asn1parse/10e36b309c59456495c31c32a5fed6c715c1171a differ
+diff --git a/fuzz/corpora/asn1parse/11cb26a39480d53ce0271f2fed93e5ba39cc4398 b/fuzz/corpora/asn1parse/11cb26a39480d53ce0271f2fed93e5ba39cc4398
+new file mode 100644
+index 000000000000..5987c91ee2a4
+Binary files /dev/null and b/fuzz/corpora/asn1parse/11cb26a39480d53ce0271f2fed93e5ba39cc4398 differ
+diff --git a/fuzz/corpora/asn1parse/1370f5519b2bc32d6a902bab2543bec0638db297 b/fuzz/corpora/asn1parse/1370f5519b2bc32d6a902bab2543bec0638db297
+new file mode 100644
+index 000000000000..300be7a61170
+Binary files /dev/null and b/fuzz/corpora/asn1parse/1370f5519b2bc32d6a902bab2543bec0638db297 differ
+diff --git a/fuzz/corpora/asn1parse/13752c46bd6c89b78e2d12ec1e613e6468d7ee18 b/fuzz/corpora/asn1parse/13752c46bd6c89b78e2d12ec1e613e6468d7ee18
+new file mode 100644
+index 000000000000..2b1233989478
+Binary files /dev/null and b/fuzz/corpora/asn1parse/13752c46bd6c89b78e2d12ec1e613e6468d7ee18 differ
+diff --git a/fuzz/corpora/asn1parse/172f4699aaca9d8825f57f353c1319558fcbbeca b/fuzz/corpora/asn1parse/172f4699aaca9d8825f57f353c1319558fcbbeca
+new file mode 100644
+index 000000000000..a53c5b9187c1
+Binary files /dev/null and b/fuzz/corpora/asn1parse/172f4699aaca9d8825f57f353c1319558fcbbeca differ
+diff --git a/fuzz/corpora/asn1parse/17720441fb8b3dc2fb6978cc433b0608ee8f3c25 b/fuzz/corpora/asn1parse/17720441fb8b3dc2fb6978cc433b0608ee8f3c25
+new file mode 100644
+index 000000000000..7a361753f833
+Binary files /dev/null and b/fuzz/corpora/asn1parse/17720441fb8b3dc2fb6978cc433b0608ee8f3c25 differ
+diff --git a/fuzz/corpora/asn1parse/180daa8026113323df1da47ad47a41a434792c57 b/fuzz/corpora/asn1parse/180daa8026113323df1da47ad47a41a434792c57
+new file mode 100644
+index 000000000000..53b6712e0ebb
+Binary files /dev/null and b/fuzz/corpora/asn1parse/180daa8026113323df1da47ad47a41a434792c57 differ
+diff --git a/fuzz/corpora/asn1parse/18c6c784eb10b3b995d1413dd502f40be4f18934 b/fuzz/corpora/asn1parse/18c6c784eb10b3b995d1413dd502f40be4f18934
+new file mode 100644
+index 000000000000..d194a23a2c86
+Binary files /dev/null and b/fuzz/corpora/asn1parse/18c6c784eb10b3b995d1413dd502f40be4f18934 differ
+diff --git a/fuzz/corpora/asn1parse/1b264d7889133f0d6a2d4c44f8edb79a1b2e9952 b/fuzz/corpora/asn1parse/1b264d7889133f0d6a2d4c44f8edb79a1b2e9952
+new file mode 100644
+index 000000000000..55302b995cd7
+Binary files /dev/null and b/fuzz/corpora/asn1parse/1b264d7889133f0d6a2d4c44f8edb79a1b2e9952 differ
+diff --git a/fuzz/corpora/asn1parse/1c36ca01e596c3185da92ced0fd2bd3190d239af b/fuzz/corpora/asn1parse/1c36ca01e596c3185da92ced0fd2bd3190d239af
+new file mode 100644
+index 000000000000..a07441899c1c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/1c36ca01e596c3185da92ced0fd2bd3190d239af differ
+diff --git a/fuzz/corpora/asn1parse/1d24b8cf5bc1b2ba6cbae0b5d0def13a519ed303 b/fuzz/corpora/asn1parse/1d24b8cf5bc1b2ba6cbae0b5d0def13a519ed303
+new file mode 100644
+index 000000000000..0a6db18996a0
+Binary files /dev/null and b/fuzz/corpora/asn1parse/1d24b8cf5bc1b2ba6cbae0b5d0def13a519ed303 differ
+diff --git a/fuzz/corpora/asn1parse/27ca3e5d7bac67546d1553c37490f237c69b6d31 b/fuzz/corpora/asn1parse/27ca3e5d7bac67546d1553c37490f237c69b6d31
+new file mode 100644
+index 000000000000..bdfcda7ce954
+Binary files /dev/null and b/fuzz/corpora/asn1parse/27ca3e5d7bac67546d1553c37490f237c69b6d31 differ
+diff --git a/fuzz/corpora/asn1parse/2b1cf8a99756d3c9d4ec9bc08598014387e97d15 b/fuzz/corpora/asn1parse/2b1cf8a99756d3c9d4ec9bc08598014387e97d15
+new file mode 100644
+index 000000000000..6684ab8c11a1
+Binary files /dev/null and b/fuzz/corpora/asn1parse/2b1cf8a99756d3c9d4ec9bc08598014387e97d15 differ
+diff --git a/fuzz/corpora/asn1parse/2c0510e12d71c3b46808645094768c76050c1f03 b/fuzz/corpora/asn1parse/2c0510e12d71c3b46808645094768c76050c1f03
+new file mode 100644
+index 000000000000..4e22ffa7495d
+Binary files /dev/null and b/fuzz/corpora/asn1parse/2c0510e12d71c3b46808645094768c76050c1f03 differ
+diff --git a/fuzz/corpora/asn1parse/2c0739ec0a7be3b7fe2f6b3e9d8531722b90071a b/fuzz/corpora/asn1parse/2c0739ec0a7be3b7fe2f6b3e9d8531722b90071a
+new file mode 100644
+index 000000000000..56de98d32a3c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/2c0739ec0a7be3b7fe2f6b3e9d8531722b90071a differ
+diff --git a/fuzz/corpora/asn1parse/2ce3a1974f20af1ec233622b48c8502427fdf24f b/fuzz/corpora/asn1parse/2ce3a1974f20af1ec233622b48c8502427fdf24f
+new file mode 100644
+index 000000000000..8c8878e8d5dd
+Binary files /dev/null and b/fuzz/corpora/asn1parse/2ce3a1974f20af1ec233622b48c8502427fdf24f differ
+diff --git a/fuzz/corpora/asn1parse/32d6b060ba20cf99871442de49aa1800f3d7c827 b/fuzz/corpora/asn1parse/32d6b060ba20cf99871442de49aa1800f3d7c827
+new file mode 100644
+index 000000000000..9acf4ec2dc9a
+Binary files /dev/null and b/fuzz/corpora/asn1parse/32d6b060ba20cf99871442de49aa1800f3d7c827 differ
+diff --git a/fuzz/corpora/asn1parse/348ed766c85112ddc8d84414f7eb2f05036b9839 b/fuzz/corpora/asn1parse/348ed766c85112ddc8d84414f7eb2f05036b9839
+new file mode 100644
+index 000000000000..fa9e7a4f201f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/348ed766c85112ddc8d84414f7eb2f05036b9839 differ
+diff --git a/fuzz/corpora/asn1parse/3c4053e312539b841a021b81a0739050a5ebaf94 b/fuzz/corpora/asn1parse/3c4053e312539b841a021b81a0739050a5ebaf94
+new file mode 100644
+index 000000000000..03838fc549e4
+Binary files /dev/null and b/fuzz/corpora/asn1parse/3c4053e312539b841a021b81a0739050a5ebaf94 differ
+diff --git a/fuzz/corpora/asn1parse/3f16a42395ecdc7939ebd9dcc1cf2a280670e7c3 b/fuzz/corpora/asn1parse/3f16a42395ecdc7939ebd9dcc1cf2a280670e7c3
+new file mode 100644
+index 000000000000..32df78a1c0c1
+Binary files /dev/null and b/fuzz/corpora/asn1parse/3f16a42395ecdc7939ebd9dcc1cf2a280670e7c3 differ
+diff --git a/fuzz/corpora/asn1parse/40d4b292a1ca6700da153fe38e36e258110ed0d7 b/fuzz/corpora/asn1parse/40d4b292a1ca6700da153fe38e36e258110ed0d7
+new file mode 100644
+index 000000000000..2dd50e3e2493
+Binary files /dev/null and b/fuzz/corpora/asn1parse/40d4b292a1ca6700da153fe38e36e258110ed0d7 differ
+diff --git a/fuzz/corpora/asn1parse/42a9e15a24917acb420c95368c97a0c5681d49da b/fuzz/corpora/asn1parse/42a9e15a24917acb420c95368c97a0c5681d49da
+new file mode 100644
+index 000000000000..d33a2d5c76fc
+Binary files /dev/null and b/fuzz/corpora/asn1parse/42a9e15a24917acb420c95368c97a0c5681d49da differ
+diff --git a/fuzz/corpora/asn1parse/42bd64e73400c3697dc979a618ff9d856ea5ad3e b/fuzz/corpora/asn1parse/42bd64e73400c3697dc979a618ff9d856ea5ad3e
+new file mode 100644
+index 000000000000..a71ed62dcf73
+Binary files /dev/null and b/fuzz/corpora/asn1parse/42bd64e73400c3697dc979a618ff9d856ea5ad3e differ
+diff --git a/fuzz/corpora/asn1parse/4abebaeb0a47c6ef87460e57b8fa825fb4ed1c12 b/fuzz/corpora/asn1parse/4abebaeb0a47c6ef87460e57b8fa825fb4ed1c12
+new file mode 100644
+index 000000000000..bc69bfe4dc7c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/4abebaeb0a47c6ef87460e57b8fa825fb4ed1c12 differ
+diff --git a/fuzz/corpora/asn1parse/4b719b5ff0aab2f5b33a4ec8c633162e862a6a28 b/fuzz/corpora/asn1parse/4b719b5ff0aab2f5b33a4ec8c633162e862a6a28
+new file mode 100644
+index 000000000000..76a54d69e186
+Binary files /dev/null and b/fuzz/corpora/asn1parse/4b719b5ff0aab2f5b33a4ec8c633162e862a6a28 differ
+diff --git a/fuzz/corpora/asn1parse/5528110c4540265909c5d0c7da57e0dc8f18441b b/fuzz/corpora/asn1parse/5528110c4540265909c5d0c7da57e0dc8f18441b
+new file mode 100644
+index 000000000000..56a358c1d792
+Binary files /dev/null and b/fuzz/corpora/asn1parse/5528110c4540265909c5d0c7da57e0dc8f18441b differ
+diff --git a/fuzz/corpora/asn1parse/58976db36299d0a89e0e3766a2799abf4c276db0 b/fuzz/corpora/asn1parse/58976db36299d0a89e0e3766a2799abf4c276db0
+new file mode 100644
+index 000000000000..73e3327ce263
+Binary files /dev/null and b/fuzz/corpora/asn1parse/58976db36299d0a89e0e3766a2799abf4c276db0 differ
+diff --git a/fuzz/corpora/asn1parse/59c5aba8a16244076868631beaa8094d37172601 b/fuzz/corpora/asn1parse/59c5aba8a16244076868631beaa8094d37172601
+new file mode 100644
+index 000000000000..6b164c3c09fe
+Binary files /dev/null and b/fuzz/corpora/asn1parse/59c5aba8a16244076868631beaa8094d37172601 differ
+diff --git a/fuzz/corpora/asn1parse/606baa97b10f0cd273c7f45a52e6065448f5769b b/fuzz/corpora/asn1parse/606baa97b10f0cd273c7f45a52e6065448f5769b
+new file mode 100644
+index 000000000000..76b65922fe75
+Binary files /dev/null and b/fuzz/corpora/asn1parse/606baa97b10f0cd273c7f45a52e6065448f5769b differ
+diff --git a/fuzz/corpora/asn1parse/6076a6c0a6f1d99e16ef95f5405ef9e7a8ee4933 b/fuzz/corpora/asn1parse/6076a6c0a6f1d99e16ef95f5405ef9e7a8ee4933
+new file mode 100644
+index 000000000000..10f3e84fbb0a
+Binary files /dev/null and b/fuzz/corpora/asn1parse/6076a6c0a6f1d99e16ef95f5405ef9e7a8ee4933 differ
+diff --git a/fuzz/corpora/asn1parse/64fd157ed4a1c54c2f55cba6380d9b099831d5c9 b/fuzz/corpora/asn1parse/64fd157ed4a1c54c2f55cba6380d9b099831d5c9
+new file mode 100644
+index 000000000000..69d49f27a5b3
+Binary files /dev/null and b/fuzz/corpora/asn1parse/64fd157ed4a1c54c2f55cba6380d9b099831d5c9 differ
+diff --git a/fuzz/corpora/asn1parse/696add7812133a2332e3c063f93139bf6b873034 b/fuzz/corpora/asn1parse/696add7812133a2332e3c063f93139bf6b873034
+new file mode 100644
+index 000000000000..dfe82aae9b8c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/696add7812133a2332e3c063f93139bf6b873034 differ
+diff --git a/fuzz/corpora/asn1parse/705374c7a286be50dcff2ec84cdfc47c782fdb6e b/fuzz/corpora/asn1parse/705374c7a286be50dcff2ec84cdfc47c782fdb6e
+new file mode 100644
+index 000000000000..3c1c17de950e
+Binary files /dev/null and b/fuzz/corpora/asn1parse/705374c7a286be50dcff2ec84cdfc47c782fdb6e differ
+diff --git a/fuzz/corpora/asn1parse/72c49da5b1d811407b3546624e5f3b68657f1aad b/fuzz/corpora/asn1parse/72c49da5b1d811407b3546624e5f3b68657f1aad
+new file mode 100644
+index 000000000000..ca7f24e85f94
+Binary files /dev/null and b/fuzz/corpora/asn1parse/72c49da5b1d811407b3546624e5f3b68657f1aad differ
+diff --git a/fuzz/corpora/asn1parse/7324cf21cd413452a8d16c8af93adc79fba97f8f b/fuzz/corpora/asn1parse/7324cf21cd413452a8d16c8af93adc79fba97f8f
+new file mode 100644
+index 000000000000..878face979ad
+Binary files /dev/null and b/fuzz/corpora/asn1parse/7324cf21cd413452a8d16c8af93adc79fba97f8f differ
+diff --git a/fuzz/corpora/asn1parse/7466a4f7fea991245fe84a073162b4562b9ecf58 b/fuzz/corpora/asn1parse/7466a4f7fea991245fe84a073162b4562b9ecf58
+new file mode 100644
+index 000000000000..45b98ea2cec0
+Binary files /dev/null and b/fuzz/corpora/asn1parse/7466a4f7fea991245fe84a073162b4562b9ecf58 differ
+diff --git a/fuzz/corpora/asn1parse/7a0665e0502d33f89cf0eeb49d47438a6a03e759 b/fuzz/corpora/asn1parse/7a0665e0502d33f89cf0eeb49d47438a6a03e759
+new file mode 100644
+index 000000000000..0ef5cbf8dc85
+Binary files /dev/null and b/fuzz/corpora/asn1parse/7a0665e0502d33f89cf0eeb49d47438a6a03e759 differ
+diff --git a/fuzz/corpora/asn1parse/8525d1578b570be0ddc7c0abc1f40a66beb5a59a b/fuzz/corpora/asn1parse/8525d1578b570be0ddc7c0abc1f40a66beb5a59a
+new file mode 100644
+index 000000000000..460f9a5667c8
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8525d1578b570be0ddc7c0abc1f40a66beb5a59a differ
+diff --git a/fuzz/corpora/asn1parse/87dabbac10fcc275607fe04d270e671dbff5c49b b/fuzz/corpora/asn1parse/87dabbac10fcc275607fe04d270e671dbff5c49b
+new file mode 100644
+index 000000000000..e7eb872bb3b7
+Binary files /dev/null and b/fuzz/corpora/asn1parse/87dabbac10fcc275607fe04d270e671dbff5c49b differ
+diff --git a/fuzz/corpora/asn1parse/8927805b1fdcf5b155dc7e7cdcce546a5c245b6b b/fuzz/corpora/asn1parse/8927805b1fdcf5b155dc7e7cdcce546a5c245b6b
+new file mode 100644
+index 000000000000..eeb9dfa75cf6
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8927805b1fdcf5b155dc7e7cdcce546a5c245b6b differ
+diff --git a/fuzz/corpora/asn1parse/8933eeb72f401f133827beebefdddcbe9584f644 b/fuzz/corpora/asn1parse/8933eeb72f401f133827beebefdddcbe9584f644
+new file mode 100644
+index 000000000000..2585811b2753
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8933eeb72f401f133827beebefdddcbe9584f644 differ
+diff --git a/fuzz/corpora/asn1parse/8ad8584daf17fd0bfd0e31b3f77481208b17e2a8 b/fuzz/corpora/asn1parse/8ad8584daf17fd0bfd0e31b3f77481208b17e2a8
+new file mode 100644
+index 000000000000..e4c3fa4a1999
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8ad8584daf17fd0bfd0e31b3f77481208b17e2a8 differ
+diff --git a/fuzz/corpora/asn1parse/8b15aaa6f639dc123b22b4378d5119f49dcbdef6 b/fuzz/corpora/asn1parse/8b15aaa6f639dc123b22b4378d5119f49dcbdef6
+new file mode 100644
+index 000000000000..cca5bf953820
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8b15aaa6f639dc123b22b4378d5119f49dcbdef6 differ
+diff --git a/fuzz/corpora/asn1parse/8e5863c38432ecde5b08de363daa06a5d9d78c3b b/fuzz/corpora/asn1parse/8e5863c38432ecde5b08de363daa06a5d9d78c3b
+new file mode 100644
+index 000000000000..26f939035340
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8e5863c38432ecde5b08de363daa06a5d9d78c3b differ
+diff --git a/fuzz/corpora/asn1parse/8fe51ff40338174e282d2303abba8a62b82da8a7 b/fuzz/corpora/asn1parse/8fe51ff40338174e282d2303abba8a62b82da8a7
+new file mode 100644
+index 000000000000..f19675780ab0
+Binary files /dev/null and b/fuzz/corpora/asn1parse/8fe51ff40338174e282d2303abba8a62b82da8a7 differ
+diff --git a/fuzz/corpora/asn1parse/909d226245dec3288abbdfcf6009961232432eff b/fuzz/corpora/asn1parse/909d226245dec3288abbdfcf6009961232432eff
+new file mode 100644
+index 000000000000..a333cbf49e8f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/909d226245dec3288abbdfcf6009961232432eff differ
+diff --git a/fuzz/corpora/asn1parse/93a20cbfb23355eca4a0c15ae7831ace6864fc08 b/fuzz/corpora/asn1parse/93a20cbfb23355eca4a0c15ae7831ace6864fc08
+new file mode 100644
+index 000000000000..cf4bad328d9f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/93a20cbfb23355eca4a0c15ae7831ace6864fc08 differ
+diff --git a/fuzz/corpora/asn1parse/9b006676682c6c50cc6522b8ee99b55201b07ddd b/fuzz/corpora/asn1parse/9b006676682c6c50cc6522b8ee99b55201b07ddd
+new file mode 100644
+index 000000000000..264763826947
+Binary files /dev/null and b/fuzz/corpora/asn1parse/9b006676682c6c50cc6522b8ee99b55201b07ddd differ
+diff --git a/fuzz/corpora/asn1parse/9c12328cc79c0f042317b1d59c95fd09cb01a946 b/fuzz/corpora/asn1parse/9c12328cc79c0f042317b1d59c95fd09cb01a946
+new file mode 100644
+index 000000000000..e0119dfb8a39
+Binary files /dev/null and b/fuzz/corpora/asn1parse/9c12328cc79c0f042317b1d59c95fd09cb01a946 differ
+diff --git a/fuzz/corpora/asn1parse/9e1c06c7a6e7f5f4011e8ae6426f026941b04020 b/fuzz/corpora/asn1parse/9e1c06c7a6e7f5f4011e8ae6426f026941b04020
+new file mode 100644
+index 000000000000..e5af8042783c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/9e1c06c7a6e7f5f4011e8ae6426f026941b04020 differ
+diff --git a/fuzz/corpora/asn1parse/a195945d83d78a3d33273a6eebaa07ffa27ca84c b/fuzz/corpora/asn1parse/a195945d83d78a3d33273a6eebaa07ffa27ca84c
+new file mode 100644
+index 000000000000..39a5de32088e
+Binary files /dev/null and b/fuzz/corpora/asn1parse/a195945d83d78a3d33273a6eebaa07ffa27ca84c differ
+diff --git a/fuzz/corpora/asn1parse/a49b94a4fd23b8844d1285ba0d8d0e1df043fd07 b/fuzz/corpora/asn1parse/a49b94a4fd23b8844d1285ba0d8d0e1df043fd07
+new file mode 100644
+index 000000000000..93231e1136e0
+Binary files /dev/null and b/fuzz/corpora/asn1parse/a49b94a4fd23b8844d1285ba0d8d0e1df043fd07 differ
+diff --git a/fuzz/corpora/asn1parse/a88e7380cc9dc9815fa040df2b1349b2afa8d4a3 b/fuzz/corpora/asn1parse/a88e7380cc9dc9815fa040df2b1349b2afa8d4a3
+new file mode 100644
+index 000000000000..785e7f868c68
+Binary files /dev/null and b/fuzz/corpora/asn1parse/a88e7380cc9dc9815fa040df2b1349b2afa8d4a3 differ
+diff --git a/fuzz/corpora/asn1parse/ac5da79a2fee437221c7d31cdb9c3510669365fb b/fuzz/corpora/asn1parse/ac5da79a2fee437221c7d31cdb9c3510669365fb
+new file mode 100644
+index 000000000000..57a4f5336fe6
+Binary files /dev/null and b/fuzz/corpora/asn1parse/ac5da79a2fee437221c7d31cdb9c3510669365fb differ
+diff --git a/fuzz/corpora/asn1parse/ad8d805e0275a9a7e4cadd920dee6084b87dfca8 b/fuzz/corpora/asn1parse/ad8d805e0275a9a7e4cadd920dee6084b87dfca8
+new file mode 100644
+index 000000000000..db484b1feccb
+Binary files /dev/null and b/fuzz/corpora/asn1parse/ad8d805e0275a9a7e4cadd920dee6084b87dfca8 differ
+diff --git a/fuzz/corpora/asn1parse/adfa18cdc3eb0227857dd7eea265eb6306ab79c3 b/fuzz/corpora/asn1parse/adfa18cdc3eb0227857dd7eea265eb6306ab79c3
+new file mode 100644
+index 000000000000..f2cb8d9d84ad
+Binary files /dev/null and b/fuzz/corpora/asn1parse/adfa18cdc3eb0227857dd7eea265eb6306ab79c3 differ
+diff --git a/fuzz/corpora/asn1parse/b004adb5482135f6129f68fd1a59a33118ffbe81 b/fuzz/corpora/asn1parse/b004adb5482135f6129f68fd1a59a33118ffbe81
+new file mode 100644
+index 000000000000..c8b02947c4e6
+Binary files /dev/null and b/fuzz/corpora/asn1parse/b004adb5482135f6129f68fd1a59a33118ffbe81 differ
+diff --git a/fuzz/corpora/asn1parse/b3935e3d0a1dfe71bddae2736284f003f634b95c b/fuzz/corpora/asn1parse/b3935e3d0a1dfe71bddae2736284f003f634b95c
+new file mode 100644
+index 000000000000..1142670f06a8
+Binary files /dev/null and b/fuzz/corpora/asn1parse/b3935e3d0a1dfe71bddae2736284f003f634b95c differ
+diff --git a/fuzz/corpora/asn1parse/b9cc15b11f944399ccbc904b6517f980c1292721 b/fuzz/corpora/asn1parse/b9cc15b11f944399ccbc904b6517f980c1292721
+new file mode 100644
+index 000000000000..cb9608bb9901
+Binary files /dev/null and b/fuzz/corpora/asn1parse/b9cc15b11f944399ccbc904b6517f980c1292721 differ
+diff --git a/fuzz/corpora/asn1parse/bc0beeb9cd0fa8ca7a94707f618fe86ad70c21ca b/fuzz/corpora/asn1parse/bc0beeb9cd0fa8ca7a94707f618fe86ad70c21ca
+new file mode 100644
+index 000000000000..4f5fc11d6d8e
+Binary files /dev/null and b/fuzz/corpora/asn1parse/bc0beeb9cd0fa8ca7a94707f618fe86ad70c21ca differ
+diff --git a/fuzz/corpora/asn1parse/bcdbe07c8ddcc0e7c30170ad3df6c8259702f753 b/fuzz/corpora/asn1parse/bcdbe07c8ddcc0e7c30170ad3df6c8259702f753
+new file mode 100644
+index 000000000000..bdaa92b28926
+Binary files /dev/null and b/fuzz/corpora/asn1parse/bcdbe07c8ddcc0e7c30170ad3df6c8259702f753 differ
+diff --git a/fuzz/corpora/asn1parse/bea58b8def9926f95dd395c596186df4d7d812cc b/fuzz/corpora/asn1parse/bea58b8def9926f95dd395c596186df4d7d812cc
+new file mode 100644
+index 000000000000..8ba0f2ebcf85
+Binary files /dev/null and b/fuzz/corpora/asn1parse/bea58b8def9926f95dd395c596186df4d7d812cc differ
+diff --git a/fuzz/corpora/asn1parse/beed671095997fb15d927bf4afb66b7e3ce7da7f b/fuzz/corpora/asn1parse/beed671095997fb15d927bf4afb66b7e3ce7da7f
+new file mode 100644
+index 000000000000..31848f56571a
+Binary files /dev/null and b/fuzz/corpora/asn1parse/beed671095997fb15d927bf4afb66b7e3ce7da7f differ
+diff --git a/fuzz/corpora/asn1parse/bf38b36645dff3bda47b497c511ab89b7aa80fb3 b/fuzz/corpora/asn1parse/bf38b36645dff3bda47b497c511ab89b7aa80fb3
+new file mode 100644
+index 000000000000..c053206d26a9
+Binary files /dev/null and b/fuzz/corpora/asn1parse/bf38b36645dff3bda47b497c511ab89b7aa80fb3 differ
+diff --git a/fuzz/corpora/asn1parse/bf5b00c788437d366a84f520523d5f4a223e2b70 b/fuzz/corpora/asn1parse/bf5b00c788437d366a84f520523d5f4a223e2b70
+new file mode 100644
+index 000000000000..63a6e34ac2c0
+Binary files /dev/null and b/fuzz/corpora/asn1parse/bf5b00c788437d366a84f520523d5f4a223e2b70 differ
+diff --git a/fuzz/corpora/asn1parse/c025df29a6aefa9dc485e25e290c4f6a56cf4eaa b/fuzz/corpora/asn1parse/c025df29a6aefa9dc485e25e290c4f6a56cf4eaa
+new file mode 100644
+index 000000000000..2b0065d0b53f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c025df29a6aefa9dc485e25e290c4f6a56cf4eaa differ
+diff --git a/fuzz/corpora/asn1parse/c0fa49a43d0b20b0705fbdcbd36df411536f1f86 b/fuzz/corpora/asn1parse/c0fa49a43d0b20b0705fbdcbd36df411536f1f86
+new file mode 100644
+index 000000000000..4ca7413e03d9
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c0fa49a43d0b20b0705fbdcbd36df411536f1f86 differ
+diff --git a/fuzz/corpora/asn1parse/c17285d8d64e2a61382a91b85892499746c12c4c b/fuzz/corpora/asn1parse/c17285d8d64e2a61382a91b85892499746c12c4c
+new file mode 100644
+index 000000000000..f0f5656efeb4
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c17285d8d64e2a61382a91b85892499746c12c4c differ
+diff --git a/fuzz/corpora/asn1parse/c3005156dfe03cef9b090dbef4f85072fcb2cb10 b/fuzz/corpora/asn1parse/c3005156dfe03cef9b090dbef4f85072fcb2cb10
+new file mode 100644
+index 000000000000..de2ac3521d01
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c3005156dfe03cef9b090dbef4f85072fcb2cb10 differ
+diff --git a/fuzz/corpora/asn1parse/c30a24efef50efcd44b664eb6ef7f251c670a8cf b/fuzz/corpora/asn1parse/c30a24efef50efcd44b664eb6ef7f251c670a8cf
+new file mode 100644
+index 000000000000..7c6e9d2a8b1d
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c30a24efef50efcd44b664eb6ef7f251c670a8cf differ
+diff --git a/fuzz/corpora/asn1parse/c3b62a07e14a7865d357afd42ead0efefa983eae b/fuzz/corpora/asn1parse/c3b62a07e14a7865d357afd42ead0efefa983eae
+new file mode 100644
+index 000000000000..432ae69769bd
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c3b62a07e14a7865d357afd42ead0efefa983eae differ
+diff --git a/fuzz/corpora/asn1parse/c635b835ab278536e93f2f2618766c8f773e7471 b/fuzz/corpora/asn1parse/c635b835ab278536e93f2f2618766c8f773e7471
+new file mode 100644
+index 000000000000..6f1556f0c53b
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c635b835ab278536e93f2f2618766c8f773e7471 differ
+diff --git a/fuzz/corpora/asn1parse/c8328e45aedab00fb505816c0f6c775729dde9d5 b/fuzz/corpora/asn1parse/c8328e45aedab00fb505816c0f6c775729dde9d5
+new file mode 100644
+index 000000000000..7bc25ed84e5a
+Binary files /dev/null and b/fuzz/corpora/asn1parse/c8328e45aedab00fb505816c0f6c775729dde9d5 differ
+diff --git a/fuzz/corpora/asn1parse/cfdcdf80a2f593f75b9bc4c414d28fba3c774df8 b/fuzz/corpora/asn1parse/cfdcdf80a2f593f75b9bc4c414d28fba3c774df8
+new file mode 100644
+index 000000000000..0c70da3d851f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/cfdcdf80a2f593f75b9bc4c414d28fba3c774df8 differ
+diff --git a/fuzz/corpora/asn1parse/d269930e8de364eebdbb7c9902bdeb4592b71dc8 b/fuzz/corpora/asn1parse/d269930e8de364eebdbb7c9902bdeb4592b71dc8
+new file mode 100644
+index 000000000000..112e7f1bd4fb
+Binary files /dev/null and b/fuzz/corpora/asn1parse/d269930e8de364eebdbb7c9902bdeb4592b71dc8 differ
+diff --git a/fuzz/corpora/asn1parse/d2eb6aba36a03e260a3212b0a5e2d7ff18d8c60e b/fuzz/corpora/asn1parse/d2eb6aba36a03e260a3212b0a5e2d7ff18d8c60e
+new file mode 100644
+index 000000000000..1698e156ce8f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/d2eb6aba36a03e260a3212b0a5e2d7ff18d8c60e differ
+diff --git a/fuzz/corpora/asn1parse/d6608a5b02a121c81e6f908debb82021011c15f2 b/fuzz/corpora/asn1parse/d6608a5b02a121c81e6f908debb82021011c15f2
+new file mode 100644
+index 000000000000..ea4926872a2f
+Binary files /dev/null and b/fuzz/corpora/asn1parse/d6608a5b02a121c81e6f908debb82021011c15f2 differ
+diff --git a/fuzz/corpora/asn1parse/d7be2fb1893bacdc83329632b9bc3c419475c3eb b/fuzz/corpora/asn1parse/d7be2fb1893bacdc83329632b9bc3c419475c3eb
+new file mode 100644
+index 000000000000..aa5b3221f022
+Binary files /dev/null and b/fuzz/corpora/asn1parse/d7be2fb1893bacdc83329632b9bc3c419475c3eb differ
+diff --git a/fuzz/corpora/asn1parse/d9827d651c051edec680de71f86758be95d6b635 b/fuzz/corpora/asn1parse/d9827d651c051edec680de71f86758be95d6b635
+new file mode 100644
+index 000000000000..e78039ae019c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/d9827d651c051edec680de71f86758be95d6b635 differ
+diff --git a/fuzz/corpora/asn1parse/dcf1078aef8974a4048cbedaed33b9f271c8a1a4 b/fuzz/corpora/asn1parse/dcf1078aef8974a4048cbedaed33b9f271c8a1a4
+new file mode 100644
+index 000000000000..a7478b177551
+Binary files /dev/null and b/fuzz/corpora/asn1parse/dcf1078aef8974a4048cbedaed33b9f271c8a1a4 differ
+diff --git a/fuzz/corpora/asn1parse/ddde4dfd8ed7358c2a148fabf6f46864547afed8 b/fuzz/corpora/asn1parse/ddde4dfd8ed7358c2a148fabf6f46864547afed8
+new file mode 100644
+index 000000000000..c5558043f6e2
+Binary files /dev/null and b/fuzz/corpora/asn1parse/ddde4dfd8ed7358c2a148fabf6f46864547afed8 differ
+diff --git a/fuzz/corpora/asn1parse/e1d6421a6d841cc640fbb39db3274b9eff34c8bb b/fuzz/corpora/asn1parse/e1d6421a6d841cc640fbb39db3274b9eff34c8bb
+new file mode 100644
+index 000000000000..ab331b8c2ac3
+Binary files /dev/null and b/fuzz/corpora/asn1parse/e1d6421a6d841cc640fbb39db3274b9eff34c8bb differ
+diff --git a/fuzz/corpora/asn1parse/e615944d4554e9f12fdfd06f31ceab358cc24a22 b/fuzz/corpora/asn1parse/e615944d4554e9f12fdfd06f31ceab358cc24a22
+new file mode 100644
+index 000000000000..8110f38fe56e
+Binary files /dev/null and b/fuzz/corpora/asn1parse/e615944d4554e9f12fdfd06f31ceab358cc24a22 differ
+diff --git a/fuzz/corpora/asn1parse/e7005ac5388e8212f152dfed2ccc1d348a711555 b/fuzz/corpora/asn1parse/e7005ac5388e8212f152dfed2ccc1d348a711555
+new file mode 100644
+index 000000000000..f84a85346abb
+Binary files /dev/null and b/fuzz/corpora/asn1parse/e7005ac5388e8212f152dfed2ccc1d348a711555 differ
+diff --git a/fuzz/corpora/asn1parse/eaa003719644c1893f25bd20d3cd4386e534a84f b/fuzz/corpora/asn1parse/eaa003719644c1893f25bd20d3cd4386e534a84f
+new file mode 100644
+index 000000000000..a7138715d2ce
+Binary files /dev/null and b/fuzz/corpora/asn1parse/eaa003719644c1893f25bd20d3cd4386e534a84f differ
+diff --git a/fuzz/corpora/asn1parse/ec929c4a8931f0e56e7f39e6c359475a7c758679 b/fuzz/corpora/asn1parse/ec929c4a8931f0e56e7f39e6c359475a7c758679
+new file mode 100644
+index 000000000000..f1b0ccb51200
+Binary files /dev/null and b/fuzz/corpora/asn1parse/ec929c4a8931f0e56e7f39e6c359475a7c758679 differ
+diff --git a/fuzz/corpora/asn1parse/efc35b21a2a7587e3f6f9a77f167e7e5b827ed71 b/fuzz/corpora/asn1parse/efc35b21a2a7587e3f6f9a77f167e7e5b827ed71
+new file mode 100644
+index 000000000000..8479b2530ea4
+Binary files /dev/null and b/fuzz/corpora/asn1parse/efc35b21a2a7587e3f6f9a77f167e7e5b827ed71 differ
+diff --git a/fuzz/corpora/asn1parse/f195c020a28dfc5f2fb6af256b524ddcd93756ed b/fuzz/corpora/asn1parse/f195c020a28dfc5f2fb6af256b524ddcd93756ed
+new file mode 100644
+index 000000000000..b1d81e79354c
+Binary files /dev/null and b/fuzz/corpora/asn1parse/f195c020a28dfc5f2fb6af256b524ddcd93756ed differ
+diff --git a/fuzz/corpora/asn1parse/f46e628ba2a0c6aa20f63b991305c2b28a699f07 b/fuzz/corpora/asn1parse/f46e628ba2a0c6aa20f63b991305c2b28a699f07
+new file mode 100644
+index 000000000000..3bfbb18a7de7
+Binary files /dev/null and b/fuzz/corpora/asn1parse/f46e628ba2a0c6aa20f63b991305c2b28a699f07 differ
+diff --git a/fuzz/corpora/asn1parse/f4e6841dcaca0354f22895fbbc5ee12c0880948a b/fuzz/corpora/asn1parse/f4e6841dcaca0354f22895fbbc5ee12c0880948a
+new file mode 100644
+index 000000000000..43415f4a35b1
+Binary files /dev/null and b/fuzz/corpora/asn1parse/f4e6841dcaca0354f22895fbbc5ee12c0880948a differ
+diff --git a/fuzz/corpora/asn1parse/f86aa454cf580728b8040bdbf7ab50612599ea9f b/fuzz/corpora/asn1parse/f86aa454cf580728b8040bdbf7ab50612599ea9f
+new file mode 100644
+index 000000000000..89baf2a1661b
+Binary files /dev/null and b/fuzz/corpora/asn1parse/f86aa454cf580728b8040bdbf7ab50612599ea9f differ
+diff --git a/fuzz/corpora/asn1parse/fb1f4388dbab935a9b62bef9c3b76b5fc4074537 b/fuzz/corpora/asn1parse/fb1f4388dbab935a9b62bef9c3b76b5fc4074537
+new file mode 100644
+index 000000000000..b40d11c1460d
+Binary files /dev/null and b/fuzz/corpora/asn1parse/fb1f4388dbab935a9b62bef9c3b76b5fc4074537 differ
+diff --git a/fuzz/corpora/asn1parse/fef17ab1380b25a7266a32588ec04779cff2e081 b/fuzz/corpora/asn1parse/fef17ab1380b25a7266a32588ec04779cff2e081
+new file mode 100644
+index 000000000000..4f8c5e9faa51
+Binary files /dev/null and b/fuzz/corpora/asn1parse/fef17ab1380b25a7266a32588ec04779cff2e081 differ
+diff --git a/fuzz/corpora/bignum/0728713e8df5f3960d98461361fb03c2bd3b756c b/fuzz/corpora/bignum/0728713e8df5f3960d98461361fb03c2bd3b756c
+new file mode 100644
+index 000000000000..0de8c4de3ef9
+Binary files /dev/null and b/fuzz/corpora/bignum/0728713e8df5f3960d98461361fb03c2bd3b756c differ
+diff --git a/fuzz/corpora/bignum/0f1cf91268ea81dc15ef7cbf4fa9b506950913e5 b/fuzz/corpora/bignum/0f1cf91268ea81dc15ef7cbf4fa9b506950913e5
+new file mode 100644
+index 000000000000..84b978435f8f
+Binary files /dev/null and b/fuzz/corpora/bignum/0f1cf91268ea81dc15ef7cbf4fa9b506950913e5 differ
+diff --git a/fuzz/corpora/bignum/177faa33471e0c4089d63bb5f759519d943977c6 b/fuzz/corpora/bignum/177faa33471e0c4089d63bb5f759519d943977c6
+new file mode 100644
+index 000000000000..7327ab44eb91
+Binary files /dev/null and b/fuzz/corpora/bignum/177faa33471e0c4089d63bb5f759519d943977c6 differ
+diff --git a/fuzz/corpora/bignum/1a1aa39a93522b16639db02bcfbb0a9a96fa6820 b/fuzz/corpora/bignum/1a1aa39a93522b16639db02bcfbb0a9a96fa6820
+new file mode 100644
+index 000000000000..1d98c50b6764
+Binary files /dev/null and b/fuzz/corpora/bignum/1a1aa39a93522b16639db02bcfbb0a9a96fa6820 differ
+diff --git a/fuzz/corpora/bignum/1d834830fe33eb7299f5294a839b23b761c683e9 b/fuzz/corpora/bignum/1d834830fe33eb7299f5294a839b23b761c683e9
+new file mode 100644
+index 000000000000..2d5c61e1bf8b
+Binary files /dev/null and b/fuzz/corpora/bignum/1d834830fe33eb7299f5294a839b23b761c683e9 differ
+diff --git a/fuzz/corpora/bignum/1e9b8cc6c10208adec5a96bb59f5888bfa8dbc5e b/fuzz/corpora/bignum/1e9b8cc6c10208adec5a96bb59f5888bfa8dbc5e
+new file mode 100644
+index 000000000000..0af41716bb8e
+Binary files /dev/null and b/fuzz/corpora/bignum/1e9b8cc6c10208adec5a96bb59f5888bfa8dbc5e differ
+diff --git a/fuzz/corpora/bignum/2705b5aa99394f9a2a4b400f381a2a20302f2a8b b/fuzz/corpora/bignum/2705b5aa99394f9a2a4b400f381a2a20302f2a8b
+new file mode 100644
+index 000000000000..0d80270eff96
+Binary files /dev/null and b/fuzz/corpora/bignum/2705b5aa99394f9a2a4b400f381a2a20302f2a8b differ
+diff --git a/fuzz/corpora/bignum/285330c31558db5d8615f726fcc91cfaa80b6979 b/fuzz/corpora/bignum/285330c31558db5d8615f726fcc91cfaa80b6979
+new file mode 100644
+index 000000000000..44bcead72d03
+Binary files /dev/null and b/fuzz/corpora/bignum/285330c31558db5d8615f726fcc91cfaa80b6979 differ
+diff --git a/fuzz/corpora/bignum/28729becd86d4dc9678d9201328ab440d100a00f b/fuzz/corpora/bignum/28729becd86d4dc9678d9201328ab440d100a00f
+new file mode 100644
+index 000000000000..1ea41354914b
+Binary files /dev/null and b/fuzz/corpora/bignum/28729becd86d4dc9678d9201328ab440d100a00f differ
+diff --git a/fuzz/corpora/bignum/2927e1adfc42f99c05d689be487d43b2ea8f47f8 b/fuzz/corpora/bignum/2927e1adfc42f99c05d689be487d43b2ea8f47f8
+new file mode 100644
+index 000000000000..07e2df52cb92
+Binary files /dev/null and b/fuzz/corpora/bignum/2927e1adfc42f99c05d689be487d43b2ea8f47f8 differ
+diff --git a/fuzz/corpora/bignum/2f3272446cfb30d253bed48668a98ada167e67e9 b/fuzz/corpora/bignum/2f3272446cfb30d253bed48668a98ada167e67e9
+new file mode 100644
+index 000000000000..177424007239
+Binary files /dev/null and b/fuzz/corpora/bignum/2f3272446cfb30d253bed48668a98ada167e67e9 differ
+diff --git a/fuzz/corpora/bignum/309c35d23ea9b08586c34721f26d62366de7828b b/fuzz/corpora/bignum/309c35d23ea9b08586c34721f26d62366de7828b
+new file mode 100644
+index 000000000000..8796b6d7477e
+Binary files /dev/null and b/fuzz/corpora/bignum/309c35d23ea9b08586c34721f26d62366de7828b differ
+diff --git a/fuzz/corpora/bignum/3145ed7854e27c3ae6487315053042a706b49d9b b/fuzz/corpora/bignum/3145ed7854e27c3ae6487315053042a706b49d9b
+new file mode 100644
+index 000000000000..c649d4a38a01
+Binary files /dev/null and b/fuzz/corpora/bignum/3145ed7854e27c3ae6487315053042a706b49d9b differ
+diff --git a/fuzz/corpora/bignum/35b67347bd2acfa9e5e0a5479d36c5e510f4be44 b/fuzz/corpora/bignum/35b67347bd2acfa9e5e0a5479d36c5e510f4be44
+new file mode 100644
+index 000000000000..e322b2e3e725
+Binary files /dev/null and b/fuzz/corpora/bignum/35b67347bd2acfa9e5e0a5479d36c5e510f4be44 differ
+diff --git a/fuzz/corpora/bignum/38bb89caf64e38125ed0f8d9ea86ac5ade6dfcd8 b/fuzz/corpora/bignum/38bb89caf64e38125ed0f8d9ea86ac5ade6dfcd8
+new file mode 100644
+index 000000000000..9ed54f84b8df
+Binary files /dev/null and b/fuzz/corpora/bignum/38bb89caf64e38125ed0f8d9ea86ac5ade6dfcd8 differ
+diff --git a/fuzz/corpora/bignum/3a2d683cd6dbdd214208918c98816c137dadaee8 b/fuzz/corpora/bignum/3a2d683cd6dbdd214208918c98816c137dadaee8
+new file mode 100644
+index 000000000000..10660ce0498e
+Binary files /dev/null and b/fuzz/corpora/bignum/3a2d683cd6dbdd214208918c98816c137dadaee8 differ
+diff --git a/fuzz/corpora/bignum/4f925d76f15adfca36184a6f24d5420a3b9589fb b/fuzz/corpora/bignum/4f925d76f15adfca36184a6f24d5420a3b9589fb
+new file mode 100644
+index 000000000000..7365416fe522
+Binary files /dev/null and b/fuzz/corpora/bignum/4f925d76f15adfca36184a6f24d5420a3b9589fb differ
+diff --git a/fuzz/corpora/bignum/534dabcc73b8ae2bf696eb9b51dee07539a58400 b/fuzz/corpora/bignum/534dabcc73b8ae2bf696eb9b51dee07539a58400
+new file mode 100644
+index 000000000000..62622ce9bdfd
+Binary files /dev/null and b/fuzz/corpora/bignum/534dabcc73b8ae2bf696eb9b51dee07539a58400 differ
+diff --git a/fuzz/corpora/bignum/5495e1f09d4809e1f99cc85aad55c6474a02f90c b/fuzz/corpora/bignum/5495e1f09d4809e1f99cc85aad55c6474a02f90c
+new file mode 100644
+index 000000000000..8246a5de15f5
+Binary files /dev/null and b/fuzz/corpora/bignum/5495e1f09d4809e1f99cc85aad55c6474a02f90c differ
+diff --git a/fuzz/corpora/bignum/57b0e3125c85ae25b685e8905e2acd7039c435ea b/fuzz/corpora/bignum/57b0e3125c85ae25b685e8905e2acd7039c435ea
+new file mode 100644
+index 000000000000..c0af85f05267
+Binary files /dev/null and b/fuzz/corpora/bignum/57b0e3125c85ae25b685e8905e2acd7039c435ea differ
+diff --git a/fuzz/corpora/bignum/5811287cc6937704afee6761957b2cf0b6196bfa b/fuzz/corpora/bignum/5811287cc6937704afee6761957b2cf0b6196bfa
+new file mode 100644
+index 000000000000..0f41b62f312e
+Binary files /dev/null and b/fuzz/corpora/bignum/5811287cc6937704afee6761957b2cf0b6196bfa differ
+diff --git a/fuzz/corpora/bignum/5d345fc6db6471637eca18aef128da61c02efc66 b/fuzz/corpora/bignum/5d345fc6db6471637eca18aef128da61c02efc66
+new file mode 100644
+index 000000000000..d967c9e735f5
+Binary files /dev/null and b/fuzz/corpora/bignum/5d345fc6db6471637eca18aef128da61c02efc66 differ
+diff --git a/fuzz/corpora/bignum/5dcfdc0addb7edcf3c5b162a516b0c1cfa421e8b b/fuzz/corpora/bignum/5dcfdc0addb7edcf3c5b162a516b0c1cfa421e8b
+new file mode 100644
+index 000000000000..1bec4c5d8a99
+Binary files /dev/null and b/fuzz/corpora/bignum/5dcfdc0addb7edcf3c5b162a516b0c1cfa421e8b differ
+diff --git a/fuzz/corpora/bignum/6386e32b2d2b5696a8f7434a050ebe9b344af664 b/fuzz/corpora/bignum/6386e32b2d2b5696a8f7434a050ebe9b344af664
+new file mode 100644
+index 000000000000..044a75d69540
+Binary files /dev/null and b/fuzz/corpora/bignum/6386e32b2d2b5696a8f7434a050ebe9b344af664 differ
+diff --git a/fuzz/corpora/bignum/65d589dc8186f86eeb6e33fa3eb0a96f6d13d7f7 b/fuzz/corpora/bignum/65d589dc8186f86eeb6e33fa3eb0a96f6d13d7f7
+new file mode 100644
+index 000000000000..17232f33540c
+Binary files /dev/null and b/fuzz/corpora/bignum/65d589dc8186f86eeb6e33fa3eb0a96f6d13d7f7 differ
+diff --git a/fuzz/corpora/bignum/6a091b0c55cb40e226fba1dda032990560718ec6 b/fuzz/corpora/bignum/6a091b0c55cb40e226fba1dda032990560718ec6
+new file mode 100644
+index 000000000000..ad76e64c0942
+Binary files /dev/null and b/fuzz/corpora/bignum/6a091b0c55cb40e226fba1dda032990560718ec6 differ
+diff --git a/fuzz/corpora/bignum/6e247c64e26a01c619c0956b3f3ba7184c7832af b/fuzz/corpora/bignum/6e247c64e26a01c619c0956b3f3ba7184c7832af
+new file mode 100644
+index 000000000000..4cdd2f632778
+Binary files /dev/null and b/fuzz/corpora/bignum/6e247c64e26a01c619c0956b3f3ba7184c7832af differ
+diff --git a/fuzz/corpora/bignum/765bb2b65eabdb73a20740a8a164a3501914094b b/fuzz/corpora/bignum/765bb2b65eabdb73a20740a8a164a3501914094b
+new file mode 100644
+index 000000000000..0db52b158ad8
+Binary files /dev/null and b/fuzz/corpora/bignum/765bb2b65eabdb73a20740a8a164a3501914094b differ
+diff --git a/fuzz/corpora/bignum/84d2f75f0be2a8e7eb7213087c21ad668b8de89f b/fuzz/corpora/bignum/84d2f75f0be2a8e7eb7213087c21ad668b8de89f
+new file mode 100644
+index 000000000000..ca21a171f3ca
+Binary files /dev/null and b/fuzz/corpora/bignum/84d2f75f0be2a8e7eb7213087c21ad668b8de89f differ
+diff --git a/fuzz/corpora/bignum/8bdc6c43f835b628d206ba20dd096fd6b152dc05 b/fuzz/corpora/bignum/8bdc6c43f835b628d206ba20dd096fd6b152dc05
+new file mode 100644
+index 000000000000..cfe299a0a912
+Binary files /dev/null and b/fuzz/corpora/bignum/8bdc6c43f835b628d206ba20dd096fd6b152dc05 differ
+diff --git a/fuzz/corpora/bignum/8c2f38d827889a408fddd7ba6c3732fa8e3035b1 b/fuzz/corpora/bignum/8c2f38d827889a408fddd7ba6c3732fa8e3035b1
+new file mode 100644
+index 000000000000..4634515d9578
+Binary files /dev/null and b/fuzz/corpora/bignum/8c2f38d827889a408fddd7ba6c3732fa8e3035b1 differ
+diff --git a/fuzz/corpora/bignum/8f060e4815924d555a8781ab1373034dd361659b b/fuzz/corpora/bignum/8f060e4815924d555a8781ab1373034dd361659b
+new file mode 100644
+index 000000000000..1d502aaa6056
+Binary files /dev/null and b/fuzz/corpora/bignum/8f060e4815924d555a8781ab1373034dd361659b differ
+diff --git a/fuzz/corpora/bignum/910d1a73fe7a621474aeffc2617076d58dc80f5b b/fuzz/corpora/bignum/910d1a73fe7a621474aeffc2617076d58dc80f5b
+new file mode 100644
+index 000000000000..7cbedc5d087d
+Binary files /dev/null and b/fuzz/corpora/bignum/910d1a73fe7a621474aeffc2617076d58dc80f5b differ
+diff --git a/fuzz/corpora/bignum/949e1329a2d0596bd2ef36f46bab60bc9b0d9a3e b/fuzz/corpora/bignum/949e1329a2d0596bd2ef36f46bab60bc9b0d9a3e
+new file mode 100644
+index 000000000000..cac68bc84368
+Binary files /dev/null and b/fuzz/corpora/bignum/949e1329a2d0596bd2ef36f46bab60bc9b0d9a3e differ
+diff --git a/fuzz/corpora/bignum/9618fa77bc853eebfb1f4db2d06e65fa2cbaab51 b/fuzz/corpora/bignum/9618fa77bc853eebfb1f4db2d06e65fa2cbaab51
+new file mode 100644
+index 000000000000..838c67de87be
+Binary files /dev/null and b/fuzz/corpora/bignum/9618fa77bc853eebfb1f4db2d06e65fa2cbaab51 differ
+diff --git a/fuzz/corpora/bignum/979525ca2c3317a49a2cb39f52b03d777b8af741 b/fuzz/corpora/bignum/979525ca2c3317a49a2cb39f52b03d777b8af741
+new file mode 100644
+index 000000000000..afc1e2618573
+Binary files /dev/null and b/fuzz/corpora/bignum/979525ca2c3317a49a2cb39f52b03d777b8af741 differ
+diff --git a/fuzz/corpora/bignum/9842926af7ca0a8cca12604f945414f07b01e13d b/fuzz/corpora/bignum/9842926af7ca0a8cca12604f945414f07b01e13d
+new file mode 100644
+index 000000000000..fc2b5693e00b
+Binary files /dev/null and b/fuzz/corpora/bignum/9842926af7ca0a8cca12604f945414f07b01e13d differ
+diff --git a/fuzz/corpora/bignum/994b161242ac4c651e68769d752cc14843c609c8 b/fuzz/corpora/bignum/994b161242ac4c651e68769d752cc14843c609c8
+new file mode 100644
+index 000000000000..de7ffbbc89a2
+Binary files /dev/null and b/fuzz/corpora/bignum/994b161242ac4c651e68769d752cc14843c609c8 differ
+diff --git a/fuzz/corpora/bignum/9ab4d260127a3d6afb2db817105d4e1ee9ea3607 b/fuzz/corpora/bignum/9ab4d260127a3d6afb2db817105d4e1ee9ea3607
+new file mode 100644
+index 000000000000..2eabda8ec7f1
+Binary files /dev/null and b/fuzz/corpora/bignum/9ab4d260127a3d6afb2db817105d4e1ee9ea3607 differ
+diff --git a/fuzz/corpora/bignum/9e27ae2e4be753d9eedc360067e314e06121fbaf b/fuzz/corpora/bignum/9e27ae2e4be753d9eedc360067e314e06121fbaf
+new file mode 100644
+index 000000000000..f940084b3f1c
+Binary files /dev/null and b/fuzz/corpora/bignum/9e27ae2e4be753d9eedc360067e314e06121fbaf differ
+diff --git a/fuzz/corpora/bignum/a84873a1eb1d53f13edc6381d03f6d43a4d5a9ff b/fuzz/corpora/bignum/a84873a1eb1d53f13edc6381d03f6d43a4d5a9ff
+new file mode 100644
+index 000000000000..f4ede45e7506
+Binary files /dev/null and b/fuzz/corpora/bignum/a84873a1eb1d53f13edc6381d03f6d43a4d5a9ff differ
+diff --git a/fuzz/corpora/bignum/bbc981e11553ad0856ede92fd4aed89b1846f95f b/fuzz/corpora/bignum/bbc981e11553ad0856ede92fd4aed89b1846f95f
+new file mode 100644
+index 000000000000..728daa1080f5
+Binary files /dev/null and b/fuzz/corpora/bignum/bbc981e11553ad0856ede92fd4aed89b1846f95f differ
+diff --git a/fuzz/corpora/bignum/bf5957ba86ad17a7ce34b0389ac49046dafe1e76 b/fuzz/corpora/bignum/bf5957ba86ad17a7ce34b0389ac49046dafe1e76
+new file mode 100644
+index 000000000000..abacbb700365
+Binary files /dev/null and b/fuzz/corpora/bignum/bf5957ba86ad17a7ce34b0389ac49046dafe1e76 differ
+diff --git a/fuzz/corpora/bignum/c105f5fa1206756628911b3f2a6fa9880a3bc02b b/fuzz/corpora/bignum/c105f5fa1206756628911b3f2a6fa9880a3bc02b
+new file mode 100644
+index 000000000000..9985e513ce8a
+Binary files /dev/null and b/fuzz/corpora/bignum/c105f5fa1206756628911b3f2a6fa9880a3bc02b differ
+diff --git a/fuzz/corpora/bignum/c464483f4c9cec2ec01e8e65607bb026eb861c5d b/fuzz/corpora/bignum/c464483f4c9cec2ec01e8e65607bb026eb861c5d
+new file mode 100644
+index 000000000000..2f9f58219b35
+Binary files /dev/null and b/fuzz/corpora/bignum/c464483f4c9cec2ec01e8e65607bb026eb861c5d differ
+diff --git a/fuzz/corpora/bignum/c903774986dbf2d90f8d42a63b9b2bdd30544459 b/fuzz/corpora/bignum/c903774986dbf2d90f8d42a63b9b2bdd30544459
+new file mode 100644
+index 000000000000..7e363d448ebb
+Binary files /dev/null and b/fuzz/corpora/bignum/c903774986dbf2d90f8d42a63b9b2bdd30544459 differ
+diff --git a/fuzz/corpora/bignum/d90e132d21b58b341439c6e6755027a2f182cf1a b/fuzz/corpora/bignum/d90e132d21b58b341439c6e6755027a2f182cf1a
+new file mode 100644
+index 000000000000..4fb9e730fa81
+Binary files /dev/null and b/fuzz/corpora/bignum/d90e132d21b58b341439c6e6755027a2f182cf1a differ
+diff --git a/fuzz/corpora/bignum/df17a52fb8a65c2620980c4feb52e08bcf446c2e b/fuzz/corpora/bignum/df17a52fb8a65c2620980c4feb52e08bcf446c2e
+new file mode 100644
+index 000000000000..7896778004d0
+Binary files /dev/null and b/fuzz/corpora/bignum/df17a52fb8a65c2620980c4feb52e08bcf446c2e differ
+diff --git a/fuzz/corpora/bignum/ea20e7246e7887b459cc5efb02e08a30c2c1168a b/fuzz/corpora/bignum/ea20e7246e7887b459cc5efb02e08a30c2c1168a
+new file mode 100644
+index 000000000000..38f6a2503314
+Binary files /dev/null and b/fuzz/corpora/bignum/ea20e7246e7887b459cc5efb02e08a30c2c1168a differ
+diff --git a/fuzz/corpora/bignum/eea5d647be7ae1e28e52de713eed53e9c641a642 b/fuzz/corpora/bignum/eea5d647be7ae1e28e52de713eed53e9c641a642
+new file mode 100644
+index 000000000000..a931b6e2caca
+Binary files /dev/null and b/fuzz/corpora/bignum/eea5d647be7ae1e28e52de713eed53e9c641a642 differ
+diff --git a/fuzz/corpora/bignum/f388be7f645353fdd5ba303a32c2a48940f88f5c b/fuzz/corpora/bignum/f388be7f645353fdd5ba303a32c2a48940f88f5c
+new file mode 100644
+index 000000000000..d32cac6b9eb4
+Binary files /dev/null and b/fuzz/corpora/bignum/f388be7f645353fdd5ba303a32c2a48940f88f5c differ
+diff --git a/fuzz/corpora/bndiv-crash/crash-10b8fe318244b4897fbf60e325bc969f81313754 b/fuzz/corpora/bndiv-crash/crash-10b8fe318244b4897fbf60e325bc969f81313754
+new file mode 100644
+index 000000000000..026d0ad2f721
+Binary files /dev/null and b/fuzz/corpora/bndiv-crash/crash-10b8fe318244b4897fbf60e325bc969f81313754 differ
+diff --git a/fuzz/corpora/bndiv-crash/crash-37cb66c8a9a87d8a20c1a170bdd1baf452792abd b/fuzz/corpora/bndiv-crash/crash-37cb66c8a9a87d8a20c1a170bdd1baf452792abd
+new file mode 100644
+index 000000000000..60e86f1ebc38
+Binary files /dev/null and b/fuzz/corpora/bndiv-crash/crash-37cb66c8a9a87d8a20c1a170bdd1baf452792abd differ
+diff --git a/fuzz/corpora/bndiv-crash/crash-fc12e07ad9dbc5674678b2a782e2e1ae6d04b15a b/fuzz/corpora/bndiv-crash/crash-fc12e07ad9dbc5674678b2a782e2e1ae6d04b15a
+new file mode 100644
+index 000000000000..b5be5ac274ec
+Binary files /dev/null and b/fuzz/corpora/bndiv-crash/crash-fc12e07ad9dbc5674678b2a782e2e1ae6d04b15a differ
+diff --git a/fuzz/corpora/bndiv/0025f06e7b7e1d48c8e71e5a02964d65e0d472af b/fuzz/corpora/bndiv/0025f06e7b7e1d48c8e71e5a02964d65e0d472af
+new file mode 100644
+index 000000000000..a867c5ee764b
+Binary files /dev/null and b/fuzz/corpora/bndiv/0025f06e7b7e1d48c8e71e5a02964d65e0d472af differ
+diff --git a/fuzz/corpora/bndiv/10b8fe318244b4897fbf60e325bc969f81313754 b/fuzz/corpora/bndiv/10b8fe318244b4897fbf60e325bc969f81313754
+new file mode 100644
+index 000000000000..026d0ad2f721
+Binary files /dev/null and b/fuzz/corpora/bndiv/10b8fe318244b4897fbf60e325bc969f81313754 differ
+diff --git a/fuzz/corpora/bndiv/1f870191ef961adf3fcf8da1c49d8d0faab8e07d b/fuzz/corpora/bndiv/1f870191ef961adf3fcf8da1c49d8d0faab8e07d
+new file mode 100644
+index 000000000000..2506ad3aec19
+Binary files /dev/null and b/fuzz/corpora/bndiv/1f870191ef961adf3fcf8da1c49d8d0faab8e07d differ
+diff --git a/fuzz/corpora/bndiv/209bc71a174ce45b431f9606d22cf88b1b93ed59 b/fuzz/corpora/bndiv/209bc71a174ce45b431f9606d22cf88b1b93ed59
+new file mode 100644
+index 000000000000..9cb5b4438885
+Binary files /dev/null and b/fuzz/corpora/bndiv/209bc71a174ce45b431f9606d22cf88b1b93ed59 differ
+diff --git a/fuzz/corpora/bndiv/21e0f227f537e66d2058f493f908faa6e5b6a21f b/fuzz/corpora/bndiv/21e0f227f537e66d2058f493f908faa6e5b6a21f
+new file mode 100644
+index 000000000000..04db463aefcd
+Binary files /dev/null and b/fuzz/corpora/bndiv/21e0f227f537e66d2058f493f908faa6e5b6a21f differ
+diff --git a/fuzz/corpora/bndiv/316e41cfe92634bf55ccb172994d5f4b54e464b7 b/fuzz/corpora/bndiv/316e41cfe92634bf55ccb172994d5f4b54e464b7
+new file mode 100644
+index 000000000000..1e76cdc24146
+Binary files /dev/null and b/fuzz/corpora/bndiv/316e41cfe92634bf55ccb172994d5f4b54e464b7 differ
+diff --git a/fuzz/corpora/bndiv/31fac23c90fb962d2473f19751f7f6834d9673a1 b/fuzz/corpora/bndiv/31fac23c90fb962d2473f19751f7f6834d9673a1
+new file mode 100644
+index 000000000000..a7dbf7658dc5
+Binary files /dev/null and b/fuzz/corpora/bndiv/31fac23c90fb962d2473f19751f7f6834d9673a1 differ
+diff --git a/fuzz/corpora/bndiv/37c9f80228f1c84ae327ef654371a553a8986271 b/fuzz/corpora/bndiv/37c9f80228f1c84ae327ef654371a553a8986271
+new file mode 100644
+index 000000000000..267ee2c82f48
+Binary files /dev/null and b/fuzz/corpora/bndiv/37c9f80228f1c84ae327ef654371a553a8986271 differ
+diff --git a/fuzz/corpora/bndiv/5351f82ed609bbf5ea35829ea9f396ffa63d2be4 b/fuzz/corpora/bndiv/5351f82ed609bbf5ea35829ea9f396ffa63d2be4
+new file mode 100644
+index 000000000000..5b5cc32b44fb
+Binary files /dev/null and b/fuzz/corpora/bndiv/5351f82ed609bbf5ea35829ea9f396ffa63d2be4 differ
+diff --git a/fuzz/corpora/bndiv/54bcabfd9adb8c223c2cebd955f4e83f057c22ac b/fuzz/corpora/bndiv/54bcabfd9adb8c223c2cebd955f4e83f057c22ac
+new file mode 100644
+index 000000000000..1db0be85a0bb
+Binary files /dev/null and b/fuzz/corpora/bndiv/54bcabfd9adb8c223c2cebd955f4e83f057c22ac differ
+diff --git a/fuzz/corpora/bndiv/59a8921e40b761e334ee6aba3a31d77c90e3adc5 b/fuzz/corpora/bndiv/59a8921e40b761e334ee6aba3a31d77c90e3adc5
+new file mode 100644
+index 000000000000..12ec39cf62fb
+Binary files /dev/null and b/fuzz/corpora/bndiv/59a8921e40b761e334ee6aba3a31d77c90e3adc5 differ
+diff --git a/fuzz/corpora/bndiv/5f322ba149d86572a73736a4df8b6adeaf8e1e99 b/fuzz/corpora/bndiv/5f322ba149d86572a73736a4df8b6adeaf8e1e99
+new file mode 100644
+index 000000000000..0175ca44551d
+Binary files /dev/null and b/fuzz/corpora/bndiv/5f322ba149d86572a73736a4df8b6adeaf8e1e99 differ
+diff --git a/fuzz/corpora/bndiv/61de3a2f6367500194f020bc4a2bfd0459279360 b/fuzz/corpora/bndiv/61de3a2f6367500194f020bc4a2bfd0459279360
+new file mode 100644
+index 000000000000..2b13d1e2f996
+Binary files /dev/null and b/fuzz/corpora/bndiv/61de3a2f6367500194f020bc4a2bfd0459279360 differ
+diff --git a/fuzz/corpora/bndiv/6233138e33022ad6d77315f5923e4c13af9a0d9c b/fuzz/corpora/bndiv/6233138e33022ad6d77315f5923e4c13af9a0d9c
+new file mode 100644
+index 000000000000..23f5005b1fe7
+Binary files /dev/null and b/fuzz/corpora/bndiv/6233138e33022ad6d77315f5923e4c13af9a0d9c differ
+diff --git a/fuzz/corpora/bndiv/77e6286d56b60ce8e3a88e060e8216bdf80a502c b/fuzz/corpora/bndiv/77e6286d56b60ce8e3a88e060e8216bdf80a502c
+new file mode 100644
+index 000000000000..ef4b94459ef9
+Binary files /dev/null and b/fuzz/corpora/bndiv/77e6286d56b60ce8e3a88e060e8216bdf80a502c differ
+diff --git a/fuzz/corpora/bndiv/782276095ef10c8df90137008103764b2e4c17cd b/fuzz/corpora/bndiv/782276095ef10c8df90137008103764b2e4c17cd
+new file mode 100644
+index 000000000000..92acf550e0a8
+Binary files /dev/null and b/fuzz/corpora/bndiv/782276095ef10c8df90137008103764b2e4c17cd differ
+diff --git a/fuzz/corpora/bndiv/831a818c86cbbdb72d8f7b3637055968a3f2fcd4 b/fuzz/corpora/bndiv/831a818c86cbbdb72d8f7b3637055968a3f2fcd4
+new file mode 100644
+index 000000000000..82caa2332768
+Binary files /dev/null and b/fuzz/corpora/bndiv/831a818c86cbbdb72d8f7b3637055968a3f2fcd4 differ
+diff --git a/fuzz/corpora/bndiv/85583eff0876fb8b7f984462bc8014aeba29bd73 b/fuzz/corpora/bndiv/85583eff0876fb8b7f984462bc8014aeba29bd73
+new file mode 100644
+index 000000000000..72ca9afea6c8
+Binary files /dev/null and b/fuzz/corpora/bndiv/85583eff0876fb8b7f984462bc8014aeba29bd73 differ
+diff --git a/fuzz/corpora/bndiv/8802c01fa86f919f5cb239d84fb8b611d1a60efa b/fuzz/corpora/bndiv/8802c01fa86f919f5cb239d84fb8b611d1a60efa
+new file mode 100644
+index 000000000000..381995735209
+Binary files /dev/null and b/fuzz/corpora/bndiv/8802c01fa86f919f5cb239d84fb8b611d1a60efa differ
+diff --git a/fuzz/corpora/bndiv/9a78211436f6d425ec38f5c4e02270801f3524f8 b/fuzz/corpora/bndiv/9a78211436f6d425ec38f5c4e02270801f3524f8
+new file mode 100644
+index 000000000000..b516b2c489f1
+Binary files /dev/null and b/fuzz/corpora/bndiv/9a78211436f6d425ec38f5c4e02270801f3524f8 differ
+diff --git a/fuzz/corpora/bndiv/9ed5fdf8b28586990e74936e0da35b82ce3383a6 b/fuzz/corpora/bndiv/9ed5fdf8b28586990e74936e0da35b82ce3383a6
+new file mode 100644
+index 000000000000..265f00996d6e
+Binary files /dev/null and b/fuzz/corpora/bndiv/9ed5fdf8b28586990e74936e0da35b82ce3383a6 differ
+diff --git a/fuzz/corpora/bndiv/a5c65b20050ea84fb97e8e7fd1c96879a70569c5 b/fuzz/corpora/bndiv/a5c65b20050ea84fb97e8e7fd1c96879a70569c5
+new file mode 100644
+index 000000000000..fa74d3304e90
+Binary files /dev/null and b/fuzz/corpora/bndiv/a5c65b20050ea84fb97e8e7fd1c96879a70569c5 differ
+diff --git a/fuzz/corpora/bndiv/ace89fa94c9cb27b14d615514c172943b3fc2452 b/fuzz/corpora/bndiv/ace89fa94c9cb27b14d615514c172943b3fc2452
+new file mode 100644
+index 000000000000..04a9d9b1f63c
+Binary files /dev/null and b/fuzz/corpora/bndiv/ace89fa94c9cb27b14d615514c172943b3fc2452 differ
+diff --git a/fuzz/corpora/bndiv/b240eed4400fd9a7e1347e39e769b4abe009f27f b/fuzz/corpora/bndiv/b240eed4400fd9a7e1347e39e769b4abe009f27f
+new file mode 100644
+index 000000000000..2338aaa0b33b
+Binary files /dev/null and b/fuzz/corpora/bndiv/b240eed4400fd9a7e1347e39e769b4abe009f27f differ
+diff --git a/fuzz/corpora/bndiv/bb3d1ea5b1a520c428a09ddbf5907668e6dae74a b/fuzz/corpora/bndiv/bb3d1ea5b1a520c428a09ddbf5907668e6dae74a
+new file mode 100644
+index 000000000000..5ceb0f1e0569
+Binary files /dev/null and b/fuzz/corpora/bndiv/bb3d1ea5b1a520c428a09ddbf5907668e6dae74a differ
+diff --git a/fuzz/corpora/bndiv/bd14a83c24780bbfdd18e9379bdadd015c4aa0c9 b/fuzz/corpora/bndiv/bd14a83c24780bbfdd18e9379bdadd015c4aa0c9
+new file mode 100644
+index 000000000000..4793e58089f7
+Binary files /dev/null and b/fuzz/corpora/bndiv/bd14a83c24780bbfdd18e9379bdadd015c4aa0c9 differ
+diff --git a/fuzz/corpora/bndiv/c24004659b1dc93c1d422e27a7c03813772714ad b/fuzz/corpora/bndiv/c24004659b1dc93c1d422e27a7c03813772714ad
+new file mode 100644
+index 000000000000..bb53bfe38137
+Binary files /dev/null and b/fuzz/corpora/bndiv/c24004659b1dc93c1d422e27a7c03813772714ad differ
+diff --git a/fuzz/corpora/bndiv/cfd07a01e951548e08f4c0a0fff92503ab3595c8 b/fuzz/corpora/bndiv/cfd07a01e951548e08f4c0a0fff92503ab3595c8
+new file mode 100644
+index 000000000000..d630671f4bd4
+Binary files /dev/null and b/fuzz/corpora/bndiv/cfd07a01e951548e08f4c0a0fff92503ab3595c8 differ
+diff --git a/fuzz/corpora/bndiv/d8ff92842d78cf863785bec5f652b1cbfebc538b b/fuzz/corpora/bndiv/d8ff92842d78cf863785bec5f652b1cbfebc538b
+new file mode 100644
+index 000000000000..888276f22169
+Binary files /dev/null and b/fuzz/corpora/bndiv/d8ff92842d78cf863785bec5f652b1cbfebc538b differ
+diff --git a/fuzz/corpora/bndiv/d962753298161149a430ce191d3006056b95a3ec b/fuzz/corpora/bndiv/d962753298161149a430ce191d3006056b95a3ec
+new file mode 100644
+index 000000000000..132e8930227a
+Binary files /dev/null and b/fuzz/corpora/bndiv/d962753298161149a430ce191d3006056b95a3ec differ
+diff --git a/fuzz/corpora/bndiv/da9d6b8403802420548ee28e446180647cfeefb2 b/fuzz/corpora/bndiv/da9d6b8403802420548ee28e446180647cfeefb2
+new file mode 100644
+index 000000000000..e13beba54818
+Binary files /dev/null and b/fuzz/corpora/bndiv/da9d6b8403802420548ee28e446180647cfeefb2 differ
+diff --git a/fuzz/corpora/bndiv/e2430a77b271641aaf94790b6d40a419e5d51ac9 b/fuzz/corpora/bndiv/e2430a77b271641aaf94790b6d40a419e5d51ac9
+new file mode 100644
+index 000000000000..645c2d08b6d5
+Binary files /dev/null and b/fuzz/corpora/bndiv/e2430a77b271641aaf94790b6d40a419e5d51ac9 differ
+diff --git a/fuzz/corpora/bndiv/e6023494335fc8a67bd57aae6df0af5483ae024e b/fuzz/corpora/bndiv/e6023494335fc8a67bd57aae6df0af5483ae024e
+new file mode 100644
+index 000000000000..3b02d09440af
+Binary files /dev/null and b/fuzz/corpora/bndiv/e6023494335fc8a67bd57aae6df0af5483ae024e differ
+diff --git a/fuzz/corpora/bndiv/fb06185c69b424c90684c079e54f563ad11c6df9 b/fuzz/corpora/bndiv/fb06185c69b424c90684c079e54f563ad11c6df9
+new file mode 100644
+index 000000000000..37f763b52b0b
+Binary files /dev/null and b/fuzz/corpora/bndiv/fb06185c69b424c90684c079e54f563ad11c6df9 differ
+diff --git a/fuzz/corpora/bndiv/fca12ff909c503d5f29f8a90eeb6129246443f11 b/fuzz/corpora/bndiv/fca12ff909c503d5f29f8a90eeb6129246443f11
+new file mode 100644
+index 000000000000..4253190e0624
+Binary files /dev/null and b/fuzz/corpora/bndiv/fca12ff909c503d5f29f8a90eeb6129246443f11 differ
+diff --git a/fuzz/corpora/bndiv/fefbc63f3e4aa05f755ed0f0fec119b6fd828650 b/fuzz/corpora/bndiv/fefbc63f3e4aa05f755ed0f0fec119b6fd828650
+new file mode 100644
+index 000000000000..c78434046ea5
+Binary files /dev/null and b/fuzz/corpora/bndiv/fefbc63f3e4aa05f755ed0f0fec119b6fd828650 differ
+diff --git a/fuzz/corpora/cms/01b7109f441e7b388e2ee2d35c15e6c68299d868 b/fuzz/corpora/cms/01b7109f441e7b388e2ee2d35c15e6c68299d868
+new file mode 100644
+index 000000000000..6b17032e593a
+Binary files /dev/null and b/fuzz/corpora/cms/01b7109f441e7b388e2ee2d35c15e6c68299d868 differ
+diff --git a/fuzz/corpora/cms/05164d7ba22d6487df90df7bc7f56fb57ec98154 b/fuzz/corpora/cms/05164d7ba22d6487df90df7bc7f56fb57ec98154
+new file mode 100644
+index 000000000000..1a8e6eb8f6e8
+Binary files /dev/null and b/fuzz/corpora/cms/05164d7ba22d6487df90df7bc7f56fb57ec98154 differ
+diff --git a/fuzz/corpora/cms/0542fa36b90992e56503451e940baf784d62772d b/fuzz/corpora/cms/0542fa36b90992e56503451e940baf784d62772d
+new file mode 100644
+index 000000000000..e927d7aae3c1
+Binary files /dev/null and b/fuzz/corpora/cms/0542fa36b90992e56503451e940baf784d62772d differ
+diff --git a/fuzz/corpora/cms/103b3808921398754cc7518f62d92be05b0abda6 b/fuzz/corpora/cms/103b3808921398754cc7518f62d92be05b0abda6
+new file mode 100644
+index 000000000000..6030476bd5ae
+Binary files /dev/null and b/fuzz/corpora/cms/103b3808921398754cc7518f62d92be05b0abda6 differ
+diff --git a/fuzz/corpora/cms/1182ee7cd46826d3c295e78988ead54a8d72cb73 b/fuzz/corpora/cms/1182ee7cd46826d3c295e78988ead54a8d72cb73
+new file mode 100644
+index 000000000000..28ab707200a6
+Binary files /dev/null and b/fuzz/corpora/cms/1182ee7cd46826d3c295e78988ead54a8d72cb73 differ
+diff --git a/fuzz/corpora/cms/11c290ea44ec7ba0adc1ff652e0a235a3694e208 b/fuzz/corpora/cms/11c290ea44ec7ba0adc1ff652e0a235a3694e208
+new file mode 100644
+index 000000000000..b942c743bc41
+Binary files /dev/null and b/fuzz/corpora/cms/11c290ea44ec7ba0adc1ff652e0a235a3694e208 differ
+diff --git a/fuzz/corpora/cms/1279bc859cda96a1317b886ce6a2bb597e62ecd0 b/fuzz/corpora/cms/1279bc859cda96a1317b886ce6a2bb597e62ecd0
+new file mode 100644
+index 000000000000..b69ab26822af
+Binary files /dev/null and b/fuzz/corpora/cms/1279bc859cda96a1317b886ce6a2bb597e62ecd0 differ
+diff --git a/fuzz/corpora/cms/15a2dbfca738d81ae19d9ced833c937c4304f2d4 b/fuzz/corpora/cms/15a2dbfca738d81ae19d9ced833c937c4304f2d4
+new file mode 100644
+index 000000000000..5f754cde1344
+Binary files /dev/null and b/fuzz/corpora/cms/15a2dbfca738d81ae19d9ced833c937c4304f2d4 differ
+diff --git a/fuzz/corpora/cms/190a571ab4e42fe3470983905bc429747a74dcf9 b/fuzz/corpora/cms/190a571ab4e42fe3470983905bc429747a74dcf9
+new file mode 100644
+index 000000000000..10c5807c6f75
+Binary files /dev/null and b/fuzz/corpora/cms/190a571ab4e42fe3470983905bc429747a74dcf9 differ
+diff --git a/fuzz/corpora/cms/1fa06fe619395e9bd01f19c20676691191161584 b/fuzz/corpora/cms/1fa06fe619395e9bd01f19c20676691191161584
+new file mode 100644
+index 000000000000..97a3757e182a
+Binary files /dev/null and b/fuzz/corpora/cms/1fa06fe619395e9bd01f19c20676691191161584 differ
+diff --git a/fuzz/corpora/cms/1facbd643ed191035deb0738c7e6629b9fdd19ae b/fuzz/corpora/cms/1facbd643ed191035deb0738c7e6629b9fdd19ae
+new file mode 100644
+index 000000000000..965fb49c4fc6
+Binary files /dev/null and b/fuzz/corpora/cms/1facbd643ed191035deb0738c7e6629b9fdd19ae differ
+diff --git a/fuzz/corpora/cms/256dc8dc1c1e681c8ec1afaa9c8001b178e79e6a b/fuzz/corpora/cms/256dc8dc1c1e681c8ec1afaa9c8001b178e79e6a
+new file mode 100644
+index 000000000000..622f68e55033
+Binary files /dev/null and b/fuzz/corpora/cms/256dc8dc1c1e681c8ec1afaa9c8001b178e79e6a differ
+diff --git a/fuzz/corpora/cms/27e476e23ab20fdd530a8c6cbf6fccbdd7130ca5 b/fuzz/corpora/cms/27e476e23ab20fdd530a8c6cbf6fccbdd7130ca5
+new file mode 100644
+index 000000000000..d8afc5df46ad
+Binary files /dev/null and b/fuzz/corpora/cms/27e476e23ab20fdd530a8c6cbf6fccbdd7130ca5 differ
+diff --git a/fuzz/corpora/cms/2dba92de055c62b8edeb3adb1eac1a854c50d8e3 b/fuzz/corpora/cms/2dba92de055c62b8edeb3adb1eac1a854c50d8e3
+new file mode 100644
+index 000000000000..0d026cc0817a
+Binary files /dev/null and b/fuzz/corpora/cms/2dba92de055c62b8edeb3adb1eac1a854c50d8e3 differ
+diff --git a/fuzz/corpora/cms/2e71da225ce16f8362be5c00d860103b23e381b6 b/fuzz/corpora/cms/2e71da225ce16f8362be5c00d860103b23e381b6
+new file mode 100644
+index 000000000000..163496d7593f
+Binary files /dev/null and b/fuzz/corpora/cms/2e71da225ce16f8362be5c00d860103b23e381b6 differ
+diff --git a/fuzz/corpora/cms/2f45a3d554d7b6cc164c75c5a77259ae92c3c2fd b/fuzz/corpora/cms/2f45a3d554d7b6cc164c75c5a77259ae92c3c2fd
+new file mode 100644
+index 000000000000..aaedb3c2b254
+Binary files /dev/null and b/fuzz/corpora/cms/2f45a3d554d7b6cc164c75c5a77259ae92c3c2fd differ
+diff --git a/fuzz/corpora/cms/307ba61ee17b71edcf973f99b1541a67659a2ec2 b/fuzz/corpora/cms/307ba61ee17b71edcf973f99b1541a67659a2ec2
+new file mode 100644
+index 000000000000..01b2b3d7c3f0
+Binary files /dev/null and b/fuzz/corpora/cms/307ba61ee17b71edcf973f99b1541a67659a2ec2 differ
+diff --git a/fuzz/corpora/cms/3103388059933b798284f178ddd8c9b17be0781c b/fuzz/corpora/cms/3103388059933b798284f178ddd8c9b17be0781c
+new file mode 100644
+index 000000000000..d9ea09b095cb
+Binary files /dev/null and b/fuzz/corpora/cms/3103388059933b798284f178ddd8c9b17be0781c differ
+diff --git a/fuzz/corpora/cms/315847d8692bce2b753031b8fcd9302a68da2e44 b/fuzz/corpora/cms/315847d8692bce2b753031b8fcd9302a68da2e44
+new file mode 100644
+index 000000000000..667317df0dc6
+Binary files /dev/null and b/fuzz/corpora/cms/315847d8692bce2b753031b8fcd9302a68da2e44 differ
+diff --git a/fuzz/corpora/cms/34344f75f42e663954c7bef918fd05eeeb302748 b/fuzz/corpora/cms/34344f75f42e663954c7bef918fd05eeeb302748
+new file mode 100644
+index 000000000000..c9170faa136b
+Binary files /dev/null and b/fuzz/corpora/cms/34344f75f42e663954c7bef918fd05eeeb302748 differ
+diff --git a/fuzz/corpora/cms/38d62a30a6d834ff14d1342272f569830f896ed7 b/fuzz/corpora/cms/38d62a30a6d834ff14d1342272f569830f896ed7
+new file mode 100644
+index 000000000000..0bdd93cd0b7a
+Binary files /dev/null and b/fuzz/corpora/cms/38d62a30a6d834ff14d1342272f569830f896ed7 differ
+diff --git a/fuzz/corpora/cms/39ea5d5f734a66a48bf69fea68aaa8dad7dc0831 b/fuzz/corpora/cms/39ea5d5f734a66a48bf69fea68aaa8dad7dc0831
+new file mode 100644
+index 000000000000..1fac962d4b05
+Binary files /dev/null and b/fuzz/corpora/cms/39ea5d5f734a66a48bf69fea68aaa8dad7dc0831 differ
+diff --git a/fuzz/corpora/cms/41e58422ea447945a44e078badd9bb3296ecde88 b/fuzz/corpora/cms/41e58422ea447945a44e078badd9bb3296ecde88
+new file mode 100644
+index 000000000000..a5158d8094ed
+Binary files /dev/null and b/fuzz/corpora/cms/41e58422ea447945a44e078badd9bb3296ecde88 differ
+diff --git a/fuzz/corpora/cms/446c4334ff381a8883635c4ad33de7a74a0354c9 b/fuzz/corpora/cms/446c4334ff381a8883635c4ad33de7a74a0354c9
+new file mode 100644
+index 000000000000..46bd64540728
+Binary files /dev/null and b/fuzz/corpora/cms/446c4334ff381a8883635c4ad33de7a74a0354c9 differ
+diff --git a/fuzz/corpora/cms/4533459e899404d1710e5424756a8ea29bd41cdc b/fuzz/corpora/cms/4533459e899404d1710e5424756a8ea29bd41cdc
+new file mode 100644
+index 000000000000..0dc42962ddd0
+Binary files /dev/null and b/fuzz/corpora/cms/4533459e899404d1710e5424756a8ea29bd41cdc differ
+diff --git a/fuzz/corpora/cms/46c254df46673e95ca3d8953b63475ca626ae07b b/fuzz/corpora/cms/46c254df46673e95ca3d8953b63475ca626ae07b
+new file mode 100644
+index 000000000000..e0835e789e1d
+Binary files /dev/null and b/fuzz/corpora/cms/46c254df46673e95ca3d8953b63475ca626ae07b differ
+diff --git a/fuzz/corpora/cms/47fbcee2713d2f08d3327752a077ecab6ff7345e b/fuzz/corpora/cms/47fbcee2713d2f08d3327752a077ecab6ff7345e
+new file mode 100644
+index 000000000000..f0b87ad6779c
+Binary files /dev/null and b/fuzz/corpora/cms/47fbcee2713d2f08d3327752a077ecab6ff7345e differ
+diff --git a/fuzz/corpora/cms/4890c33b8966a2d064c946556fc6ff23e80b978b b/fuzz/corpora/cms/4890c33b8966a2d064c946556fc6ff23e80b978b
+new file mode 100644
+index 000000000000..f5d73f7a323c
+Binary files /dev/null and b/fuzz/corpora/cms/4890c33b8966a2d064c946556fc6ff23e80b978b differ
+diff --git a/fuzz/corpora/cms/497df2e130cee5690fac94f5651ca731d49ffc9d b/fuzz/corpora/cms/497df2e130cee5690fac94f5651ca731d49ffc9d
+new file mode 100644
+index 000000000000..0a96a3c03b45
+Binary files /dev/null and b/fuzz/corpora/cms/497df2e130cee5690fac94f5651ca731d49ffc9d differ
+diff --git a/fuzz/corpora/cms/4a56107d0593e37d9100976aaba2b933c1b2b0f0 b/fuzz/corpora/cms/4a56107d0593e37d9100976aaba2b933c1b2b0f0
+new file mode 100644
+index 000000000000..49e362638248
+Binary files /dev/null and b/fuzz/corpora/cms/4a56107d0593e37d9100976aaba2b933c1b2b0f0 differ
+diff --git a/fuzz/corpora/cms/4ac026168d2602f027d9dfe2fbdb0abb1858ff88 b/fuzz/corpora/cms/4ac026168d2602f027d9dfe2fbdb0abb1858ff88
+new file mode 100644
+index 000000000000..8e577f163439
+Binary files /dev/null and b/fuzz/corpora/cms/4ac026168d2602f027d9dfe2fbdb0abb1858ff88 differ
+diff --git a/fuzz/corpora/cms/4cc37bc6ae8adb41a9f3188d6b1cd4d3d5d34991 b/fuzz/corpora/cms/4cc37bc6ae8adb41a9f3188d6b1cd4d3d5d34991
+new file mode 100644
+index 000000000000..44fd991855a6
+Binary files /dev/null and b/fuzz/corpora/cms/4cc37bc6ae8adb41a9f3188d6b1cd4d3d5d34991 differ
+diff --git a/fuzz/corpora/cms/4cfd609b7ce6e3fe479a0f5398ee25ce6befbd5c b/fuzz/corpora/cms/4cfd609b7ce6e3fe479a0f5398ee25ce6befbd5c
+new file mode 100644
+index 000000000000..5b03634e84a7
+Binary files /dev/null and b/fuzz/corpora/cms/4cfd609b7ce6e3fe479a0f5398ee25ce6befbd5c differ
+diff --git a/fuzz/corpora/cms/4ddfe4de8b36d83f1d9b8fb8db50bf1417a9f19b b/fuzz/corpora/cms/4ddfe4de8b36d83f1d9b8fb8db50bf1417a9f19b
+new file mode 100644
+index 000000000000..469e2e39787c
+Binary files /dev/null and b/fuzz/corpora/cms/4ddfe4de8b36d83f1d9b8fb8db50bf1417a9f19b differ
+diff --git a/fuzz/corpora/cms/5125503a46edf9e6a36674ca1fc95b3d8c2eadbb b/fuzz/corpora/cms/5125503a46edf9e6a36674ca1fc95b3d8c2eadbb
+new file mode 100644
+index 000000000000..c4463edabfa8
+Binary files /dev/null and b/fuzz/corpora/cms/5125503a46edf9e6a36674ca1fc95b3d8c2eadbb differ
+diff --git a/fuzz/corpora/cms/55e5a1832a2badbbdd54801dcc9ad1209ae4ea18 b/fuzz/corpora/cms/55e5a1832a2badbbdd54801dcc9ad1209ae4ea18
+new file mode 100644
+index 000000000000..112bfc288caa
+Binary files /dev/null and b/fuzz/corpora/cms/55e5a1832a2badbbdd54801dcc9ad1209ae4ea18 differ
+diff --git a/fuzz/corpora/cms/565d9336e95032ff9f94f4f5f6ada7c365d0b421 b/fuzz/corpora/cms/565d9336e95032ff9f94f4f5f6ada7c365d0b421
+new file mode 100644
+index 000000000000..4103279beaa3
+Binary files /dev/null and b/fuzz/corpora/cms/565d9336e95032ff9f94f4f5f6ada7c365d0b421 differ
+diff --git a/fuzz/corpora/cms/577cf11aa17227bf4e9d84eed984aba3b0b0dce3 b/fuzz/corpora/cms/577cf11aa17227bf4e9d84eed984aba3b0b0dce3
+new file mode 100644
+index 000000000000..9d7bdc602939
+Binary files /dev/null and b/fuzz/corpora/cms/577cf11aa17227bf4e9d84eed984aba3b0b0dce3 differ
+diff --git a/fuzz/corpora/cms/57ffbcd0ee614ac4ec33b3f6379b81f7b82ad206 b/fuzz/corpora/cms/57ffbcd0ee614ac4ec33b3f6379b81f7b82ad206
+new file mode 100644
+index 000000000000..a19fa0bcef85
+Binary files /dev/null and b/fuzz/corpora/cms/57ffbcd0ee614ac4ec33b3f6379b81f7b82ad206 differ
+diff --git a/fuzz/corpora/cms/5bd2fdd88eb217a1ef5764f09ef79df34ecf3035 b/fuzz/corpora/cms/5bd2fdd88eb217a1ef5764f09ef79df34ecf3035
+new file mode 100644
+index 000000000000..0e8c589d4e44
+Binary files /dev/null and b/fuzz/corpora/cms/5bd2fdd88eb217a1ef5764f09ef79df34ecf3035 differ
+diff --git a/fuzz/corpora/cms/60d77c08d4aab46255e64be1c23baca55a80d55a b/fuzz/corpora/cms/60d77c08d4aab46255e64be1c23baca55a80d55a
+new file mode 100644
+index 000000000000..f215e896010b
+Binary files /dev/null and b/fuzz/corpora/cms/60d77c08d4aab46255e64be1c23baca55a80d55a differ
+diff --git a/fuzz/corpora/cms/62033000193524ee8a1ce645909e01dde859057a b/fuzz/corpora/cms/62033000193524ee8a1ce645909e01dde859057a
+new file mode 100644
+index 000000000000..1d138d501286
+Binary files /dev/null and b/fuzz/corpora/cms/62033000193524ee8a1ce645909e01dde859057a differ
+diff --git a/fuzz/corpora/cms/62bf1a2c54f6284043c268e7e738b9895be0c101 b/fuzz/corpora/cms/62bf1a2c54f6284043c268e7e738b9895be0c101
+new file mode 100644
+index 000000000000..ebddbd033033
+Binary files /dev/null and b/fuzz/corpora/cms/62bf1a2c54f6284043c268e7e738b9895be0c101 differ
+diff --git a/fuzz/corpora/cms/670756818af3613a6cd2d2d745569dc25f8945b2 b/fuzz/corpora/cms/670756818af3613a6cd2d2d745569dc25f8945b2
+new file mode 100644
+index 000000000000..36299205cf50
+Binary files /dev/null and b/fuzz/corpora/cms/670756818af3613a6cd2d2d745569dc25f8945b2 differ
+diff --git a/fuzz/corpora/cms/6c896885a0f269a0e43fc277a494d84133bdc429 b/fuzz/corpora/cms/6c896885a0f269a0e43fc277a494d84133bdc429
+new file mode 100644
+index 000000000000..05fbaf73e108
+Binary files /dev/null and b/fuzz/corpora/cms/6c896885a0f269a0e43fc277a494d84133bdc429 differ
+diff --git a/fuzz/corpora/cms/6e3ecaee446d90a6b8c38da7d393b7b5344de742 b/fuzz/corpora/cms/6e3ecaee446d90a6b8c38da7d393b7b5344de742
+new file mode 100644
+index 000000000000..249e87916b66
+Binary files /dev/null and b/fuzz/corpora/cms/6e3ecaee446d90a6b8c38da7d393b7b5344de742 differ
+diff --git a/fuzz/corpora/cms/6ec0a950818f1d1bba39fa951c9099e39257fe30 b/fuzz/corpora/cms/6ec0a950818f1d1bba39fa951c9099e39257fe30
+new file mode 100644
+index 000000000000..890103cf9cc8
+Binary files /dev/null and b/fuzz/corpora/cms/6ec0a950818f1d1bba39fa951c9099e39257fe30 differ
+diff --git a/fuzz/corpora/cms/6f1d68cbd065b9c443a8ee6b5aa9ae4ee5acfb82 b/fuzz/corpora/cms/6f1d68cbd065b9c443a8ee6b5aa9ae4ee5acfb82
+new file mode 100644
+index 000000000000..124378be149b
+Binary files /dev/null and b/fuzz/corpora/cms/6f1d68cbd065b9c443a8ee6b5aa9ae4ee5acfb82 differ
+diff --git a/fuzz/corpora/cms/70d38c5d967fd792d09e02e0a787ab77f3a147db b/fuzz/corpora/cms/70d38c5d967fd792d09e02e0a787ab77f3a147db
+new file mode 100644
+index 000000000000..8cfab18a16c5
+Binary files /dev/null and b/fuzz/corpora/cms/70d38c5d967fd792d09e02e0a787ab77f3a147db differ
+diff --git a/fuzz/corpora/cms/70f006272146c12e91b7a03e28905b8d82fd41d5 b/fuzz/corpora/cms/70f006272146c12e91b7a03e28905b8d82fd41d5
+new file mode 100644
+index 000000000000..4c30a40d6e5d
+Binary files /dev/null and b/fuzz/corpora/cms/70f006272146c12e91b7a03e28905b8d82fd41d5 differ
+diff --git a/fuzz/corpora/cms/72499a7838a9674faaf8659dc27c28cf4f8372e2 b/fuzz/corpora/cms/72499a7838a9674faaf8659dc27c28cf4f8372e2
+new file mode 100644
+index 000000000000..49498f19efb7
+Binary files /dev/null and b/fuzz/corpora/cms/72499a7838a9674faaf8659dc27c28cf4f8372e2 differ
+diff --git a/fuzz/corpora/cms/747349ef73f57b4699bac2a4e8963e9e10e00c76 b/fuzz/corpora/cms/747349ef73f57b4699bac2a4e8963e9e10e00c76
+new file mode 100644
+index 000000000000..1e4f1959b446
+Binary files /dev/null and b/fuzz/corpora/cms/747349ef73f57b4699bac2a4e8963e9e10e00c76 differ
+diff --git a/fuzz/corpora/cms/75b36b6e9ec783cfacad75cf8fb862b84793a39c b/fuzz/corpora/cms/75b36b6e9ec783cfacad75cf8fb862b84793a39c
+new file mode 100644
+index 000000000000..c2a3be7ae760
+Binary files /dev/null and b/fuzz/corpora/cms/75b36b6e9ec783cfacad75cf8fb862b84793a39c differ
+diff --git a/fuzz/corpora/cms/7843a1a946744eb286aaef9387bae6c29a36b20d b/fuzz/corpora/cms/7843a1a946744eb286aaef9387bae6c29a36b20d
+new file mode 100644
+index 000000000000..9410009b5ea7
+Binary files /dev/null and b/fuzz/corpora/cms/7843a1a946744eb286aaef9387bae6c29a36b20d differ
+diff --git a/fuzz/corpora/cms/7918146dfe47a1afe269154739281fa4e3eacc95 b/fuzz/corpora/cms/7918146dfe47a1afe269154739281fa4e3eacc95
+new file mode 100644
+index 000000000000..c0776f9a000a
+Binary files /dev/null and b/fuzz/corpora/cms/7918146dfe47a1afe269154739281fa4e3eacc95 differ
+diff --git a/fuzz/corpora/cms/7b372ef935f8f46e86596245b2cc723e48c1ce22 b/fuzz/corpora/cms/7b372ef935f8f46e86596245b2cc723e48c1ce22
+new file mode 100644
+index 000000000000..aa0aeb1c08a5
+Binary files /dev/null and b/fuzz/corpora/cms/7b372ef935f8f46e86596245b2cc723e48c1ce22 differ
+diff --git a/fuzz/corpora/cms/7fcd07a56c073c66eb0edfa5c431112e706ff75f b/fuzz/corpora/cms/7fcd07a56c073c66eb0edfa5c431112e706ff75f
+new file mode 100644
+index 000000000000..ee8f8a0efad3
+Binary files /dev/null and b/fuzz/corpora/cms/7fcd07a56c073c66eb0edfa5c431112e706ff75f differ
+diff --git a/fuzz/corpora/cms/803d7ccf6c210402eca2798dc03d5bd6d3e5ba49 b/fuzz/corpora/cms/803d7ccf6c210402eca2798dc03d5bd6d3e5ba49
+new file mode 100644
+index 000000000000..21d4a0eade7e
+Binary files /dev/null and b/fuzz/corpora/cms/803d7ccf6c210402eca2798dc03d5bd6d3e5ba49 differ
+diff --git a/fuzz/corpora/cms/805225c5c081e618e88b6ef8a7007b91d50fb052 b/fuzz/corpora/cms/805225c5c081e618e88b6ef8a7007b91d50fb052
+new file mode 100644
+index 000000000000..eb6591e8b35a
+Binary files /dev/null and b/fuzz/corpora/cms/805225c5c081e618e88b6ef8a7007b91d50fb052 differ
+diff --git a/fuzz/corpora/cms/8589a5bfb8448257f7cf78d63693d1c9e1ca5e3a b/fuzz/corpora/cms/8589a5bfb8448257f7cf78d63693d1c9e1ca5e3a
+new file mode 100644
+index 000000000000..f5a63e4eb745
+Binary files /dev/null and b/fuzz/corpora/cms/8589a5bfb8448257f7cf78d63693d1c9e1ca5e3a differ
+diff --git a/fuzz/corpora/cms/85e53271e14006f0265921d02d4d736cdc580b0b b/fuzz/corpora/cms/85e53271e14006f0265921d02d4d736cdc580b0b
+new file mode 100644
+index 000000000000..ce542efaa512
+Binary files /dev/null and b/fuzz/corpora/cms/85e53271e14006f0265921d02d4d736cdc580b0b differ
+diff --git a/fuzz/corpora/cms/877a4e6f29e547c8df20462c8da7bb8917fa15c8 b/fuzz/corpora/cms/877a4e6f29e547c8df20462c8da7bb8917fa15c8
+new file mode 100644
+index 000000000000..7674d548aa27
+Binary files /dev/null and b/fuzz/corpora/cms/877a4e6f29e547c8df20462c8da7bb8917fa15c8 differ
+diff --git a/fuzz/corpora/cms/8b60e9db4dabe5f6d9c181d7d109823cf1425bc4 b/fuzz/corpora/cms/8b60e9db4dabe5f6d9c181d7d109823cf1425bc4
+new file mode 100644
+index 000000000000..b56884b92020
+Binary files /dev/null and b/fuzz/corpora/cms/8b60e9db4dabe5f6d9c181d7d109823cf1425bc4 differ
+diff --git a/fuzz/corpora/cms/929355fe9c63dc75894ce099713630aed9b7cdec b/fuzz/corpora/cms/929355fe9c63dc75894ce099713630aed9b7cdec
+new file mode 100644
+index 000000000000..b6553c8e6ac5
+Binary files /dev/null and b/fuzz/corpora/cms/929355fe9c63dc75894ce099713630aed9b7cdec differ
+diff --git a/fuzz/corpora/cms/9476b99b6e95f1a8290381fc907969c734c3486f b/fuzz/corpora/cms/9476b99b6e95f1a8290381fc907969c734c3486f
+new file mode 100644
+index 000000000000..b6b8940ee213
+Binary files /dev/null and b/fuzz/corpora/cms/9476b99b6e95f1a8290381fc907969c734c3486f differ
+diff --git a/fuzz/corpora/cms/956dd8e9904f1e38281e70b020c48f26073d13c5 b/fuzz/corpora/cms/956dd8e9904f1e38281e70b020c48f26073d13c5
+new file mode 100644
+index 000000000000..6b6eed0e145b
+Binary files /dev/null and b/fuzz/corpora/cms/956dd8e9904f1e38281e70b020c48f26073d13c5 differ
+diff --git a/fuzz/corpora/cms/987f8e452e7167a24ded65ba45d5fdc375c1101d b/fuzz/corpora/cms/987f8e452e7167a24ded65ba45d5fdc375c1101d
+new file mode 100644
+index 000000000000..033f046f9805
+Binary files /dev/null and b/fuzz/corpora/cms/987f8e452e7167a24ded65ba45d5fdc375c1101d differ
+diff --git a/fuzz/corpora/cms/988e9d78c57bafd11d92e7af48b96d1a934028ba b/fuzz/corpora/cms/988e9d78c57bafd11d92e7af48b96d1a934028ba
+new file mode 100644
+index 000000000000..9eb7b6495639
+Binary files /dev/null and b/fuzz/corpora/cms/988e9d78c57bafd11d92e7af48b96d1a934028ba differ
+diff --git a/fuzz/corpora/cms/a0223aad1a02aa9e11ea988186a02936aec5f39c b/fuzz/corpora/cms/a0223aad1a02aa9e11ea988186a02936aec5f39c
+new file mode 100644
+index 000000000000..af7edc6cd0df
+Binary files /dev/null and b/fuzz/corpora/cms/a0223aad1a02aa9e11ea988186a02936aec5f39c differ
+diff --git a/fuzz/corpora/cms/a479b7bd1299cd731e5ea3e46b39a1bc8976b6bc b/fuzz/corpora/cms/a479b7bd1299cd731e5ea3e46b39a1bc8976b6bc
+new file mode 100644
+index 000000000000..0f9c7bbc6f75
+Binary files /dev/null and b/fuzz/corpora/cms/a479b7bd1299cd731e5ea3e46b39a1bc8976b6bc differ
+diff --git a/fuzz/corpora/cms/a66ff59f745dd9bfaa0a269c37d64d663c9f8cd1 b/fuzz/corpora/cms/a66ff59f745dd9bfaa0a269c37d64d663c9f8cd1
+new file mode 100644
+index 000000000000..01840ed648cf
+Binary files /dev/null and b/fuzz/corpora/cms/a66ff59f745dd9bfaa0a269c37d64d663c9f8cd1 differ
+diff --git a/fuzz/corpora/cms/a730079cff218f5d3d9ed7c5e4db2dc513b59467 b/fuzz/corpora/cms/a730079cff218f5d3d9ed7c5e4db2dc513b59467
+new file mode 100644
+index 000000000000..035d7bf98d0b
+Binary files /dev/null and b/fuzz/corpora/cms/a730079cff218f5d3d9ed7c5e4db2dc513b59467 differ
+diff --git a/fuzz/corpora/cms/ab4f73f2fa117ef18a8a39a7e65bd854debfd936 b/fuzz/corpora/cms/ab4f73f2fa117ef18a8a39a7e65bd854debfd936
+new file mode 100644
+index 000000000000..9e045f10208a
+Binary files /dev/null and b/fuzz/corpora/cms/ab4f73f2fa117ef18a8a39a7e65bd854debfd936 differ
+diff --git a/fuzz/corpora/cms/ab911f7babc6fbb0ed98fff2952f88916be32214 b/fuzz/corpora/cms/ab911f7babc6fbb0ed98fff2952f88916be32214
+new file mode 100644
+index 000000000000..5d215da86f96
+Binary files /dev/null and b/fuzz/corpora/cms/ab911f7babc6fbb0ed98fff2952f88916be32214 differ
+diff --git a/fuzz/corpora/cms/abb60d0eadd4321ee880248f1edb6dd0afcbe78d b/fuzz/corpora/cms/abb60d0eadd4321ee880248f1edb6dd0afcbe78d
+new file mode 100644
+index 000000000000..b12ba2645cc1
+Binary files /dev/null and b/fuzz/corpora/cms/abb60d0eadd4321ee880248f1edb6dd0afcbe78d differ
+diff --git a/fuzz/corpora/cms/b5cb60d37bfb7df151144ef617118f4b558cf5ad b/fuzz/corpora/cms/b5cb60d37bfb7df151144ef617118f4b558cf5ad
+new file mode 100644
+index 000000000000..ca83a9fc58bf
+Binary files /dev/null and b/fuzz/corpora/cms/b5cb60d37bfb7df151144ef617118f4b558cf5ad differ
+diff --git a/fuzz/corpora/cms/bbce253c192821a8510036e9dbc00acfc3f98a61 b/fuzz/corpora/cms/bbce253c192821a8510036e9dbc00acfc3f98a61
+new file mode 100644
+index 000000000000..b00d13805f36
+Binary files /dev/null and b/fuzz/corpora/cms/bbce253c192821a8510036e9dbc00acfc3f98a61 differ
+diff --git a/fuzz/corpora/cms/bfe17d837974acb1d6a6403d5b12e32b3086c387 b/fuzz/corpora/cms/bfe17d837974acb1d6a6403d5b12e32b3086c387
+new file mode 100644
+index 000000000000..4f16da370f74
+Binary files /dev/null and b/fuzz/corpora/cms/bfe17d837974acb1d6a6403d5b12e32b3086c387 differ
+diff --git a/fuzz/corpora/cms/c00dc0bbd6e48c93860eae27f1bd720d61a2df27 b/fuzz/corpora/cms/c00dc0bbd6e48c93860eae27f1bd720d61a2df27
+new file mode 100644
+index 000000000000..bda70eab060c
+Binary files /dev/null and b/fuzz/corpora/cms/c00dc0bbd6e48c93860eae27f1bd720d61a2df27 differ
+diff --git a/fuzz/corpora/cms/c2c9f29931c46877758d0643e3b7b0114477ef4a b/fuzz/corpora/cms/c2c9f29931c46877758d0643e3b7b0114477ef4a
+new file mode 100644
+index 000000000000..31309f6b8b9e
+Binary files /dev/null and b/fuzz/corpora/cms/c2c9f29931c46877758d0643e3b7b0114477ef4a differ
+diff --git a/fuzz/corpora/cms/c76cfec5956039f2ad2463f2f3ea6f964f9aed53 b/fuzz/corpora/cms/c76cfec5956039f2ad2463f2f3ea6f964f9aed53
+new file mode 100644
+index 000000000000..b0495fb65cb6
+Binary files /dev/null and b/fuzz/corpora/cms/c76cfec5956039f2ad2463f2f3ea6f964f9aed53 differ
+diff --git a/fuzz/corpora/cms/c9aac337c2d4316bc1b88ea6e23d0d65d2b4de43 b/fuzz/corpora/cms/c9aac337c2d4316bc1b88ea6e23d0d65d2b4de43
+new file mode 100644
+index 000000000000..b3a381e12a8c
+Binary files /dev/null and b/fuzz/corpora/cms/c9aac337c2d4316bc1b88ea6e23d0d65d2b4de43 differ
+diff --git a/fuzz/corpora/cms/cae69cb52df30e0c2889897d250376016978a4b9 b/fuzz/corpora/cms/cae69cb52df30e0c2889897d250376016978a4b9
+new file mode 100644
+index 000000000000..bd06f053a69d
+Binary files /dev/null and b/fuzz/corpora/cms/cae69cb52df30e0c2889897d250376016978a4b9 differ
+diff --git a/fuzz/corpora/cms/cd9aeb9f43d9aadb4e36572c8a6b81aebdd52c15 b/fuzz/corpora/cms/cd9aeb9f43d9aadb4e36572c8a6b81aebdd52c15
+new file mode 100644
+index 000000000000..fc28e53a9054
+Binary files /dev/null and b/fuzz/corpora/cms/cd9aeb9f43d9aadb4e36572c8a6b81aebdd52c15 differ
+diff --git a/fuzz/corpora/cms/d13c39b56984457f206cdec2bd6fd79ae9684880 b/fuzz/corpora/cms/d13c39b56984457f206cdec2bd6fd79ae9684880
+new file mode 100644
+index 000000000000..8ba2babf94f3
+Binary files /dev/null and b/fuzz/corpora/cms/d13c39b56984457f206cdec2bd6fd79ae9684880 differ
+diff --git a/fuzz/corpora/cms/d21e8a7afdf4a8b202df243e5cd0d9b59ec43315 b/fuzz/corpora/cms/d21e8a7afdf4a8b202df243e5cd0d9b59ec43315
+new file mode 100644
+index 000000000000..65cc5d1d7655
+Binary files /dev/null and b/fuzz/corpora/cms/d21e8a7afdf4a8b202df243e5cd0d9b59ec43315 differ
+diff --git a/fuzz/corpora/cms/d37a557533ca5df9131c96a0c38310813886621e b/fuzz/corpora/cms/d37a557533ca5df9131c96a0c38310813886621e
+new file mode 100644
+index 000000000000..183a66a9e74d
+Binary files /dev/null and b/fuzz/corpora/cms/d37a557533ca5df9131c96a0c38310813886621e differ
+diff --git a/fuzz/corpora/cms/d4687f8090b93bb2b8add0c4c4163a2551fffd32 b/fuzz/corpora/cms/d4687f8090b93bb2b8add0c4c4163a2551fffd32
+new file mode 100644
+index 000000000000..ba5460d7bb77
+Binary files /dev/null and b/fuzz/corpora/cms/d4687f8090b93bb2b8add0c4c4163a2551fffd32 differ
+diff --git a/fuzz/corpora/cms/d47f7c250cbd72ae0cfa3f4b52a7965c88ddaede b/fuzz/corpora/cms/d47f7c250cbd72ae0cfa3f4b52a7965c88ddaede
+new file mode 100644
+index 000000000000..5e5d3a4831b2
+Binary files /dev/null and b/fuzz/corpora/cms/d47f7c250cbd72ae0cfa3f4b52a7965c88ddaede differ
+diff --git a/fuzz/corpora/cms/d98dbb19817891687dc5efb49e5280d57f86443e b/fuzz/corpora/cms/d98dbb19817891687dc5efb49e5280d57f86443e
+new file mode 100644
+index 000000000000..4d1e72f2302c
+Binary files /dev/null and b/fuzz/corpora/cms/d98dbb19817891687dc5efb49e5280d57f86443e differ
+diff --git a/fuzz/corpora/cms/dc542fdae3aeb51b9148a2112cdb8999fd2b9750 b/fuzz/corpora/cms/dc542fdae3aeb51b9148a2112cdb8999fd2b9750
+new file mode 100644
+index 000000000000..83d4b272d3cf
+Binary files /dev/null and b/fuzz/corpora/cms/dc542fdae3aeb51b9148a2112cdb8999fd2b9750 differ
+diff --git a/fuzz/corpora/cms/dd2b26eb1b9c43194c9d096e6fe6b26635b275f5 b/fuzz/corpora/cms/dd2b26eb1b9c43194c9d096e6fe6b26635b275f5
+new file mode 100644
+index 000000000000..9ec4ed589629
+Binary files /dev/null and b/fuzz/corpora/cms/dd2b26eb1b9c43194c9d096e6fe6b26635b275f5 differ
+diff --git a/fuzz/corpora/cms/dd3e41a7a148c8b246ac1e5b4fc35eef0cc0782b b/fuzz/corpora/cms/dd3e41a7a148c8b246ac1e5b4fc35eef0cc0782b
+new file mode 100644
+index 000000000000..916b91e33c56
+Binary files /dev/null and b/fuzz/corpora/cms/dd3e41a7a148c8b246ac1e5b4fc35eef0cc0782b differ
+diff --git a/fuzz/corpora/cms/df58248c414f342c81e056b40bee12d17a08bf61 b/fuzz/corpora/cms/df58248c414f342c81e056b40bee12d17a08bf61
+new file mode 100644
+index 000000000000..f59ec20aabf5
+Binary files /dev/null and b/fuzz/corpora/cms/df58248c414f342c81e056b40bee12d17a08bf61 differ
+diff --git a/fuzz/corpora/cms/dfeb7a71beac181cca5950b44cc116fa03a97fd4 b/fuzz/corpora/cms/dfeb7a71beac181cca5950b44cc116fa03a97fd4
+new file mode 100644
+index 000000000000..76e1ec3654a7
+Binary files /dev/null and b/fuzz/corpora/cms/dfeb7a71beac181cca5950b44cc116fa03a97fd4 differ
+diff --git a/fuzz/corpora/cms/e200c8fb65670dc5e7421cbed0d90f277351b916 b/fuzz/corpora/cms/e200c8fb65670dc5e7421cbed0d90f277351b916
+new file mode 100644
+index 000000000000..a0a70bac04bc
+Binary files /dev/null and b/fuzz/corpora/cms/e200c8fb65670dc5e7421cbed0d90f277351b916 differ
+diff --git a/fuzz/corpora/cms/e43e4a2bb2ad2dda58e6a6f51af2560e81b0c6ce b/fuzz/corpora/cms/e43e4a2bb2ad2dda58e6a6f51af2560e81b0c6ce
+new file mode 100644
+index 000000000000..1cf8fe35e8a3
+Binary files /dev/null and b/fuzz/corpora/cms/e43e4a2bb2ad2dda58e6a6f51af2560e81b0c6ce differ
+diff --git a/fuzz/corpora/cms/e5acb91badd6635ef8d1c09e75433d3b51575f0c b/fuzz/corpora/cms/e5acb91badd6635ef8d1c09e75433d3b51575f0c
+new file mode 100644
+index 000000000000..b81b95673c4e
+Binary files /dev/null and b/fuzz/corpora/cms/e5acb91badd6635ef8d1c09e75433d3b51575f0c differ
+diff --git a/fuzz/corpora/cms/e5d7433f55867900a77a5a0e998c111b8917fe24 b/fuzz/corpora/cms/e5d7433f55867900a77a5a0e998c111b8917fe24
+new file mode 100644
+index 000000000000..1afe096c45a6
+Binary files /dev/null and b/fuzz/corpora/cms/e5d7433f55867900a77a5a0e998c111b8917fe24 differ
+diff --git a/fuzz/corpora/cms/e5d834c31857814cabfe8608f18fd5e28fbb98d8 b/fuzz/corpora/cms/e5d834c31857814cabfe8608f18fd5e28fbb98d8
+new file mode 100644
+index 000000000000..3932075ae3d2
+Binary files /dev/null and b/fuzz/corpora/cms/e5d834c31857814cabfe8608f18fd5e28fbb98d8 differ
+diff --git a/fuzz/corpora/cms/ef37f7a612717a1b2967d7efd19ff05d5f49bd85 b/fuzz/corpora/cms/ef37f7a612717a1b2967d7efd19ff05d5f49bd85
+new file mode 100644
+index 000000000000..32bf6775b85e
+Binary files /dev/null and b/fuzz/corpora/cms/ef37f7a612717a1b2967d7efd19ff05d5f49bd85 differ
+diff --git a/fuzz/corpora/cms/efe8c53f84a8d60f41064d761d6e83e3f75e1346 b/fuzz/corpora/cms/efe8c53f84a8d60f41064d761d6e83e3f75e1346
+new file mode 100644
+index 000000000000..6c2e301caf96
+Binary files /dev/null and b/fuzz/corpora/cms/efe8c53f84a8d60f41064d761d6e83e3f75e1346 differ
+diff --git a/fuzz/corpora/cms/f0ce4f1bcfb7cd27a277c891b586f964f0fe099a b/fuzz/corpora/cms/f0ce4f1bcfb7cd27a277c891b586f964f0fe099a
+new file mode 100644
+index 000000000000..54fd53ed8894
+Binary files /dev/null and b/fuzz/corpora/cms/f0ce4f1bcfb7cd27a277c891b586f964f0fe099a differ
+diff --git a/fuzz/corpora/cms/f34c51ab1e8e277aa1afce9d0b6d475f89985fd9 b/fuzz/corpora/cms/f34c51ab1e8e277aa1afce9d0b6d475f89985fd9
+new file mode 100644
+index 000000000000..c14c9941b230
+Binary files /dev/null and b/fuzz/corpora/cms/f34c51ab1e8e277aa1afce9d0b6d475f89985fd9 differ
+diff --git a/fuzz/corpora/cms/f3624f94382dd504c3d1ac99640362d85c06f0eb b/fuzz/corpora/cms/f3624f94382dd504c3d1ac99640362d85c06f0eb
+new file mode 100644
+index 000000000000..9593b4031db1
+Binary files /dev/null and b/fuzz/corpora/cms/f3624f94382dd504c3d1ac99640362d85c06f0eb differ
+diff --git a/fuzz/corpora/cms/f7a715864848d87418e7c801187895e7f661d3db b/fuzz/corpora/cms/f7a715864848d87418e7c801187895e7f661d3db
+new file mode 100644
+index 000000000000..722c3db84490
+Binary files /dev/null and b/fuzz/corpora/cms/f7a715864848d87418e7c801187895e7f661d3db differ
+diff --git a/fuzz/corpora/cms/f7b7512067890c46db13a6cbb86b5e6f168bad09 b/fuzz/corpora/cms/f7b7512067890c46db13a6cbb86b5e6f168bad09
+new file mode 100644
+index 000000000000..9188d738266f
+Binary files /dev/null and b/fuzz/corpora/cms/f7b7512067890c46db13a6cbb86b5e6f168bad09 differ
+diff --git a/fuzz/corpora/cms/fa27848680453380b96c84eeaabc8b9474086bd3 b/fuzz/corpora/cms/fa27848680453380b96c84eeaabc8b9474086bd3
+new file mode 100644
+index 000000000000..276ca4c08631
+Binary files /dev/null and b/fuzz/corpora/cms/fa27848680453380b96c84eeaabc8b9474086bd3 differ
+diff --git a/fuzz/corpora/cms/fb51fba3a9a8fb327de4adaf17fac6fc7ba7aeb9 b/fuzz/corpora/cms/fb51fba3a9a8fb327de4adaf17fac6fc7ba7aeb9
+new file mode 100644
+index 000000000000..87ff73021b78
+Binary files /dev/null and b/fuzz/corpora/cms/fb51fba3a9a8fb327de4adaf17fac6fc7ba7aeb9 differ
+diff --git a/fuzz/corpora/cms/fc13cd6e1c596942973faf3e711d374b2705911e b/fuzz/corpora/cms/fc13cd6e1c596942973faf3e711d374b2705911e
+new file mode 100644
+index 000000000000..7acf211e2f62
+Binary files /dev/null and b/fuzz/corpora/cms/fc13cd6e1c596942973faf3e711d374b2705911e differ
+diff --git a/fuzz/corpora/conf/008ac1cb880b3ca2172d3229a030e2407f2324e9 b/fuzz/corpora/conf/008ac1cb880b3ca2172d3229a030e2407f2324e9
+new file mode 100644
+index 000000000000..f1228747d7ce
+Binary files /dev/null and b/fuzz/corpora/conf/008ac1cb880b3ca2172d3229a030e2407f2324e9 differ
+diff --git a/fuzz/corpora/conf/024154c2a705c1ef0b6f5e3be6f9e50bf0943666 b/fuzz/corpora/conf/024154c2a705c1ef0b6f5e3be6f9e50bf0943666
+new file mode 100644
+index 000000000000..12a32f3f389d
+Binary files /dev/null and b/fuzz/corpora/conf/024154c2a705c1ef0b6f5e3be6f9e50bf0943666 differ
+diff --git a/fuzz/corpora/conf/02a23a5c706734d4fd3024f3d83df1b9178c1a0e b/fuzz/corpora/conf/02a23a5c706734d4fd3024f3d83df1b9178c1a0e
+new file mode 100644
+index 000000000000..394e41f80833
+Binary files /dev/null and b/fuzz/corpora/conf/02a23a5c706734d4fd3024f3d83df1b9178c1a0e differ
+diff --git a/fuzz/corpora/conf/05c092df5713788a1be3295c5b9379319d324447 b/fuzz/corpora/conf/05c092df5713788a1be3295c5b9379319d324447
+new file mode 100644
+index 000000000000..eb99b921ff99
+Binary files /dev/null and b/fuzz/corpora/conf/05c092df5713788a1be3295c5b9379319d324447 differ
+diff --git a/fuzz/corpora/conf/08534f33c201a45017b502e90a800f1b708ebcb3 b/fuzz/corpora/conf/08534f33c201a45017b502e90a800f1b708ebcb3
+new file mode 100644
+index 000000000000..b7d5379f9e3b
+Binary files /dev/null and b/fuzz/corpora/conf/08534f33c201a45017b502e90a800f1b708ebcb3 differ
+diff --git a/fuzz/corpora/conf/11f4de6b8b45cf8051b1d17fa4cde9ad935cea41 b/fuzz/corpora/conf/11f4de6b8b45cf8051b1d17fa4cde9ad935cea41
+new file mode 100644
+index 000000000000..67c329761145
+Binary files /dev/null and b/fuzz/corpora/conf/11f4de6b8b45cf8051b1d17fa4cde9ad935cea41 differ
+diff --git a/fuzz/corpora/conf/122ffbbf626670f241c6cd6a01d390d214af164e b/fuzz/corpora/conf/122ffbbf626670f241c6cd6a01d390d214af164e
+new file mode 100644
+index 000000000000..e173c9de694d
+Binary files /dev/null and b/fuzz/corpora/conf/122ffbbf626670f241c6cd6a01d390d214af164e differ
+diff --git a/fuzz/corpora/conf/21606782c65e44cac7afbb90977d8b6f82140e76 b/fuzz/corpora/conf/21606782c65e44cac7afbb90977d8b6f82140e76
+new file mode 100644
+index 000000000000..851c75cc5e74
+Binary files /dev/null and b/fuzz/corpora/conf/21606782c65e44cac7afbb90977d8b6f82140e76 differ
+diff --git a/fuzz/corpora/conf/25c4a3455786d718c4dc6edae3e6d5aa49a83706 b/fuzz/corpora/conf/25c4a3455786d718c4dc6edae3e6d5aa49a83706
+new file mode 100644
+index 000000000000..1e0746c01e12
+Binary files /dev/null and b/fuzz/corpora/conf/25c4a3455786d718c4dc6edae3e6d5aa49a83706 differ
+diff --git a/fuzz/corpora/conf/260d5b14aec9c1fc4eef6ed6e961c30cd9430430 b/fuzz/corpora/conf/260d5b14aec9c1fc4eef6ed6e961c30cd9430430
+new file mode 100644
+index 000000000000..07129618bc1d
+Binary files /dev/null and b/fuzz/corpora/conf/260d5b14aec9c1fc4eef6ed6e961c30cd9430430 differ
+diff --git a/fuzz/corpora/conf/2c4a385b84830d0df8c768ac384795e48004f233 b/fuzz/corpora/conf/2c4a385b84830d0df8c768ac384795e48004f233
+new file mode 100644
+index 000000000000..9f05713eb021
+Binary files /dev/null and b/fuzz/corpora/conf/2c4a385b84830d0df8c768ac384795e48004f233 differ
+diff --git a/fuzz/corpora/conf/36f4f185884d88eb2b65467de504ab736c9ad39e b/fuzz/corpora/conf/36f4f185884d88eb2b65467de504ab736c9ad39e
+new file mode 100644
+index 000000000000..1b8166e82a89
+Binary files /dev/null and b/fuzz/corpora/conf/36f4f185884d88eb2b65467de504ab736c9ad39e differ
+diff --git a/fuzz/corpora/conf/39a138e37f2127d4a058f778463d521d6242a2af b/fuzz/corpora/conf/39a138e37f2127d4a058f778463d521d6242a2af
+new file mode 100644
+index 000000000000..08fcf083c290
+Binary files /dev/null and b/fuzz/corpora/conf/39a138e37f2127d4a058f778463d521d6242a2af differ
+diff --git a/fuzz/corpora/conf/3c170252e3196c80ea870916ae12c164971e2749 b/fuzz/corpora/conf/3c170252e3196c80ea870916ae12c164971e2749
+new file mode 100644
+index 000000000000..002c0ebbeafe
+Binary files /dev/null and b/fuzz/corpora/conf/3c170252e3196c80ea870916ae12c164971e2749 differ
+diff --git a/fuzz/corpora/conf/3eff67cb446fea8c249b872a4d020fb66cb62123 b/fuzz/corpora/conf/3eff67cb446fea8c249b872a4d020fb66cb62123
+new file mode 100644
+index 000000000000..9a82d9bff3fb
+Binary files /dev/null and b/fuzz/corpora/conf/3eff67cb446fea8c249b872a4d020fb66cb62123 differ
+diff --git a/fuzz/corpora/conf/3fb229d43c1d22ed87f1f1d0652fe15b1a7b7b24 b/fuzz/corpora/conf/3fb229d43c1d22ed87f1f1d0652fe15b1a7b7b24
+new file mode 100644
+index 000000000000..8f5d4d14c042
+Binary files /dev/null and b/fuzz/corpora/conf/3fb229d43c1d22ed87f1f1d0652fe15b1a7b7b24 differ
+diff --git a/fuzz/corpora/conf/436ccfb3a297438512cb1cade4e12bba60c040b9 b/fuzz/corpora/conf/436ccfb3a297438512cb1cade4e12bba60c040b9
+new file mode 100644
+index 000000000000..76b2f8c5c162
+Binary files /dev/null and b/fuzz/corpora/conf/436ccfb3a297438512cb1cade4e12bba60c040b9 differ
+diff --git a/fuzz/corpora/conf/4882750dcb3a207d6992f96b50597b90230d4d7e b/fuzz/corpora/conf/4882750dcb3a207d6992f96b50597b90230d4d7e
+new file mode 100644
+index 000000000000..a5c70fbdf253
+Binary files /dev/null and b/fuzz/corpora/conf/4882750dcb3a207d6992f96b50597b90230d4d7e differ
+diff --git a/fuzz/corpora/conf/4d155dee0c6879b034fb6b81fa37f71d9076ad85 b/fuzz/corpora/conf/4d155dee0c6879b034fb6b81fa37f71d9076ad85
+new file mode 100644
+index 000000000000..40ca4175f422
+Binary files /dev/null and b/fuzz/corpora/conf/4d155dee0c6879b034fb6b81fa37f71d9076ad85 differ
+diff --git a/fuzz/corpora/conf/4d80ae066b71ba38927c12652761b5ca21c3f92f b/fuzz/corpora/conf/4d80ae066b71ba38927c12652761b5ca21c3f92f
+new file mode 100644
+index 000000000000..b057d9467225
+Binary files /dev/null and b/fuzz/corpora/conf/4d80ae066b71ba38927c12652761b5ca21c3f92f differ
+diff --git a/fuzz/corpora/conf/59bc0463397be274d46a30291b5d09bbf817a64c b/fuzz/corpora/conf/59bc0463397be274d46a30291b5d09bbf817a64c
+new file mode 100644
+index 000000000000..d68ed382c596
+Binary files /dev/null and b/fuzz/corpora/conf/59bc0463397be274d46a30291b5d09bbf817a64c differ
+diff --git a/fuzz/corpora/conf/62eb09ac12daaf3fbb2dc01e0dbdb5c294aff9d1 b/fuzz/corpora/conf/62eb09ac12daaf3fbb2dc01e0dbdb5c294aff9d1
+new file mode 100644
+index 000000000000..00f2ca41d187
+Binary files /dev/null and b/fuzz/corpora/conf/62eb09ac12daaf3fbb2dc01e0dbdb5c294aff9d1 differ
+diff --git a/fuzz/corpora/conf/636cc0d16fdb21b9a6a58a71c0271cc83d3ea97c b/fuzz/corpora/conf/636cc0d16fdb21b9a6a58a71c0271cc83d3ea97c
+new file mode 100644
+index 000000000000..4a7b51c76dd4
+Binary files /dev/null and b/fuzz/corpora/conf/636cc0d16fdb21b9a6a58a71c0271cc83d3ea97c differ
+diff --git a/fuzz/corpora/conf/6654a14c8a84003250fa5c053838ee99a6238993 b/fuzz/corpora/conf/6654a14c8a84003250fa5c053838ee99a6238993
+new file mode 100644
+index 000000000000..a9ec9895478e
+Binary files /dev/null and b/fuzz/corpora/conf/6654a14c8a84003250fa5c053838ee99a6238993 differ
+diff --git a/fuzz/corpora/conf/66a05a967342927a7cfc9017db5dfdb2109ca91f b/fuzz/corpora/conf/66a05a967342927a7cfc9017db5dfdb2109ca91f
+new file mode 100644
+index 000000000000..10fad9fbdf2c
+Binary files /dev/null and b/fuzz/corpora/conf/66a05a967342927a7cfc9017db5dfdb2109ca91f differ
+diff --git a/fuzz/corpora/conf/7be71edab48092359b8b529aed8078651fe55989 b/fuzz/corpora/conf/7be71edab48092359b8b529aed8078651fe55989
+new file mode 100644
+index 000000000000..9b5523336acd
+Binary files /dev/null and b/fuzz/corpora/conf/7be71edab48092359b8b529aed8078651fe55989 differ
+diff --git a/fuzz/corpora/conf/7d3ef4c1a5a8a57fc8ceb33504f4189c058af97c b/fuzz/corpora/conf/7d3ef4c1a5a8a57fc8ceb33504f4189c058af97c
+new file mode 100644
+index 000000000000..1c140d1f3cd1
+Binary files /dev/null and b/fuzz/corpora/conf/7d3ef4c1a5a8a57fc8ceb33504f4189c058af97c differ
+diff --git a/fuzz/corpora/conf/843b262a89a395b83ae81aab67d18b7615b09edd b/fuzz/corpora/conf/843b262a89a395b83ae81aab67d18b7615b09edd
+new file mode 100644
+index 000000000000..f97e0a25f5e6
+Binary files /dev/null and b/fuzz/corpora/conf/843b262a89a395b83ae81aab67d18b7615b09edd differ
+diff --git a/fuzz/corpora/conf/870ce81562677caaec04f9fad25675948ada4548 b/fuzz/corpora/conf/870ce81562677caaec04f9fad25675948ada4548
+new file mode 100644
+index 000000000000..106d2b738bdd
+Binary files /dev/null and b/fuzz/corpora/conf/870ce81562677caaec04f9fad25675948ada4548 differ
+diff --git a/fuzz/corpora/conf/8741ff9930c2ed2581fceba48bc18dc196406f2d b/fuzz/corpora/conf/8741ff9930c2ed2581fceba48bc18dc196406f2d
+new file mode 100644
+index 000000000000..7287582bd3b9
+Binary files /dev/null and b/fuzz/corpora/conf/8741ff9930c2ed2581fceba48bc18dc196406f2d differ
+diff --git a/fuzz/corpora/conf/88b6ec59fafc68b3147e18276b82141fe2af0a8a b/fuzz/corpora/conf/88b6ec59fafc68b3147e18276b82141fe2af0a8a
+new file mode 100644
+index 000000000000..0b100ce93cb2
+Binary files /dev/null and b/fuzz/corpora/conf/88b6ec59fafc68b3147e18276b82141fe2af0a8a differ
+diff --git a/fuzz/corpora/conf/8aab6417743364f4ccfb7211396b2eaad96f3eb9 b/fuzz/corpora/conf/8aab6417743364f4ccfb7211396b2eaad96f3eb9
+new file mode 100644
+index 000000000000..ccc2574e9246
+Binary files /dev/null and b/fuzz/corpora/conf/8aab6417743364f4ccfb7211396b2eaad96f3eb9 differ
+diff --git a/fuzz/corpora/conf/8b791898f08e0f0809b7f986f6817241bb2da455 b/fuzz/corpora/conf/8b791898f08e0f0809b7f986f6817241bb2da455
+new file mode 100644
+index 000000000000..7ac8d2d9bec6
+Binary files /dev/null and b/fuzz/corpora/conf/8b791898f08e0f0809b7f986f6817241bb2da455 differ
+diff --git a/fuzz/corpora/conf/9188d52ce29d7290551198bda22bbfa44bdfe81e b/fuzz/corpora/conf/9188d52ce29d7290551198bda22bbfa44bdfe81e
+new file mode 100644
+index 000000000000..0f4a21924892
+Binary files /dev/null and b/fuzz/corpora/conf/9188d52ce29d7290551198bda22bbfa44bdfe81e differ
+diff --git a/fuzz/corpora/conf/9b269f988b4200de4f02c320f140aeaadc539a02 b/fuzz/corpora/conf/9b269f988b4200de4f02c320f140aeaadc539a02
+new file mode 100644
+index 000000000000..c84667d1f34b
+Binary files /dev/null and b/fuzz/corpora/conf/9b269f988b4200de4f02c320f140aeaadc539a02 differ
+diff --git a/fuzz/corpora/conf/9deb7180c9390c34a85f348792c30a20760f92ff b/fuzz/corpora/conf/9deb7180c9390c34a85f348792c30a20760f92ff
+new file mode 100644
+index 000000000000..55d92638e0b4
+Binary files /dev/null and b/fuzz/corpora/conf/9deb7180c9390c34a85f348792c30a20760f92ff differ
+diff --git a/fuzz/corpora/conf/a26f953c8f4679f53a59fc7e49bbdaa49e930ff1 b/fuzz/corpora/conf/a26f953c8f4679f53a59fc7e49bbdaa49e930ff1
+new file mode 100644
+index 000000000000..02fed96fcda6
+Binary files /dev/null and b/fuzz/corpora/conf/a26f953c8f4679f53a59fc7e49bbdaa49e930ff1 differ
+diff --git a/fuzz/corpora/conf/a4ff87829e3539e046d926395a4f1c57794b8434 b/fuzz/corpora/conf/a4ff87829e3539e046d926395a4f1c57794b8434
+new file mode 100644
+index 000000000000..9d19859a9521
+Binary files /dev/null and b/fuzz/corpora/conf/a4ff87829e3539e046d926395a4f1c57794b8434 differ
+diff --git a/fuzz/corpora/conf/a7660ee00618029b2f15f5c6a2bb1022af091217 b/fuzz/corpora/conf/a7660ee00618029b2f15f5c6a2bb1022af091217
+new file mode 100644
+index 000000000000..bf5657f6e97b
+Binary files /dev/null and b/fuzz/corpora/conf/a7660ee00618029b2f15f5c6a2bb1022af091217 differ
+diff --git a/fuzz/corpora/conf/a830e58da3c476118834c276e133bdbcbdeed6a2 b/fuzz/corpora/conf/a830e58da3c476118834c276e133bdbcbdeed6a2
+new file mode 100644
+index 000000000000..cda36dd4a38d
+Binary files /dev/null and b/fuzz/corpora/conf/a830e58da3c476118834c276e133bdbcbdeed6a2 differ
+diff --git a/fuzz/corpora/conf/aa4921e7aa9eb14194afdcbe81a916e4f0cae0c8 b/fuzz/corpora/conf/aa4921e7aa9eb14194afdcbe81a916e4f0cae0c8
+new file mode 100644
+index 000000000000..9feff6f3a3a4
+Binary files /dev/null and b/fuzz/corpora/conf/aa4921e7aa9eb14194afdcbe81a916e4f0cae0c8 differ
+diff --git a/fuzz/corpora/conf/b1eb86e3f5dede22e97d841c1750eaa3214b04d0 b/fuzz/corpora/conf/b1eb86e3f5dede22e97d841c1750eaa3214b04d0
+new file mode 100644
+index 000000000000..ce6bec266015
+Binary files /dev/null and b/fuzz/corpora/conf/b1eb86e3f5dede22e97d841c1750eaa3214b04d0 differ
+diff --git a/fuzz/corpora/conf/b26895be07a576d435ccb9203c1090536dc050ab b/fuzz/corpora/conf/b26895be07a576d435ccb9203c1090536dc050ab
+new file mode 100644
+index 000000000000..93524c6c84b1
+Binary files /dev/null and b/fuzz/corpora/conf/b26895be07a576d435ccb9203c1090536dc050ab differ
+diff --git a/fuzz/corpora/conf/b2a3ebaf7ac33c0ca99cc79a46878b8e9532a32b b/fuzz/corpora/conf/b2a3ebaf7ac33c0ca99cc79a46878b8e9532a32b
+new file mode 100644
+index 000000000000..8d3f94008848
+Binary files /dev/null and b/fuzz/corpora/conf/b2a3ebaf7ac33c0ca99cc79a46878b8e9532a32b differ
+diff --git a/fuzz/corpora/conf/b3c742415434b1fb8b5ac8a9c58f759041ddca3d b/fuzz/corpora/conf/b3c742415434b1fb8b5ac8a9c58f759041ddca3d
+new file mode 100644
+index 000000000000..cf46147a0f33
+Binary files /dev/null and b/fuzz/corpora/conf/b3c742415434b1fb8b5ac8a9c58f759041ddca3d differ
+diff --git a/fuzz/corpora/conf/b751ddf8d50616d03bbf1d065fb2fb8a35a81628 b/fuzz/corpora/conf/b751ddf8d50616d03bbf1d065fb2fb8a35a81628
+new file mode 100644
+index 000000000000..87fd00a7b510
+Binary files /dev/null and b/fuzz/corpora/conf/b751ddf8d50616d03bbf1d065fb2fb8a35a81628 differ
+diff --git a/fuzz/corpora/conf/b84ca24d2485310906dcbbfd999afab549181f24 b/fuzz/corpora/conf/b84ca24d2485310906dcbbfd999afab549181f24
+new file mode 100644
+index 000000000000..b6f3c95d3082
+Binary files /dev/null and b/fuzz/corpora/conf/b84ca24d2485310906dcbbfd999afab549181f24 differ
+diff --git a/fuzz/corpora/conf/bd0068438d2b1052914c21ba6a93a0719de63b47 b/fuzz/corpora/conf/bd0068438d2b1052914c21ba6a93a0719de63b47
+new file mode 100644
+index 000000000000..447200dd536b
+Binary files /dev/null and b/fuzz/corpora/conf/bd0068438d2b1052914c21ba6a93a0719de63b47 differ
+diff --git a/fuzz/corpora/conf/bdec413475dad1f667177c5b31336c0c1c5762ab b/fuzz/corpora/conf/bdec413475dad1f667177c5b31336c0c1c5762ab
+new file mode 100644
+index 000000000000..5c22c0d954b7
+Binary files /dev/null and b/fuzz/corpora/conf/bdec413475dad1f667177c5b31336c0c1c5762ab differ
+diff --git a/fuzz/corpora/conf/bfb51ca75e669248eaf4800ef7cd3295b43e9149 b/fuzz/corpora/conf/bfb51ca75e669248eaf4800ef7cd3295b43e9149
+new file mode 100644
+index 000000000000..c651cf3daa52
+Binary files /dev/null and b/fuzz/corpora/conf/bfb51ca75e669248eaf4800ef7cd3295b43e9149 differ
+diff --git a/fuzz/corpora/conf/c1a437e45bb2364a9e773714798b3211b123046c b/fuzz/corpora/conf/c1a437e45bb2364a9e773714798b3211b123046c
+new file mode 100644
+index 000000000000..24fda00306b1
+Binary files /dev/null and b/fuzz/corpora/conf/c1a437e45bb2364a9e773714798b3211b123046c differ
+diff --git a/fuzz/corpora/conf/c1af8bfa945129dca428a263e75404d0661c79b4 b/fuzz/corpora/conf/c1af8bfa945129dca428a263e75404d0661c79b4
+new file mode 100644
+index 000000000000..16eb080856df
+Binary files /dev/null and b/fuzz/corpora/conf/c1af8bfa945129dca428a263e75404d0661c79b4 differ
+diff --git a/fuzz/corpora/conf/c74e49cd79f1707f3ecb5d0db943f88fdba771c2 b/fuzz/corpora/conf/c74e49cd79f1707f3ecb5d0db943f88fdba771c2
+new file mode 100644
+index 000000000000..40fc9f4b0d50
+Binary files /dev/null and b/fuzz/corpora/conf/c74e49cd79f1707f3ecb5d0db943f88fdba771c2 differ
+diff --git a/fuzz/corpora/conf/d548e836721c7c71da7b21cff50e036a6298a5b5 b/fuzz/corpora/conf/d548e836721c7c71da7b21cff50e036a6298a5b5
+new file mode 100644
+index 000000000000..8bfe2428babf
+Binary files /dev/null and b/fuzz/corpora/conf/d548e836721c7c71da7b21cff50e036a6298a5b5 differ
+diff --git a/fuzz/corpora/conf/d6f8126dc3deaa249de103e67ff709f02d7fc9f7 b/fuzz/corpora/conf/d6f8126dc3deaa249de103e67ff709f02d7fc9f7
+new file mode 100644
+index 000000000000..534192ef5d6d
+Binary files /dev/null and b/fuzz/corpora/conf/d6f8126dc3deaa249de103e67ff709f02d7fc9f7 differ
+diff --git a/fuzz/corpora/conf/d9ab972e041f2dc0c83aa0b41480611f7444f699 b/fuzz/corpora/conf/d9ab972e041f2dc0c83aa0b41480611f7444f699
+new file mode 100644
+index 000000000000..f36cbfae9d14
+Binary files /dev/null and b/fuzz/corpora/conf/d9ab972e041f2dc0c83aa0b41480611f7444f699 differ
+diff --git a/fuzz/corpora/conf/db84bbe10f7e4e1b27114feb020b764eea28289f b/fuzz/corpora/conf/db84bbe10f7e4e1b27114feb020b764eea28289f
+new file mode 100644
+index 000000000000..77b054a92bfb
+Binary files /dev/null and b/fuzz/corpora/conf/db84bbe10f7e4e1b27114feb020b764eea28289f differ
+diff --git a/fuzz/corpora/conf/dd46a51ce6526eec344a7c90e55c3bdb9f3c5ebd b/fuzz/corpora/conf/dd46a51ce6526eec344a7c90e55c3bdb9f3c5ebd
+new file mode 100644
+index 000000000000..45f017c08139
+Binary files /dev/null and b/fuzz/corpora/conf/dd46a51ce6526eec344a7c90e55c3bdb9f3c5ebd differ
+diff --git a/fuzz/corpora/conf/e12a34439a29987515c3103b3ba4a3a74464c63a b/fuzz/corpora/conf/e12a34439a29987515c3103b3ba4a3a74464c63a
+new file mode 100644
+index 000000000000..42b9d260dc3c
+Binary files /dev/null and b/fuzz/corpora/conf/e12a34439a29987515c3103b3ba4a3a74464c63a differ
+diff --git a/fuzz/corpora/conf/ea868097fc454660f068e4e326452d40e5f0cb1c b/fuzz/corpora/conf/ea868097fc454660f068e4e326452d40e5f0cb1c
+new file mode 100644
+index 000000000000..002c8f169e9d
+Binary files /dev/null and b/fuzz/corpora/conf/ea868097fc454660f068e4e326452d40e5f0cb1c differ
+diff --git a/fuzz/corpora/conf/f1057a26b702ab798551e912e6adc60da339cdc8 b/fuzz/corpora/conf/f1057a26b702ab798551e912e6adc60da339cdc8
+new file mode 100644
+index 000000000000..7dc0c1974a3c
+Binary files /dev/null and b/fuzz/corpora/conf/f1057a26b702ab798551e912e6adc60da339cdc8 differ
+diff --git a/fuzz/corpora/conf/f9ccb39b87d7161abee5f2b857650f8ef76d97b6 b/fuzz/corpora/conf/f9ccb39b87d7161abee5f2b857650f8ef76d97b6
+new file mode 100644
+index 000000000000..9ac5131a5ace
+Binary files /dev/null and b/fuzz/corpora/conf/f9ccb39b87d7161abee5f2b857650f8ef76d97b6 differ
+diff --git a/fuzz/corpora/conf/fee886c817c6f68f1d974747449c552c9daf4481 b/fuzz/corpora/conf/fee886c817c6f68f1d974747449c552c9daf4481
+new file mode 100644
+index 000000000000..26ac10a44787
+Binary files /dev/null and b/fuzz/corpora/conf/fee886c817c6f68f1d974747449c552c9daf4481 differ
+diff --git a/fuzz/corpora/server/00d84822aa5b6fb48752005041e4dbb35415329b b/fuzz/corpora/server/00d84822aa5b6fb48752005041e4dbb35415329b
+new file mode 100644
+index 000000000000..d04501be0dd7
+Binary files /dev/null and b/fuzz/corpora/server/00d84822aa5b6fb48752005041e4dbb35415329b differ
+diff --git a/fuzz/corpora/server/03a2b738c9650dc2f784940db325d78b05af64e9 b/fuzz/corpora/server/03a2b738c9650dc2f784940db325d78b05af64e9
+new file mode 100644
+index 000000000000..71c0936ccf32
+Binary files /dev/null and b/fuzz/corpora/server/03a2b738c9650dc2f784940db325d78b05af64e9 differ
+diff --git a/fuzz/corpora/server/05cb9e47e5f09ad3a98a43789a3f6ad0a40fa71c b/fuzz/corpora/server/05cb9e47e5f09ad3a98a43789a3f6ad0a40fa71c
+new file mode 100644
+index 000000000000..abb6dcd6d298
+Binary files /dev/null and b/fuzz/corpora/server/05cb9e47e5f09ad3a98a43789a3f6ad0a40fa71c differ
+diff --git a/fuzz/corpora/server/0acc2c1d95cf88788848e8fadfc50c4597b28000 b/fuzz/corpora/server/0acc2c1d95cf88788848e8fadfc50c4597b28000
+new file mode 100644
+index 000000000000..f5611d8f665c
+Binary files /dev/null and b/fuzz/corpora/server/0acc2c1d95cf88788848e8fadfc50c4597b28000 differ
+diff --git a/fuzz/corpora/server/0e78f126c2272ca40b1dfc7544c8994d2daf72a0 b/fuzz/corpora/server/0e78f126c2272ca40b1dfc7544c8994d2daf72a0
+new file mode 100644
+index 000000000000..753fb8595849
+Binary files /dev/null and b/fuzz/corpora/server/0e78f126c2272ca40b1dfc7544c8994d2daf72a0 differ
+diff --git a/fuzz/corpora/server/16fa1a2d494abd2bf3c211df08388ab202434c3a b/fuzz/corpora/server/16fa1a2d494abd2bf3c211df08388ab202434c3a
+new file mode 100644
+index 000000000000..05c216407e9c
+Binary files /dev/null and b/fuzz/corpora/server/16fa1a2d494abd2bf3c211df08388ab202434c3a differ
+diff --git a/fuzz/corpora/server/1a36089449687faaaad64f48d547bf1e25f6ef7f b/fuzz/corpora/server/1a36089449687faaaad64f48d547bf1e25f6ef7f
+new file mode 100644
+index 000000000000..cb3adf786b41
+Binary files /dev/null and b/fuzz/corpora/server/1a36089449687faaaad64f48d547bf1e25f6ef7f differ
+diff --git a/fuzz/corpora/server/1d4e35f876cadf708fd9383def5d05996938b27f b/fuzz/corpora/server/1d4e35f876cadf708fd9383def5d05996938b27f
+new file mode 100644
+index 000000000000..6a922271c49f
+Binary files /dev/null and b/fuzz/corpora/server/1d4e35f876cadf708fd9383def5d05996938b27f differ
+diff --git a/fuzz/corpora/server/1ddeb202fe4f0c0ed555cb4db6065add121da8a4 b/fuzz/corpora/server/1ddeb202fe4f0c0ed555cb4db6065add121da8a4
+new file mode 100644
+index 000000000000..5275a9124e36
+Binary files /dev/null and b/fuzz/corpora/server/1ddeb202fe4f0c0ed555cb4db6065add121da8a4 differ
+diff --git a/fuzz/corpora/server/1f354e139279b9421660f235117a88130dea07d3 b/fuzz/corpora/server/1f354e139279b9421660f235117a88130dea07d3
+new file mode 100644
+index 000000000000..8c861010426e
+Binary files /dev/null and b/fuzz/corpora/server/1f354e139279b9421660f235117a88130dea07d3 differ
+diff --git a/fuzz/corpora/server/202162f9f306451d8f053813240d2f3f5ba89293 b/fuzz/corpora/server/202162f9f306451d8f053813240d2f3f5ba89293
+new file mode 100644
+index 000000000000..20209fa97f70
+Binary files /dev/null and b/fuzz/corpora/server/202162f9f306451d8f053813240d2f3f5ba89293 differ
+diff --git a/fuzz/corpora/server/278661fa282247156455f1cc68d404f6ea6431dc b/fuzz/corpora/server/278661fa282247156455f1cc68d404f6ea6431dc
+new file mode 100644
+index 000000000000..8a8a6c6d9495
+Binary files /dev/null and b/fuzz/corpora/server/278661fa282247156455f1cc68d404f6ea6431dc differ
+diff --git a/fuzz/corpora/server/2e080345b5a3e38f86f00b81ea5d48317ba1e63e b/fuzz/corpora/server/2e080345b5a3e38f86f00b81ea5d48317ba1e63e
+new file mode 100644
+index 000000000000..37b0fef8568f
+Binary files /dev/null and b/fuzz/corpora/server/2e080345b5a3e38f86f00b81ea5d48317ba1e63e differ
+diff --git a/fuzz/corpora/server/31567eb87d6450a43b56fc04b252cd17bca55928 b/fuzz/corpora/server/31567eb87d6450a43b56fc04b252cd17bca55928
+new file mode 100644
+index 000000000000..819a551cbae9
+Binary files /dev/null and b/fuzz/corpora/server/31567eb87d6450a43b56fc04b252cd17bca55928 differ
+diff --git a/fuzz/corpora/server/329fc00b5325b7fbf655d4a1cca68811895c2ede b/fuzz/corpora/server/329fc00b5325b7fbf655d4a1cca68811895c2ede
+new file mode 100644
+index 000000000000..b63b3aebc6e8
+Binary files /dev/null and b/fuzz/corpora/server/329fc00b5325b7fbf655d4a1cca68811895c2ede differ
+diff --git a/fuzz/corpora/server/3db8911ae75aebc89ade50a6dd23f3b212fc25df b/fuzz/corpora/server/3db8911ae75aebc89ade50a6dd23f3b212fc25df
+new file mode 100644
+index 000000000000..b02935c69457
+Binary files /dev/null and b/fuzz/corpora/server/3db8911ae75aebc89ade50a6dd23f3b212fc25df differ
+diff --git a/fuzz/corpora/server/3f49bcd68e713a4d6470a82f06cfe124b07b812c b/fuzz/corpora/server/3f49bcd68e713a4d6470a82f06cfe124b07b812c
+new file mode 100644
+index 000000000000..b360945d4008
+Binary files /dev/null and b/fuzz/corpora/server/3f49bcd68e713a4d6470a82f06cfe124b07b812c differ
+diff --git a/fuzz/corpora/server/3fb838543c3019d83471309c61c8bc2c507a30d4 b/fuzz/corpora/server/3fb838543c3019d83471309c61c8bc2c507a30d4
+new file mode 100644
+index 000000000000..60ca909c2a32
+Binary files /dev/null and b/fuzz/corpora/server/3fb838543c3019d83471309c61c8bc2c507a30d4 differ
+diff --git a/fuzz/corpora/server/4185e575c03b7d10c0b2d8f51f95b126a7c9ff27 b/fuzz/corpora/server/4185e575c03b7d10c0b2d8f51f95b126a7c9ff27
+new file mode 100644
+index 000000000000..ade328aa3ee5
+Binary files /dev/null and b/fuzz/corpora/server/4185e575c03b7d10c0b2d8f51f95b126a7c9ff27 differ
+diff --git a/fuzz/corpora/server/42b49934137fdb5a258a9d23cd3f1f4df350e5ab b/fuzz/corpora/server/42b49934137fdb5a258a9d23cd3f1f4df350e5ab
+new file mode 100644
+index 000000000000..57e66ef9a1ad
+Binary files /dev/null and b/fuzz/corpora/server/42b49934137fdb5a258a9d23cd3f1f4df350e5ab differ
+diff --git a/fuzz/corpora/server/452a3866c94029fa4f4d19fff220f1696e79820b b/fuzz/corpora/server/452a3866c94029fa4f4d19fff220f1696e79820b
+new file mode 100644
+index 000000000000..7b6817715c47
+Binary files /dev/null and b/fuzz/corpora/server/452a3866c94029fa4f4d19fff220f1696e79820b differ
+diff --git a/fuzz/corpora/server/48c3066f502f091bdfc7082655e4f50a4fdd8a29 b/fuzz/corpora/server/48c3066f502f091bdfc7082655e4f50a4fdd8a29
+new file mode 100644
+index 000000000000..a5daa32a456a
+Binary files /dev/null and b/fuzz/corpora/server/48c3066f502f091bdfc7082655e4f50a4fdd8a29 differ
+diff --git a/fuzz/corpora/server/4c2d4fca8ba68fa29bcabc1f282570873dc87ae3 b/fuzz/corpora/server/4c2d4fca8ba68fa29bcabc1f282570873dc87ae3
+new file mode 100644
+index 000000000000..7948c5f0d4eb
+Binary files /dev/null and b/fuzz/corpora/server/4c2d4fca8ba68fa29bcabc1f282570873dc87ae3 differ
+diff --git a/fuzz/corpora/server/4c551ab843a0087bd2bda5ca2553259936def6bb b/fuzz/corpora/server/4c551ab843a0087bd2bda5ca2553259936def6bb
+new file mode 100644
+index 000000000000..104e731e4a1a
+Binary files /dev/null and b/fuzz/corpora/server/4c551ab843a0087bd2bda5ca2553259936def6bb differ
+diff --git a/fuzz/corpora/server/555859c6820a2b0b1c689fb32b97a26e537dc423 b/fuzz/corpora/server/555859c6820a2b0b1c689fb32b97a26e537dc423
+new file mode 100644
+index 000000000000..a01cbec235fe
+Binary files /dev/null and b/fuzz/corpora/server/555859c6820a2b0b1c689fb32b97a26e537dc423 differ
+diff --git a/fuzz/corpora/server/5bd5e4edc3c1fe3617f0ceb512ef64aa02312eea b/fuzz/corpora/server/5bd5e4edc3c1fe3617f0ceb512ef64aa02312eea
+new file mode 100644
+index 000000000000..63d479ec27f1
+Binary files /dev/null and b/fuzz/corpora/server/5bd5e4edc3c1fe3617f0ceb512ef64aa02312eea differ
+diff --git a/fuzz/corpora/server/5fb0d03a2cf462fbf42d3e09a63e5720e94dd8fc b/fuzz/corpora/server/5fb0d03a2cf462fbf42d3e09a63e5720e94dd8fc
+new file mode 100644
+index 000000000000..6334b0d45b6f
+Binary files /dev/null and b/fuzz/corpora/server/5fb0d03a2cf462fbf42d3e09a63e5720e94dd8fc differ
+diff --git a/fuzz/corpora/server/60dd92879d5b6802af3a79ab8c109957cc69b10d b/fuzz/corpora/server/60dd92879d5b6802af3a79ab8c109957cc69b10d
+new file mode 100644
+index 000000000000..c74cc0342a48
+Binary files /dev/null and b/fuzz/corpora/server/60dd92879d5b6802af3a79ab8c109957cc69b10d differ
+diff --git a/fuzz/corpora/server/6434e9d3629b10e159ffbaadc201b459389f7dfa b/fuzz/corpora/server/6434e9d3629b10e159ffbaadc201b459389f7dfa
+new file mode 100644
+index 000000000000..4691f3d56434
+Binary files /dev/null and b/fuzz/corpora/server/6434e9d3629b10e159ffbaadc201b459389f7dfa differ
+diff --git a/fuzz/corpora/server/647a54e4ece166f05b4ef2b5164bb50cacb7100e b/fuzz/corpora/server/647a54e4ece166f05b4ef2b5164bb50cacb7100e
+new file mode 100644
+index 000000000000..d0459cc3f230
+Binary files /dev/null and b/fuzz/corpora/server/647a54e4ece166f05b4ef2b5164bb50cacb7100e differ
+diff --git a/fuzz/corpora/server/65c7302da031984e824a22a5c89ec888c77f6e34 b/fuzz/corpora/server/65c7302da031984e824a22a5c89ec888c77f6e34
+new file mode 100644
+index 000000000000..3689fe6e5e48
+Binary files /dev/null and b/fuzz/corpora/server/65c7302da031984e824a22a5c89ec888c77f6e34 differ
+diff --git a/fuzz/corpora/server/6703ba213cbaae9fc31089243ceed2c9c9bf77d9 b/fuzz/corpora/server/6703ba213cbaae9fc31089243ceed2c9c9bf77d9
+new file mode 100644
+index 000000000000..47d2e4e47659
+Binary files /dev/null and b/fuzz/corpora/server/6703ba213cbaae9fc31089243ceed2c9c9bf77d9 differ
+diff --git a/fuzz/corpora/server/67ce0e211ae45b6d69f39f80f3362c0cdad7486b b/fuzz/corpora/server/67ce0e211ae45b6d69f39f80f3362c0cdad7486b
+new file mode 100644
+index 000000000000..364f9a3de247
+Binary files /dev/null and b/fuzz/corpora/server/67ce0e211ae45b6d69f39f80f3362c0cdad7486b differ
+diff --git a/fuzz/corpora/server/6f403d09540861099b00317576af7c48525cb526 b/fuzz/corpora/server/6f403d09540861099b00317576af7c48525cb526
+new file mode 100644
+index 000000000000..b8c9faf3d655
+Binary files /dev/null and b/fuzz/corpora/server/6f403d09540861099b00317576af7c48525cb526 differ
+diff --git a/fuzz/corpora/server/6f4fd301492374265b13a1c4f4fd1a1fe5c8a69c b/fuzz/corpora/server/6f4fd301492374265b13a1c4f4fd1a1fe5c8a69c
+new file mode 100644
+index 000000000000..1042ebfdd6b0
+Binary files /dev/null and b/fuzz/corpora/server/6f4fd301492374265b13a1c4f4fd1a1fe5c8a69c differ
+diff --git a/fuzz/corpora/server/71ab7b71ea3f94ab730bfd1b120cdc437abf188b b/fuzz/corpora/server/71ab7b71ea3f94ab730bfd1b120cdc437abf188b
+new file mode 100644
+index 000000000000..e6a566bd203c
+Binary files /dev/null and b/fuzz/corpora/server/71ab7b71ea3f94ab730bfd1b120cdc437abf188b differ
+diff --git a/fuzz/corpora/server/7404c4cd1b3e25c2d3928ad84eb83173bc100c01 b/fuzz/corpora/server/7404c4cd1b3e25c2d3928ad84eb83173bc100c01
+new file mode 100644
+index 000000000000..056e0dc829fe
+Binary files /dev/null and b/fuzz/corpora/server/7404c4cd1b3e25c2d3928ad84eb83173bc100c01 differ
+diff --git a/fuzz/corpora/server/7bde5e8b01fb87ae67b83943ef391d79101d86c6 b/fuzz/corpora/server/7bde5e8b01fb87ae67b83943ef391d79101d86c6
+new file mode 100644
+index 000000000000..cd66a86499aa
+Binary files /dev/null and b/fuzz/corpora/server/7bde5e8b01fb87ae67b83943ef391d79101d86c6 differ
+diff --git a/fuzz/corpora/server/7f8f856f9c4095f0affffd94c6ed755ddc6b0ab7 b/fuzz/corpora/server/7f8f856f9c4095f0affffd94c6ed755ddc6b0ab7
+new file mode 100644
+index 000000000000..8cfbf5e1660d
+Binary files /dev/null and b/fuzz/corpora/server/7f8f856f9c4095f0affffd94c6ed755ddc6b0ab7 differ
+diff --git a/fuzz/corpora/server/8048feda962802c604c2d31cd64c7b3485d8b013 b/fuzz/corpora/server/8048feda962802c604c2d31cd64c7b3485d8b013
+new file mode 100644
+index 000000000000..798e813836a9
+Binary files /dev/null and b/fuzz/corpora/server/8048feda962802c604c2d31cd64c7b3485d8b013 differ
+diff --git a/fuzz/corpora/server/80e9bca075a47f9ee831d63ff0e5e1e090116864 b/fuzz/corpora/server/80e9bca075a47f9ee831d63ff0e5e1e090116864
+new file mode 100644
+index 000000000000..f5b05c80a3ab
+Binary files /dev/null and b/fuzz/corpora/server/80e9bca075a47f9ee831d63ff0e5e1e090116864 differ
+diff --git a/fuzz/corpora/server/81fb66262d2a3ab2645581597922afbefb4709ee b/fuzz/corpora/server/81fb66262d2a3ab2645581597922afbefb4709ee
+new file mode 100644
+index 000000000000..2d6fa3a54377
+Binary files /dev/null and b/fuzz/corpora/server/81fb66262d2a3ab2645581597922afbefb4709ee differ
+diff --git a/fuzz/corpora/server/826b5ba931a9d31b8f62eaebcb794842ab4fa272 b/fuzz/corpora/server/826b5ba931a9d31b8f62eaebcb794842ab4fa272
+new file mode 100644
+index 000000000000..a0d1ea663f2e
+Binary files /dev/null and b/fuzz/corpora/server/826b5ba931a9d31b8f62eaebcb794842ab4fa272 differ
+diff --git a/fuzz/corpora/server/85da2ddda10d1fd2acafdaa1bbed9d8524ccda6b b/fuzz/corpora/server/85da2ddda10d1fd2acafdaa1bbed9d8524ccda6b
+new file mode 100644
+index 000000000000..1b6acbb3d133
+Binary files /dev/null and b/fuzz/corpora/server/85da2ddda10d1fd2acafdaa1bbed9d8524ccda6b differ
+diff --git a/fuzz/corpora/server/884e41730d1243abec8390061fce441d4203d4de b/fuzz/corpora/server/884e41730d1243abec8390061fce441d4203d4de
+new file mode 100644
+index 000000000000..b6c4c58d0bae
+Binary files /dev/null and b/fuzz/corpora/server/884e41730d1243abec8390061fce441d4203d4de differ
+diff --git a/fuzz/corpora/server/8d1571bfcc6b1d9e2291776435d633ee1e9efc34 b/fuzz/corpora/server/8d1571bfcc6b1d9e2291776435d633ee1e9efc34
+new file mode 100644
+index 000000000000..911c0aca5e0a
+Binary files /dev/null and b/fuzz/corpora/server/8d1571bfcc6b1d9e2291776435d633ee1e9efc34 differ
+diff --git a/fuzz/corpora/server/9a9f6c51e03fc4e51570f9c65f363a4b6b370e84 b/fuzz/corpora/server/9a9f6c51e03fc4e51570f9c65f363a4b6b370e84
+new file mode 100644
+index 000000000000..1c3778511985
+Binary files /dev/null and b/fuzz/corpora/server/9a9f6c51e03fc4e51570f9c65f363a4b6b370e84 differ
+diff --git a/fuzz/corpora/server/9bc58cf79267d67feda542cabad7ae62a6e60e7f b/fuzz/corpora/server/9bc58cf79267d67feda542cabad7ae62a6e60e7f
+new file mode 100644
+index 000000000000..0b6c5b088631
+Binary files /dev/null and b/fuzz/corpora/server/9bc58cf79267d67feda542cabad7ae62a6e60e7f differ
+diff --git a/fuzz/corpora/server/abb116c4143eb3be9d6f8fbe91fc2a0e502f0475 b/fuzz/corpora/server/abb116c4143eb3be9d6f8fbe91fc2a0e502f0475
+new file mode 100644
+index 000000000000..ca08fdeefebc
+Binary files /dev/null and b/fuzz/corpora/server/abb116c4143eb3be9d6f8fbe91fc2a0e502f0475 differ
+diff --git a/fuzz/corpora/server/ad73381d720d12fd4bded78fb48c25f92e21645c b/fuzz/corpora/server/ad73381d720d12fd4bded78fb48c25f92e21645c
+new file mode 100644
+index 000000000000..558439c23a66
+Binary files /dev/null and b/fuzz/corpora/server/ad73381d720d12fd4bded78fb48c25f92e21645c differ
+diff --git a/fuzz/corpora/server/b4d864c441c24cbd36276f5ea21e747a057aa8fc b/fuzz/corpora/server/b4d864c441c24cbd36276f5ea21e747a057aa8fc
+new file mode 100644
+index 000000000000..42768d641af4
+Binary files /dev/null and b/fuzz/corpora/server/b4d864c441c24cbd36276f5ea21e747a057aa8fc differ
+diff --git a/fuzz/corpora/server/b6c2977a4b00c916e90d5758d982ae6c75d67200 b/fuzz/corpora/server/b6c2977a4b00c916e90d5758d982ae6c75d67200
+new file mode 100644
+index 000000000000..f73d803940c4
+Binary files /dev/null and b/fuzz/corpora/server/b6c2977a4b00c916e90d5758d982ae6c75d67200 differ
+diff --git a/fuzz/corpora/server/bd742ea29dd6c69983df2627e6e6df4ae2f52b6c b/fuzz/corpora/server/bd742ea29dd6c69983df2627e6e6df4ae2f52b6c
+new file mode 100644
+index 000000000000..98e7ca9e4338
+Binary files /dev/null and b/fuzz/corpora/server/bd742ea29dd6c69983df2627e6e6df4ae2f52b6c differ
+diff --git a/fuzz/corpora/server/be132fc41e853a231b564a2c77efbd34f86b2e26 b/fuzz/corpora/server/be132fc41e853a231b564a2c77efbd34f86b2e26
+new file mode 100644
+index 000000000000..ccaaae2cd3dc
+Binary files /dev/null and b/fuzz/corpora/server/be132fc41e853a231b564a2c77efbd34f86b2e26 differ
+diff --git a/fuzz/corpora/server/c0a1d768b0695cc7657268572121c511973f36a3 b/fuzz/corpora/server/c0a1d768b0695cc7657268572121c511973f36a3
+new file mode 100644
+index 000000000000..09f3dc36ac5a
+Binary files /dev/null and b/fuzz/corpora/server/c0a1d768b0695cc7657268572121c511973f36a3 differ
+diff --git a/fuzz/corpora/server/c634eccff951065fe4775ab68e2c34b9044c2388 b/fuzz/corpora/server/c634eccff951065fe4775ab68e2c34b9044c2388
+new file mode 100644
+index 000000000000..df3b036b8bb3
+Binary files /dev/null and b/fuzz/corpora/server/c634eccff951065fe4775ab68e2c34b9044c2388 differ
+diff --git a/fuzz/corpora/server/cb30183a0feee7a77c9c0ac94675b2e40f6a061f b/fuzz/corpora/server/cb30183a0feee7a77c9c0ac94675b2e40f6a061f
+new file mode 100644
+index 000000000000..d50fd02d2eb3
+Binary files /dev/null and b/fuzz/corpora/server/cb30183a0feee7a77c9c0ac94675b2e40f6a061f differ
+diff --git a/fuzz/corpora/server/ccb9ba1720ea08aac679f58664e7ad91f9450de4 b/fuzz/corpora/server/ccb9ba1720ea08aac679f58664e7ad91f9450de4
+new file mode 100644
+index 000000000000..64d0e27eda60
+Binary files /dev/null and b/fuzz/corpora/server/ccb9ba1720ea08aac679f58664e7ad91f9450de4 differ
+diff --git a/fuzz/corpora/server/cf03c2f24d9f024b5537f9cfe5e0aeb54550d08a b/fuzz/corpora/server/cf03c2f24d9f024b5537f9cfe5e0aeb54550d08a
+new file mode 100644
+index 000000000000..c0f90fc089cf
+Binary files /dev/null and b/fuzz/corpora/server/cf03c2f24d9f024b5537f9cfe5e0aeb54550d08a differ
+diff --git a/fuzz/corpora/server/d035444251bff1cc77ed685b4b817387d9cf473e b/fuzz/corpora/server/d035444251bff1cc77ed685b4b817387d9cf473e
+new file mode 100644
+index 000000000000..ffe2e1d96fec
+Binary files /dev/null and b/fuzz/corpora/server/d035444251bff1cc77ed685b4b817387d9cf473e differ
+diff --git a/fuzz/corpora/server/d10d61eb942db78d943faca1880d55971bfe1e44 b/fuzz/corpora/server/d10d61eb942db78d943faca1880d55971bfe1e44
+new file mode 100644
+index 000000000000..f21ff88d93b0
+Binary files /dev/null and b/fuzz/corpora/server/d10d61eb942db78d943faca1880d55971bfe1e44 differ
+diff --git a/fuzz/corpora/server/d3154759d89ea82c15937fe4162d153790c5ad3a b/fuzz/corpora/server/d3154759d89ea82c15937fe4162d153790c5ad3a
+new file mode 100644
+index 000000000000..a314bc9de53b
+Binary files /dev/null and b/fuzz/corpora/server/d3154759d89ea82c15937fe4162d153790c5ad3a differ
+diff --git a/fuzz/corpora/server/e10985e15084a2ad543839a6233546717028940f b/fuzz/corpora/server/e10985e15084a2ad543839a6233546717028940f
+new file mode 100644
+index 000000000000..a8f65a42b895
+Binary files /dev/null and b/fuzz/corpora/server/e10985e15084a2ad543839a6233546717028940f differ
+diff --git a/fuzz/corpora/server/e156eff53c46a7ce07d4b29683ab284280a931d8 b/fuzz/corpora/server/e156eff53c46a7ce07d4b29683ab284280a931d8
+new file mode 100644
+index 000000000000..07bed83ce2d4
+Binary files /dev/null and b/fuzz/corpora/server/e156eff53c46a7ce07d4b29683ab284280a931d8 differ
+diff --git a/fuzz/corpora/server/e2fb2f12f6fe36b4d96b83458a508802cc3b1122 b/fuzz/corpora/server/e2fb2f12f6fe36b4d96b83458a508802cc3b1122
+new file mode 100644
+index 000000000000..2b13460b9d80
+Binary files /dev/null and b/fuzz/corpora/server/e2fb2f12f6fe36b4d96b83458a508802cc3b1122 differ
+diff --git a/fuzz/corpora/server/e59d84c5523cc452b38d78d4461ebdea0dea22cc b/fuzz/corpora/server/e59d84c5523cc452b38d78d4461ebdea0dea22cc
+new file mode 100644
+index 000000000000..3c4bd51c8b63
+Binary files /dev/null and b/fuzz/corpora/server/e59d84c5523cc452b38d78d4461ebdea0dea22cc differ
+diff --git a/fuzz/corpora/server/e699cbb6df7876de54a8d3388202a9e76598a1a8 b/fuzz/corpora/server/e699cbb6df7876de54a8d3388202a9e76598a1a8
+new file mode 100644
+index 000000000000..b8612d7ab18c
+Binary files /dev/null and b/fuzz/corpora/server/e699cbb6df7876de54a8d3388202a9e76598a1a8 differ
+diff --git a/fuzz/corpora/server/e96eb670cd24fbda753fccd2e21c5f6c61d9f9ca b/fuzz/corpora/server/e96eb670cd24fbda753fccd2e21c5f6c61d9f9ca
+new file mode 100644
+index 000000000000..af4b9a2cd881
+Binary files /dev/null and b/fuzz/corpora/server/e96eb670cd24fbda753fccd2e21c5f6c61d9f9ca differ
+diff --git a/fuzz/corpora/server/eb2e11be910e605342e2c2b5c844a19109fcb7b0 b/fuzz/corpora/server/eb2e11be910e605342e2c2b5c844a19109fcb7b0
+new file mode 100644
+index 000000000000..fbdf219702f4
+Binary files /dev/null and b/fuzz/corpora/server/eb2e11be910e605342e2c2b5c844a19109fcb7b0 differ
+diff --git a/fuzz/corpora/server/eeccdde27cfc417c2f4802ef6a7edf778959a044 b/fuzz/corpora/server/eeccdde27cfc417c2f4802ef6a7edf778959a044
+new file mode 100644
+index 000000000000..444992ac9f50
+Binary files /dev/null and b/fuzz/corpora/server/eeccdde27cfc417c2f4802ef6a7edf778959a044 differ
+diff --git a/fuzz/corpora/server/f1c677b357abc2556d666bf47790a05d306a292d b/fuzz/corpora/server/f1c677b357abc2556d666bf47790a05d306a292d
+new file mode 100644
+index 000000000000..cdb9d1b80e5b
+Binary files /dev/null and b/fuzz/corpora/server/f1c677b357abc2556d666bf47790a05d306a292d differ
+diff --git a/fuzz/corpora/server/f72d871c7701796accd3a7ea2ed52eac37a23a10 b/fuzz/corpora/server/f72d871c7701796accd3a7ea2ed52eac37a23a10
+new file mode 100644
+index 000000000000..1d9f50df1e57
+Binary files /dev/null and b/fuzz/corpora/server/f72d871c7701796accd3a7ea2ed52eac37a23a10 differ
+diff --git a/fuzz/corpora/server/face440e5722d3ad8a05f4fcb4cff096d5002675 b/fuzz/corpora/server/face440e5722d3ad8a05f4fcb4cff096d5002675
+new file mode 100644
+index 000000000000..ce98f6a859fd
+Binary files /dev/null and b/fuzz/corpora/server/face440e5722d3ad8a05f4fcb4cff096d5002675 differ
+diff --git a/fuzz/ct.c b/fuzz/ct.c
+new file mode 100644
+index 000000000000..dbb7ab487242
+--- /dev/null
++++ b/fuzz/ct.c
+@@ -0,0 +1,24 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL licenses, (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ * https://www.openssl.org/source/license.html
++ * or in the file LICENSE in the source distribution.
++ */
++
++/*
++ * Fuzz the SCT parser.
++ */
++
++#include <stdio.h>
++#include <openssl/ct.h>
++#include "fuzzer.h"
++
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
++ const uint8_t **pp = &buf;
++ STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
++ SCT_LIST_free(scts);
++ return 0;
++}
+diff --git a/fuzz/driver.c b/fuzz/driver.c
+new file mode 100644
+index 000000000000..de515748cefc
+--- /dev/null
++++ b/fuzz/driver.c
+@@ -0,0 +1,51 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL licenses, (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ * https://www.openssl.org/source/license.html
++ * or in the file LICENSE in the source distribution.
++ */
++#include <stdint.h>
++#include <unistd.h>
++#include <openssl/opensslconf.h>
++#include "fuzzer.h"
++
++#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
++
++int LLVMFuzzerInitialize(int *argc, char ***argv)
++{
++ if (FuzzerInitialize)
++ return FuzzerInitialize(argc, argv);
++ return 0;
++}
++
++int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++ return FuzzerTestOneInput(buf, len);
++}
++
++#elif !defined(OPENSSL_NO_FUZZ_AFL)
++
++#define BUF_SIZE 65536
++
++int main(int argc, char** argv)
++{
++ if (FuzzerInitialize)
++ FuzzerInitialize(&argc, &argv);
++
++ while (__AFL_LOOP(10000)) {
++ uint8_t *buf = malloc(BUF_SIZE);
++ size_t size = read(0, buf, BUF_SIZE);
++
++ FuzzerTestOneInput(buf, size);
++ free(buf);
++ }
++ return 0;
++}
++
++#else
++
++#error "Unsupported fuzzer"
++
++#endif
diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h
new file mode 100644
-index 0000000..b3c3428
+index 000000000000..289aee2f6067
--- /dev/null
+++ b/fuzz/fuzzer.h
@@ -0,0 +1,12 @@
@@ -102947,15 +125286,22 @@
+ * or in the file LICENSE in the source distribution.
+ */
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len);
-+int LLVMFuzzerInitialize(int *argc, char ***argv);
++int FuzzerTestOneInput(const uint8_t *buf, size_t len);
++__attribute__((weak)) int FuzzerInitialize(int *argc, char ***argv);
diff --git a/fuzz/helper.py b/fuzz/helper.py
new file mode 100755
-index 0000000..75a9e12
+index 000000000000..f5f9d77daaf2
--- /dev/null
+++ b/fuzz/helper.py
-@@ -0,0 +1,45 @@
+@@ -0,0 +1,52 @@
+#!/usr/bin/python
++#
++# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
+"""Fuzzing helper, creates and uses corpus/crash directories.
+
@@ -103002,7 +125348,7 @@
+ main()
diff --git a/fuzz/server.c b/fuzz/server.c
new file mode 100644
-index 0000000..d3ed1ad
+index 000000000000..7b376c1abbe5
--- /dev/null
+++ b/fuzz/server.c
@@ -0,0 +1,237 @@
@@ -103216,7 +125562,7 @@
+ X509_free(cert);
+ }
+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
++int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ if (ctx == NULL)
+ Init();
+ // TODO: make this work for OpenSSL. There's a PREDICT define that may do
@@ -103244,7 +125590,7 @@
+ return 0;
+}
diff --git a/include/internal/bio.h b/include/internal/bio.h
-index 31fe1aa..3b6a6ac 100644
+index 31fe1aaaaf08..3b6a6ac4d2d5 100644
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@@ -1,55 +1,10 @@
@@ -103310,7 +125656,7 @@
#include <openssl/bio.h>
diff --git a/include/internal/comp.h b/include/internal/comp.h
-index 34bf147..ac6e38b 100644
+index 34bf14732580..ac6e38b47415 100644
--- a/include/internal/comp.h
+++ b/include/internal/comp.h
@@ -1,9 +1,10 @@
@@ -103329,7 +125675,7 @@
#include <openssl/comp.h>
diff --git a/include/internal/conf.h b/include/internal/conf.h
-index 2d48daf..8f3e09c 100644
+index 2d48daf5d059..8f3e09c896cf 100644
--- a/include/internal/conf.h
+++ b/include/internal/conf.h
@@ -1,40 +1,10 @@
@@ -103379,13 +125725,15 @@
#ifndef HEADER_INTERNAL_CONF_H
diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h
-index 8141173..d27fb14 100644
+index 81411735101e..d27fb14c806d 100644
--- a/include/internal/constant_time_locl.h
+++ b/include/internal/constant_time_locl.h
@@ -1,46 +1,10 @@
-/*-
- * Utilities for constant-time cryptography.
-- *
++/*
++ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Author: Emilia Kasper (emilia at openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
@@ -103421,9 +125769,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -103436,7 +125782,7 @@
#ifndef HEADER_CONSTANT_TIME_LOCL_H
diff --git a/include/internal/dane.h b/include/internal/dane.h
-index 1672849..65bf244 100644
+index 1672849c8328..65bf24439d93 100644
--- a/include/internal/dane.h
+++ b/include/internal/dane.h
@@ -1,60 +1,12 @@
@@ -103495,8 +125841,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -103517,7 +125864,7 @@
#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u)
diff --git a/include/internal/dso.h b/include/internal/dso.h
-index eeb16b1..d371fbe 100644
+index eeb16b12d214..d371fbe4656c 100644
--- a/include/internal/dso.h
+++ b/include/internal/dso.h
@@ -1,59 +1,10 @@
@@ -103654,7 +126001,7 @@
+# endif
#endif
diff --git a/include/internal/err.h b/include/internal/err.h
-index de2180b..d46b8bd 100644
+index de2180b34bfc..d46b8bdb2925 100644
--- a/include/internal/err.h
+++ b/include/internal/err.h
@@ -1,58 +1,10 @@
@@ -103722,7 +126069,7 @@
#ifndef INTERNAL_ERR_H
diff --git a/include/internal/numbers.h b/include/internal/numbers.h
-index da06dab..31931df 100644
+index da06dab7a6f6..31931df3c2ff 100644
--- a/include/internal/numbers.h
+++ b/include/internal/numbers.h
@@ -1,55 +1,10 @@
@@ -103788,7 +126135,7 @@
#ifndef HEADER_NUMBERS_H
diff --git a/include/internal/o_dir.h b/include/internal/o_dir.h
-index 427b37f..178c2ed 100644
+index 427b37fee8eb..178c2ed22929 100644
--- a/include/internal/o_dir.h
+++ b/include/internal/o_dir.h
@@ -1,4 +1,13 @@
@@ -103806,7 +126153,7 @@
* symbol names have been changed, with permission from the author.
*/
diff --git a/include/internal/o_str.h b/include/internal/o_str.h
-index 2db3485..86403c9 100644
+index 2db348575193..86403c9ee282 100644
--- a/include/internal/o_str.h
+++ b/include/internal/o_str.h
@@ -1,59 +1,10 @@
@@ -103885,7 +126232,7 @@
#endif
diff --git a/include/internal/threads.h b/include/internal/threads.h
deleted file mode 100644
-index 7897728..0000000
+index 78977281d792..000000000000
--- a/include/internal/threads.h
+++ /dev/null
@@ -1,92 +0,0 @@
@@ -103983,7 +126330,7 @@
-#endif
diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/include/openssl/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
-index 0000000..c350018
+index 000000000000..c350018ad190
--- /dev/null
+++ b/include/openssl/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
@@ -104005,7 +126352,7 @@
+#pragma names restore
diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/include/openssl/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
-index 0000000..9a9c777
+index 000000000000..9a9c777f93f8
--- /dev/null
+++ b/include/openssl/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
@@ -104031,7 +126378,7 @@
+#pragma names as_is,shortened
diff --git a/include/openssl/__decc_include_epilogue.h b/include/openssl/__decc_include_epilogue.h
deleted file mode 100644
-index 584384f..0000000
+index 584384f9c033..000000000000
--- a/include/openssl/__decc_include_epilogue.h
+++ /dev/null
@@ -1,7 +0,0 @@
@@ -104044,7 +126391,7 @@
-#pragma names restore
diff --git a/include/openssl/__decc_include_prologue.h b/include/openssl/__decc_include_prologue.h
deleted file mode 100644
-index 455181c..0000000
+index 455181cd6de3..000000000000
--- a/include/openssl/__decc_include_prologue.h
+++ /dev/null
@@ -1,11 +0,0 @@
@@ -104060,7 +126407,7 @@
- */
-#pragma names as_is,shortened
diff --git a/include/openssl/aes.h b/include/openssl/aes.h
-index ee12540..245c552 100644
+index ee1254067958..245c552abd05 100644
--- a/include/openssl/aes.h
+++ b/include/openssl/aes.h
@@ -1,51 +1,10 @@
@@ -104122,13 +126469,15 @@
#ifndef HEADER_AES_H
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
-index 4c30a74..a596126 100644
+index 4c30a7440011..7e2f72039f48 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -104176,9 +126525,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -104211,6 +126558,17 @@
typedef struct asn1_type_st {
int type;
union {
+@@ -839,8 +798,8 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+ void ASN1_add_oid_module(void);
+ void ASN1_add_stable_module(void);
+
+-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
++ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
++ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+ int ASN1_str2mask(const char *str, unsigned long *pmask);
+
+ /* ASN1 Print flags */
@@ -907,20 +866,19 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -104428,7 +126786,7 @@
#endif
diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h
new file mode 100644
-index 0000000..7ac1782
+index 000000000000..7ac1782a3f20
--- /dev/null
+++ b/include/openssl/asn1_mac.h
@@ -0,0 +1,10 @@
@@ -104443,7 +126801,7 @@
+
+#error "This file is obsolete; please update your software."
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
-index b680dea..ad17bab 100644
+index b680dea6dcf8..ad17babacbe8 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -1,60 +1,12 @@
@@ -104502,8 +126860,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -104532,7 +126891,7 @@
# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
diff --git a/include/openssl/async.h b/include/openssl/async.h
-index 635855f..160766a 100644
+index 635855f25887..160766af36dd 100644
--- a/include/openssl/async.h
+++ b/include/openssl/async.h
@@ -1,53 +1,10 @@
@@ -104541,7 +126900,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -104563,8 +126923,7 @@
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
@@ -104620,13 +126979,15 @@
+# endif
#endif
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
-index a168be0..4b6179f 100644
+index a168be085df4..4b6179f81892 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -104674,9 +127035,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -104714,19 +127073,13 @@
# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
# define BIO_get_app_data(s) BIO_get_ex_data(s,0)
-+# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-+
-+# ifndef OPENSSL_NO_SOCK
- /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
- /* Note: the underlying operating system may not support some of them */
+-/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
+-/* Note: the underlying operating system may not support some of them */
-# define BIO_FAMILY_IPV4 4
-# define BIO_FAMILY_IPV6 6
-# define BIO_FAMILY_IPANY 256
-+# define BIO_FAMILY_IPV4 4
-+# define BIO_FAMILY_IPV6 6
-+# define BIO_FAMILY_IPANY 256
-
- /* BIO_s_connect() */
+-
+-/* BIO_s_connect() */
-# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
@@ -104737,7 +127090,16 @@
-# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
-# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
-
--# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+ # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
++# ifndef OPENSSL_NO_SOCK
++/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
++/* Note: the underlying operating system may not support some of them */
++# define BIO_FAMILY_IPV4 4
++# define BIO_FAMILY_IPV6 6
++# define BIO_FAMILY_IPANY 256
++
++/* BIO_s_connect() */
+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
@@ -104747,7 +127109,7 @@
+# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL))
+# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
-
++
/* BIO_s_accept() */
-# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port)
@@ -104995,7 +127357,7 @@
+# endif
#endif
diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h
-index 5e0af53..cd3e460 100644
+index 5e0af533cf0a..cd3e460e98f3 100644
--- a/include/openssl/blowfish.h
+++ b/include/openssl/blowfish.h
@@ -1,58 +1,10 @@
@@ -105064,7 +127426,7 @@
#ifndef HEADER_BLOWFISH_H
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
-index d4aef37..e0f656a 100644
+index d4aef3773c13..e0f656a67b34 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -1,112 +1,12 @@
@@ -105225,13 +127587,15 @@
+# endif
#endif
diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h
-index f5b46dd..88409fd 100644
+index f5b46dd71a27..88409fd9eb9f 100644
--- a/include/openssl/buffer.h
+++ b/include/openssl/buffer.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -105279,9 +127643,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -105312,7 +127674,7 @@
+# endif
#endif
diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h
-index d05b392..151f3c1 100644
+index d05b39254908..151f3c134917 100644
--- a/include/openssl/camellia.h
+++ b/include/openssl/camellia.h
@@ -1,51 +1,10 @@
@@ -105374,7 +127736,7 @@
#ifndef HEADER_CAMELLIA_H
diff --git a/include/openssl/cast.h b/include/openssl/cast.h
-index c54d3c9..2cc89ae 100644
+index c54d3c9219d6..2cc89ae0133c 100644
--- a/include/openssl/cast.h
+++ b/include/openssl/cast.h
@@ -1,58 +1,10 @@
@@ -105443,7 +127805,7 @@
#ifndef HEADER_CAST_H
diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h
-index a621923..3535a9a 100644
+index a621923eb0a7..3535a9abf751 100644
--- a/include/openssl/cmac.h
+++ b/include/openssl/cmac.h
@@ -1,59 +1,17 @@
@@ -105453,7 +127815,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -105470,8 +127833,7 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -105521,7 +127883,7 @@
+# endif
#endif
diff --git a/include/openssl/cms.h b/include/openssl/cms.h
-index 5ae701e..57c877d 100644
+index 5ae701e5859a..57c877de9869 100644
--- a/include/openssl/cms.h
+++ b/include/openssl/cms.h
@@ -1,54 +1,10 @@
@@ -105531,7 +127893,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -105553,8 +127916,7 @@
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
@@ -105613,7 +127975,7 @@
-
#endif
diff --git a/include/openssl/comp.h b/include/openssl/comp.h
-index d2537f8..520d709 100644
+index d2537f8d560b..520d709a6f78 100644
--- a/include/openssl/comp.h
+++ b/include/openssl/comp.h
@@ -1,58 +1,12 @@
@@ -105702,13 +128064,15 @@
-
#endif
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
-index 5f7f547..147d27b 100644
+index 5f7f54707aa3..147d27bb2a9d 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -105756,9 +128120,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -105815,7 +128177,7 @@
+# endif
#endif
diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h
-index fd6f32e..a0275ad 100644
+index fd6f32e16d9a..a0275ad79bc4 100644
--- a/include/openssl/conf_api.h
+++ b/include/openssl/conf_api.h
@@ -1,58 +1,10 @@
@@ -105884,7 +128246,7 @@
#ifndef HEADER_CONF_API_H
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
-index 968b1b3..c4b31d9 100644
+index 968b1b39281a..c4b31d92f32b 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -1,112 +1,12 @@
@@ -105939,8 +128301,14 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-- *
-- */
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
+ */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
@@ -105991,18 +128359,12 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
+- */
+
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
@@ -106130,7 +128492,7 @@
+# endif
#endif
diff --git a/include/openssl/ct.h b/include/openssl/ct.h
-index f12ca92..f9586dc 100644
+index f12ca92f0df2..f9586dc8a54d 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -1,55 +1,11 @@
@@ -106303,13 +128665,15 @@
-
#endif
diff --git a/include/openssl/des.h b/include/openssl/des.h
-index 633d070..be4abbd 100644
+index 633d070b3962..be4abbdfd0e6 100644
--- a/include/openssl/des.h
+++ b/include/openssl/des.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -106357,9 +128721,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -106405,13 +128767,15 @@
# ifdef __cplusplus
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
-index d78bac9..beb0f9f 100644
+index d78bac9c4354..2eb596d2bab8 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -106459,9 +128823,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -106473,7 +128835,19 @@
*/
#ifndef HEADER_DH_H
-@@ -85,7 +37,7 @@ extern "C" {
+@@ -80,12 +32,18 @@ extern "C" {
+ # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+ # define DH_FLAG_CACHE_MONT_P 0x01
+-# define DH_FLAG_NO_EXP_CONSTTIME 0x02
++
++# if OPENSSL_API_COMPAT < 0x10100000L
++/*
++ * Does nothing. Previously this switched off constant time behaviour.
++ */
++# define DH_FLAG_NO_EXP_CONSTTIME 0x00
++# endif
+
/*
* If this flag is set the DH method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@@ -106482,7 +128856,7 @@
* result is compliant.
*/
-@@ -335,6 +287,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
+@@ -335,6 +293,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -106490,7 +128864,7 @@
void ERR_load_DH_strings(void);
/* Error codes for the DH functions. */
-@@ -346,6 +299,9 @@ void ERR_load_DH_strings(void);
+@@ -346,6 +305,9 @@ void ERR_load_DH_strings(void);
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
# define DH_F_DH_CMS_SET_SHARED_INFO 116
@@ -106500,7 +128874,7 @@
# define DH_F_DH_NEW_METHOD 105
# define DH_F_DH_PARAM_DECODE 107
# define DH_F_DH_PRIV_DECODE 110
-@@ -354,7 +310,6 @@ void ERR_load_DH_strings(void);
+@@ -354,7 +316,6 @@ void ERR_load_DH_strings(void);
# define DH_F_DH_PUB_ENCODE 109
# define DH_F_DO_DH_PRINT 100
# define DH_F_GENERATE_KEY 103
@@ -106508,7 +128882,7 @@
# define DH_F_PKEY_DH_DERIVE 112
# define DH_F_PKEY_DH_KEYGEN 113
-@@ -366,7 +321,6 @@ void ERR_load_DH_strings(void);
+@@ -366,7 +327,6 @@ void ERR_load_DH_strings(void);
# define DH_R_INVALID_PUBKEY 102
# define DH_R_KDF_PARAMETER_ERROR 112
# define DH_R_KEYS_NOT_SET 108
@@ -106516,7 +128890,7 @@
# define DH_R_MODULUS_TOO_LARGE 103
# define DH_R_NO_PARAMETERS_SET 107
# define DH_R_NO_PRIVATE_VALUE 100
-@@ -374,9 +328,8 @@ void ERR_load_DH_strings(void);
+@@ -374,9 +334,8 @@ void ERR_load_DH_strings(void);
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
@@ -106529,13 +128903,15 @@
-
#endif
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
-index 1b04584..f65ee5d 100644
+index 1b045842e006..48d2b56ee9a3 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -106583,9 +128959,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -106597,8 +128971,22 @@
*/
/*
-@@ -96,7 +48,7 @@ extern "C" {
+@@ -86,17 +38,17 @@ extern "C" {
+ # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+ # define DSA_FLAG_CACHE_MONT_P 0x01
++# if OPENSSL_API_COMPAT < 0x10100000L
/*
+- * new with 0.9.7h; the built-in DSA implementation now uses constant time
+- * modular exponentiation for secret exponents by default. This flag causes
+- * the faster variable sliding window method to be used for all exponents.
++ * Does nothing. Previously this switched off constant time behaviour.
+ */
+-# define DSA_FLAG_NO_EXP_CONSTTIME 0x02
++# define DSA_FLAG_NO_EXP_CONSTTIME 0x00
++# endif
+
+ /*
* If this flag is set the DSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
- * sets this flag in its own methods it is its reposibility to ensure the
@@ -106669,7 +129057,7 @@
-
#endif
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
-index 16df652..f4769f8 100644
+index 16df65211b36..f4769f83fe65 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -1,59 +1,10 @@
@@ -106738,7 +129126,7 @@
#ifndef HEADER_DTLS1_H
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
-index bbd6116..e0a5e46 100644
+index bbd6116f860c..198ebdfc8858 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -1,55 +1,10 @@
@@ -106803,7 +129191,20 @@
*/
#ifndef HEADER_E_OS2_H
-@@ -338,6 +293,14 @@ typedef unsigned __int64 uint64_t;
+@@ -264,7 +219,11 @@ extern "C" {
+
+ # ifndef ossl_ssize_t
+ # define ossl_ssize_t ssize_t
+-# define OSSL_SSIZE_MAX SSIZE_MAX
++# if defined(SSIZE_MAX)
++# define OSSL_SSIZE_MAX SSIZE_MAX
++# elif defined(_POSIX_SSIZE_MAX)
++# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
++# endif
+ # endif
+
+ # ifdef DEBUG_UNUSED
+@@ -338,6 +297,14 @@ typedef unsigned __int64 uint64_t;
# define ossl_inline inline
# endif
@@ -106819,10 +129220,10 @@
}
#endif
diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h
-index e75b609..8696c7a 100644
+index e75b60923f3c..aa0128559992 100644
--- a/include/openssl/ebcdic.h
+++ b/include/openssl/ebcdic.h
-@@ -1,3 +1,11 @@
+@@ -1,8 +1,16 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@@ -106834,8 +129235,14 @@
#ifndef HEADER_EBCDIC_H
# define HEADER_EBCDIC_H
+
+-# include <sys/types.h>
++# include <stdlib.h>
+
+ #ifdef __cplusplus
+ extern "C" {
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
-index 892239d..9c74053 100644
+index 892239dd87f9..9c74053c0b18 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1,59 +1,12 @@
@@ -106893,8 +129300,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -107095,7 +129503,7 @@
-
#endif
diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h
-index 6a4a7b1..681f3d5 100644
+index 6a4a7b1676f9..681f3d5e5574 100644
--- a/include/openssl/ecdh.h
+++ b/include/openssl/ecdh.h
@@ -1 +1,10 @@
@@ -107110,7 +129518,7 @@
+
#include <openssl/ec.h>
diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h
-index 6a4a7b1..681f3d5 100644
+index 6a4a7b1676f9..681f3d5e5574 100644
--- a/include/openssl/ecdsa.h
+++ b/include/openssl/ecdsa.h
@@ -1 +1,10 @@
@@ -107125,7 +129533,7 @@
+
#include <openssl/ec.h>
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
-index 3123ad3..e9d3ab2 100644
+index 3123ad3a1f5e..e9d3ab244a03 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -1,60 +1,12 @@
@@ -107184,8 +129592,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -107269,7 +129678,7 @@
-
#endif
diff --git a/include/openssl/err.h b/include/openssl/err.h
-index ccf2ff7..b019d0e 100644
+index ccf2ff72deb3..b019d0e3bb6b 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -1,111 +1,10 @@
@@ -107447,13 +129856,15 @@
LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 250730f..796f4cc 100644
+index 250730f4a022..796f4ccb3cdc 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -107501,9 +129912,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -107654,7 +130063,7 @@
+# endif
#endif
diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
-index 71d7d65..809ca34 100644
+index 71d7d6591623..809ca34227ad 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -1,59 +1,12 @@
@@ -107734,7 +130143,7 @@
int HMAC_CTX_reset(HMAC_CTX *ctx);
void HMAC_CTX_free(HMAC_CTX *ctx);
diff --git a/include/openssl/idea.h b/include/openssl/idea.h
-index 65e0b44..d527675 100644
+index 65e0b44de503..d527675614f8 100644
--- a/include/openssl/idea.h
+++ b/include/openssl/idea.h
@@ -1,58 +1,10 @@
@@ -107803,7 +130212,7 @@
#ifndef HEADER_IDEA_H
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
-index e61a9a6..3078b56 100644
+index e61a9a603a28..3078b56dc48f 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -1,54 +1,10 @@
@@ -107813,7 +130222,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -107830,8 +130240,7 @@
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
@@ -107885,13 +130294,15 @@
+# endif
#endif
diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
-index 8b8822b..e2ccb65 100644
+index 8b8822bbc83d..e2ccb65d6999 100644
--- a/include/openssl/lhash.h
+++ b/include/openssl/lhash.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -107939,9 +130350,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -108170,7 +130579,7 @@
DEFINE_LHASH_OF(OPENSSL_CSTRING);
diff --git a/include/openssl/md2.h b/include/openssl/md2.h
-index d77a4fa..7faf8e3 100644
+index d77a4fac9c15..7faf8e3d6566 100644
--- a/include/openssl/md2.h
+++ b/include/openssl/md2.h
@@ -1,58 +1,10 @@
@@ -108239,7 +130648,7 @@
#ifndef HEADER_MD2_H
diff --git a/include/openssl/md4.h b/include/openssl/md4.h
-index b40a839..940e29d 100644
+index b40a839128e1..940e29db409c 100644
--- a/include/openssl/md4.h
+++ b/include/openssl/md4.h
@@ -1,58 +1,10 @@
@@ -108308,13 +130717,15 @@
#ifndef HEADER_MD4_H
diff --git a/include/openssl/md5.h b/include/openssl/md5.h
-index 5b34b46..2deb772 100644
+index 5b34b463e99b..2deb772118f2 100644
--- a/include/openssl/md5.h
+++ b/include/openssl/md5.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -108362,9 +130773,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -108377,7 +130786,7 @@
#ifndef HEADER_MD5_H
diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h
-index 229b122..ca28842 100644
+index 229b1227192d..aabd2bfaad8c 100644
--- a/include/openssl/mdc2.h
+++ b/include/openssl/mdc2.h
@@ -1,58 +1,10 @@
@@ -108445,8 +130854,16 @@
*/
#ifndef HEADER_MDC2_H
+@@ -61,6 +13,7 @@
+ # include <openssl/opensslconf.h>
+
+ #ifndef OPENSSL_NO_MDC2
++# include <stdlib.h>
+ # include <openssl/des.h>
+ # ifdef __cplusplus
+ extern "C" {
diff --git a/include/openssl/modes.h b/include/openssl/modes.h
-index 11bbb68..a04c6a5 100644
+index 11bbb6835625..a04c6a5981ac 100644
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@@ -1,8 +1,10 @@
@@ -108465,7 +130882,7 @@
#include <stddef.h>
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
-index 5d7adc7..ebb7963 100644
+index 5d7adc758bff..ebb796350009 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1,63 +1,12 @@
@@ -108476,7 +130893,9 @@
-
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++ * WARNING: do not edit!
++ * Generated by crypto/objects/objects.pl
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -108524,9 +130943,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/objects.pl
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -108540,13 +130957,15 @@
#define SN_undef "UNDEF"
diff --git a/include/openssl/objects.h b/include/openssl/objects.h
-index f8c2f05..4d3de7c 100644
+index f8c2f05331a9..4d3de7c9d0e8 100644
--- a/include/openssl/objects.h
+++ b/include/openssl/objects.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -108594,9 +131013,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -108631,34 +131048,20 @@
+# endif
#endif
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
-index 546e9bc..7ded752 100644
+index 546e9bcb56fb..7ded75242e4e 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -1,75 +1,50 @@
/*
- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project.
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
-+#ifndef HEADER_OCSP_H
-+# define HEADER_OCSP_H
-+
-+#include <openssl/opensslconf.h>
-+
- /*
+- */
+-
+-/*
- * History: This file was transferred to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
-+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
-+ * historical reasons they have OCSP_* names, they can actually be used
-+ * independently of OCSP. E.g. see RFC5280
- */
+- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
@@ -108711,7 +131114,28 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-- *
++ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
+ */
+
+ #ifndef HEADER_OCSP_H
+ # define HEADER_OCSP_H
+
+-# include <openssl/ossl_typ.h>
+-# include <openssl/x509.h>
+-# include <openssl/x509v3.h>
+-# include <openssl/safestack.h>
++#include <openssl/opensslconf.h>
++
++/*
++ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
++ * historical reasons they have OCSP_* names, they can actually be used
++ * independently of OCSP. E.g. see RFC5280
++ */
+/*-
+ * CRLReason ::= ENUMERATED {
+ * unspecified (0),
@@ -108722,7 +131146,7 @@
+ * cessationOfOperation (5),
+ * certificateHold (6),
+ * removeFromCRL (8) }
- */
++ */
+# define OCSP_REVOKED_STATUS_NOSTATUS -1
+# define OCSP_REVOKED_STATUS_UNSPECIFIED 0
+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
@@ -108732,14 +131156,8 @@
+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
-
--#ifndef HEADER_OCSP_H
--# define HEADER_OCSP_H
-
--# include <openssl/ossl_typ.h>
--# include <openssl/x509.h>
--# include <openssl/x509v3.h>
--# include <openssl/safestack.h>
++
++
+# ifndef OPENSSL_NO_OCSP
+
+# include <openssl/ossl_typ.h>
@@ -108754,7 +131172,8 @@
/* Various flags and values */
-# define OCSP_DEFAULT_NONCE_LENGTH 16
--
++# define OCSP_DEFAULT_NONCE_LENGTH 16
+
-# define OCSP_NOCERTS 0x1
-# define OCSP_NOINTERN 0x2
-# define OCSP_NOSIGS 0x4
@@ -108767,8 +131186,6 @@
-# define OCSP_TRUSTOTHER 0x200
-# define OCSP_RESPID_KEY 0x400
-# define OCSP_NOTIME 0x800
-+# define OCSP_DEFAULT_NONCE_LENGTH 16
-+
+# define OCSP_NOCERTS 0x1
+# define OCSP_NOINTERN 0x2
+# define OCSP_NOSIGS 0x4
@@ -108974,7 +131391,7 @@
+# endif
#endif
diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in
-index 803cc16..bec5bd0 100644
+index 803cc16c4415..bec5bd09d2d4 100644
--- a/include/openssl/opensslconf.h.in
+++ b/include/openssl/opensslconf.h.in
@@ -1,5 +1,12 @@
@@ -108991,7 +131408,7 @@
#ifdef __cplusplus
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
-index 72d33f9..2dd067f 100644
+index 72d33f929097..2dd067f8d039 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -1,3 +1,12 @@
@@ -109023,7 +131440,7 @@
/*-
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
-index 81da792..adc50ed 100644
+index 81da79286b14..adc50ed284ee 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -1,55 +1,10 @@
@@ -109089,13 +131506,15 @@
#ifndef HEADER_OPENSSL_TYPES_H
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
-index 0206fec..6dd76ee 100644
+index 0206fec68c7b..6dd76eeacec4 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -109143,9 +131562,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -109252,7 +131669,7 @@
+# endif
#endif
diff --git a/include/openssl/pem2.h b/include/openssl/pem2.h
-index 84897d5..9cb7472 100644
+index 84897d5ec35b..9cb74721e62d 100644
--- a/include/openssl/pem2.h
+++ b/include/openssl/pem2.h
@@ -1,60 +1,10 @@
@@ -109323,7 +131740,7 @@
#ifdef __cplusplus
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
-index 655655a..848267c 100644
+index 655655a5af73..848267c9a23e 100644
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h
@@ -1,59 +1,10 @@
@@ -109445,13 +131862,15 @@
+# endif
#endif
diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
-index 7ca085e..6de664f 100644
+index 7ca085e523e5..6de664f9e75c 100644
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -109499,9 +131918,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -109605,13 +132022,15 @@
+# endif
#endif
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
-index d337ee7..679cf09 100644
+index d337ee7617ad..d0f8eabe0a34 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -109659,9 +132078,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -109673,7 +132090,23 @@
*/
#ifndef HEADER_RAND_H
-@@ -125,29 +77,18 @@ int RAND_event(UINT, WPARAM, LPARAM);
+@@ -113,41 +65,28 @@ int RAND_egd_bytes(const char *path, int bytes);
+ # endif
+ int RAND_poll(void);
+
+-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+-
+-void RAND_screen(void);
+-int RAND_event(UINT, WPARAM, LPARAM);
+-
+-# endif
++#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
++DEPRECATEDIN_1_1_0(void RAND_screen(void))
++DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
++#endif
+
+ /* BEGIN ERROR CODES */
+ /*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -109707,7 +132140,7 @@
+# endif
#endif
diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h
-index 50be22d..585f9e4 100644
+index 50be22dcec7c..585f9e4c3806 100644
--- a/include/openssl/rc2.h
+++ b/include/openssl/rc2.h
@@ -1,58 +1,10 @@
@@ -109776,7 +132209,7 @@
#ifndef HEADER_RC2_H
diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h
-index a5fdbfb..86803b3 100644
+index a5fdbfb92c94..86803b37fbe0 100644
--- a/include/openssl/rc4.h
+++ b/include/openssl/rc4.h
@@ -1,58 +1,10 @@
@@ -109845,13 +132278,15 @@
#ifndef HEADER_RC4_H
diff --git a/include/openssl/rc5.h b/include/openssl/rc5.h
-index c1ff358..793f88e 100644
+index c1ff358ad363..793f88e4e814 100644
--- a/include/openssl/rc5.h
+++ b/include/openssl/rc5.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -109899,9 +132334,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -109914,7 +132347,7 @@
#ifndef HEADER_RC5_H
diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h
-index 97e5df7..c42026a 100644
+index 97e5df7694dc..c42026aa42fe 100644
--- a/include/openssl/ripemd.h
+++ b/include/openssl/ripemd.h
@@ -1,58 +1,10 @@
@@ -109983,13 +132416,15 @@
#ifndef HEADER_RIPEMD_H
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
-index 1698fb3..6a68058 100644
+index 1698fb314563..4b82081d93d8 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -110037,9 +132472,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -110051,7 +132484,30 @@
*/
#ifndef HEADER_RSA_H
-@@ -510,18 +462,14 @@ int RSA_meth_set_keygen(RSA_METHOD *rsa,
+@@ -114,18 +66,12 @@ extern "C" {
+ * but other engines might not need it
+ */
+ # define RSA_FLAG_NO_BLINDING 0x0080
++# if OPENSSL_API_COMPAT < 0x10100000L
+ /*
+- * new with 0.9.8f; the built-in RSA
+- * implementation now uses constant time
+- * operations by default in private key operations,
+- * e.g., constant time modular exponentiation,
+- * modular inverse without leaking branches,
+- * division without leaking branches. This
+- * flag disables these constant time
+- * operations and results in faster RSA
+- * private key operations.
++ * Does nothing. Previously this switched off constant time behaviour.
+ */
+-# define RSA_FLAG_NO_CONSTTIME 0x0100
++# define RSA_FLAG_NO_CONSTTIME 0x0000
++# endif
+ # if OPENSSL_API_COMPAT < 0x00908000L
+ /* deprecated name for the flag*/
+ /*
+@@ -510,18 +456,14 @@ int RSA_meth_set_keygen(RSA_METHOD *rsa,
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -110071,7 +132527,7 @@
# define RSA_F_OLD_RSA_PRIV_DECODE 147
# define RSA_F_PKEY_RSA_CTRL 143
# define RSA_F_PKEY_RSA_CTRL_STR 144
-@@ -532,22 +480,22 @@ void ERR_load_RSA_strings(void);
+@@ -532,22 +474,22 @@ void ERR_load_RSA_strings(void);
# define RSA_F_RSA_CHECK_KEY 123
# define RSA_F_RSA_CHECK_KEY_EX 160
# define RSA_F_RSA_CMS_DECRYPT 159
@@ -110101,7 +132557,7 @@
# define RSA_F_RSA_PADDING_ADD_NONE 107
# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154
-@@ -566,7 +514,6 @@ void ERR_load_RSA_strings(void);
+@@ -566,7 +508,6 @@ void ERR_load_RSA_strings(void);
# define RSA_F_RSA_PADDING_CHECK_X931 128
# define RSA_F_RSA_PRINT 115
# define RSA_F_RSA_PRINT_FP 116
@@ -110109,7 +132565,7 @@
# define RSA_F_RSA_PRIV_ENCODE 138
# define RSA_F_RSA_PSS_TO_CTX 155
# define RSA_F_RSA_PUB_DECODE 139
-@@ -601,7 +548,6 @@ void ERR_load_RSA_strings(void);
+@@ -601,7 +542,6 @@ void ERR_load_RSA_strings(void);
# define RSA_R_INVALID_DIGEST 157
# define RSA_R_INVALID_DIGEST_LENGTH 143
# define RSA_R_INVALID_HEADER 137
@@ -110117,7 +132573,7 @@
# define RSA_R_INVALID_LABEL 160
# define RSA_R_INVALID_MESSAGE_LENGTH 131
# define RSA_R_INVALID_MGF1_MD 156
-@@ -635,7 +581,6 @@ void ERR_load_RSA_strings(void);
+@@ -635,7 +575,6 @@ void ERR_load_RSA_strings(void);
# define RSA_R_UNKNOWN_DIGEST 166
# define RSA_R_UNKNOWN_MASK_DIGEST 151
# define RSA_R_UNKNOWN_PADDING_TYPE 118
@@ -110125,7 +132581,7 @@
# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162
# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
-@@ -644,9 +589,8 @@ void ERR_load_RSA_strings(void);
+@@ -644,9 +583,8 @@ void ERR_load_RSA_strings(void);
# define RSA_R_VALUE_MISSING 147
# define RSA_R_WRONG_SIGNATURE_LENGTH 119
@@ -110138,7 +132594,7 @@
-
#endif
diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h
-index 538774d..306b3ac 100644
+index 538774d66438..306b3acc575f 100644
--- a/include/openssl/safestack.h
+++ b/include/openssl/safestack.h
@@ -1,56 +1,10 @@
@@ -110366,7 +132822,7 @@
# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
diff --git a/include/openssl/seed.h b/include/openssl/seed.h
-index e643e76..bb97131 100644
+index e643e762adf9..bb97131d76b8 100644
--- a/include/openssl/seed.h
+++ b/include/openssl/seed.h
@@ -1,4 +1,13 @@
@@ -110445,13 +132901,15 @@
#ifndef HEADER_SEED_H
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
-index 27c7cab..6a1eb0d 100644
+index 27c7cab9361f..6a1eb0de8bd7 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -110499,9 +132957,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -110514,7 +132970,7 @@
#ifndef HEADER_SHA_H
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
-index 37e7678..1007b83 100644
+index 37e767886376..1007b8321b27 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -1,61 +1,12 @@
@@ -110574,8 +133030,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -110595,7 +133052,7 @@
typedef struct SRP_gN_st {
char *id;
diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
-index da9369e..5ddfa46 100644
+index da9369ec2ed4..5ddfa46d9b2e 100644
--- a/include/openssl/srtp.h
+++ b/include/openssl/srtp.h
@@ -1,112 +1,12 @@
@@ -110719,7 +133176,7 @@
* DTLS code by Eric Rescorla <ekr at rtfm.com>
*
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index 44f44bf..f019f64 100644
+index 44f44bf7b2dd..881c6bbd0262 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1,112 +1,12 @@
@@ -110866,7 +133323,15 @@
# define SSL_CTRL_SET_TMP_DH 3
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_DH_CB 6
-@@ -1376,7 +1279,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
+@@ -1230,6 +1133,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+ # define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+ # define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125
+ # define SSL_CTRL_SET_MAX_PIPELINES 126
++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
+ # define SSL_CERT_SET_FIRST 1
+ # define SSL_CERT_SET_NEXT 2
+ # define SSL_CERT_SET_SERVER 3
+@@ -1376,7 +1280,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
@@ -110875,16 +133340,25 @@
void SSL_CTX_free(SSL_CTX *);
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-@@ -1551,7 +1454,7 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid
+@@ -1473,6 +1377,7 @@ __owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+ __owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+ __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+ __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
++__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+ __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+ __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+ __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+@@ -1551,7 +1456,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid
unsigned int sid_ctx_len);
SSL *SSL_new(SSL_CTX *ctx);
-void SSL_up_ref(SSL *s);
+int SSL_up_ref(SSL *s);
++int SSL_is_dtls(const SSL *s);
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
-@@ -1738,6 +1641,7 @@ __owur int SSL_get_quiet_shutdown(const SSL *ssl);
+@@ -1738,6 +1644,7 @@ __owur int SSL_get_quiet_shutdown(const SSL *ssl);
void SSL_set_shutdown(SSL *ssl, int mode);
__owur int SSL_get_shutdown(const SSL *ssl);
__owur int SSL_version(const SSL *ssl);
@@ -110892,7 +133366,7 @@
__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
-@@ -2103,6 +2007,7 @@ extern const char SSL_version_str[];
+@@ -2103,6 +2010,7 @@ extern const char SSL_version_str[];
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -110900,7 +133374,7 @@
void ERR_load_SSL_strings(void);
/* Error codes for the SSL functions. */
-@@ -2117,21 +2022,12 @@ void ERR_load_SSL_strings(void);
+@@ -2117,21 +2025,14 @@ void ERR_load_SSL_strings(void);
# define SSL_F_DANE_TLSA_ADD 394
# define SSL_F_DO_DTLS1_WRITE 245
# define SSL_F_DO_SSL3_WRITE 104
@@ -110919,10 +133393,12 @@
-# define SSL_F_DTLS1_READ_FAILED 259
-# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
-# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
++# define SSL_F_DTLS1_READ_FAILED 339
++# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
# define SSL_F_DTLSV1_LISTEN 350
# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371
-@@ -2140,11 +2036,8 @@ void ERR_load_SSL_strings(void);
+@@ -2140,11 +2041,8 @@ void ERR_load_SSL_strings(void);
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
# define SSL_F_OPENSSL_INIT_SSL 342
# define SSL_F_READ_STATE_MACHINE 352
@@ -110934,17 +133410,18 @@
# define SSL_F_SSL3_CTRL 213
# define SSL_F_SSL3_CTX_CTRL 133
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
-@@ -2153,9 +2046,7 @@ void ERR_load_SSL_strings(void);
+@@ -2153,9 +2051,8 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
# define SSL_F_SSL3_GET_RECORD 143
-# define SSL_F_SSL3_NEW_SESSION_TICKET 287
++# define SSL_F_SSL3_INIT_FINISHED_MAC 397
# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
-# define SSL_F_SSL3_PEEK 235
# define SSL_F_SSL3_READ_BYTES 148
# define SSL_F_SSL3_READ_N 149
# define SSL_F_SSL3_SETUP_KEY_BLOCK 157
-@@ -2163,7 +2054,6 @@ void ERR_load_SSL_strings(void);
+@@ -2163,7 +2060,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
# define SSL_F_SSL3_WRITE_BYTES 158
# define SSL_F_SSL3_WRITE_PENDING 159
@@ -110952,7 +133429,7 @@
# define SSL_F_SSL_ADD_CERT_CHAIN 316
# define SSL_F_SSL_ADD_CERT_TO_BUF 319
# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
-@@ -2179,7 +2069,6 @@ void ERR_load_SSL_strings(void);
+@@ -2179,7 +2075,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346
# define SSL_F_SSL_CERT_DUP 221
@@ -110960,7 +133437,7 @@
# define SSL_F_SSL_CERT_NEW 162
# define SSL_F_SSL_CERT_SET0_CHAIN 340
# define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-@@ -2200,10 +2089,8 @@ void ERR_load_SSL_strings(void);
+@@ -2200,10 +2095,8 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396
@@ -110971,7 +133448,7 @@
# define SSL_F_SSL_CTX_USE_CERTIFICATE 171
# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
-@@ -2216,16 +2103,14 @@ void ERR_load_SSL_strings(void);
+@@ -2216,16 +2109,14 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
# define SSL_F_SSL_CTX_USE_SERVERINFO 336
# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337
@@ -110989,7 +133466,7 @@
# define SSL_F_SSL_GET_SIGN_PKEY 183
# define SSL_F_SSL_INIT_WBIO_BUFFER 184
# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
-@@ -2238,8 +2123,6 @@ void ERR_load_SSL_strings(void);
+@@ -2238,8 +2129,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
# define SSL_F_SSL_PEEK 270
@@ -110998,7 +133475,7 @@
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
-@@ -2253,17 +2136,14 @@ void ERR_load_SSL_strings(void);
+@@ -2253,17 +2142,14 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399
# define SSL_F_SSL_SET_FD 192
# define SSL_F_SSL_SET_PKEY 193
@@ -111016,7 +133493,7 @@
# define SSL_F_SSL_UNDEFINED_FUNCTION 197
# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
# define SSL_F_SSL_USE_CERTIFICATE 198
-@@ -2283,12 +2163,9 @@ void ERR_load_SSL_strings(void);
+@@ -2283,12 +2169,9 @@ void ERR_load_SSL_strings(void);
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341
@@ -111029,7 +133506,7 @@
# define SSL_F_TLS1_PRF 284
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
-@@ -2330,43 +2207,23 @@ void ERR_load_SSL_strings(void);
+@@ -2330,43 +2213,23 @@ void ERR_load_SSL_strings(void);
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143
# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158
@@ -111073,7 +133550,7 @@
# define SSL_R_BAD_SRTP_MKI_VALUE 352
# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
# define SSL_R_BAD_SSL_FILETYPE 124
-@@ -2376,7 +2233,6 @@ void ERR_load_SSL_strings(void);
+@@ -2376,7 +2239,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
# define SSL_R_BN_LIB 130
# define SSL_R_CA_DN_LENGTH_MISMATCH 131
@@ -111081,7 +133558,7 @@
# define SSL_R_CA_KEY_TOO_SMALL 397
# define SSL_R_CA_MD_TOO_WEAK 398
# define SSL_R_CCS_RECEIVED_EARLY 133
-@@ -2416,12 +2272,8 @@ void ERR_load_SSL_strings(void);
+@@ -2416,12 +2278,8 @@ void ERR_load_SSL_strings(void);
# define SSL_R_DIGEST_CHECK_FAILED 149
# define SSL_R_DTLS_MESSAGE_TOO_BIG 334
# define SSL_R_DUPLICATE_COMPRESSION_ID 309
@@ -111094,7 +133571,7 @@
# define SSL_R_EE_KEY_TOO_SMALL 399
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-@@ -2432,8 +2284,6 @@ void ERR_load_SSL_strings(void);
+@@ -2432,8 +2290,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_FAILED_TO_INIT_ASYNC 405
# define SSL_R_FRAGMENTED_CLIENT_HELLO 401
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
@@ -111103,7 +133580,7 @@
# define SSL_R_HTTPS_PROXY_REQUEST 155
# define SSL_R_HTTP_REQUEST 156
# define SSL_R_ILLEGAL_SUITEB_DIGEST 380
-@@ -2445,23 +2295,17 @@ void ERR_load_SSL_strings(void);
+@@ -2445,23 +2301,17 @@ void ERR_load_SSL_strings(void);
# define SSL_R_INVALID_CONFIGURATION_NAME 113
# define SSL_R_INVALID_CT_VALIDATION_TYPE 212
# define SSL_R_INVALID_NULL_CMD_NAME 385
@@ -111127,7 +133604,7 @@
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
# define SSL_R_MISSING_RSA_CERTIFICATE 168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
-@@ -2469,18 +2313,13 @@ void ERR_load_SSL_strings(void);
+@@ -2469,18 +2319,13 @@ void ERR_load_SSL_strings(void);
# define SSL_R_MISSING_SRP_PARAM 358
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
@@ -111146,7 +133623,7 @@
# define SSL_R_NO_COMPRESSION_SPECIFIED 187
# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
# define SSL_R_NO_METHOD_SPECIFIED 188
-@@ -2493,13 +2332,11 @@ void ERR_load_SSL_strings(void);
+@@ -2493,13 +2338,11 @@ void ERR_load_SSL_strings(void);
# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376
# define SSL_R_NO_SRTP_PROFILES 359
# define SSL_R_NO_VALID_SCTS 216
@@ -111160,7 +133637,7 @@
# define SSL_R_PACKET_LENGTH_TOO_LONG 198
# define SSL_R_PARSE_TLSEXT 227
# define SSL_R_PATH_TOO_LONG 270
-@@ -2507,7 +2344,6 @@ void ERR_load_SSL_strings(void);
+@@ -2507,7 +2350,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_PEM_NAME_BAD_PREFIX 391
# define SSL_R_PEM_NAME_TOO_SHORT 392
# define SSL_R_PIPELINE_FAILURE 406
@@ -111168,7 +133645,7 @@
# define SSL_R_PROTOCOL_IS_SHUTDOWN 207
# define SSL_R_PSK_IDENTITY_NOT_FOUND 223
# define SSL_R_PSK_NO_CLIENT_CB 224
-@@ -2515,18 +2351,16 @@ void ERR_load_SSL_strings(void);
+@@ -2515,18 +2357,16 @@ void ERR_load_SSL_strings(void);
# define SSL_R_READ_BIO_NOT_SET 211
# define SSL_R_READ_TIMEOUT_EXPIRED 312
# define SSL_R_RECORD_LENGTH_MISMATCH 213
@@ -111188,7 +133665,7 @@
# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
-@@ -2534,11 +2368,9 @@ void ERR_load_SSL_strings(void);
+@@ -2534,11 +2374,9 @@ void ERR_load_SSL_strings(void);
# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
@@ -111200,7 +133677,7 @@
# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
-@@ -2552,19 +2384,12 @@ void ERR_load_SSL_strings(void);
+@@ -2552,19 +2390,12 @@ void ERR_load_SSL_strings(void);
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210
@@ -111220,7 +133697,7 @@
# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
# define SSL_R_UNEXPECTED_MESSAGE 244
-@@ -2580,13 +2405,10 @@ void ERR_load_SSL_strings(void);
+@@ -2580,13 +2411,10 @@ void ERR_load_SSL_strings(void);
# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
# define SSL_R_UNKNOWN_PKEY_TYPE 251
# define SSL_R_UNKNOWN_PROTOCOL 252
@@ -111234,7 +133711,7 @@
# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
# define SSL_R_UNSUPPORTED_PROTOCOL 258
# define SSL_R_UNSUPPORTED_SSL_VERSION 259
-@@ -2597,7 +2419,6 @@ void ERR_load_SSL_strings(void);
+@@ -2597,7 +2425,6 @@ void ERR_load_SSL_strings(void);
# define SSL_R_WRONG_CERTIFICATE_TYPE 383
# define SSL_R_WRONG_CIPHER_RETURNED 261
# define SSL_R_WRONG_CURVE 378
@@ -111242,7 +133719,7 @@
# define SSL_R_WRONG_SIGNATURE_LENGTH 264
# define SSL_R_WRONG_SIGNATURE_SIZE 265
# define SSL_R_WRONG_SIGNATURE_TYPE 370
-@@ -2606,7 +2427,7 @@ void ERR_load_SSL_strings(void);
+@@ -2606,7 +2433,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_X509_LIB 268
# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
@@ -111253,7 +133730,7 @@
+# endif
#endif
diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h
-index e965dd5..5321bd2 100644
+index e965dd54a650..5321bd272cb7 100644
--- a/include/openssl/ssl2.h
+++ b/include/openssl/ssl2.h
@@ -1,58 +1,10 @@
@@ -111322,7 +133799,7 @@
#ifndef HEADER_SSL2_H
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
-index 6ff00bc..aca1922 100644
+index 6ff00bc97081..aca19223065b 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -1,112 +1,12 @@
@@ -111446,7 +133923,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
-index 976e6ac..9bc550f 100644
+index 976e6ace56a1..9bc550fe0835 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -1,58 +1,10 @@
@@ -111520,19 +133997,39 @@
-typedef struct stack_st _STACK; /* Use STACK_OF(...) instead */
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
-+
+
+-int sk_num(const _STACK *);
+-void *sk_value(const _STACK *, int);
+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
+typedef void (*OPENSSL_sk_freefunc)(void *);
+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
-+
+
+-void *sk_set(_STACK *, int, void *);
+int OPENSSL_sk_num(const OPENSSL_STACK *);
+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
--int sk_num(const _STACK *);
--void *sk_value(const _STACK *, int);
+-_STACK *sk_new(int (*cmp) (const void *, const void *));
+-_STACK *sk_new_null(void);
+-void sk_free(_STACK *);
+-void sk_pop_free(_STACK *st, void (*func) (void *));
+-_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
+-int sk_insert(_STACK *sk, void *data, int where);
+-void *sk_delete(_STACK *st, int loc);
+-void *sk_delete_ptr(_STACK *st, void *p);
+-int sk_find(_STACK *st, void *data);
+-int sk_find_ex(_STACK *st, void *data);
+-int sk_push(_STACK *st, void *data);
+-int sk_unshift(_STACK *st, void *data);
+-void *sk_shift(_STACK *st);
+-void *sk_pop(_STACK *st);
+-void sk_zero(_STACK *st);
+-int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
+- (const void *, const void *);
+-_STACK *sk_dup(_STACK *st);
+-void sk_sort(_STACK *st);
+-int sk_is_sorted(const _STACK *st);
+void *OPENSSL_sk_set(OPENSSL_STACK *, int, void *);
-
--void *sk_set(_STACK *, int, void *);
++
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_new_null(void);
+void OPENSSL_sk_free(OPENSSL_STACK *);
@@ -111552,27 +134049,7 @@
+OPENSSL_STACK *OPENSSL_sk_dup(OPENSSL_STACK *st);
+void OPENSSL_sk_sort(OPENSSL_STACK *st);
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
-
--_STACK *sk_new(int (*cmp) (const void *, const void *));
--_STACK *sk_new_null(void);
--void sk_free(_STACK *);
--void sk_pop_free(_STACK *st, void (*func) (void *));
--_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
--int sk_insert(_STACK *sk, void *data, int where);
--void *sk_delete(_STACK *st, int loc);
--void *sk_delete_ptr(_STACK *st, void *p);
--int sk_find(_STACK *st, void *data);
--int sk_find_ex(_STACK *st, void *data);
--int sk_push(_STACK *st, void *data);
--int sk_unshift(_STACK *st, void *data);
--void *sk_shift(_STACK *st);
--void *sk_pop(_STACK *st);
--void sk_zero(_STACK *st);
--int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
-- (const void *, const void *);
--_STACK *sk_dup(_STACK *st);
--void sk_sort(_STACK *st);
--int sk_is_sorted(const _STACK *st);
++
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define _STACK OPENSSL_STACK
+# define sk_num OPENSSL_sk_num
@@ -111602,7 +134079,7 @@
#ifdef __cplusplus
}
diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h
-index 99a2de5..caf1f1a 100644
+index 99a2de5f41da..caf1f1a75d02 100644
--- a/include/openssl/symhacks.h
+++ b/include/openssl/symhacks.h
@@ -1,55 +1,10 @@
@@ -111668,7 +134145,7 @@
#ifndef HEADER_SYMHACKS_H
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index c3344e1..9446464 100644
+index c3344e193f83..11ad8e51e572 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1,112 +1,12 @@
@@ -111791,7 +134268,13 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
-@@ -156,7 +56,7 @@
+@@ -151,12 +51,13 @@
+ # define HEADER_TLS1_H
+
+ # include <openssl/buffer.h>
++# include <openssl/x509.h>
+
+ #ifdef __cplusplus
extern "C" {
#endif
@@ -111800,7 +134283,7 @@
# ifndef OPENSSL_TLS_SECURITY_LEVEL
# define OPENSSL_TLS_SECURITY_LEVEL 1
# endif
-@@ -179,10 +79,10 @@ extern "C" {
+@@ -179,10 +80,10 @@ extern "C" {
# define TLS1_2_VERSION_MINOR 0x03
# define TLS1_get_version(s) \
@@ -111813,18 +134296,31 @@
# define TLS1_AD_DECRYPTION_FAILED 21
# define TLS1_AD_RECORD_OVERFLOW 22
-@@ -394,6 +294,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+@@ -351,6 +252,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+ # define SSL_set_tlsext_debug_arg(ssl, arg) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+
++# define SSL_get_tlsext_status_type(ssl) \
++SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL)
++
+ # define SSL_set_tlsext_status_type(ssl, type) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
+
+@@ -394,6 +298,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+#define SSL_CTX_set_tlsext_status_type(ssl, type) \
+ SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)
+
++#define SSL_CTX_get_tlsext_status_type(ssl) \
++ SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
++
# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
-index 2e1514e..d512648 100644
+index 2e1514ef5ef2..d51264891339 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -1,59 +1,10 @@
@@ -111935,7 +134431,7 @@
-
#endif
diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h
-index e83e725..0e6c943 100644
+index e83e725ade1e..0e6c943e0eb8 100644
--- a/include/openssl/txt_db.h
+++ b/include/openssl/txt_db.h
@@ -1,58 +1,10 @@
@@ -112013,7 +134509,7 @@
OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
OPENSSL_STRING *value);
diff --git a/include/openssl/ui.h b/include/openssl/ui.h
-index 3d1507e..4173fe0 100644
+index 3d1507ee0074..4173fe0289f0 100644
--- a/include/openssl/ui.h
+++ b/include/openssl/ui.h
@@ -1,79 +1,29 @@
@@ -112183,7 +134679,7 @@
+# endif
#endif
diff --git a/include/openssl/whrlpool.h b/include/openssl/whrlpool.h
-index bc46035..20ea350 100644
+index bc460351d077..20ea3503b76f 100644
--- a/include/openssl/whrlpool.h
+++ b/include/openssl/whrlpool.h
@@ -1,3 +1,12 @@
@@ -112200,13 +134696,15 @@
# define HEADER_WHRLPOOL_H
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
-index a36500c..93ded51 100644
+index a36500c8c2ec..906184a5d841 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1,59 +1,12 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -112254,9 +134752,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -112270,7 +134766,15 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
-@@ -674,7 +627,7 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+@@ -551,6 +504,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
++long X509_get_pathlen(X509 *x);
+ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+ # ifndef OPENSSL_NO_RSA
+@@ -674,7 +628,7 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
ASN1_TIME *X509_get_notAfter(X509 *x);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
@@ -112279,7 +134783,7 @@
int X509_get_signature_type(const X509 *x);
/*
* This one is only used so that a binary form can output, as in
-@@ -731,7 +684,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+@@ -731,7 +685,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
@@ -112288,7 +134792,7 @@
long X509_CRL_get_version(X509_CRL *crl);
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
-@@ -1046,6 +999,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
+@@ -1046,6 +1000,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -112296,7 +134800,7 @@
void ERR_load_X509_strings(void);
/* Error codes for the X509 functions. */
-@@ -1082,6 +1036,7 @@ void ERR_load_X509_strings(void);
+@@ -1082,6 +1037,7 @@ void ERR_load_X509_strings(void);
# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
# define X509_F_X509_NAME_ONELINE 116
# define X509_F_X509_NAME_PRINT 117
@@ -112304,7 +134808,7 @@
# define X509_F_X509_PRINT_EX_FP 118
# define X509_F_X509_PUBKEY_DECODE 148
# define X509_F_X509_PUBKEY_GET0 119
-@@ -1096,7 +1051,6 @@ void ERR_load_X509_strings(void);
+@@ -1096,7 +1052,6 @@ void ERR_load_X509_strings(void);
# define X509_F_X509_STORE_CTX_INIT 143
# define X509_F_X509_STORE_CTX_NEW 142
# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
@@ -112312,7 +134816,7 @@
# define X509_F_X509_TO_X509_REQ 126
# define X509_F_X509_TRUST_ADD 133
# define X509_F_X509_TRUST_SET 141
-@@ -1111,7 +1065,6 @@ void ERR_load_X509_strings(void);
+@@ -1111,7 +1066,6 @@ void ERR_load_X509_strings(void);
# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
# define X509_R_CRL_ALREADY_DELTA 127
# define X509_R_CRL_VERIFY_FAILURE 131
@@ -112320,7 +134824,7 @@
# define X509_R_IDP_MISMATCH 128
# define X509_R_INVALID_DIRECTORY 113
# define X509_R_INVALID_FIELD_NAME 119
-@@ -1122,6 +1075,7 @@ void ERR_load_X509_strings(void);
+@@ -1122,6 +1076,7 @@ void ERR_load_X509_strings(void);
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
@@ -112328,7 +134832,7 @@
# define X509_R_NEWER_CRL_NOT_NEWER 132
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_NO_CRL_NUMBER 130
-@@ -1138,7 +1092,7 @@ void ERR_load_X509_strings(void);
+@@ -1138,7 +1093,7 @@ void ERR_load_X509_strings(void);
# define X509_R_WRONG_LOOKUP_TYPE 112
# define X509_R_WRONG_TYPE 122
@@ -112339,13 +134843,15 @@
+# endif
#endif
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
-index 4bf27e9..3adfaa3 100644
+index 4bf27e9d76b6..f0122655733f 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -112393,9 +134899,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -112455,9 +134959,10 @@
+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
+X509_OBJECT *X509_OBJECT_new(void);
void X509_OBJECT_free(X509_OBJECT *a);
-+int X509_OBJECT_get_type(X509_OBJECT *a);
- X509 *X509_OBJECT_get0_X509(X509_OBJECT *a);
+-X509 *X509_OBJECT_get0_X509(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
++int X509_OBJECT_get_type(const X509_OBJECT *a);
++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
@@ -112538,7 +135043,7 @@
X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
-index c44ebf5..299a114 100644
+index c44ebf5ab49b..c242a4dd6a82 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -1,60 +1,12 @@
@@ -112597,8 +135102,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -112608,7 +135114,86 @@
#ifndef HEADER_X509V3_H
# define HEADER_X509V3_H
-@@ -916,6 +868,7 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+@@ -122,8 +74,8 @@ struct v3_ext_method {
+ };
+
+ typedef struct X509V3_CONF_METHOD_st {
+- char *(*get_string) (void *db, char *section, char *value);
+- STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section);
++ char *(*get_string) (void *db, const char *section, const char *value);
++ STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
+ void (*free_string) (void *db, char *string);
+ void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
+ } X509V3_CONF_METHOD;
+@@ -529,7 +481,7 @@ STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+ STACK_OF(CONF_VALUE) *extlist);
+ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+- X509V3_CTX *ctx, char *str);
++ X509V3_CTX *ctx, const char *str);
+
+ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+ GENERAL_NAME *gen,
+@@ -610,29 +562,29 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+ void X509V3_conf_free(CONF_VALUE *val);
+
+ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+- char *value);
+-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+- char *value);
+-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
++ const char *value);
++X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
++ const char *value);
++int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+ STACK_OF(X509_EXTENSION) **sk);
+-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert);
+-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_REQ *req);
+-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
++int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_CRL *crl);
+
+ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+ X509V3_CTX *ctx, int ext_nid,
+- char *value);
++ const char *value);
+ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *name, char *value);
++ const char *name, const char *value);
+ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *section, X509 *cert);
++ const char *section, X509 *cert);
+ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *section, X509_REQ *req);
++ const char *section, X509_REQ *req);
+ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+- char *section, X509_CRL *crl);
++ const char *section, X509_CRL *crl);
+
+ int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+ STACK_OF(CONF_VALUE) **extlist);
+@@ -658,7 +610,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool,
+ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+ STACK_OF(CONF_VALUE) **extlist);
+ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
++ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
+ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
+ ASN1_ENUMERATED *aint);
+@@ -758,7 +710,6 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
+
+ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
+ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
+-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+ unsigned long chtype);
+
+@@ -916,6 +867,7 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
@@ -112616,7 +135201,7 @@
void ERR_load_X509V3_strings(void);
/* Error codes for the X509V3 functions. */
-@@ -928,10 +881,8 @@ void ERR_load_X509V3_strings(void);
+@@ -928,10 +880,8 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_COPY_EMAIL 122
# define X509V3_F_COPY_ISSUER 123
# define X509V3_F_DO_DIRNAME 144
@@ -112627,7 +135212,7 @@
# define X509V3_F_GNAMES_FROM_SECTNAME 156
# define X509V3_F_I2S_ASN1_ENUMERATED 121
# define X509V3_F_I2S_ASN1_IA5STRING 149
-@@ -946,7 +897,6 @@ void ERR_load_X509V3_strings(void);
+@@ -946,7 +896,6 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_S2I_ASN1_IA5STRING 100
# define X509V3_F_S2I_ASN1_INTEGER 108
# define X509V3_F_S2I_ASN1_OCTET_STRING 112
@@ -112635,7 +135220,7 @@
# define X509V3_F_S2I_SKEY_ID 115
# define X509V3_F_SET_DIST_POINT_NAME 158
# define X509V3_F_SXNET_ADD_ID_ASC 125
-@@ -976,7 +926,6 @@ void ERR_load_X509V3_strings(void);
+@@ -976,7 +925,6 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_X509V3_ADD_VALUE 105
# define X509V3_F_X509V3_EXT_ADD 104
# define X509V3_F_X509V3_EXT_ADD_ALIAS 106
@@ -112643,7 +135228,7 @@
# define X509V3_F_X509V3_EXT_I2D 136
# define X509V3_F_X509V3_EXT_NCONF 152
# define X509V3_F_X509V3_GET_SECTION 142
-@@ -1036,13 +985,11 @@ void ERR_load_X509V3_strings(void);
+@@ -1036,13 +984,11 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
# define X509V3_R_NO_PUBLIC_KEY 114
# define X509V3_R_NO_SUBJECT_DETAILS 125
@@ -112657,7 +135242,7 @@
# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
# define X509V3_R_SECTION_NOT_FOUND 150
# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
-@@ -1055,7 +1002,7 @@ void ERR_load_X509V3_strings(void);
+@@ -1055,7 +1001,7 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_UNSUPPORTED_TYPE 167
# define X509V3_R_USER_TOO_LONG 132
@@ -112667,8 +135252,25 @@
-#endif
+# endif
#endif
+diff --git a/ms/applink.c b/ms/applink.c
+index 832872324d68..238dbff35bd5 100644
+--- a/ms/applink.c
++++ b/ms/applink.c
+@@ -1,3 +1,12 @@
++/*
++ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
+ #define APPLINK_STDIN 1
+ #define APPLINK_STDOUT 2
+ #define APPLINK_STDERR 3
diff --git a/ms/cmp.pl b/ms/cmp.pl
-index 31d7e1e..265ce56 100755
+index 31d7e1ed94ac..265ce56ed86f 100755
--- a/ms/cmp.pl
+++ b/ms/cmp.pl
@@ -1,4 +1,10 @@
@@ -112684,7 +135286,7 @@
($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
diff --git a/ms/segrenam.pl b/ms/segrenam.pl
-index 7e64c8e..372444a 100755
+index 7e64c8e36fc4..372444a22953 100755
--- a/ms/segrenam.pl
+++ b/ms/segrenam.pl
@@ -1,4 +1,10 @@
@@ -112700,7 +135302,7 @@
my $quiet = 1;
diff --git a/ms/uplink-common.pl b/ms/uplink-common.pl
-index 1d20e6e..e2ab594 100755
+index 1d20e6e03ed2..e2ab59456f15 100755
--- a/ms/uplink-common.pl
+++ b/ms/uplink-common.pl
@@ -1,5 +1,11 @@
@@ -112717,7 +135319,7 @@
$applink_c=$0;
$applink_c=~s|[^/\\]+$||g;
diff --git a/ms/uplink-ia64.pl b/ms/uplink-ia64.pl
-index 089cd39..0636f13 100755
+index 089cd3913fb1..0636f13e700a 100755
--- a/ms/uplink-ia64.pl
+++ b/ms/uplink-ia64.pl
@@ -1,4 +1,10 @@
@@ -112733,7 +135335,7 @@
$output = pop;
open STDOUT,">$output";
diff --git a/ms/uplink-x86.pl b/ms/uplink-x86.pl
-index 4a2f042..e25668e 100755
+index 4a2f042c3432..e25668ea35d1 100755
--- a/ms/uplink-x86.pl
+++ b/ms/uplink-x86.pl
@@ -1,4 +1,10 @@
@@ -112749,10 +135351,10 @@
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC, "${dir}.", "${dir}../crypto/perlasm");
diff --git a/ms/uplink-x86_64.pl b/ms/uplink-x86_64.pl
-index 0cb0f1b..03500fe 100755
+index 0cb0f1b3000f..1f244504cdff 100755
--- a/ms/uplink-x86_64.pl
+++ b/ms/uplink-x86_64.pl
-@@ -1,4 +1,10 @@
+@@ -1,8 +1,14 @@
-#!/usr/bin/env perl
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -112764,9 +135366,48 @@
$output=pop;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+-open OUT,"| \"$^X\" ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
++open OUT,"| \"$^X\" \"${dir}../crypto/perlasm/x86_64-xlate.pl\" \"$output\"";
+ *STDOUT=*OUT;
+ push(@INC,"${dir}.");
+
+diff --git a/ms/uplink.c b/ms/uplink.c
+index 6a5091b570ce..7f7abfbe57eb 100644
+--- a/ms/uplink.c
++++ b/ms/uplink.c
+@@ -1,3 +1,12 @@
++/*
++ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
+ #if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
+ # define UNICODE
+ #endif
+diff --git a/ms/uplink.h b/ms/uplink.h
+index 4881ba7d4298..f6cd0380ae35 100644
+--- a/ms/uplink.h
++++ b/ms/uplink.h
+@@ -1,3 +1,12 @@
++/*
++ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
+ #define APPMACROS_ONLY
+ #include "applink.c"
+
diff --git a/openssl.spec b/openssl.spec
deleted file mode 100644
-index 890fd51..0000000
+index 890fd51a0060..000000000000
--- a/openssl.spec
+++ /dev/null
@@ -1,210 +0,0 @@
@@ -112982,7 +135623,7 @@
-- all stuff is moved out of /usr/local
diff --git a/os-dep/haiku.h b/os-dep/haiku.h
new file mode 100644
-index 0000000..7e908ef
+index 000000000000..7e908efaaf40
--- /dev/null
+++ b/os-dep/haiku.h
@@ -0,0 +1,2 @@
@@ -112990,7 +135631,7 @@
+#include <sys/time.h>
diff --git a/ssl/Makefile.in b/ssl/Makefile.in
deleted file mode 100644
-index 26444ca..0000000
+index 26444ca429d2..000000000000
--- a/ssl/Makefile.in
+++ /dev/null
@@ -1,81 +0,0 @@
@@ -113076,7 +135717,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
-index e3deebc..efe0df9 100644
+index e3deebc08e5b..efe0df98fba5 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -1,58 +1,10 @@
@@ -113161,7 +135802,7 @@
break;
case BIO_C_GET_FD:
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
-index 6d75225..42a0278 100644
+index 6d75225cce6a..42a02780c537 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -1,59 +1,10 @@
@@ -113330,7 +135971,7 @@
dtls1_start_timer(s);
diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c
-index b9342a2..0757203 100644
+index b9342a2a10a5..07572030e170 100644
--- a/ssl/d1_msg.c
+++ b/ssl/d1_msg.c
@@ -1,115 +1,10 @@
@@ -113340,7 +135981,8 @@
- */
-/* ====================================================================
- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -113441,8 +136083,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -113455,7 +136096,7 @@
#define USE_SOCKETS
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
-index f969fb1..91d373f 100644
+index f969fb10b11e..91d373fdf46f 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -1,112 +1,12 @@
@@ -113588,7 +136229,7 @@
return 0;
diff --git a/ssl/methods.c b/ssl/methods.c
-index e576502..aeed8c7 100644
+index e576502c632b..aeed8c72bd66 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -1,111 +1,10 @@
@@ -113710,7 +136351,7 @@
#include <stdio.h>
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
-index fd1f9f4..0ff4ccc 100644
+index fd1f9f4ecf8b..0ff4cccf3b07 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -1,58 +1,10 @@
@@ -113778,7 +136419,7 @@
#ifndef HEADER_PACKET_LOCL_H
diff --git a/ssl/pqueue.c b/ssl/pqueue.c
-index d6cef34..b447e1d 100644
+index d6cef34a1c9f..b447e1dceb77 100644
--- a/ssl/pqueue.c
+++ b/ssl/pqueue.c
@@ -1,59 +1,10 @@
@@ -113847,7 +136488,7 @@
#include "ssl_locl.h"
diff --git a/ssl/record/dtls1_bitmap.c b/ssl/record/dtls1_bitmap.c
-index 0fa2985..9dae9b2 100644
+index 0fa29854854b..9dae9b273e60 100644
--- a/ssl/record/dtls1_bitmap.c
+++ b/ssl/record/dtls1_bitmap.c
@@ -1,115 +1,10 @@
@@ -113857,7 +136498,8 @@
- */
-/* ====================================================================
- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -113958,8 +136600,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -113972,7 +136613,7 @@
#include "../ssl_locl.h"
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
-index 00af44e..a7cffc8 100644
+index 00af44e09d86..9e043f5df0b5 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1,115 +1,10 @@
@@ -113982,7 +136623,8 @@
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -114083,8 +136725,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -114114,8 +136755,17 @@
* fragmented--don't always expect dest_maxlen bytes
*/
if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
+@@ -845,7 +740,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+- SSL_CTX_remove_session(s->ctx, s->session);
++ SSL_CTX_remove_session(s->session_ctx, s->session);
+ return (0);
+ } else {
+ al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
-index 773a6d6..8c02efd 100644
+index 773a6d68d9ac..bce82a761c1a 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1,111 +1,10 @@
@@ -114246,7 +136896,15 @@
)
# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-@@ -303,7 +201,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
+@@ -165,6 +63,7 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
+ for(pipes = 0; pipes < rl->numwpipes; pipes++)
+ SSL3_BUFFER_clear(&rl->wbuf[pipes]);
+ rl->numwpipes = 0;
++ rl->numrpipes = 0;
+ SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+
+ RECORD_LAYER_reset_read_sequence(rl);
+@@ -303,7 +202,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
@@ -114255,7 +136913,7 @@
#endif
if (!extend) {
-@@ -495,7 +393,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+@@ -495,7 +394,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
/*
* Depending on platform multi-block can deliver several *times*
* better performance. Downside is that it has to allocate
@@ -114264,7 +136922,7 @@
* compromise is considered worthy.
*/
if (type == SSL3_RT_APPLICATION_DATA &&
-@@ -631,7 +529,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+@@ -631,7 +530,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
split_send_fragment = s->split_send_fragment;
/*
* If max_pipelines is 0 then this means "undefined" and we default to
@@ -114273,7 +136931,7 @@
* processing then we also only use 1 pipeline, or if we're not using
* explicit IVs
*/
-@@ -810,10 +708,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+@@ -810,10 +709,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/*
* extra fragment would be couple of cipher blocks, which would be
* multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
@@ -114286,7 +136944,7 @@
#endif
outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
-@@ -826,7 +724,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+@@ -826,7 +725,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wb = &s->rlayer.wbuf[j];
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
@@ -114295,7 +136953,7 @@
#endif
outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
-@@ -862,7 +760,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+@@ -862,7 +761,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
*(outbuf[j]++) = (s->version >> 8);
/*
@@ -114304,7 +136962,19 @@
* and record version number > TLS 1.0
*/
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
-@@ -1233,7 +1131,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+@@ -1158,9 +1057,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ goto f_err;
+ }
+ }
+- /* Skip over any records we have already used or are zero in length */
++ /* Skip over any records we have already read */
+ for (curr_rec = 0;
+- curr_rec < num_recs && SSL3_RECORD_get_length(&rr[curr_rec]) == 0;
++ curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
+ curr_rec++);
+ if (curr_rec == num_recs) {
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+@@ -1233,11 +1132,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
memcpy(buf, &(rr->data[rr->off]), n);
buf += n;
if (!peek) {
@@ -114313,7 +136983,23 @@
SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER;
-@@ -1445,7 +1343,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ SSL3_RECORD_set_off(rr, 0);
++ SSL3_RECORD_set_read(rr);
+ }
+ }
+ if (SSL3_RECORD_get_length(rr) == 0
+@@ -1248,6 +1148,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ read_bytes += n;
+ } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+ && read_bytes < (unsigned int)len);
++ if (read_bytes == 0) {
++ /* We must have read empty records. Get more data */
++ goto start;
++ }
+ if (!peek && curr_rec == num_recs
+ && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ && SSL3_BUFFER_get_left(rbuf) == 0)
+@@ -1445,7 +1349,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/*
* This is a warning but we receive it if we requested
* renegotiation and the peer denied it. Terminate with a fatal
@@ -114322,8 +137008,17 @@
* presumably had a good reason and expects it to succeed. In
* future we might have a renegotiation where we don't care if
* the peer refused it where we carry on.
+@@ -1468,7 +1372,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+- SSL_CTX_remove_session(s->ctx, s->session);
++ SSL_CTX_remove_session(s->session_ctx, s->session);
+ return (0);
+ } else {
+ al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/ssl/record/record.h b/ssl/record/record.h
-index 6bb941d..9e19822 100644
+index 6bb941d51aa7..cda4eff0d362 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -1,111 +1,10 @@
@@ -114444,8 +137139,29 @@
*/
/*****************************************************************************
+@@ -166,6 +65,10 @@ typedef struct ssl3_record_st {
+ /* r */
+ unsigned char *comp;
+
++ /* Whether the data from this record has already been read or not */
++ /* r */
++ unsigned int read;
++
+ /* epoch number, needed by DTLS1 */
+ /* r */
+ unsigned long epoch;
+@@ -282,6 +185,9 @@ typedef struct record_layer_st {
+ unsigned char handshake_fragment[4];
+ unsigned int handshake_fragment_len;
+
++ /* The number of consecutive empty records we have received */
++ unsigned int empty_record_count;
++
+ /* partial write - check the numbers match */
+ /* number bytes written */
+ int wpend_tot;
diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
-index 81335fa..67ae1f4 100644
+index 81335fa946a8..ff1eb32191ea 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -1,113 +1,11 @@
@@ -114568,7 +137284,18 @@
/*****************************************************************************
* *
-@@ -178,6 +76,7 @@ int ssl3_release_write_buffer(SSL *s);
+@@ -129,6 +27,10 @@
+ #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
+ #define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes)
+ #define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n))
++#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
++#define RECORD_LAYER_reset_empty_record_count(rl) \
++ ((rl)->empty_record_count = 0)
++#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
+ #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
+
+ __owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold);
+@@ -178,6 +80,7 @@ int ssl3_release_write_buffer(SSL *s);
#define SSL3_RECORD_get_length(r) ((r)->length)
#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
#define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
@@ -114576,8 +137303,17 @@
#define SSL3_RECORD_get_data(r) ((r)->data)
#define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
#define SSL3_RECORD_get_input(r) ((r)->input)
+@@ -190,6 +93,8 @@ int ssl3_release_write_buffer(SSL *s);
+ #define SSL3_RECORD_get_epoch(r) ((r)->epoch)
+ #define SSL3_RECORD_is_sslv2_record(r) \
+ ((r)->rec_version == SSL2_VERSION)
++#define SSL3_RECORD_is_read(r) ((r)->read)
++#define SSL3_RECORD_set_read(r) ((r)->read = 1)
+
+ void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs);
+ void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs);
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
-index 53ae0f4..72faafe 100644
+index 53ae0f490d80..72faafe4e3fb 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -1,111 +1,10 @@
@@ -114699,7 +137435,7 @@
#include "../ssl_locl.h"
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
-index 3c28572..872a381 100644
+index 3c285726c157..d3b2bea40a91 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1,111 +1,10 @@
@@ -114820,7 +137556,23 @@
*/
#include "../ssl_locl.h"
-@@ -270,13 +169,21 @@ int ssl3_get_record(SSL *s)
+@@ -235,7 +134,6 @@ int ssl3_get_record(SSL *s)
+ unsigned char md[EVP_MAX_MD_SIZE];
+ short version;
+ unsigned mac_size;
+- unsigned empty_record_count = 0, curr_empty = 0;
+ unsigned int num_recs = 0;
+ unsigned int max_recs;
+ unsigned int j;
+@@ -247,7 +145,6 @@ int ssl3_get_record(SSL *s)
+ max_recs = 1;
+ sess = s->session;
+
+- again:
+ do {
+ /* check if we have the header */
+ if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+@@ -270,13 +167,21 @@ int ssl3_get_record(SSL *s)
if (s->first_packet && s->server && !s->read_hash
&& !s->enc_read_ctx
&& (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
@@ -114844,7 +137596,15 @@
- SSL2_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
-@@ -420,7 +327,8 @@ int ssl3_get_record(SSL *s)
+@@ -416,11 +321,16 @@ int ssl3_get_record(SSL *s)
+ /* decrypt in place in 'rr->input' */
+ rr[num_recs].data = rr[num_recs].input;
+ rr[num_recs].orig_len = rr[num_recs].length;
++
++ /* Mark this record as not read by upper layers yet */
++ rr[num_recs].read = 0;
++
+ num_recs++;
/* we have pulled in a full packet so zero things */
RECORD_LAYER_reset_packet_length(&s->rlayer);
@@ -114854,8 +137614,35 @@
&& SSL_USE_EXPLICIT_IV(s)
&& s->enc_read_ctx != NULL
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
+@@ -578,21 +488,17 @@ int ssl3_get_record(SSL *s)
+
+ /* just read a 0 length packet */
+ if (rr[j].length == 0) {
+- curr_empty++;
+- empty_record_count++;
+- if (empty_record_count > MAX_EMPTY_RECORDS) {
++ RECORD_LAYER_inc_empty_record_count(&s->rlayer);
++ if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
++ > MAX_EMPTY_RECORDS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
+ goto f_err;
+ }
++ } else {
++ RECORD_LAYER_reset_empty_record_count(&s->rlayer);
+ }
+ }
+- if (curr_empty == num_recs) {
+- /* We have no data - do it all again */
+- num_recs = 0;
+- curr_empty = 0;
+- goto again;
+- }
+
+ RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
+ return 1;
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 8df32ba..7cdabbb 100644
+index 8df32ba326aa..7cdabbb761b3 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -1,55 +1,10 @@
@@ -114921,7 +137708,7 @@
#include "internal/constant_time_locl.h"
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
-index 35ef948..cb571c1 100644
+index 35ef9487f91d..f7089bd6fb85 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -1,112 +1,12 @@
@@ -115062,7 +137849,28 @@
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
-@@ -474,14 +374,13 @@ int ssl3_digest_cached_records(SSL *s, int keep)
+@@ -426,11 +326,18 @@ void ssl3_cleanup_key_block(SSL *s)
+ s->s3->tmp.key_block_length = 0;
+ }
+
+-void ssl3_init_finished_mac(SSL *s)
++int ssl3_init_finished_mac(SSL *s)
+ {
++ BIO *buf = BIO_new(BIO_s_mem());
++
++ if (buf == NULL) {
++ SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
+ ssl3_free_digest_list(s);
+- s->s3->handshake_buffer = BIO_new(BIO_s_mem());
++ s->s3->handshake_buffer = buf;
+ (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
++ return 1;
+ }
+
+ /*
+@@ -474,14 +381,13 @@ int ssl3_digest_cached_records(SSL *s, int keep)
}
md = ssl_handshake_md(s);
@@ -115082,7 +137890,7 @@
if (keep == 0) {
BIO_free(s->s3->handshake_buffer);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index ef65050..de7f1c0 100644
+index ef65050cc4f6..44dac24c8caf 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1,112 +1,12 @@
@@ -115367,7 +138175,18 @@
SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
-@@ -3395,24 +3295,40 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+@@ -3071,6 +2971,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+ ret = 1;
+ break;
+
++ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
++ ret = s->tlsext_status_type;
++ break;
++
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+ s->tlsext_status_type = larg;
+ ret = 1;
+@@ -3395,24 +3299,43 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
{
unsigned char *keys = parg;
@@ -115410,6 +138229,9 @@
return 1;
}
++ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
++ return ctx->tlsext_status_type;
++
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+ ctx->tlsext_status_type = larg;
+ break;
@@ -115417,7 +138239,7 @@
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
return 1;
-@@ -3839,7 +3755,7 @@ int ssl3_shutdown(SSL *s)
+@@ -3839,7 +3762,7 @@ int ssl3_shutdown(SSL *s)
if (ret == -1) {
/*
* we only get to return -1 here the 2nd/Nth invocation, we must
@@ -115427,7 +138249,7 @@
*/
return (ret);
diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
-index 8df1e66..78ae099 100644
+index 8df1e6677f97..185f0e989032 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -1,111 +1,10 @@
@@ -115548,8 +138370,17 @@
*/
#define USE_SOCKETS
+@@ -173,7 +72,7 @@ int ssl3_send_alert(SSL *s, int level, int desc)
+ return -1;
+ /* If a fatal one, remove from cache */
+ if ((level == SSL3_AL_FATAL) && (s->session != NULL))
+- SSL_CTX_remove_session(s->ctx, s->session);
++ SSL_CTX_remove_session(s->session_ctx, s->session);
+
+ s->s3->alert_dispatch = 1;
+ s->s3->send_alert[0] = level;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
-index a3bbfe4..67d8e0c 100644
+index a3bbfe4fc7f4..67d8e0c49875 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,59 +1,12 @@
@@ -115620,7 +138451,7 @@
* Copyright 2005 Nokia. All rights reserved.
*
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
-index 04a4a36..d668afa 100644
+index 04a4a36d7713..d668afafe798 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,112 +1,12 @@
@@ -115808,7 +138639,7 @@
{
BUF_MEM *buf = s->init_buf;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index d0d9d88..5dbe1d0 100644
+index d0d9d88e1e39..5dbe1d015494 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1,112 +1,12 @@
@@ -115945,7 +138776,7 @@
#define SSL_ENC_DES_IDX 0
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
-index fa0e353..7b462aa 100644
+index fa0e3534d280..7b462aade2d9 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -1,58 +1,10 @@
@@ -116013,7 +138844,7 @@
#include <stdio.h>
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
-index df98c76..377061b 100644
+index df98c765382c..5741bb82558b 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,61 +1,11 @@
@@ -116085,7 +138916,7 @@
*/
#include <stdio.h>
-@@ -78,25 +28,14 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -78,25 +28,16 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DANE_TLSA_ADD), "dane_tlsa_add"},
{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"},
{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"},
@@ -116102,18 +138933,19 @@
- "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "dtls1_process_record"},
{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
-- {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
+ {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
- {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
- "DTLS1_SEND_CERTIFICATE_REQUEST"},
- {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
- "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
- {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
++ {ERR_FUNC(SSL_F_DTLS1_RETRANSMIT_MESSAGE), "dtls1_retransmit_message"},
+ {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
+ "dtls1_write_app_data_bytes"},
{ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"},
{ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
"dtls_construct_change_cipher_spec"},
-@@ -107,24 +46,21 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -107,24 +48,22 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
{ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
{ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
@@ -116137,12 +138969,13 @@
"ssl3_generate_master_secret"},
{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "ssl3_get_record"},
- {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
++ {ERR_FUNC(SSL_F_SSL3_INIT_FINISHED_MAC), "ssl3_init_finished_mac"},
{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "ssl3_output_cert_chain"},
- {ERR_FUNC(SSL_F_SSL3_PEEK), "ssl3_peek"},
{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"},
{ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"},
{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"},
-@@ -132,12 +68,12 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -132,12 +71,12 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"},
{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"},
{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"},
@@ -116157,7 +138990,7 @@
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
"ssl_add_clienthello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
-@@ -146,7 +82,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -146,7 +85,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"SSL_add_file_cert_subjects_to_stack"},
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
"ssl_add_serverhello_renegotiate_ext"},
@@ -116167,7 +139000,7 @@
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
"ssl_add_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
-@@ -154,7 +91,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -154,7 +94,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},
{ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"},
{ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},
@@ -116175,7 +139008,7 @@
{ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},
{ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"},
{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-@@ -162,7 +98,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -162,7 +101,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"ssl_check_serverhello_tlsext"},
{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
"ssl_check_srvr_ecc_cert_and_alg"},
@@ -116185,7 +139018,7 @@
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "ssl_cipher_strength_sort"},
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
-@@ -180,11 +117,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -180,11 +120,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"SSL_CTX_set_client_cert_engine"},
{ERR_FUNC(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK),
"SSL_CTX_set_ct_validation_callback"},
@@ -116197,7 +139030,7 @@
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
"SSL_CTX_use_certificate_ASN1"},
-@@ -205,16 +140,14 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -205,16 +143,14 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO), "SSL_CTX_use_serverinfo"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO_FILE),
"SSL_CTX_use_serverinfo_file"},
@@ -116215,7 +139048,7 @@
{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"},
{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "ssl_init_wbio_buffer"},
{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-@@ -233,10 +166,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -233,10 +169,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
"ssl_parse_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
@@ -116226,7 +139059,7 @@
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
"ssl_scan_clienthello_tlsext"},
-@@ -254,18 +183,16 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -254,18 +186,16 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"SSL_set_ct_validation_callback"},
{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
{ERR_FUNC(SSL_F_SSL_SET_PKEY), "ssl_set_pkey"},
@@ -116249,7 +139082,7 @@
{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "ssl_undefined_function"},
{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
"ssl_undefined_void_function"},
-@@ -277,8 +204,10 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -277,8 +207,10 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
@@ -116262,7 +139095,7 @@
{ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"},
{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-@@ -287,16 +216,10 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -287,16 +219,10 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
{ERR_FUNC(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS),
"tls1_check_duplicate_extensions"},
@@ -116279,7 +139112,7 @@
{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"},
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
{ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
-@@ -306,7 +229,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -306,7 +232,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_construct_certificate_request"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
"tls_construct_client_certificate"},
@@ -116289,7 +139122,7 @@
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),
"tls_construct_client_key_exchange"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),
-@@ -317,7 +241,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -317,7 +244,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
"tls_construct_server_certificate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
@@ -116299,7 +139132,7 @@
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
"tls_construct_server_key_exchange"},
{ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},
-@@ -348,7 +273,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
+@@ -348,7 +276,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_process_server_certificate"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"},
@@ -116309,7 +139142,7 @@
{0, NULL}
};
-@@ -360,46 +286,25 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -360,46 +289,25 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"at least TLS 1.0 needed in FIPS mode"},
{ERR_REASON(SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
"at least (D)TLS 1.2 needed in Suite B mode"},
@@ -116356,7 +139189,7 @@
{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
"bad srtp protection profile list"},
-@@ -407,14 +312,15 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -407,14 +315,15 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
{ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
{ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
@@ -116375,7 +139208,7 @@
{ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
-@@ -427,7 +333,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -427,7 +336,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
"compression id not within private range"},
@@ -116385,7 +139218,7 @@
{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
{ERR_REASON(SSL_R_CONTEXT_NOT_DANE_ENABLED), "context not dane enabled"},
{ERR_REASON(SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
-@@ -439,10 +346,12 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -439,10 +349,12 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
"dane cannot override mtype full"},
{ERR_REASON(SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
@@ -116400,7 +139233,7 @@
{ERR_REASON(SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
"dane tlsa bad digest length"},
{ERR_REASON(SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
-@@ -462,21 +371,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -462,21 +374,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
@@ -116424,7 +139257,7 @@
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
"error in received cipher list"},
{ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
-@@ -486,10 +388,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -486,10 +391,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
{ERR_REASON(SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"},
{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
@@ -116435,7 +139268,7 @@
{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
{ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
{ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"},
-@@ -504,24 +402,18 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -504,24 +405,18 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE),
"invalid ct validation type"},
{ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
@@ -116460,7 +139293,7 @@
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
"missing ecdsa signing cert"},
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
-@@ -531,18 +423,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -531,18 +426,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
@@ -116479,7 +139312,7 @@
{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
"Peer haven't sent GOST certificate, required for selected ciphersuite"},
-@@ -557,15 +444,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -557,15 +447,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"no shared sigature algorithms"},
{ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
{ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"},
@@ -116497,7 +139330,7 @@
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
{ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
{ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
-@@ -574,7 +460,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -574,7 +463,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"},
{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
{ERR_REASON(SSL_R_PIPELINE_FAILURE), "pipeline failure"},
@@ -116505,7 +139338,7 @@
{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
-@@ -582,22 +467,20 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -582,22 +470,20 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
@@ -116530,7 +139363,7 @@
{ERR_REASON(SSL_R_SHUTDOWN_WHILE_IN_INIT), "shutdown while in init"},
{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
"signature algorithms error"},
-@@ -610,15 +493,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -610,15 +496,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"srtp protection profile list too long"},
{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
"srtp unknown protection profile"},
@@ -116548,7 +139381,7 @@
{ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
"ssl command section not found"},
{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
-@@ -638,8 +519,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -638,8 +522,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"ssl session id has bad length"},
{ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
"ssl session version mismatch"},
@@ -116557,7 +139390,7 @@
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
"peer does not accept heartbeats"},
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
-@@ -648,20 +527,10 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -648,20 +530,10 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"tls illegal exporter label"},
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
"tls invalid ecpointformat list"},
@@ -116578,7 +139411,7 @@
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
"unable to load ssl3 md5 routines"},
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
-@@ -676,18 +545,16 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -676,18 +548,16 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
{ERR_REASON(SSL_R_UNKNOWN_COMMAND), "unknown command"},
{ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
@@ -116599,7 +139432,7 @@
{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
"unsupported elliptic curve"},
{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
-@@ -699,7 +566,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+@@ -699,7 +569,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_WRONG_CERTIFICATE_TYPE), "wrong certificate type"},
{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
{ERR_REASON(SSL_R_WRONG_CURVE), "wrong curve"},
@@ -116608,7 +139441,7 @@
{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
-index 546f5d2..66525de 100644
+index 546f5d23a89f..66525de6c55a 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -1,63 +1,14 @@
@@ -116681,7 +139514,7 @@
#include <openssl/crypto.h>
#include <openssl/evp.h>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 06d9723..83ad9ef 100644
+index 06d972349a9d..d4b83359061e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1,115 +1,12 @@
@@ -116795,8 +139628,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -116872,11 +139706,16 @@
#ifndef OPENSSL_NO_PSK
s->psk_client_callback = ctx->psk_client_callback;
-@@ -761,10 +671,16 @@ SSL *SSL_new(SSL_CTX *ctx)
+@@ -761,10 +671,21 @@ SSL *SSL_new(SSL_CTX *ctx)
return NULL;
}
-void SSL_up_ref(SSL *s)
++int SSL_is_dtls(const SSL *s)
++{
++ return SSL_IS_DTLS(s) ? 1 : 0;
++}
++
+int SSL_up_ref(SSL *s)
{
int i;
@@ -116891,7 +139730,20 @@
}
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-@@ -900,9 +816,9 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
+@@ -830,9 +751,9 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+ r.session_id_length = id_len;
+ memcpy(r.session_id, id, id_len);
+
+- CRYPTO_THREAD_read_lock(ssl->ctx->lock);
+- p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
+- CRYPTO_THREAD_unlock(ssl->ctx->lock);
++ CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
++ p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
++ CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
+ return (p != NULL);
+ }
+
+@@ -900,9 +821,9 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
* invalid input, set the SNI name first.
*/
if (s->tlsext_hostname == NULL) {
@@ -116903,7 +139755,7 @@
}
}
-@@ -1503,6 +1419,9 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+@@ -1503,6 +1424,9 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
case ASYNC_PAUSE:
s->rwstate = SSL_ASYNC_PAUSED;
return -1;
@@ -116913,7 +139765,7 @@
case ASYNC_FINISH:
s->job = NULL;
return ret;
-@@ -1743,8 +1662,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+@@ -1743,8 +1667,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
}
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
@@ -116924,7 +139776,7 @@
return 1;
else
return 0;
-@@ -1862,7 +1781,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+@@ -1862,7 +1786,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return 0;
ctx->max_send_fragment = larg;
if (ctx->max_send_fragment < ctx->split_send_fragment)
@@ -116933,7 +139785,7 @@
return 1;
case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
if ((unsigned int)larg > ctx->max_send_fragment || larg == 0)
-@@ -2429,7 +2348,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2429,7 +2353,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
goto err;
@@ -116943,7 +139795,7 @@
/* No compression for DTLS */
if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
-@@ -2438,10 +2358,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2438,10 +2363,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -116958,7 +139810,7 @@
ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP
-@@ -2479,6 +2399,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2479,6 +2404,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
*/
ret->options |= SSL_OP_NO_COMPRESSION;
@@ -116967,7 +139819,7 @@
return ret;
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
-@@ -2487,10 +2409,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+@@ -2487,10 +2414,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
return NULL;
}
@@ -116986,7 +139838,7 @@
}
void SSL_CTX_free(SSL_CTX *a)
-@@ -2925,56 +2853,61 @@ int SSL_get_error(const SSL *s, int i)
+@@ -2925,56 +2858,61 @@ int SSL_get_error(const SSL *s, int i)
return (SSL_ERROR_SSL);
}
@@ -117095,7 +139947,7 @@
}
if (i == 0) {
-@@ -3135,7 +3068,8 @@ SSL *SSL_dup(SSL *s)
+@@ -3135,7 +3073,8 @@ SSL *SSL_dup(SSL *s)
goto err;
}
@@ -117105,7 +139957,7 @@
ret->version = s->version;
ret->options = s->options;
ret->mode = s->mode;
-@@ -3286,34 +3220,27 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+@@ -3286,34 +3225,27 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
#endif
}
@@ -117133,22 +139985,22 @@
if (!BIO_set_read_buffer_size(bbio, 1)) {
SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
- return (0);
-- }
++ return 0;
+ }
- if (push) {
- if (s->wbio != bbio)
- s->wbio = BIO_push(bbio, s->wbio);
- } else {
- if (s->wbio == bbio)
- s->wbio = BIO_pop(bbio);
-+ return 0;
- }
+- }
- return (1);
+
+ return 1;
}
void ssl_free_wbio_buffer(SSL *s)
-@@ -3358,17 +3285,22 @@ void SSL_set_shutdown(SSL *s, int mode)
+@@ -3358,17 +3290,22 @@ void SSL_set_shutdown(SSL *s, int mode)
int SSL_get_shutdown(const SSL *s)
{
@@ -117174,7 +140026,7 @@
}
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
-@@ -3709,7 +3641,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
+@@ -3709,7 +3646,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
/*
* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
@@ -117183,8 +140035,17 @@
* If EVP_MD pointer is passed, initializes ctx with this md Returns newly
* allocated ctx;
*/
-@@ -4195,6 +4127,23 @@ int ssl_validate_ct(SSL *s)
+@@ -3921,7 +3858,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t or
+ err:
+ if (sct != NULL)
+ sk_SCT_push(src, sct); /* Put the SCT back */
+- return scts_moved;
++ return -1;
+ }
+ /*
+@@ -4195,6 +4132,23 @@ int ssl_validate_ct(SSL *s)
+
end:
CT_POLICY_EVAL_CTX_free(ctx);
+ /*
@@ -117208,7 +140069,7 @@
}
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 50e0d39..243535f 100644
+index 50e0d3900af1..35fd3fc7ac1c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1,112 +1,12 @@
@@ -117402,6 +140263,15 @@
int (*p_ssl3_setup_buffers) (SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s,
+@@ -1948,7 +1859,7 @@ __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+
+ __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+ __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+-void ssl3_init_finished_mac(SSL *s);
++int ssl3_init_finished_mac(SSL *s);
+ __owur int ssl3_setup_key_block(SSL *s);
+ __owur int ssl3_change_cipher_state(SSL *s, int which);
+ void ssl3_cleanup_key_block(SSL *s);
@@ -2048,7 +1959,7 @@ __owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s);
@@ -117412,7 +140282,7 @@
__owur int tls1_change_cipher_state(SSL *s, int which);
diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c
-index 614e0a7..b92b210 100644
+index 614e0a742dca..b92b21068389 100644
--- a/ssl/ssl_mcnf.c
+++ b/ssl/ssl_mcnf.c
@@ -1,59 +1,10 @@
@@ -117481,13 +140351,15 @@
#include <stdio.h>
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
-index 00bf887..aad65ea 100644
+index 00bf887fdbdd..aad65ead8920 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -117535,9 +140407,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -117616,7 +140486,7 @@
serverinfo_length += extension_length;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index d5b7fe3..f168900 100644
+index d5b7fe331093..9095363702cb 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -1,112 +1,12 @@
@@ -117770,7 +140640,19 @@
* ServerHello extensions, and before recording the session
* ID received from the server, so this block is a noop.
*/
-@@ -1074,10 +977,10 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+@@ -925,6 +828,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+ return (t);
+ }
+
++int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
++{
++ return s->ssl_version;
++}
++
+ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
+ {
+ return s->tlsext_hostname;
+@@ -1074,10 +982,10 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
return;
tp.time = t;
CRYPTO_THREAD_write_lock(s->lock);
@@ -117784,8 +140666,17 @@
CRYPTO_THREAD_unlock(s->lock);
}
+@@ -1086,7 +994,7 @@ int ssl_clear_bad_session(SSL *s)
+ if ((s->session != NULL) &&
+ !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+ !(SSL_in_init(s) || SSL_in_before(s))) {
+- SSL_CTX_remove_session(s->ctx, s->session);
++ SSL_CTX_remove_session(s->session_ctx, s->session);
+ return (1);
+ } else
+ return (0);
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
-index 240dfdf..1928bd2 100644
+index 240dfdfb6827..1928bd25055f 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -1,59 +1,12 @@
@@ -117856,13 +140747,15 @@
* Copyright 2005 Nokia. All rights reserved.
*
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
-index b2c6bf7..df7c74b 100644
+index b2c6bf7ce655..df7c74b4f31a 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -1,59 +1,12 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -117910,9 +140803,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -117936,7 +140827,7 @@
*/
if (BIO_puts(bp, "RSA ") <= 0)
diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c
-index 335cf0d..09e76d1 100644
+index 335cf0d506b8..09e76d14a736 100644
--- a/ssl/ssl_utst.c
+++ b/ssl/ssl_utst.c
@@ -1,55 +1,10 @@
@@ -118001,7 +140892,7 @@
#include "ssl_locl.h"
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
-index 08ae21a..0b0595d 100644
+index 08ae21a3b0f7..28483e7944ff 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -1,58 +1,10 @@
@@ -118068,7 +140959,7 @@
*/
#include <openssl/rand.h>
-@@ -368,20 +320,20 @@ static int state_machine(SSL *s, int server)
+@@ -368,19 +320,23 @@ static int state_machine(SSL *s, int server)
*/
s->s3->change_cipher_spec = 0;
@@ -118077,29 +140968,34 @@
- * Ok, we now need to push on a buffering BIO ...but not with
- * SCTP
- */
-+
+-#ifndef OPENSSL_NO_SCTP
+- if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
+-#endif
+- if (!ssl_init_wbio_buffer(s, server ? 1 : 0)) {
+- goto end;
+- }
+
+- ssl3_init_finished_mac(s);
+ /*
+ * Ok, we now need to push on a buffering BIO ...but not with
+ * SCTP
+ */
- #ifndef OPENSSL_NO_SCTP
-- if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
++#ifndef OPENSSL_NO_SCTP
+ if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
- #endif
-- if (!ssl_init_wbio_buffer(s, server ? 1 : 0)) {
-- goto end;
-- }
++#endif
+ if (!ssl_init_wbio_buffer(s)) {
+ goto end;
+ }
++
++ if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
++ if (!ssl3_init_finished_mac(s)) {
++ ossl_statem_set_error(s);
++ goto end;
++ }
+ }
-+ if (!server || st->state != MSG_FLOW_RENEGOTIATE)
- ssl3_init_finished_mac(s);
-- }
-
if (server) {
- if (st->state != MSG_FLOW_RENEGOTIATE) {
-@@ -548,7 +500,6 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
+@@ -548,7 +504,6 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
while(1) {
switch(st->read_state) {
case READ_STATE_HEADER:
@@ -118107,7 +141003,7 @@
/* Get the state the peer wants to move to */
if (SSL_IS_DTLS(s)) {
/*
-@@ -607,6 +558,10 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
+@@ -607,6 +562,10 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) {
return SUB_STATE_ERROR;
}
ret = process_message(s, &pkt);
@@ -118119,7 +141015,7 @@
return SUB_STATE_ERROR;
}
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
-index 263a395..e2aef15 100644
+index 263a39539220..e2aef1558332 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -1,60 +1,15 @@
@@ -118191,7 +141087,7 @@
* *
*****************************************************************************/
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
-index 5b53b86..ecbc43b 100644
+index 5b53b8605d85..078349fbb19c 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1,112 +1,12 @@
@@ -118329,8 +141225,20 @@
} else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
st->hand_state = TLS_ST_CR_CHANGE;
return 1;
-@@ -535,20 +437,9 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+@@ -489,7 +391,10 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
+ s->shutdown = 0;
+ if (SSL_IS_DTLS(s)) {
+ /* every DTLS ClientHello resets Finished MAC */
+- ssl3_init_finished_mac(s);
++ if (!ssl3_init_finished_mac(s)) {
++ ossl_statem_set_error(s);
++ return WORK_ERROR;
++ }
+ }
+ break;
+@@ -535,20 +440,9 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+
switch(st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
- if (SSL_IS_DTLS(s) && s->d1->cookie_len > 0 && statem_flush(s) != 1)
@@ -118352,7 +141260,7 @@
if (SSL_IS_DTLS(s)) {
/* Treat the next message as the first packet */
s->first_packet = 1;
-@@ -870,7 +761,7 @@ int tls_construct_client_hello(SSL *s)
+@@ -870,7 +764,7 @@ int tls_construct_client_hello(SSL *s)
* 1. Client hello indicates TLS 1.2
* 2. Server hello says TLS 1.0
* 3. RSA encrypted premaster secret uses 1.2.
@@ -118361,7 +141269,15 @@
* 5. Server sends hello request to renegotiate.
* 6. Client hello indicates TLS v1.0 as we now
* know that is maximum server supports.
-@@ -1350,7 +1241,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+@@ -1122,6 +1016,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+ * overwritten if the server refuses resumption.
+ */
+ if (s->session->session_id_length > 0) {
++ s->ctx->stats.sess_miss++;
+ if (!ssl_get_new_session(s, 0)) {
+ goto f_err;
+ }
+@@ -1350,7 +1245,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
s->session->peer_chain = sk;
/*
* Inconsistency alert: cert_chain does include the peer's certificate,
@@ -118370,7 +141286,7 @@
*/
x = sk_X509_value(sk, 0);
sk = NULL;
-@@ -1525,9 +1416,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+@@ -1525,9 +1420,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
PACKET prime, generator, pub_key;
@@ -118383,7 +141299,7 @@
if (!PACKET_get_length_prefixed_2(pkt, &prime)
|| !PACKET_get_length_prefixed_2(pkt, &generator)
-@@ -1536,19 +1428,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+@@ -1536,19 +1432,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto f_err;
}
@@ -118407,7 +141323,7 @@
}
p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
-@@ -1558,39 +1444,53 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+@@ -1558,39 +1448,53 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
NULL);
if (p == NULL || g == NULL || bnpub_key == NULL) {
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
@@ -118476,7 +141392,7 @@
if (alg_a & (SSL_aRSA|SSL_aDSS))
pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous DH, so no certificate or pkey. */
-@@ -2538,6 +2438,9 @@ int tls_client_key_exchange_post_work(SSL *s)
+@@ -2538,6 +2442,9 @@ int tls_client_key_exchange_post_work(SSL *s)
unsigned char *pms = NULL;
size_t pmslen = 0;
@@ -118486,7 +141402,7 @@
#ifndef OPENSSL_NO_SRP
/* Check for SRP */
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-@@ -2549,8 +2452,6 @@ int tls_client_key_exchange_post_work(SSL *s)
+@@ -2549,8 +2456,6 @@ int tls_client_key_exchange_post_work(SSL *s)
return 1;
}
#endif
@@ -118495,7 +141411,7 @@
if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-@@ -2560,8 +2461,13 @@ int tls_client_key_exchange_post_work(SSL *s)
+@@ -2560,8 +2465,13 @@ int tls_client_key_exchange_post_work(SSL *s)
if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
@@ -118510,7 +141426,7 @@
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s)) {
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
-index a3090ef..2a69326 100644
+index a3090ef49081..d75483af6d40 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1,115 +1,10 @@
@@ -118520,7 +141436,8 @@
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -118569,8 +141486,7 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
@@ -118646,8 +141562,38 @@
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
+@@ -1022,7 +918,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
+ int dtls1_read_failed(SSL *s, int code)
+ {
+ if (code > 0) {
+- fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
++ SSLerr(SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
+ return 1;
+ }
+
+@@ -1079,10 +975,8 @@ int dtls1_retransmit_buffered_messages(SSL *s)
+ dtls1_get_queue_priority
+ (frag->msg_header.seq,
+ frag->msg_header.is_ccs),
+- &found) <= 0 && found) {
+- fprintf(stderr, "dtls1_retransmit_message() failed\n");
++ &found) <= 0)
+ return -1;
+- }
+ }
+
+ return 1;
+@@ -1174,7 +1068,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
+
+ item = pqueue_find(s->d1->sent_messages, seq64be);
+ if (item == NULL) {
+- fprintf(stderr, "retransmit: message %d non-existant\n", seq);
++ SSLerr(SSL_F_DTLS1_RETRANSMIT_MESSAGE, ERR_R_INTERNAL_ERROR);
+ *found = 0;
+ return 0;
+ }
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 8fcc232..eb3e591 100644
+index 8fcc23246e11..eb3e59108008 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1,112 +1,12 @@
@@ -118813,7 +141759,7 @@
break;
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
-index 57b7c37..9f7ec88 100644
+index 57b7c372c58f..9f7ec88b6b91 100644
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -1,55 +1,10 @@
@@ -118879,7 +141825,7 @@
/*****************************************************************************
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index 38fa945..67df5f2 100644
+index 38fa9455ff80..f4fe2b9f404b 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1,112 +1,12 @@
@@ -119011,7 +141957,31 @@
* this for SSL 3)
*/
|| (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-@@ -747,6 +647,23 @@ int ossl_statem_server_construct_message(SSL *s)
+@@ -596,15 +496,20 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+ case TLS_ST_SW_HELLO_REQ:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+- ssl3_init_finished_mac(s);
++ if (!ssl3_init_finished_mac(s)) {
++ ossl_statem_set_error(s);
++ return WORK_ERROR;
++ }
+ break;
+
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+ /* HelloVerifyRequest resets Finished MAC */
+- if (s->version != DTLS1_BAD_VER)
+- ssl3_init_finished_mac(s);
++ if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
++ ossl_statem_set_error(s);
++ return WORK_ERROR;
++ }
+ /*
+ * The next message should be another ClientHello which we need to
+ * treat like it was the first packet
+@@ -747,6 +652,23 @@ int ossl_statem_server_construct_message(SSL *s)
return 0;
}
@@ -119035,7 +142005,7 @@
#define CLIENT_KEY_EXCH_MAX_LENGTH 2048
#define NEXT_PROTO_MAX_LENGTH 514
-@@ -760,7 +677,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s)
+@@ -760,7 +682,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s)
switch(st->hand_state) {
case TLS_ST_SR_CLNT_HELLO:
@@ -119044,7 +142014,7 @@
case TLS_ST_SR_CERT:
return s->max_cert_list;
-@@ -971,6 +888,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+@@ -971,6 +893,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
/* |cookie| will only be initialized for DTLS. */
PACKET session_id, cipher_suites, compression, extensions, cookie;
int is_v2_record;
@@ -119052,7 +142022,7 @@
is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
-@@ -1096,19 +1014,20 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+@@ -1096,19 +1019,20 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
goto f_err;
}
@@ -119076,7 +142046,7 @@
PACKET_null_init(&extensions);
} else {
/* Regular ClientHello. */
-@@ -1376,7 +1295,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+@@ -1376,7 +1300,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
if (k >= complen) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
@@ -119085,7 +142055,7 @@
goto f_err;
}
} else if (s->hit)
-@@ -2079,7 +1998,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+@@ -2079,7 +2003,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
EVP_PKEY *ckey = NULL;
#endif
PACKET enc_premaster;
@@ -119093,7 +142063,7 @@
unsigned char *rsa_decrypt = NULL;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-@@ -2301,6 +2219,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+@@ -2301,6 +2224,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
DH *cdh;
unsigned int i;
BIGNUM *pub_key;
@@ -119101,7 +142071,7 @@
if (!PACKET_get_net_2(pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-@@ -2378,6 +2297,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+@@ -2378,6 +2302,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
goto f_err;
} else {
unsigned int i;
@@ -119109,7 +142079,7 @@
/*
* Get client's public key from encoded point in the
-@@ -2425,6 +2345,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+@@ -2425,6 +2350,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
unsigned int i;
@@ -119117,7 +142087,7 @@
if (!PACKET_get_net_2(pkt, &i)
|| !PACKET_get_bytes(pkt, &data, i)) {
-@@ -2467,6 +2388,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+@@ -2467,6 +2393,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
int Ttag, Tclass;
long Tlen;
long sess_key_len;
@@ -119125,7 +142095,7 @@
/* Get our certificate private key */
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-@@ -2909,7 +2831,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+@@ -2909,7 +2836,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
s->session->peer_chain = sk;
/*
* Inconsistency alert: cert_chain does *not* include the peer's own
@@ -119134,7 +142104,7 @@
*/
sk = NULL;
ret = MSG_PROCESS_CONTINUE_READING;
-@@ -2956,7 +2878,8 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -2956,7 +2883,8 @@ int tls_construct_new_session_ticket(SSL *s)
unsigned int hlen;
SSL_CTX *tctx = s->initial_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -119144,7 +142114,7 @@
/* get session encoding length */
slen_full = i2d_SSL_SESSION(s->session, NULL);
-@@ -3006,13 +2929,14 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -3006,13 +2934,14 @@ int tls_construct_new_session_ticket(SSL *s)
* Grow buffer if need be: the length calculation is as
* follows handshake_header_length +
* 4 (ticket lifetime hint) + 2 (ticket length) +
@@ -119164,9 +142134,26 @@
goto err;
p = ssl_handshake_start(s);
-@@ -3023,16 +2947,22 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -3021,18 +2950,38 @@ int tls_construct_new_session_ticket(SSL *s)
+ * all the work otherwise use generated values from parent ctx.
+ */
if (tctx->tlsext_ticket_key_cb) {
- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
+- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
++ /* if 0 is returned, write an empty ticket */
++ int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx,
++ hctx, 1);
++
++ if (ret == 0) {
++ l2n(0, p); /* timeout */
++ s2n(0, p); /* length */
++ if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
++ goto err;
++ OPENSSL_free(senc);
++ EVP_CIPHER_CTX_free(ctx);
++ HMAC_CTX_free(hctx);
++ return 1;
++ }
++ if (ret < 0)
goto err;
+ iv_len = EVP_CIPHER_CTX_iv_length(ctx);
} else {
@@ -119191,7 +142178,7 @@
}
/*
-@@ -3046,11 +2976,11 @@ int tls_construct_new_session_ticket(SSL *s)
+@@ -3046,11 +2995,11 @@ int tls_construct_new_session_ticket(SSL *s)
p += 2;
/* Output key name */
macstart = p;
@@ -119208,7 +142195,7 @@
if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
goto err;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 6e56441..920a178 100644
+index 6e56441d0fba..920a1785131c 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1,112 +1,12 @@
@@ -119332,7 +142319,7 @@
* Copyright 2005 Nokia. All rights reserved.
*
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
-index 3bbe1fd..2db949d 100644
+index 3bbe1fd82697..2db949d8acc5 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -1,55 +1,10 @@
@@ -119429,7 +142416,7 @@
memset(meth, 0, sizeof(*meth));
meth->parse_cb = parse_cb;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 9f6cef3..8f16668 100644
+index 9f6cef3afba8..20d67876a0c0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1,111 +1,10 @@
@@ -119615,7 +142602,17 @@
#ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) {
s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
-@@ -1696,7 +1595,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+@@ -1603,6 +1502,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+ return NULL;
+ s2n(TLSEXT_TYPE_session_ticket, ret);
+ s2n(0, ret);
++ } else {
++ /* if we don't add the above TLSEXT, we can't add a session ticket later */
++ s->tlsext_ticket_expected = 0;
+ }
+
+ if (s->tlsext_status_expected) {
+@@ -1696,7 +1598,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
#endif
if (!custom_ext_add(s, 1, &ret, limit, al))
return NULL;
@@ -119623,7 +142620,7 @@
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
/*
* Don't use encrypt_then_mac if AEAD or RC4 might want to disable
-@@ -1712,7 +1610,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+@@ -1712,7 +1613,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(0, ret);
}
}
@@ -119631,7 +142628,7 @@
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s2n(TLSEXT_TYPE_extended_master_secret, ret);
s2n(0, ret);
-@@ -1925,9 +1822,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -1925,9 +1825,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
@@ -119641,7 +142638,7 @@
#ifndef OPENSSL_NO_SRP
OPENSSL_free(s->srp_ctx.login);
-@@ -2004,7 +1899,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2004,7 +1902,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
/*
* Although the server_name extension was intended to be
* extensible to new name types, RFC 4366 defined the
@@ -119650,7 +142647,7 @@
* such.
* RFC 6066 corrected the mistake but adding new name types
* is nevertheless no longer feasible, so act as if no other
-@@ -2235,7 +2130,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2235,7 +2133,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
*
* s->new_session will be set on renegotiation, but we
* probably shouldn't rely that it couldn't be set on
@@ -119659,7 +142656,7 @@
* there's some other reason to disallow resuming an
* earlier session -- the current code won't be doing
* anything like that, but this might change).
-@@ -2264,10 +2159,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2264,10 +2162,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
#endif
@@ -119670,7 +142667,7 @@
/*
* Note: extended master secret extension handled in
* tls_check_serverhello_tlsext_early()
-@@ -2337,11 +2230,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt)
+@@ -2337,11 +2233,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt)
*/
static char ssl_next_proto_validate(PACKET *pkt)
{
@@ -119685,7 +142682,7 @@
return 0;
}
-@@ -2367,9 +2260,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2367,9 +2263,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
#endif
@@ -119695,7 +142692,7 @@
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
-@@ -2581,14 +2472,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
+@@ -2581,14 +2475,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
#endif
@@ -119710,7 +142707,7 @@
else if (type == TLSEXT_TYPE_extended_master_secret) {
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit)
-@@ -2737,7 +2626,8 @@ int tls1_set_server_sigalgs(SSL *s)
+@@ -2737,7 +2629,8 @@ int tls1_set_server_sigalgs(SSL *s)
{
int al;
size_t i;
@@ -119720,7 +142717,7 @@
OPENSSL_free(s->cert->shared_sigalgs);
s->cert->shared_sigalgs = NULL;
s->cert->shared_sigalgslen = 0;
-@@ -3075,7 +2965,7 @@ end:
+@@ -3075,7 +2968,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
* tls_decrypt_ticket attempts to decrypt a session ticket.
*
* etick: points to the body of the session ticket extension.
@@ -119729,7 +142726,7 @@
* sess_id: points at the session ID.
* sesslen: the length of the session ID.
* psess: (output) on return, if a ticket was decrypted, then this is set to
-@@ -3126,15 +3016,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+@@ -3126,15 +3019,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
renew_ticket = 1;
} else {
/* Check key name matches */
@@ -119752,7 +142749,7 @@
}
}
diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c
-index 5c0d825..15a4e27 100644
+index 5c0d82537ea9..15a4e27a1540 100644
--- a/ssl/t1_reneg.c
+++ b/ssl/t1_reneg.c
@@ -1,112 +1,12 @@
@@ -119876,7 +142873,7 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index cb22d49..562ac09 100644
+index cb22d49c8216..562ac09e85fc 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1,55 +1,10 @@
@@ -119951,7 +142948,7 @@
{TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
-index cf5ccdc..08e22df 100644
+index cf5ccdca33f4..08e22df3ef54 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -1,60 +1,10 @@
@@ -120022,7 +143019,7 @@
#include <openssl/crypto.h>
diff --git a/test/Makefile.in b/test/Makefile.in
deleted file mode 100644
-index cefcd72..0000000
+index cefcd72ce517..000000000000
--- a/test/Makefile.in
+++ /dev/null
@@ -1,410 +0,0 @@
@@ -120437,10 +143434,10 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
-index b65a0d7..2957d85 100644
+index b65a0d73acce..9cbfbc4f3b95 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
-@@ -59,6 +59,11 @@ The test section supports the following options:
+@@ -59,6 +59,21 @@ First, give your test a name. The names do not have to be unique.
* Protocol - expected negotiated protocol. One of
SSLv3, TLSv1, TLSv1.1, TLSv1.2.
@@ -120449,11 +143446,32 @@
+ - AcceptAll - accepts all certificates.
+ - RejectAll - rejects all certificates.
+
++* ServerName - the server the client is expected to successfully connect to
++ - server1 - the initial context (default)
++ - server2 - the secondary context
++
++* SessionTicketExpected - whether or not a session ticket is expected
++ - Ignore - do not check for a session ticket (default)
++ - Yes - a session ticket is expected
++ - No - a session ticket is not expected
++ - Broken - a special test case where the session ticket callback does not initialize crypto
++
## Configuring the client and server
The client and server configurations can be any valid `SSL_CTX`
+@@ -73,6 +88,10 @@ server => {
+ }
+ ```
+
++A server2 section may optionally be defined to configure a secondary
++context that is selected via the ServerName test option. If the server2
++section is not configured, then the configuration matches server.
++
+ ### Default server and client configurations
+
+ The default server certificate and CA files are added to the configurations
diff --git a/test/aborttest.c b/test/aborttest.c
-index 98aeddf..ba5055e 100644
+index 98aeddfcaf70..ba5055edffcb 100644
--- a/test/aborttest.c
+++ b/test/aborttest.c
@@ -1,11 +1,10 @@
@@ -120472,7 +143490,7 @@
#include <openssl/crypto.h>
diff --git a/test/afalgtest.c b/test/afalgtest.c
-index 80aa1e7..3baced7 100644
+index 80aa1e7550da..3baced72ad77 100644
--- a/test/afalgtest.c
+++ b/test/afalgtest.c
@@ -1,56 +1,12 @@
@@ -120541,7 +143559,7 @@
diff --git a/test/asynciotest.c b/test/asynciotest.c
new file mode 100644
-index 0000000..f80425e
+index 000000000000..f80425eb9284
--- /dev/null
+++ b/test/asynciotest.c
@@ -0,0 +1,380 @@
@@ -120926,7 +143944,7 @@
+ return (retc > 0 && rets > 0) ? 0 : 1;
+}
diff --git a/test/asynctest.c b/test/asynctest.c
-index 4694fda..6728058 100644
+index 4694fda23c98..6728058c361a 100644
--- a/test/asynctest.c
+++ b/test/asynctest.c
@@ -1,58 +1,10 @@
@@ -120994,13 +144012,15 @@
#include <stdio.h>
diff --git a/test/bftest.c b/test/bftest.c
-index b5e6c51..eb8d8a6 100644
+index b5e6c5144dda..eb8d8a6fc22f 100644
--- a/test/bftest.c
+++ b/test/bftest.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -121048,9 +144068,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -121073,7 +144091,7 @@
};
diff --git a/test/bioprinttest.c b/test/bioprinttest.c
new file mode 100644
-index 0000000..c69a79c
+index 000000000000..c69a79c41948
--- /dev/null
+++ b/test/bioprinttest.c
@@ -0,0 +1,225 @@
@@ -121303,13 +144321,15 @@
+
+
diff --git a/test/bntest.c b/test/bntest.c
-index 1ba9032..804406c 100644
+index 1ba903254b9e..763a8c29f974 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -1,59 +1,12 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -121357,9 +144377,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -121373,17 +144391,53 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
+@@ -551,7 +504,7 @@ static void print_word(BIO *bp, BN_ULONG w)
+ int test_div_word(BIO *bp)
+ {
+ BIGNUM *a, *b;
+- BN_ULONG r, s;
++ BN_ULONG r, rmod, s;
+ int i;
+
+ a = BN_new();
+@@ -565,8 +518,14 @@ int test_div_word(BIO *bp)
+
+ s = b->d[0];
+ BN_copy(b, a);
++ rmod = BN_mod_word(b, s);
+ r = BN_div_word(b, s);
+
++ if (rmod != r) {
++ fprintf(stderr, "Mod (word) test failed!\n");
++ return 0;
++ }
++
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
diff --git a/test/build.info b/test/build.info
-index 4fd4d99..84c881e 100644
+index 4fd4d99ece21..e9228d0dced8 100644
--- a/test/build.info
+++ b/test/build.info
-@@ -16,225 +16,242 @@ IF[{- !$disabled{tests} -}]
+@@ -1,4 +1,4 @@
+-{- use File::Spec::Functions qw/catdir rel2abs/; -}
++{- use File::Spec::Functions qw/catdir catfile rel2abs abs2rel updir/; -}
+ IF[{- !$disabled{tests} -}]
+ PROGRAMS=\
+ aborttest \
+@@ -11,230 +11,281 @@ IF[{- !$disabled{tests} -}]
+ mdc2test rmdtest \
+ randtest dhtest enginetest casttest \
+ bftest ssltest_old dsatest exptest rsa_test \
+- evp_test evp_extra_test igetest v3nametest \
++ evp_test evp_extra_test igetest v3nametest v3ext \
+ danetest heartbeat_test p5_crpt2_test \
constant_time_test verify_extra_test clienthellotest \
packettest asynctest secmemtest srptest memleaktest \
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
- ssl_test_ctx_test ssl_test
+ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
-+ bioprinttest
++ bioprinttest getsettest
SOURCE[aborttest]=aborttest.c
- INCLUDE[aborttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
@@ -121565,6 +144619,10 @@
+ INCLUDE[v3nametest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[v3nametest]=../libcrypto
++ SOURCE[v3ext]=v3ext.c
++ INCLUDE[v3ext]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
++ DEPEND[v3ext]=../libcrypto
++
SOURCE[danetest]=danetest.c
- INCLUDE[danetest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ INCLUDE[danetest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
@@ -121676,9 +144734,39 @@
+ SOURCE[bioprinttest]=bioprinttest.c
+ INCLUDE[bioprinttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
+ DEPEND[bioprinttest]=../libcrypto
++ {-
++ use File::Basename;
++ use if $^O ne "VMS", 'File::Glob' => qw/glob/;
++
++ my $includes = join(" ",
++ rel2abs(catdir($builddir,"../include")), "../include");
++ my @nogo_headers = ( "asn1_mac.h",
++ "__decc_include_prologue.h",
++ "__decc_include_epilogue.h" );
++ my @headerfiles = glob catfile($sourcedir,
++ updir(), "include", "openssl", "*.h");
++
++ foreach my $headerfile (@headerfiles) {
++ my $name = basename($headerfile, ".h");
++ next if $disabled{$name};
++ next if grep { $_ eq lc("$name.h") } @nogo_headers;
++ $OUT .= <<"_____";
++
++ PROGRAMS=buildtest_$name
++ GENERATE[buildtest_$name.c]=generate_buildtest.pl $name
++ SOURCE[buildtest_$name]=buildtest_$name.c
++ INCLUDE[buildtest_$name]=$includes
++ DEPEND[buildtest_$name]=../libssl ../libcrypto
++_____
++ }
++ -}
++
++ SOURCE[getsettest]=getsettest.c
++ INCLUDE[getsettest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
++ DEPEND[getsettest]=../libcrypto ../libssl
ENDIF
diff --git a/test/casttest.c b/test/casttest.c
-index 79472d8..c2a0ab5 100644
+index 79472d83e356..c2a0ab584c3b 100644
--- a/test/casttest.c
+++ b/test/casttest.c
@@ -1,58 +1,10 @@
@@ -121746,9 +144834,80 @@
*/
#include <stdio.h>
+diff --git a/test/certs/ee-client-chain.pem b/test/certs/ee-client-chain.pem
+new file mode 100644
+index 000000000000..27652fa29ae8
+--- /dev/null
++++ b/test/certs/ee-client-chain.pem
+@@ -0,0 +1,37 @@
++-----BEGIN CERTIFICATE-----
++MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
++Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy
++dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
++YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
++5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
++Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
++U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
++ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
++iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
++l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
++MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
++MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9
++sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO
++pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh
++A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
++VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
++n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
++IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
++DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
++j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
++n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
++l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
++YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
++ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
++CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
++A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
++KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
++IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
++AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
++8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
++uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
++5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
++-----END CERTIFICATE-----
+diff --git a/test/certs/pathlen.pem b/test/certs/pathlen.pem
+new file mode 100644
+index 000000000000..c0ef75e2824a
+--- /dev/null
++++ b/test/certs/pathlen.pem
+@@ -0,0 +1,22 @@
++-----BEGIN CERTIFICATE-----
++MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
++MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
++QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
++BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
++FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
++AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
++h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
++1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
++mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
++FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
++iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
++0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
++MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
++AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
++dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
++xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
++2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
++8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
++oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
++CA==
++-----END CERTIFICATE-----
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
new file mode 100644
-index 0000000..e892f9d
+index 000000000000..e892f9d5a3f6
--- /dev/null
+++ b/test/cipherlist_test.c
@@ -0,0 +1,212 @@
@@ -121965,7 +145124,7 @@
+ return result;
+}
diff --git a/test/clienthellotest.c b/test/clienthellotest.c
-index 71c6650..1f1d44c 100644
+index 71c6650f780e..1f1d44cc0449 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -1,56 +1,10 @@
@@ -122032,7 +145191,7 @@
#include <string.h>
diff --git a/test/cms-examples.pl b/test/cms-examples.pl
-index 2e95b48..ec1c5fa 100644
+index 2e95b48ba45f..ec1c5fa2cfbd 100644
--- a/test/cms-examples.pl
+++ b/test/cms-examples.pl
@@ -1,54 +1,10 @@
@@ -122097,7 +145256,7 @@
# Perl script to run tests against S/MIME examples in RFC4134
# Assumes RFC is in current directory and called "rfc4134.txt"
diff --git a/test/constant_time_test.c b/test/constant_time_test.c
-index faadcb7..3ee6a81 100644
+index faadcb79b509..3ee6a81d463a 100644
--- a/test/constant_time_test.c
+++ b/test/constant_time_test.c
@@ -1,46 +1,10 @@
@@ -122154,7 +145313,7 @@
#include "internal/constant_time_locl.h"
diff --git a/test/ct_test.c b/test/ct_test.c
-index 8175d16..8000ae6 100644
+index 8175d16c9245..8000ae69a338 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -1,55 +1,10 @@
@@ -122220,34 +145379,34 @@
#include <ctype.h>
diff --git a/test/d2i-tests/bad-int-pad0.der b/test/d2i-tests/bad-int-pad0.der
new file mode 100644
-index 0000000..46f6092
+index 000000000000..46f6092a82cc
Binary files /dev/null and b/test/d2i-tests/bad-int-pad0.der differ
diff --git a/test/d2i-tests/bad-int-padminus1.der b/test/d2i-tests/bad-int-padminus1.der
new file mode 100644
-index 0000000..a4b6bb9
+index 000000000000..a4b6bb97921f
Binary files /dev/null and b/test/d2i-tests/bad-int-padminus1.der differ
diff --git a/test/d2i-tests/bad_bio.der b/test/d2i-tests/bad_bio.der
new file mode 100644
-index 0000000..8681f05
+index 000000000000..8681f0528d97
Binary files /dev/null and b/test/d2i-tests/bad_bio.der differ
diff --git a/test/d2i-tests/high_tag.der b/test/d2i-tests/high_tag.der
new file mode 100644
-index 0000000..5c523ec
+index 000000000000..5c523ecde54f
Binary files /dev/null and b/test/d2i-tests/high_tag.der differ
diff --git a/test/d2i-tests/int0.der b/test/d2i-tests/int0.der
new file mode 100644
-index 0000000..bbfb76b
+index 000000000000..bbfb76b9d33e
Binary files /dev/null and b/test/d2i-tests/int0.der differ
diff --git a/test/d2i-tests/int1.der b/test/d2i-tests/int1.der
new file mode 100644
-index 0000000..26dd6b1
+index 000000000000..26dd6b16d96e
Binary files /dev/null and b/test/d2i-tests/int1.der differ
diff --git a/test/d2i-tests/intminus1.der b/test/d2i-tests/intminus1.der
new file mode 100644
-index 0000000..e7c1cea
+index 000000000000..e7c1cea38cbe
Binary files /dev/null and b/test/d2i-tests/intminus1.der differ
diff --git a/test/d2i_test.c b/test/d2i_test.c
-index 6ffdf55..8c99087 100644
+index 6ffdf5507a4d..8c99087732dd 100644
--- a/test/d2i_test.c
+++ b/test/d2i_test.c
@@ -1,11 +1,10 @@
@@ -122339,10 +145498,10 @@
+ ret = 1;
goto err;
+ }
-+
-+ derlen = ASN1_item_i2d(value, &der, item_type);
- ret = 1;
++ derlen = ASN1_item_i2d(value, &der, item_type);
++
+ if (der == NULL || derlen < 0) {
+ if (expected_error == ASN1_ENCODE)
+ ret = 1;
@@ -122371,10 +145530,9 @@
{
int result = 0;
const char *test_type_name;
--
++ const char *expected_error_string;
+
- if (argc != 3)
-+ const char *expected_error_string;
-+
+ size_t i;
+ static ASN1_ITEM_EXP *items[] = {
+ ASN1_ITEM_ref(ASN1_ANY),
@@ -122399,16 +145557,15 @@
test_type_name = argv[1];
- test_file = argv[2];
--
++ expected_error_string = argv[2];
++ test_file = argv[3];
+
- if (strcmp(test_type_name, "generalname") == 0) {
- item_type = ASN1_ITEM_rptr(GENERAL_NAME);
- } else if (strcmp(test_type_name, "x509") == 0) {
- item_type = ASN1_ITEM_rptr(X509);
- } else {
- fprintf(stderr, "Bad type %s\n", test_type_name);
-+ expected_error_string = argv[2];
-+ test_file = argv[3];
-+
+ for (i = 0; i < OSSL_NELEM(items); i++) {
+ const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
+ if (strcmp(test_type_name, it->sname) == 0) {
@@ -122439,13 +145596,15 @@
}
diff --git a/test/danetest.c b/test/danetest.c
-index 5bca1aa..d473b12 100644
+index 5bca1aaea1df..d473b126894e 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -1,50 +1,10 @@
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++/*
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -122476,9 +145635,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -122557,14 +145714,22 @@
&& PEM_read_bio(fp, &name, &header, &data, &len);
- ++count) {
- const unsigned char *p = data;
--
++ ++count) {
++ const unsigned char *p = data;
+
- if (strcmp(name, PEM_STRING_X509) == 0
- || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
- || strcmp(name, PEM_STRING_X509_OLD) == 0) {
- d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ?
- d2i_X509_AUX : d2i_X509;
- X509 *cert = d(0, &p, len);
--
++ if (strcmp(name, PEM_STRING_X509) == 0
++ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
++ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
++ d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ?
++ d2i_X509_AUX : d2i_X509;
++ X509 *cert = d(0, &p, len);
+
- if (cert == 0 || (p - data) != len)
- errtype = "certificate";
- else if (sk_X509_push(chain, cert) == 0) {
@@ -122575,23 +145740,6 @@
- fprintf(stderr, "unexpected chain file object: %s\n", name);
- goto err;
- }
--
-- /*
-- * If any of these were null, PEM_read() would have failed.
-- */
-- OPENSSL_free(name);
-- OPENSSL_free(header);
-- OPENSSL_free(data);
-+ ++count) {
-+ const unsigned char *p = data;
-+
-+ if (strcmp(name, PEM_STRING_X509) == 0
-+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
-+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
-+ d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ?
-+ d2i_X509_AUX : d2i_X509;
-+ X509 *cert = d(0, &p, len);
-+
+ if (cert == 0 || (p - data) != len)
+ errtype = "certificate";
+ else if (sk_X509_push(chain, cert) == 0) {
@@ -122602,7 +145750,13 @@
+ fprintf(stderr, "unexpected chain file object: %s\n", name);
+ goto err;
+ }
-+
+
+- /*
+- * If any of these were null, PEM_read() would have failed.
+- */
+- OPENSSL_free(name);
+- OPENSSL_free(header);
+- OPENSSL_free(data);
+ /*
+ * If any of these were null, PEM_read() would have failed.
+ */
@@ -122666,14 +145820,33 @@
ctx = SSL_CTX_new(TLS_client_method());
if (SSL_CTX_dane_enable(ctx) <= 0) {
print_errors();
+diff --git a/test/danetest.in b/test/danetest.in
+index 7db0400245c7..485c98657c26 100644
+--- a/test/danetest.in
++++ b/test/danetest.in
+@@ -1,4 +1,12 @@
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++#
+ # Blank and comment lines ignored.
++#
+ # The first line in each block takes the form:
+ #
+ # <TLSA-count> <cert-count> <desired-verify-result> <desired-match-depth>
diff --git a/test/destest.c b/test/destest.c
-index a544f41..389d0c8 100644
+index a544f415260c..877f71d3fb96 100644
--- a/test/destest.c
+++ b/test/destest.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -122721,9 +145894,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -122735,8 +145906,51 @@
*/
#include <stdio.h>
+@@ -83,8 +35,6 @@ int main(int argc, char *argv[])
+ #else
+ # include <openssl/des.h>
+
+-# define crypt(c,s) (DES_crypt((c),(s)))
+-
+ /* tisk tisk - the test keys don't all have odd parity :-( */
+ /* test data */
+ # define NUM_TESTS 34
+@@ -708,16 +658,31 @@ int main(int argc, char *argv[])
+ }
+ printf("\n");
+ printf("fast crypt test ");
+- str = crypt("testing", "ef");
++ str = DES_crypt("testing", "ef");
+ if (strcmp("efGnQx2725bI2", str) != 0) {
+ printf("fast crypt error, %s should be efGnQx2725bI2\n", str);
+ err = 1;
+ }
+- str = crypt("bca76;23", "yA");
++ str = DES_crypt("bca76;23", "yA");
+ if (strcmp("yA1Rp/1hZXIJk", str) != 0) {
+ printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str);
+ err = 1;
+ }
++ str = DES_crypt("testing", "y\202");
++ if (str != NULL) {
++ printf("salt error only usascii are accepted\n");
++ err = 1;
++ }
++ str = DES_crypt("testing", "\0A");
++ if (str != NULL) {
++ printf("salt error cannot contain null terminator\n");
++ err = 1;
++ }
++ str = DES_crypt("testing", "A");
++ if (str != NULL) {
++ printf("salt error must be at least 2\n");
++ err = 1;
++ }
+ printf("\n");
+ return (err);
+ }
diff --git a/test/dhtest.c b/test/dhtest.c
-index fb1c2df..c0551d5 100644
+index fb1c2df23bc3..1dc395b44eba 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -1,58 +1,10 @@
@@ -122804,7 +146018,18 @@
*/
#include <stdio.h>
-@@ -635,7 +587,7 @@ static int run_rfc5114_tests(void)
+@@ -143,10 +95,6 @@ int main(int argc, char *argv[])
+ goto err;
+ bp = bg = NULL;
+
+- /* Set a to run with normal modexp and b to use constant time */
+- DH_clear_flags(a, DH_FLAG_NO_EXP_CONSTTIME);
+- DH_set_flags(b, DH_FLAG_NO_EXP_CONSTTIME);
+-
+ if (!DH_generate_key(a))
+ goto err;
+ DH_get0_key(a, &apub_key, &priv_key);
+@@ -635,7 +583,7 @@ static int run_rfc5114_tests(void)
OPENSSL_free(Z1);
OPENSSL_free(Z2);
@@ -122814,13 +146039,15 @@
return 0;
err:
diff --git a/test/dsatest.c b/test/dsatest.c
-index 1945f35..c64a911 100644
+index 1945f35f5b09..b99c467e1735 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -122868,9 +146095,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -122882,8 +146107,22 @@
*/
#include <stdio.h>
+@@ -195,13 +147,6 @@ int main(int argc, char **argv)
+ goto end;
+ }
+
+- DSA_set_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
+- DSA_generate_key(dsa);
+- DSA_sign(0, str1, 20, sig, &siglen, dsa);
+- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+- ret = 1;
+-
+- DSA_clear_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c
-index 6eb2e5c..cc7e5f7 100644
+index 6eb2e5ccfbb8..cc7e5f788923 100644
--- a/test/dtlsv1listentest.c
+++ b/test/dtlsv1listentest.c
@@ -1,58 +1,10 @@
@@ -122952,7 +146191,7 @@
#include <string.h>
diff --git a/test/dummytest.c b/test/dummytest.c
deleted file mode 100644
-index 25ce77b..0000000
+index 25ce77b2df28..000000000000
--- a/test/dummytest.c
+++ /dev/null
@@ -1,57 +0,0 @@
@@ -123014,7 +146253,7 @@
- return (0);
-}
diff --git a/test/ecdhtest.c b/test/ecdhtest.c
-index 356f3e9..b327847 100644
+index 356f3e939c12..b327847e899b 100644
--- a/test/ecdhtest.c
+++ b/test/ecdhtest.c
@@ -1,3 +1,12 @@
@@ -123091,7 +146330,7 @@
#include <stdio.h>
#include <stdlib.h>
diff --git a/test/ecdhtest_cavs.h b/test/ecdhtest_cavs.h
-index 632d02d..ab3ac22 100644
+index 632d02d69ee2..ab3ac22f2ec7 100644
--- a/test/ecdhtest_cavs.h
+++ b/test/ecdhtest_cavs.h
@@ -1,3 +1,12 @@
@@ -123108,7 +146347,7 @@
#define ECDHTEST_CAVS_H
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
-index f5b753a..932ea3b 100644
+index f5b753a11011..932ea3bff978 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -1,59 +1,12 @@
@@ -123166,8 +146405,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -123178,7 +146418,7 @@
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
diff --git a/test/ectest.c b/test/ectest.c
-index bbc7ed0..98963bb 100644
+index bbc7ed0ac990..f7e55c3b6aee 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1,59 +1,12 @@
@@ -123236,8 +146476,9 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+- *
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
++ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
@@ -123247,8 +146488,244 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
+@@ -248,7 +201,7 @@ static void prime_field_tests(void)
+ EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
+ NULL, *P_384 = NULL, *P_521 = NULL;
+ EC_POINT *P, *Q, *R;
+- BIGNUM *x, *y, *z;
++ BIGNUM *x, *y, *z, *yplusone;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+@@ -326,7 +279,8 @@ static void prime_field_tests(void)
+ x = BN_new();
+ y = BN_new();
+ z = BN_new();
+- if (!x || !y || !z)
++ yplusone = BN_new();
++ if (x == NULL || y == NULL || z == NULL || yplusone == NULL)
+ ABORT;
+
+ if (!BN_hex2bn(&x, "D"))
+@@ -451,6 +405,14 @@ static void prime_field_tests(void)
+ ABORT;
+ if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
+ ABORT;
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
++ ABORT;
+ if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+@@ -522,6 +484,15 @@ static void prime_field_tests(void)
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
++ ABORT;
++
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 192)
+ ABORT;
+@@ -577,6 +548,15 @@ static void prime_field_tests(void)
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
++ ABORT;
++
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 224)
+ ABORT;
+@@ -637,6 +617,15 @@ static void prime_field_tests(void)
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
++ ABORT;
++
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 256)
+ ABORT;
+@@ -692,6 +681,15 @@ static void prime_field_tests(void)
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
++ ABORT;
++
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 384)
+ ABORT;
+@@ -753,6 +751,15 @@ static void prime_field_tests(void)
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
++ ABORT;
++
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 521)
+ ABORT;
+@@ -767,6 +774,10 @@ static void prime_field_tests(void)
+
+ /* more tests using the last curve */
+
++ /* Restore the point that got mangled in the (x, y + 1) test. */
++ if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
++ ABORT;
++
+ if (!EC_POINT_copy(Q, P))
+ ABORT;
+ if (EC_POINT_is_at_infinity(group, Q))
+@@ -876,6 +887,7 @@ static void prime_field_tests(void)
+ BN_free(x);
+ BN_free(y);
+ BN_free(z);
++ BN_free(yplusone);
+
+ EC_GROUP_free(P_160);
+ EC_GROUP_free(P_192);
+@@ -890,6 +902,13 @@ static void prime_field_tests(void)
+ # ifdef OPENSSL_EC_BIN_PT_COMP
+ # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&x, _x)) ABORT; \
++ if (!BN_hex2bn(&y, _y)) ABORT; \
++ if (!BN_add(yplusone, y, BN_value_one())) ABORT; \
++ /* \
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
++ * and therefore setting the coordinates should fail. \
++ */ \
++ if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
+ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+ if (!BN_hex2bn(&z, _order)) ABORT; \
+@@ -908,6 +927,12 @@ static void prime_field_tests(void)
+ # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&x, _x)) ABORT; \
+ if (!BN_hex2bn(&y, _y)) ABORT; \
++ if (!BN_add(yplusone, y, BN_value_one())) ABORT; \
++ /* \
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
++ * and therefore setting the coordinates should fail. \
++ */ \
++ if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+ if (!BN_hex2bn(&z, _order)) ABORT; \
+@@ -945,7 +970,7 @@ static void char2_field_tests(void)
+ EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
+ NULL, *C2_B571 = NULL;
+ EC_POINT *P, *Q, *R;
+- BIGNUM *x, *y, *z, *cof;
++ BIGNUM *x, *y, *z, *cof, *yplusone;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+@@ -957,7 +982,7 @@ static void char2_field_tests(void)
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+- if (!p || !a || !b)
++ if (p == NULL || a == NULL || b == NULL)
+ ABORT;
+
+ if (!BN_hex2bn(&p, "13"))
+@@ -1023,7 +1048,8 @@ static void char2_field_tests(void)
+ y = BN_new();
+ z = BN_new();
+ cof = BN_new();
+- if (!x || !y || !z || !cof)
++ yplusone = BN_new();
++ if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL)
+ ABORT;
+
+ if (!BN_hex2bn(&x, "6"))
+@@ -1351,6 +1377,7 @@ static void char2_field_tests(void)
+ BN_free(y);
+ BN_free(z);
+ BN_free(cof);
++ BN_free(yplusone);
+
+ EC_GROUP_free(C2_K163);
+ EC_GROUP_free(C2_B163);
+@@ -1527,7 +1554,7 @@ static const struct nistp_test_params nistp_tests_params[] = {
+ static void nistp_single_test(const struct nistp_test_params *test)
+ {
+ BN_CTX *ctx;
+- BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
++ BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone;
+ EC_GROUP *NISTP;
+ EC_POINT *G, *P, *Q, *Q_CHECK;
+
+@@ -1542,6 +1569,7 @@ static void nistp_single_test(const struct nistp_test_params *test)
+ m = BN_new();
+ n = BN_new();
+ order = BN_new();
++ yplusone = BN_new();
+
+ NISTP = EC_GROUP_new(test->meth());
+ if (!NISTP)
+@@ -1564,6 +1592,14 @@ static void nistp_single_test(const struct nistp_test_params *test)
+ ABORT;
+ if (!BN_hex2bn(&y, test->Qy))
+ ABORT;
++ if (!BN_add(yplusone, y, BN_value_one()))
++ ABORT;
++ /*
++ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
++ * and therefore setting the coordinates should fail.
++ */
++ if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx))
++ ABORT;
+ if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
+ ABORT;
+ if (!BN_hex2bn(&x, test->Gx))
+@@ -1662,6 +1698,7 @@ static void nistp_single_test(const struct nistp_test_params *test)
+ BN_free(x);
+ BN_free(y);
+ BN_free(order);
++ BN_free(yplusone);
+ BN_CTX_free(ctx);
+ }
+
diff --git a/test/enginetest.c b/test/enginetest.c
-index 873b4ea..21cd20a 100644
+index 873b4eaaad42..21cd20af050f 100644
--- a/test/enginetest.c
+++ b/test/enginetest.c
@@ -1,59 +1,10 @@
@@ -123317,7 +146794,7 @@
#include <stdio.h>
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
-index dbcfb7c..9217f3a 100644
+index dbcfb7cbb703..9217f3ae516d 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1,69 +1,10 @@
@@ -123397,7 +146874,7 @@
#include <stdio.h>
diff --git a/test/evp_test.c b/test/evp_test.c
-index 56c821b..f820e25 100644
+index 56c821bd9ef7..f820e2537dbc 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1,54 +1,10 @@
@@ -123407,7 +146884,8 @@
- */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
@@ -123433,8 +146911,7 @@
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
@@ -123621,8 +147098,25 @@
return 1;
}
+diff --git a/test/evptests.txt b/test/evptests.txt
+index fb94416e60f6..93199b9c6a65 100644
+--- a/test/evptests.txt
++++ b/test/evptests.txt
+@@ -1,3 +1,12 @@
++#!/bin/sh
++#
++# Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
+ #cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+ #aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt)
+ #digest:::input:output
diff --git a/test/exdatatest.c b/test/exdatatest.c
-index 96105bb..8e35068 100644
+index 96105bbf4f46..8e3506840613 100644
--- a/test/exdatatest.c
+++ b/test/exdatatest.c
@@ -1,56 +1,12 @@
@@ -123690,13 +147184,15 @@
#include <assert.h>
#include <string.h>
diff --git a/test/exptest.c b/test/exptest.c
-index 6880268..f7df9cf 100644
+index 68802683b7e2..f7df9cf16526 100644
--- a/test/exptest.c
+++ b/test/exptest.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -123744,9 +147240,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -123758,8 +147252,41 @@
*/
#include <stdio.h>
+diff --git a/test/generate_buildtest.pl b/test/generate_buildtest.pl
+new file mode 100644
+index 000000000000..7921021e45e2
+--- /dev/null
++++ b/test/generate_buildtest.pl
+@@ -0,0 +1,27 @@
++#! /usr/bin/env perl
++# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++use warnings;
++
++# First argument is name;
++my $name = shift @ARGV;
++# All other arguments are ignored for now
++
++print <<"_____";
++/*
++ * Generated with test/generate_buildtest.pl, to check that such a simple
++ * program builds.
++ */
++#include <openssl/$name.h>
++
++int main()
++{
++ return 0;
++}
++_____
diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl
-index 713fb3f..ac584fd 100644
+index 713fb3f7c226..db8fc74d44f9 100644
--- a/test/generate_ssl_tests.pl
+++ b/test/generate_ssl_tests.pl
@@ -1,5 +1,10 @@
@@ -123775,8 +147302,117 @@
## SSL testcase generator
+@@ -38,6 +43,12 @@ sub print_templates {
+ # Add the implicit base configuration.
+ foreach my $test (@ssltests::tests) {
+ $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
++ # use server values if server2 is not defined
++ if (defined $test->{"server2"}) {
++ $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
++ } else {
++ $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server"}}) };
++ }
+ $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
+ }
+
+diff --git a/test/getsettest.c b/test/getsettest.c
+new file mode 100644
+index 000000000000..97d1b357cc97
+--- /dev/null
++++ b/test/getsettest.c
+@@ -0,0 +1,90 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <openssl/opensslconf.h>
++#include <openssl/bio.h>
++#include <openssl/crypto.h>
++#include <openssl/ssl.h>
++
++
++int main(int argc, char *argv[])
++{
++ SSL_CTX *ctx = NULL;
++ SSL *con = NULL;
++ BIO *err;
++ int testresult = 0;
++
++ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
++
++ CRYPTO_set_mem_debug(1);
++ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
++
++ /* Test tlsext_status_type */
++ ctx = SSL_CTX_new(TLS_method());
++
++ if (SSL_CTX_get_tlsext_status_type(ctx) != -1) {
++ printf("Unexpected initial value for "
++ "SSL_CTX_get_tlsext_status_type()\n");
++ goto end;
++ }
++
++ con = SSL_new(ctx);
++
++ if (SSL_get_tlsext_status_type(con) != -1) {
++ printf("Unexpected initial value for SSL_get_tlsext_status_type()\n");
++ goto end;
++ }
++
++ if (!SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp)) {
++ printf("Unexpected fail for SSL_set_tlsext_status_type()\n");
++ goto end;
++ }
++
++ if (SSL_get_tlsext_status_type(con) != TLSEXT_STATUSTYPE_ocsp) {
++ printf("Unexpected result for SSL_get_tlsext_status_type()\n");
++ goto end;
++ }
++
++ SSL_free(con);
++ con = NULL;
++
++ if (!SSL_CTX_set_tlsext_status_type(ctx, TLSEXT_STATUSTYPE_ocsp)) {
++ printf("Unexpected fail for SSL_CTX_set_tlsext_status_type()\n");
++ goto end;
++ }
++
++ if (SSL_CTX_get_tlsext_status_type(ctx) != TLSEXT_STATUSTYPE_ocsp) {
++ printf("Unexpected result for SSL_CTX_get_tlsext_status_type()\n");
++ goto end;
++ }
++
++ con = SSL_new(ctx);
++
++ if (SSL_get_tlsext_status_type(con) != TLSEXT_STATUSTYPE_ocsp) {
++ printf("Unexpected result for SSL_get_tlsext_status_type() (test 2)\n");
++ goto end;
++ }
++
++ testresult = 1;
++
++ end:
++ SSL_free(con);
++ SSL_CTX_free(ctx);
++
++#ifndef OPENSSL_NO_CRYPTO_MDEBUG
++ if (CRYPTO_mem_leaks(err) <= 0)
++ testresult = 0;
++#endif
++ BIO_free(err);
++
++ if (testresult)
++ printf("PASS\n");
++
++ return testresult?0:1;
++}
diff --git a/test/gmdifftest.c b/test/gmdifftest.c
-index 57c6a3d..73c910d 100644
+index 57c6a3d39416..73c910dd2fbe 100644
--- a/test/gmdifftest.c
+++ b/test/gmdifftest.c
@@ -1,55 +1,10 @@
@@ -123842,7 +147478,7 @@
#include <openssl/crypto.h>
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
-index 4682d45..8f1359e 100644
+index 4682d45bfb40..f7ab841f57fa 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -1,16 +1,16 @@
@@ -123866,7 +147502,15 @@
#include <openssl/ssl.h>
#include "handshake_helper.h"
-@@ -40,6 +40,37 @@ static void info_callback(const SSL *s, int where, int ret)
+@@ -23,6 +23,7 @@
+ typedef struct handshake_ex_data {
+ int alert_sent;
+ int alert_received;
++ int session_ticket_do_not_call;
+ } HANDSHAKE_EX_DATA;
+
+ static int ex_data_idx;
+@@ -40,6 +41,65 @@ static void info_callback(const SSL *s, int where, int ret)
}
}
@@ -123879,12 +147523,27 @@
+ return 1;
+}
+
++static int broken_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv,
++ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
++{
++ return 0;
++}
++
++int do_not_call_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv,
++ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
++{
++ HANDSHAKE_EX_DATA *ex_data =
++ (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
++ ex_data->session_ticket_do_not_call = 1;
++ return 0;
++}
++
+/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
+ */
-+static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
-+ const SSL_TEST_CTX *test_ctx)
++static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
++ const SSL_TEST_CTX *test_ctx)
+{
+ switch (test_ctx->client_verify_callback) {
+ case SSL_TEST_VERIFY_ACCEPT_ALL:
@@ -123898,13 +147557,26 @@
+ default:
+ break;
+ }
++ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
++ SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_callback);
++ }
+}
+
++/*
++ * Configure callbacks and other properties that can't be set directly
++ * in the server/client CONF.
++ */
++static void configure_handshake_ssl(SSL *server, SSL *client,
++ const SSL_TEST_CTX *test_ctx)
++{
++ SSL_set_tlsext_host_name(client, ssl_servername_name(test_ctx->servername));
++}
+
++
typedef enum {
PEER_SUCCESS,
PEER_RETRY,
-@@ -139,7 +170,8 @@ static handshake_status_t handshake_status(peer_status_t last_status,
+@@ -139,7 +199,8 @@ static handshake_status_t handshake_status(peer_status_t last_status,
return INTERNAL_ERROR;
}
@@ -123914,17 +147586,44 @@
{
SSL *server, *client;
BIO *client_to_server, *server_to_client;
-@@ -149,6 +181,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+@@ -148,11 +209,18 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+ int client_turn = 1;
peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
handshake_status_t status = HANDSHAKE_RETRY;
++ unsigned char* tick = NULL;
++ size_t len = 0;
++ SSL_SESSION* sess = NULL;
++
++ configure_handshake_ctx(server_ctx, client_ctx, test_ctx);
-+ configure_handshake(server_ctx, client_ctx, test_ctx);
-+
server = SSL_new(server_ctx);
client = SSL_new(client_ctx);
OPENSSL_assert(server != NULL && client != NULL);
+
++ configure_handshake_ssl(server, client, test_ctx);
++
+ memset(&server_ex_data, 0, sizeof(server_ex_data));
+ memset(&client_ex_data, 0, sizeof(client_ex_data));
+ memset(&ret, 0, sizeof(ret));
+@@ -232,6 +300,16 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
+ ret.client_alert_received = server_ex_data.alert_received;
+ ret.server_protocol = SSL_version(server);
+ ret.client_protocol = SSL_version(client);
++ ret.servername = ((SSL_get_SSL_CTX(server) == server_ctx)
++ ? SSL_TEST_SERVERNAME_SERVER1
++ : SSL_TEST_SERVERNAME_SERVER2);
++ if ((sess = SSL_get0_session(client)) != NULL)
++ SSL_SESSION_get0_ticket(sess, &tick, &len);
++ if (tick == NULL || len == 0)
++ ret.session_ticket = SSL_TEST_SESSION_TICKET_NO;
++ else
++ ret.session_ticket = SSL_TEST_SESSION_TICKET_YES;
++ ret.session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
+
+ SSL_free(server);
+ SSL_free(client);
diff --git a/test/handshake_helper.h b/test/handshake_helper.h
-index 56dfb19..7f7484a 100644
+index 56dfb197e21a..d04655a9ed9d 100644
--- a/test/handshake_helper.h
+++ b/test/handshake_helper.h
@@ -1,11 +1,10 @@
@@ -123942,17 +147641,29 @@
*/
#ifndef HEADER_HANDSHAKE_HELPER_H
-@@ -30,6 +29,7 @@ typedef struct handshake_result {
+@@ -27,9 +26,19 @@ typedef struct handshake_result {
+ /* Negotiated protocol. On success, these should always match. */
+ int server_protocol;
+ int client_protocol;
++ /* Server connection */
++ int servername;
++ /* Session ticket status */
++ int session_ticket;
++ /* Was this called on the second context? */
++ int session_ticket_do_not_call;
} HANDSHAKE_RESULT;
/* Do a handshake and report some information about the result. */
-HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx);
+HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx,
+ const SSL_TEST_CTX *test_ctx);
++
++int do_not_call_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv,
++ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc);
#endif /* HEADER_HANDSHAKE_HELPER_H */
diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c
-index 2fda576..906736c 100644
+index 2fda5769786b..906736c37e56 100644
--- a/test/heartbeat_test.c
+++ b/test/heartbeat_test.c
@@ -1,3 +1,12 @@
@@ -123978,7 +147689,7 @@
test_case_name);
setup_ok = 0;
diff --git a/test/hmactest.c b/test/hmactest.c
-index 2ceec5f..145c467 100644
+index 2ceec5fa6d9b..145c467e5022 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -1,58 +1,10 @@
@@ -124047,7 +147758,7 @@
#include <stdio.h>
diff --git a/test/ideatest.c b/test/ideatest.c
-index 0f68ebd..3849670 100644
+index 0f68ebd33ffc..38496700938f 100644
--- a/test/ideatest.c
+++ b/test/ideatest.c
@@ -1,58 +1,10 @@
@@ -124116,7 +147827,7 @@
#include <stdio.h>
diff --git a/test/igetest.c b/test/igetest.c
-index aca8f85..1245860 100644
+index aca8f8593816..1245860a5a62 100644
--- a/test/igetest.c
+++ b/test/igetest.c
@@ -1,51 +1,10 @@
@@ -124178,7 +147889,7 @@
#include <openssl/crypto.h>
diff --git a/test/md2test.c b/test/md2test.c
-index ccf4659..5d94e5f 100644
+index ccf46593d06b..5d94e5f88ad5 100644
--- a/test/md2test.c
+++ b/test/md2test.c
@@ -1,58 +1,10 @@
@@ -124247,7 +147958,7 @@
#include <stdio.h>
diff --git a/test/md4test.c b/test/md4test.c
-index d7168a1..9c2e7fd 100644
+index d7168a1f2992..9c2e7fde0c90 100644
--- a/test/md4test.c
+++ b/test/md4test.c
@@ -1,58 +1,10 @@
@@ -124316,7 +148027,7 @@
#include <stdio.h>
diff --git a/test/md5test.c b/test/md5test.c
-index 2c75890..f39b907 100644
+index 2c758900143a..f39b907dcf74 100644
--- a/test/md5test.c
+++ b/test/md5test.c
@@ -1,58 +1,10 @@
@@ -124385,7 +148096,7 @@
#include <stdio.h>
diff --git a/test/mdc2test.c b/test/mdc2test.c
-index 2177a0e..dc8dd58 100644
+index 2177a0ef6d15..dc8dd58d786d 100644
--- a/test/mdc2test.c
+++ b/test/mdc2test.c
@@ -1,58 +1,10 @@
@@ -124463,7 +148174,7 @@
# ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, strlen(text));
diff --git a/test/memleaktest.c b/test/memleaktest.c
-index f894590..2b23df7 100644
+index f8945904ac24..2b23df788b93 100644
--- a/test/memleaktest.c
+++ b/test/memleaktest.c
@@ -1,55 +1,10 @@
@@ -124529,7 +148240,7 @@
#include <stdio.h>
diff --git a/test/methtest.c b/test/methtest.c
-index efec154..11aa233 100644
+index efec15468f03..11aa2335b776 100644
--- a/test/methtest.c
+++ b/test/methtest.c
@@ -1,58 +1,10 @@
@@ -124598,7 +148309,7 @@
#include <stdio.h>
diff --git a/test/nptest.c b/test/nptest.c
-index 9528851..62dd271 100644
+index 952885195f05..62dd27135d0f 100644
--- a/test/nptest.c
+++ b/test/nptest.c
@@ -1,58 +1,12 @@
@@ -124667,7 +148378,7 @@
#include <string.h>
diff --git a/test/p5_crpt2_test.c b/test/p5_crpt2_test.c
-index da45f70..5785519 100644
+index da45f70f7c53..5785519aa107 100644
--- a/test/p5_crpt2_test.c
+++ b/test/p5_crpt2_test.c
@@ -1,50 +1,10 @@
@@ -124727,13 +148438,19 @@
#include <stdio.h>
diff --git a/test/packettest.c b/test/packettest.c
-index 57ef51b..58fc752 100644
+index 57ef51bcf26d..58fc7525fb4b 100644
--- a/test/packettest.c
+++ b/test/packettest.c
-@@ -1,61 +1,12 @@
+@@ -1,60 +1,11 @@
/*
- * Written by Matt Caswell for the OpenSSL project.
-- */
++ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
+ */
-/* ====================================================================
- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
- *
@@ -124785,20 +148502,14 @@
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
+- *
+- */
+-
--
#include "../ssl/packet_locl.h"
- #define BUF_LEN 255
diff --git a/test/pbelutest.c b/test/pbelutest.c
-index dafae78..e226d43 100644
+index dafae78ff779..e226d43f2629 100644
--- a/test/pbelutest.c
+++ b/test/pbelutest.c
@@ -1,55 +1,10 @@
@@ -124864,7 +148575,7 @@
#include <openssl/evp.h>
diff --git a/test/pkits-test.pl b/test/pkits-test.pl
-index 5c6b89f..ae7279c 100644
+index 5c6b89fcdb0a..ae7279cf2ea2 100644
--- a/test/pkits-test.pl
+++ b/test/pkits-test.pl
@@ -1,54 +1,10 @@
@@ -124929,7 +148640,7 @@
# Perl utility to run PKITS tests for RFC3280 compliance.
diff --git a/test/r160test.c b/test/r160test.c
-index b99fa3a..06033eb 100644
+index b99fa3a3c52e..06033eb91f83 100644
--- a/test/r160test.c
+++ b/test/r160test.c
@@ -1,56 +1,9 @@
@@ -124997,7 +148708,7 @@
*/
+
diff --git a/test/randtest.c b/test/randtest.c
-index dc0e84d..9f7a037 100644
+index dc0e84d7a9b1..9f7a0371a67d 100644
--- a/test/randtest.c
+++ b/test/randtest.c
@@ -1,58 +1,10 @@
@@ -125066,13 +148777,15 @@
#include <stdio.h>
diff --git a/test/rc2test.c b/test/rc2test.c
-index 3890cf0..2d0a01d 100644
+index 3890cf0d3951..2d0a01d59614 100644
--- a/test/rc2test.c
+++ b/test/rc2test.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -125120,9 +148833,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -125135,7 +148846,7 @@
/*
diff --git a/test/rc4test.c b/test/rc4test.c
-index 271fcf1..7a77b82 100644
+index 271fcf1580be..7a77b821927e 100644
--- a/test/rc4test.c
+++ b/test/rc4test.c
@@ -1,58 +1,10 @@
@@ -125204,13 +148915,15 @@
#include <stdio.h>
diff --git a/test/rc5test.c b/test/rc5test.c
-index bb66154..6567bcb 100644
+index bb66154e25c5..6567bcb4354a 100644
--- a/test/rc5test.c
+++ b/test/rc5test.c
@@ -1,58 +1,10 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
-- *
++/*
++ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
@@ -125258,9 +148971,7 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
@@ -125273,7 +148984,7 @@
/*
diff --git a/test/recipes/01-test_abort.t b/test/recipes/01-test_abort.t
-index 4a6cf97..2f121e2 100644
+index 4a6cf9798344..2f121e25bf1b 100644
--- a/test/recipes/01-test_abort.t
+++ b/test/recipes/01-test_abort.t
@@ -1,4 +1,11 @@
@@ -125290,7 +149001,7 @@
use OpenSSL::Test;
diff --git a/test/recipes/01-test_ordinals.t b/test/recipes/01-test_ordinals.t
-index 070181d..473d05b 100755
+index 070181d9a6a3..473d05b01446 100755
--- a/test/recipes/01-test_ordinals.t
+++ b/test/recipes/01-test_ordinals.t
@@ -1,56 +1,10 @@
@@ -125358,7 +149069,7 @@
use OpenSSL::Test qw/:DEFAULT srctop_file/;
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
new file mode 100644
-index 0000000..619519c
+index 000000000000..32827f573e76
--- /dev/null
+++ b/test/recipes/01-test_symbol_presence.t
@@ -0,0 +1,115 @@
@@ -125421,7 +149132,7 @@
+ note "Number of lines in \@def_lines before massaging: ", scalar @def_lines;
+
+ # Massage the nm output to only contain defined symbols
-+ @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDT] .*|, @nm_lines);
++ @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines);
+
+ # Massage the mkdef.pl output to only contain global symbols
+ # The output we got is in Unix .map format, which has a global
@@ -125478,7 +149189,7 @@
+ }
+}
diff --git a/test/recipes/05-test_bf.t b/test/recipes/05-test_bf.t
-index 4794bf0..64c9609 100644
+index 4794bf0d842d..64c960953573 100644
--- a/test/recipes/05-test_bf.t
+++ b/test/recipes/05-test_bf.t
@@ -1,4 +1,11 @@
@@ -125495,7 +149206,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_cast.t b/test/recipes/05-test_cast.t
-index 621e1ae..46c61da 100644
+index 621e1ae739aa..46c61dacb346 100644
--- a/test/recipes/05-test_cast.t
+++ b/test/recipes/05-test_cast.t
@@ -1,4 +1,11 @@
@@ -125512,7 +149223,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_des.t b/test/recipes/05-test_des.t
-index 71de4b4..2e6a32b 100644
+index 71de4b47a202..2e6a32ba5d70 100644
--- a/test/recipes/05-test_des.t
+++ b/test/recipes/05-test_des.t
@@ -1,4 +1,11 @@
@@ -125529,7 +149240,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_hmac.t b/test/recipes/05-test_hmac.t
-index ba7a92b..2059bcc 100644
+index ba7a92b931b7..2059bcc8c735 100644
--- a/test/recipes/05-test_hmac.t
+++ b/test/recipes/05-test_hmac.t
@@ -1,4 +1,11 @@
@@ -125546,7 +149257,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_idea.t b/test/recipes/05-test_idea.t
-index c43ba5c..ca2b767 100644
+index c43ba5c1adc5..ca2b76759cab 100644
--- a/test/recipes/05-test_idea.t
+++ b/test/recipes/05-test_idea.t
@@ -1,4 +1,11 @@
@@ -125563,7 +149274,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_md2.t b/test/recipes/05-test_md2.t
-index 2175c5f..8781af0 100644
+index 2175c5f41c1a..8781af0e9370 100644
--- a/test/recipes/05-test_md2.t
+++ b/test/recipes/05-test_md2.t
@@ -1,4 +1,11 @@
@@ -125580,7 +149291,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_md4.t b/test/recipes/05-test_md4.t
-index 2337223..59a815b 100644
+index 2337223b47df..59a815bdd421 100644
--- a/test/recipes/05-test_md4.t
+++ b/test/recipes/05-test_md4.t
@@ -1,4 +1,11 @@
@@ -125597,7 +149308,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_md5.t b/test/recipes/05-test_md5.t
-index e9331e2..3af4d55 100644
+index e9331e24c5f5..3af4d5504bfa 100644
--- a/test/recipes/05-test_md5.t
+++ b/test/recipes/05-test_md5.t
@@ -1,4 +1,11 @@
@@ -125614,7 +149325,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_mdc2.t b/test/recipes/05-test_mdc2.t
-index 23e904c..181c90f 100644
+index 23e904c292e3..181c90f1aa92 100644
--- a/test/recipes/05-test_mdc2.t
+++ b/test/recipes/05-test_mdc2.t
@@ -1,4 +1,11 @@
@@ -125631,7 +149342,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t
-index afa66a6..3b175fa 100644
+index afa66a666dda..3b175fac24a1 100644
--- a/test/recipes/05-test_rand.t
+++ b/test/recipes/05-test_rand.t
@@ -1,4 +1,11 @@
@@ -125648,7 +149359,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_rc2.t b/test/recipes/05-test_rc2.t
-index 423b3b7..77d9382 100644
+index 423b3b7949b1..77d9382997a3 100644
--- a/test/recipes/05-test_rc2.t
+++ b/test/recipes/05-test_rc2.t
@@ -1,4 +1,10 @@
@@ -125664,7 +149375,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_rc4.t b/test/recipes/05-test_rc4.t
-index a16455f..a26c9b8 100644
+index a16455fe1fc3..a26c9b8e5662 100644
--- a/test/recipes/05-test_rc4.t
+++ b/test/recipes/05-test_rc4.t
@@ -1,4 +1,10 @@
@@ -125680,7 +149391,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_rc5.t b/test/recipes/05-test_rc5.t
-index 4c5390a..fda0cd2 100644
+index 4c5390a9c03f..fda0cd2e0e06 100644
--- a/test/recipes/05-test_rc5.t
+++ b/test/recipes/05-test_rc5.t
@@ -1,4 +1,11 @@
@@ -125697,7 +149408,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_rmd.t b/test/recipes/05-test_rmd.t
-index 7ad91c4..b1112e1 100644
+index 7ad91c4ae4e2..b1112e13fb1f 100644
--- a/test/recipes/05-test_rmd.t
+++ b/test/recipes/05-test_rmd.t
@@ -1,4 +1,11 @@
@@ -125714,7 +149425,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_sha1.t b/test/recipes/05-test_sha1.t
-index 310022e..21bb74e 100644
+index 310022e604bc..21bb74edcc2c 100644
--- a/test/recipes/05-test_sha1.t
+++ b/test/recipes/05-test_sha1.t
@@ -1,4 +1,11 @@
@@ -125731,7 +149442,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_sha256.t b/test/recipes/05-test_sha256.t
-index 02058c7..071a45c 100644
+index 02058c748fa7..071a45c68c13 100644
--- a/test/recipes/05-test_sha256.t
+++ b/test/recipes/05-test_sha256.t
@@ -1,4 +1,11 @@
@@ -125748,7 +149459,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_sha512.t b/test/recipes/05-test_sha512.t
-index 6522ddd..4ce585c 100644
+index 6522ddd6b7c0..4ce585ce9b5c 100644
--- a/test/recipes/05-test_sha512.t
+++ b/test/recipes/05-test_sha512.t
@@ -1,4 +1,11 @@
@@ -125765,7 +149476,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/05-test_wp.t b/test/recipes/05-test_wp.t
-index e745f23..a042898 100644
+index e745f230f2ce..a042898f38cd 100644
--- a/test/recipes/05-test_wp.t
+++ b/test/recipes/05-test_wp.t
@@ -1,4 +1,11 @@
@@ -125782,7 +149493,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/10-test_bn.t b/test/recipes/10-test_bn.t
-index 7e728f4..e35498d 100644
+index 7e728f4e1684..13f278e703a3 100644
--- a/test/recipes/10-test_bn.t
+++ b/test/recipes/10-test_bn.t
@@ -1,4 +1,11 @@
@@ -125798,8 +149509,19 @@
use strict;
use warnings;
+@@ -57,7 +64,9 @@ my $init = ok(run(test(["bntest"], stdout => $testresults)), 'initialize');
+ last unless $l;
+ }
+ };
+-}
++ }
++
++unlink $testresults;
+
+ sub check_operations {
+ my $failcount = 0;
diff --git a/test/recipes/10-test_exp.t b/test/recipes/10-test_exp.t
-index b8083e7..7e999c4 100644
+index b8083e7ad563..7e999c4ac760 100644
--- a/test/recipes/10-test_exp.t
+++ b/test/recipes/10-test_exp.t
@@ -1,4 +1,11 @@
@@ -125816,7 +149538,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/15-test_dh.t b/test/recipes/15-test_dh.t
-index 35e9564..60cb54c 100644
+index 35e9564438a1..60cb54c0afd1 100644
--- a/test/recipes/15-test_dh.t
+++ b/test/recipes/15-test_dh.t
@@ -1,4 +1,11 @@
@@ -125833,7 +149555,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/15-test_dsa.t b/test/recipes/15-test_dsa.t
-index 22f971c..bf3b0d3 100644
+index 22f971cebf1a..bf3b0d376a3d 100644
--- a/test/recipes/15-test_dsa.t
+++ b/test/recipes/15-test_dsa.t
@@ -1,4 +1,11 @@
@@ -125850,7 +149572,7 @@
use strict;
use warnings;
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
-index 48b8ce8..a1c704a 100644
+index 48b8ce8cda22..a1c704a3f08b 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -1,4 +1,11 @@
@@ -125867,7 +149589,7 @@
use strict;
use warnings;
diff --git a/test/recipes/15-test_ecdh.t b/test/recipes/15-test_ecdh.t
-index acccea8..f11cd06 100644
+index acccea83ba73..f11cd06c9f4f 100644
--- a/test/recipes/15-test_ecdh.t
+++ b/test/recipes/15-test_ecdh.t
@@ -1,4 +1,11 @@
@@ -125884,7 +149606,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/15-test_ecdsa.t b/test/recipes/15-test_ecdsa.t
-index 992bb96..82a8559 100644
+index 992bb966bd35..82a85594c33d 100644
--- a/test/recipes/15-test_ecdsa.t
+++ b/test/recipes/15-test_ecdsa.t
@@ -1,4 +1,11 @@
@@ -125901,7 +149623,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
-index 42bba1d..07746f4 100644
+index 42bba1d0baed..07746f47f645 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -1,4 +1,11 @@
@@ -125918,7 +149640,7 @@
use strict;
use warnings;
diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t
-index 2efcf70..88a5890 100644
+index 2efcf7002064..88a589041a01 100644
--- a/test/recipes/20-test_enc.t
+++ b/test/recipes/20-test_enc.t
@@ -1,4 +1,11 @@
@@ -125935,7 +149657,7 @@
use strict;
use warnings;
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
-index 8650bfc..f708ea8 100644
+index 8650bfc9f936..f708ea8ad9ed 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -1,4 +1,11 @@
@@ -125952,7 +149674,7 @@
use strict;
use warnings;
diff --git a/test/recipes/25-test_d2i.t b/test/recipes/25-test_d2i.t
-index a9c259d..77afe3f 100644
+index a9c259d118a4..77afe3fb9f80 100644
--- a/test/recipes/25-test_d2i.t
+++ b/test/recipes/25-test_d2i.t
@@ -1,4 +1,11 @@
@@ -126040,24 +149762,57 @@
+ srctop_file('test','d2i-tests','bad-int-padminus1.der')])),
+ "Running d2i_test bad-int-padminus1.der INTEGER");
diff --git a/test/recipes/25-test_gen.t b/test/recipes/25-test_gen.t
-index ce4a5ee..6eac7ca 100644
+deleted file mode 100644
+index ce4a5ee26017..000000000000
--- a/test/recipes/25-test_gen.t
-+++ b/test/recipes/25-test_gen.t
-@@ -1,4 +1,11 @@
++++ /dev/null
+@@ -1,44 +0,0 @@
-#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
+-
+-use strict;
+-use warnings;
+-
+-use File::Spec;
+-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+-use OpenSSL::Test::Utils;
+-
+-setup("test_gen");
+-
+-plan tests => 1;
+-
+-my $T = "testcert";
+-my $KEY = 512;
+-my $CA = srctop_file("certs", "testca.pem");
+-
+-unlink "$T.1", "$T.2", "$T.key";
+-open RND, ">>", ".rnd";
+-print RND "string to make the random number generator think it has entropy";
+-close RND;
+-
+-subtest "generating certificate requests" => sub {
+- my @req_new;
+- if (disabled("rsa")) {
+- @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
+- } else {
+- @req_new = ("-new");
+- note("There should be a 2 sequences of .'s and some +'s.");
+- note("There should not be more that at most 80 per line");
+- }
+-
+- unlink "testkey.pem", "testreq.pem";
+-
+- plan tests => 2;
+-
+- ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+- @req_new, "-out", "testreq.pem"])),
+- "Generating request");
+-
+- ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+- "-verify", "-in", "testreq.pem", "-noout"])),
+- "Verifying signature on request");
+-};
diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
-index 6e9b397..724326b 100644
+index 6e9b39717576..724326babe72 100644
--- a/test/recipes/25-test_pkcs7.t
+++ b/test/recipes/25-test_pkcs7.t
@@ -1,4 +1,11 @@
@@ -126074,10 +149829,10 @@
use strict;
use warnings;
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
-index fac9771..d5eb29b 100644
+index fac97719e6a9..bcc10257d468 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
-@@ -1,4 +1,11 @@
+@@ -1,23 +1,56 @@
-#! /usr/bin/perl
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -126090,8 +149845,65 @@
use strict;
use warnings;
+
+-use File::Spec;
++use OpenSSL::Test::Utils;
+ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+ setup("test_req");
+
+-plan tests => 3;
++plan tests => 4;
+
+ require_ok(srctop_file('test','recipes','tconversion.pl'));
+
++open RND, ">>", ".rnd";
++print RND "string to make the random number generator think it has entropy";
++close RND;
++subtest "generating certificate requests" => sub {
++ my @req_new;
++ if (disabled("rsa")) {
++ @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
++ } else {
++ @req_new = ("-new");
++ note("There should be a 2 sequences of .'s and some +'s.");
++ note("There should not be more that at most 80 per line");
++ }
++
++ plan tests => 2;
++
++ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
++ @req_new, "-out", "testreq.pem"])),
++ "Generating request");
++
++ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
++ "-verify", "-in", "testreq.pem", "-noout"])),
++ "Verifying signature on request");
++};
++
+ my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
+
+ run_conversion('req conversions',
+ "testreq.pem");
+ run_conversion('req conversions -- testreq2',
+- "testreq2.pem");
++ srctop_file("test", "testreq2.pem"));
++
++unlink "testkey.pem", "testreq.pem";
+
+ sub run_conversion {
+ my $title = shift;
+@@ -33,7 +66,7 @@ sub run_conversion {
+ plan skip_all => "skipping req conversion test for $reqfile"
+ if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
+
+- tconversion("req", "testreq.pem", @openssl_args);
++ tconversion("req", $reqfile, @openssl_args);
+ }
+ close DATA;
+ unlink "req-check.err";
diff --git a/test/recipes/25-test_sid.t b/test/recipes/25-test_sid.t
-index 84444b3..b13cb5c 100644
+index 84444b3b610d..b13cb5c23a7c 100644
--- a/test/recipes/25-test_sid.t
+++ b/test/recipes/25-test_sid.t
@@ -1,4 +1,11 @@
@@ -126108,7 +149920,7 @@
use strict;
use warnings;
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index e025739..172eecb 100644
+index e0257393683b..172eecbe7dd3 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -1,4 +1,11 @@
@@ -126125,7 +149937,7 @@
use strict;
use warnings;
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
-index 1572a06..3ff187d 100644
+index 1572a06d711b..98a8d324e9cf 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -1,4 +1,11 @@
@@ -126141,8 +149953,25 @@
use strict;
use warnings;
+@@ -8,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+ setup("test_x509");
+
+-plan tests => 4;
++plan tests => 5;
+
+ require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+@@ -21,3 +28,7 @@ subtest 'x509 -- first x.509 v3 certificate' => sub {
+ subtest 'x509 -- second x.509 v3 certificate' => sub {
+ tconversion("x509", srctop_file("test","v3-cert2.pem"));
+ };
++
++subtest 'x509 -- pathlen' => sub {
++ ok(run(test(["v3ext", srctop_file("test/certs", "pathlen.pem")])));
++}
diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t
-index e28bccb..c8cb67b 100644
+index e28bccbe511d..c8cb67b758c4 100644
--- a/test/recipes/30-test_afalg.t
+++ b/test/recipes/30-test_afalg.t
@@ -1,55 +1,10 @@
@@ -126208,7 +150037,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
diff --git a/test/recipes/30-test_engine.t b/test/recipes/30-test_engine.t
-index c097b6f..03c96cd 100644
+index c097b6f143a6..03c96cde0950 100644
--- a/test/recipes/30-test_engine.t
+++ b/test/recipes/30-test_engine.t
@@ -1,4 +1,11 @@
@@ -126225,7 +150054,7 @@
use strict;
use warnings;
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
-index 9ee24f4..c277fcd 100644
+index 9ee24f46b453..c277fcdfa027 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -1,4 +1,11 @@
@@ -126242,7 +150071,7 @@
use strict;
use warnings;
diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t
-index 0f90b21..9a656b0 100644
+index 0f90b212cf2b..9a656b0bcbe2 100644
--- a/test/recipes/30-test_evp_extra.t
+++ b/test/recipes/30-test_evp_extra.t
@@ -1,4 +1,11 @@
@@ -126259,7 +150088,7 @@
use strict;
use warnings;
diff --git a/test/recipes/30-test_pbelu.t b/test/recipes/30-test_pbelu.t
-index 635fb69..38b2d48 100644
+index 635fb6915dca..38b2d4837c03 100644
--- a/test/recipes/30-test_pbelu.t
+++ b/test/recipes/30-test_pbelu.t
@@ -1,4 +1,11 @@
@@ -126276,7 +150105,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t
-index dd7f4ac..c5c90e0 100644
+index dd7f4acbf169..fa05ca09fb05 100644
--- a/test/recipes/40-test_rehash.t
+++ b/test/recipes/40-test_rehash.t
@@ -1,4 +1,11 @@
@@ -126292,9 +150121,30 @@
use strict;
use warnings;
+@@ -6,6 +13,7 @@ use warnings;
+ use File::Spec::Functions;
+ use File::Copy;
+ use File::Basename;
++use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+ use OpenSSL::Test qw/:DEFAULT bldtop_file/;
+
+ setup("test_rehash");
+@@ -52,9 +60,9 @@ indir "rehash.$$" => sub {
+ sub prepare {
+ my @sourcefiles =
+ sort map { glob(bldtop_file('certs', 'demo', "*.$_")) } ('pem',
+- 'crt',
+- 'cer',
+- 'crl');
++ 'crt',
++ 'cer',
++ 'crl');
+ my @destfiles = ();
+ foreach (@sourcefiles) {
+ copy($_, curdir());
diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t
new file mode 100644
-index 0000000..c26f757
+index 000000000000..c26f75705c32
--- /dev/null
+++ b/test/recipes/70-test_asyncio.t
@@ -0,0 +1,22 @@
@@ -126321,7 +150171,7 @@
+ok(run(test(["asynciotest", srctop_file("apps", "server.pem"),
+ srctop_file("apps", "server.pem")])), "running asynciotest");
diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t
-index 2032d6d..ef0868f 100644
+index 2032d6d2f2da..ef0868f05a7b 100644
--- a/test/recipes/70-test_clienthello.t
+++ b/test/recipes/70-test_clienthello.t
@@ -1,4 +1,11 @@
@@ -126338,7 +150188,7 @@
use OpenSSL::Test;
use OpenSSL::Test::Utils;
diff --git a/test/recipes/70-test_packet.t b/test/recipes/70-test_packet.t
-index b1609d5..9bc6515 100644
+index b1609d55c381..9bc6515e5860 100644
--- a/test/recipes/70-test_packet.t
+++ b/test/recipes/70-test_packet.t
@@ -1,4 +1,11 @@
@@ -126355,7 +150205,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t
-index 298f6da..9eb5116 100755
+index 298f6da7fd95..9eb5116e7cf1 100755
--- a/test/recipes/70-test_sslcertstatus.t
+++ b/test/recipes/70-test_sslcertstatus.t
@@ -1,56 +1,10 @@
@@ -126432,7 +150282,7 @@
my $proxy = TLSProxy::Proxy->new(
\&certstatus_filter,
diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t
-index 7d45ce2..1084c96 100755
+index 7d45ce26a3c7..1084c9674d11 100755
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -1,56 +1,10 @@
@@ -126508,8 +150358,95 @@
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(
\&extension_filter,
+diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
+new file mode 100644
+index 000000000000..beacc4ad9adb
+--- /dev/null
++++ b/test/recipes/70-test_sslrecords.t
+@@ -0,0 +1,81 @@
++#! /usr/bin/env perl
++# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
++use OpenSSL::Test::Utils;
++use TLSProxy::Proxy;
++
++my $test_name = "test_sslrecords";
++setup($test_name);
++
++plan skip_all => "TLSProxy isn't usable on $^O"
++ if $^O =~ /^(VMS|MSWin32)$/;
++
++plan skip_all => "$test_name needs the dynamic engine feature enabled"
++ if disabled("engine") || disabled("dynamic-engine");
++
++plan skip_all => "$test_name needs the sock feature enabled"
++ if disabled("sock");
++
++plan skip_all => "$test_name needs TLS enabled"
++ if alldisabled(available_protocols("tls"));
++
++$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
++my $proxy = TLSProxy::Proxy->new(
++ \&add_empty_recs_filter,
++ cmdstr(app(["openssl"]), display => 1),
++ srctop_file("apps", "server.pem"),
++ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
++);
++
++plan tests => 3;
++
++#Test 1: Injecting out of context empty records should fail
++my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
++my $inject_recs_num = 1;
++$proxy->start();
++ok(TLSProxy::Message->fail(), "Out of context empty records test");
++
++#Test 2: Injecting in context empty records should succeed
++$proxy->clear();
++$content_type = TLSProxy::Record::RT_HANDSHAKE;
++$proxy->start();
++ok(TLSProxy::Message->success(), "In context empty records test");
++
++#Test 3: Injecting too many in context empty records should fail
++$proxy->clear();
++#We allow 32 consecutive in context empty records
++$inject_recs_num = 33;
++$proxy->start();
++ok(TLSProxy::Message->fail(), "Too many in context empty records test");
++
++sub add_empty_recs_filter
++{
++ my $proxy = shift;
++
++ # We're only interested in the initial ClientHello
++ if ($proxy->flight != 0) {
++ return;
++ }
++
++ for (my $i = 0; $i < $inject_recs_num; $i++) {
++ my $record = TLSProxy::Record->new(
++ 0,
++ $content_type,
++ TLSProxy::Record::VERS_TLS_1_2,
++ 0,
++ 0,
++ 0,
++ "",
++ ""
++ );
++
++ push @{$proxy->record_list}, $record;
++ }
++}
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
-index cbd4c65..c30ac44 100755
+index cbd4c65f719d..aeed99c6b6f9 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -1,56 +1,10 @@
@@ -126594,9 +150531,52 @@
#Test 1: By default with no existing session we should get a session ticket
#Expected result: ClientHello extension seen; ServerHello extension seen
-@@ -171,6 +128,23 @@ $proxy->clientstart();
+@@ -118,7 +75,7 @@ checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
+ #Expected result: ClientHello extension seen; ServerHello extension not seen
+ # NewSessionTicket message not seen; Abbreviated handshake
+ clearall();
+-(my $fh, my $session) = tempfile();
++(undef, my $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session);
+ $proxy->start();
+@@ -126,12 +83,13 @@ $proxy->clearClient();
+ $proxy->clientflags("-sess_in ".$session);
+ $proxy->clientstart();
+ checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
++unlink $session;
+
+ #Test 5: Test session resumption with ticket capable client without a ticket
+ #Expected result: ClientHello extension seen; ServerHello extension seen
+ # NewSessionTicket message seen; Abbreviated handshake
+ clearall();
+-($fh, $session) = tempfile();
++(undef, $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session." -no_ticket");
+ $proxy->start();
+@@ -140,6 +98,7 @@ $proxy->clientflags("-sess_in ".$session);
+ $proxy->clientstart();
+ checkmessages(5, "Session resumption with ticket capable client without a "
+ ."ticket", 1, 1, 1, 0);
++unlink $session;
+
+ #Test 6: Client accepts empty ticket.
+ #Expected result: ClientHello extension seen; ServerHello extension seen;
+@@ -151,7 +110,7 @@ checkmessages(6, "Empty ticket test", 1, 1, 1, 1);
+
+ #Test 7-8: Client keeps existing ticket on empty ticket.
+ clearall();
+-($fh, $session) = tempfile();
++(undef, $session) = tempfile();
+ $proxy->serverconnects(3);
+ $proxy->filter(undef);
+ $proxy->clientflags("-sess_out ".$session);
+@@ -170,7 +129,25 @@ $proxy->clientstart();
+ #Expected result: ClientHello extension seen; ServerHello extension not seen;
# NewSessionTicket message not seen; Abbreviated handshake.
checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
++unlink $session;
+#Test 9: Bad server sends the ServerHello extension but does not send a
+#NewSessionTicket
@@ -126618,7 +150598,7 @@
sub ticket_filter
{
-@@ -214,6 +188,26 @@ sub inject_empty_ticket_filter {
+@@ -214,6 +191,26 @@ sub inject_empty_ticket_filter {
$proxy->message_list([@new_message_list]);
}
@@ -126646,7 +150626,7 @@
{
my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_;
diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t
-index ac88ed5..ca8dfe7 100755
+index ac88ed524e1a..ca8dfe768190 100755
--- a/test/recipes/70-test_sslskewith0p.t
+++ b/test/recipes/70-test_sslskewith0p.t
@@ -1,56 +1,10 @@
@@ -126723,7 +150703,7 @@
my $proxy = TLSProxy::Proxy->new(
\&ske_0_p_filter,
diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t
-index c1ec38f..af82a8c 100755
+index c1ec38fc3584..af82a8c1210a 100755
--- a/test/recipes/70-test_sslvertol.t
+++ b/test/recipes/70-test_sslvertol.t
@@ -1,56 +1,10 @@
@@ -126800,7 +150780,7 @@
my $proxy = TLSProxy::Proxy->new(
\&vers_tolerance_filter,
diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
-index 24abfcf..6cc04ff 100644
+index 24abfcf321d3..25cc62738131 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -1,56 +1,10 @@
@@ -126876,8 +150856,93 @@
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
sub checkmessages($$$$$);
+@@ -134,7 +91,7 @@ checkmessages(2, "No ticket, no client extension extended master secret test", 0
+
+ clearall();
+ setrmextms(0, 0);
+-(my $fh, my $session) = tempfile();
++(undef, my $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session);
+ $proxy->start();
+@@ -142,6 +99,7 @@ $proxy->clearClient();
+ $proxy->clientflags("-sess_in ".$session);
+ $proxy->clientstart();
+ checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
++unlink $session;
+
+ #Test 6: Session resumption extended master secret test original session
+ # omits extension. Server must not resume session.
+@@ -150,7 +108,7 @@ checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
+
+ clearall();
+ setrmextms(1, 0);
+-($fh, $session) = tempfile();
++(undef, $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session);
+ $proxy->start();
+@@ -159,6 +117,7 @@ $proxy->clientflags("-sess_in ".$session);
+ setrmextms(0, 0);
+ $proxy->clientstart();
+ checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
++unlink $session;
+
+ #Test 7: Session resumption extended master secret test resumed session
+ # omits client extension. Server must abort connection.
+@@ -166,7 +125,7 @@ checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
+
+ clearall();
+ setrmextms(0, 0);
+-($fh, $session) = tempfile();
++(undef, $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session);
+ $proxy->start();
+@@ -175,6 +134,7 @@ $proxy->clientflags("-sess_in ".$session);
+ setrmextms(1, 0);
+ $proxy->clientstart();
+ ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
++unlink $session;
+
+ #Test 8: Session resumption extended master secret test resumed session
+ # omits server extension. Client must abort connection.
+@@ -182,7 +142,7 @@ ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
+
+ clearall();
+ setrmextms(0, 0);
+-($fh, $session) = tempfile();
++(undef, $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session);
+ $proxy->start();
+@@ -191,6 +151,7 @@ $proxy->clientflags("-sess_in ".$session);
+ setrmextms(0, 1);
+ $proxy->clientstart();
+ ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
++unlink $session;
+
+ #Test 9: Session resumption extended master secret test initial session
+ # omits server extension. Client must abort connection.
+@@ -198,7 +159,7 @@ ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
+
+ clearall();
+ setrmextms(0, 1);
+-($fh, $session) = tempfile();
++(undef, $session) = tempfile();
+ $proxy->serverconnects(2);
+ $proxy->clientflags("-sess_out ".$session);
+ $proxy->start();
+@@ -207,6 +168,7 @@ $proxy->clientflags("-sess_in ".$session);
+ setrmextms(0, 0);
+ $proxy->clientstart();
+ ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
++unlink $session;
+
+ sub extms_filter
+ {
diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t
-index 8c213e8..79a33cd 100644
+index 8c213e8a2f67..79a33cd01679 100644
--- a/test/recipes/70-test_verify_extra.t
+++ b/test/recipes/70-test_verify_extra.t
@@ -1,4 +1,11 @@
@@ -126894,7 +150959,7 @@
use OpenSSL::Test qw/:DEFAULT srctop_file/;
diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
-index 09d5ba6..cd42687 100644
+index 09d5ba6dc399..f4c01d5fa2cc 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -1,4 +1,11 @@
@@ -126931,14 +150996,31 @@
skip "failed to sign certificate request", 1
if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
'signing certificate request');
+@@ -38,7 +45,7 @@ plan tests => 4;
+
+
+ rmtree("demoCA", { safe => 0 });
+-unlink "newcert.pem", "newreq.pem";
++unlink "newcert.pem", "newreq.pem", "newkey.pem";
+
+
+ sub yes {
diff --git a/test/recipes/80-test_cipherlist.t b/test/recipes/80-test_cipherlist.t
new file mode 100644
-index 0000000..af9ac33
+index 000000000000..98d537e5f368
--- /dev/null
+++ b/test/recipes/80-test_cipherlist.t
-@@ -0,0 +1,18 @@
+@@ -0,0 +1,26 @@
+#! /usr/bin/perl
++#
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
++
+use strict;
+use warnings;
+
@@ -126956,7 +151038,7 @@
+
+simple_test("test_cipherlist", "cipherlist_test", "cipherlist");
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 645f37a..40fcf7c 100644
+index 645f37a7dee5..40fcf7cc5346 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -1,4 +1,11 @@
@@ -126973,7 +151055,7 @@
use strict;
use warnings;
diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t
-index 9685b95..9c717b2 100644
+index 9685b95616ac..9c717b2efcc2 100644
--- a/test/recipes/80-test_ct.t
+++ b/test/recipes/80-test_ct.t
@@ -1,4 +1,11 @@
@@ -126990,7 +151072,7 @@
use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
use OpenSSL::Test::Simple;
diff --git a/test/recipes/80-test_dane.t b/test/recipes/80-test_dane.t
-index 6436735..527e663 100644
+index 6436735a9b75..527e66345908 100644
--- a/test/recipes/80-test_dane.t
+++ b/test/recipes/80-test_dane.t
@@ -1,4 +1,11 @@
@@ -127007,7 +151089,7 @@
use strict;
use warnings;
diff --git a/test/recipes/80-test_dtlsv1listen.t b/test/recipes/80-test_dtlsv1listen.t
-index e7371ca..dd1bb35 100644
+index e7371cabb875..dd1bb35b6364 100644
--- a/test/recipes/80-test_dtlsv1listen.t
+++ b/test/recipes/80-test_dtlsv1listen.t
@@ -1,4 +1,11 @@
@@ -127024,7 +151106,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
-index ae4bf85..103a7ae 100644
+index ae4bf857f330..103a7aea0eaf 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -1,4 +1,11 @@
@@ -127041,10 +151123,10 @@
use strict;
use warnings;
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
-index abb6528..07f1291 100644
+index abb6528465a5..b7ab408d1498 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
-@@ -1,4 +1,11 @@
+@@ -1,10 +1,18 @@
-#! /usr/bin/perl
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -127057,33 +151139,40 @@
use strict;
use warnings;
-@@ -13,8 +20,10 @@ setup("test_ssl_new");
+ use File::Basename;
+ use File::Compare qw/compare_text/;
++use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+
+ use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
+ use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
+@@ -13,8 +21,10 @@ setup("test_ssl_new");
+
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf"));
-my @conf_files = map {basename($_)} @conf_srcs;
-+my @conf_srcs = glob('"'.srctop_file("test", "ssl-tests", "*.conf.in").'"');
++my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+map { s/;.*// } @conf_srcs if $^O eq "VMS";
+my @conf_files = map { basename($_) } @conf_srcs;
+map { s/\.in// } @conf_files;
# 02-protocol-version.conf test results depend on the configuration of enabled
# protocols. We only verify generated sources in the default configuration.
-@@ -32,7 +41,7 @@ foreach my $conf (@conf_files) {
+@@ -32,7 +42,7 @@ foreach my $conf (@conf_files) {
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 2; # = scalar @conf_files
-+plan tests => 3; # = scalar @conf_srcs
++plan tests => 6; # = scalar @conf_srcs
sub test_conf {
plan tests => 3;
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index 879ab7f..b41e67a 100644
+index 879ab7fc0f1e..4b932fd0c666 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
-@@ -1,4 +1,11 @@
+@@ -1,10 +1,17 @@
-#! /usr/bin/perl
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -127096,6 +151185,13 @@
use strict;
use warnings;
+
+ use POSIX;
+-use File::Spec;
++use File::Basename;
+ use File::Copy;
+ use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
+ use OpenSSL::Test::Utils;
@@ -29,6 +36,7 @@ my $digest = "-sha1";
my @reqcmd = ("openssl", "req");
my @x509cmd = ("openssl", "x509", $digest);
@@ -127170,26 +151266,248 @@
stdout => "err.ss")),
"make a DSA user cert request");
skip 'failure', 2 unless
-@@ -832,77 +829,3 @@ sub testssl {
+@@ -314,11 +311,8 @@ sub testss {
+ }
+
+ sub testssl {
+- my $key = shift || bldtop_file("apps","server.pem");
+- my $cert = shift || bldtop_file("apps","server.pem");
+- my $CAtmp = shift;
++ my ($key, $cert, $CAtmp) = @_;
+ my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
+- my @extra = @_;
+
+ my @ssltest = ("ssltest_old",
+ "-s_key", $key, "-s_cert", $cert,
+@@ -337,47 +331,19 @@ sub testssl {
+
+ subtest 'standard SSL tests' => sub {
+ ######################################################################
+- plan tests => 29;
++ plan tests => 21;
+
+ SKIP: {
+ skip "SSLv3 is not supported by this OpenSSL build", 4
+ if disabled("ssl3");
+
+- ok(run(test([@ssltest, "-ssl3", @extra])),
+- 'test sslv3');
+- ok(run(test([@ssltest, "-ssl3", "-server_auth", @CA, @extra])),
+- 'test sslv3 with server authentication');
+- ok(run(test([@ssltest, "-ssl3", "-client_auth", @CA, @extra])),
+- 'test sslv3 with client authentication');
+- ok(run(test([@ssltest, "-ssl3", "-server_auth", "-client_auth", @CA, @extra])),
+- 'test sslv3 with both server and client authentication');
+- }
+-
+- SKIP: {
+- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 4
+- if $no_anytls;
+-
+- ok(run(test([@ssltest, @extra])),
+- 'test sslv2/sslv3');
+- ok(run(test([@ssltest, "-server_auth", @CA, @extra])),
+- 'test sslv2/sslv3 with server authentication');
+- ok(run(test([@ssltest, "-client_auth", @CA, @extra])),
+- 'test sslv2/sslv3 with client authentication');
+- ok(run(test([@ssltest, "-server_auth", "-client_auth", @CA, @extra])),
+- 'test sslv2/sslv3 with both server and client authentication');
+- }
+-
+- SKIP: {
+- skip "SSLv3 is not supported by this OpenSSL build", 4
+- if disabled("ssl3");
+-
+- ok(run(test([@ssltest, "-bio_pair", "-ssl3", @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
+ 'test sslv3 via BIO pair');
+- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])),
+ 'test sslv3 with server authentication via BIO pair');
+- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])),
+ 'test sslv3 with client authentication via BIO pair');
+- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])),
+ 'test sslv3 with both server and client authentication via BIO pair');
+ }
+
+@@ -385,7 +351,7 @@ sub testssl {
+ skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1
+ if $no_anytls;
+
+- ok(run(test([@ssltest, "-bio_pair", @extra])),
++ ok(run(test([@ssltest, "-bio_pair"])),
+ 'test sslv2/sslv3 via BIO pair');
+ }
+
+@@ -393,13 +359,13 @@ sub testssl {
+ skip "DTLSv1 is not supported by this OpenSSL build", 4
+ if disabled("dtls1");
+
+- ok(run(test([@ssltest, "-dtls1", @extra])),
++ ok(run(test([@ssltest, "-dtls1"])),
+ 'test dtlsv1');
+- ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA])),
+ 'test dtlsv1 with server authentication');
+- ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA])),
+ 'test dtlsv1 with client authentication');
+- ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA])),
+ 'test dtlsv1 with both server and client authentication');
+ }
+
+@@ -407,13 +373,13 @@ sub testssl {
+ skip "DTLSv1.2 is not supported by this OpenSSL build", 4
+ if disabled("dtls1_2");
+
+- ok(run(test([@ssltest, "-dtls12", @extra])),
++ ok(run(test([@ssltest, "-dtls12"])),
+ 'test dtlsv1.2');
+- ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA])),
+ 'test dtlsv1.2 with server authentication');
+- ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA])),
+ 'test dtlsv1.2 with client authentication');
+- ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA])),
+ 'test dtlsv1.2 with both server and client authentication');
+ }
+
+@@ -424,32 +390,32 @@ sub testssl {
+ SKIP: {
+ skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert;
+
+- ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe", @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])),
+ 'test sslv2/sslv3 w/o (EC)DHE via BIO pair');
+ }
+
+- ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v", @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
+ 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+- ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
+ 'test sslv2/sslv3 with server authentication');
+- ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
+ 'test sslv2/sslv3 with client authentication via BIO pair');
+- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])),
+ 'test sslv2/sslv3 with both client and server authentication via BIO pair');
+- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA, @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
+ 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
+
+ SKIP: {
+ skip "No IPv4 available on this machine", 1
+ unless !disabled("sock") && have_IPv4();
+- ok(run(test([@ssltest, "-ipv4", @extra])),
++ ok(run(test([@ssltest, "-ipv4"])),
+ 'test TLS via IPv4');
+ }
+
+ SKIP: {
+ skip "No IPv6 available on this machine", 1
+ unless !disabled("sock") && have_IPv6();
+- ok(run(test([@ssltest, "-ipv6", @extra])),
++ ok(run(test([@ssltest, "-ipv6"])),
+ 'test TLS via IPv6');
+ }
}
+@@ -528,7 +494,7 @@ sub testssl {
+ skip "skipping anonymous DH tests", 1
+ if ($no_dh);
+
+- ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time", @extra])),
++ ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])),
+ 'test tlsv1 with 1024bit anonymous DH, multiple handshakes');
+ }
+
+@@ -536,13 +502,13 @@ sub testssl {
+ skip "skipping RSA tests", 2
+ if $no_rsa;
+
+- ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time", @extra])),
++ ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])),
+ 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes');
+
+ skip "skipping RSA+DHE tests", 1
+ if $no_dh;
+
+- ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time", @extra])),
++ ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])),
+ 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes');
+ }
+
+@@ -550,10 +516,10 @@ sub testssl {
+ skip "skipping PSK tests", 2
+ if ($no_psk);
+
+- ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123", @extra])),
++ ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
+ 'test tls1 with PSK');
+
+- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123", @extra])),
++ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
+ 'test tls1 with PSK via BIO pair');
+ }
+ }
+@@ -705,7 +671,7 @@ sub testssl {
+ if $no_anytls;
+
+ skip "skipping multi-buffer tests", 2
+- if @extra || (POSIX::uname())[4] ne "x86_64";
++ if (POSIX::uname())[4] ne "x86_64";
+
+ ok(run(test([@ssltest, "-cipher", "AES128-SHA", "-bytes", "8m"])));
+
+@@ -790,7 +756,7 @@ sub testssl {
+ subtest 'DTLS session reuse' => sub {
+ plan tests => 12;
+ SKIP: {
+- skip "DTLS disabled", 12 if $no_dtls;
++ skip "DTLS1.0 or DTLS1.2 disabled", 12 if $no_dtls1 || $no_dtls1_2;
+
+ ok(run(test([@ssltest, "-dtls", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
+ ok(run(test([@ssltest, "-dtls", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1.2"])));
+@@ -833,76 +799,40 @@ sub testssl {
};
}
--
+
-sub testsslproxy {
- my $key = shift || srctop_file("apps","server.pem");
- my $cert = shift || srctop_file("apps","server.pem");
- my $CAtmp = shift;
- my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
- my @extra = @_;
--
++unlink $CAkey;
++unlink $CAcert;
++unlink $CAserial;
++unlink $CAreq;
++unlink $CAreq2;
+
- my @ssltest = ("ssltest_old",
- "-s_key", $key, "-s_cert", $cert,
- "-c_key", $key, "-c_cert", $cert);
--
++unlink $Ukey;
++unlink $Ureq;
++unlink $Ucert;
++unlink basename($Ucert, '.ss').'.srl';
+
- # plan tests => 16;
--
++unlink $Dkey;
++unlink $Dreq;
++unlink $Dcert;
+
- note('Testing a lot of proxy conditions.');
--
++unlink $Ekey;
++unlink $Ereq;
++unlink $Ecert;
+
- # We happen to know that certP1.ss has policy letters "AB" and
- # certP2.ss has policy letters "BC". However, because certP2.ss
- # has certP1.ss as issuer, when it's used, both their policy
@@ -127231,11 +151549,22 @@
- [ [ 'BC', 'B' ], 1 ],
- [ [ 'BC', 'C' ], 0 ],
- [ [ 'BC', 'A|B&!C' ], 1 ] ] );
--
++unlink $P1key;
++unlink $P1req;
++unlink $P1cert;
++unlink basename($P1cert, '.ss').'.srl';
++unlink $P1intermediate;
++unlink "intP1.ss";
+
- SKIP: {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", scalar(@{$expected{$cert}})
- if $no_anytls;
--
++unlink $P2key;
++unlink $P2req;
++unlink $P2cert;
++unlink $P2intermediate;
++unlink "intP2.ss";
+
- foreach (@{$expected{$cert}}) {
- my $auth = $_->[0]->[0];
- my $cond = $_->[0]->[1];
@@ -127248,8 +151577,13 @@
- }
- }
-}
++unlink "ecp.ss";
++unlink "err.ss";
++
++unlink $server_sess;
++unlink $client_sess;
diff --git a/test/recipes/80-test_ssl_test_ctx.t b/test/recipes/80-test_ssl_test_ctx.t
-index 210e4e8..c593491 100644
+index 210e4e857fa0..c5934910e5bf 100644
--- a/test/recipes/80-test_ssl_test_ctx.t
+++ b/test/recipes/80-test_ssl_test_ctx.t
@@ -1,4 +1,11 @@
@@ -127266,7 +151600,7 @@
use strict;
use warnings;
diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t
-index f2ceeeb..cf3378b 100644
+index f2ceeeb9b76e..cf3378b3803d 100644
--- a/test/recipes/80-test_tsa.t
+++ b/test/recipes/80-test_tsa.t
@@ -1,4 +1,11 @@
@@ -127284,7 +151618,7 @@
use warnings;
diff --git a/test/recipes/80-test_x509aux.t b/test/recipes/80-test_x509aux.t
new file mode 100644
-index 0000000..65ba5fc
+index 000000000000..65ba5fcf5292
--- /dev/null
+++ b/test/recipes/80-test_x509aux.t
@@ -0,0 +1,27 @@
@@ -127316,7 +151650,7 @@
+ srctop_file("test", "certs", "root-cert.pem")]
+ )), "x509aux tests");
diff --git a/test/recipes/90-test_async.t b/test/recipes/90-test_async.t
-index dfee578..e0f1870 100644
+index dfee578fe241..e0f187063e13 100644
--- a/test/recipes/90-test_async.t
+++ b/test/recipes/90-test_async.t
@@ -1,4 +1,11 @@
@@ -127334,7 +151668,7 @@
diff --git a/test/recipes/90-test_bioprint.t b/test/recipes/90-test_bioprint.t
new file mode 100644
-index 0000000..b86e828
+index 000000000000..b86e828f57df
--- /dev/null
+++ b/test/recipes/90-test_bioprint.t
@@ -0,0 +1,12 @@
@@ -127351,7 +151685,7 @@
+
+simple_test("test_bioprint", "bioprinttest");
diff --git a/test/recipes/90-test_constant_time.t b/test/recipes/90-test_constant_time.t
-index cfdb578..6fa73bf 100644
+index cfdb578e64a4..6fa73bf146af 100644
--- a/test/recipes/90-test_constant_time.t
+++ b/test/recipes/90-test_constant_time.t
@@ -1,4 +1,11 @@
@@ -127367,8 +151701,34 @@
use OpenSSL::Test::Simple;
+diff --git a/test/recipes/90-test_getset.t b/test/recipes/90-test_getset.t
+new file mode 100644
+index 000000000000..3e245c12abe1
+--- /dev/null
++++ b/test/recipes/90-test_getset.t
+@@ -0,0 +1,20 @@
++#! /usr/bin/env perl
++# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++use OpenSSL::Test;
++use OpenSSL::Test::Utils;
++
++setup("test_getset");
++
++plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
++ if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
++
++plan tests => 1;
++
++ok(run(test(["getsettest"])), "running getsettest");
diff --git a/test/recipes/90-test_gmdiff.t b/test/recipes/90-test_gmdiff.t
-index 115445e..f2cce41 100644
+index 115445e17a3d..f2cce41a6506 100644
--- a/test/recipes/90-test_gmdiff.t
+++ b/test/recipes/90-test_gmdiff.t
@@ -1,4 +1,11 @@
@@ -127385,7 +151745,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_heartbeat.t b/test/recipes/90-test_heartbeat.t
-index a139c9a..90d6a67 100644
+index a139c9a882a9..90d6a67b7dd5 100644
--- a/test/recipes/90-test_heartbeat.t
+++ b/test/recipes/90-test_heartbeat.t
@@ -1,4 +1,11 @@
@@ -127402,7 +151762,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_ige.t b/test/recipes/90-test_ige.t
-index f008350..2ab4bd2 100644
+index f00835008580..2ab4bd255488 100644
--- a/test/recipes/90-test_ige.t
+++ b/test/recipes/90-test_ige.t
@@ -1,4 +1,11 @@
@@ -127419,7 +151779,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_memleak.t b/test/recipes/90-test_memleak.t
-index bc72f2e..52357c7 100644
+index bc72f2e6dcf6..52357c749f4a 100644
--- a/test/recipes/90-test_memleak.t
+++ b/test/recipes/90-test_memleak.t
@@ -1,4 +1,11 @@
@@ -127436,7 +151796,7 @@
use OpenSSL::Test;
diff --git a/test/recipes/90-test_networking.t b/test/recipes/90-test_networking.t
-index 85de81a..4f984cb 100644
+index 85de81a6b5b5..4f984cb908bc 100644
--- a/test/recipes/90-test_networking.t
+++ b/test/recipes/90-test_networking.t
@@ -1,56 +1,10 @@
@@ -127503,7 +151863,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_file bldtop_dir/;
diff --git a/test/recipes/90-test_np.t b/test/recipes/90-test_np.t
-index a0d8b4b..08bb84b 100644
+index a0d8b4b14d49..08bb84b081b5 100644
--- a/test/recipes/90-test_np.t
+++ b/test/recipes/90-test_np.t
@@ -1,4 +1,11 @@
@@ -127520,7 +151880,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_p5_crpt2.t b/test/recipes/90-test_p5_crpt2.t
-index 838e0d7..710dc8b 100644
+index 838e0d7e4dad..710dc8ba5266 100644
--- a/test/recipes/90-test_p5_crpt2.t
+++ b/test/recipes/90-test_p5_crpt2.t
@@ -1,4 +1,11 @@
@@ -127537,7 +151897,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_secmem.t b/test/recipes/90-test_secmem.t
-index 59f3bdd..d197c48 100644
+index 59f3bddbcc3d..d197c48a709e 100644
--- a/test/recipes/90-test_secmem.t
+++ b/test/recipes/90-test_secmem.t
@@ -1,4 +1,11 @@
@@ -127554,7 +151914,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_srp.t b/test/recipes/90-test_srp.t
-index 9110319..7026c35 100644
+index 9110319a8c54..7026c358a50a 100644
--- a/test/recipes/90-test_srp.t
+++ b/test/recipes/90-test_srp.t
@@ -1,4 +1,11 @@
@@ -127571,7 +151931,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t
-index a08d8b0..56d5338 100755
+index a08d8b020c04..56d533864901 100755
--- a/test/recipes/90-test_threads.t
+++ b/test/recipes/90-test_threads.t
@@ -1,4 +1,11 @@
@@ -127588,7 +151948,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/90-test_v3name.t b/test/recipes/90-test_v3name.t
-index 2a8a472..2e144e5 100644
+index 2a8a47245919..2e144e5a2da7 100644
--- a/test/recipes/90-test_v3name.t
+++ b/test/recipes/90-test_v3name.t
@@ -1,4 +1,11 @@
@@ -127605,7 +151965,7 @@
use OpenSSL::Test::Simple;
diff --git a/test/recipes/bc.pl b/test/recipes/bc.pl
-index f7d4dc6..dbb5842 100644
+index f7d4dc681d7d..dbb5842bda7e 100644
--- a/test/recipes/bc.pl
+++ b/test/recipes/bc.pl
@@ -1,4 +1,11 @@
@@ -127622,7 +151982,7 @@
use strict;
use warnings;
diff --git a/test/recipes/tconversion.pl b/test/recipes/tconversion.pl
-index eeb25d0..e5fa9de 100644
+index eeb25d0e7213..e5fa9dec879e 100644
--- a/test/recipes/tconversion.pl
+++ b/test/recipes/tconversion.pl
@@ -1,4 +1,11 @@
@@ -127639,7 +151999,7 @@
use strict;
use warnings;
diff --git a/test/rmdtest.c b/test/rmdtest.c
-index 867a20e..7f1e72e 100644
+index 867a20eaae60..7f1e72e78dca 100644
--- a/test/rmdtest.c
+++ b/test/rmdtest.c
@@ -1,58 +1,10 @@
@@ -127773,7 +152133,7 @@
EXIT(err);
}
diff --git a/test/rsa_test.c b/test/rsa_test.c
-index 2bc21b0..c8e68db 100644
+index 2bc21b045a85..7d06394c6c6d 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -1,3 +1,12 @@
@@ -127789,11 +152149,32 @@
/* test vectors from p1ovect1.txt */
#include <stdio.h>
+@@ -232,9 +241,9 @@ int main(int argc, char *argv[])
+
+ plen = sizeof(ptext_ex) - 1;
+
+- for (v = 0; v < 6; v++) {
++ for (v = 0; v < 3; v++) {
+ key = RSA_new();
+- switch (v % 3) {
++ switch (v) {
+ case 0:
+ clen = key1(key, ctext_ex);
+ break;
+@@ -245,8 +254,6 @@ int main(int argc, char *argv[])
+ clen = key3(key, ctext_ex);
+ break;
+ }
+- if (v / 3 >= 1)
+- RSA_set_flags(key, RSA_FLAG_NO_CONSTTIME);
+
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+ RSA_PKCS1_PADDING);
diff --git a/test/run_tests.pl b/test/run_tests.pl
-index f7bd623..6ce1521 100644
+index f7bd6238561c..6550e0b27230 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
-@@ -1,8 +1,19 @@
+@@ -1,10 +1,22 @@
-#! /usr/bin/perl
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -127813,8 +152194,11 @@
+
use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/;
use File::Basename;
++use if $^O ne "VMS", 'File::Glob' => qw/glob/;
use Test::Harness qw/runtests $switches/;
-@@ -28,16 +39,16 @@ if (@ARGV) {
+
+ my $srctop = $ENV{SRCTOP} || $ENV{TOP};
+@@ -28,7 +40,7 @@ if (@ARGV) {
@tests = @ARGV;
}
my $list_mode = scalar(grep /^list$/, @tests) != 0;
@@ -127822,20 +152206,9 @@
+if (grep /^(alltests|list)$/, @tests) {
@tests = grep {
basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
-- } glob(catfile($recipesdir,"*.t"));
-+ } glob('"'.catfile($recipesdir,"*.t").'"');
- } else {
- my @t = ();
- foreach (@tests) {
- push @t, grep {
- basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
-- } glob(catfile($recipesdir,"*-$_.t"));
-+ } glob('"'.catfile($recipesdir,"*-$_.t").'"');
- }
- @tests = @t;
- }
+ } glob(catfile($recipesdir,"*.t"));
diff --git a/test/secmemtest.c b/test/secmemtest.c
-index 7a77291..c31f391 100644
+index 7a772917f9eb..c31f391c59ee 100644
--- a/test/secmemtest.c
+++ b/test/secmemtest.c
@@ -1,32 +1,101 @@
@@ -127947,7 +152320,7 @@
}
#endif
diff --git a/test/sha1test.c b/test/sha1test.c
-index ada37d1..9ff959e 100644
+index ada37d11d645..9ff959ec9c0a 100644
--- a/test/sha1test.c
+++ b/test/sha1test.c
@@ -1,58 +1,10 @@
@@ -128075,7 +152448,7 @@
memset(buf, 'a', 1000);
diff --git a/test/sha256t.c b/test/sha256t.c
-index d88c805..315d10f 100644
+index d88c805bdb52..315d10fae9c4 100644
--- a/test/sha256t.c
+++ b/test/sha256t.c
@@ -1,7 +1,12 @@
@@ -128095,7 +152468,7 @@
#include <string.h>
#include <stdlib.h>
diff --git a/test/sha512t.c b/test/sha512t.c
-index 714fed6..e741b27 100644
+index 714fed62cb3f..e741b27fdbc0 100644
--- a/test/sha512t.c
+++ b/test/sha512t.c
@@ -1,7 +1,12 @@
@@ -128114,8 +152487,24 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
+index f01f66427c37..89963ecf2cd8 100644
+--- a/test/smime-certs/mksmime-certs.sh
++++ b/test/smime-certs/mksmime-certs.sh
+@@ -1,4 +1,11 @@
+ #!/bin/sh
++# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
+
+ # Utility to recreate S/MIME certificates
+
diff --git a/test/srptest.c b/test/srptest.c
-index 8379535..8d0aaa3 100644
+index 8379535029f5..8d0aaa3bcd05 100644
--- a/test/srptest.c
+++ b/test/srptest.c
@@ -1,3 +1,12 @@
@@ -128131,12 +152520,8203 @@
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_SRP
+diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf
+index 8c8067dae284..29ac3e4ece6f 100644
+--- a/test/ssl-tests/01-simple.conf
++++ b/test/ssl-tests/01-simple.conf
+@@ -11,6 +11,7 @@ ssl_conf = 0-default-ssl
+
+ [0-default-ssl]
+ server = 0-default-server
++server2 = 0-default-server2
+ client = 0-default-client
+
+ [0-default-server]
+@@ -19,6 +20,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[0-default-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [0-default-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -36,6 +43,7 @@ ssl_conf = 1-verify-cert-ssl
+
+ [1-verify-cert-ssl]
+ server = 1-verify-cert-server
++server2 = 1-verify-cert-server2
+ client = 1-verify-cert-client
+
+ [1-verify-cert-server]
+@@ -44,6 +52,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[1-verify-cert-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [1-verify-cert-client]
+ CipherString = DEFAULT
+ VerifyMode = Peer
+diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in
+index a152f662f678..e3a6330bdeff 100644
+--- a/test/ssl-tests/01-simple.conf.in
++++ b/test/ssl-tests/01-simple.conf.in
+@@ -1,4 +1,11 @@
+ # -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
+
+ ## SSL test configurations
+
+diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf
+index dc46bfad3f29..3c103dfc5d37 100644
+--- a/test/ssl-tests/02-protocol-version.conf
++++ b/test/ssl-tests/02-protocol-version.conf
+@@ -370,6 +370,7 @@ ssl_conf = 0-version-negotiation-ssl
+
+ [0-version-negotiation-ssl]
+ server = 0-version-negotiation-server
++server2 = 0-version-negotiation-server2
+ client = 0-version-negotiation-client
+
+ [0-version-negotiation-server]
+@@ -379,6 +380,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[0-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [0-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -397,6 +405,7 @@ ssl_conf = 1-version-negotiation-ssl
+
+ [1-version-negotiation-ssl]
+ server = 1-version-negotiation-server
++server2 = 1-version-negotiation-server2
+ client = 1-version-negotiation-client
+
+ [1-version-negotiation-server]
+@@ -406,6 +415,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[1-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [1-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -424,6 +440,7 @@ ssl_conf = 2-version-negotiation-ssl
+
+ [2-version-negotiation-ssl]
+ server = 2-version-negotiation-server
++server2 = 2-version-negotiation-server2
+ client = 2-version-negotiation-client
+
+ [2-version-negotiation-server]
+@@ -433,6 +450,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[2-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [2-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -451,6 +475,7 @@ ssl_conf = 3-version-negotiation-ssl
+
+ [3-version-negotiation-ssl]
+ server = 3-version-negotiation-server
++server2 = 3-version-negotiation-server2
+ client = 3-version-negotiation-client
+
+ [3-version-negotiation-server]
+@@ -460,6 +485,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[3-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [3-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -478,6 +510,7 @@ ssl_conf = 4-version-negotiation-ssl
+
+ [4-version-negotiation-ssl]
+ server = 4-version-negotiation-server
++server2 = 4-version-negotiation-server2
+ client = 4-version-negotiation-client
+
+ [4-version-negotiation-server]
+@@ -486,6 +519,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[4-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [4-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -504,6 +543,7 @@ ssl_conf = 5-version-negotiation-ssl
+
+ [5-version-negotiation-ssl]
+ server = 5-version-negotiation-server
++server2 = 5-version-negotiation-server2
+ client = 5-version-negotiation-client
+
+ [5-version-negotiation-server]
+@@ -514,6 +554,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[5-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [5-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -532,6 +580,7 @@ ssl_conf = 6-version-negotiation-ssl
+
+ [6-version-negotiation-ssl]
+ server = 6-version-negotiation-server
++server2 = 6-version-negotiation-server2
+ client = 6-version-negotiation-client
+
+ [6-version-negotiation-server]
+@@ -542,6 +591,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[6-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [6-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -560,6 +617,7 @@ ssl_conf = 7-version-negotiation-ssl
+
+ [7-version-negotiation-ssl]
+ server = 7-version-negotiation-server
++server2 = 7-version-negotiation-server2
+ client = 7-version-negotiation-client
+
+ [7-version-negotiation-server]
+@@ -570,6 +628,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[7-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [7-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -588,6 +654,7 @@ ssl_conf = 8-version-negotiation-ssl
+
+ [8-version-negotiation-ssl]
+ server = 8-version-negotiation-server
++server2 = 8-version-negotiation-server2
+ client = 8-version-negotiation-client
+
+ [8-version-negotiation-server]
+@@ -598,6 +665,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[8-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [8-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -616,6 +691,7 @@ ssl_conf = 9-version-negotiation-ssl
+
+ [9-version-negotiation-ssl]
+ server = 9-version-negotiation-server
++server2 = 9-version-negotiation-server2
+ client = 9-version-negotiation-client
+
+ [9-version-negotiation-server]
+@@ -625,6 +701,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[9-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [9-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -643,6 +726,7 @@ ssl_conf = 10-version-negotiation-ssl
+
+ [10-version-negotiation-ssl]
+ server = 10-version-negotiation-server
++server2 = 10-version-negotiation-server2
+ client = 10-version-negotiation-client
+
+ [10-version-negotiation-server]
+@@ -653,6 +737,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[10-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [10-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -671,6 +763,7 @@ ssl_conf = 11-version-negotiation-ssl
+
+ [11-version-negotiation-ssl]
+ server = 11-version-negotiation-server
++server2 = 11-version-negotiation-server2
+ client = 11-version-negotiation-client
+
+ [11-version-negotiation-server]
+@@ -681,6 +774,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[11-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [11-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -699,6 +800,7 @@ ssl_conf = 12-version-negotiation-ssl
+
+ [12-version-negotiation-ssl]
+ server = 12-version-negotiation-server
++server2 = 12-version-negotiation-server2
+ client = 12-version-negotiation-client
+
+ [12-version-negotiation-server]
+@@ -709,6 +811,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[12-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [12-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -727,6 +837,7 @@ ssl_conf = 13-version-negotiation-ssl
+
+ [13-version-negotiation-ssl]
+ server = 13-version-negotiation-server
++server2 = 13-version-negotiation-server2
+ client = 13-version-negotiation-client
+
+ [13-version-negotiation-server]
+@@ -736,6 +847,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[13-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [13-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -754,6 +872,7 @@ ssl_conf = 14-version-negotiation-ssl
+
+ [14-version-negotiation-ssl]
+ server = 14-version-negotiation-server
++server2 = 14-version-negotiation-server2
+ client = 14-version-negotiation-client
+
+ [14-version-negotiation-server]
+@@ -764,6 +883,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[14-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [14-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -782,6 +909,7 @@ ssl_conf = 15-version-negotiation-ssl
+
+ [15-version-negotiation-ssl]
+ server = 15-version-negotiation-server
++server2 = 15-version-negotiation-server2
+ client = 15-version-negotiation-client
+
+ [15-version-negotiation-server]
+@@ -792,6 +920,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[15-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [15-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -810,6 +946,7 @@ ssl_conf = 16-version-negotiation-ssl
+
+ [16-version-negotiation-ssl]
+ server = 16-version-negotiation-server
++server2 = 16-version-negotiation-server2
+ client = 16-version-negotiation-client
+
+ [16-version-negotiation-server]
+@@ -819,6 +956,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[16-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [16-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -837,6 +981,7 @@ ssl_conf = 17-version-negotiation-ssl
+
+ [17-version-negotiation-ssl]
+ server = 17-version-negotiation-server
++server2 = 17-version-negotiation-server2
+ client = 17-version-negotiation-client
+
+ [17-version-negotiation-server]
+@@ -847,6 +992,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[17-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [17-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -865,6 +1018,7 @@ ssl_conf = 18-version-negotiation-ssl
+
+ [18-version-negotiation-ssl]
+ server = 18-version-negotiation-server
++server2 = 18-version-negotiation-server2
+ client = 18-version-negotiation-client
+
+ [18-version-negotiation-server]
+@@ -874,6 +1028,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[18-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [18-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -892,6 +1053,7 @@ ssl_conf = 19-version-negotiation-ssl
+
+ [19-version-negotiation-ssl]
+ server = 19-version-negotiation-server
++server2 = 19-version-negotiation-server2
+ client = 19-version-negotiation-client
+
+ [19-version-negotiation-server]
+@@ -901,6 +1063,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[19-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [19-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -919,6 +1088,7 @@ ssl_conf = 20-version-negotiation-ssl
+
+ [20-version-negotiation-ssl]
+ server = 20-version-negotiation-server
++server2 = 20-version-negotiation-server2
+ client = 20-version-negotiation-client
+
+ [20-version-negotiation-server]
+@@ -928,6 +1098,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[20-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [20-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -947,6 +1124,7 @@ ssl_conf = 21-version-negotiation-ssl
+
+ [21-version-negotiation-ssl]
+ server = 21-version-negotiation-server
++server2 = 21-version-negotiation-server2
+ client = 21-version-negotiation-client
+
+ [21-version-negotiation-server]
+@@ -956,6 +1134,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[21-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [21-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -975,6 +1160,7 @@ ssl_conf = 22-version-negotiation-ssl
+
+ [22-version-negotiation-ssl]
+ server = 22-version-negotiation-server
++server2 = 22-version-negotiation-server2
+ client = 22-version-negotiation-client
+
+ [22-version-negotiation-server]
+@@ -984,6 +1170,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[22-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [22-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1003,6 +1196,7 @@ ssl_conf = 23-version-negotiation-ssl
+
+ [23-version-negotiation-ssl]
+ server = 23-version-negotiation-server
++server2 = 23-version-negotiation-server2
+ client = 23-version-negotiation-client
+
+ [23-version-negotiation-server]
+@@ -1011,6 +1205,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[23-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [23-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1030,6 +1230,7 @@ ssl_conf = 24-version-negotiation-ssl
+
+ [24-version-negotiation-ssl]
+ server = 24-version-negotiation-server
++server2 = 24-version-negotiation-server2
+ client = 24-version-negotiation-client
+
+ [24-version-negotiation-server]
+@@ -1040,6 +1241,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[24-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [24-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1058,6 +1267,7 @@ ssl_conf = 25-version-negotiation-ssl
+
+ [25-version-negotiation-ssl]
+ server = 25-version-negotiation-server
++server2 = 25-version-negotiation-server2
+ client = 25-version-negotiation-client
+
+ [25-version-negotiation-server]
+@@ -1068,6 +1278,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[25-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [25-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1087,6 +1305,7 @@ ssl_conf = 26-version-negotiation-ssl
+
+ [26-version-negotiation-ssl]
+ server = 26-version-negotiation-server
++server2 = 26-version-negotiation-server2
+ client = 26-version-negotiation-client
+
+ [26-version-negotiation-server]
+@@ -1097,6 +1316,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[26-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [26-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1116,6 +1343,7 @@ ssl_conf = 27-version-negotiation-ssl
+
+ [27-version-negotiation-ssl]
+ server = 27-version-negotiation-server
++server2 = 27-version-negotiation-server2
+ client = 27-version-negotiation-client
+
+ [27-version-negotiation-server]
+@@ -1126,6 +1354,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[27-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [27-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1145,6 +1381,7 @@ ssl_conf = 28-version-negotiation-ssl
+
+ [28-version-negotiation-ssl]
+ server = 28-version-negotiation-server
++server2 = 28-version-negotiation-server2
+ client = 28-version-negotiation-client
+
+ [28-version-negotiation-server]
+@@ -1154,6 +1391,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[28-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [28-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1173,6 +1417,7 @@ ssl_conf = 29-version-negotiation-ssl
+
+ [29-version-negotiation-ssl]
+ server = 29-version-negotiation-server
++server2 = 29-version-negotiation-server2
+ client = 29-version-negotiation-client
+
+ [29-version-negotiation-server]
+@@ -1183,6 +1428,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[29-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [29-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1202,6 +1455,7 @@ ssl_conf = 30-version-negotiation-ssl
+
+ [30-version-negotiation-ssl]
+ server = 30-version-negotiation-server
++server2 = 30-version-negotiation-server2
+ client = 30-version-negotiation-client
+
+ [30-version-negotiation-server]
+@@ -1212,6 +1466,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[30-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [30-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1231,6 +1493,7 @@ ssl_conf = 31-version-negotiation-ssl
+
+ [31-version-negotiation-ssl]
+ server = 31-version-negotiation-server
++server2 = 31-version-negotiation-server2
+ client = 31-version-negotiation-client
+
+ [31-version-negotiation-server]
+@@ -1241,6 +1504,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[31-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [31-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1260,6 +1531,7 @@ ssl_conf = 32-version-negotiation-ssl
+
+ [32-version-negotiation-ssl]
+ server = 32-version-negotiation-server
++server2 = 32-version-negotiation-server2
+ client = 32-version-negotiation-client
+
+ [32-version-negotiation-server]
+@@ -1269,6 +1541,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[32-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [32-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1288,6 +1567,7 @@ ssl_conf = 33-version-negotiation-ssl
+
+ [33-version-negotiation-ssl]
+ server = 33-version-negotiation-server
++server2 = 33-version-negotiation-server2
+ client = 33-version-negotiation-client
+
+ [33-version-negotiation-server]
+@@ -1298,6 +1578,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[33-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [33-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1316,6 +1604,7 @@ ssl_conf = 34-version-negotiation-ssl
+
+ [34-version-negotiation-ssl]
+ server = 34-version-negotiation-server
++server2 = 34-version-negotiation-server2
+ client = 34-version-negotiation-client
+
+ [34-version-negotiation-server]
+@@ -1326,6 +1615,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[34-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [34-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1344,6 +1641,7 @@ ssl_conf = 35-version-negotiation-ssl
+
+ [35-version-negotiation-ssl]
+ server = 35-version-negotiation-server
++server2 = 35-version-negotiation-server2
+ client = 35-version-negotiation-client
+
+ [35-version-negotiation-server]
+@@ -1353,6 +1651,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[35-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [35-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1371,6 +1676,7 @@ ssl_conf = 36-version-negotiation-ssl
+
+ [36-version-negotiation-ssl]
+ server = 36-version-negotiation-server
++server2 = 36-version-negotiation-server2
+ client = 36-version-negotiation-client
+
+ [36-version-negotiation-server]
+@@ -1381,6 +1687,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[36-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [36-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1399,6 +1713,7 @@ ssl_conf = 37-version-negotiation-ssl
+
+ [37-version-negotiation-ssl]
+ server = 37-version-negotiation-server
++server2 = 37-version-negotiation-server2
+ client = 37-version-negotiation-client
+
+ [37-version-negotiation-server]
+@@ -1408,6 +1723,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[37-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [37-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -1426,6 +1748,7 @@ ssl_conf = 38-version-negotiation-ssl
+
+ [38-version-negotiation-ssl]
+ server = 38-version-negotiation-server
++server2 = 38-version-negotiation-server2
+ client = 38-version-negotiation-client
+
+ [38-version-negotiation-server]
+@@ -1435,6 +1758,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[38-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [38-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1453,6 +1783,7 @@ ssl_conf = 39-version-negotiation-ssl
+
+ [39-version-negotiation-ssl]
+ server = 39-version-negotiation-server
++server2 = 39-version-negotiation-server2
+ client = 39-version-negotiation-client
+
+ [39-version-negotiation-server]
+@@ -1462,6 +1793,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[39-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [39-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1481,6 +1819,7 @@ ssl_conf = 40-version-negotiation-ssl
+
+ [40-version-negotiation-ssl]
+ server = 40-version-negotiation-server
++server2 = 40-version-negotiation-server2
+ client = 40-version-negotiation-client
+
+ [40-version-negotiation-server]
+@@ -1490,6 +1829,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[40-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [40-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1509,6 +1855,7 @@ ssl_conf = 41-version-negotiation-ssl
+
+ [41-version-negotiation-ssl]
+ server = 41-version-negotiation-server
++server2 = 41-version-negotiation-server2
+ client = 41-version-negotiation-client
+
+ [41-version-negotiation-server]
+@@ -1518,6 +1865,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[41-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [41-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1537,6 +1891,7 @@ ssl_conf = 42-version-negotiation-ssl
+
+ [42-version-negotiation-ssl]
+ server = 42-version-negotiation-server
++server2 = 42-version-negotiation-server2
+ client = 42-version-negotiation-client
+
+ [42-version-negotiation-server]
+@@ -1545,6 +1900,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[42-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [42-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1564,6 +1925,7 @@ ssl_conf = 43-version-negotiation-ssl
+
+ [43-version-negotiation-ssl]
+ server = 43-version-negotiation-server
++server2 = 43-version-negotiation-server2
+ client = 43-version-negotiation-client
+
+ [43-version-negotiation-server]
+@@ -1574,6 +1936,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[43-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [43-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1592,6 +1962,7 @@ ssl_conf = 44-version-negotiation-ssl
+
+ [44-version-negotiation-ssl]
+ server = 44-version-negotiation-server
++server2 = 44-version-negotiation-server2
+ client = 44-version-negotiation-client
+
+ [44-version-negotiation-server]
+@@ -1602,6 +1973,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[44-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [44-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1621,6 +2000,7 @@ ssl_conf = 45-version-negotiation-ssl
+
+ [45-version-negotiation-ssl]
+ server = 45-version-negotiation-server
++server2 = 45-version-negotiation-server2
+ client = 45-version-negotiation-client
+
+ [45-version-negotiation-server]
+@@ -1631,6 +2011,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[45-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [45-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1650,6 +2038,7 @@ ssl_conf = 46-version-negotiation-ssl
+
+ [46-version-negotiation-ssl]
+ server = 46-version-negotiation-server
++server2 = 46-version-negotiation-server2
+ client = 46-version-negotiation-client
+
+ [46-version-negotiation-server]
+@@ -1660,6 +2049,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[46-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [46-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1679,6 +2076,7 @@ ssl_conf = 47-version-negotiation-ssl
+
+ [47-version-negotiation-ssl]
+ server = 47-version-negotiation-server
++server2 = 47-version-negotiation-server2
+ client = 47-version-negotiation-client
+
+ [47-version-negotiation-server]
+@@ -1688,6 +2086,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[47-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [47-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1707,6 +2112,7 @@ ssl_conf = 48-version-negotiation-ssl
+
+ [48-version-negotiation-ssl]
+ server = 48-version-negotiation-server
++server2 = 48-version-negotiation-server2
+ client = 48-version-negotiation-client
+
+ [48-version-negotiation-server]
+@@ -1717,6 +2123,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[48-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [48-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1736,6 +2150,7 @@ ssl_conf = 49-version-negotiation-ssl
+
+ [49-version-negotiation-ssl]
+ server = 49-version-negotiation-server
++server2 = 49-version-negotiation-server2
+ client = 49-version-negotiation-client
+
+ [49-version-negotiation-server]
+@@ -1746,6 +2161,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[49-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [49-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1765,9 +2188,18 @@ ssl_conf = 50-version-negotiation-ssl
+
+ [50-version-negotiation-ssl]
+ server = 50-version-negotiation-server
++server2 = 50-version-negotiation-server2
+ client = 50-version-negotiation-client
+
+-[50-version-negotiation-server]
++[50-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[50-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -1794,6 +2226,7 @@ ssl_conf = 51-version-negotiation-ssl
+
+ [51-version-negotiation-ssl]
+ server = 51-version-negotiation-server
++server2 = 51-version-negotiation-server2
+ client = 51-version-negotiation-client
+
+ [51-version-negotiation-server]
+@@ -1803,6 +2236,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[51-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [51-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1822,6 +2262,7 @@ ssl_conf = 52-version-negotiation-ssl
+
+ [52-version-negotiation-ssl]
+ server = 52-version-negotiation-server
++server2 = 52-version-negotiation-server2
+ client = 52-version-negotiation-client
+
+ [52-version-negotiation-server]
+@@ -1832,6 +2273,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[52-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [52-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1851,6 +2300,7 @@ ssl_conf = 53-version-negotiation-ssl
+
+ [53-version-negotiation-ssl]
+ server = 53-version-negotiation-server
++server2 = 53-version-negotiation-server2
+ client = 53-version-negotiation-client
+
+ [53-version-negotiation-server]
+@@ -1861,6 +2311,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[53-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [53-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1880,6 +2338,7 @@ ssl_conf = 54-version-negotiation-ssl
+
+ [54-version-negotiation-ssl]
+ server = 54-version-negotiation-server
++server2 = 54-version-negotiation-server2
+ client = 54-version-negotiation-client
+
+ [54-version-negotiation-server]
+@@ -1889,6 +2348,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[54-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [54-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1908,6 +2374,7 @@ ssl_conf = 55-version-negotiation-ssl
+
+ [55-version-negotiation-ssl]
+ server = 55-version-negotiation-server
++server2 = 55-version-negotiation-server2
+ client = 55-version-negotiation-client
+
+ [55-version-negotiation-server]
+@@ -1918,6 +2385,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[55-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [55-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1936,6 +2411,7 @@ ssl_conf = 56-version-negotiation-ssl
+
+ [56-version-negotiation-ssl]
+ server = 56-version-negotiation-server
++server2 = 56-version-negotiation-server2
+ client = 56-version-negotiation-client
+
+ [56-version-negotiation-server]
+@@ -1945,6 +2421,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[56-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [56-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -1963,6 +2446,7 @@ ssl_conf = 57-version-negotiation-ssl
+
+ [57-version-negotiation-ssl]
+ server = 57-version-negotiation-server
++server2 = 57-version-negotiation-server2
+ client = 57-version-negotiation-client
+
+ [57-version-negotiation-server]
+@@ -1972,6 +2456,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[57-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [57-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -1990,6 +2481,7 @@ ssl_conf = 58-version-negotiation-ssl
+
+ [58-version-negotiation-ssl]
+ server = 58-version-negotiation-server
++server2 = 58-version-negotiation-server2
+ client = 58-version-negotiation-client
+
+ [58-version-negotiation-server]
+@@ -1999,6 +2491,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[58-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [58-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2018,6 +2517,7 @@ ssl_conf = 59-version-negotiation-ssl
+
+ [59-version-negotiation-ssl]
+ server = 59-version-negotiation-server
++server2 = 59-version-negotiation-server2
+ client = 59-version-negotiation-client
+
+ [59-version-negotiation-server]
+@@ -2027,6 +2527,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[59-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [59-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2046,6 +2553,7 @@ ssl_conf = 60-version-negotiation-ssl
+
+ [60-version-negotiation-ssl]
+ server = 60-version-negotiation-server
++server2 = 60-version-negotiation-server2
+ client = 60-version-negotiation-client
+
+ [60-version-negotiation-server]
+@@ -2055,6 +2563,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[60-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [60-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2074,6 +2589,7 @@ ssl_conf = 61-version-negotiation-ssl
+
+ [61-version-negotiation-ssl]
+ server = 61-version-negotiation-server
++server2 = 61-version-negotiation-server2
+ client = 61-version-negotiation-client
+
+ [61-version-negotiation-server]
+@@ -2082,6 +2598,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[61-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [61-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2101,6 +2623,7 @@ ssl_conf = 62-version-negotiation-ssl
+
+ [62-version-negotiation-ssl]
+ server = 62-version-negotiation-server
++server2 = 62-version-negotiation-server2
+ client = 62-version-negotiation-client
+
+ [62-version-negotiation-server]
+@@ -2111,6 +2634,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[62-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [62-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2129,6 +2660,7 @@ ssl_conf = 63-version-negotiation-ssl
+
+ [63-version-negotiation-ssl]
+ server = 63-version-negotiation-server
++server2 = 63-version-negotiation-server2
+ client = 63-version-negotiation-client
+
+ [63-version-negotiation-server]
+@@ -2139,6 +2671,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[63-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [63-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2158,6 +2698,7 @@ ssl_conf = 64-version-negotiation-ssl
+
+ [64-version-negotiation-ssl]
+ server = 64-version-negotiation-server
++server2 = 64-version-negotiation-server2
+ client = 64-version-negotiation-client
+
+ [64-version-negotiation-server]
+@@ -2168,6 +2709,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[64-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [64-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2187,6 +2736,7 @@ ssl_conf = 65-version-negotiation-ssl
+
+ [65-version-negotiation-ssl]
+ server = 65-version-negotiation-server
++server2 = 65-version-negotiation-server2
+ client = 65-version-negotiation-client
+
+ [65-version-negotiation-server]
+@@ -2197,6 +2747,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[65-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [65-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2216,6 +2774,7 @@ ssl_conf = 66-version-negotiation-ssl
+
+ [66-version-negotiation-ssl]
+ server = 66-version-negotiation-server
++server2 = 66-version-negotiation-server2
+ client = 66-version-negotiation-client
+
+ [66-version-negotiation-server]
+@@ -2225,6 +2784,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[66-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [66-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2244,6 +2810,7 @@ ssl_conf = 67-version-negotiation-ssl
+
+ [67-version-negotiation-ssl]
+ server = 67-version-negotiation-server
++server2 = 67-version-negotiation-server2
+ client = 67-version-negotiation-client
+
+ [67-version-negotiation-server]
+@@ -2254,6 +2821,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[67-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [67-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2273,6 +2848,7 @@ ssl_conf = 68-version-negotiation-ssl
+
+ [68-version-negotiation-ssl]
+ server = 68-version-negotiation-server
++server2 = 68-version-negotiation-server2
+ client = 68-version-negotiation-client
+
+ [68-version-negotiation-server]
+@@ -2283,6 +2859,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[68-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [68-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2302,6 +2886,7 @@ ssl_conf = 69-version-negotiation-ssl
+
+ [69-version-negotiation-ssl]
+ server = 69-version-negotiation-server
++server2 = 69-version-negotiation-server2
+ client = 69-version-negotiation-client
+
+ [69-version-negotiation-server]
+@@ -2312,6 +2897,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[69-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [69-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2331,6 +2924,7 @@ ssl_conf = 70-version-negotiation-ssl
+
+ [70-version-negotiation-ssl]
+ server = 70-version-negotiation-server
++server2 = 70-version-negotiation-server2
+ client = 70-version-negotiation-client
+
+ [70-version-negotiation-server]
+@@ -2340,6 +2934,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[70-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [70-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2359,6 +2960,7 @@ ssl_conf = 71-version-negotiation-ssl
+
+ [71-version-negotiation-ssl]
+ server = 71-version-negotiation-server
++server2 = 71-version-negotiation-server2
+ client = 71-version-negotiation-client
+
+ [71-version-negotiation-server]
+@@ -2369,6 +2971,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[71-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [71-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2388,6 +2998,7 @@ ssl_conf = 72-version-negotiation-ssl
+
+ [72-version-negotiation-ssl]
+ server = 72-version-negotiation-server
++server2 = 72-version-negotiation-server2
+ client = 72-version-negotiation-client
+
+ [72-version-negotiation-server]
+@@ -2398,6 +3009,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[72-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [72-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2417,6 +3036,7 @@ ssl_conf = 73-version-negotiation-ssl
+
+ [73-version-negotiation-ssl]
+ server = 73-version-negotiation-server
++server2 = 73-version-negotiation-server2
+ client = 73-version-negotiation-client
+
+ [73-version-negotiation-server]
+@@ -2426,6 +3046,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[73-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [73-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2445,6 +3072,7 @@ ssl_conf = 74-version-negotiation-ssl
+
+ [74-version-negotiation-ssl]
+ server = 74-version-negotiation-server
++server2 = 74-version-negotiation-server2
+ client = 74-version-negotiation-client
+
+ [74-version-negotiation-server]
+@@ -2455,6 +3083,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[74-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [74-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2474,6 +3110,7 @@ ssl_conf = 75-version-negotiation-ssl
+
+ [75-version-negotiation-ssl]
+ server = 75-version-negotiation-server
++server2 = 75-version-negotiation-server2
+ client = 75-version-negotiation-client
+
+ [75-version-negotiation-server]
+@@ -2483,6 +3120,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[75-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [75-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -2502,6 +3146,7 @@ ssl_conf = 76-version-negotiation-ssl
+
+ [76-version-negotiation-ssl]
+ server = 76-version-negotiation-server
++server2 = 76-version-negotiation-server2
+ client = 76-version-negotiation-client
+
+ [76-version-negotiation-server]
+@@ -2511,6 +3156,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[76-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [76-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2528,6 +3180,7 @@ ssl_conf = 77-version-negotiation-ssl
+
+ [77-version-negotiation-ssl]
+ server = 77-version-negotiation-server
++server2 = 77-version-negotiation-server2
+ client = 77-version-negotiation-client
+
+ [77-version-negotiation-server]
+@@ -2537,6 +3190,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[77-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [77-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2555,6 +3215,7 @@ ssl_conf = 78-version-negotiation-ssl
+
+ [78-version-negotiation-ssl]
+ server = 78-version-negotiation-server
++server2 = 78-version-negotiation-server2
+ client = 78-version-negotiation-client
+
+ [78-version-negotiation-server]
+@@ -2564,6 +3225,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[78-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [78-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2582,6 +3250,7 @@ ssl_conf = 79-version-negotiation-ssl
+
+ [79-version-negotiation-ssl]
+ server = 79-version-negotiation-server
++server2 = 79-version-negotiation-server2
+ client = 79-version-negotiation-client
+
+ [79-version-negotiation-server]
+@@ -2591,6 +3260,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[79-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [79-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2609,6 +3285,7 @@ ssl_conf = 80-version-negotiation-ssl
+
+ [80-version-negotiation-ssl]
+ server = 80-version-negotiation-server
++server2 = 80-version-negotiation-server2
+ client = 80-version-negotiation-client
+
+ [80-version-negotiation-server]
+@@ -2617,6 +3294,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[80-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [80-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2635,6 +3318,7 @@ ssl_conf = 81-version-negotiation-ssl
+
+ [81-version-negotiation-ssl]
+ server = 81-version-negotiation-server
++server2 = 81-version-negotiation-server2
+ client = 81-version-negotiation-client
+
+ [81-version-negotiation-server]
+@@ -2645,6 +3329,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[81-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [81-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2662,6 +3354,7 @@ ssl_conf = 82-version-negotiation-ssl
+
+ [82-version-negotiation-ssl]
+ server = 82-version-negotiation-server
++server2 = 82-version-negotiation-server2
+ client = 82-version-negotiation-client
+
+ [82-version-negotiation-server]
+@@ -2672,6 +3365,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[82-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [82-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2690,6 +3391,7 @@ ssl_conf = 83-version-negotiation-ssl
+
+ [83-version-negotiation-ssl]
+ server = 83-version-negotiation-server
++server2 = 83-version-negotiation-server2
+ client = 83-version-negotiation-client
+
+ [83-version-negotiation-server]
+@@ -2700,6 +3402,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[83-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [83-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2718,6 +3428,7 @@ ssl_conf = 84-version-negotiation-ssl
+
+ [84-version-negotiation-ssl]
+ server = 84-version-negotiation-server
++server2 = 84-version-negotiation-server2
+ client = 84-version-negotiation-client
+
+ [84-version-negotiation-server]
+@@ -2728,6 +3439,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[84-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [84-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2746,6 +3465,7 @@ ssl_conf = 85-version-negotiation-ssl
+
+ [85-version-negotiation-ssl]
+ server = 85-version-negotiation-server
++server2 = 85-version-negotiation-server2
+ client = 85-version-negotiation-client
+
+ [85-version-negotiation-server]
+@@ -2755,6 +3475,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[85-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [85-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2773,6 +3500,7 @@ ssl_conf = 86-version-negotiation-ssl
+
+ [86-version-negotiation-ssl]
+ server = 86-version-negotiation-server
++server2 = 86-version-negotiation-server2
+ client = 86-version-negotiation-client
+
+ [86-version-negotiation-server]
+@@ -2783,6 +3511,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[86-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [86-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2801,6 +3537,7 @@ ssl_conf = 87-version-negotiation-ssl
+
+ [87-version-negotiation-ssl]
+ server = 87-version-negotiation-server
++server2 = 87-version-negotiation-server2
+ client = 87-version-negotiation-client
+
+ [87-version-negotiation-server]
+@@ -2811,6 +3548,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[87-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [87-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2829,6 +3574,7 @@ ssl_conf = 88-version-negotiation-ssl
+
+ [88-version-negotiation-ssl]
+ server = 88-version-negotiation-server
++server2 = 88-version-negotiation-server2
+ client = 88-version-negotiation-client
+
+ [88-version-negotiation-server]
+@@ -2839,6 +3585,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[88-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [88-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2857,9 +3611,17 @@ ssl_conf = 89-version-negotiation-ssl
+
+ [89-version-negotiation-ssl]
+ server = 89-version-negotiation-server
++server2 = 89-version-negotiation-server2
+ client = 89-version-negotiation-client
+
+-[89-version-negotiation-server]
++[89-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[89-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -2884,6 +3646,7 @@ ssl_conf = 90-version-negotiation-ssl
+
+ [90-version-negotiation-ssl]
+ server = 90-version-negotiation-server
++server2 = 90-version-negotiation-server2
+ client = 90-version-negotiation-client
+
+ [90-version-negotiation-server]
+@@ -2894,6 +3657,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[90-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [90-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2912,6 +3683,7 @@ ssl_conf = 91-version-negotiation-ssl
+
+ [91-version-negotiation-ssl]
+ server = 91-version-negotiation-server
++server2 = 91-version-negotiation-server2
+ client = 91-version-negotiation-client
+
+ [91-version-negotiation-server]
+@@ -2922,6 +3694,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[91-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [91-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2940,6 +3720,7 @@ ssl_conf = 92-version-negotiation-ssl
+
+ [92-version-negotiation-ssl]
+ server = 92-version-negotiation-server
++server2 = 92-version-negotiation-server2
+ client = 92-version-negotiation-client
+
+ [92-version-negotiation-server]
+@@ -2949,6 +3730,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[92-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [92-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2967,6 +3755,7 @@ ssl_conf = 93-version-negotiation-ssl
+
+ [93-version-negotiation-ssl]
+ server = 93-version-negotiation-server
++server2 = 93-version-negotiation-server2
+ client = 93-version-negotiation-client
+
+ [93-version-negotiation-server]
+@@ -2977,6 +3766,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[93-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [93-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -2995,6 +3792,7 @@ ssl_conf = 94-version-negotiation-ssl
+
+ [94-version-negotiation-ssl]
+ server = 94-version-negotiation-server
++server2 = 94-version-negotiation-server2
+ client = 94-version-negotiation-client
+
+ [94-version-negotiation-server]
+@@ -3004,6 +3802,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[94-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [94-version-negotiation-client]
+ CipherString = DEFAULT
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -3022,6 +3827,7 @@ ssl_conf = 95-version-negotiation-ssl
+
+ [95-version-negotiation-ssl]
+ server = 95-version-negotiation-server
++server2 = 95-version-negotiation-server2
+ client = 95-version-negotiation-client
+
+ [95-version-negotiation-server]
+@@ -3031,6 +3837,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[95-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [95-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3050,6 +3863,7 @@ ssl_conf = 96-version-negotiation-ssl
+
+ [96-version-negotiation-ssl]
+ server = 96-version-negotiation-server
++server2 = 96-version-negotiation-server2
+ client = 96-version-negotiation-client
+
+ [96-version-negotiation-server]
+@@ -3059,6 +3873,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[96-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [96-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3078,6 +3899,7 @@ ssl_conf = 97-version-negotiation-ssl
+
+ [97-version-negotiation-ssl]
+ server = 97-version-negotiation-server
++server2 = 97-version-negotiation-server2
+ client = 97-version-negotiation-client
+
+ [97-version-negotiation-server]
+@@ -3087,6 +3909,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[97-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [97-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3106,6 +3935,7 @@ ssl_conf = 98-version-negotiation-ssl
+
+ [98-version-negotiation-ssl]
+ server = 98-version-negotiation-server
++server2 = 98-version-negotiation-server2
+ client = 98-version-negotiation-client
+
+ [98-version-negotiation-server]
+@@ -3115,6 +3945,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[98-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [98-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3134,6 +3971,7 @@ ssl_conf = 99-version-negotiation-ssl
+
+ [99-version-negotiation-ssl]
+ server = 99-version-negotiation-server
++server2 = 99-version-negotiation-server2
+ client = 99-version-negotiation-client
+
+ [99-version-negotiation-server]
+@@ -3142,6 +3980,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[99-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [99-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3161,6 +4005,7 @@ ssl_conf = 100-version-negotiation-ssl
+
+ [100-version-negotiation-ssl]
+ server = 100-version-negotiation-server
++server2 = 100-version-negotiation-server2
+ client = 100-version-negotiation-client
+
+ [100-version-negotiation-server]
+@@ -3171,6 +4016,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[100-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [100-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3190,6 +4043,7 @@ ssl_conf = 101-version-negotiation-ssl
+
+ [101-version-negotiation-ssl]
+ server = 101-version-negotiation-server
++server2 = 101-version-negotiation-server2
+ client = 101-version-negotiation-client
+
+ [101-version-negotiation-server]
+@@ -3200,6 +4054,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[101-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [101-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3219,6 +4081,7 @@ ssl_conf = 102-version-negotiation-ssl
+
+ [102-version-negotiation-ssl]
+ server = 102-version-negotiation-server
++server2 = 102-version-negotiation-server2
+ client = 102-version-negotiation-client
+
+ [102-version-negotiation-server]
+@@ -3229,6 +4092,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[102-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [102-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3248,6 +4119,7 @@ ssl_conf = 103-version-negotiation-ssl
+
+ [103-version-negotiation-ssl]
+ server = 103-version-negotiation-server
++server2 = 103-version-negotiation-server2
+ client = 103-version-negotiation-client
+
+ [103-version-negotiation-server]
+@@ -3258,6 +4130,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[103-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [103-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3277,6 +4157,7 @@ ssl_conf = 104-version-negotiation-ssl
+
+ [104-version-negotiation-ssl]
+ server = 104-version-negotiation-server
++server2 = 104-version-negotiation-server2
+ client = 104-version-negotiation-client
+
+ [104-version-negotiation-server]
+@@ -3286,6 +4167,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[104-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [104-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3305,6 +4193,7 @@ ssl_conf = 105-version-negotiation-ssl
+
+ [105-version-negotiation-ssl]
+ server = 105-version-negotiation-server
++server2 = 105-version-negotiation-server2
+ client = 105-version-negotiation-client
+
+ [105-version-negotiation-server]
+@@ -3315,6 +4204,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[105-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [105-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3334,6 +4231,7 @@ ssl_conf = 106-version-negotiation-ssl
+
+ [106-version-negotiation-ssl]
+ server = 106-version-negotiation-server
++server2 = 106-version-negotiation-server2
+ client = 106-version-negotiation-client
+
+ [106-version-negotiation-server]
+@@ -3344,6 +4242,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[106-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [106-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3363,6 +4269,7 @@ ssl_conf = 107-version-negotiation-ssl
+
+ [107-version-negotiation-ssl]
+ server = 107-version-negotiation-server
++server2 = 107-version-negotiation-server2
+ client = 107-version-negotiation-client
+
+ [107-version-negotiation-server]
+@@ -3373,6 +4280,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[107-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [107-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3392,6 +4307,7 @@ ssl_conf = 108-version-negotiation-ssl
+
+ [108-version-negotiation-ssl]
+ server = 108-version-negotiation-server
++server2 = 108-version-negotiation-server2
+ client = 108-version-negotiation-client
+
+ [108-version-negotiation-server]
+@@ -3401,6 +4317,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[108-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [108-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3420,6 +4343,7 @@ ssl_conf = 109-version-negotiation-ssl
+
+ [109-version-negotiation-ssl]
+ server = 109-version-negotiation-server
++server2 = 109-version-negotiation-server2
+ client = 109-version-negotiation-client
+
+ [109-version-negotiation-server]
+@@ -3430,6 +4354,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[109-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [109-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3449,6 +4381,7 @@ ssl_conf = 110-version-negotiation-ssl
+
+ [110-version-negotiation-ssl]
+ server = 110-version-negotiation-server
++server2 = 110-version-negotiation-server2
+ client = 110-version-negotiation-client
+
+ [110-version-negotiation-server]
+@@ -3459,6 +4392,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[110-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [110-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3478,6 +4419,7 @@ ssl_conf = 111-version-negotiation-ssl
+
+ [111-version-negotiation-ssl]
+ server = 111-version-negotiation-server
++server2 = 111-version-negotiation-server2
+ client = 111-version-negotiation-client
+
+ [111-version-negotiation-server]
+@@ -3487,6 +4429,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[111-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [111-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3506,6 +4455,7 @@ ssl_conf = 112-version-negotiation-ssl
+
+ [112-version-negotiation-ssl]
+ server = 112-version-negotiation-server
++server2 = 112-version-negotiation-server2
+ client = 112-version-negotiation-client
+
+ [112-version-negotiation-server]
+@@ -3516,6 +4466,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[112-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [112-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3535,6 +4493,7 @@ ssl_conf = 113-version-negotiation-ssl
+
+ [113-version-negotiation-ssl]
+ server = 113-version-negotiation-server
++server2 = 113-version-negotiation-server2
+ client = 113-version-negotiation-client
+
+ [113-version-negotiation-server]
+@@ -3544,6 +4503,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[113-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [113-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = SSLv3
+@@ -3563,6 +4529,7 @@ ssl_conf = 114-version-negotiation-ssl
+
+ [114-version-negotiation-ssl]
+ server = 114-version-negotiation-server
++server2 = 114-version-negotiation-server2
+ client = 114-version-negotiation-client
+
+ [114-version-negotiation-server]
+@@ -3572,6 +4539,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[114-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [114-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3591,6 +4565,7 @@ ssl_conf = 115-version-negotiation-ssl
+
+ [115-version-negotiation-ssl]
+ server = 115-version-negotiation-server
++server2 = 115-version-negotiation-server2
+ client = 115-version-negotiation-client
+
+ [115-version-negotiation-server]
+@@ -3600,6 +4575,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[115-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [115-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3620,6 +4602,7 @@ ssl_conf = 116-version-negotiation-ssl
+
+ [116-version-negotiation-ssl]
+ server = 116-version-negotiation-server
++server2 = 116-version-negotiation-server2
+ client = 116-version-negotiation-client
+
+ [116-version-negotiation-server]
+@@ -3629,6 +4612,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[116-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [116-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3649,6 +4639,7 @@ ssl_conf = 117-version-negotiation-ssl
+
+ [117-version-negotiation-ssl]
+ server = 117-version-negotiation-server
++server2 = 117-version-negotiation-server2
+ client = 117-version-negotiation-client
+
+ [117-version-negotiation-server]
+@@ -3658,6 +4649,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[117-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [117-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3678,6 +4676,7 @@ ssl_conf = 118-version-negotiation-ssl
+
+ [118-version-negotiation-ssl]
+ server = 118-version-negotiation-server
++server2 = 118-version-negotiation-server2
+ client = 118-version-negotiation-client
+
+ [118-version-negotiation-server]
+@@ -3686,6 +4685,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[118-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [118-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3706,6 +4711,7 @@ ssl_conf = 119-version-negotiation-ssl
+
+ [119-version-negotiation-ssl]
+ server = 119-version-negotiation-server
++server2 = 119-version-negotiation-server2
+ client = 119-version-negotiation-client
+
+ [119-version-negotiation-server]
+@@ -3716,6 +4722,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[119-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [119-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3735,6 +4749,7 @@ ssl_conf = 120-version-negotiation-ssl
+
+ [120-version-negotiation-ssl]
+ server = 120-version-negotiation-server
++server2 = 120-version-negotiation-server2
+ client = 120-version-negotiation-client
+
+ [120-version-negotiation-server]
+@@ -3745,6 +4760,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[120-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [120-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3765,6 +4788,7 @@ ssl_conf = 121-version-negotiation-ssl
+
+ [121-version-negotiation-ssl]
+ server = 121-version-negotiation-server
++server2 = 121-version-negotiation-server2
+ client = 121-version-negotiation-client
+
+ [121-version-negotiation-server]
+@@ -3775,6 +4799,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[121-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [121-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3795,6 +4827,7 @@ ssl_conf = 122-version-negotiation-ssl
+
+ [122-version-negotiation-ssl]
+ server = 122-version-negotiation-server
++server2 = 122-version-negotiation-server2
+ client = 122-version-negotiation-client
+
+ [122-version-negotiation-server]
+@@ -3805,6 +4838,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[122-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [122-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3825,6 +4866,7 @@ ssl_conf = 123-version-negotiation-ssl
+
+ [123-version-negotiation-ssl]
+ server = 123-version-negotiation-server
++server2 = 123-version-negotiation-server2
+ client = 123-version-negotiation-client
+
+ [123-version-negotiation-server]
+@@ -3834,6 +4876,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[123-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [123-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3854,6 +4903,7 @@ ssl_conf = 124-version-negotiation-ssl
+
+ [124-version-negotiation-ssl]
+ server = 124-version-negotiation-server
++server2 = 124-version-negotiation-server2
+ client = 124-version-negotiation-client
+
+ [124-version-negotiation-server]
+@@ -3864,6 +4914,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[124-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [124-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3884,6 +4942,7 @@ ssl_conf = 125-version-negotiation-ssl
+
+ [125-version-negotiation-ssl]
+ server = 125-version-negotiation-server
++server2 = 125-version-negotiation-server2
+ client = 125-version-negotiation-client
+
+ [125-version-negotiation-server]
+@@ -3894,6 +4953,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[125-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [125-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3914,6 +4981,7 @@ ssl_conf = 126-version-negotiation-ssl
+
+ [126-version-negotiation-ssl]
+ server = 126-version-negotiation-server
++server2 = 126-version-negotiation-server2
+ client = 126-version-negotiation-client
+
+ [126-version-negotiation-server]
+@@ -3924,6 +4992,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[126-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [126-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3944,6 +5020,7 @@ ssl_conf = 127-version-negotiation-ssl
+
+ [127-version-negotiation-ssl]
+ server = 127-version-negotiation-server
++server2 = 127-version-negotiation-server2
+ client = 127-version-negotiation-client
+
+ [127-version-negotiation-server]
+@@ -3953,6 +5030,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[127-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [127-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -3971,11 +5055,20 @@ Protocol = TLSv1
+ [128-version-negotiation]
+ ssl_conf = 128-version-negotiation-ssl
+
+-[128-version-negotiation-ssl]
+-server = 128-version-negotiation-server
+-client = 128-version-negotiation-client
++[128-version-negotiation-ssl]
++server = 128-version-negotiation-server
++server2 = 128-version-negotiation-server2
++client = 128-version-negotiation-client
++
++[128-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
+
+-[128-version-negotiation-server]
++[128-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4002,6 +5095,7 @@ ssl_conf = 129-version-negotiation-ssl
+
+ [129-version-negotiation-ssl]
+ server = 129-version-negotiation-server
++server2 = 129-version-negotiation-server2
+ client = 129-version-negotiation-client
+
+ [129-version-negotiation-server]
+@@ -4012,6 +5106,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[129-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [129-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -4031,6 +5133,7 @@ ssl_conf = 130-version-negotiation-ssl
+
+ [130-version-negotiation-ssl]
+ server = 130-version-negotiation-server
++server2 = 130-version-negotiation-server2
+ client = 130-version-negotiation-client
+
+ [130-version-negotiation-server]
+@@ -4040,6 +5143,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[130-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [130-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -4059,6 +5169,7 @@ ssl_conf = 131-version-negotiation-ssl
+
+ [131-version-negotiation-ssl]
+ server = 131-version-negotiation-server
++server2 = 131-version-negotiation-server2
+ client = 131-version-negotiation-client
+
+ [131-version-negotiation-server]
+@@ -4069,6 +5180,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[131-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [131-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -4088,6 +5207,7 @@ ssl_conf = 132-version-negotiation-ssl
+
+ [132-version-negotiation-ssl]
+ server = 132-version-negotiation-server
++server2 = 132-version-negotiation-server2
+ client = 132-version-negotiation-client
+
+ [132-version-negotiation-server]
+@@ -4097,6 +5217,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[132-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [132-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -4116,6 +5243,7 @@ ssl_conf = 133-version-negotiation-ssl
+
+ [133-version-negotiation-ssl]
+ server = 133-version-negotiation-server
++server2 = 133-version-negotiation-server2
+ client = 133-version-negotiation-client
+
+ [133-version-negotiation-server]
+@@ -4125,6 +5253,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[133-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [133-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4144,6 +5279,7 @@ ssl_conf = 134-version-negotiation-ssl
+
+ [134-version-negotiation-ssl]
+ server = 134-version-negotiation-server
++server2 = 134-version-negotiation-server2
+ client = 134-version-negotiation-client
+
+ [134-version-negotiation-server]
+@@ -4153,6 +5289,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[134-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [134-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4173,6 +5316,7 @@ ssl_conf = 135-version-negotiation-ssl
+
+ [135-version-negotiation-ssl]
+ server = 135-version-negotiation-server
++server2 = 135-version-negotiation-server2
+ client = 135-version-negotiation-client
+
+ [135-version-negotiation-server]
+@@ -4182,6 +5326,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[135-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [135-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4202,6 +5353,7 @@ ssl_conf = 136-version-negotiation-ssl
+
+ [136-version-negotiation-ssl]
+ server = 136-version-negotiation-server
++server2 = 136-version-negotiation-server2
+ client = 136-version-negotiation-client
+
+ [136-version-negotiation-server]
+@@ -4211,6 +5363,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[136-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [136-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4231,6 +5390,7 @@ ssl_conf = 137-version-negotiation-ssl
+
+ [137-version-negotiation-ssl]
+ server = 137-version-negotiation-server
++server2 = 137-version-negotiation-server2
+ client = 137-version-negotiation-client
+
+ [137-version-negotiation-server]
+@@ -4239,6 +5399,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[137-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [137-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4259,6 +5425,7 @@ ssl_conf = 138-version-negotiation-ssl
+
+ [138-version-negotiation-ssl]
+ server = 138-version-negotiation-server
++server2 = 138-version-negotiation-server2
+ client = 138-version-negotiation-client
+
+ [138-version-negotiation-server]
+@@ -4269,6 +5436,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[138-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [138-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4288,6 +5463,7 @@ ssl_conf = 139-version-negotiation-ssl
+
+ [139-version-negotiation-ssl]
+ server = 139-version-negotiation-server
++server2 = 139-version-negotiation-server2
+ client = 139-version-negotiation-client
+
+ [139-version-negotiation-server]
+@@ -4298,6 +5474,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[139-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [139-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4318,6 +5502,7 @@ ssl_conf = 140-version-negotiation-ssl
+
+ [140-version-negotiation-ssl]
+ server = 140-version-negotiation-server
++server2 = 140-version-negotiation-server2
+ client = 140-version-negotiation-client
+
+ [140-version-negotiation-server]
+@@ -4328,6 +5513,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[140-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [140-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4348,6 +5541,7 @@ ssl_conf = 141-version-negotiation-ssl
+
+ [141-version-negotiation-ssl]
+ server = 141-version-negotiation-server
++server2 = 141-version-negotiation-server2
+ client = 141-version-negotiation-client
+
+ [141-version-negotiation-server]
+@@ -4358,6 +5552,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[141-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [141-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4378,6 +5580,7 @@ ssl_conf = 142-version-negotiation-ssl
+
+ [142-version-negotiation-ssl]
+ server = 142-version-negotiation-server
++server2 = 142-version-negotiation-server2
+ client = 142-version-negotiation-client
+
+ [142-version-negotiation-server]
+@@ -4387,6 +5590,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[142-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [142-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4407,6 +5617,7 @@ ssl_conf = 143-version-negotiation-ssl
+
+ [143-version-negotiation-ssl]
+ server = 143-version-negotiation-server
++server2 = 143-version-negotiation-server2
+ client = 143-version-negotiation-client
+
+ [143-version-negotiation-server]
+@@ -4417,6 +5628,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[143-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [143-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4437,6 +5656,7 @@ ssl_conf = 144-version-negotiation-ssl
+
+ [144-version-negotiation-ssl]
+ server = 144-version-negotiation-server
++server2 = 144-version-negotiation-server2
+ client = 144-version-negotiation-client
+
+ [144-version-negotiation-server]
+@@ -4447,6 +5667,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[144-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [144-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4467,6 +5695,7 @@ ssl_conf = 145-version-negotiation-ssl
+
+ [145-version-negotiation-ssl]
+ server = 145-version-negotiation-server
++server2 = 145-version-negotiation-server2
+ client = 145-version-negotiation-client
+
+ [145-version-negotiation-server]
+@@ -4477,6 +5706,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[145-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [145-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4497,6 +5734,7 @@ ssl_conf = 146-version-negotiation-ssl
+
+ [146-version-negotiation-ssl]
+ server = 146-version-negotiation-server
++server2 = 146-version-negotiation-server2
+ client = 146-version-negotiation-client
+
+ [146-version-negotiation-server]
+@@ -4506,6 +5744,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[146-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [146-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4526,6 +5771,7 @@ ssl_conf = 147-version-negotiation-ssl
+
+ [147-version-negotiation-ssl]
+ server = 147-version-negotiation-server
++server2 = 147-version-negotiation-server2
+ client = 147-version-negotiation-client
+
+ [147-version-negotiation-server]
+@@ -4536,6 +5782,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[147-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [147-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4556,6 +5810,7 @@ ssl_conf = 148-version-negotiation-ssl
+
+ [148-version-negotiation-ssl]
+ server = 148-version-negotiation-server
++server2 = 148-version-negotiation-server2
+ client = 148-version-negotiation-client
+
+ [148-version-negotiation-server]
+@@ -4566,6 +5821,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[148-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [148-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4586,6 +5849,7 @@ ssl_conf = 149-version-negotiation-ssl
+
+ [149-version-negotiation-ssl]
+ server = 149-version-negotiation-server
++server2 = 149-version-negotiation-server2
+ client = 149-version-negotiation-client
+
+ [149-version-negotiation-server]
+@@ -4595,6 +5859,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[149-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [149-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4615,6 +5886,7 @@ ssl_conf = 150-version-negotiation-ssl
+
+ [150-version-negotiation-ssl]
+ server = 150-version-negotiation-server
++server2 = 150-version-negotiation-server2
+ client = 150-version-negotiation-client
+
+ [150-version-negotiation-server]
+@@ -4625,6 +5897,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[150-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [150-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4644,6 +5924,7 @@ ssl_conf = 151-version-negotiation-ssl
+
+ [151-version-negotiation-ssl]
+ server = 151-version-negotiation-server
++server2 = 151-version-negotiation-server2
+ client = 151-version-negotiation-client
+
+ [151-version-negotiation-server]
+@@ -4653,6 +5934,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[151-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [151-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -4672,6 +5960,7 @@ ssl_conf = 152-version-negotiation-ssl
+
+ [152-version-negotiation-ssl]
+ server = 152-version-negotiation-server
++server2 = 152-version-negotiation-server2
+ client = 152-version-negotiation-client
+
+ [152-version-negotiation-server]
+@@ -4681,6 +5970,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[152-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [152-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4700,6 +5996,7 @@ ssl_conf = 153-version-negotiation-ssl
+
+ [153-version-negotiation-ssl]
+ server = 153-version-negotiation-server
++server2 = 153-version-negotiation-server2
+ client = 153-version-negotiation-client
+
+ [153-version-negotiation-server]
+@@ -4709,6 +6006,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[153-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [153-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4729,6 +6033,7 @@ ssl_conf = 154-version-negotiation-ssl
+
+ [154-version-negotiation-ssl]
+ server = 154-version-negotiation-server
++server2 = 154-version-negotiation-server2
+ client = 154-version-negotiation-client
+
+ [154-version-negotiation-server]
+@@ -4738,6 +6043,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[154-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [154-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4758,6 +6070,7 @@ ssl_conf = 155-version-negotiation-ssl
+
+ [155-version-negotiation-ssl]
+ server = 155-version-negotiation-server
++server2 = 155-version-negotiation-server2
+ client = 155-version-negotiation-client
+
+ [155-version-negotiation-server]
+@@ -4767,6 +6080,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[155-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [155-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4787,6 +6107,7 @@ ssl_conf = 156-version-negotiation-ssl
+
+ [156-version-negotiation-ssl]
+ server = 156-version-negotiation-server
++server2 = 156-version-negotiation-server2
+ client = 156-version-negotiation-client
+
+ [156-version-negotiation-server]
+@@ -4795,6 +6116,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[156-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [156-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4815,6 +6142,7 @@ ssl_conf = 157-version-negotiation-ssl
+
+ [157-version-negotiation-ssl]
+ server = 157-version-negotiation-server
++server2 = 157-version-negotiation-server2
+ client = 157-version-negotiation-client
+
+ [157-version-negotiation-server]
+@@ -4825,6 +6153,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[157-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [157-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4844,6 +6180,7 @@ ssl_conf = 158-version-negotiation-ssl
+
+ [158-version-negotiation-ssl]
+ server = 158-version-negotiation-server
++server2 = 158-version-negotiation-server2
+ client = 158-version-negotiation-client
+
+ [158-version-negotiation-server]
+@@ -4854,6 +6191,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[158-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [158-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4874,6 +6219,7 @@ ssl_conf = 159-version-negotiation-ssl
+
+ [159-version-negotiation-ssl]
+ server = 159-version-negotiation-server
++server2 = 159-version-negotiation-server2
+ client = 159-version-negotiation-client
+
+ [159-version-negotiation-server]
+@@ -4884,6 +6230,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[159-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [159-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4904,6 +6258,7 @@ ssl_conf = 160-version-negotiation-ssl
+
+ [160-version-negotiation-ssl]
+ server = 160-version-negotiation-server
++server2 = 160-version-negotiation-server2
+ client = 160-version-negotiation-client
+
+ [160-version-negotiation-server]
+@@ -4914,6 +6269,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[160-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [160-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4934,6 +6297,7 @@ ssl_conf = 161-version-negotiation-ssl
+
+ [161-version-negotiation-ssl]
+ server = 161-version-negotiation-server
++server2 = 161-version-negotiation-server2
+ client = 161-version-negotiation-client
+
+ [161-version-negotiation-server]
+@@ -4943,6 +6307,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[161-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [161-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4963,6 +6334,7 @@ ssl_conf = 162-version-negotiation-ssl
+
+ [162-version-negotiation-ssl]
+ server = 162-version-negotiation-server
++server2 = 162-version-negotiation-server2
+ client = 162-version-negotiation-client
+
+ [162-version-negotiation-server]
+@@ -4973,6 +6345,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[162-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [162-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -4993,6 +6373,7 @@ ssl_conf = 163-version-negotiation-ssl
+
+ [163-version-negotiation-ssl]
+ server = 163-version-negotiation-server
++server2 = 163-version-negotiation-server2
+ client = 163-version-negotiation-client
+
+ [163-version-negotiation-server]
+@@ -5003,6 +6384,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[163-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [163-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5023,6 +6412,7 @@ ssl_conf = 164-version-negotiation-ssl
+
+ [164-version-negotiation-ssl]
+ server = 164-version-negotiation-server
++server2 = 164-version-negotiation-server2
+ client = 164-version-negotiation-client
+
+ [164-version-negotiation-server]
+@@ -5033,6 +6423,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[164-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [164-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5053,6 +6451,7 @@ ssl_conf = 165-version-negotiation-ssl
+
+ [165-version-negotiation-ssl]
+ server = 165-version-negotiation-server
++server2 = 165-version-negotiation-server2
+ client = 165-version-negotiation-client
+
+ [165-version-negotiation-server]
+@@ -5062,6 +6461,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[165-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [165-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5080,11 +6486,20 @@ Protocol = TLSv1.2
+ [166-version-negotiation]
+ ssl_conf = 166-version-negotiation-ssl
+
+-[166-version-negotiation-ssl]
+-server = 166-version-negotiation-server
+-client = 166-version-negotiation-client
++[166-version-negotiation-ssl]
++server = 166-version-negotiation-server
++server2 = 166-version-negotiation-server2
++client = 166-version-negotiation-client
++
++[166-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
+
+-[166-version-negotiation-server]
++[166-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -5112,6 +6527,7 @@ ssl_conf = 167-version-negotiation-ssl
+
+ [167-version-negotiation-ssl]
+ server = 167-version-negotiation-server
++server2 = 167-version-negotiation-server2
+ client = 167-version-negotiation-client
+
+ [167-version-negotiation-server]
+@@ -5122,6 +6538,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[167-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [167-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5142,6 +6566,7 @@ ssl_conf = 168-version-negotiation-ssl
+
+ [168-version-negotiation-ssl]
+ server = 168-version-negotiation-server
++server2 = 168-version-negotiation-server2
+ client = 168-version-negotiation-client
+
+ [168-version-negotiation-server]
+@@ -5151,6 +6576,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[168-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [168-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5171,6 +6603,7 @@ ssl_conf = 169-version-negotiation-ssl
+
+ [169-version-negotiation-ssl]
+ server = 169-version-negotiation-server
++server2 = 169-version-negotiation-server2
+ client = 169-version-negotiation-client
+
+ [169-version-negotiation-server]
+@@ -5181,6 +6614,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[169-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [169-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5201,6 +6642,7 @@ ssl_conf = 170-version-negotiation-ssl
+
+ [170-version-negotiation-ssl]
+ server = 170-version-negotiation-server
++server2 = 170-version-negotiation-server2
+ client = 170-version-negotiation-client
+
+ [170-version-negotiation-server]
+@@ -5210,6 +6652,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[170-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [170-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -5230,6 +6679,7 @@ ssl_conf = 171-version-negotiation-ssl
+
+ [171-version-negotiation-ssl]
+ server = 171-version-negotiation-server
++server2 = 171-version-negotiation-server2
+ client = 171-version-negotiation-client
+
+ [171-version-negotiation-server]
+@@ -5239,6 +6689,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[171-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [171-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5257,6 +6714,7 @@ ssl_conf = 172-version-negotiation-ssl
+
+ [172-version-negotiation-ssl]
+ server = 172-version-negotiation-server
++server2 = 172-version-negotiation-server2
+ client = 172-version-negotiation-client
+
+ [172-version-negotiation-server]
+@@ -5266,6 +6724,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[172-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [172-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5285,6 +6750,7 @@ ssl_conf = 173-version-negotiation-ssl
+
+ [173-version-negotiation-ssl]
+ server = 173-version-negotiation-server
++server2 = 173-version-negotiation-server2
+ client = 173-version-negotiation-client
+
+ [173-version-negotiation-server]
+@@ -5294,6 +6760,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[173-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [173-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5313,6 +6786,7 @@ ssl_conf = 174-version-negotiation-ssl
+
+ [174-version-negotiation-ssl]
+ server = 174-version-negotiation-server
++server2 = 174-version-negotiation-server2
+ client = 174-version-negotiation-client
+
+ [174-version-negotiation-server]
+@@ -5322,6 +6796,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[174-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [174-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5341,6 +6822,7 @@ ssl_conf = 175-version-negotiation-ssl
+
+ [175-version-negotiation-ssl]
+ server = 175-version-negotiation-server
++server2 = 175-version-negotiation-server2
+ client = 175-version-negotiation-client
+
+ [175-version-negotiation-server]
+@@ -5349,6 +6831,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[175-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [175-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5368,6 +6856,7 @@ ssl_conf = 176-version-negotiation-ssl
+
+ [176-version-negotiation-ssl]
+ server = 176-version-negotiation-server
++server2 = 176-version-negotiation-server2
+ client = 176-version-negotiation-client
+
+ [176-version-negotiation-server]
+@@ -5378,6 +6867,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[176-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [176-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5396,6 +6893,7 @@ ssl_conf = 177-version-negotiation-ssl
+
+ [177-version-negotiation-ssl]
+ server = 177-version-negotiation-server
++server2 = 177-version-negotiation-server2
+ client = 177-version-negotiation-client
+
+ [177-version-negotiation-server]
+@@ -5406,6 +6904,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[177-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [177-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5425,6 +6931,7 @@ ssl_conf = 178-version-negotiation-ssl
+
+ [178-version-negotiation-ssl]
+ server = 178-version-negotiation-server
++server2 = 178-version-negotiation-server2
+ client = 178-version-negotiation-client
+
+ [178-version-negotiation-server]
+@@ -5435,6 +6942,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[178-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [178-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5454,6 +6969,7 @@ ssl_conf = 179-version-negotiation-ssl
+
+ [179-version-negotiation-ssl]
+ server = 179-version-negotiation-server
++server2 = 179-version-negotiation-server2
+ client = 179-version-negotiation-client
+
+ [179-version-negotiation-server]
+@@ -5464,6 +6980,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[179-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [179-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5483,6 +7007,7 @@ ssl_conf = 180-version-negotiation-ssl
+
+ [180-version-negotiation-ssl]
+ server = 180-version-negotiation-server
++server2 = 180-version-negotiation-server2
+ client = 180-version-negotiation-client
+
+ [180-version-negotiation-server]
+@@ -5492,6 +7017,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[180-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [180-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5511,6 +7043,7 @@ ssl_conf = 181-version-negotiation-ssl
+
+ [181-version-negotiation-ssl]
+ server = 181-version-negotiation-server
++server2 = 181-version-negotiation-server2
+ client = 181-version-negotiation-client
+
+ [181-version-negotiation-server]
+@@ -5521,6 +7054,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[181-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [181-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5540,6 +7081,7 @@ ssl_conf = 182-version-negotiation-ssl
+
+ [182-version-negotiation-ssl]
+ server = 182-version-negotiation-server
++server2 = 182-version-negotiation-server2
+ client = 182-version-negotiation-client
+
+ [182-version-negotiation-server]
+@@ -5550,6 +7092,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[182-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [182-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5569,6 +7119,7 @@ ssl_conf = 183-version-negotiation-ssl
+
+ [183-version-negotiation-ssl]
+ server = 183-version-negotiation-server
++server2 = 183-version-negotiation-server2
+ client = 183-version-negotiation-client
+
+ [183-version-negotiation-server]
+@@ -5579,6 +7130,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[183-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [183-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5598,6 +7157,7 @@ ssl_conf = 184-version-negotiation-ssl
+
+ [184-version-negotiation-ssl]
+ server = 184-version-negotiation-server
++server2 = 184-version-negotiation-server2
+ client = 184-version-negotiation-client
+
+ [184-version-negotiation-server]
+@@ -5607,6 +7167,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[184-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [184-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5626,6 +7193,7 @@ ssl_conf = 185-version-negotiation-ssl
+
+ [185-version-negotiation-ssl]
+ server = 185-version-negotiation-server
++server2 = 185-version-negotiation-server2
+ client = 185-version-negotiation-client
+
+ [185-version-negotiation-server]
+@@ -5636,6 +7204,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[185-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [185-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5655,6 +7231,7 @@ ssl_conf = 186-version-negotiation-ssl
+
+ [186-version-negotiation-ssl]
+ server = 186-version-negotiation-server
++server2 = 186-version-negotiation-server2
+ client = 186-version-negotiation-client
+
+ [186-version-negotiation-server]
+@@ -5665,6 +7242,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[186-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [186-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5684,6 +7269,7 @@ ssl_conf = 187-version-negotiation-ssl
+
+ [187-version-negotiation-ssl]
+ server = 187-version-negotiation-server
++server2 = 187-version-negotiation-server2
+ client = 187-version-negotiation-client
+
+ [187-version-negotiation-server]
+@@ -5693,6 +7279,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[187-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [187-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5712,6 +7305,7 @@ ssl_conf = 188-version-negotiation-ssl
+
+ [188-version-negotiation-ssl]
+ server = 188-version-negotiation-server
++server2 = 188-version-negotiation-server2
+ client = 188-version-negotiation-client
+
+ [188-version-negotiation-server]
+@@ -5722,6 +7316,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[188-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [188-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5741,6 +7343,7 @@ ssl_conf = 189-version-negotiation-ssl
+
+ [189-version-negotiation-ssl]
+ server = 189-version-negotiation-server
++server2 = 189-version-negotiation-server2
+ client = 189-version-negotiation-client
+
+ [189-version-negotiation-server]
+@@ -5750,6 +7353,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[189-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [189-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = SSLv3
+@@ -5769,6 +7379,7 @@ ssl_conf = 190-version-negotiation-ssl
+
+ [190-version-negotiation-ssl]
+ server = 190-version-negotiation-server
++server2 = 190-version-negotiation-server2
+ client = 190-version-negotiation-client
+
+ [190-version-negotiation-server]
+@@ -5778,6 +7389,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[190-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [190-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5797,6 +7415,7 @@ ssl_conf = 191-version-negotiation-ssl
+
+ [191-version-negotiation-ssl]
+ server = 191-version-negotiation-server
++server2 = 191-version-negotiation-server2
+ client = 191-version-negotiation-client
+
+ [191-version-negotiation-server]
+@@ -5806,6 +7425,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[191-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [191-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5826,6 +7452,7 @@ ssl_conf = 192-version-negotiation-ssl
+
+ [192-version-negotiation-ssl]
+ server = 192-version-negotiation-server
++server2 = 192-version-negotiation-server2
+ client = 192-version-negotiation-client
+
+ [192-version-negotiation-server]
+@@ -5835,6 +7462,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[192-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [192-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5855,6 +7489,7 @@ ssl_conf = 193-version-negotiation-ssl
+
+ [193-version-negotiation-ssl]
+ server = 193-version-negotiation-server
++server2 = 193-version-negotiation-server2
+ client = 193-version-negotiation-client
+
+ [193-version-negotiation-server]
+@@ -5864,6 +7499,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[193-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [193-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5884,6 +7526,7 @@ ssl_conf = 194-version-negotiation-ssl
+
+ [194-version-negotiation-ssl]
+ server = 194-version-negotiation-server
++server2 = 194-version-negotiation-server2
+ client = 194-version-negotiation-client
+
+ [194-version-negotiation-server]
+@@ -5892,6 +7535,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[194-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [194-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5912,6 +7561,7 @@ ssl_conf = 195-version-negotiation-ssl
+
+ [195-version-negotiation-ssl]
+ server = 195-version-negotiation-server
++server2 = 195-version-negotiation-server2
+ client = 195-version-negotiation-client
+
+ [195-version-negotiation-server]
+@@ -5922,6 +7572,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[195-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [195-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5941,6 +7599,7 @@ ssl_conf = 196-version-negotiation-ssl
+
+ [196-version-negotiation-ssl]
+ server = 196-version-negotiation-server
++server2 = 196-version-negotiation-server2
+ client = 196-version-negotiation-client
+
+ [196-version-negotiation-server]
+@@ -5951,6 +7610,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[196-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [196-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -5971,6 +7638,7 @@ ssl_conf = 197-version-negotiation-ssl
+
+ [197-version-negotiation-ssl]
+ server = 197-version-negotiation-server
++server2 = 197-version-negotiation-server2
+ client = 197-version-negotiation-client
+
+ [197-version-negotiation-server]
+@@ -5981,6 +7649,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[197-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [197-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6001,6 +7677,7 @@ ssl_conf = 198-version-negotiation-ssl
+
+ [198-version-negotiation-ssl]
+ server = 198-version-negotiation-server
++server2 = 198-version-negotiation-server2
+ client = 198-version-negotiation-client
+
+ [198-version-negotiation-server]
+@@ -6011,6 +7688,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[198-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [198-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6031,6 +7716,7 @@ ssl_conf = 199-version-negotiation-ssl
+
+ [199-version-negotiation-ssl]
+ server = 199-version-negotiation-server
++server2 = 199-version-negotiation-server2
+ client = 199-version-negotiation-client
+
+ [199-version-negotiation-server]
+@@ -6040,6 +7726,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[199-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [199-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6060,6 +7753,7 @@ ssl_conf = 200-version-negotiation-ssl
+
+ [200-version-negotiation-ssl]
+ server = 200-version-negotiation-server
++server2 = 200-version-negotiation-server2
+ client = 200-version-negotiation-client
+
+ [200-version-negotiation-server]
+@@ -6070,6 +7764,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[200-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [200-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6090,6 +7792,7 @@ ssl_conf = 201-version-negotiation-ssl
+
+ [201-version-negotiation-ssl]
+ server = 201-version-negotiation-server
++server2 = 201-version-negotiation-server2
+ client = 201-version-negotiation-client
+
+ [201-version-negotiation-server]
+@@ -6100,6 +7803,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[201-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [201-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6120,6 +7831,7 @@ ssl_conf = 202-version-negotiation-ssl
+
+ [202-version-negotiation-ssl]
+ server = 202-version-negotiation-server
++server2 = 202-version-negotiation-server2
+ client = 202-version-negotiation-client
+
+ [202-version-negotiation-server]
+@@ -6130,6 +7842,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[202-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [202-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6150,6 +7870,7 @@ ssl_conf = 203-version-negotiation-ssl
+
+ [203-version-negotiation-ssl]
+ server = 203-version-negotiation-server
++server2 = 203-version-negotiation-server2
+ client = 203-version-negotiation-client
+
+ [203-version-negotiation-server]
+@@ -6159,6 +7880,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[203-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [203-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6179,6 +7907,7 @@ ssl_conf = 204-version-negotiation-ssl
+
+ [204-version-negotiation-ssl]
+ server = 204-version-negotiation-server
++server2 = 204-version-negotiation-server2
+ client = 204-version-negotiation-client
+
+ [204-version-negotiation-server]
+@@ -6189,6 +7918,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[204-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [204-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6208,9 +7945,18 @@ ssl_conf = 205-version-negotiation-ssl
+
+ [205-version-negotiation-ssl]
+ server = 205-version-negotiation-server
++server2 = 205-version-negotiation-server2
+ client = 205-version-negotiation-client
+
+-[205-version-negotiation-server]
++[205-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[205-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -6237,6 +7983,7 @@ ssl_conf = 206-version-negotiation-ssl
+
+ [206-version-negotiation-ssl]
+ server = 206-version-negotiation-server
++server2 = 206-version-negotiation-server2
+ client = 206-version-negotiation-client
+
+ [206-version-negotiation-server]
+@@ -6246,6 +7993,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[206-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [206-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6265,6 +8019,7 @@ ssl_conf = 207-version-negotiation-ssl
+
+ [207-version-negotiation-ssl]
+ server = 207-version-negotiation-server
++server2 = 207-version-negotiation-server2
+ client = 207-version-negotiation-client
+
+ [207-version-negotiation-server]
+@@ -6275,6 +8030,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[207-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [207-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6294,6 +8057,7 @@ ssl_conf = 208-version-negotiation-ssl
+
+ [208-version-negotiation-ssl]
+ server = 208-version-negotiation-server
++server2 = 208-version-negotiation-server2
+ client = 208-version-negotiation-client
+
+ [208-version-negotiation-server]
+@@ -6303,6 +8067,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[208-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [208-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1
+@@ -6322,6 +8093,7 @@ ssl_conf = 209-version-negotiation-ssl
+
+ [209-version-negotiation-ssl]
+ server = 209-version-negotiation-server
++server2 = 209-version-negotiation-server2
+ client = 209-version-negotiation-client
+
+ [209-version-negotiation-server]
+@@ -6331,6 +8103,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[209-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [209-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6350,6 +8129,7 @@ ssl_conf = 210-version-negotiation-ssl
+
+ [210-version-negotiation-ssl]
+ server = 210-version-negotiation-server
++server2 = 210-version-negotiation-server2
+ client = 210-version-negotiation-client
+
+ [210-version-negotiation-server]
+@@ -6359,6 +8139,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[210-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [210-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6379,6 +8166,7 @@ ssl_conf = 211-version-negotiation-ssl
+
+ [211-version-negotiation-ssl]
+ server = 211-version-negotiation-server
++server2 = 211-version-negotiation-server2
+ client = 211-version-negotiation-client
+
+ [211-version-negotiation-server]
+@@ -6388,6 +8176,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[211-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [211-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6408,6 +8203,7 @@ ssl_conf = 212-version-negotiation-ssl
+
+ [212-version-negotiation-ssl]
+ server = 212-version-negotiation-server
++server2 = 212-version-negotiation-server2
+ client = 212-version-negotiation-client
+
+ [212-version-negotiation-server]
+@@ -6417,6 +8213,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[212-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [212-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6437,6 +8240,7 @@ ssl_conf = 213-version-negotiation-ssl
+
+ [213-version-negotiation-ssl]
+ server = 213-version-negotiation-server
++server2 = 213-version-negotiation-server2
+ client = 213-version-negotiation-client
+
+ [213-version-negotiation-server]
+@@ -6445,6 +8249,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[213-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [213-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6465,6 +8275,7 @@ ssl_conf = 214-version-negotiation-ssl
+
+ [214-version-negotiation-ssl]
+ server = 214-version-negotiation-server
++server2 = 214-version-negotiation-server2
+ client = 214-version-negotiation-client
+
+ [214-version-negotiation-server]
+@@ -6475,6 +8286,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[214-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [214-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6494,6 +8313,7 @@ ssl_conf = 215-version-negotiation-ssl
+
+ [215-version-negotiation-ssl]
+ server = 215-version-negotiation-server
++server2 = 215-version-negotiation-server2
+ client = 215-version-negotiation-client
+
+ [215-version-negotiation-server]
+@@ -6504,6 +8324,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[215-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [215-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6524,6 +8352,7 @@ ssl_conf = 216-version-negotiation-ssl
+
+ [216-version-negotiation-ssl]
+ server = 216-version-negotiation-server
++server2 = 216-version-negotiation-server2
+ client = 216-version-negotiation-client
+
+ [216-version-negotiation-server]
+@@ -6534,6 +8363,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[216-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [216-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6554,6 +8391,7 @@ ssl_conf = 217-version-negotiation-ssl
+
+ [217-version-negotiation-ssl]
+ server = 217-version-negotiation-server
++server2 = 217-version-negotiation-server2
+ client = 217-version-negotiation-client
+
+ [217-version-negotiation-server]
+@@ -6564,6 +8402,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[217-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [217-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6584,6 +8430,7 @@ ssl_conf = 218-version-negotiation-ssl
+
+ [218-version-negotiation-ssl]
+ server = 218-version-negotiation-server
++server2 = 218-version-negotiation-server2
+ client = 218-version-negotiation-client
+
+ [218-version-negotiation-server]
+@@ -6593,6 +8440,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[218-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [218-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6613,6 +8467,7 @@ ssl_conf = 219-version-negotiation-ssl
+
+ [219-version-negotiation-ssl]
+ server = 219-version-negotiation-server
++server2 = 219-version-negotiation-server2
+ client = 219-version-negotiation-client
+
+ [219-version-negotiation-server]
+@@ -6623,6 +8478,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[219-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [219-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6643,6 +8506,7 @@ ssl_conf = 220-version-negotiation-ssl
+
+ [220-version-negotiation-ssl]
+ server = 220-version-negotiation-server
++server2 = 220-version-negotiation-server2
+ client = 220-version-negotiation-client
+
+ [220-version-negotiation-server]
+@@ -6653,6 +8517,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[220-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [220-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6673,6 +8545,7 @@ ssl_conf = 221-version-negotiation-ssl
+
+ [221-version-negotiation-ssl]
+ server = 221-version-negotiation-server
++server2 = 221-version-negotiation-server2
+ client = 221-version-negotiation-client
+
+ [221-version-negotiation-server]
+@@ -6683,6 +8556,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[221-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [221-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6703,6 +8584,7 @@ ssl_conf = 222-version-negotiation-ssl
+
+ [222-version-negotiation-ssl]
+ server = 222-version-negotiation-server
++server2 = 222-version-negotiation-server2
+ client = 222-version-negotiation-client
+
+ [222-version-negotiation-server]
+@@ -6712,6 +8594,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[222-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [222-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6732,6 +8621,7 @@ ssl_conf = 223-version-negotiation-ssl
+
+ [223-version-negotiation-ssl]
+ server = 223-version-negotiation-server
++server2 = 223-version-negotiation-server2
+ client = 223-version-negotiation-client
+
+ [223-version-negotiation-server]
+@@ -6742,6 +8632,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[223-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [223-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6762,6 +8660,7 @@ ssl_conf = 224-version-negotiation-ssl
+
+ [224-version-negotiation-ssl]
+ server = 224-version-negotiation-server
++server2 = 224-version-negotiation-server2
+ client = 224-version-negotiation-client
+
+ [224-version-negotiation-server]
+@@ -6772,6 +8671,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[224-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [224-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6792,6 +8699,7 @@ ssl_conf = 225-version-negotiation-ssl
+
+ [225-version-negotiation-ssl]
+ server = 225-version-negotiation-server
++server2 = 225-version-negotiation-server2
+ client = 225-version-negotiation-client
+
+ [225-version-negotiation-server]
+@@ -6801,6 +8709,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[225-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [225-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6821,6 +8736,7 @@ ssl_conf = 226-version-negotiation-ssl
+
+ [226-version-negotiation-ssl]
+ server = 226-version-negotiation-server
++server2 = 226-version-negotiation-server2
+ client = 226-version-negotiation-client
+
+ [226-version-negotiation-server]
+@@ -6831,6 +8747,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[226-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [226-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6850,6 +8774,7 @@ ssl_conf = 227-version-negotiation-ssl
+
+ [227-version-negotiation-ssl]
+ server = 227-version-negotiation-server
++server2 = 227-version-negotiation-server2
+ client = 227-version-negotiation-client
+
+ [227-version-negotiation-server]
+@@ -6859,6 +8784,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[227-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [227-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -6878,6 +8810,7 @@ ssl_conf = 228-version-negotiation-ssl
+
+ [228-version-negotiation-ssl]
+ server = 228-version-negotiation-server
++server2 = 228-version-negotiation-server2
+ client = 228-version-negotiation-client
+
+ [228-version-negotiation-server]
+@@ -6887,6 +8820,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[228-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [228-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -6906,6 +8846,7 @@ ssl_conf = 229-version-negotiation-ssl
+
+ [229-version-negotiation-ssl]
+ server = 229-version-negotiation-server
++server2 = 229-version-negotiation-server2
+ client = 229-version-negotiation-client
+
+ [229-version-negotiation-server]
+@@ -6915,6 +8856,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[229-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [229-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -6935,6 +8883,7 @@ ssl_conf = 230-version-negotiation-ssl
+
+ [230-version-negotiation-ssl]
+ server = 230-version-negotiation-server
++server2 = 230-version-negotiation-server2
+ client = 230-version-negotiation-client
+
+ [230-version-negotiation-server]
+@@ -6944,6 +8893,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[230-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [230-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -6964,6 +8920,7 @@ ssl_conf = 231-version-negotiation-ssl
+
+ [231-version-negotiation-ssl]
+ server = 231-version-negotiation-server
++server2 = 231-version-negotiation-server2
+ client = 231-version-negotiation-client
+
+ [231-version-negotiation-server]
+@@ -6973,6 +8930,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[231-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [231-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -6993,6 +8957,7 @@ ssl_conf = 232-version-negotiation-ssl
+
+ [232-version-negotiation-ssl]
+ server = 232-version-negotiation-server
++server2 = 232-version-negotiation-server2
+ client = 232-version-negotiation-client
+
+ [232-version-negotiation-server]
+@@ -7001,6 +8966,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[232-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [232-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7021,6 +8992,7 @@ ssl_conf = 233-version-negotiation-ssl
+
+ [233-version-negotiation-ssl]
+ server = 233-version-negotiation-server
++server2 = 233-version-negotiation-server2
+ client = 233-version-negotiation-client
+
+ [233-version-negotiation-server]
+@@ -7031,6 +9003,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[233-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [233-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7050,6 +9030,7 @@ ssl_conf = 234-version-negotiation-ssl
+
+ [234-version-negotiation-ssl]
+ server = 234-version-negotiation-server
++server2 = 234-version-negotiation-server2
+ client = 234-version-negotiation-client
+
+ [234-version-negotiation-server]
+@@ -7060,6 +9041,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[234-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [234-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7080,6 +9069,7 @@ ssl_conf = 235-version-negotiation-ssl
+
+ [235-version-negotiation-ssl]
+ server = 235-version-negotiation-server
++server2 = 235-version-negotiation-server2
+ client = 235-version-negotiation-client
+
+ [235-version-negotiation-server]
+@@ -7090,6 +9080,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[235-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [235-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7110,6 +9108,7 @@ ssl_conf = 236-version-negotiation-ssl
+
+ [236-version-negotiation-ssl]
+ server = 236-version-negotiation-server
++server2 = 236-version-negotiation-server2
+ client = 236-version-negotiation-client
+
+ [236-version-negotiation-server]
+@@ -7120,6 +9119,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[236-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [236-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7140,6 +9147,7 @@ ssl_conf = 237-version-negotiation-ssl
+
+ [237-version-negotiation-ssl]
+ server = 237-version-negotiation-server
++server2 = 237-version-negotiation-server2
+ client = 237-version-negotiation-client
+
+ [237-version-negotiation-server]
+@@ -7149,6 +9157,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[237-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [237-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7169,6 +9184,7 @@ ssl_conf = 238-version-negotiation-ssl
+
+ [238-version-negotiation-ssl]
+ server = 238-version-negotiation-server
++server2 = 238-version-negotiation-server2
+ client = 238-version-negotiation-client
+
+ [238-version-negotiation-server]
+@@ -7179,6 +9195,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[238-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [238-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7199,6 +9223,7 @@ ssl_conf = 239-version-negotiation-ssl
+
+ [239-version-negotiation-ssl]
+ server = 239-version-negotiation-server
++server2 = 239-version-negotiation-server2
+ client = 239-version-negotiation-client
+
+ [239-version-negotiation-server]
+@@ -7209,6 +9234,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[239-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [239-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7229,6 +9262,7 @@ ssl_conf = 240-version-negotiation-ssl
+
+ [240-version-negotiation-ssl]
+ server = 240-version-negotiation-server
++server2 = 240-version-negotiation-server2
+ client = 240-version-negotiation-client
+
+ [240-version-negotiation-server]
+@@ -7239,6 +9273,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[240-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [240-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7259,6 +9301,7 @@ ssl_conf = 241-version-negotiation-ssl
+
+ [241-version-negotiation-ssl]
+ server = 241-version-negotiation-server
++server2 = 241-version-negotiation-server2
+ client = 241-version-negotiation-client
+
+ [241-version-negotiation-server]
+@@ -7268,6 +9311,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[241-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [241-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7288,6 +9338,7 @@ ssl_conf = 242-version-negotiation-ssl
+
+ [242-version-negotiation-ssl]
+ server = 242-version-negotiation-server
++server2 = 242-version-negotiation-server2
+ client = 242-version-negotiation-client
+
+ [242-version-negotiation-server]
+@@ -7298,6 +9349,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[242-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [242-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7318,6 +9377,7 @@ ssl_conf = 243-version-negotiation-ssl
+
+ [243-version-negotiation-ssl]
+ server = 243-version-negotiation-server
++server2 = 243-version-negotiation-server2
+ client = 243-version-negotiation-client
+
+ [243-version-negotiation-server]
+@@ -7328,6 +9388,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[243-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [243-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7348,9 +9416,17 @@ ssl_conf = 244-version-negotiation-ssl
+
+ [244-version-negotiation-ssl]
+ server = 244-version-negotiation-server
++server2 = 244-version-negotiation-server2
+ client = 244-version-negotiation-client
+
+-[244-version-negotiation-server]
++[244-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[244-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -7377,6 +9453,7 @@ ssl_conf = 245-version-negotiation-ssl
+
+ [245-version-negotiation-ssl]
+ server = 245-version-negotiation-server
++server2 = 245-version-negotiation-server2
+ client = 245-version-negotiation-client
+
+ [245-version-negotiation-server]
+@@ -7387,6 +9464,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[245-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [245-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7407,6 +9492,7 @@ ssl_conf = 246-version-negotiation-ssl
+
+ [246-version-negotiation-ssl]
+ server = 246-version-negotiation-server
++server2 = 246-version-negotiation-server2
+ client = 246-version-negotiation-client
+
+ [246-version-negotiation-server]
+@@ -7416,6 +9502,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[246-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [246-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -7436,6 +9529,7 @@ ssl_conf = 247-version-negotiation-ssl
+
+ [247-version-negotiation-ssl]
+ server = 247-version-negotiation-server
++server2 = 247-version-negotiation-server2
+ client = 247-version-negotiation-client
+
+ [247-version-negotiation-server]
+@@ -7445,6 +9539,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[247-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [247-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7463,6 +9564,7 @@ ssl_conf = 248-version-negotiation-ssl
+
+ [248-version-negotiation-ssl]
+ server = 248-version-negotiation-server
++server2 = 248-version-negotiation-server2
+ client = 248-version-negotiation-client
+
+ [248-version-negotiation-server]
+@@ -7472,6 +9574,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[248-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [248-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7491,6 +9600,7 @@ ssl_conf = 249-version-negotiation-ssl
+
+ [249-version-negotiation-ssl]
+ server = 249-version-negotiation-server
++server2 = 249-version-negotiation-server2
+ client = 249-version-negotiation-client
+
+ [249-version-negotiation-server]
+@@ -7500,6 +9610,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[249-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [249-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7519,6 +9636,7 @@ ssl_conf = 250-version-negotiation-ssl
+
+ [250-version-negotiation-ssl]
+ server = 250-version-negotiation-server
++server2 = 250-version-negotiation-server2
+ client = 250-version-negotiation-client
+
+ [250-version-negotiation-server]
+@@ -7528,6 +9646,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[250-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [250-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7547,6 +9672,7 @@ ssl_conf = 251-version-negotiation-ssl
+
+ [251-version-negotiation-ssl]
+ server = 251-version-negotiation-server
++server2 = 251-version-negotiation-server2
+ client = 251-version-negotiation-client
+
+ [251-version-negotiation-server]
+@@ -7555,6 +9681,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[251-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [251-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7574,6 +9706,7 @@ ssl_conf = 252-version-negotiation-ssl
+
+ [252-version-negotiation-ssl]
+ server = 252-version-negotiation-server
++server2 = 252-version-negotiation-server2
+ client = 252-version-negotiation-client
+
+ [252-version-negotiation-server]
+@@ -7584,6 +9717,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[252-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [252-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7602,6 +9743,7 @@ ssl_conf = 253-version-negotiation-ssl
+
+ [253-version-negotiation-ssl]
+ server = 253-version-negotiation-server
++server2 = 253-version-negotiation-server2
+ client = 253-version-negotiation-client
+
+ [253-version-negotiation-server]
+@@ -7612,6 +9754,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[253-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [253-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7631,6 +9781,7 @@ ssl_conf = 254-version-negotiation-ssl
+
+ [254-version-negotiation-ssl]
+ server = 254-version-negotiation-server
++server2 = 254-version-negotiation-server2
+ client = 254-version-negotiation-client
+
+ [254-version-negotiation-server]
+@@ -7641,6 +9792,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[254-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [254-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7660,6 +9819,7 @@ ssl_conf = 255-version-negotiation-ssl
+
+ [255-version-negotiation-ssl]
+ server = 255-version-negotiation-server
++server2 = 255-version-negotiation-server2
+ client = 255-version-negotiation-client
+
+ [255-version-negotiation-server]
+@@ -7670,6 +9830,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[255-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [255-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7689,6 +9857,7 @@ ssl_conf = 256-version-negotiation-ssl
+
+ [256-version-negotiation-ssl]
+ server = 256-version-negotiation-server
++server2 = 256-version-negotiation-server2
+ client = 256-version-negotiation-client
+
+ [256-version-negotiation-server]
+@@ -7698,6 +9867,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[256-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [256-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7717,6 +9893,7 @@ ssl_conf = 257-version-negotiation-ssl
+
+ [257-version-negotiation-ssl]
+ server = 257-version-negotiation-server
++server2 = 257-version-negotiation-server2
+ client = 257-version-negotiation-client
+
+ [257-version-negotiation-server]
+@@ -7727,6 +9904,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[257-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [257-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7746,6 +9931,7 @@ ssl_conf = 258-version-negotiation-ssl
+
+ [258-version-negotiation-ssl]
+ server = 258-version-negotiation-server
++server2 = 258-version-negotiation-server2
+ client = 258-version-negotiation-client
+
+ [258-version-negotiation-server]
+@@ -7756,6 +9942,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[258-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [258-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7775,6 +9969,7 @@ ssl_conf = 259-version-negotiation-ssl
+
+ [259-version-negotiation-ssl]
+ server = 259-version-negotiation-server
++server2 = 259-version-negotiation-server2
+ client = 259-version-negotiation-client
+
+ [259-version-negotiation-server]
+@@ -7785,6 +9980,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[259-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [259-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7804,6 +10007,7 @@ ssl_conf = 260-version-negotiation-ssl
+
+ [260-version-negotiation-ssl]
+ server = 260-version-negotiation-server
++server2 = 260-version-negotiation-server2
+ client = 260-version-negotiation-client
+
+ [260-version-negotiation-server]
+@@ -7813,6 +10017,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[260-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [260-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7832,6 +10043,7 @@ ssl_conf = 261-version-negotiation-ssl
+
+ [261-version-negotiation-ssl]
+ server = 261-version-negotiation-server
++server2 = 261-version-negotiation-server2
+ client = 261-version-negotiation-client
+
+ [261-version-negotiation-server]
+@@ -7842,6 +10054,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[261-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [261-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7861,6 +10081,7 @@ ssl_conf = 262-version-negotiation-ssl
+
+ [262-version-negotiation-ssl]
+ server = 262-version-negotiation-server
++server2 = 262-version-negotiation-server2
+ client = 262-version-negotiation-client
+
+ [262-version-negotiation-server]
+@@ -7871,6 +10092,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[262-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [262-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7890,6 +10119,7 @@ ssl_conf = 263-version-negotiation-ssl
+
+ [263-version-negotiation-ssl]
+ server = 263-version-negotiation-server
++server2 = 263-version-negotiation-server2
+ client = 263-version-negotiation-client
+
+ [263-version-negotiation-server]
+@@ -7899,6 +10129,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[263-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [263-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7918,6 +10155,7 @@ ssl_conf = 264-version-negotiation-ssl
+
+ [264-version-negotiation-ssl]
+ server = 264-version-negotiation-server
++server2 = 264-version-negotiation-server2
+ client = 264-version-negotiation-client
+
+ [264-version-negotiation-server]
+@@ -7928,6 +10166,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[264-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [264-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7947,6 +10193,7 @@ ssl_conf = 265-version-negotiation-ssl
+
+ [265-version-negotiation-ssl]
+ server = 265-version-negotiation-server
++server2 = 265-version-negotiation-server2
+ client = 265-version-negotiation-client
+
+ [265-version-negotiation-server]
+@@ -7956,6 +10203,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[265-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [265-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1
+@@ -7975,6 +10229,7 @@ ssl_conf = 266-version-negotiation-ssl
+
+ [266-version-negotiation-ssl]
+ server = 266-version-negotiation-server
++server2 = 266-version-negotiation-server2
+ client = 266-version-negotiation-client
+
+ [266-version-negotiation-server]
+@@ -7984,6 +10239,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[266-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [266-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8003,6 +10265,7 @@ ssl_conf = 267-version-negotiation-ssl
+
+ [267-version-negotiation-ssl]
+ server = 267-version-negotiation-server
++server2 = 267-version-negotiation-server2
+ client = 267-version-negotiation-client
+
+ [267-version-negotiation-server]
+@@ -8012,6 +10275,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[267-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [267-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8031,6 +10301,7 @@ ssl_conf = 268-version-negotiation-ssl
+
+ [268-version-negotiation-ssl]
+ server = 268-version-negotiation-server
++server2 = 268-version-negotiation-server2
+ client = 268-version-negotiation-client
+
+ [268-version-negotiation-server]
+@@ -8040,6 +10311,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[268-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [268-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8060,6 +10338,7 @@ ssl_conf = 269-version-negotiation-ssl
+
+ [269-version-negotiation-ssl]
+ server = 269-version-negotiation-server
++server2 = 269-version-negotiation-server2
+ client = 269-version-negotiation-client
+
+ [269-version-negotiation-server]
+@@ -8069,6 +10348,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[269-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [269-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8089,6 +10375,7 @@ ssl_conf = 270-version-negotiation-ssl
+
+ [270-version-negotiation-ssl]
+ server = 270-version-negotiation-server
++server2 = 270-version-negotiation-server2
+ client = 270-version-negotiation-client
+
+ [270-version-negotiation-server]
+@@ -8097,6 +10384,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[270-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [270-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8117,6 +10410,7 @@ ssl_conf = 271-version-negotiation-ssl
+
+ [271-version-negotiation-ssl]
+ server = 271-version-negotiation-server
++server2 = 271-version-negotiation-server2
+ client = 271-version-negotiation-client
+
+ [271-version-negotiation-server]
+@@ -8127,6 +10421,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[271-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [271-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8146,6 +10448,7 @@ ssl_conf = 272-version-negotiation-ssl
+
+ [272-version-negotiation-ssl]
+ server = 272-version-negotiation-server
++server2 = 272-version-negotiation-server2
+ client = 272-version-negotiation-client
+
+ [272-version-negotiation-server]
+@@ -8156,6 +10459,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[272-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [272-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8175,6 +10486,7 @@ ssl_conf = 273-version-negotiation-ssl
+
+ [273-version-negotiation-ssl]
+ server = 273-version-negotiation-server
++server2 = 273-version-negotiation-server2
+ client = 273-version-negotiation-client
+
+ [273-version-negotiation-server]
+@@ -8185,6 +10497,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[273-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [273-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8205,6 +10525,7 @@ ssl_conf = 274-version-negotiation-ssl
+
+ [274-version-negotiation-ssl]
+ server = 274-version-negotiation-server
++server2 = 274-version-negotiation-server2
+ client = 274-version-negotiation-client
+
+ [274-version-negotiation-server]
+@@ -8215,6 +10536,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[274-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [274-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8235,6 +10564,7 @@ ssl_conf = 275-version-negotiation-ssl
+
+ [275-version-negotiation-ssl]
+ server = 275-version-negotiation-server
++server2 = 275-version-negotiation-server2
+ client = 275-version-negotiation-client
+
+ [275-version-negotiation-server]
+@@ -8244,6 +10574,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[275-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [275-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8264,6 +10601,7 @@ ssl_conf = 276-version-negotiation-ssl
+
+ [276-version-negotiation-ssl]
+ server = 276-version-negotiation-server
++server2 = 276-version-negotiation-server2
+ client = 276-version-negotiation-client
+
+ [276-version-negotiation-server]
+@@ -8274,6 +10612,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[276-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [276-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8293,6 +10639,7 @@ ssl_conf = 277-version-negotiation-ssl
+
+ [277-version-negotiation-ssl]
+ server = 277-version-negotiation-server
++server2 = 277-version-negotiation-server2
+ client = 277-version-negotiation-client
+
+ [277-version-negotiation-server]
+@@ -8303,6 +10650,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[277-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [277-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8323,6 +10678,7 @@ ssl_conf = 278-version-negotiation-ssl
+
+ [278-version-negotiation-ssl]
+ server = 278-version-negotiation-server
++server2 = 278-version-negotiation-server2
+ client = 278-version-negotiation-client
+
+ [278-version-negotiation-server]
+@@ -8333,6 +10689,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[278-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [278-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8353,6 +10717,7 @@ ssl_conf = 279-version-negotiation-ssl
+
+ [279-version-negotiation-ssl]
+ server = 279-version-negotiation-server
++server2 = 279-version-negotiation-server2
+ client = 279-version-negotiation-client
+
+ [279-version-negotiation-server]
+@@ -8362,6 +10727,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[279-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [279-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8382,6 +10754,7 @@ ssl_conf = 280-version-negotiation-ssl
+
+ [280-version-negotiation-ssl]
+ server = 280-version-negotiation-server
++server2 = 280-version-negotiation-server2
+ client = 280-version-negotiation-client
+
+ [280-version-negotiation-server]
+@@ -8392,6 +10765,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[280-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [280-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8412,6 +10793,7 @@ ssl_conf = 281-version-negotiation-ssl
+
+ [281-version-negotiation-ssl]
+ server = 281-version-negotiation-server
++server2 = 281-version-negotiation-server2
+ client = 281-version-negotiation-client
+
+ [281-version-negotiation-server]
+@@ -8422,6 +10804,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[281-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [281-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8442,6 +10832,7 @@ ssl_conf = 282-version-negotiation-ssl
+
+ [282-version-negotiation-ssl]
+ server = 282-version-negotiation-server
++server2 = 282-version-negotiation-server2
+ client = 282-version-negotiation-client
+
+ [282-version-negotiation-server]
+@@ -8451,6 +10842,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[282-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [282-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8469,11 +10867,20 @@ Protocol = TLSv1.1
+ [283-version-negotiation]
+ ssl_conf = 283-version-negotiation-ssl
+
+-[283-version-negotiation-ssl]
+-server = 283-version-negotiation-server
+-client = 283-version-negotiation-client
++[283-version-negotiation-ssl]
++server = 283-version-negotiation-server
++server2 = 283-version-negotiation-server2
++client = 283-version-negotiation-client
++
++[283-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
+
+-[283-version-negotiation-server]
++[283-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8500,6 +10907,7 @@ ssl_conf = 284-version-negotiation-ssl
+
+ [284-version-negotiation-ssl]
+ server = 284-version-negotiation-server
++server2 = 284-version-negotiation-server2
+ client = 284-version-negotiation-client
+
+ [284-version-negotiation-server]
+@@ -8509,6 +10917,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[284-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [284-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.1
+@@ -8528,6 +10943,7 @@ ssl_conf = 285-version-negotiation-ssl
+
+ [285-version-negotiation-ssl]
+ server = 285-version-negotiation-server
++server2 = 285-version-negotiation-server2
+ client = 285-version-negotiation-client
+
+ [285-version-negotiation-server]
+@@ -8537,6 +10953,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[285-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [285-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8556,6 +10979,7 @@ ssl_conf = 286-version-negotiation-ssl
+
+ [286-version-negotiation-ssl]
+ server = 286-version-negotiation-server
++server2 = 286-version-negotiation-server2
+ client = 286-version-negotiation-client
+
+ [286-version-negotiation-server]
+@@ -8565,6 +10989,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[286-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [286-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8584,6 +11015,7 @@ ssl_conf = 287-version-negotiation-ssl
+
+ [287-version-negotiation-ssl]
+ server = 287-version-negotiation-server
++server2 = 287-version-negotiation-server2
+ client = 287-version-negotiation-client
+
+ [287-version-negotiation-server]
+@@ -8593,6 +11025,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[287-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [287-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8613,6 +11052,7 @@ ssl_conf = 288-version-negotiation-ssl
+
+ [288-version-negotiation-ssl]
+ server = 288-version-negotiation-server
++server2 = 288-version-negotiation-server2
+ client = 288-version-negotiation-client
+
+ [288-version-negotiation-server]
+@@ -8622,6 +11062,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[288-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [288-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8642,6 +11089,7 @@ ssl_conf = 289-version-negotiation-ssl
+
+ [289-version-negotiation-ssl]
+ server = 289-version-negotiation-server
++server2 = 289-version-negotiation-server2
+ client = 289-version-negotiation-client
+
+ [289-version-negotiation-server]
+@@ -8650,6 +11098,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[289-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [289-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8670,6 +11124,7 @@ ssl_conf = 290-version-negotiation-ssl
+
+ [290-version-negotiation-ssl]
+ server = 290-version-negotiation-server
++server2 = 290-version-negotiation-server2
+ client = 290-version-negotiation-client
+
+ [290-version-negotiation-server]
+@@ -8680,6 +11135,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[290-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [290-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8699,6 +11162,7 @@ ssl_conf = 291-version-negotiation-ssl
+
+ [291-version-negotiation-ssl]
+ server = 291-version-negotiation-server
++server2 = 291-version-negotiation-server2
+ client = 291-version-negotiation-client
+
+ [291-version-negotiation-server]
+@@ -8709,6 +11173,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[291-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [291-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8728,6 +11200,7 @@ ssl_conf = 292-version-negotiation-ssl
+
+ [292-version-negotiation-ssl]
+ server = 292-version-negotiation-server
++server2 = 292-version-negotiation-server2
+ client = 292-version-negotiation-client
+
+ [292-version-negotiation-server]
+@@ -8738,6 +11211,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[292-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [292-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8758,6 +11239,7 @@ ssl_conf = 293-version-negotiation-ssl
+
+ [293-version-negotiation-ssl]
+ server = 293-version-negotiation-server
++server2 = 293-version-negotiation-server2
+ client = 293-version-negotiation-client
+
+ [293-version-negotiation-server]
+@@ -8768,6 +11250,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[293-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [293-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8788,6 +11278,7 @@ ssl_conf = 294-version-negotiation-ssl
+
+ [294-version-negotiation-ssl]
+ server = 294-version-negotiation-server
++server2 = 294-version-negotiation-server2
+ client = 294-version-negotiation-client
+
+ [294-version-negotiation-server]
+@@ -8797,6 +11288,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[294-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [294-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8817,6 +11315,7 @@ ssl_conf = 295-version-negotiation-ssl
+
+ [295-version-negotiation-ssl]
+ server = 295-version-negotiation-server
++server2 = 295-version-negotiation-server2
+ client = 295-version-negotiation-client
+
+ [295-version-negotiation-server]
+@@ -8827,6 +11326,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[295-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [295-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8846,6 +11353,7 @@ ssl_conf = 296-version-negotiation-ssl
+
+ [296-version-negotiation-ssl]
+ server = 296-version-negotiation-server
++server2 = 296-version-negotiation-server2
+ client = 296-version-negotiation-client
+
+ [296-version-negotiation-server]
+@@ -8856,6 +11364,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[296-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [296-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8876,6 +11392,7 @@ ssl_conf = 297-version-negotiation-ssl
+
+ [297-version-negotiation-ssl]
+ server = 297-version-negotiation-server
++server2 = 297-version-negotiation-server2
+ client = 297-version-negotiation-client
+
+ [297-version-negotiation-server]
+@@ -8886,6 +11403,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[297-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [297-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8906,6 +11431,7 @@ ssl_conf = 298-version-negotiation-ssl
+
+ [298-version-negotiation-ssl]
+ server = 298-version-negotiation-server
++server2 = 298-version-negotiation-server2
+ client = 298-version-negotiation-client
+
+ [298-version-negotiation-server]
+@@ -8915,6 +11441,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[298-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [298-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8935,6 +11468,7 @@ ssl_conf = 299-version-negotiation-ssl
+
+ [299-version-negotiation-ssl]
+ server = 299-version-negotiation-server
++server2 = 299-version-negotiation-server2
+ client = 299-version-negotiation-client
+
+ [299-version-negotiation-server]
+@@ -8945,6 +11479,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[299-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [299-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8965,6 +11507,7 @@ ssl_conf = 300-version-negotiation-ssl
+
+ [300-version-negotiation-ssl]
+ server = 300-version-negotiation-server
++server2 = 300-version-negotiation-server2
+ client = 300-version-negotiation-client
+
+ [300-version-negotiation-server]
+@@ -8975,6 +11518,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[300-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [300-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -8995,6 +11546,7 @@ ssl_conf = 301-version-negotiation-ssl
+
+ [301-version-negotiation-ssl]
+ server = 301-version-negotiation-server
++server2 = 301-version-negotiation-server2
+ client = 301-version-negotiation-client
+
+ [301-version-negotiation-server]
+@@ -9004,6 +11556,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[301-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [301-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9024,6 +11583,7 @@ ssl_conf = 302-version-negotiation-ssl
+
+ [302-version-negotiation-ssl]
+ server = 302-version-negotiation-server
++server2 = 302-version-negotiation-server2
+ client = 302-version-negotiation-client
+
+ [302-version-negotiation-server]
+@@ -9034,6 +11594,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[302-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [302-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9054,6 +11622,7 @@ ssl_conf = 303-version-negotiation-ssl
+
+ [303-version-negotiation-ssl]
+ server = 303-version-negotiation-server
++server2 = 303-version-negotiation-server2
+ client = 303-version-negotiation-client
+
+ [303-version-negotiation-server]
+@@ -9063,6 +11632,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[303-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [303-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9083,6 +11659,7 @@ ssl_conf = 304-version-negotiation-ssl
+
+ [304-version-negotiation-ssl]
+ server = 304-version-negotiation-server
++server2 = 304-version-negotiation-server2
+ client = 304-version-negotiation-client
+
+ [304-version-negotiation-server]
+@@ -9092,6 +11669,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[304-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [304-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9110,6 +11694,7 @@ ssl_conf = 305-version-negotiation-ssl
+
+ [305-version-negotiation-ssl]
+ server = 305-version-negotiation-server
++server2 = 305-version-negotiation-server2
+ client = 305-version-negotiation-client
+
+ [305-version-negotiation-server]
+@@ -9119,6 +11704,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[305-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [305-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9137,6 +11729,7 @@ ssl_conf = 306-version-negotiation-ssl
+
+ [306-version-negotiation-ssl]
+ server = 306-version-negotiation-server
++server2 = 306-version-negotiation-server2
+ client = 306-version-negotiation-client
+
+ [306-version-negotiation-server]
+@@ -9146,6 +11739,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[306-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [306-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9165,6 +11765,7 @@ ssl_conf = 307-version-negotiation-ssl
+
+ [307-version-negotiation-ssl]
+ server = 307-version-negotiation-server
++server2 = 307-version-negotiation-server2
+ client = 307-version-negotiation-client
+
+ [307-version-negotiation-server]
+@@ -9174,6 +11775,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[307-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [307-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9193,6 +11801,7 @@ ssl_conf = 308-version-negotiation-ssl
+
+ [308-version-negotiation-ssl]
+ server = 308-version-negotiation-server
++server2 = 308-version-negotiation-server2
+ client = 308-version-negotiation-client
+
+ [308-version-negotiation-server]
+@@ -9201,6 +11810,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[308-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [308-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9220,6 +11835,7 @@ ssl_conf = 309-version-negotiation-ssl
+
+ [309-version-negotiation-ssl]
+ server = 309-version-negotiation-server
++server2 = 309-version-negotiation-server2
+ client = 309-version-negotiation-client
+
+ [309-version-negotiation-server]
+@@ -9230,6 +11846,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[309-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [309-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9248,6 +11872,7 @@ ssl_conf = 310-version-negotiation-ssl
+
+ [310-version-negotiation-ssl]
+ server = 310-version-negotiation-server
++server2 = 310-version-negotiation-server2
+ client = 310-version-negotiation-client
+
+ [310-version-negotiation-server]
+@@ -9258,6 +11883,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[310-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [310-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9276,6 +11909,7 @@ ssl_conf = 311-version-negotiation-ssl
+
+ [311-version-negotiation-ssl]
+ server = 311-version-negotiation-server
++server2 = 311-version-negotiation-server2
+ client = 311-version-negotiation-client
+
+ [311-version-negotiation-server]
+@@ -9286,6 +11920,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[311-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [311-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9305,6 +11947,7 @@ ssl_conf = 312-version-negotiation-ssl
+
+ [312-version-negotiation-ssl]
+ server = 312-version-negotiation-server
++server2 = 312-version-negotiation-server2
+ client = 312-version-negotiation-client
+
+ [312-version-negotiation-server]
+@@ -9315,6 +11958,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[312-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [312-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9334,6 +11985,7 @@ ssl_conf = 313-version-negotiation-ssl
+
+ [313-version-negotiation-ssl]
+ server = 313-version-negotiation-server
++server2 = 313-version-negotiation-server2
+ client = 313-version-negotiation-client
+
+ [313-version-negotiation-server]
+@@ -9343,6 +11995,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[313-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [313-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9362,6 +12021,7 @@ ssl_conf = 314-version-negotiation-ssl
+
+ [314-version-negotiation-ssl]
+ server = 314-version-negotiation-server
++server2 = 314-version-negotiation-server2
+ client = 314-version-negotiation-client
+
+ [314-version-negotiation-server]
+@@ -9372,6 +12032,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[314-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [314-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9390,6 +12058,7 @@ ssl_conf = 315-version-negotiation-ssl
+
+ [315-version-negotiation-ssl]
+ server = 315-version-negotiation-server
++server2 = 315-version-negotiation-server2
+ client = 315-version-negotiation-client
+
+ [315-version-negotiation-server]
+@@ -9400,6 +12069,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[315-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [315-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9419,6 +12096,7 @@ ssl_conf = 316-version-negotiation-ssl
+
+ [316-version-negotiation-ssl]
+ server = 316-version-negotiation-server
++server2 = 316-version-negotiation-server2
+ client = 316-version-negotiation-client
+
+ [316-version-negotiation-server]
+@@ -9429,6 +12107,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[316-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [316-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9448,6 +12134,7 @@ ssl_conf = 317-version-negotiation-ssl
+
+ [317-version-negotiation-ssl]
+ server = 317-version-negotiation-server
++server2 = 317-version-negotiation-server2
+ client = 317-version-negotiation-client
+
+ [317-version-negotiation-server]
+@@ -9457,6 +12144,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[317-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [317-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9476,6 +12170,7 @@ ssl_conf = 318-version-negotiation-ssl
+
+ [318-version-negotiation-ssl]
+ server = 318-version-negotiation-server
++server2 = 318-version-negotiation-server2
+ client = 318-version-negotiation-client
+
+ [318-version-negotiation-server]
+@@ -9486,6 +12181,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[318-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [318-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9505,6 +12208,7 @@ ssl_conf = 319-version-negotiation-ssl
+
+ [319-version-negotiation-ssl]
+ server = 319-version-negotiation-server
++server2 = 319-version-negotiation-server2
+ client = 319-version-negotiation-client
+
+ [319-version-negotiation-server]
+@@ -9515,6 +12219,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[319-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [319-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9534,6 +12246,7 @@ ssl_conf = 320-version-negotiation-ssl
+
+ [320-version-negotiation-ssl]
+ server = 320-version-negotiation-server
++server2 = 320-version-negotiation-server2
+ client = 320-version-negotiation-client
+
+ [320-version-negotiation-server]
+@@ -9543,6 +12256,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[320-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [320-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9560,11 +12280,20 @@ Protocol = TLSv1.2
+ [321-version-negotiation]
+ ssl_conf = 321-version-negotiation-ssl
+
+-[321-version-negotiation-ssl]
+-server = 321-version-negotiation-server
+-client = 321-version-negotiation-client
++[321-version-negotiation-ssl]
++server = 321-version-negotiation-server
++server2 = 321-version-negotiation-server2
++client = 321-version-negotiation-client
++
++[321-version-negotiation-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
+
+-[321-version-negotiation-server]
++[321-version-negotiation-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9591,6 +12320,7 @@ ssl_conf = 322-version-negotiation-ssl
+
+ [322-version-negotiation-ssl]
+ server = 322-version-negotiation-server
++server2 = 322-version-negotiation-server2
+ client = 322-version-negotiation-client
+
+ [322-version-negotiation-server]
+@@ -9600,6 +12330,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[322-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [322-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.1
+@@ -9619,6 +12356,7 @@ ssl_conf = 323-version-negotiation-ssl
+
+ [323-version-negotiation-ssl]
+ server = 323-version-negotiation-server
++server2 = 323-version-negotiation-server2
+ client = 323-version-negotiation-client
+
+ [323-version-negotiation-server]
+@@ -9628,6 +12366,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[323-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [323-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9647,6 +12392,7 @@ ssl_conf = 324-version-negotiation-ssl
+
+ [324-version-negotiation-ssl]
+ server = 324-version-negotiation-server
++server2 = 324-version-negotiation-server2
+ client = 324-version-negotiation-client
+
+ [324-version-negotiation-server]
+@@ -9656,6 +12402,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[324-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [324-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9675,6 +12428,7 @@ ssl_conf = 325-version-negotiation-ssl
+
+ [325-version-negotiation-ssl]
+ server = 325-version-negotiation-server
++server2 = 325-version-negotiation-server2
+ client = 325-version-negotiation-client
+
+ [325-version-negotiation-server]
+@@ -9684,6 +12438,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[325-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [325-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9703,6 +12464,7 @@ ssl_conf = 326-version-negotiation-ssl
+
+ [326-version-negotiation-ssl]
+ server = 326-version-negotiation-server
++server2 = 326-version-negotiation-server2
+ client = 326-version-negotiation-client
+
+ [326-version-negotiation-server]
+@@ -9712,6 +12474,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[326-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [326-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9732,6 +12501,7 @@ ssl_conf = 327-version-negotiation-ssl
+
+ [327-version-negotiation-ssl]
+ server = 327-version-negotiation-server
++server2 = 327-version-negotiation-server2
+ client = 327-version-negotiation-client
+
+ [327-version-negotiation-server]
+@@ -9740,6 +12510,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[327-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [327-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9760,6 +12536,7 @@ ssl_conf = 328-version-negotiation-ssl
+
+ [328-version-negotiation-ssl]
+ server = 328-version-negotiation-server
++server2 = 328-version-negotiation-server2
+ client = 328-version-negotiation-client
+
+ [328-version-negotiation-server]
+@@ -9770,6 +12547,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[328-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [328-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9789,6 +12574,7 @@ ssl_conf = 329-version-negotiation-ssl
+
+ [329-version-negotiation-ssl]
+ server = 329-version-negotiation-server
++server2 = 329-version-negotiation-server2
+ client = 329-version-negotiation-client
+
+ [329-version-negotiation-server]
+@@ -9799,6 +12585,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[329-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [329-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9818,6 +12612,7 @@ ssl_conf = 330-version-negotiation-ssl
+
+ [330-version-negotiation-ssl]
+ server = 330-version-negotiation-server
++server2 = 330-version-negotiation-server2
+ client = 330-version-negotiation-client
+
+ [330-version-negotiation-server]
+@@ -9828,6 +12623,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[330-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [330-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9847,6 +12650,7 @@ ssl_conf = 331-version-negotiation-ssl
+
+ [331-version-negotiation-ssl]
+ server = 331-version-negotiation-server
++server2 = 331-version-negotiation-server2
+ client = 331-version-negotiation-client
+
+ [331-version-negotiation-server]
+@@ -9857,6 +12661,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[331-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [331-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9877,6 +12689,7 @@ ssl_conf = 332-version-negotiation-ssl
+
+ [332-version-negotiation-ssl]
+ server = 332-version-negotiation-server
++server2 = 332-version-negotiation-server2
+ client = 332-version-negotiation-client
+
+ [332-version-negotiation-server]
+@@ -9886,6 +12699,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[332-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [332-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9906,6 +12726,7 @@ ssl_conf = 333-version-negotiation-ssl
+
+ [333-version-negotiation-ssl]
+ server = 333-version-negotiation-server
++server2 = 333-version-negotiation-server2
+ client = 333-version-negotiation-client
+
+ [333-version-negotiation-server]
+@@ -9916,6 +12737,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[333-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [333-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9935,6 +12764,7 @@ ssl_conf = 334-version-negotiation-ssl
+
+ [334-version-negotiation-ssl]
+ server = 334-version-negotiation-server
++server2 = 334-version-negotiation-server2
+ client = 334-version-negotiation-client
+
+ [334-version-negotiation-server]
+@@ -9945,6 +12775,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[334-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [334-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9964,6 +12802,7 @@ ssl_conf = 335-version-negotiation-ssl
+
+ [335-version-negotiation-ssl]
+ server = 335-version-negotiation-server
++server2 = 335-version-negotiation-server2
+ client = 335-version-negotiation-client
+
+ [335-version-negotiation-server]
+@@ -9974,6 +12813,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[335-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [335-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -9994,6 +12841,7 @@ ssl_conf = 336-version-negotiation-ssl
+
+ [336-version-negotiation-ssl]
+ server = 336-version-negotiation-server
++server2 = 336-version-negotiation-server2
+ client = 336-version-negotiation-client
+
+ [336-version-negotiation-server]
+@@ -10003,6 +12851,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[336-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [336-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -10023,6 +12878,7 @@ ssl_conf = 337-version-negotiation-ssl
+
+ [337-version-negotiation-ssl]
+ server = 337-version-negotiation-server
++server2 = 337-version-negotiation-server2
+ client = 337-version-negotiation-client
+
+ [337-version-negotiation-server]
+@@ -10033,6 +12889,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[337-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [337-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -10052,6 +12916,7 @@ ssl_conf = 338-version-negotiation-ssl
+
+ [338-version-negotiation-ssl]
+ server = 338-version-negotiation-server
++server2 = 338-version-negotiation-server2
+ client = 338-version-negotiation-client
+
+ [338-version-negotiation-server]
+@@ -10062,6 +12927,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[338-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [338-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -10082,6 +12955,7 @@ ssl_conf = 339-version-negotiation-ssl
+
+ [339-version-negotiation-ssl]
+ server = 339-version-negotiation-server
++server2 = 339-version-negotiation-server2
+ client = 339-version-negotiation-client
+
+ [339-version-negotiation-server]
+@@ -10091,6 +12965,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[339-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [339-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -10111,6 +12992,7 @@ ssl_conf = 340-version-negotiation-ssl
+
+ [340-version-negotiation-ssl]
+ server = 340-version-negotiation-server
++server2 = 340-version-negotiation-server2
+ client = 340-version-negotiation-client
+
+ [340-version-negotiation-server]
+@@ -10121,6 +13003,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[340-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [340-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -10141,6 +13031,7 @@ ssl_conf = 341-version-negotiation-ssl
+
+ [341-version-negotiation-ssl]
+ server = 341-version-negotiation-server
++server2 = 341-version-negotiation-server2
+ client = 341-version-negotiation-client
+
+ [341-version-negotiation-server]
+@@ -10150,6 +13041,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[341-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [341-version-negotiation-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+@@ -10170,6 +13068,7 @@ ssl_conf = 342-version-negotiation-ssl
+
+ [342-version-negotiation-ssl]
+ server = 342-version-negotiation-server
++server2 = 342-version-negotiation-server2
+ client = 342-version-negotiation-client
+
+ [342-version-negotiation-server]
+@@ -10179,6 +13078,13 @@ MaxProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[342-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [342-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10197,6 +13103,7 @@ ssl_conf = 343-version-negotiation-ssl
+
+ [343-version-negotiation-ssl]
+ server = 343-version-negotiation-server
++server2 = 343-version-negotiation-server2
+ client = 343-version-negotiation-client
+
+ [343-version-negotiation-server]
+@@ -10206,6 +13113,13 @@ MaxProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[343-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [343-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10224,6 +13138,7 @@ ssl_conf = 344-version-negotiation-ssl
+
+ [344-version-negotiation-ssl]
+ server = 344-version-negotiation-server
++server2 = 344-version-negotiation-server2
+ client = 344-version-negotiation-client
+
+ [344-version-negotiation-server]
+@@ -10233,6 +13148,13 @@ MaxProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[344-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [344-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10251,6 +13173,7 @@ ssl_conf = 345-version-negotiation-ssl
+
+ [345-version-negotiation-ssl]
+ server = 345-version-negotiation-server
++server2 = 345-version-negotiation-server2
+ client = 345-version-negotiation-client
+
+ [345-version-negotiation-server]
+@@ -10260,6 +13183,13 @@ MaxProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[345-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [345-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10279,6 +13209,7 @@ ssl_conf = 346-version-negotiation-ssl
+
+ [346-version-negotiation-ssl]
+ server = 346-version-negotiation-server
++server2 = 346-version-negotiation-server2
+ client = 346-version-negotiation-client
+
+ [346-version-negotiation-server]
+@@ -10287,6 +13218,12 @@ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[346-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [346-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10306,6 +13243,7 @@ ssl_conf = 347-version-negotiation-ssl
+
+ [347-version-negotiation-ssl]
+ server = 347-version-negotiation-server
++server2 = 347-version-negotiation-server2
+ client = 347-version-negotiation-client
+
+ [347-version-negotiation-server]
+@@ -10316,6 +13254,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[347-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = SSLv3
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [347-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10334,6 +13280,7 @@ ssl_conf = 348-version-negotiation-ssl
+
+ [348-version-negotiation-ssl]
+ server = 348-version-negotiation-server
++server2 = 348-version-negotiation-server2
+ client = 348-version-negotiation-client
+
+ [348-version-negotiation-server]
+@@ -10344,6 +13291,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[348-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [348-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10362,6 +13317,7 @@ ssl_conf = 349-version-negotiation-ssl
+
+ [349-version-negotiation-ssl]
+ server = 349-version-negotiation-server
++server2 = 349-version-negotiation-server2
+ client = 349-version-negotiation-client
+
+ [349-version-negotiation-server]
+@@ -10372,6 +13328,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[349-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [349-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10390,6 +13354,7 @@ ssl_conf = 350-version-negotiation-ssl
+
+ [350-version-negotiation-ssl]
+ server = 350-version-negotiation-server
++server2 = 350-version-negotiation-server2
+ client = 350-version-negotiation-client
+
+ [350-version-negotiation-server]
+@@ -10400,6 +13365,14 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[350-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [350-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10419,6 +13392,7 @@ ssl_conf = 351-version-negotiation-ssl
+
+ [351-version-negotiation-ssl]
+ server = 351-version-negotiation-server
++server2 = 351-version-negotiation-server2
+ client = 351-version-negotiation-client
+
+ [351-version-negotiation-server]
+@@ -10428,6 +13402,13 @@ MinProtocol = SSLv3
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[351-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = SSLv3
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [351-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10447,6 +13428,7 @@ ssl_conf = 352-version-negotiation-ssl
+
+ [352-version-negotiation-ssl]
+ server = 352-version-negotiation-server
++server2 = 352-version-negotiation-server2
+ client = 352-version-negotiation-client
+
+ [352-version-negotiation-server]
+@@ -10457,6 +13439,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[352-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [352-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10475,6 +13465,7 @@ ssl_conf = 353-version-negotiation-ssl
+
+ [353-version-negotiation-ssl]
+ server = 353-version-negotiation-server
++server2 = 353-version-negotiation-server2
+ client = 353-version-negotiation-client
+
+ [353-version-negotiation-server]
+@@ -10485,6 +13476,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[353-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [353-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10503,6 +13502,7 @@ ssl_conf = 354-version-negotiation-ssl
+
+ [354-version-negotiation-ssl]
+ server = 354-version-negotiation-server
++server2 = 354-version-negotiation-server2
+ client = 354-version-negotiation-client
+
+ [354-version-negotiation-server]
+@@ -10513,6 +13513,14 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[354-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [354-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10532,6 +13540,7 @@ ssl_conf = 355-version-negotiation-ssl
+
+ [355-version-negotiation-ssl]
+ server = 355-version-negotiation-server
++server2 = 355-version-negotiation-server2
+ client = 355-version-negotiation-client
+
+ [355-version-negotiation-server]
+@@ -10541,6 +13550,13 @@ MinProtocol = TLSv1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[355-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [355-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10560,6 +13576,7 @@ ssl_conf = 356-version-negotiation-ssl
+
+ [356-version-negotiation-ssl]
+ server = 356-version-negotiation-server
++server2 = 356-version-negotiation-server2
+ client = 356-version-negotiation-client
+
+ [356-version-negotiation-server]
+@@ -10570,6 +13587,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[356-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.1
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [356-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10588,6 +13613,7 @@ ssl_conf = 357-version-negotiation-ssl
+
+ [357-version-negotiation-ssl]
+ server = 357-version-negotiation-server
++server2 = 357-version-negotiation-server2
+ client = 357-version-negotiation-client
+
+ [357-version-negotiation-server]
+@@ -10598,6 +13624,14 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[357-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [357-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10617,6 +13651,7 @@ ssl_conf = 358-version-negotiation-ssl
+
+ [358-version-negotiation-ssl]
+ server = 358-version-negotiation-server
++server2 = 358-version-negotiation-server2
+ client = 358-version-negotiation-client
+
+ [358-version-negotiation-server]
+@@ -10626,6 +13661,13 @@ MinProtocol = TLSv1.1
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[358-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.1
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [358-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10645,6 +13687,7 @@ ssl_conf = 359-version-negotiation-ssl
+
+ [359-version-negotiation-ssl]
+ server = 359-version-negotiation-server
++server2 = 359-version-negotiation-server2
+ client = 359-version-negotiation-client
+
+ [359-version-negotiation-server]
+@@ -10655,6 +13698,14 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[359-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [359-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+@@ -10674,6 +13725,7 @@ ssl_conf = 360-version-negotiation-ssl
+
+ [360-version-negotiation-ssl]
+ server = 360-version-negotiation-server
++server2 = 360-version-negotiation-server2
+ client = 360-version-negotiation-client
+
+ [360-version-negotiation-server]
+@@ -10683,6 +13735,13 @@ MinProtocol = TLSv1.2
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[360-version-negotiation-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++MinProtocol = TLSv1.2
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+ [360-version-negotiation-client]
+ CipherString = DEFAULT
+ MinProtocol = TLSv1.2
+diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in
+index 99b1dc0edf78..22e1f360e910 100644
+--- a/test/ssl-tests/02-protocol-version.conf.in
++++ b/test/ssl-tests/02-protocol-version.conf.in
+@@ -1,4 +1,11 @@
+ # -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
+
+ ## Test version negotiation
+
diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.conf
new file mode 100644
-index 0000000..182a95d
+index 000000000000..7bb90037d0ad
--- /dev/null
+++ b/test/ssl-tests/03-custom_verify.conf
-@@ -0,0 +1,238 @@
+@@ -0,0 +1,301 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
@@ -128157,6 +160737,7 @@
+
+[0-verify-success-ssl]
+server = 0-verify-success-server
++server2 = 0-verify-success-server2
+client = 0-verify-success-client
+
+[0-verify-success-server]
@@ -128165,6 +160746,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[0-verify-success-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[0-verify-success-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -128182,6 +160769,7 @@
+
+[1-verify-custom-reject-ssl]
+server = 1-verify-custom-reject-server
++server2 = 1-verify-custom-reject-server2
+client = 1-verify-custom-reject-client
+
+[1-verify-custom-reject-server]
@@ -128190,6 +160778,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[1-verify-custom-reject-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[1-verify-custom-reject-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -128209,6 +160803,7 @@
+
+[2-verify-custom-allow-ssl]
+server = 2-verify-custom-allow-server
++server2 = 2-verify-custom-allow-server2
+client = 2-verify-custom-allow-client
+
+[2-verify-custom-allow-server]
@@ -128217,6 +160812,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[2-verify-custom-allow-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[2-verify-custom-allow-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -128235,6 +160836,7 @@
+
+[3-noverify-success-ssl]
+server = 3-noverify-success-server
++server2 = 3-noverify-success-server2
+client = 3-noverify-success-client
+
+[3-noverify-success-server]
@@ -128243,6 +160845,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[3-noverify-success-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[3-noverify-success-client]
+CipherString = DEFAULT
+
@@ -128258,6 +160866,7 @@
+
+[4-noverify-ignore-custom-reject-ssl]
+server = 4-noverify-ignore-custom-reject-server
++server2 = 4-noverify-ignore-custom-reject-server2
+client = 4-noverify-ignore-custom-reject-client
+
+[4-noverify-ignore-custom-reject-server]
@@ -128266,6 +160875,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[4-noverify-ignore-custom-reject-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[4-noverify-ignore-custom-reject-client]
+CipherString = DEFAULT
+
@@ -128282,6 +160897,7 @@
+
+[5-noverify-accept-custom-allow-ssl]
+server = 5-noverify-accept-custom-allow-server
++server2 = 5-noverify-accept-custom-allow-server2
+client = 5-noverify-accept-custom-allow-client
+
+[5-noverify-accept-custom-allow-server]
@@ -128290,6 +160906,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[5-noverify-accept-custom-allow-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[5-noverify-accept-custom-allow-client]
+CipherString = DEFAULT
+
@@ -128306,6 +160928,7 @@
+
+[6-verify-fail-no-root-ssl]
+server = 6-verify-fail-no-root-server
++server2 = 6-verify-fail-no-root-server2
+client = 6-verify-fail-no-root-client
+
+[6-verify-fail-no-root-server]
@@ -128314,6 +160937,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[6-verify-fail-no-root-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[6-verify-fail-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
@@ -128331,6 +160960,7 @@
+
+[7-verify-custom-success-no-root-ssl]
+server = 7-verify-custom-success-no-root-server
++server2 = 7-verify-custom-success-no-root-server2
+client = 7-verify-custom-success-no-root-client
+
+[7-verify-custom-success-no-root-server]
@@ -128339,6 +160969,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[7-verify-custom-success-no-root-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[7-verify-custom-success-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
@@ -128356,6 +160992,7 @@
+
+[8-verify-custom-fail-no-root-ssl]
+server = 8-verify-custom-fail-no-root-server
++server2 = 8-verify-custom-fail-no-root-server2
+client = 8-verify-custom-fail-no-root-client
+
+[8-verify-custom-fail-no-root-server]
@@ -128364,6 +161001,12 @@
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
++[8-verify-custom-fail-no-root-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
+[8-verify-custom-fail-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
@@ -128377,12 +161020,19 @@
+
diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in
new file mode 100644
-index 0000000..e2f9dc7
+index 000000000000..1cd4273c7abe
--- /dev/null
+++ b/test/ssl-tests/03-custom_verify.conf.in
-@@ -0,0 +1,127 @@
+@@ -0,0 +1,134 @@
+# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
++
+## SSL test configurations
+
+package ssltests;
@@ -128508,8 +161158,1730 @@
+
+
+);
+diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
+new file mode 100644
+index 000000000000..6504bf18b555
+--- /dev/null
++++ b/test/ssl-tests/04-client_auth.conf
+@@ -0,0 +1,781 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 20
++
++test-0 = 0-server-auth-flex
++test-1 = 1-client-auth-flex-request
++test-2 = 2-client-auth-flex-require-fail
++test-3 = 3-client-auth-flex-require
++test-4 = 4-client-auth-flex-noroot
++test-5 = 5-server-auth-TLSv1
++test-6 = 6-client-auth-TLSv1-request
++test-7 = 7-client-auth-TLSv1-require-fail
++test-8 = 8-client-auth-TLSv1-require
++test-9 = 9-client-auth-TLSv1-noroot
++test-10 = 10-server-auth-TLSv1.1
++test-11 = 11-client-auth-TLSv1.1-request
++test-12 = 12-client-auth-TLSv1.1-require-fail
++test-13 = 13-client-auth-TLSv1.1-require
++test-14 = 14-client-auth-TLSv1.1-noroot
++test-15 = 15-server-auth-TLSv1.2
++test-16 = 16-client-auth-TLSv1.2-request
++test-17 = 17-client-auth-TLSv1.2-require-fail
++test-18 = 18-client-auth-TLSv1.2-require
++test-19 = 19-client-auth-TLSv1.2-noroot
++# ===========================================================
++
++[0-server-auth-flex]
++ssl_conf = 0-server-auth-flex-ssl
++
++[0-server-auth-flex-ssl]
++server = 0-server-auth-flex-server
++server2 = 0-server-auth-flex-server2
++client = 0-server-auth-flex-client
++
++[0-server-auth-flex-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[0-server-auth-flex-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[0-server-auth-flex-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-0]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[1-client-auth-flex-request]
++ssl_conf = 1-client-auth-flex-request-ssl
++
++[1-client-auth-flex-request-ssl]
++server = 1-client-auth-flex-request-server
++server2 = 1-client-auth-flex-request-server2
++client = 1-client-auth-flex-request-client
++
++[1-client-auth-flex-request-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyMode = Request
++
++
++[1-client-auth-flex-request-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyMode = Request
++
++
++[1-client-auth-flex-request-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-1]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[2-client-auth-flex-require-fail]
++ssl_conf = 2-client-auth-flex-require-fail-ssl
++
++[2-client-auth-flex-require-fail-ssl]
++server = 2-client-auth-flex-require-fail-server
++server2 = 2-client-auth-flex-require-fail-server2
++client = 2-client-auth-flex-require-fail-client
++
++[2-client-auth-flex-require-fail-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[2-client-auth-flex-require-fail-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[2-client-auth-flex-require-fail-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-2]
++ExpectedResult = ServerFail
++ServerAlert = HandshakeFailure
++
++
++# ===========================================================
++
++[3-client-auth-flex-require]
++ssl_conf = 3-client-auth-flex-require-ssl
++
++[3-client-auth-flex-require-ssl]
++server = 3-client-auth-flex-require-server
++server2 = 3-client-auth-flex-require-server2
++client = 3-client-auth-flex-require-client
++
++[3-client-auth-flex-require-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[3-client-auth-flex-require-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[3-client-auth-flex-require-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-3]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[4-client-auth-flex-noroot]
++ssl_conf = 4-client-auth-flex-noroot-ssl
++
++[4-client-auth-flex-noroot-ssl]
++server = 4-client-auth-flex-noroot-server
++server2 = 4-client-auth-flex-noroot-server2
++client = 4-client-auth-flex-noroot-client
++
++[4-client-auth-flex-noroot-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyMode = Require
++
++
++[4-client-auth-flex-noroot-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++VerifyMode = Require
++
++
++[4-client-auth-flex-noroot-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-4]
++ExpectedResult = ServerFail
++ServerAlert = UnknownCA
++
++
++# ===========================================================
++
++[5-server-auth-TLSv1]
++ssl_conf = 5-server-auth-TLSv1-ssl
++
++[5-server-auth-TLSv1-ssl]
++server = 5-server-auth-TLSv1-server
++server2 = 5-server-auth-TLSv1-server2
++client = 5-server-auth-TLSv1-client
++
++[5-server-auth-TLSv1-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++
++
++[5-server-auth-TLSv1-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++
++
++[5-server-auth-TLSv1-client]
++CipherString = DEFAULT
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-5]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[6-client-auth-TLSv1-request]
++ssl_conf = 6-client-auth-TLSv1-request-ssl
++
++[6-client-auth-TLSv1-request-ssl]
++server = 6-client-auth-TLSv1-request-server
++server2 = 6-client-auth-TLSv1-request-server2
++client = 6-client-auth-TLSv1-request-client
++
++[6-client-auth-TLSv1-request-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyMode = Request
++
++
++[6-client-auth-TLSv1-request-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyMode = Request
++
++
++[6-client-auth-TLSv1-request-client]
++CipherString = DEFAULT
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-6]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[7-client-auth-TLSv1-require-fail]
++ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
++
++[7-client-auth-TLSv1-require-fail-ssl]
++server = 7-client-auth-TLSv1-require-fail-server
++server2 = 7-client-auth-TLSv1-require-fail-server2
++client = 7-client-auth-TLSv1-require-fail-client
++
++[7-client-auth-TLSv1-require-fail-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[7-client-auth-TLSv1-require-fail-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[7-client-auth-TLSv1-require-fail-client]
++CipherString = DEFAULT
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-7]
++ExpectedResult = ServerFail
++ServerAlert = HandshakeFailure
++
++
++# ===========================================================
++
++[8-client-auth-TLSv1-require]
++ssl_conf = 8-client-auth-TLSv1-require-ssl
++
++[8-client-auth-TLSv1-require-ssl]
++server = 8-client-auth-TLSv1-require-server
++server2 = 8-client-auth-TLSv1-require-server2
++client = 8-client-auth-TLSv1-require-client
++
++[8-client-auth-TLSv1-require-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[8-client-auth-TLSv1-require-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[8-client-auth-TLSv1-require-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-8]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[9-client-auth-TLSv1-noroot]
++ssl_conf = 9-client-auth-TLSv1-noroot-ssl
++
++[9-client-auth-TLSv1-noroot-ssl]
++server = 9-client-auth-TLSv1-noroot-server
++server2 = 9-client-auth-TLSv1-noroot-server2
++client = 9-client-auth-TLSv1-noroot-client
++
++[9-client-auth-TLSv1-noroot-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyMode = Require
++
++
++[9-client-auth-TLSv1-noroot-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1
++VerifyMode = Require
++
++
++[9-client-auth-TLSv1-noroot-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++Protocol = TLSv1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-9]
++ExpectedResult = ServerFail
++ServerAlert = UnknownCA
++
++
++# ===========================================================
++
++[10-server-auth-TLSv1.1]
++ssl_conf = 10-server-auth-TLSv1.1-ssl
++
++[10-server-auth-TLSv1.1-ssl]
++server = 10-server-auth-TLSv1.1-server
++server2 = 10-server-auth-TLSv1.1-server2
++client = 10-server-auth-TLSv1.1-client
++
++[10-server-auth-TLSv1.1-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++
++
++[10-server-auth-TLSv1.1-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++
++
++[10-server-auth-TLSv1.1-client]
++CipherString = DEFAULT
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-10]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[11-client-auth-TLSv1.1-request]
++ssl_conf = 11-client-auth-TLSv1.1-request-ssl
++
++[11-client-auth-TLSv1.1-request-ssl]
++server = 11-client-auth-TLSv1.1-request-server
++server2 = 11-client-auth-TLSv1.1-request-server2
++client = 11-client-auth-TLSv1.1-request-client
++
++[11-client-auth-TLSv1.1-request-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyMode = Request
++
++
++[11-client-auth-TLSv1.1-request-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyMode = Request
++
++
++[11-client-auth-TLSv1.1-request-client]
++CipherString = DEFAULT
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-11]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[12-client-auth-TLSv1.1-require-fail]
++ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
++
++[12-client-auth-TLSv1.1-require-fail-ssl]
++server = 12-client-auth-TLSv1.1-require-fail-server
++server2 = 12-client-auth-TLSv1.1-require-fail-server2
++client = 12-client-auth-TLSv1.1-require-fail-client
++
++[12-client-auth-TLSv1.1-require-fail-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[12-client-auth-TLSv1.1-require-fail-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[12-client-auth-TLSv1.1-require-fail-client]
++CipherString = DEFAULT
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-12]
++ExpectedResult = ServerFail
++ServerAlert = HandshakeFailure
++
++
++# ===========================================================
++
++[13-client-auth-TLSv1.1-require]
++ssl_conf = 13-client-auth-TLSv1.1-require-ssl
++
++[13-client-auth-TLSv1.1-require-ssl]
++server = 13-client-auth-TLSv1.1-require-server
++server2 = 13-client-auth-TLSv1.1-require-server2
++client = 13-client-auth-TLSv1.1-require-client
++
++[13-client-auth-TLSv1.1-require-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[13-client-auth-TLSv1.1-require-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[13-client-auth-TLSv1.1-require-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-13]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[14-client-auth-TLSv1.1-noroot]
++ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
++
++[14-client-auth-TLSv1.1-noroot-ssl]
++server = 14-client-auth-TLSv1.1-noroot-server
++server2 = 14-client-auth-TLSv1.1-noroot-server2
++client = 14-client-auth-TLSv1.1-noroot-client
++
++[14-client-auth-TLSv1.1-noroot-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyMode = Require
++
++
++[14-client-auth-TLSv1.1-noroot-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.1
++VerifyMode = Require
++
++
++[14-client-auth-TLSv1.1-noroot-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++Protocol = TLSv1.1
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-14]
++ExpectedResult = ServerFail
++ServerAlert = UnknownCA
++
++
++# ===========================================================
++
++[15-server-auth-TLSv1.2]
++ssl_conf = 15-server-auth-TLSv1.2-ssl
++
++[15-server-auth-TLSv1.2-ssl]
++server = 15-server-auth-TLSv1.2-server
++server2 = 15-server-auth-TLSv1.2-server2
++client = 15-server-auth-TLSv1.2-client
++
++[15-server-auth-TLSv1.2-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++
++
++[15-server-auth-TLSv1.2-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++
++
++[15-server-auth-TLSv1.2-client]
++CipherString = DEFAULT
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-15]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[16-client-auth-TLSv1.2-request]
++ssl_conf = 16-client-auth-TLSv1.2-request-ssl
++
++[16-client-auth-TLSv1.2-request-ssl]
++server = 16-client-auth-TLSv1.2-request-server
++server2 = 16-client-auth-TLSv1.2-request-server2
++client = 16-client-auth-TLSv1.2-request-client
++
++[16-client-auth-TLSv1.2-request-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyMode = Request
++
++
++[16-client-auth-TLSv1.2-request-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyMode = Request
++
++
++[16-client-auth-TLSv1.2-request-client]
++CipherString = DEFAULT
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-16]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[17-client-auth-TLSv1.2-require-fail]
++ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
++
++[17-client-auth-TLSv1.2-require-fail-ssl]
++server = 17-client-auth-TLSv1.2-require-fail-server
++server2 = 17-client-auth-TLSv1.2-require-fail-server2
++client = 17-client-auth-TLSv1.2-require-fail-client
++
++[17-client-auth-TLSv1.2-require-fail-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[17-client-auth-TLSv1.2-require-fail-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Require
++
++
++[17-client-auth-TLSv1.2-require-fail-client]
++CipherString = DEFAULT
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-17]
++ExpectedResult = ServerFail
++ServerAlert = HandshakeFailure
++
++
++# ===========================================================
++
++[18-client-auth-TLSv1.2-require]
++ssl_conf = 18-client-auth-TLSv1.2-require-ssl
++
++[18-client-auth-TLSv1.2-require-ssl]
++server = 18-client-auth-TLSv1.2-require-server
++server2 = 18-client-auth-TLSv1.2-require-server2
++client = 18-client-auth-TLSv1.2-require-client
++
++[18-client-auth-TLSv1.2-require-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[18-client-auth-TLSv1.2-require-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
++VerifyMode = Request
++
++
++[18-client-auth-TLSv1.2-require-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-18]
++ExpectedResult = Success
++
++
++# ===========================================================
++
++[19-client-auth-TLSv1.2-noroot]
++ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
++
++[19-client-auth-TLSv1.2-noroot-ssl]
++server = 19-client-auth-TLSv1.2-noroot-server
++server2 = 19-client-auth-TLSv1.2-noroot-server2
++client = 19-client-auth-TLSv1.2-noroot-client
++
++[19-client-auth-TLSv1.2-noroot-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyMode = Require
++
++
++[19-client-auth-TLSv1.2-noroot-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++Protocol = TLSv1.2
++VerifyMode = Require
++
++
++[19-client-auth-TLSv1.2-noroot-client]
++Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
++Protocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-19]
++ExpectedResult = ServerFail
++ServerAlert = UnknownCA
++
++
+diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
+new file mode 100644
+index 000000000000..36d13df04d6b
+--- /dev/null
++++ b/test/ssl-tests/04-client_auth.conf.in
+@@ -0,0 +1,109 @@
++# -*- mode: perl; -*-
++
++## SSL test configurations
++
++package ssltests;
++
++use strict;
++use warnings;
++
++use OpenSSL::Test;
++use OpenSSL::Test::Utils qw(anydisabled);
++setup("no_test_here");
++
++# We test version-flexible negotiation (undef) and each protocol version.
++my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
++
++my @is_disabled = (0);
++push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
++
++our @tests = ();
++
++my $dir_sep = $^O ne "VMS" ? "/" : "";
++
++sub generate_tests() {
++
++ foreach (0..$#protocols) {
++ my $protocol = $protocols[$_];
++ my $protocol_name = $protocol || "flex";
++ if (!$is_disabled[$_]) {
++ # Sanity-check simple handshake.
++ push @tests, {
++ name => "server-auth-${protocol_name}",
++ server => {
++ "Protocol" => $protocol
++ },
++ client => {
++ "Protocol" => $protocol
++ },
++ test => { "ExpectedResult" => "Success" },
++ };
++
++ # Handshake with client cert requested but not required or received.
++ push @tests, {
++ name => "client-auth-${protocol_name}-request",
++ server => {
++ "Protocol" => $protocol,
++ "VerifyMode" => "Request",
++ },
++ client => {
++ "Protocol" => $protocol
++ },
++ test => { "ExpectedResult" => "Success" },
++ };
++
++ # Handshake with client cert required but not present.
++ push @tests, {
++ name => "client-auth-${protocol_name}-require-fail",
++ server => {
++ "Protocol" => $protocol,
++ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
++ "VerifyMode" => "Require",
++ },
++ client => {
++ "Protocol" => $protocol,
++ },
++ test => {
++ "ExpectedResult" => "ServerFail",
++ "ServerAlert" => "HandshakeFailure",
++ },
++ };
++
++ # Successful handshake with client authentication.
++ push @tests, {
++ name => "client-auth-${protocol_name}-require",
++ server => {
++ "Protocol" => $protocol,
++ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
++ "VerifyMode" => "Request",
++ },
++ client => {
++ "Protocol" => $protocol,
++ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
++ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
++ },
++ test => { "ExpectedResult" => "Success" },
++ };
++
++ # Handshake with client authentication but without the root certificate.
++ push @tests, {
++ name => "client-auth-${protocol_name}-noroot",
++ server => {
++ "Protocol" => $protocol,
++ "VerifyMode" => "Require",
++ },
++ client => {
++ "Protocol" => $protocol,
++ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
++ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
++ },
++ test => {
++ "ExpectedResult" => "ServerFail",
++ "ServerAlert" => "UnknownCA",
++ },
++ };
++ }
++ }
++}
++
++generate_tests();
+diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf
+new file mode 100644
+index 000000000000..848d1c53337e
+--- /dev/null
++++ b/test/ssl-tests/05-sni.conf
+@@ -0,0 +1,38 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 1
++
++test-0 = 0-SNI-default
++# ===========================================================
++
++[0-SNI-default]
++ssl_conf = 0-SNI-default-ssl
++
++[0-SNI-default-ssl]
++server = 0-SNI-default-server
++server2 = 0-SNI-default-server2
++client = 0-SNI-default-client
++
++[0-SNI-default-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[0-SNI-default-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[0-SNI-default-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-0]
++ExpectedResult = Success
++ServerName = server2
++
++
+diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in
+new file mode 100644
+index 000000000000..db0250b00865
+--- /dev/null
++++ b/test/ssl-tests/05-sni.conf.in
+@@ -0,0 +1,25 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## SSL test configurations
++
++use strict;
++use warnings;
++
++package ssltests;
++
++our @tests = (
++ {
++ name => "SNI-default",
++ server => { },
++ client => { },
++ test => { "ServerName" => "server2",
++ "ExpectedResult" => "Success" },
++ },
++);
+diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf
+new file mode 100644
+index 000000000000..3a22e6907b9d
+--- /dev/null
++++ b/test/ssl-tests/06-sni-ticket.conf
+@@ -0,0 +1,650 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 17
++
++test-0 = 0-sni-session-ticket
++test-1 = 1-sni-session-ticket
++test-2 = 2-sni-session-ticket
++test-3 = 3-sni-session-ticket
++test-4 = 4-sni-session-ticket
++test-5 = 5-sni-session-ticket
++test-6 = 6-sni-session-ticket
++test-7 = 7-sni-session-ticket
++test-8 = 8-sni-session-ticket
++test-9 = 9-sni-session-ticket
++test-10 = 10-sni-session-ticket
++test-11 = 11-sni-session-ticket
++test-12 = 12-sni-session-ticket
++test-13 = 13-sni-session-ticket
++test-14 = 14-sni-session-ticket
++test-15 = 15-sni-session-ticket
++test-16 = 16-sni-session-ticket
++# ===========================================================
++
++[0-sni-session-ticket]
++ssl_conf = 0-sni-session-ticket-ssl
++
++[0-sni-session-ticket-ssl]
++server = 0-sni-session-ticket-server
++server2 = 0-sni-session-ticket-server2
++client = 0-sni-session-ticket-client
++
++[0-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[0-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[0-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-0]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = Broken
++
++
++# ===========================================================
++
++[1-sni-session-ticket]
++ssl_conf = 1-sni-session-ticket-ssl
++
++[1-sni-session-ticket-ssl]
++server = 1-sni-session-ticket-server
++server2 = 1-sni-session-ticket-server2
++client = 1-sni-session-ticket-client
++
++[1-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[1-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[1-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-1]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = Yes
++
++
++# ===========================================================
++
++[2-sni-session-ticket]
++ssl_conf = 2-sni-session-ticket-ssl
++
++[2-sni-session-ticket-ssl]
++server = 2-sni-session-ticket-server
++server2 = 2-sni-session-ticket-server2
++client = 2-sni-session-ticket-client
++
++[2-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[2-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[2-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-2]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = Yes
++
++
++# ===========================================================
++
++[3-sni-session-ticket]
++ssl_conf = 3-sni-session-ticket-ssl
++
++[3-sni-session-ticket-ssl]
++server = 3-sni-session-ticket-server
++server2 = 3-sni-session-ticket-server2
++client = 3-sni-session-ticket-client
++
++[3-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[3-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[3-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-3]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = Yes
++
++
++# ===========================================================
++
++[4-sni-session-ticket]
++ssl_conf = 4-sni-session-ticket-ssl
++
++[4-sni-session-ticket-ssl]
++server = 4-sni-session-ticket-server
++server2 = 4-sni-session-ticket-server2
++client = 4-sni-session-ticket-client
++
++[4-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[4-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[4-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-4]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[5-sni-session-ticket]
++ssl_conf = 5-sni-session-ticket-ssl
++
++[5-sni-session-ticket-ssl]
++server = 5-sni-session-ticket-server
++server2 = 5-sni-session-ticket-server2
++client = 5-sni-session-ticket-client
++
++[5-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[5-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[5-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-5]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[6-sni-session-ticket]
++ssl_conf = 6-sni-session-ticket-ssl
++
++[6-sni-session-ticket-ssl]
++server = 6-sni-session-ticket-server
++server2 = 6-sni-session-ticket-server2
++client = 6-sni-session-ticket-client
++
++[6-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[6-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[6-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-6]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[7-sni-session-ticket]
++ssl_conf = 7-sni-session-ticket-ssl
++
++[7-sni-session-ticket-ssl]
++server = 7-sni-session-ticket-server
++server2 = 7-sni-session-ticket-server2
++client = 7-sni-session-ticket-client
++
++[7-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[7-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[7-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-7]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[8-sni-session-ticket]
++ssl_conf = 8-sni-session-ticket-ssl
++
++[8-sni-session-ticket-ssl]
++server = 8-sni-session-ticket-server
++server2 = 8-sni-session-ticket-server2
++client = 8-sni-session-ticket-client
++
++[8-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[8-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[8-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-8]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[9-sni-session-ticket]
++ssl_conf = 9-sni-session-ticket-ssl
++
++[9-sni-session-ticket-ssl]
++server = 9-sni-session-ticket-server
++server2 = 9-sni-session-ticket-server2
++client = 9-sni-session-ticket-client
++
++[9-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[9-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[9-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-9]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[10-sni-session-ticket]
++ssl_conf = 10-sni-session-ticket-ssl
++
++[10-sni-session-ticket-ssl]
++server = 10-sni-session-ticket-server
++server2 = 10-sni-session-ticket-server2
++client = 10-sni-session-ticket-client
++
++[10-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[10-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[10-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-10]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[11-sni-session-ticket]
++ssl_conf = 11-sni-session-ticket-ssl
++
++[11-sni-session-ticket-ssl]
++server = 11-sni-session-ticket-server
++server2 = 11-sni-session-ticket-server2
++client = 11-sni-session-ticket-client
++
++[11-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[11-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[11-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-11]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[12-sni-session-ticket]
++ssl_conf = 12-sni-session-ticket-ssl
++
++[12-sni-session-ticket-ssl]
++server = 12-sni-session-ticket-server
++server2 = 12-sni-session-ticket-server2
++client = 12-sni-session-ticket-client
++
++[12-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[12-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[12-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-12]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[13-sni-session-ticket]
++ssl_conf = 13-sni-session-ticket-ssl
++
++[13-sni-session-ticket-ssl]
++server = 13-sni-session-ticket-server
++server2 = 13-sni-session-ticket-server2
++client = 13-sni-session-ticket-client
++
++[13-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[13-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[13-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-13]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[14-sni-session-ticket]
++ssl_conf = 14-sni-session-ticket-ssl
++
++[14-sni-session-ticket-ssl]
++server = 14-sni-session-ticket-server
++server2 = 14-sni-session-ticket-server2
++client = 14-sni-session-ticket-client
++
++[14-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[14-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[14-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-14]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[15-sni-session-ticket]
++ssl_conf = 15-sni-session-ticket-ssl
++
++[15-sni-session-ticket-ssl]
++server = 15-sni-session-ticket-server
++server2 = 15-sni-session-ticket-server2
++client = 15-sni-session-ticket-client
++
++[15-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[15-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[15-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-15]
++ExpectedResult = Success
++ServerName = server1
++SessionTicketExpected = No
++
++
++# ===========================================================
++
++[16-sni-session-ticket]
++ssl_conf = 16-sni-session-ticket-ssl
++
++[16-sni-session-ticket-ssl]
++server = 16-sni-session-ticket-server
++server2 = 16-sni-session-ticket-server2
++client = 16-sni-session-ticket-client
++
++[16-sni-session-ticket-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[16-sni-session-ticket-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++Options = -SessionTicket
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++
++[16-sni-session-ticket-client]
++CipherString = DEFAULT
++Options = -SessionTicket
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++
++[test-16]
++ExpectedResult = Success
++ServerName = server2
++SessionTicketExpected = No
++
++
+diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in
+new file mode 100644
+index 000000000000..6cd57b61ad9c
+--- /dev/null
++++ b/test/ssl-tests/06-sni-ticket.conf.in
+@@ -0,0 +1,83 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## Test version negotiation
++
++use strict;
++use warnings;
++
++package ssltests;
++
++
++our @tests = ();
++
++sub generate_tests() {
++ foreach my $c ("SessionTicket", "-SessionTicket") {
++ foreach my $s1 ("SessionTicket", "-SessionTicket") {
++ foreach my $s2 ("SessionTicket", "-SessionTicket") {
++ foreach my $n ("server1", "server2") {
++ my $result = expected_result($c, $s1, $s2, $n);
++ push @tests, {
++ "name" => "sni-session-ticket",
++ "client" => {
++ "Options" => $c,
++ },
++ "server" => {
++ "Options" => $s1,
++ },
++ "server2" => {
++ "Options" => $s2,
++ },
++ "test" => {
++ "ServerName" => $n,
++ "ExpectedResult" => "Success",
++ "SessionTicketExpected" => $result,
++ }
++ };
++ }
++ }
++ }
++ }
++}
++
++# If the client has session tickets disabled, then No support
++# If the server initial_ctx has session tickets disabled, then No support
++# If SNI is in use, then if the "switched-to" context has session tickets disabled,
++# then No support
++sub expected_result {
++ my ($c, $s1, $s2, $n) = @_;
++
++ return "No" if $c eq "-SessionTicket";
++ return "No" if $s1 eq "-SessionTicket";
++ return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
++
++ return "Yes";
++
++}
++
++# Add a "Broken" case.
++push @tests, {
++ "name" => "sni-session-ticket",
++ "client" => {
++ "Options" => "SessionTicket",
++ },
++ "server" => {
++ "Options" => "SessionTicket",
++ },
++ "server2" => {
++ "Options" => "SessionTicket",
++ },
++ "test" => {
++ "ServerName" => "server1",
++ "ExpectedResult" => "Success",
++ "SessionTicketExpected" => "Broken",
++ }
++};
++
++generate_tests();
diff --git a/test/ssl-tests/ssltests_base.pm b/test/ssl-tests/ssltests_base.pm
-index 387043e..303224a 100644
+index 387043e3759b..303224a3d92b 100644
--- a/test/ssl-tests/ssltests_base.pm
+++ b/test/ssl-tests/ssltests_base.pm
@@ -1,4 +1,10 @@
@@ -128524,10 +162896,10 @@
## SSL test configurations
diff --git a/test/ssl_test.c b/test/ssl_test.c
-index dfe71cb..a86f231 100644
+index dfe71cbc5614..56dcef5510d7 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
-@@ -1,11 +1,10 @@
+@@ -1,14 +1,14 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
@@ -128542,7 +162914,11 @@
*/
#include <stdio.h>
-@@ -44,8 +43,8 @@ static int check_result(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++#include <string.h>
+
+ #include <openssl/conf.h>
+ #include <openssl/err.h>
+@@ -44,8 +44,8 @@ static int check_result(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
{
if (result.result != test_ctx->expected_result) {
fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n",
@@ -128553,7 +162929,105 @@
return 0;
}
return 1;
-@@ -160,7 +159,7 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
+@@ -123,6 +123,33 @@ static int check_protocol(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+ return 1;
+ }
+
++static int check_servername(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++{
++ if (result.servername != test_ctx->servername) {
++ fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
++ ssl_servername_name(test_ctx->servername),
++ ssl_servername_name(result.servername));
++ return 0;
++ }
++ return 1;
++}
++
++static int check_session_ticket_expected(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
++{
++ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
++ return 1;
++ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN &&
++ result.session_ticket == SSL_TEST_SESSION_TICKET_NO)
++ return 1;
++ if (result.session_ticket != test_ctx->session_ticket_expected) {
++ fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
++ ssl_session_ticket_expected_name(test_ctx->session_ticket_expected),
++ ssl_session_ticket_expected_name(result.session_ticket));
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * This could be further simplified by constructing an expected
+ * HANDSHAKE_RESULT, and implementing comparison methods for
+@@ -133,40 +160,74 @@ static int check_test(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+ int ret = 1;
+ ret &= check_result(result, test_ctx);
+ ret &= check_alerts(result, test_ctx);
+- if (result.result == SSL_TEST_SUCCESS)
++ if (result.result == SSL_TEST_SUCCESS) {
+ ret &= check_protocol(result, test_ctx);
++ ret &= check_servername(result, test_ctx);
++ ret &= check_session_ticket_expected(result, test_ctx);
++ ret &= (result.session_ticket_do_not_call == 0);
++ }
+ return ret;
+ }
+
++static int servername_callback(SSL *s, int *ad, void *arg)
++{
++ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
++ if (servername != NULL && !strcmp(servername, "server2")) {
++ SSL_CTX *new_ctx = (SSL_CTX*)arg;
++ SSL_set_SSL_CTX(s, new_ctx);
++ /*
++ * Copy over all the SSL_CTX options - reasonable behavior
++ * allows testing of cases where the options between two
++ * contexts differ/conflict
++ */
++ SSL_clear_options(s, 0xFFFFFFFFL);
++ SSL_set_options(s, SSL_CTX_get_options(new_ctx));
++ }
++ return SSL_TLSEXT_ERR_OK;
++}
++
+ static int execute_test(SSL_TEST_FIXTURE fixture)
+ {
+ int ret = 0;
+- SSL_CTX *server_ctx = NULL, *client_ctx = NULL;
++ SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL;
+ SSL_TEST_CTX *test_ctx = NULL;
+ HANDSHAKE_RESULT result;
+
+ server_ctx = SSL_CTX_new(TLS_server_method());
++ server2_ctx = SSL_CTX_new(TLS_server_method());
+ client_ctx = SSL_CTX_new(TLS_client_method());
+- OPENSSL_assert(server_ctx != NULL && client_ctx != NULL);
++ OPENSSL_assert(server_ctx != NULL && server2_ctx != NULL && client_ctx != NULL);
+
+ OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
+
+ if (!SSL_CTX_config(server_ctx, "server")
+- || !SSL_CTX_config(client_ctx, "client")) {
++ || !SSL_CTX_config(server2_ctx, "server2")
++ || !SSL_CTX_config(client_ctx, "client")) {
+ goto err;
+ }
+
++ /* link the two contexts for SNI purposes */
++ SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_callback);
++ SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
++ /*
++ * The initial_ctx/session_ctx always handles the encrypt/decrypt of the
++ * session ticket. This ticket_key callback is assigned to the second
++ * session (assigned via SNI), and should never be invoked
++ */
++ SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, do_not_call_session_ticket_callback);
++
+ test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
if (test_ctx == NULL)
goto err;
@@ -128562,8 +163036,41 @@
ret = check_test(result, test_ctx);
+ err:
+ CONF_modules_unload(0);
+ SSL_CTX_free(server_ctx);
++ SSL_CTX_free(server2_ctx);
+ SSL_CTX_free(client_ctx);
+ SSL_TEST_CTX_free(test_ctx);
+ if (ret != 1)
+diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl
+index b3c953a54b5c..d4c0c87616a9 100644
+--- a/test/ssl_test.tmpl
++++ b/test/ssl_test.tmpl
+@@ -3,6 +3,7 @@ ssl_conf = {-$testname-}-ssl
+
+ [{-$testname-}-ssl]
+ server = {-$testname-}-server
++server2 = {-$testname-}-server2
+ client = {-$testname-}-client
+
+ [{-$testname-}-server]
+@@ -12,6 +13,13 @@ client = {-$testname-}-client
+ }
+ -}
+
++[{-$testname-}-server2]
++{-
++ foreach my $key (sort keys %server2) {
++ $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
++ }
++-}
++
+ [{-$testname-}-client]
+ {-
+ foreach my $key (sort keys %client) {
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
-index 0c1bbbd..cfad185 100644
+index 0c1bbbde9e87..598c89996ccf 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -1,11 +1,10 @@
@@ -128598,7 +163105,7 @@
};
__owur static int parse_alert(int *alert, const char *value)
-@@ -126,6 +126,34 @@ const char *ssl_protocol_name(int protocol)
+@@ -126,6 +126,90 @@ const char *ssl_protocol_name(int protocol)
return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
}
@@ -128630,18 +163137,76 @@
+ callback);
+}
+
++/**************/
++/* ServerName */
++/**************/
++
++static const test_enum ssl_servername[] = {
++ {"server1", SSL_TEST_SERVERNAME_SERVER1},
++ {"server2", SSL_TEST_SERVERNAME_SERVER2},
++};
++
++__owur static int parse_servername(SSL_TEST_CTX *test_ctx,
++ const char *value)
++{
++ int ret_value;
++ if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
++ &ret_value, value)) {
++ return 0;
++ }
++ test_ctx->servername = ret_value;
++ return 1;
++}
++
++const char *ssl_servername_name(ssl_servername_t server)
++{
++ return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
++ server);
++}
++
++/*************************/
++/* SessionTicketExpected */
++/*************************/
++
++static const test_enum ssl_session_ticket_expected[] = {
++ {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
++ {"Yes", SSL_TEST_SESSION_TICKET_YES},
++ {"No", SSL_TEST_SESSION_TICKET_NO},
++ {"Broken", SSL_TEST_SESSION_TICKET_BROKEN},
++};
++
++__owur static int parse_session_ticket_expected(SSL_TEST_CTX *test_ctx,
++ const char *value)
++{
++ int ret_value;
++ if (!parse_enum(ssl_session_ticket_expected, OSSL_NELEM(ssl_session_ticket_expected),
++ &ret_value, value)) {
++ return 0;
++ }
++ test_ctx->session_ticket_expected = ret_value;
++ return 1;
++}
++
++const char *ssl_session_ticket_expected_name(ssl_session_ticket_expected_t server)
++{
++ return enum_name(ssl_session_ticket_expected,
++ OSSL_NELEM(ssl_session_ticket_expected),
++ server);
++}
/*************************************************************/
/* Known test options and their corresponding parse methods. */
-@@ -141,6 +169,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
+@@ -141,6 +225,9 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ClientAlert", &parse_client_alert },
{ "ServerAlert", &parse_server_alert },
{ "Protocol", &parse_protocol },
+ { "ClientVerifyCallback", &parse_client_verify_callback },
++ { "ServerName", &parse_servername },
++ { "SessionTicketExpected", &parse_session_ticket_expected },
};
-@@ -153,7 +182,6 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
+@@ -153,7 +240,6 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
SSL_TEST_CTX *ret;
ret = OPENSSL_zalloc(sizeof(*ret));
OPENSSL_assert(ret != NULL);
@@ -128650,7 +163215,7 @@
}
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
-index a183272..fe92807 100644
+index a183272b4e3a..e7570856b129 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -1,11 +1,10 @@
@@ -128668,7 +163233,7 @@
*/
#ifndef HEADER_SSL_TEST_CTX_H
-@@ -15,12 +14,18 @@
+@@ -15,12 +14,30 @@
#include <openssl/ssl.h>
typedef enum {
@@ -128685,15 +163250,30 @@
+ SSL_TEST_VERIFY_REJECT_ALL
+} ssl_verify_callback_t;
+
++typedef enum {
++ SSL_TEST_SERVERNAME_SERVER1 = 0, /* Default */
++ SSL_TEST_SERVERNAME_SERVER2
++} ssl_servername_t;
++
++typedef enum {
++ SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */
++ SSL_TEST_SESSION_TICKET_YES,
++ SSL_TEST_SESSION_TICKET_NO,
++ SSL_TEST_SESSION_TICKET_BROKEN, /* Special test */
++} ssl_session_ticket_expected_t;
++
typedef struct ssl_test_ctx {
/* Test expectations. */
/* Defaults to SUCCESS. */
-@@ -34,11 +39,14 @@ typedef struct ssl_test_ctx {
+@@ -34,11 +51,19 @@ typedef struct ssl_test_ctx {
/* Negotiated protocol version. 0 if no expectation. */
/* See ssl.h for protocol versions. */
int protocol;
+ /* One of a number of predefined custom callbacks. */
+ ssl_verify_callback_t client_verify_callback;
++ /* One of a number of predefined server names use by the client */
++ ssl_servername_t servername;
++ ssl_session_ticket_expected_t session_ticket_expected;
} SSL_TEST_CTX;
-const char *ssl_test_result_t_name(ssl_test_result_t result);
@@ -128701,11 +163281,13 @@
const char *ssl_alert_name(int alert);
const char *ssl_protocol_name(int protocol);
+const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
++const char *ssl_servername_name(ssl_servername_t server);
++const char *ssl_session_ticket_expected_name(ssl_session_ticket_expected_t server);
/*
* Load the test case context from |conf|.
diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c
-index 3c6fa71..d24bcd7 100644
+index 3c6fa715f2fb..6b202ef3e50d 100644
--- a/test/ssl_test_ctx_test.c
+++ b/test/ssl_test_ctx_test.c
@@ -1,11 +1,10 @@
@@ -128723,7 +163305,7 @@
*/
/*
-@@ -37,26 +36,32 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
+@@ -37,26 +36,44 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
{
if (ctx->expected_result != ctx2->expected_result) {
fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
@@ -128761,46 +163343,70 @@
+ fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
+ ssl_verify_callback_name(ctx->client_verify_callback),
+ ssl_verify_callback_name(ctx2->client_verify_callback));
++ return 0;
++ }
++ if (ctx->servername != ctx2->servername) {
++ fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
++ ssl_servername_name(ctx->servername),
++ ssl_servername_name(ctx2->servername));
++ return 0;
++ }
++ if (ctx->session_ticket_expected != ctx2->session_ticket_expected) {
++ fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
++ ssl_session_ticket_expected_name(ctx->session_ticket_expected),
++ ssl_session_ticket_expected_name(ctx2->session_ticket_expected));
return 0;
}
-@@ -136,6 +141,7 @@ static int test_good_configuration()
+@@ -136,6 +153,9 @@ static int test_good_configuration()
fixture.expected_ctx->client_alert = SSL_AD_UNKNOWN_CA;
fixture.expected_ctx->server_alert = 0; /* No alert. */
fixture.expected_ctx->protocol = TLS1_1_VERSION;
-+ fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL,
++ fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL;
++ fixture.expected_ctx->servername = SSL_TEST_SERVERNAME_SERVER2;
++ fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
EXECUTE_SSL_TEST_CTX_TEST();
}
-@@ -144,6 +150,7 @@ static const char *bad_configurations[] = {
+@@ -144,6 +164,9 @@ static const char *bad_configurations[] = {
"ssltest_unknown_expected_result",
"ssltest_unknown_alert",
"ssltest_unknown_protocol",
+ "ssltest_unknown_verify_callback",
++ "ssltest_unknown_servername",
++ "ssltest_unknown_session_ticket_expected",
};
static int test_bad_configuration(int idx)
diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf
-index 2e6800e..3b14605 100644
+index 2e6800e90d2d..7a8ffc83643b 100644
--- a/test/ssl_test_ctx_test.conf
+++ b/test/ssl_test_ctx_test.conf
-@@ -4,6 +4,7 @@
+@@ -4,6 +4,9 @@
ExpectedResult = ServerFail
ClientAlert = UnknownCA
Protocol = TLSv1.1
+ClientVerifyCallback = RejectAll
++ServerName = server2
++SessionTicketExpected = Yes
[ssltest_unknown_option]
UnknownOption = Foo
-@@ -16,3 +17,6 @@ ServerAlert = Foo
+@@ -16,3 +19,12 @@ ServerAlert = Foo
[ssltest_unknown_protocol]
Protocol = Foo
+
+[ssltest_unknown_verify_callback]
+ClientVerifyCallback = Foo
++
++[ssltest_unknown_servername]
++ServerName = Foo
++
++[ssltest_unknown_session_ticket_expected]
++SessionTicketExpected = Foo
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
-index 2fd7da8..f7db91c 100644
+index 2fd7da824adf..bc73380146fe 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1,112 +1,12 @@
@@ -128923,7 +163529,22 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
-@@ -191,7 +91,6 @@
+@@ -140,8 +40,12 @@
+ */
+
+ /* Or gethostname won't be declared properly on Linux and GNU platforms. */
+-#define _BSD_SOURCE 1
+-#define _DEFAULT_SOURCE 1
++#ifndef _BSD_SOURCE
++# define _BSD_SOURCE 1
++#endif
++#ifndef _DEFAULT_SOURCE
++# define _DEFAULT_SOURCE 1
++#endif
+
+ #include <assert.h>
+ #include <errno.h>
+@@ -191,7 +95,6 @@
# include <openssl/ct.h>
#endif
@@ -128931,7 +163552,7 @@
#include "../ssl/ssl_locl.h"
/*
-@@ -223,9 +122,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+@@ -223,9 +126,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
struct app_verify_arg {
char *string;
int app_verify;
@@ -128941,7 +163562,7 @@
};
#ifndef OPENSSL_NO_DH
-@@ -799,7 +695,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
+@@ -799,7 +699,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
@@ -128949,7 +163570,7 @@
static void sv_usage(void)
{
-@@ -810,10 +705,6 @@ static void sv_usage(void)
+@@ -810,10 +709,6 @@ static void sv_usage(void)
#endif
fprintf(stderr, " -server_auth - check server certificate\n");
fprintf(stderr, " -client_auth - do client authentication\n");
@@ -128960,7 +163581,7 @@
fprintf(stderr, " -v - more output\n");
fprintf(stderr, " -d - debug output\n");
fprintf(stderr, " -reuse - use session-id reuse\n");
-@@ -870,10 +761,6 @@ static void sv_usage(void)
+@@ -870,10 +765,6 @@ static void sv_usage(void)
fprintf(stderr,
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
@@ -128971,7 +163592,7 @@
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr, " -npn_client - have client side offer NPN\n");
fprintf(stderr, " -npn_server - have server side offer NPN\n");
-@@ -1074,7 +961,7 @@ int main(int argc, char *argv[])
+@@ -1074,7 +965,7 @@ int main(int argc, char *argv[])
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
@@ -128980,7 +163601,7 @@
char *p;
SSL_CTX *c_ctx = NULL;
const SSL_METHOD *meth = NULL;
-@@ -1102,7 +989,6 @@ int main(int argc, char *argv[])
+@@ -1102,7 +993,6 @@ int main(int argc, char *argv[])
COMP_METHOD *cm = NULL;
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
#endif
@@ -128988,7 +163609,7 @@
#ifdef OPENSSL_FIPS
int fips_mode = 0;
#endif
-@@ -1185,15 +1071,7 @@ int main(int argc, char *argv[])
+@@ -1185,15 +1075,7 @@ int main(int argc, char *argv[])
server_auth = 1;
else if (strcmp(*argv, "-client_auth") == 0)
client_auth = 1;
@@ -129005,7 +163626,7 @@
verbose = 1;
else if (strcmp(*argv, "-d") == 0)
debug = 1;
-@@ -1313,13 +1191,9 @@ int main(int argc, char *argv[])
+@@ -1313,13 +1195,9 @@ int main(int argc, char *argv[])
#endif
else if (strcmp(*argv, "-app_verify") == 0) {
app_verify_arg.app_verify = 1;
@@ -129020,7 +163641,7 @@
npn_client = 1;
} else if (strcmp(*argv, "-npn_server") == 0) {
npn_server = 1;
-@@ -1454,22 +1328,6 @@ int main(int argc, char *argv[])
+@@ -1454,22 +1332,6 @@ int main(int argc, char *argv[])
goto end;
}
@@ -129043,7 +163664,7 @@
if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
-@@ -3051,23 +2909,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
+@@ -3051,23 +2913,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
return (ret);
}
@@ -129067,7 +163688,7 @@
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char *s, buf[256];
-@@ -3100,341 +2941,13 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)
+@@ -3100,341 +2945,13 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)
}
}
@@ -129409,14 +164030,14 @@
if (cb_arg->app_verify) {
char *s = NULL, buf[256];
-@@ -3452,61 +2965,9 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+@@ -3452,61 +2969,9 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
}
return (1);
}
- if (cb_arg->proxy_auth) {
- int found_any = 0, i;
- char *sp;
--
+
- for (i = 0; i < 26; i++)
- letters[i] = 0;
- for (sp = cb_arg->proxy_auth; *sp; sp++) {
@@ -129437,7 +164058,7 @@
- if (!found_any)
- printf("none");
- printf("\n");
-
+-
- X509_STORE_CTX_set_ex_data(ctx,
- get_proxy_auth_ex_data_idx(), letters);
- }
@@ -129471,7 +164092,7 @@
return (ok);
}
-@@ -3726,33 +3187,3 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
+@@ -3726,33 +3191,3 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
return psk_len;
}
#endif
@@ -129505,8 +164126,228 @@
-
- return 1;
-}
+diff --git a/test/test_aesni b/test/test_aesni
+deleted file mode 100755
+index 3929c7574bba..000000000000
+--- a/test/test_aesni
++++ /dev/null
+@@ -1,68 +0,0 @@
+-#!/bin/sh
+-
+-PROG=$1
+-
+-if [ -x $PROG ]; then
+- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
+- :
+- else
+- echo "$PROG is not OpenSSL executable"
+- exit 1
+- fi
+-else
+- echo "$PROG is not executable"
+- exit 1;
+-fi
+-
+-if [ 1 ]; then
+-
+- HASH=`cat $PROG | $PROG dgst -hex`
+-
+- AES_ALGS=" aes-128-ctr aes-128-ecb aes-128-cbc aes-128-cfb aes-128-ofb \
+- aes-192-ctr aes-192-ecb aes-192-cbc aes-192-cfb aes-192-ofb \
+- aes-256-ctr aes-256-ecb aes-256-cbc aes-256-cfb aes-256-ofb"
+- BUFSIZE="16 32 48 64 80 96 128 144 999"
+-
+- nerr=0
+-
+- for alg in $AES_ALGS; do
+- echo $alg
+- for bufsize in $BUFSIZE; do
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
+- env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -d -k "$HASH" -$alg | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg/$bufsize encrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+- for bufsize in $BUFSIZE; do
+- TEST=`( cat $PROG | \
+- env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -e -k "$HASH" -$alg | \
+- $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg/$bufsize decrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg | \
+- $PROG enc -d -k "$HASH" -$alg | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg en/decrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+-
+- if [ $nerr -gt 0 ]; then
+- echo "AESNI engine test failed."
+- exit 1;
+- fi
+-else
+- echo "AESNI engine is not available"
+-fi
+-
+-exit 0
+diff --git a/test/test_padlock b/test/test_padlock
+deleted file mode 100755
+index 5c0f21043ced..000000000000
+--- a/test/test_padlock
++++ /dev/null
+@@ -1,64 +0,0 @@
+-#!/bin/sh
+-
+-PROG=$1
+-
+-if [ -x $PROG ]; then
+- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
+- :
+- else
+- echo "$PROG is not OpenSSL executable"
+- exit 1
+- fi
+-else
+- echo "$PROG is not executable"
+- exit 1;
+-fi
+-
+-if $PROG engine padlock | grep -v no-ACE; then
+-
+- HASH=`cat $PROG | $PROG dgst -hex`
+-
+- ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
+- aes-128-cbc aes-192-cbc aes-256-cbc \
+- aes-128-cfb aes-192-cfb aes-256-cfb \
+- aes-128-ofb aes-192-ofb aes-256-ofb"
+-
+- nerr=0
+-
+- for alg in $ACE_ALGS; do
+- echo $alg
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
+- $PROG enc -d -k "$HASH" -$alg | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg encrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg | \
+- $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg decrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg -engine padlock | \
+- $PROG enc -d -k "$HASH" -$alg -engine padlock | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg en/decrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+-
+- if [ $nerr -gt 0 ]; then
+- echo "PadLock ACE test failed."
+- exit 1;
+- fi
+-else
+- echo "PadLock ACE is not available"
+-fi
+-
+-exit 0
+diff --git a/test/test_t4 b/test/test_t4
+deleted file mode 100755
+index 5cecb56394f6..000000000000
+--- a/test/test_t4
++++ /dev/null
+@@ -1,70 +0,0 @@
+-#!/bin/sh
+-
+-PROG=$1
+-
+-if [ -x $PROG ]; then
+- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
+- :
+- else
+- echo "$PROG is not OpenSSL executable"
+- exit 1
+- fi
+-else
+- echo "$PROG is not executable"
+- exit 1;
+-fi
+-
+-if [ 1 ]; then
+-
+- HASH=`cat $PROG | $PROG dgst -hex`
+-
+- AES_ALGS=" des-cbc des-ede-cbc des-ede3-cbc \
+- camellia-128-cbc camellia-128-cfb \
+- camellia-192-cbc camellia-192-cfb \
+- camellia-256-cbc camellia-256-cfb \
+- aes-128-ctr aes-128-cbc aes-128-cfb aes-128-ofb \
+- aes-192-ctr aes-192-cbc aes-192-cfb aes-192-ofb \
+- aes-256-ctr aes-256-cbc aes-256-cfb aes-256-ofb"
+- BUFSIZE="16 32 48 999"
+-
+- nerr=0
+-
+- for alg in $AES_ALGS; do
+- echo $alg
+- for bufsize in $BUFSIZE; do
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
+- env OPENSSL_sparcv9cap=0 $PROG enc -d -k "$HASH" -$alg | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg/$bufsize encrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+- for bufsize in $BUFSIZE; do
+- TEST=`( cat $PROG | \
+- env OPENSSL_sparcv9cap=0 $PROG enc -e -k "$HASH" -$alg | \
+- $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg/$bufsize decrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+- TEST=`( cat $PROG | \
+- $PROG enc -e -k "$HASH" -$alg | \
+- $PROG enc -d -k "$HASH" -$alg | \
+- $PROG dgst -hex ) 2>/dev/null`
+- if [ "$TEST" != "$HASH" ]; then
+- echo "-$alg en/decrypt test failed"
+- nerr=`expr $nerr + 1`
+- fi
+- done
+-
+- if [ $nerr -gt 0 ]; then
+- echo "SPARC T4 test failed."
+- exit 1
+- fi
+-fi
+-
+-exit 0
diff --git a/test/testlib/OpenSSL/Test.pm b/test/testlib/OpenSSL/Test.pm
-index 28c915a..8a7d0a0 100644
+index 28c915af7b3e..2cfb22a6533a 100644
--- a/test/testlib/OpenSSL/Test.pm
+++ b/test/testlib/OpenSSL/Test.pm
@@ -1,3 +1,10 @@
@@ -129520,7 +164361,40 @@
package OpenSSL::Test;
use strict;
-@@ -728,8 +735,8 @@ sub __exeext {
+@@ -346,6 +353,18 @@ sub run {
+ my $r = 0;
+ my $e = 0;
+
++ # In non-verbose, we want to shut up the command interpreter, in case
++ # it has something to complain about. On VMS, it might complain both
++ # on stdout and stderr
++ my $save_STDOUT;
++ my $save_STDERR;
++ if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
++ open $save_STDOUT, '>&', \*STDOUT or die "Can't dup STDOUT: $!";
++ open $save_STDERR, '>&', \*STDERR or die "Can't dup STDERR: $!";
++ open STDOUT, ">", devnull();
++ open STDERR, ">", devnull();
++ }
++
+ # The dance we do with $? is the same dance the Unix shells appear to
+ # do. For example, a program that gets aborted (and therefore signals
+ # SIGABRT = 6) will appear to exit with the code 134. We mimic this
+@@ -359,6 +378,13 @@ sub run {
+ $r = $hooks{exit_checker}->($e);
+ }
+
++ if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
++ close STDOUT;
++ close STDERR;
++ open STDOUT, '>&', $save_STDOUT or die "Can't restore STDOUT: $!";
++ open STDERR, '>&', $save_STDERR or die "Can't restore STDERR: $!";
++ }
++
+ print STDERR "$prefix$display_cmd => $e\n"
+ if !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE};
+
+@@ -728,8 +754,8 @@ sub __exeext {
sub __test_file {
BAIL_OUT("Must run setup() first") if (! $test_name);
@@ -129531,7 +164405,7 @@
$f = catfile($directories{SRCTEST}, at _,$f) unless -x $f;
return $f;
}
-@@ -746,8 +753,8 @@ sub __perltest_file {
+@@ -746,8 +772,8 @@ sub __perltest_file {
sub __apps_file {
BAIL_OUT("Must run setup() first") if (! $test_name);
@@ -129543,7 +164417,7 @@
return $f;
}
diff --git a/test/testlib/OpenSSL/Test/Simple.pm b/test/testlib/OpenSSL/Test/Simple.pm
-index b596e5f..c5a84d5 100644
+index b596e5f2e877..c5a84d5ca365 100644
--- a/test/testlib/OpenSSL/Test/Simple.pm
+++ b/test/testlib/OpenSSL/Test/Simple.pm
@@ -1,3 +1,10 @@
@@ -129558,7 +164432,7 @@
use strict;
diff --git a/test/testlib/OpenSSL/Test/Utils.pm b/test/testlib/OpenSSL/Test/Utils.pm
-index da35b14..665bfc6 100644
+index da35b14955b1..665bfc631082 100644
--- a/test/testlib/OpenSSL/Test/Utils.pm
+++ b/test/testlib/OpenSSL/Test/Utils.pm
@@ -1,3 +1,10 @@
@@ -129582,13 +164456,15 @@
# single string
sub disabled {
diff --git a/test/testutil.c b/test/testutil.c
-index 3f63784..9a67630 100644
+index 3f6378488027..9a67630fd3f9 100644
--- a/test/testutil.c
+++ b/test/testutil.c
@@ -1,58 +1,10 @@
-/*-
- * Utilities for writing OpenSSL unit tests.
-- *
++/*
++ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * More information:
- * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
- *
@@ -129627,9 +164503,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -129651,13 +164525,15 @@
#include "testutil.h"
diff --git a/test/testutil.h b/test/testutil.h
-index 2ae3d7d..0170a22 100644
+index 2ae3d7d16c39..0170a226f714 100644
--- a/test/testutil.h
+++ b/test/testutil.h
@@ -1,58 +1,10 @@
-/*-
- * Utilities for writing OpenSSL unit tests.
-- *
++/*
++ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
- * More information:
- * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
- *
@@ -129696,9 +164572,7 @@
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
+- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -129720,7 +164594,7 @@
#ifndef HEADER_TESTUTIL_H
diff --git a/test/threadstest.c b/test/threadstest.c
-index e3a9ff5..db864b2 100644
+index e3a9ff5849ca..db864b290016 100644
--- a/test/threadstest.c
+++ b/test/threadstest.c
@@ -1,56 +1,15 @@
@@ -129786,8 +164660,175 @@
#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+diff --git a/test/times b/test/times
+deleted file mode 100644
+index 6b66eb342e6c..000000000000
+--- a/test/times
++++ /dev/null
+@@ -1,113 +0,0 @@
+-
+-More number for the questions about SSL overheads....
+-
+-The following numbers were generated on a Pentium pro 200, running Linux.
+-They give an indication of the SSL protocol and encryption overheads.
+-
+-The program that generated them is an unreleased version of ssl/ssltest.c
+-which is the SSLeay ssl protocol testing program. It is a single process that
+-talks both sides of the SSL protocol via a non-blocking memory buffer
+-interface.
+-
+-How do I read this? The protocol and cipher are reasonable obvious.
+-The next number is the number of connections being made. The next is the
+-number of bytes exchanged between the client and server side of the protocol.
+-This is the number of bytes that the client sends to the server, and then
+-the server sends back. Because this is all happening in one process,
+-the data is being encrypted, decrypted, encrypted and then decrypted again.
+-It is a round trip of that many bytes. Because the one process performs
+-both the client and server sides of the protocol and it sends this many bytes
+-each direction, multiply this number by 4 to generate the number
+-of bytes encrypted/decrypted/MACed. The first time value is how many seconds
+-elapsed doing a full SSL handshake, the second is the cost of one
+-full handshake and the rest being session-id reuse.
+-
+-SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
+-SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
+-SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
+-SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
+-SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
+-SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
+-SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
+-
+-SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
+-SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
+-SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
+-SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
+-SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
+-SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
+-
+-SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
+-SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
+-SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
+-SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
+-SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
+-SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
+-SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
+-
+-SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
+-SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
+-SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
+-SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
+-SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
+-SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
+-SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
+-
+-What does this all mean? Well for a server, with no session-id reuse, with
+-a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
+-a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
+-about 49 connections a second. Reality will be quite different :-).
+-
+-Remember the first number is 1000 full ssl handshakes, the second is
+-1 full and 999 with session-id reuse. The RSA overheads for each exchange
+-would be one public and one private operation, but the protocol/MAC/cipher
+-cost would be quite similar in both the client and server.
+-
+-eric (adding numbers to speculation)
+-
+---- Appendix ---
+-- The time measured is user time but these number a very rough.
+-- Remember this is the cost of both client and server sides of the protocol.
+-- The TCP/kernel overhead of connection establishment is normally the
+- killer in SSL. Often delays in the TCP protocol will make session-id
+- reuse look slower that new sessions, but this would not be the case on
+- a loaded server.
+-- The TCP round trip latencies, while slowing individual connections,
+- would have minimal impact on throughput.
+-- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
+-- the required number of bytes are processed.
+-- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
+-- A 512bit server key was being used except where noted.
+-- No server key verification was being performed on the client side of the
+- protocol. This would slow things down very little.
+-- The library being used is SSLeay 0.8.x.
+-- The normal measuring system was commands of the form
+- time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
+- This modified version of ssltest should be in the next public release of
+- SSLeay.
+-
+-The general cipher performance number for this platform are
+-
+-SSLeay 0.8.2a 04-Sep-1997
+-built on Fri Sep 5 17:37:05 EST 1997
+-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+-The 'numbers' are in 1000s of bytes per second processed.
+-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+-md2 131.02k 368.41k 500.57k 549.21k 566.09k
+-mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
+-md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
+-sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
+-sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
+-rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
+-des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
+-des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
+-idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
+-rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
+-blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
+- sign verify
+-rsa 512 bits 0.0100s 0.0011s
+-rsa 1024 bits 0.0451s 0.0012s
+-rsa 2048 bits 0.2605s 0.0086s
+-rsa 4096 bits 1.6883s 0.0302s
+-
+diff --git a/test/v3ext.c b/test/v3ext.c
+new file mode 100644
+index 000000000000..1c1f788a7314
+--- /dev/null
++++ b/test/v3ext.c
+@@ -0,0 +1,42 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <stdio.h>
++#include <openssl/x509.h>
++#include <openssl/x509v3.h>
++#include <openssl/pem.h>
++#include <openssl/err.h>
++
++int main(int ac, char **av)
++{
++ X509 *x = NULL;
++ BIO *b = NULL;
++ long pathlen;
++ int ret = 1;
++
++ if (ac != 2) {
++ fprintf(stderr, "Usage error\n");
++ goto end;
++ }
++ b = BIO_new_file(av[1], "r");
++ if (b == NULL)
++ goto end;
++ x = PEM_read_bio_X509(b, NULL, NULL, NULL);
++ if (x == NULL)
++ goto end;
++ pathlen = X509_get_pathlen(x);
++ if (pathlen == 6)
++ ret = 0;
++
++end:
++ ERR_print_errors_fp(stderr);
++ BIO_free(b);
++ X509_free(x);
++ return ret;
++}
diff --git a/test/v3nametest.c b/test/v3nametest.c
-index ac5c9ff..648c1df 100644
+index ac5c9ff432d9..648c1df4dd68 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -1,3 +1,12 @@
@@ -129804,7 +164845,7 @@
#include <openssl/x509v3.h>
#include "../e_os.h"
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
-index 8362de4..cbc6d8c 100644
+index 8362de441416..cbc6d8cc8071 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -1,58 +1,10 @@
@@ -129872,7 +164913,7 @@
#include <stdio.h>
diff --git a/test/wp_test.c b/test/wp_test.c
-index de7aa3d..40859ba 100644
+index de7aa3dcda03..40859bae2902 100644
--- a/test/wp_test.c
+++ b/test/wp_test.c
@@ -1,7 +1,12 @@
@@ -129893,7 +164934,7 @@
#include <stdlib.h>
diff --git a/test/x509aux.c b/test/x509aux.c
new file mode 100644
-index 0000000..4f00196
+index 000000000000..4f00196312b0
--- /dev/null
+++ b/test/x509aux.c
@@ -0,0 +1,226 @@
@@ -130125,7 +165166,7 @@
+}
diff --git a/tools/Makefile.in b/tools/Makefile.in
deleted file mode 100644
-index dec5f75..0000000
+index dec5f750cff7..000000000000
--- a/tools/Makefile.in
+++ /dev/null
@@ -1,62 +0,0 @@
@@ -130192,7 +165233,7 @@
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/tools/build.info b/tools/build.info
-index 3810fbc..059e582 100644
+index 3810fbcbe08f..059e58234576 100644
--- a/tools/build.info
+++ b/tools/build.info
@@ -1,4 +1,7 @@
@@ -130205,8 +165246,126 @@
+ SCRIPTS={- $c_rehash_name -}
+ SOURCE[{- $c_rehash_name -}]=c_rehash.in
ENDIF
+diff --git a/tools/c_hash b/tools/c_hash
+deleted file mode 100644
+index 5e0a9081755d..000000000000
+--- a/tools/c_hash
++++ /dev/null
+@@ -1,9 +0,0 @@
+-#!/bin/sh
+-# print out the hash values
+-#
+-
+-for i in $*
+-do
+- h=`openssl x509 -hash -noout -in $i`
+- echo "$h.0 => $i"
+-done
+diff --git a/tools/c_info b/tools/c_info
+deleted file mode 100644
+index 0e1e633b6fb7..000000000000
+--- a/tools/c_info
++++ /dev/null
+@@ -1,12 +0,0 @@
+-#!/bin/sh
+-#
+-# print the subject
+-#
+-
+-for i in $*
+-do
+- n=`openssl x509 -subject -issuer -enddate -noout -in $i`
+- echo "$i"
+- echo "$n"
+- echo "--------"
+-done
+diff --git a/tools/c_issuer b/tools/c_issuer
+deleted file mode 100644
+index 55821ab740d5..000000000000
+--- a/tools/c_issuer
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#!/bin/sh
+-#
+-# print out the issuer
+-#
+-
+-for i in $*
+-do
+- n=`openssl x509 -issuer -noout -in $i`
+- echo "$i $n"
+-done
+diff --git a/tools/c_name b/tools/c_name
+deleted file mode 100644
+index 28800c0b30c1..000000000000
+--- a/tools/c_name
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#!/bin/sh
+-#
+-# print the subject
+-#
+-
+-for i in $*
+-do
+- n=`openssl x509 -subject -noout -in $i`
+- echo "$i $n"
+-done
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index dc66a9d96258..949e44f07510 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,6 +1,12 @@
+ #!{- $config{perl} -}
+
+ # {- join("\n# ", @autowarntext) -}
++# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
+
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
+@@ -103,7 +109,7 @@ sub hash_dir {
+ print "Doing $_[0]\n";
+ chdir $_[0];
+ opendir(DIR, ".");
+- my @flist = readdir(DIR);
++ my @flist = sort readdir(DIR);
+ closedir DIR;
+ if ( $removelinks ) {
+ # Delete any existing symbolic links
+diff --git a/tools/primes.py b/tools/primes.py
+deleted file mode 100644
+index 61de99f0008d..000000000000
+--- a/tools/primes.py
++++ /dev/null
+@@ -1,21 +0,0 @@
+-primes = [2, 3, 5, 7, 11]
+-safe = False # Not sure if the period's right on safe primes.
+-
+-muliplier = 1 if not safe else 2
+-for p in primes:
+- muliplier *= p
+-
+-offsets = []
+-for x in range(3, muliplier + 3, 2):
+- prime = True
+- for p in primes:
+- if not x % p or (safe and not ((x - 1) / 2) % p):
+- prime = False
+- break
+-
+- if prime:
+- offsets.append(x)
+-
+-print(offsets)
+-print(len(offsets))
+-print(muliplier)
diff --git a/util/TLSProxy/ClientHello.pm b/util/TLSProxy/ClientHello.pm
-index 0586cf9..ec739d2 100644
+index 0586cf9a54af..ec739d2970a1 100644
--- a/util/TLSProxy/ClientHello.pm
+++ b/util/TLSProxy/ClientHello.pm
@@ -1,55 +1,9 @@
@@ -130271,7 +165430,7 @@
use strict;
diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm
-index bbb0ad7..85d5d6b 100644
+index bbb0ad70619a..85d5d6bcd473 100644
--- a/util/TLSProxy/Message.pm
+++ b/util/TLSProxy/Message.pm
@@ -1,55 +1,9 @@
@@ -130336,7 +165495,7 @@
use strict;
diff --git a/util/TLSProxy/NewSessionTicket.pm b/util/TLSProxy/NewSessionTicket.pm
-index 4e8c713..e509985 100644
+index 4e8c71381147..e5099851d5a8 100644
--- a/util/TLSProxy/NewSessionTicket.pm
+++ b/util/TLSProxy/NewSessionTicket.pm
@@ -1,54 +1,9 @@
@@ -130400,7 +165559,7 @@
use strict;
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
-index fcbe248..3b03ea9 100644
+index fcbe2483c4af..3b03ea9eeb2d 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -1,55 +1,9 @@
@@ -130492,7 +165651,7 @@
undef $server_sock;
if ($retry) {
diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
-index 124f924..2a605e3 100644
+index 124f92497922..2a605e33a7de 100644
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@@ -1,55 +1,9 @@
@@ -130557,7 +165716,7 @@
use strict;
diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm
-index 4798f22..ee2fd72 100644
+index 4798f2214051..ee2fd727d26c 100644
--- a/util/TLSProxy/ServerHello.pm
+++ b/util/TLSProxy/ServerHello.pm
@@ -1,55 +1,9 @@
@@ -130622,7 +165781,7 @@
use strict;
diff --git a/util/TLSProxy/ServerKeyExchange.pm b/util/TLSProxy/ServerKeyExchange.pm
-index a3973be..6e5b4cd 100644
+index a3973be96298..6e5b4cdcb42f 100644
--- a/util/TLSProxy/ServerKeyExchange.pm
+++ b/util/TLSProxy/ServerKeyExchange.pm
@@ -1,55 +1,9 @@
@@ -130687,7 +165846,7 @@
use strict;
diff --git a/util/ck_errf.pl b/util/ck_errf.pl
-index 922e5f6..7fc5367 100755
+index 922e5f644bd0..7fc536786e6d 100755
--- a/util/ck_errf.pl
+++ b/util/ck_errf.pl
@@ -1,5 +1,11 @@
@@ -130704,32 +165863,91 @@
# function name in a XXXerr() macro is wrong.
#
diff --git a/util/copy-if-different.pl b/util/copy-if-different.pl
-index ec99e08..2bf7835 100755
+deleted file mode 100755
+index ec99e084b56a..000000000000
--- a/util/copy-if-different.pl
-+++ b/util/copy-if-different.pl
-@@ -1,4 +1,10 @@
++++ /dev/null
+@@ -1,78 +0,0 @@
-#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
-@@ -12,7 +18,7 @@ my @filelist;
-
- foreach my $arg (@ARGV) {
- $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
+-
+-use strict;
+-
+-use Fcntl;
+-
+-# copy-if-different.pl
+-
+-# Copy to the destination if the source is not the same as it.
+-
+-my @filelist;
+-
+-foreach my $arg (@ARGV) {
+- $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
- foreach (glob $arg)
-+ foreach (glob qq("$arg"))
- {
- push @filelist, $_;
- }
+- {
+- push @filelist, $_;
+- }
+-}
+-
+-my $fnum = @filelist;
+-
+-if ($fnum <= 1)
+- {
+- die "Need at least two filenames";
+- }
+-
+-my $dest = pop @filelist;
+-
+-if ($fnum > 2 && ! -d $dest)
+- {
+- die "Destination must be a directory";
+- }
+-
+-foreach (@filelist)
+- {
+- my $dfile;
+- if (-d $dest)
+- {
+- $dfile = $_;
+- $dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
+- $dfile = "$dest/$dfile";
+- }
+- else
+- {
+- $dfile = $dest;
+- }
+-
+- my $buf;
+- if (-f $dfile)
+- {
+- sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+- sysopen(OUT, $dfile, O_RDONLY|O_BINARY)
+- || die "Can't Open $dfile";
+- while (sysread IN, $buf, 10240)
+- {
+- my $b2;
+- goto copy if !sysread(OUT, $b2, 10240) || $buf ne $b2;
+- }
+- goto copy if sysread(OUT, $buf, 1);
+- close(IN);
+- close(OUT);
+- print "NOT copying: $_ to $dfile\n";
+- next;
+- }
+- copy:
+- sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+- sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
+- || die "Can't Open $dfile";
+- while (sysread IN, $buf, 10240)
+- {
+- syswrite(OUT, $buf, length($buf));
+- }
+- close(IN);
+- close(OUT);
+- print "Copying: $_ to $dfile\n";
+- }
+-
diff --git a/util/copy.pl b/util/copy.pl
-index eba6d58..ef4d870 100644
+index eba6d5815e9c..ef4d8708e247 100644
--- a/util/copy.pl
+++ b/util/copy.pl
@@ -1,4 +1,11 @@
@@ -130755,27 +165973,134 @@
push @filelist, $_;
}
diff --git a/util/dirname.pl b/util/dirname.pl
-index d7a66d9..9838e19 100644
+deleted file mode 100644
+index d7a66d96accf..000000000000
--- a/util/dirname.pl
-+++ b/util/dirname.pl
-@@ -1,4 +1,10 @@
++++ /dev/null
+@@ -1,18 +0,0 @@
-#!/usr/local/bin/perl
+-
+-if ($#ARGV < 0) {
+- die "dirname.pl: too few arguments\n";
+-} elsif ($#ARGV > 0) {
+- die "dirname.pl: too many arguments\n";
+-}
+-
+-my $d = $ARGV[0];
+-
+-if ($d =~ m|.*/.*|) {
+- $d =~ s|/[^/]*$||;
+-} else {
+- $d = ".";
+-}
+-
+-print $d,"\n";
+-exit(0);
+diff --git a/util/dofile.pl b/util/dofile.pl
+index 983778f170c1..e0333fe56851 100644
+--- a/util/dofile.pl
++++ b/util/dofile.pl
+@@ -1,5 +1,11 @@
+-#! /usr/bin/perl
+#! /usr/bin/env perl
-+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
++# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ #
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
-
- if ($#ARGV < 0) {
- die "dirname.pl: too few arguments\n";
-diff --git a/util/doc-nit-check.pl b/util/doc-nit-check.pl
-new file mode 100644
-index 0000000..29599f3
++
+ # Reads one or more template files and runs it through Text::Template
+ #
+ # It is assumed that this scripts is called with -Mconfigdata, a module
+diff --git a/util/domd.in b/util/domd.in
+deleted file mode 100755
+index 1569c35eba2d..000000000000
+--- a/util/domd.in
++++ /dev/null
+@@ -1,26 +0,0 @@
+-#!/bin/sh
+-## Wrapper to portably run makedepend or equivalent compiler built-in.
+-## Runs on Makefile.in, generates Makefile
+-## {- join("\n## ", @autowarntext) -}
+-
+-{- "MAKEDEPEND=" . quotify1($config{makedepprog}) -}
+-
+-case "${MAKEDEPEND}" in
+-cat)
+- ;;
+-makedepend)
+- ${MAKEDEPEND} $@ || exit 1
+- ;;
+-*)
+- args="-Werror -MM"
+- while [ $# -gt 0 ]; do
+- if [ "$1" != '--' ] ; then
+- args="$args $1"
+- fi
+- shift
+- done
+- sed -e '/DO NOT DELETE THIS LINE/q' Makefile >Makefile.tmp
+- ${MAKEDEPEND} $args >>Makefile.tmp || exit 1
+- mv Makefile.tmp Makefile
+- ;;
+-esac
+diff --git a/util/extract-names.pl b/util/extract-names.pl
+deleted file mode 100644
+index 0f69335e96c7..000000000000
+--- a/util/extract-names.pl
++++ /dev/null
+@@ -1,26 +0,0 @@
+-#!/usr/bin/perl
+-
+-$/ = ""; # Eat a paragraph at once.
+-while(<STDIN>) {
+- s|\R$||;
+- s/\n/ /gm;
+- if (/^=head1 /) {
+- $name = 0;
+- } elsif ($name) {
+- if (/ - /) {
+- s/ - .*//;
+- s/,\s+/,/g;
+- s/\s+,/,/g;
+- s/^\s+//g;
+- s/\s+$//g;
+- s/\s/_/g;
+- push @words, split ',';
+- }
+- }
+- if (/^=head1 *NAME *$/) {
+- $name = 1;
+- }
+-}
+-
+-print join("\n", @words),"\n";
+-
+diff --git a/util/extract-section.pl b/util/extract-section.pl
+deleted file mode 100644
+index 7a0ba4f69a7a..000000000000
+--- a/util/extract-section.pl
++++ /dev/null
+@@ -1,12 +0,0 @@
+-#!/usr/bin/perl
+-
+-while(<STDIN>) {
+- if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
+- {
+- print "$1\n";
+- exit 0;
+- }
+-}
+-
+-print "$ARGV[0]\n";
+-
+diff --git a/util/find-doc-nits.pl b/util/find-doc-nits.pl
+new file mode 100755
+index 000000000000..69d7c9352136
--- /dev/null
-+++ b/util/doc-nit-check.pl
-@@ -0,0 +1,86 @@
++++ b/util/find-doc-nits.pl
+@@ -0,0 +1,184 @@
+#! /usr/bin/env perl
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -130791,7 +166116,10 @@
+use Pod::Checker;
+use File::Find;
+use File::Basename;
++use Getopt::Std;
+
++our($opt_s);
++
+my $temp = '/tmp/docnits.txt';
+my $OUT;
+
@@ -130806,10 +166134,70 @@
+ crypto => 3,
+ ssl => 3 );
+
++# Cross-check functions in the NAME and SYNOPSIS section.
++sub name_synopsis()
++{
++ my $id = shift;
++ my $filename = shift;
++ my $contents = shift;
++
++ # Get NAME section and all words in it.
++ return unless $contents =~ /=head1 NAME(.*)=head1 SYNOPSIS/ms;
++ my $tmp = $1;
++ $tmp =~ tr/\n/ /;
++ $tmp =~ s/-.*//g;
++ $tmp =~ s/,//g;
++
++ my $dirname = dirname($filename);
++ my $simplename = basename($filename);
++ $simplename =~ s/.pod$//;
++ my $foundfilename = 0;
++ my %foundfilenames = ();
++ my %names;
++ foreach my $n ( split ' ', $tmp ) {
++ $names{$n} = 1;
++ $foundfilename++ if $n eq $simplename;
++ $foundfilenames{$n} = 1
++ if -f "$dirname/$n.pod" && $n ne $simplename;
++ }
++ print "$id the following exist as other .pod files:\n",
++ join(" ", sort keys %foundfilenames), "\n"
++ if %foundfilenames;
++ print "$id $simplename (filename) missing from NAME section\n",
++ unless $foundfilename;
++
++ # Find all functions in SYNOPSIS
++ return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms;
++ my $syn = $1;
++ foreach my $line ( split /\n+/, $syn ) {
++ my $sym;
++ $line =~ s/STACK_OF\([^)]+\)//;
++ if ( $line =~ /typedef.* (\S+);/ ) {
++ $sym = $1;
++ } elsif ( $line =~ /#define (\S+)/ ) {
++ $sym = $1;
++ } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
++ $sym = $1;
++ }
++ else {
++ next;
++ }
++ print "$id $sym missing from NAME section\n"
++ unless defined $names{$sym};
++ $names{$sym} = 2;
++ }
++
++ foreach my $n ( keys %names ) {
++ next if $names{$n} == 2;
++ print "$id $n missing from SYNOPSIS\n";
++ }
++}
++
+sub check()
+{
+ my $filename = shift;
+ my $dirname = basename(dirname($filename));
++
+ my $contents = '';
+ {
+ local $/ = undef;
@@ -130817,104 +166205,177 @@
+ $contents = <POD>;
+ close POD;
+ }
-+ print $OUT "$filename doesn't start with =pod\n"
++
++ my $id = "${filename}:1:";
++
++ &name_synopsis($id, $filename, $contents)
++ unless $contents =~ /=for comment generic/
++ or $contents =~ /=for comment openssl_manual_section:7/
++ or $filename =~ m@/apps/@;
++
++ print "$id doesn't start with =pod\n"
+ if $contents !~ /^=pod/;
-+ print $OUT "$filename doesn't end with =cut\n"
++ print "$id doesn't end with =cut\n"
+ if $contents !~ /=cut\n$/;
-+ print $OUT "$filename more than one cut line.\n"
++ print "$id more than one cut line.\n"
+ if $contents =~ /=cut.*=cut/ms;
-+ print $OUT "$filename missing copyright\n"
++ print "$id missing copyright\n"
+ if $contents !~ /Copyright .* The OpenSSL Project Authors/;
-+ print $OUT "$filename copyright not last\n"
++ print "$id copyright not last\n"
+ if $contents =~ /head1 COPYRIGHT.*=head/ms;
-+ print $OUT "$filename head2 in All uppercase\n"
-+ if $contents =~ /head2.*[A-Z ]+\n/;
++ print "$id head2 in All uppercase\n"
++ if $contents =~ /head2\s+[A-Z ]+\n/;
++ print "$id extra space after head\n"
++ if $contents =~ /=head\d\s\s+/;
++ print "$id period in NAME section\n"
++ if $contents =~ /=head1 NAME.*\.\n.*=head1 SYNOPSIS/ms;
++ print "$id POD markup in NAME section\n"
++ if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
+
-+ my $section = $default_sections{$dirname};
++ # Look for multiple consecutive openssl #include lines.
++ # Consecutive because of files like md5.pod. Sometimes it's okay
++ # or necessary, as in ssl/SSL_set1_host.pod
++ if ( $contents !~ /=for comment multiple includes/ ) {
++ if ( $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms ) {
++ my $count = 0;
++ foreach my $line ( split /\n+/, $1 ) {
++ if ( $line =~ m at include <openssl/@ ) {
++ if ( ++$count == 2 ) {
++ print "$id has multiple includes\n";
++ }
++ } else {
++ $count = 0;
++ }
++ }
++ }
++ }
++
++ return unless $opt_s;
++
++ # Find what section this page is in. If run from "." assume
++ # section 3.
++ my $section = $default_sections{$dirname} || 3;
+ if ($contents =~ /^=for\s+comment\s+openssl_manual_section:\s*(\d+)\s*$/m) {
+ $section = $1;
+ }
+
+ foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) {
-+ print $OUT "$filename doesn't have a head1 section matching $_\n"
++ print "$id doesn't have a head1 section matching $_\n"
+ if $contents !~ /^=head1\s+${_}\s*$/m;
+ }
+
++ open my $OUT, '>', $temp
++ or die "Can't open $temp, $!";
+ podchecker($filename, $OUT);
++ close $OUT;
++ open $OUT, '<', $temp
++ or die "Can't read $temp, $!";
++ while ( <$OUT> ) {
++ next if /\(section\) in.*deprecated/;
++ print;
++ }
++ close $OUT;
++ unlink $temp || warn "Can't remove $temp, $!";
+}
+
-+open $OUT, '>', $temp
-+ or die "Can't open $temp, $!";
-+foreach (@ARGV ? @ARGV : glob('*/*.pod')) {
++getopts('s');
++
++foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
+ &check($_);
+}
-+close $OUT;
+
-+my $count = 0;
-+open $OUT, '<', $temp
-+ or die "Can't read $temp, $!";
-+while ( <$OUT> ) {
-+ next if /\(section\) in.*deprecated/;
-+ $count++;
-+ print;
-+}
-+close $OUT;
-+unlink $temp || warn "Can't remove $temp, $!";
-+
-+exit $count;
-diff --git a/util/dofile.pl b/util/dofile.pl
-index 983778f..e0333fe 100644
---- a/util/dofile.pl
-+++ b/util/dofile.pl
-@@ -1,5 +1,11 @@
--#! /usr/bin/perl
++exit;
+diff --git a/util/find-undoc-api.pl b/util/find-undoc-api.pl
+new file mode 100755
+index 000000000000..7b2cb973b7a2
+--- /dev/null
++++ b/util/find-undoc-api.pl
+@@ -0,0 +1,82 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # Reads one or more template files and runs it through Text::Template
- #
- # It is assumed that this scripts is called with -Mconfigdata, a module
-diff --git a/util/extract-names.pl b/util/extract-names.pl
-index 0f69335..2a24e1a 100644
---- a/util/extract-names.pl
-+++ b/util/extract-names.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
-
- $/ = ""; # Eat a paragraph at once.
- while(<STDIN>) {
-diff --git a/util/extract-section.pl b/util/extract-section.pl
-index 7a0ba4f..08b1a12 100644
---- a/util/extract-section.pl
-+++ b/util/extract-section.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- while(<STDIN>) {
- if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
++use strict;
++use warnings;
++
++use File::Spec::Functions;
++use File::Basename;
++#use File::Copy;
++#use File::Path;
++use lib catdir(dirname($0), "perl");
++use OpenSSL::Util::Pod;
++
++my %dups;
++
++sub parsenum()
++{
++ my $file = shift;
++ my @apis;
++
++ open my $IN, '<', $file
++ or die "Can't open $file, $!, stopped";
++
++ while ( <$IN> ) {
++ next if /\sNOEXIST/;
++ next if /EXPORT_VAR_AS_FUNC/;
++ push @apis, $1 if /([^\s]+).\s/;
++ }
++
++ close $IN;
++
++ print "# Found ", scalar(@apis), " in $file\n";
++ return sort @apis;
++}
++
++sub getdocced()
++{
++ my $dir = shift;
++ my %return;
++
++ foreach my $pod ( glob("$dir/*.pod") ) {
++ next if $pod eq 'doc/crypto/crypto.pod';
++ next if $pod eq 'doc/ssl/ssl.pod';
++ my %podinfo = extract_pod_info($pod);
++ foreach my $n ( @{$podinfo{names}} ) {
++ $return{$n} = $pod;
++ print "# Duplicate $n in $pod and $dups{$n}\n"
++ if defined $dups{$n};
++ $dups{$n} = $pod;
++ }
++ }
++
++ return %return;
++}
++
++sub printem()
++{
++ my $docdir = shift;
++ my $numfile = shift;
++ my %docced = &getdocced($docdir);
++ my $count = 0;
++
++ foreach my $func ( &parsenum($numfile) ) {
++ next if $docced{$func};
++
++ # Skip ASN1 utilities
++ next if $func =~ /^ASN1_/;
++
++ print $func, "\n";
++ $count++;
++ }
++ print "# Found $count missing from $numfile\n\n";
++}
++
++
++&printem('doc/crypto', 'util/libcrypto.num');
++&printem('doc/ssl', 'util/libssl.num');
diff --git a/util/find-unused-errs b/util/find-unused-errs
new file mode 100755
-index 0000000..d36789e
+index 000000000000..d36789ef6f77
--- /dev/null
+++ b/util/find-unused-errs
@@ -0,0 +1,31 @@
@@ -130950,7 +166411,7 @@
+
+rm $X1 $X2
diff --git a/util/fipslink.pl b/util/fipslink.pl
-index 7b16e04..18a9153 100644
+index 7b16e04fb9da..18a91532be53 100644
--- a/util/fipslink.pl
+++ b/util/fipslink.pl
@@ -1,4 +1,10 @@
@@ -130966,7 +166427,7 @@
sub check_env
{
diff --git a/util/incore b/util/incore
-index bb765b1..26fcf95 100755
+index bb765b1966bd..26fcf95033fc 100755
--- a/util/incore
+++ b/util/incore
@@ -1,7 +1,11 @@
@@ -130985,23 +166446,136 @@
# application binary or shared library.
diff --git a/util/indent.pro b/util/indent.pro
-index b7958e3..71997cb 100644
+index b7958e31aac7..71997cb41bf2 100644
--- a/util/indent.pro
+++ b/util/indent.pro
-@@ -187,11 +187,8 @@
+@@ -187,10 +187,7 @@
-T CRYPTO_EX_DATA_FUNCS
-T CRYPTO_EX_DATA_IMPL
-T CRYPTO_EX_dup
--T CRYPTO_EX_dup
+ -T CRYPTO_EX_free
--T CRYPTO_EX_free
- -T CRYPTO_EX_free
+--T CRYPTO_EX_new
-T CRYPTO_EX_new
---T CRYPTO_EX_new
-T CRYPTO_MEM_LEAK_CB
-T CRYPTO_THREADID
- -T CRYPTO_dynlock_value
+diff --git a/util/install.sh b/util/install.sh
+deleted file mode 100755
+index e1d0c982df50..000000000000
+--- a/util/install.sh
++++ /dev/null
+@@ -1,108 +0,0 @@
+-#!/bin/sh
+-#
+-# install - install a program, script, or datafile
+-# This comes from X11R5; it is not part of GNU.
+-#
+-# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+-#
+-# This script is compatible with the BSD install script, but was written
+-# from scratch.
+-#
+-
+-
+-# set DOITPROG to echo to test this script
+-
+-doit="${DOITPROG:-}"
+-
+-
+-# put in absolute paths if you don't have them in your path; or use env. vars.
+-
+-mvprog="${MVPROG:-mv}"
+-cpprog="${CPPROG:-cp}"
+-chmodprog="${CHMODPROG:-chmod}"
+-chownprog="${CHOWNPROG:-chown}"
+-chgrpprog="${CHGRPPROG:-chgrp}"
+-stripprog="${STRIPPROG:-strip}"
+-rmprog="${RMPROG:-rm}"
+-
+-instcmd="$mvprog"
+-chmodcmd=""
+-chowncmd=""
+-chgrpcmd=""
+-stripcmd=""
+-rmcmd="$rmprog -f"
+-src=""
+-dst=""
+-
+-while [ x"$1" != x ]; do
+- case $1 in
+- -c) instcmd="$cpprog"
+- shift
+- continue;;
+-
+- -m) chmodcmd="$chmodprog $2"
+- shift
+- shift
+- continue;;
+-
+- -o) chowncmd="$chownprog $2"
+- shift
+- shift
+- continue;;
+-
+- -g) chgrpcmd="$chgrpprog $2"
+- shift
+- shift
+- continue;;
+-
+- -s) stripcmd="$stripprog"
+- shift
+- continue;;
+-
+- *) if [ x"$src" = x ]
+- then
+- src=$1
+- else
+- dst=$1
+- fi
+- shift
+- continue;;
+- esac
+-done
+-
+-if [ x"$src" = x ]
+-then
+- echo "install: no input file specified"
+- exit 1
+-fi
+-
+-if [ x"$dst" = x ]
+-then
+- echo "install: no destination specified"
+- exit 1
+-fi
+-
+-
+-# if destination is a directory, append the input filename; if your system
+-# does not like double slashes in filenames, you may need to add some logic
+-
+-if [ -d $dst ]
+-then
+- dst="$dst"/`basename $src`
+-fi
+-
+-
+-# get rid of the old one and mode the new one in
+-
+-$doit $rmcmd $dst
+-$doit $instcmd $src $dst
+-
+-
+-# and set any options; do chmod last to preserve setuid bits
+-
+-if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
+-if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
+-if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
+-if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
+-
+-exit 0
diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 5339358..32c36d9 100644
+index 533935801e76..6eae0c2c2b0f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1,5 +1,5 @@
@@ -131011,7 +166585,15 @@
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_chain 4 1_1_0 EXIST::FUNCTION:
COMP_expand_block 5 1_1_0 EXIST::FUNCTION:COMP
-@@ -31,7 +31,7 @@ GENERAL_NAME_get0_otherName 29 1_1_0 EXIST::FUNCTION:
+@@ -18,7 +18,6 @@ i2d_ESS_ISSUER_SERIAL 13 1_1_0 EXIST::FUNCTION:TS
+ i2d_ASN1_OCTET_STRING 17 1_1_0 EXIST::FUNCTION:
+ EC_KEY_set_private_key 18 1_1_0 EXIST::FUNCTION:EC
+ SRP_VBASE_get_by_user 19 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
+-CONF_modules_free 20 1_1_0 NOEXIST::FUNCTION:
+ Camellia_cfb128_encrypt 21 1_1_0 EXIST::FUNCTION:CAMELLIA
+ DES_ncbc_encrypt 22 1_1_0 EXIST::FUNCTION:DES
+ TS_REQ_get_ext_count 23 1_1_0 EXIST::FUNCTION:TS
+@@ -31,7 +30,7 @@ ASN1_item_d2i_fp 25 1_1_0 EXIST::FUNCTION:STDIO
ASN1_INTEGER_get_uint64 30 1_1_0 EXIST::FUNCTION:
EVP_DigestInit_ex 31 1_1_0 EXIST::FUNCTION:
CTLOG_new 32 1_1_0 EXIST::FUNCTION:CT
@@ -131020,7 +166602,7 @@
EVP_PBE_alg_add_type 34 1_1_0 EXIST::FUNCTION:
EVP_cast5_ofb 35 1_1_0 EXIST::FUNCTION:CAST
d2i_PUBKEY_fp 36 1_1_0 EXIST::FUNCTION:STDIO
-@@ -40,7 +40,7 @@ BF_decrypt 38 1_1_0 EXIST::FUNCTION:BF
+@@ -40,16 +39,15 @@ BF_decrypt 38 1_1_0 EXIST::FUNCTION:BF
PEM_read_bio_PUBKEY 39 1_1_0 EXIST::FUNCTION:
X509_NAME_delete_entry 40 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_verify_recover 41 1_1_0 EXIST::FUNCTION:
@@ -131029,7 +166611,8 @@
PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EC_GROUP_method_of 44 1_1_0 EXIST::FUNCTION:EC
-@@ -49,7 +49,7 @@ CRYPTO_set_dynlock_lock_callback 46 1_1_0 NOEXIST::FUNCTION:
+ RSA_blinding_on 45 1_1_0 EXIST::FUNCTION:RSA
+-CRYPTO_set_dynlock_lock_callback 46 1_1_0 NOEXIST::FUNCTION:
X509_get0_signature 47 1_1_0 EXIST::FUNCTION:
X509_REVOKED_get0_extensions 48 1_1_0 EXIST::FUNCTION:
NETSCAPE_SPKI_verify 49 1_1_0 EXIST::FUNCTION:
@@ -131038,7 +166621,7 @@
ERR_peek_error 51 1_1_0 EXIST::FUNCTION:
X509v3_asid_validate_resource_set 52 1_1_0 EXIST::FUNCTION:RFC3779
PEM_write_bio_Parameters 53 1_1_0 EXIST::FUNCTION:
-@@ -57,7 +57,7 @@ CMS_SignerInfo_verify 54 1_1_0 EXIST::FUNCTION:CMS
+@@ -57,7 +55,7 @@ CMS_SignerInfo_verify 54 1_1_0 EXIST::FUNCTION:CMS
X509v3_asid_is_canonical 55 1_1_0 EXIST::FUNCTION:RFC3779
ASN1_ENUMERATED_get 56 1_1_0 EXIST::FUNCTION:
EVP_MD_do_all_sorted 57 1_1_0 EXIST::FUNCTION:
@@ -131047,7 +166630,7 @@
ENGINE_ctrl_cmd_string 59 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_finish 60 1_1_0 EXIST::FUNCTION:ENGINE
SRP_Calc_client_key 61 1_1_0 EXIST::FUNCTION:SRP
-@@ -68,7 +68,7 @@ DSO_bind_func 65 1_1_0 EXIST::FUNCTION:
+@@ -68,7 +66,7 @@ EVP_idea_ofb 64 1_1_0 EXIST::FUNCTION:IDEA
EVP_PKEY_meth_get_copy 66 1_1_0 EXIST::FUNCTION:
RSA_up_ref 67 1_1_0 EXIST::FUNCTION:RSA
EVP_PKEY_meth_set_ctrl 68 1_1_0 EXIST::FUNCTION:
@@ -131056,7 +166639,7 @@
BN_GENCB_set 70 1_1_0 EXIST::FUNCTION:
BN_generate_prime 71 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
d2i_DSAPrivateKey_fp 72 1_1_0 EXIST::FUNCTION:DSA,STDIO
-@@ -79,7 +79,7 @@ ASN1_item_print 76 1_1_0 EXIST::FUNCTION:
+@@ -79,7 +77,7 @@ d2i_DSAPrivateKey_fp 72 1_1_0 EXIST::FUNCTION:DSA,STDIO
CONF_set_nconf 77 1_1_0 EXIST::FUNCTION:
RAND_set_rand_method 78 1_1_0 EXIST::FUNCTION:
BN_GF2m_mod_mul 79 1_1_0 EXIST::FUNCTION:EC2M
@@ -131065,7 +166648,7 @@
ASN1_TIME_adj 81 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_get0_info 82 1_1_0 EXIST::FUNCTION:
BN_add_word 83 1_1_0 EXIST::FUNCTION:
-@@ -88,14 +88,14 @@ EVP_PKEY_add1_attr_by_OBJ 85 1_1_0 EXIST::FUNCTION:
+@@ -88,14 +86,14 @@ EVP_des_ede 84 1_1_0 EXIST::FUNCTION:DES
ASYNC_WAIT_CTX_get_all_fds 86 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_do_cipher 87 1_1_0 EXIST::FUNCTION:
EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION:UI
@@ -131083,7 +166666,7 @@
X509_VERIFY_PARAM_set1_policies 97 1_1_0 EXIST::FUNCTION:
SCT_set0_extensions 98 1_1_0 EXIST::FUNCTION:CT
PKCS5_pbe2_set_scrypt 99 1_1_0 EXIST::FUNCTION:SCRYPT
-@@ -106,22 +106,22 @@ d2i_DHparams 103 1_1_0 EXIST::FUNCTION:DH
+@@ -106,22 +104,22 @@ d2i_DHparams 103 1_1_0 EXIST::FUNCTION:DH
i2d_PKCS7_ENC_CONTENT 104 1_1_0 EXIST::FUNCTION:
DH_generate_key 105 1_1_0 EXIST::FUNCTION:DH
ENGINE_add_conf_module 106 1_1_0 EXIST::FUNCTION:ENGINE
@@ -131110,7 +166693,7 @@
EVP_camellia_128_ctr 123 1_1_0 EXIST::FUNCTION:CAMELLIA
EVP_CIPHER_impl_ctx_size 124 1_1_0 EXIST::FUNCTION:
X509_CRL_get_nextUpdate 125 1_1_0 EXIST::FUNCTION:
-@@ -132,22 +132,22 @@ ASN1_STRING_TABLE_add 129 1_1_0 EXIST::FUNCTION:
+@@ -132,22 +130,21 @@ ENGINE_set_destroy_function 128 1_1_0 EXIST::FUNCTION:ENGINE
d2i_ASIdentifiers 130 1_1_0 EXIST::FUNCTION:RFC3779
i2d_PKCS12_bio 131 1_1_0 EXIST::FUNCTION:
X509_to_X509_REQ 132 1_1_0 EXIST::FUNCTION:
@@ -131122,8 +166705,8 @@
X509v3_addr_subset 136 1_1_0 EXIST::FUNCTION:RFC3779
CRYPTO_strndup 137 1_1_0 EXIST::FUNCTION:
-OCSP_REQ_CTX_free 138 1_1_0 EXIST::FUNCTION:
+-DSO_METHOD_dlfcn 139 1_1_0 NOEXIST::FUNCTION:
+OCSP_REQ_CTX_free 138 1_1_0 EXIST::FUNCTION:OCSP
- DSO_METHOD_dlfcn 139 1_1_0 NOEXIST::FUNCTION:
X509_STORE_new 140 1_1_0 EXIST::FUNCTION:
ASN1_TYPE_free 141 1_1_0 EXIST::FUNCTION:
PKCS12_BAGS_new 142 1_1_0 EXIST::FUNCTION:
@@ -131138,7 +166721,15 @@
EVP_PKEY_asn1_set_ctrl 149 1_1_0 EXIST::FUNCTION:
EC_POINTs_mul 150 1_1_0 EXIST::FUNCTION:EC
ASN1_get_object 151 1_1_0 EXIST::FUNCTION:
-@@ -181,7 +181,7 @@ EVP_PKEY_delete_attr 178 1_1_0 EXIST::FUNCTION:
+@@ -168,7 +165,6 @@ CT_POLICY_EVAL_CTX_free 165 1_1_0 EXIST::FUNCTION:CT
+ CMS_RecipientInfo_kari_get0_ctx 166 1_1_0 EXIST::FUNCTION:CMS
+ PKCS7_set_attributes 167 1_1_0 EXIST::FUNCTION:
+ d2i_POLICYQUALINFO 168 1_1_0 EXIST::FUNCTION:
+-CRYPTO_add_lock 169 1_1_0 NOEXIST::FUNCTION:
+ EVP_MD_type 170 1_1_0 EXIST::FUNCTION:
+ EVP_PKCS82PKEY 171 1_1_0 EXIST::FUNCTION:
+ BN_generate_prime_ex 172 1_1_0 EXIST::FUNCTION:
+@@ -181,7 +177,7 @@ CMS_RecipientInfo_kari_get0_ctx 166 1_1_0 EXIST::FUNCTION:CMS
EVP_CIPHER_CTX_key_length 179 1_1_0 EXIST::FUNCTION:
BIO_clear_flags 180 1_1_0 EXIST::FUNCTION:
i2d_DISPLAYTEXT 181 1_1_0 EXIST::FUNCTION:
@@ -131147,7 +166738,7 @@
i2d_ASN1_PRINTABLESTRING 183 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_hostflags 184 1_1_0 EXIST::FUNCTION:
SCT_get0_log_id 185 1_1_0 EXIST::FUNCTION:CT
-@@ -201,7 +201,7 @@ EVP_PKEY_cmp 197 1_1_0 EXIST::FUNCTION:
+@@ -201,7 +197,7 @@ TS_TST_INFO_new 191 1_1_0 EXIST::FUNCTION:TS
d2i_X509_ALGORS 198 1_1_0 EXIST::FUNCTION:
EVP_PKEY2PKCS8 199 1_1_0 EXIST::FUNCTION:
BN_nist_mod_256 200 1_1_0 EXIST::FUNCTION:
@@ -131156,7 +166747,7 @@
EVP_seed_cfb128 202 1_1_0 EXIST::FUNCTION:SEED
BASIC_CONSTRAINTS_free 203 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_flags 204 1_1_0 EXIST::FUNCTION:
-@@ -210,13 +210,13 @@ SCT_set_version 206 1_1_0 EXIST::FUNCTION:CT
+@@ -210,13 +206,13 @@ SCT_set_version 206 1_1_0 EXIST::FUNCTION:CT
CMS_add1_ReceiptRequest 207 1_1_0 EXIST::FUNCTION:CMS
d2i_CRL_DIST_POINTS 208 1_1_0 EXIST::FUNCTION:
X509_CRL_INFO_free 209 1_1_0 EXIST::FUNCTION:
@@ -131172,7 +166763,7 @@
s2i_ASN1_OCTET_STRING 217 1_1_0 EXIST::FUNCTION:
POLICYINFO_it 218 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICYINFO_it 218 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -236,10 +236,10 @@ DIST_POINT_NAME_new 231 1_1_0 EXIST::FUNCTION:
+@@ -236,10 +232,10 @@ EC_POINT_set_Jprojective_coordinates_GFp 230 1_1_0 EXIST::FUNCTION:EC
X509_LOOKUP_file 232 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_decrypt 233 1_1_0 EXIST::FUNCTION:
EVP_rc2_ecb 234 1_1_0 EXIST::FUNCTION:RC2
@@ -131185,16 +166776,15 @@
OBJ_txt2nid 240 1_1_0 EXIST::FUNCTION:
SEED_set_key 241 1_1_0 EXIST::FUNCTION:SEED
EC_KEY_clear_flags 242 1_1_0 EXIST::FUNCTION:EC
-@@ -258,7 +258,7 @@ ENGINE_register_all_ciphers 254 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -258,7 +254,6 @@ ENGINE_register_all_ciphers 254 1_1_0 EXIST::FUNCTION:ENGINE
SXNET_new 255 1_1_0 EXIST::FUNCTION:
EVP_camellia_256_ctr 256 1_1_0 EXIST::FUNCTION:CAMELLIA
d2i_PKCS8_PRIV_KEY_INFO 257 1_1_0 EXIST::FUNCTION:
-OPENSSL_strncasecmp 258 1_1_0 EXIST::FUNCTION:
-+OPENSSL_strncasecmp 258 1_1_0 NOEXIST::FUNCTION:
EVP_md2 259 1_1_0 EXIST::FUNCTION:MD2
RC2_ecb_encrypt 260 1_1_0 EXIST::FUNCTION:RC2
ENGINE_register_DH 261 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -268,16 +268,16 @@ EVP_des_ede3 264 1_1_0 EXIST::FUNCTION:DES
+@@ -268,16 +263,16 @@ EVP_des_ede3 264 1_1_0 EXIST::FUNCTION:DES
PKCS7_add1_attrib_digest 265 1_1_0 EXIST::FUNCTION:
EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:EC
EVP_seed_ecb 267 1_1_0 EXIST::FUNCTION:SEED
@@ -131215,7 +166805,7 @@
CRYPTO_secure_free 277 1_1_0 EXIST::FUNCTION:
DSA_print_fp 278 1_1_0 EXIST::FUNCTION:DSA,STDIO
X509_get_ext_d2i 279 1_1_0 EXIST::FUNCTION:
-@@ -302,53 +302,53 @@ PKCS8_set0_pbe 297 1_1_0 EXIST::FUNCTION:
+@@ -302,59 +297,58 @@ CT_POLICY_EVAL_CTX_set0_issuer 295 1_1_0 EXIST::FUNCTION:CT
PEM_write_bio_DSA_PUBKEY 298 1_1_0 EXIST::FUNCTION:DSA
PEM_X509_INFO_read_bio 299 1_1_0 EXIST::FUNCTION:
EC_GROUP_get0_order 300 1_1_0 EXIST::FUNCTION:EC
@@ -131281,7 +166871,13 @@
CTLOG_STORE_load_file 347 1_1_0 EXIST::FUNCTION:CT
ASN1_SEQUENCE_it 348 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_SEQUENCE_it 348 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -378,7 +378,7 @@ SEED_ecb_encrypt 370 1_1_0 EXIST::FUNCTION:SEED
+ TS_RESP_CTX_get_tst_info 349 1_1_0 EXIST::FUNCTION:TS
+ RC4 350 1_1_0 EXIST::FUNCTION:RC4
+-DSO_get_loaded_filename 351 1_1_0 NOEXIST::FUNCTION:
+ PKCS7_stream 352 1_1_0 EXIST::FUNCTION:
+ i2t_ASN1_OBJECT 353 1_1_0 EXIST::FUNCTION:
+ EC_GROUP_get0_generator 354 1_1_0 EXIST::FUNCTION:EC
+@@ -378,7 +372,7 @@ SEED_ecb_encrypt 370 1_1_0 EXIST::FUNCTION:SEED
X509_PUBKEY_get0_param 371 1_1_0 EXIST::FUNCTION:
ASN1_i2d_fp 372 1_1_0 EXIST::FUNCTION:STDIO
BIO_new_mem_buf 373 1_1_0 EXIST::FUNCTION:
@@ -131290,8 +166886,11 @@
X509V3_EXT_REQ_add_nconf 375 1_1_0 EXIST::FUNCTION:
X509v3_asid_subset 376 1_1_0 EXIST::FUNCTION:RFC3779
RSA_check_key_ex 377 1_1_0 EXIST::FUNCTION:RSA
-@@ -393,7 +393,7 @@ DSO_get_filename 385 1_1_0 EXIST::FUNCTION:
- CRYPTO_set_id_callback 386 1_1_0 NOEXIST::FUNCTION:
+@@ -390,10 +384,9 @@ CMS_RecipientInfo_kekri_id_cmp 381 1_1_0 EXIST::FUNCTION:CMS
+ ASN1_PCTX_get_oid_flags 383 1_1_0 EXIST::FUNCTION:
+ CONF_free 384 1_1_0 EXIST::FUNCTION:
+ DSO_get_filename 385 1_1_0 EXIST::FUNCTION:
+-CRYPTO_set_id_callback 386 1_1_0 NOEXIST::FUNCTION:
i2d_ASN1_SEQUENCE_ANY 387 1_1_0 EXIST::FUNCTION:
OPENSSL_strlcpy 388 1_1_0 EXIST::FUNCTION:
-BIO_get_port 389 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
@@ -131299,7 +166898,7 @@
DISPLAYTEXT_free 390 1_1_0 EXIST::FUNCTION:
BN_div 391 1_1_0 EXIST::FUNCTION:
RIPEMD160_Update 392 1_1_0 EXIST::FUNCTION:RMD160
-@@ -402,10 +402,10 @@ ASN1_OBJECT_new 394 1_1_0 EXIST::FUNCTION:
+@@ -402,10 +395,10 @@ PEM_write_bio_CMS 393 1_1_0 EXIST::FUNCTION:CMS
EVP_des_ede3_cfb8 395 1_1_0 EXIST::FUNCTION:DES
BIO_dump_indent_fp 396 1_1_0 EXIST::FUNCTION:STDIO
X509_NAME_ENTRY_get_data 397 1_1_0 EXIST::FUNCTION:
@@ -131312,7 +166911,7 @@
ASN1_STRING_print_ex_fp 402 1_1_0 EXIST::FUNCTION:STDIO
PKCS7_SIGNED_new 403 1_1_0 EXIST::FUNCTION:
CMS_get0_eContentType 404 1_1_0 EXIST::FUNCTION:CMS
-@@ -419,7 +419,7 @@ EVP_CipherFinal_ex 411 1_1_0 EXIST::FUNCTION:
+@@ -419,7 +412,7 @@ TS_TST_INFO_get_ordering 407 1_1_0 EXIST::FUNCTION:TS
d2i_DSA_PUBKEY 412 1_1_0 EXIST::FUNCTION:DSA
BN_CTX_get 413 1_1_0 EXIST::FUNCTION:
BN_to_montgomery 414 1_1_0 EXIST::FUNCTION:
@@ -131321,7 +166920,7 @@
EVP_camellia_128_cfb8 416 1_1_0 EXIST::FUNCTION:CAMELLIA
EC_KEY_METHOD_free 417 1_1_0 EXIST::FUNCTION:EC
TS_TST_INFO_set_policy_id 418 1_1_0 EXIST::FUNCTION:TS
-@@ -448,17 +448,17 @@ BN_GENCB_new 440 1_1_0 EXIST::FUNCTION:
+@@ -448,17 +441,16 @@ DSA_free 439 1_1_0 EXIST::FUNCTION:DSA
X509_VAL_new 441 1_1_0 EXIST::FUNCTION:
NCONF_load 442 1_1_0 EXIST::FUNCTION:
ASN1_put_object 443 1_1_0 EXIST::FUNCTION:
@@ -131333,8 +166932,8 @@
X509_STORE_CTX_set0_dane 448 1_1_0 EXIST::FUNCTION:
EVP_des_ecb 449 1_1_0 EXIST::FUNCTION:DES
-OCSP_resp_get0 450 1_1_0 EXIST::FUNCTION:
+-CRYPTO_get_new_lockid 451 1_1_0 NOEXIST::FUNCTION:
+OCSP_resp_get0 450 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_get_new_lockid 451 1_1_0 NOEXIST::FUNCTION:
RSA_X931_generate_key_ex 452 1_1_0 EXIST::FUNCTION:RSA
X509_get_serialNumber 453 1_1_0 EXIST::FUNCTION:
-BIO_sock_should_retry 454 1_1_0 EXIST::FUNCTION:
@@ -131342,16 +166941,18 @@
ENGINE_get_digests 455 1_1_0 EXIST::FUNCTION:ENGINE
TS_MSG_IMPRINT_get_algo 456 1_1_0 EXIST::FUNCTION:TS
DH_new_method 457 1_1_0 EXIST::FUNCTION:DH
-@@ -474,7 +474,7 @@ OPENSSL_memcmp 466 1_1_0 EXIST::FUNCTION:
+@@ -474,9 +466,8 @@ EC_KEY_METHOD_get_init 464 1_1_0 EXIST::FUNCTION:EC
BUF_MEM_new 467 1_1_0 EXIST::FUNCTION:
DSO_set_filename 468 1_1_0 EXIST::FUNCTION:
DH_new 469 1_1_0 EXIST::FUNCTION:DH
-OCSP_RESPID_free 470 1_1_0 EXIST::FUNCTION:
+OCSP_RESPID_free 470 1_1_0 EXIST::FUNCTION:OCSP
PKCS5_pbe2_set 471 1_1_0 EXIST::FUNCTION:
- CRYPTO_THREADID_get_callback 472 1_1_0 NOEXIST::FUNCTION:
+-CRYPTO_THREADID_get_callback 472 1_1_0 NOEXIST::FUNCTION:
SCT_set_signature_nid 473 1_1_0 EXIST::FUNCTION:CT
-@@ -489,7 +489,7 @@ X509_CRL_sort 480 1_1_0 EXIST::FUNCTION:
+ i2d_RSA_PUBKEY_fp 474 1_1_0 EXIST::FUNCTION:RSA,STDIO
+ PKCS12_BAGS_it 475 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+@@ -489,7 +480,7 @@ ENGINE_register_all_RSA 477 1_1_0 EXIST::FUNCTION:ENGINE
i2d_RSA_PUBKEY_bio 481 1_1_0 EXIST::FUNCTION:RSA
ASN1_T61STRING_free 482 1_1_0 EXIST::FUNCTION:
PEM_write_CMS 483 1_1_0 EXIST::FUNCTION:CMS
@@ -131360,7 +166961,7 @@
ENGINE_get_ciphers 485 1_1_0 EXIST::FUNCTION:ENGINE
EVP_rc2_ofb 486 1_1_0 EXIST::FUNCTION:RC2
EVP_PKEY_set1_RSA 487 1_1_0 EXIST::FUNCTION:RSA
-@@ -501,11 +501,11 @@ BN_GF2m_mod_sqr_arr 492 1_1_0 EXIST::FUNCTION:EC2M
+@@ -501,11 +492,11 @@ BN_GF2m_mod_sqr_arr 492 1_1_0 EXIST::FUNCTION:EC2M
ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BIO_f_cipher 494 1_1_0 EXIST::FUNCTION:
@@ -131375,13 +166976,13 @@
X509_CRL_print 499 1_1_0 EXIST::FUNCTION:
WHIRLPOOL_Update 500 1_1_0 EXIST::FUNCTION:WHIRLPOOL
DSA_get_ex_data 501 1_1_0 EXIST::FUNCTION:DSA
-@@ -516,17 +516,17 @@ PKCS7_cert_from_signer_info 505 1_1_0 EXIST::FUNCTION:
+@@ -516,18 +507,16 @@ DSA_get_ex_data 501 1_1_0 EXIST::FUNCTION:DSA
X509_TRUST_get_trust 506 1_1_0 EXIST::FUNCTION:
DES_string_to_key 507 1_1_0 EXIST::FUNCTION:DES
ERR_error_string 508 1_1_0 EXIST::FUNCTION:
-BIO_new_connect 509 1_1_0 EXIST::FUNCTION:
+-CRYPTO_get_lock_name 510 1_1_0 NOEXIST::FUNCTION:
+BIO_new_connect 509 1_1_0 EXIST::FUNCTION:SOCK
- CRYPTO_get_lock_name 510 1_1_0 NOEXIST::FUNCTION:
DSA_new_method 511 1_1_0 EXIST::FUNCTION:DSA
-OCSP_CERTID_new 512 1_1_0 EXIST::FUNCTION:
+OCSP_CERTID_new 512 1_1_0 EXIST::FUNCTION:OCSP
@@ -131393,12 +166994,13 @@
TS_TST_INFO_set_serial 517 1_1_0 EXIST::FUNCTION:TS
-OCSP_RESPBYTES_new 518 1_1_0 EXIST::FUNCTION:
-OCSP_SINGLERESP_delete_ext 519 1_1_0 EXIST::FUNCTION:
+-CRYPTO_get_dynlock_lock_callback 520 1_1_0 NOEXIST::FUNCTION:
+OCSP_RESPBYTES_new 518 1_1_0 EXIST::FUNCTION:OCSP
+OCSP_SINGLERESP_delete_ext 519 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_get_dynlock_lock_callback 520 1_1_0 NOEXIST::FUNCTION:
EVP_MD_CTX_test_flags 521 1_1_0 EXIST::FUNCTION:
X509v3_addr_validate_path 522 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -547,7 +547,7 @@ EC_KEY_get_flags 536 1_1_0 EXIST::FUNCTION:EC
+ BIO_new_fp 523 1_1_0 EXIST::FUNCTION:STDIO
+@@ -547,7 +536,7 @@ EC_KEY_get_flags 536 1_1_0 EXIST::FUNCTION:EC
ASN1_TYPE_cmp 537 1_1_0 EXIST::FUNCTION:
i2d_RSAPublicKey 538 1_1_0 EXIST::FUNCTION:RSA
EC_GROUP_get_trinomial_basis 539 1_1_0 EXIST::FUNCTION:EC,EC2M
@@ -131407,7 +167009,7 @@
i2d_PBKDF2PARAM 541 1_1_0 EXIST::FUNCTION:
ENGINE_unregister_RAND 542 1_1_0 EXIST::FUNCTION:ENGINE
PEM_write_bio_RSAPrivateKey 543 1_1_0 EXIST::FUNCTION:RSA
-@@ -561,7 +561,7 @@ d2i_X509_CRL_fp 549 1_1_0 EXIST::FUNCTION:STDIO
+@@ -561,7 +550,7 @@ d2i_X509_CRL_fp 549 1_1_0 EXIST::FUNCTION:STDIO
i2d_RSA_PUBKEY 550 1_1_0 EXIST::FUNCTION:RSA
EVP_aes_128_ccm 551 1_1_0 EXIST::FUNCTION:
ECParameters_print 552 1_1_0 EXIST::FUNCTION:EC
@@ -131416,16 +167018,17 @@
RAND_status 554 1_1_0 EXIST::FUNCTION:
EVP_ripemd160 555 1_1_0 EXIST::FUNCTION:RMD160
EVP_MD_meth_set_final 556 1_1_0 EXIST::FUNCTION:
-@@ -585,7 +585,7 @@ SCT_verify 573 1_1_0 EXIST::FUNCTION:CT
+@@ -585,8 +574,7 @@ SCT_verify 573 1_1_0 EXIST::FUNCTION:CT
d2i_X509 574 1_1_0 EXIST::FUNCTION:
a2i_ASN1_STRING 575 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 1_1_0 EXIST::FUNCTION:EC
-CMAC_CTX_copy 577 1_1_0 EXIST::FUNCTION:
+-CRYPTO_set_add_lock_callback 578 1_1_0 NOEXIST::FUNCTION:
+CMAC_CTX_copy 577 1_1_0 EXIST::FUNCTION:CMAC
- CRYPTO_set_add_lock_callback 578 1_1_0 NOEXIST::FUNCTION:
EVP_camellia_128_cfb128 579 1_1_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 1_1_0 EXIST::FUNCTION:DH
-@@ -640,12 +640,12 @@ CRYPTO_secure_malloc_done 625 1_1_0 EXIST::FUNCTION:
+ ERR_load_CONF_strings 581 1_1_0 EXIST::FUNCTION:
+@@ -640,12 +628,11 @@ ERR_load_RSA_strings 624 1_1_0 EXIST::FUNCTION:RSA
RSA_OAEP_PARAMS_new 626 1_1_0 EXIST::FUNCTION:RSA
X509_NAME_free 627 1_1_0 EXIST::FUNCTION:
PKCS12_set_mac 628 1_1_0 EXIST::FUNCTION:
@@ -131433,14 +167036,14 @@
+UI_get0_result_string 629 1_1_0 EXIST::FUNCTION:UI
TS_RESP_CTX_add_policy 630 1_1_0 EXIST::FUNCTION:TS
X509_REQ_dup 631 1_1_0 EXIST::FUNCTION:
- CRYPTO_get_add_lock_callback 632 1_1_0 NOEXIST::FUNCTION:
+-CRYPTO_get_add_lock_callback 632 1_1_0 NOEXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 1_1_0 EXIST::FUNCTION:DSA,STDIO
-OCSP_REQ_CTX_nbio_d2i 634 1_1_0 EXIST::FUNCTION:
+OCSP_REQ_CTX_nbio_d2i 634 1_1_0 EXIST::FUNCTION:OCSP
d2i_X509_REQ_fp 635 1_1_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 1_1_0 EXIST::FUNCTION:DH
BN_get_rfc3526_prime_8192 637 1_1_0 EXIST::FUNCTION:
-@@ -654,10 +654,10 @@ X509_REVOKED_it 638 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:F
+@@ -654,26 +641,25 @@ DH_OpenSSL 636 1_1_0 EXIST::FUNCTION:DH
CRYPTO_THREAD_write_lock 639 1_1_0 EXIST::FUNCTION:
X509V3_NAME_from_section 640 1_1_0 EXIST::FUNCTION:
EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:EC
@@ -131454,7 +167057,10 @@
CONF_modules_unload 646 1_1_0 EXIST::FUNCTION:
CRYPTO_ccm128_encrypt_ccm64 647 1_1_0 EXIST::FUNCTION:
CRYPTO_secure_malloc_init 648 1_1_0 EXIST::FUNCTION:
-@@ -668,12 +668,12 @@ TS_RESP_verify_token 652 1_1_0 EXIST::FUNCTION:TS
+ DSAparams_dup 649 1_1_0 EXIST::FUNCTION:DSA
+ PKCS8_PRIV_KEY_INFO_new 650 1_1_0 EXIST::FUNCTION:
+-CRYPTO_THREADID_hash 651 1_1_0 NOEXIST::FUNCTION:
+ TS_RESP_verify_token 652 1_1_0 EXIST::FUNCTION:TS
PEM_read_bio_CMS 653 1_1_0 EXIST::FUNCTION:CMS
PEM_get_EVP_CIPHER_INFO 654 1_1_0 EXIST::FUNCTION:
X509V3_EXT_print 655 1_1_0 EXIST::FUNCTION:
@@ -131469,7 +167075,7 @@
IDEA_encrypt 662 1_1_0 EXIST::FUNCTION:IDEA
CRYPTO_nistcts128_encrypt_block 663 1_1_0 EXIST::FUNCTION:
EVP_MD_do_all 664 1_1_0 EXIST::FUNCTION:
-@@ -686,8 +686,8 @@ PKCS5_pbe_set0_algor 670 1_1_0 EXIST::FUNCTION:
+@@ -686,8 +672,8 @@ ENGINE_set_table_flags 667 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_get_table_flags 671 1_1_0 EXIST::FUNCTION:ENGINE
PKCS12_MAC_DATA_new 672 1_1_0 EXIST::FUNCTION:
X509_chain_up_ref 673 1_1_0 EXIST::FUNCTION:
@@ -131480,7 +167086,7 @@
PKCS12_add_localkeyid 675 1_1_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get0_type 676 1_1_0 EXIST::FUNCTION:
X509_TRUST_set_default 677 1_1_0 EXIST::FUNCTION:
-@@ -704,11 +704,11 @@ AES_ige_encrypt 686 1_1_0 EXIST::FUNCTION:
+@@ -704,11 +690,11 @@ TS_REQ_get_ext_d2i 685 1_1_0 EXIST::FUNCTION:TS
d2i_SXNET 687 1_1_0 EXIST::FUNCTION:
CTLOG_get0_log_id 688 1_1_0 EXIST::FUNCTION:CT
CMS_RecipientInfo_ktri_get0_signer_id 689 1_1_0 EXIST::FUNCTION:CMS
@@ -131494,7 +167100,14 @@
ASN1_INTEGER_free 695 1_1_0 EXIST::FUNCTION:
BN_get0_nist_prime_224 696 1_1_0 EXIST::FUNCTION:
OPENSSL_isservice 697 1_1_0 EXIST::FUNCTION:
-@@ -734,9 +734,9 @@ PKCS7_add_signature 716 1_1_0 EXIST::FUNCTION:
+@@ -727,16 +713,15 @@ d2i_ASIdOrRange 708 1_1_0 EXIST::FUNCTION:RFC3779
+ X509_add1_reject_object 710 1_1_0 EXIST::FUNCTION:
+ ERR_set_mark 711 1_1_0 EXIST::FUNCTION:
+ d2i_ASN1_VISIBLESTRING 712 1_1_0 EXIST::FUNCTION:
+-CRYPTO_set_dynlock_create_callback 713 1_1_0 NOEXIST::FUNCTION:
+ X509_NAME_ENTRY_dup 714 1_1_0 EXIST::FUNCTION:
+ X509_certificate_type 715 1_1_0 EXIST::FUNCTION:
+ PKCS7_add_signature 716 1_1_0 EXIST::FUNCTION:
OBJ_ln2nid 717 1_1_0 EXIST::FUNCTION:
CRYPTO_128_unwrap 718 1_1_0 EXIST::FUNCTION:
BIO_new_PKCS7 719 1_1_0 EXIST::FUNCTION:
@@ -131506,7 +167119,7 @@
ASN1_SET_ANY_it 723 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_SET_ANY_it 723 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_TS_RESP_bio 724 1_1_0 EXIST::FUNCTION:TS
-@@ -746,22 +746,22 @@ EC_POINT_hex2point 727 1_1_0 EXIST::FUNCTION:EC
+@@ -746,22 +731,22 @@ EC_POINT_hex2point 727 1_1_0 EXIST::FUNCTION:EC
X509v3_get_ext_by_critical 728 1_1_0 EXIST::FUNCTION:
ENGINE_get_default_RSA 729 1_1_0 EXIST::FUNCTION:ENGINE
DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DSA
@@ -131533,7 +167146,7 @@
TS_TST_INFO_get_ext_d2i 747 1_1_0 EXIST::FUNCTION:TS
RSA_check_key 748 1_1_0 EXIST::FUNCTION:RSA
TS_MSG_IMPRINT_set_algo 749 1_1_0 EXIST::FUNCTION:TS
-@@ -774,22 +774,22 @@ EVP_CIPHER_meth_set_cleanup 755 1_1_0 EXIST::FUNCTION:
+@@ -774,22 +759,22 @@ CTLOG_STORE_new 754 1_1_0 EXIST::FUNCTION:CT
d2i_PKCS12_SAFEBAG 756 1_1_0 EXIST::FUNCTION:
EVP_MD_pkey_type 757 1_1_0 EXIST::FUNCTION:
X509_policy_node_get0_qualifiers 758 1_1_0 EXIST::FUNCTION:
@@ -131561,7 +167174,15 @@
EVP_rc5_32_12_16_cfb64 775 1_1_0 EXIST::FUNCTION:RC5
PKCS7_dataVerify 776 1_1_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_free 777 1_1_0 EXIST::FUNCTION:
-@@ -834,7 +834,7 @@ EVP_PKEY_set1_EC_KEY 815 1_1_0 EXIST::FUNCTION:EC
+@@ -810,7 +795,6 @@ CRYPTO_ocb128_encrypt 791 1_1_0 EXIST::FUNCTION:OCB
+ EXTENDED_KEY_USAGE_new 792 1_1_0 EXIST::FUNCTION:
+ EVP_EncryptFinal 793 1_1_0 EXIST::FUNCTION:
+ PEM_write_ECPrivateKey 794 1_1_0 EXIST::FUNCTION:EC
+-DSO_bind_var 795 1_1_0 NOEXIST::FUNCTION:
+ EVP_CIPHER_meth_set_get_asn1_params 796 1_1_0 EXIST::FUNCTION:
+ PKCS7_dataInit 797 1_1_0 EXIST::FUNCTION:
+ EVP_PKEY_CTX_set_app_data 798 1_1_0 EXIST::FUNCTION:
+@@ -834,7 +818,7 @@ EVP_PKEY_set1_EC_KEY 815 1_1_0 EXIST::FUNCTION:EC
ECPKParameters_print_fp 816 1_1_0 EXIST::FUNCTION:EC,STDIO
GENERAL_SUBTREE_free 817 1_1_0 EXIST::FUNCTION:
RSA_blinding_off 818 1_1_0 EXIST::FUNCTION:RSA
@@ -131570,7 +167191,7 @@
X509V3_add_standard_extensions 820 1_1_0 EXIST::FUNCTION:
PEM_write_bio_RSA_PUBKEY 821 1_1_0 EXIST::FUNCTION:RSA
i2d_ASN1_UTF8STRING 822 1_1_0 EXIST::FUNCTION:
-@@ -842,10 +842,10 @@ TS_REQ_delete_ext 823 1_1_0 EXIST::FUNCTION:TS
+@@ -842,10 +826,10 @@ TS_REQ_delete_ext 823 1_1_0 EXIST::FUNCTION:TS
PKCS7_DIGEST_free 824 1_1_0 EXIST::FUNCTION:
OBJ_nid2ln 825 1_1_0 EXIST::FUNCTION:
COMP_CTX_new 826 1_1_0 EXIST::FUNCTION:COMP
@@ -131585,7 +167206,7 @@
d2i_X509_REQ_bio 830 1_1_0 EXIST::FUNCTION:
EVP_PBE_cleanup 831 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_current_crl 832 1_1_0 EXIST::FUNCTION:
-@@ -854,13 +854,13 @@ EVP_PKEY_paramgen 834 1_1_0 EXIST::FUNCTION:
+@@ -854,20 +838,19 @@ CMS_get0_SignerInfos 833 1_1_0 EXIST::FUNCTION:CMS
PEM_write_PKCS8PrivateKey_nid 835 1_1_0 EXIST::FUNCTION:STDIO
PKCS7_ATTR_VERIFY_it 836 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ATTR_VERIFY_it 836 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -131602,7 +167223,14 @@
X509_REQ_get_attr_by_NID 844 1_1_0 EXIST::FUNCTION:
PBE2PARAM_new 845 1_1_0 EXIST::FUNCTION:
DES_ecb_encrypt 846 1_1_0 EXIST::FUNCTION:DES
-@@ -881,12 +881,12 @@ TXT_DB_insert 860 1_1_0 EXIST::FUNCTION:
+ EVP_camellia_256_ecb 847 1_1_0 EXIST::FUNCTION:CAMELLIA
+ PEM_read_RSA_PUBKEY 848 1_1_0 EXIST::FUNCTION:RSA
+ d2i_NETSCAPE_SPKAC 849 1_1_0 EXIST::FUNCTION:
+-DSO_set_default_method 850 1_1_0 NOEXIST::FUNCTION:
+ ASN1_TIME_check 851 1_1_0 EXIST::FUNCTION:
+ PKCS7_DIGEST_new 852 1_1_0 EXIST::FUNCTION:
+ i2d_TS_TST_INFO_fp 853 1_1_0 EXIST::FUNCTION:STDIO,TS
+@@ -881,12 +864,12 @@ ECDSA_sign_ex 859 1_1_0 EXIST::FUNCTION:EC
EC_POINTs_make_affine 861 1_1_0 EXIST::FUNCTION:EC
RSA_padding_add_PKCS1_PSS 862 1_1_0 EXIST::FUNCTION:RSA
BF_options 863 1_1_0 EXIST::FUNCTION:BF
@@ -131618,7 +167246,15 @@
RSA_set_default_method 869 1_1_0 EXIST::FUNCTION:RSA
BN_GF2m_mod_sqrt_arr 870 1_1_0 EXIST::FUNCTION:EC2M
X509_get0_extensions 871 1_1_0 EXIST::FUNCTION:
-@@ -920,10 +920,10 @@ EVP_bf_cfb64 896 1_1_0 EXIST::FUNCTION:BF
+@@ -901,7 +884,6 @@ EC_KEY_METHOD_set_compute_key 877 1_1_0 EXIST::FUNCTION:EC
+ CMS_ReceiptRequest_create0 879 1_1_0 EXIST::FUNCTION:CMS
+ EVP_MD_meth_set_cleanup 880 1_1_0 EXIST::FUNCTION:
+ EVP_aes_128_xts 881 1_1_0 EXIST::FUNCTION:
+-CRYPTO_set_dynlock_destroy_callback 882 1_1_0 NOEXIST::FUNCTION:
+ TS_RESP_verify_signature 883 1_1_0 EXIST::FUNCTION:TS
+ ENGINE_set_pkey_meths 884 1_1_0 EXIST::FUNCTION:ENGINE
+ CMS_EncryptedData_decrypt 885 1_1_0 EXIST::FUNCTION:CMS
+@@ -920,10 +902,10 @@ EVP_bf_cfb64 896 1_1_0 EXIST::FUNCTION:BF
PKCS7_sign_add_signer 897 1_1_0 EXIST::FUNCTION:
X509_print_ex 898 1_1_0 EXIST::FUNCTION:
PKCS7_add_recipient 899 1_1_0 EXIST::FUNCTION:
@@ -131631,7 +167267,7 @@
ENGINE_register_ciphers 904 1_1_0 EXIST::FUNCTION:ENGINE
PKCS5_pbe2_set_iv 905 1_1_0 EXIST::FUNCTION:
ASN1_add_stable_module 906 1_1_0 EXIST::FUNCTION:
-@@ -935,7 +935,7 @@ DES_encrypt1 911 1_1_0 EXIST::FUNCTION:DES
+@@ -935,7 +917,7 @@ DES_encrypt1 911 1_1_0 EXIST::FUNCTION:DES
BN_mod_lshift1_quick 912 1_1_0 EXIST::FUNCTION:
BN_get_rfc3526_prime_6144 913 1_1_0 EXIST::FUNCTION:
OBJ_obj2txt 914 1_1_0 EXIST::FUNCTION:
@@ -131640,7 +167276,23 @@
EVP_EncodeUpdate 916 1_1_0 EXIST::FUNCTION:
PEM_write_bio_X509_CRL 917 1_1_0 EXIST::FUNCTION:
BN_cmp 918 1_1_0 EXIST::FUNCTION:
-@@ -977,7 +977,7 @@ ASN1_PRINTABLE_it 951 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:F
+@@ -943,7 +925,6 @@ CT_POLICY_EVAL_CTX_get0_log_store 919 1_1_0 EXIST::FUNCTION:CT
+ CONF_set_default_method 920 1_1_0 EXIST::FUNCTION:
+ ASN1_PCTX_get_nm_flags 921 1_1_0 EXIST::FUNCTION:
+ X509_add1_ext_i2d 922 1_1_0 EXIST::FUNCTION:
+-CRYPTO_THREADID_set_pointer 923 1_1_0 NOEXIST::FUNCTION:
+ i2d_PKCS7_RECIP_INFO 924 1_1_0 EXIST::FUNCTION:
+ PKCS1_MGF1 925 1_1_0 EXIST::FUNCTION:RSA
+ BIO_vsnprintf 926 1_1_0 EXIST::FUNCTION:
+@@ -965,7 +946,6 @@ i2d_X509_CRL_fp 939 1_1_0 EXIST::FUNCTION:STDIO
+ X509_STORE_CTX_set_ex_data 941 1_1_0 EXIST::FUNCTION:
+ TS_VERIFY_CTS_set_certs 942 1_1_0 EXIST::FUNCTION:TS
+ BN_MONT_CTX_copy 943 1_1_0 EXIST::FUNCTION:
+-CRYPTO_cleanup_all_ex_data 944 1_1_0 NOEXIST::FUNCTION:
+ OPENSSL_INIT_new 945 1_1_0 EXIST::FUNCTION:
+ TS_ACCURACY_dup 946 1_1_0 EXIST::FUNCTION:TS
+ i2d_ECPrivateKey 947 1_1_0 EXIST::FUNCTION:EC
+@@ -977,7 +957,7 @@ TS_VERIFY_CTX_cleanup 949 1_1_0 EXIST::FUNCTION:TS
EVP_VerifyFinal 952 1_1_0 EXIST::FUNCTION:
TS_ASN1_INTEGER_print_bio 953 1_1_0 EXIST::FUNCTION:TS
X509_NAME_ENTRY_set_object 954 1_1_0 EXIST::FUNCTION:
@@ -131649,16 +167301,17 @@
EVP_rc5_32_12_16_ecb 956 1_1_0 EXIST::FUNCTION:RC5
i2d_PKCS8_bio 957 1_1_0 EXIST::FUNCTION:
v2i_ASN1_BIT_STRING 958 1_1_0 EXIST::FUNCTION:
-@@ -1000,7 +1000,7 @@ d2i_DSAPublicKey 972 1_1_0 EXIST::FUNCTION:DSA
+@@ -1000,8 +980,7 @@ d2i_DSAPublicKey 972 1_1_0 EXIST::FUNCTION:DSA
ENGINE_get_name 973 1_1_0 EXIST::FUNCTION:ENGINE
CRYPTO_THREAD_read_lock 974 1_1_0 EXIST::FUNCTION:
ASIdentifierChoice_free 975 1_1_0 EXIST::FUNCTION:RFC3779
-BIO_dgram_sctp_msg_waiting 976 1_1_0 EXIST::FUNCTION:SCTP
+-CRYPTO_get_dynlock_value 977 1_1_0 NOEXIST::FUNCTION:
+BIO_dgram_sctp_msg_waiting 976 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
- CRYPTO_get_dynlock_value 977 1_1_0 NOEXIST::FUNCTION:
BN_is_bit_set 978 1_1_0 EXIST::FUNCTION:
AES_ofb128_encrypt 979 1_1_0 EXIST::FUNCTION:
-@@ -1015,7 +1015,7 @@ ISSUING_DIST_POINT_free 987 1_1_0 EXIST::FUNCTION:
+ X509_STORE_add_lookup 980 1_1_0 EXIST::FUNCTION:
+@@ -1015,7 +994,7 @@ i2d_TS_STATUS_INFO 984 1_1_0 EXIST::FUNCTION:TS
ASN1_UTCTIME_free 988 1_1_0 EXIST::FUNCTION:
ERR_load_TS_strings 989 1_1_0 EXIST::FUNCTION:TS
BN_nist_mod_func 990 1_1_0 EXIST::FUNCTION:
@@ -131667,7 +167320,7 @@
DSA_SIG_new 992 1_1_0 EXIST::FUNCTION:DSA
DH_get_default_method 993 1_1_0 EXIST::FUNCTION:DH
PEM_proc_type 994 1_1_0 EXIST::FUNCTION:
-@@ -1028,11 +1028,11 @@ ASN1_BIT_STRING_it 1000 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -1028,11 +1007,11 @@ SEED_cfb128_encrypt 999 1_1_0 EXIST::FUNCTION:SEED
ASN1_BIT_STRING_it 1000 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PKCS12_decrypt_skey 1001 1_1_0 EXIST::FUNCTION:
ENGINE_register_EC 1002 1_1_0 EXIST::FUNCTION:ENGINE
@@ -131681,15 +167334,15 @@
BN_X931_generate_Xpq 1008 1_1_0 EXIST::FUNCTION:
ASN1_item_digest 1009 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_trust 1010 1_1_0 EXIST::FUNCTION:
-@@ -1043,13 +1043,13 @@ ASN1_UTCTIME_it 1013 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -1043,13 +1022,12 @@ i2d_RSAPublicKey_bio 1005 1_1_0 EXIST::FUNCTION:RSA
i2d_DSA_PUBKEY_fp 1014 1_1_0 EXIST::FUNCTION:DSA,STDIO
X509at_get_attr_by_OBJ 1015 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_copy_ex 1016 1_1_0 EXIST::FUNCTION:
-UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION:
-lh_num_items 1018 1_1_0 EXIST::FUNCTION:
+-ERR_get_err_state_table 1019 1_1_0 NOEXIST::FUNCTION:
+UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION:UI
+OPENSSL_LH_num_items 1018 1_1_0 EXIST::FUNCTION:
- ERR_get_err_state_table 1019 1_1_0 NOEXIST::FUNCTION:
ASN1_INTEGER_cmp 1020 1_1_0 EXIST::FUNCTION:
X509_NAME_entry_count 1021 1_1_0 EXIST::FUNCTION:
-UI_method_set_closer 1022 1_1_0 EXIST::FUNCTION:
@@ -131699,16 +167352,15 @@
EVP_md4 1024 1_1_0 EXIST::FUNCTION:MD4
X509_set_subject_name 1025 1_1_0 EXIST::FUNCTION:
i2d_PKCS8PrivateKey_nid_bio 1026 1_1_0 EXIST::FUNCTION:
-@@ -1069,7 +1069,7 @@ TS_REQ_set_msg_imprint 1037 1_1_0 EXIST::FUNCTION:TS
+@@ -1069,7 +1047,6 @@ TS_REQ_set_msg_imprint 1037 1_1_0 EXIST::FUNCTION:TS
BN_mod_sub_quick 1038 1_1_0 EXIST::FUNCTION:
SMIME_write_CMS 1039 1_1_0 EXIST::FUNCTION:CMS
i2d_DSAPublicKey 1040 1_1_0 EXIST::FUNCTION:DSA
-DES_enc_write 1041 1_1_0 EXIST::FUNCTION:DES
-+DES_enc_write 1041 1_1_0 NOEXIST::FUNCTION:
SMIME_text 1042 1_1_0 EXIST::FUNCTION:
PKCS7_add_recipient_info 1043 1_1_0 EXIST::FUNCTION:
BN_get_word 1044 1_1_0 EXIST::FUNCTION:
-@@ -1103,7 +1103,7 @@ X509_EXTENSION_set_data 1071 1_1_0 EXIST::FUNCTION:
+@@ -1103,7 +1080,7 @@ CRYPTO_mem_debug_malloc 1066 1_1_0 EXIST::FUNCTION:CRYPTO_MDEBUG
ENGINE_get_EC 1072 1_1_0 EXIST::FUNCTION:ENGINE
ASN1_STRING_copy 1073 1_1_0 EXIST::FUNCTION:
EVP_PKEY_encrypt_old 1074 1_1_0 EXIST::FUNCTION:
@@ -131717,7 +167369,7 @@
DES_is_weak_key 1076 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_verify 1077 1_1_0 EXIST::FUNCTION:
ERR_load_BIO_strings 1078 1_1_0 EXIST::FUNCTION:
-@@ -1125,7 +1125,7 @@ X509_print_ex_fp 1093 1_1_0 EXIST::FUNCTION:STDIO
+@@ -1125,7 +1102,7 @@ X509_print_ex_fp 1093 1_1_0 EXIST::FUNCTION:STDIO
ERR_load_PEM_strings 1094 1_1_0 EXIST::FUNCTION:
ENGINE_unregister_pkey_asn1_meths 1095 1_1_0 EXIST::FUNCTION:ENGINE
IPAddressFamily_free 1096 1_1_0 EXIST::FUNCTION:RFC3779
@@ -131726,7 +167378,7 @@
ASN1_NULL_it 1098 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_NULL_it 1098 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509_REQ_get_pubkey 1099 1_1_0 EXIST::FUNCTION:
-@@ -1160,7 +1160,7 @@ CRYPTO_cts128_encrypt 1126 1_1_0 EXIST::FUNCTION:
+@@ -1160,7 +1137,7 @@ RSA_OAEP_PARAMS_free 1124 1_1_0 EXIST::FUNCTION:RSA
RC2_encrypt 1127 1_1_0 EXIST::FUNCTION:RC2
PEM_write 1128 1_1_0 EXIST::FUNCTION:STDIO
EVP_CIPHER_meth_get_get_asn1_params 1129 1_1_0 EXIST::FUNCTION:
@@ -131735,7 +167387,7 @@
d2i_ASN1_UTF8STRING 1131 1_1_0 EXIST::FUNCTION:
EXTENDED_KEY_USAGE_it 1132 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
EXTENDED_KEY_USAGE_it 1132 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -1175,8 +1175,8 @@ ASN1_STRING_set_by_NID 1140 1_1_0 EXIST::FUNCTION:
+@@ -1175,8 +1152,8 @@ RSA_new 1139 1_1_0 EXIST::FUNCTION:RSA
PEM_write_bio_PKCS7 1141 1_1_0 EXIST::FUNCTION:
MDC2_Final 1142 1_1_0 EXIST::FUNCTION:MDC2
SMIME_crlf_copy 1143 1_1_0 EXIST::FUNCTION:
@@ -131746,7 +167398,7 @@
X509_load_cert_crl_file 1146 1_1_0 EXIST::FUNCTION:
EVP_PKEY_new_mac_key 1147 1_1_0 EXIST::FUNCTION:
DIST_POINT_new 1148 1_1_0 EXIST::FUNCTION:
-@@ -1187,7 +1187,7 @@ X509_STORE_CTX_set0_param 1152 1_1_0 EXIST::FUNCTION:
+@@ -1187,7 +1164,7 @@ PKCS5_v2_scrypt_keyivgen 1151 1_1_0 EXIST::FUNCTION:SCRYPT
DES_check_key_parity 1153 1_1_0 EXIST::FUNCTION:DES
EVP_aes_256_ocb 1154 1_1_0 EXIST::FUNCTION:OCB
X509_VAL_free 1155 1_1_0 EXIST::FUNCTION:
@@ -131755,7 +167407,7 @@
PEM_write_RSA_PUBKEY 1157 1_1_0 EXIST::FUNCTION:RSA
PKCS12_SAFEBAG_get0_p8inf 1158 1_1_0 EXIST::FUNCTION:
X509_CRL_set_issuer_name 1159 1_1_0 EXIST::FUNCTION:
-@@ -1211,7 +1211,7 @@ SHA256 1175 1_1_0 EXIST::FUNCTION:
+@@ -1211,7 +1188,7 @@ TS_TST_INFO_get_serial 1173 1_1_0 EXIST::FUNCTION:TS
X509_LOOKUP_hash_dir 1176 1_1_0 EXIST::FUNCTION:
ASN1_BIT_STRING_check 1177 1_1_0 EXIST::FUNCTION:
ENGINE_set_default_RAND 1178 1_1_0 EXIST::FUNCTION:ENGINE
@@ -131764,7 +167416,7 @@
TS_TST_INFO_add_ext 1180 1_1_0 EXIST::FUNCTION:TS
EVP_aes_192_ccm 1181 1_1_0 EXIST::FUNCTION:
X509V3_add_value 1182 1_1_0 EXIST::FUNCTION:
-@@ -1241,7 +1241,7 @@ OPENSSL_uni2asc 1205 1_1_0 EXIST::FUNCTION:
+@@ -1241,7 +1218,7 @@ EVP_cast5_cfb64 1204 1_1_0 EXIST::FUNCTION:CAST
SCT_validation_status_string 1206 1_1_0 EXIST::FUNCTION:CT
PKCS7_add_attribute 1207 1_1_0 EXIST::FUNCTION:
ENGINE_register_DSA 1208 1_1_0 EXIST::FUNCTION:ENGINE
@@ -131773,7 +167425,7 @@
X509_policy_tree_free 1210 1_1_0 EXIST::FUNCTION:
EC_GFp_simple_method 1211 1_1_0 EXIST::FUNCTION:EC
X509_it 1212 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1251,10 +1251,10 @@ MDC2_Update 1214 1_1_0 EXIST::FUNCTION:MDC2
+@@ -1251,10 +1228,10 @@ MDC2_Update 1214 1_1_0 EXIST::FUNCTION:MDC2
EC_KEY_new_by_curve_name 1215 1_1_0 EXIST::FUNCTION:EC
X509_CRL_free 1216 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_SIGN_ENVELOPE 1217 1_1_0 EXIST::FUNCTION:
@@ -131787,7 +167439,14 @@
i2d_X509_AUX 1221 1_1_0 EXIST::FUNCTION:
RSA_verify_PKCS1_PSS_mgf1 1222 1_1_0 EXIST::FUNCTION:RSA
X509_time_adj 1223 1_1_0 EXIST::FUNCTION:
-@@ -1288,12 +1288,12 @@ OPENSSL_DIR_read 1250 1_1_0 EXIST::FUNCTION:
+@@ -1281,24 +1258,22 @@ PEM_read_bio_DSAparams 1242 1_1_0 EXIST::FUNCTION:DSA
+ DSO_METHOD_openssl 1244 1_1_0 EXIST::FUNCTION:
+ d2i_PrivateKey_fp 1245 1_1_0 EXIST::FUNCTION:STDIO
+ i2d_NETSCAPE_CERT_SEQUENCE 1246 1_1_0 EXIST::FUNCTION:
+-COMP_zlib_cleanup 1247 1_1_0 NOEXIST::FUNCTION:
+ EC_POINT_oct2point 1248 1_1_0 EXIST::FUNCTION:EC
+ EVP_CIPHER_CTX_buf_noconst 1249 1_1_0 EXIST::FUNCTION:
+ OPENSSL_DIR_read 1250 1_1_0 EXIST::FUNCTION:
CMS_add_smimecap 1251 1_1_0 EXIST::FUNCTION:CMS
X509_check_email 1252 1_1_0 EXIST::FUNCTION:
CRYPTO_cts128_decrypt_block 1253 1_1_0 EXIST::FUNCTION:
@@ -131802,7 +167461,12 @@
i2d_X509_REVOKED 1260 1_1_0 EXIST::FUNCTION:
CMS_sign 1261 1_1_0 EXIST::FUNCTION:CMS
X509_STORE_add_cert 1262 1_1_0 EXIST::FUNCTION:
-@@ -1319,15 +1319,15 @@ ASN1_TIME_free 1281 1_1_0 EXIST::FUNCTION:
+ EC_GROUP_precompute_mult 1263 1_1_0 EXIST::FUNCTION:EC
+-SCT_LIST_set_source 1264 1_1_0 NOEXIST::FUNCTION:
+ d2i_DISPLAYTEXT 1265 1_1_0 EXIST::FUNCTION:
+ HMAC_CTX_copy 1266 1_1_0 EXIST::FUNCTION:
+ CRYPTO_gcm128_init 1267 1_1_0 EXIST::FUNCTION:
+@@ -1319,15 +1294,15 @@ CONF_dump_fp 1278 1_1_0 EXIST::FUNCTION:STDIO
i2o_SCT_LIST 1282 1_1_0 EXIST::FUNCTION:CT
AES_encrypt 1283 1_1_0 EXIST::FUNCTION:
MD5_Init 1284 1_1_0 EXIST::FUNCTION:MD5
@@ -131821,7 +167485,7 @@
BN_num_bits 1293 1_1_0 EXIST::FUNCTION:
X509_CRL_METHOD_free 1294 1_1_0 EXIST::FUNCTION:
PEM_read_NETSCAPE_CERT_SEQUENCE 1295 1_1_0 EXIST::FUNCTION:
-@@ -1342,11 +1342,11 @@ BN_rshift1 1303 1_1_0 EXIST::FUNCTION:
+@@ -1342,11 +1317,11 @@ PEM_write_DSA_PUBKEY 1302 1_1_0 EXIST::FUNCTION:DSA
i2d_PKCS7_ENVELOPE 1304 1_1_0 EXIST::FUNCTION:
PBKDF2PARAM_it 1305 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PBKDF2PARAM_it 1305 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -131835,7 +167499,12 @@
RC2_decrypt 1310 1_1_0 EXIST::FUNCTION:RC2
OPENSSL_atexit 1311 1_1_0 EXIST::FUNCTION:
CMS_add_standard_smimecap 1312 1_1_0 EXIST::FUNCTION:CMS
-@@ -1359,7 +1359,7 @@ RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:
+@@ -1355,11 +1330,11 @@ CMS_add_standard_smimecap 1312 1_1_0 EXIST::FUNCTION:CMS
+ ERR_peek_last_error 1315 1_1_0 EXIST::FUNCTION:
+ ENGINE_set_cmd_defns 1316 1_1_0 EXIST::FUNCTION:ENGINE
+ d2i_ASN1_NULL 1317 1_1_0 EXIST::FUNCTION:
+-RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:
++RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
i2d_PKCS12_fp 1319 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_init 1320 1_1_0 EXIST::FUNCTION:
X509_check_trust 1321 1_1_0 EXIST::FUNCTION:
@@ -131844,7 +167513,7 @@
HMAC_Init_ex 1323 1_1_0 EXIST::FUNCTION:
SMIME_read_CMS 1324 1_1_0 EXIST::FUNCTION:CMS
X509_subject_name_cmp 1325 1_1_0 EXIST::FUNCTION:
-@@ -1387,8 +1387,8 @@ PEM_write_bio_CMS_stream 1345 1_1_0 EXIST::FUNCTION:CMS
+@@ -1387,8 +1362,8 @@ PEM_write_bio_CMS_stream 1345 1_1_0 EXIST::FUNCTION:CMS
BIO_f_linebuffer 1346 1_1_0 EXIST::FUNCTION:
ASN1_item_d2i_bio 1347 1_1_0 EXIST::FUNCTION:
ENGINE_get_flags 1348 1_1_0 EXIST::FUNCTION:ENGINE
@@ -131855,13 +167524,20 @@
EVP_PKEY_encrypt 1351 1_1_0 EXIST::FUNCTION:
CRYPTO_cfb128_8_encrypt 1352 1_1_0 EXIST::FUNCTION:
SXNET_get_id_INTEGER 1353 1_1_0 EXIST::FUNCTION:
-@@ -1407,11 +1407,10 @@ ASN1_SCTX_get_app_data 1365 1_1_0 EXIST::FUNCTION:
+@@ -1397,7 +1372,6 @@ ENGINE_get_flags 1348 1_1_0 EXIST::FUNCTION:ENGINE
+ PKCS7_ENC_CONTENT_new 1356 1_1_0 EXIST::FUNCTION:
+ CRYPTO_realloc 1357 1_1_0 EXIST::FUNCTION:
+ BIO_ctrl_pending 1358 1_1_0 EXIST::FUNCTION:
+-DSO_set_method 1359 1_1_0 NOEXIST::FUNCTION:
+ EVP_MD_meth_new 1360 1_1_0 EXIST::FUNCTION:
+ X509_sign_ctx 1361 1_1_0 EXIST::FUNCTION:
+ BN_is_odd 1362 1_1_0 EXIST::FUNCTION:
+@@ -1407,11 +1381,9 @@ ENGINE_get_flags 1348 1_1_0 EXIST::FUNCTION:ENGINE
X509_get_default_cert_file_env 1366 1_1_0 EXIST::FUNCTION:
X509v3_addr_validate_resource_set 1367 1_1_0 EXIST::FUNCTION:RFC3779
d2i_X509_VAL 1368 1_1_0 EXIST::FUNCTION:
-_shadow_DES_rw_mode 1369 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_rw_mode 1369 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-+_shadow_DES_rw_mode 1369 1_1_0 NOEXIST::FUNCTION:
CRYPTO_gcm128_decrypt_ctr32 1370 1_1_0 EXIST::FUNCTION:
DHparams_print 1371 1_1_0 EXIST::FUNCTION:DH
-sk_unshift 1372 1_1_0 EXIST::FUNCTION:
@@ -131869,7 +167545,7 @@
BN_GENCB_set_old 1373 1_1_0 EXIST::FUNCTION:
PEM_write_bio_X509 1374 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_free 1375 1_1_0 EXIST::FUNCTION:
-@@ -1421,13 +1420,13 @@ PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -1421,18 +1393,17 @@ ENGINE_unregister_DH 1376 1_1_0 EXIST::FUNCTION:ENGINE
CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 EXIST::FUNCTION:CT
X509_NAME_hash 1379 1_1_0 EXIST::FUNCTION:
SCT_set_timestamp 1380 1_1_0 EXIST::FUNCTION:CT
@@ -131885,7 +167561,12 @@
EVP_PKEY_meth_set_cleanup 1388 1_1_0 EXIST::FUNCTION:
PROXY_CERT_INFO_EXTENSION_free 1389 1_1_0 EXIST::FUNCTION:
X509_dup 1390 1_1_0 EXIST::FUNCTION:
-@@ -1442,7 +1441,7 @@ PEM_read_bio_PrivateKey 1398 1_1_0 EXIST::FUNCTION:
+ EDIPARTYNAME_free 1391 1_1_0 EXIST::FUNCTION:
+-DSO_new_method 1392 1_1_0 NOEXIST::FUNCTION:
+ X509_CRL_add0_revoked 1393 1_1_0 EXIST::FUNCTION:
+ GENERAL_NAME_set0_value 1394 1_1_0 EXIST::FUNCTION:
+ X509_ATTRIBUTE_dup 1395 1_1_0 EXIST::FUNCTION:
+@@ -1442,7 +1413,7 @@ EC_GROUP_check_discriminant 1396 1_1_0 EXIST::FUNCTION:EC
d2i_PKCS7_ENCRYPT 1399 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_ctrl 1400 1_1_0 EXIST::FUNCTION:
X509_REQ_set_pubkey 1401 1_1_0 EXIST::FUNCTION:
@@ -131894,7 +167575,7 @@
X509_REQ_add_extensions_nid 1403 1_1_0 EXIST::FUNCTION:
PEM_X509_INFO_write_bio 1404 1_1_0 EXIST::FUNCTION:
BIO_dump_cb 1405 1_1_0 EXIST::FUNCTION:
-@@ -1455,7 +1454,7 @@ BIO_set_ex_data 1411 1_1_0 EXIST::FUNCTION:
+@@ -1455,7 +1426,7 @@ SRP_Calc_server_key 1409 1_1_0 EXIST::FUNCTION:SRP
SHA512 1412 1_1_0 EXIST:!VMSVAX:FUNCTION:
X509_STORE_CTX_get_explicit_policy 1413 1_1_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 1_1_0 EXIST::FUNCTION:
@@ -131903,7 +167584,7 @@
EVP_MD_CTX_reset 1416 1_1_0 EXIST::FUNCTION:
X509_NAME_new 1417 1_1_0 EXIST::FUNCTION:
ASN1_item_pack 1418 1_1_0 EXIST::FUNCTION:
-@@ -1469,11 +1468,11 @@ CRYPTO_nistcts128_encrypt 1425 1_1_0 EXIST::FUNCTION:
+@@ -1469,11 +1440,11 @@ d2i_RSA_PUBKEY_fp 1423 1_1_0 EXIST::FUNCTION:RSA,STDIO
CONF_modules_finish 1426 1_1_0 EXIST::FUNCTION:
BN_value_one 1427 1_1_0 EXIST::FUNCTION:
RSA_padding_add_SSLv23 1428 1_1_0 EXIST::FUNCTION:RSA
@@ -131919,7 +167600,7 @@
ENGINE_get_RSA 1432 1_1_0 EXIST::FUNCTION:ENGINE
RAND_get_rand_method 1433 1_1_0 EXIST::FUNCTION:
ERR_load_DSA_strings 1434 1_1_0 EXIST::FUNCTION:DSA
-@@ -1485,7 +1484,7 @@ i2d_ECPrivateKey_bio 1439 1_1_0 EXIST::FUNCTION:EC
+@@ -1485,22 +1456,21 @@ i2d_ECPrivateKey_bio 1439 1_1_0 EXIST::FUNCTION:EC
BN_GENCB_free 1440 1_1_0 EXIST::FUNCTION:
HMAC_size 1441 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get0_DH 1442 1_1_0 EXIST::FUNCTION:DH
@@ -131928,7 +167609,10 @@
EVP_CIPHER_CTX_set_padding 1444 1_1_0 EXIST::FUNCTION:
CTLOG_new_from_base64 1445 1_1_0 EXIST::FUNCTION:CT
AES_bi_ige_encrypt 1446 1_1_0 EXIST::FUNCTION:
-@@ -1496,11 +1495,11 @@ EVP_PKEY_get0_asn1 1450 1_1_0 EXIST::FUNCTION:
+ ERR_pop_to_mark 1447 1_1_0 EXIST::FUNCTION:
+-DSO_METHOD_win32 1448 1_1_0 NOEXIST::FUNCTION:
+ CRL_DIST_POINTS_new 1449 1_1_0 EXIST::FUNCTION:
+ EVP_PKEY_get0_asn1 1450 1_1_0 EXIST::FUNCTION:
EVP_camellia_192_ctr 1451 1_1_0 EXIST::FUNCTION:CAMELLIA
EVP_PKEY_free 1452 1_1_0 EXIST::FUNCTION:
X509_ATTRIBUTE_count 1453 1_1_0 EXIST::FUNCTION:
@@ -131942,7 +167626,7 @@
BN_nist_mod_192 1459 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_ISSUER_AND_SERIAL 1460 1_1_0 EXIST::FUNCTION:
X509V3_EXT_nconf 1461 1_1_0 EXIST::FUNCTION:
-@@ -1514,22 +1513,22 @@ i2d_PKCS7_SIGNER_INFO 1468 1_1_0 EXIST::FUNCTION:
+@@ -1514,22 +1484,22 @@ TS_CONF_get_tsa_section 1467 1_1_0 EXIST::FUNCTION:TS
EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION:UI
BN_bn2bin 1470 1_1_0 EXIST::FUNCTION:
d2i_ASN1_BIT_STRING 1471 1_1_0 EXIST::FUNCTION:
@@ -131970,7 +167654,7 @@
SXNET_it 1488 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
SXNET_it 1488 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BIO_indent 1489 1_1_0 EXIST::FUNCTION:
-@@ -1541,7 +1540,7 @@ i2d_TS_REQ_bio 1494 1_1_0 EXIST::FUNCTION:TS
+@@ -1541,7 +1511,7 @@ i2d_TS_REQ_bio 1494 1_1_0 EXIST::FUNCTION:TS
EVP_PKEY_CTX_get_operation 1495 1_1_0 EXIST::FUNCTION:
EVP_MD_meth_set_ctrl 1496 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_set_critical 1497 1_1_0 EXIST::FUNCTION:
@@ -131979,7 +167663,7 @@
ENGINE_get_DSA 1499 1_1_0 EXIST::FUNCTION:ENGINE
ASYNC_get_wait_ctx 1500 1_1_0 EXIST::FUNCTION:
ENGINE_set_load_privkey_function 1501 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -1553,7 +1552,7 @@ EVP_CIPHER_CTX_rand_key 1506 1_1_0 EXIST::FUNCTION:
+@@ -1553,7 +1523,7 @@ ENGINE_set_load_privkey_function 1501 1_1_0 EXIST::FUNCTION:ENGINE
AES_set_encrypt_key 1507 1_1_0 EXIST::FUNCTION:
ASN1_UTCTIME_new 1508 1_1_0 EXIST::FUNCTION:
AES_cbc_encrypt 1509 1_1_0 EXIST::FUNCTION:
@@ -131988,7 +167672,7 @@
EVP_PKEY_asn1_find 1511 1_1_0 EXIST::FUNCTION:
d2i_ASN1_GENERALIZEDTIME 1512 1_1_0 EXIST::FUNCTION:
OPENSSL_cleanup 1513 1_1_0 EXIST::FUNCTION:
-@@ -1565,7 +1564,7 @@ BIO_free 1518 1_1_0 EXIST::FUNCTION:
+@@ -1565,7 +1535,7 @@ SCT_get_source 1515 1_1_0 EXIST::FUNCTION:CT
i2d_X509_ALGOR 1519 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set0_crls 1520 1_1_0 EXIST::FUNCTION:
ASYNC_pause_job 1521 1_1_0 EXIST::FUNCTION:
@@ -131997,7 +167681,7 @@
EVP_camellia_256_ofb 1523 1_1_0 EXIST::FUNCTION:CAMELLIA
PKCS12_item_i2d_encrypt 1524 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_copy 1525 1_1_0 EXIST::FUNCTION:
-@@ -1590,13 +1589,13 @@ CMS_get0_content 1543 1_1_0 EXIST::FUNCTION:CMS
+@@ -1590,13 +1560,13 @@ CMS_get0_content 1543 1_1_0 EXIST::FUNCTION:CMS
BN_is_word 1544 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_key_length 1545 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_asn1_to_param 1546 1_1_0 EXIST::FUNCTION:
@@ -132013,7 +167697,7 @@
CMS_SignerInfo_sign 1554 1_1_0 EXIST::FUNCTION:CMS
ASN1_item_i2d_bio 1555 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_block_size 1556 1_1_0 EXIST::FUNCTION:
-@@ -1607,7 +1606,7 @@ EVP_MD_meth_set_app_datasize 1560 1_1_0 EXIST::FUNCTION:
+@@ -1607,7 +1577,7 @@ TS_CONF_set_default_engine 1558 1_1_0 EXIST::FUNCTION:ENGINE,TS
DSO_free 1561 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_get_tsa 1562 1_1_0 EXIST::FUNCTION:TS
EC_GROUP_check 1563 1_1_0 EXIST::FUNCTION:EC
@@ -132022,7 +167706,7 @@
TS_RESP_CTX_set_extension_cb 1565 1_1_0 EXIST::FUNCTION:TS
EVP_CIPHER_CTX_nid 1566 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_add_md 1567 1_1_0 EXIST::FUNCTION:TS
-@@ -1616,8 +1615,8 @@ X509V3_extensions_print 1569 1_1_0 EXIST::FUNCTION:
+@@ -1616,8 +1586,8 @@ DES_set_key 1568 1_1_0 EXIST::FUNCTION:DES
PEM_do_header 1570 1_1_0 EXIST::FUNCTION:
i2d_re_X509_CRL_tbs 1571 1_1_0 EXIST::FUNCTION:
BIO_method_name 1572 1_1_0 EXIST::FUNCTION:
@@ -132033,8 +167717,11 @@
d2i_X509_NAME_ENTRY 1575 1_1_0 EXIST::FUNCTION:
X509_trusted 1576 1_1_0 EXIST::FUNCTION:
X509_TRUST_get_flags 1577 1_1_0 EXIST::FUNCTION:
-@@ -1629,12 +1628,12 @@ X509_policy_tree_get0_user_policies 1582 1_1_0 EXIST::FUNCTION:
- SCT_LIST_set0_logs 1583 1_1_0 NOEXIST::FUNCTION:
+@@ -1626,15 +1596,14 @@ DES_set_key 1568 1_1_0 EXIST::FUNCTION:DES
+ CONF_imodule_set_usr_data 1580 1_1_0 EXIST::FUNCTION:
+ d2i_TS_RESP_fp 1581 1_1_0 EXIST::FUNCTION:STDIO,TS
+ X509_policy_tree_get0_user_policies 1582 1_1_0 EXIST::FUNCTION:
+-SCT_LIST_set0_logs 1583 1_1_0 NOEXIST::FUNCTION:
DSA_do_sign 1584 1_1_0 EXIST::FUNCTION:DSA
EVP_CIPHER_CTX_reset 1585 1_1_0 EXIST::FUNCTION:
-OCSP_REVOKEDINFO_new 1586 1_1_0 EXIST::FUNCTION:
@@ -132048,9 +167735,19 @@
ERR_get_error_line_data 1592 1_1_0 EXIST::FUNCTION:
CTLOG_get0_name 1593 1_1_0 EXIST::FUNCTION:CT
ASN1_TBOOLEAN_it 1594 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1657,16 +1656,16 @@ X509_get0_pubkey_bitstr 1609 1_1_0 EXIST::FUNCTION:
+@@ -1642,7 +1611,6 @@ CTLOG_get0_name 1593 1_1_0 EXIST::FUNCTION:CT
+ RC2_set_key 1595 1_1_0 EXIST::FUNCTION:RC2
+ X509_REVOKED_get_ext_by_NID 1596 1_1_0 EXIST::FUNCTION:
+ RSA_padding_add_none 1597 1_1_0 EXIST::FUNCTION:RSA
+-CRYPTO_THREADID_cmp 1598 1_1_0 NOEXIST::FUNCTION:
+ EVP_rc5_32_12_16_cbc 1599 1_1_0 EXIST::FUNCTION:RC5
+ PEM_dek_info 1600 1_1_0 EXIST::FUNCTION:
+ ASN1_SCTX_get_template 1601 1_1_0 EXIST::FUNCTION:
+@@ -1655,18 +1623,17 @@ TS_ext_print_bio 1607 1_1_0 EXIST::FUNCTION:TS
+ SCT_set1_log_id 1608 1_1_0 EXIST::FUNCTION:CT
+ X509_get0_pubkey_bitstr 1609 1_1_0 EXIST::FUNCTION:
ENGINE_register_all_RAND 1610 1_1_0 EXIST::FUNCTION:ENGINE
- BN_BLINDING_thread_id 1611 1_1_0 NOEXIST::FUNCTION:
+-BN_BLINDING_thread_id 1611 1_1_0 NOEXIST::FUNCTION:
EVP_MD_meth_get_result_size 1612 1_1_0 EXIST::FUNCTION:
-BIO_ADDRINFO_address 1613 1_1_0 EXIST::FUNCTION:
+BIO_ADDRINFO_address 1613 1_1_0 EXIST::FUNCTION:SOCK
@@ -132068,7 +167765,7 @@
NCONF_dump_bio 1623 1_1_0 EXIST::FUNCTION:
X509_NAME_get_entry 1624 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get1_DH 1625 1_1_0 EXIST::FUNCTION:DH
-@@ -1677,18 +1676,18 @@ CRYPTO_ocb128_cleanup 1629 1_1_0 EXIST::FUNCTION:OCB
+@@ -1677,18 +1644,18 @@ CRYPTO_ocb128_cleanup 1629 1_1_0 EXIST::FUNCTION:OCB
EVP_des_ede_cbc 1630 1_1_0 EXIST::FUNCTION:DES
i2d_ASN1_TIME 1631 1_1_0 EXIST::FUNCTION:
ENGINE_register_all_pkey_asn1_meths 1632 1_1_0 EXIST::FUNCTION:ENGINE
@@ -132090,7 +167787,22 @@
X509_STORE_CTX_get1_issuer 1644 1_1_0 EXIST::FUNCTION:
EVP_Digest 1645 1_1_0 EXIST::FUNCTION:
CRYPTO_set_ex_data 1646 1_1_0 EXIST::FUNCTION:
-@@ -1718,8 +1717,8 @@ X509_ATTRIBUTE_create_by_NID 1669 1_1_0 EXIST::FUNCTION:
+@@ -1697,7 +1664,6 @@ CMS_ContentInfo_it 1642 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+ i2d_EDIPARTYNAME 1649 1_1_0 EXIST::FUNCTION:
+ X509_policy_tree_get0_policies 1650 1_1_0 EXIST::FUNCTION:
+ X509at_add1_attr 1651 1_1_0 EXIST::FUNCTION:
+-CRYPTO_num_locks 1652 1_1_0 NOEXIST::FUNCTION:
+ X509_get_ex_data 1653 1_1_0 EXIST::FUNCTION:
+ RSA_set_method 1654 1_1_0 EXIST::FUNCTION:RSA
+ X509_REVOKED_dup 1655 1_1_0 EXIST::FUNCTION:
+@@ -1711,15 +1677,14 @@ EC_GROUP_free 1659 1_1_0 EXIST::FUNCTION:EC
+ X509_VERIFY_PARAM_clear_flags 1663 1_1_0 EXIST::FUNCTION:
+ X509_NAME_add_entry_by_txt 1664 1_1_0 EXIST::FUNCTION:
+ DES_ede3_cfb_encrypt 1665 1_1_0 EXIST::FUNCTION:DES
+-CRYPTO_destroy_dynlockid 1666 1_1_0 NOEXIST::FUNCTION:
+ i2d_CMS_bio_stream 1667 1_1_0 EXIST::FUNCTION:CMS
+ DES_quad_cksum 1668 1_1_0 EXIST::FUNCTION:DES
+ X509_ATTRIBUTE_create_by_NID 1669 1_1_0 EXIST::FUNCTION:
TS_VERIFY_CTX_free 1670 1_1_0 EXIST::FUNCTION:TS
EC_KEY_up_ref 1671 1_1_0 EXIST::FUNCTION:EC
EC_GROUP_get_basis_type 1672 1_1_0 EXIST::FUNCTION:EC
@@ -132101,7 +167813,7 @@
PEM_write_PKCS7 1674 1_1_0 EXIST::FUNCTION:
PKCS7_add_signer 1675 1_1_0 EXIST::FUNCTION:
X509_SIG_it 1676 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1737,7 +1736,7 @@ CMS_EncryptedData_set1_key 1686 1_1_0 EXIST::FUNCTION:CMS
+@@ -1737,7 +1702,7 @@ CMS_EncryptedData_set1_key 1686 1_1_0 EXIST::FUNCTION:CMS
OBJ_find_sigid_by_algs 1687 1_1_0 EXIST::FUNCTION:
ASN1_generate_nconf 1688 1_1_0 EXIST::FUNCTION:
CMS_add0_recipient_password 1689 1_1_0 EXIST::FUNCTION:CMS
@@ -132110,7 +167822,7 @@
PEM_read_bio_ECPrivateKey 1691 1_1_0 EXIST::FUNCTION:EC
EVP_PKEY_get_attr 1692 1_1_0 EXIST::FUNCTION:
PEM_read_bio_ECPKParameters 1693 1_1_0 EXIST::FUNCTION:EC
-@@ -1747,7 +1746,7 @@ PKCS12_SAFEBAG_get_bag_nid 1696 1_1_0 EXIST::FUNCTION:
+@@ -1747,7 +1712,7 @@ ENGINE_ctrl_cmd 1695 1_1_0 EXIST::FUNCTION:ENGINE
TS_CONF_set_digests 1697 1_1_0 EXIST::FUNCTION:TS
PKCS7_SIGNED_it 1698 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_SIGNED_it 1698 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -132119,7 +167831,7 @@
X509_PURPOSE_cleanup 1700 1_1_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_dup 1701 1_1_0 EXIST::FUNCTION:TS
ENGINE_set_default_DSA 1702 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -1758,7 +1757,7 @@ X509_policy_tree_get0_level 1706 1_1_0 EXIST::FUNCTION:
+@@ -1758,7 +1723,7 @@ RSA_padding_check_PKCS1_OAEP_mgf1 1705 1_1_0 EXIST::FUNCTION:RSA
ASN1_parse_dump 1708 1_1_0 EXIST::FUNCTION:
BIO_vfree 1709 1_1_0 EXIST::FUNCTION:
CRYPTO_cbc128_decrypt 1710 1_1_0 EXIST::FUNCTION:
@@ -132128,7 +167840,7 @@
d2i_PKCS7_bio 1712 1_1_0 EXIST::FUNCTION:
ENGINE_set_default_digests 1713 1_1_0 EXIST::FUNCTION:ENGINE
i2d_PublicKey 1714 1_1_0 EXIST::FUNCTION:
-@@ -1775,8 +1774,8 @@ EVP_cast5_ecb 1724 1_1_0 EXIST::FUNCTION:CAST
+@@ -1775,8 +1740,8 @@ EVP_cast5_ecb 1724 1_1_0 EXIST::FUNCTION:CAST
BIO_nwrite0 1725 1_1_0 EXIST::FUNCTION:
CAST_encrypt 1726 1_1_0 EXIST::FUNCTION:CAST
a2d_ASN1_OBJECT 1727 1_1_0 EXIST::FUNCTION:
@@ -132139,7 +167851,7 @@
CMS_unsigned_get_attr 1730 1_1_0 EXIST::FUNCTION:CMS
EVP_aes_256_cbc 1731 1_1_0 EXIST::FUNCTION:
X509_check_ip_asc 1732 1_1_0 EXIST::FUNCTION:
-@@ -1787,7 +1786,7 @@ EVP_ENCODE_CTX_new 1736 1_1_0 EXIST::FUNCTION:
+@@ -1787,7 +1752,7 @@ TS_MSG_IMPRINT_new 1735 1_1_0 EXIST::FUNCTION:TS
BIO_f_base64 1737 1_1_0 EXIST::FUNCTION:
CMS_verify 1738 1_1_0 EXIST::FUNCTION:CMS
i2d_PrivateKey 1739 1_1_0 EXIST::FUNCTION:
@@ -132148,7 +167860,7 @@
OPENSSL_issetugid 1741 1_1_0 EXIST::FUNCTION:
d2i_ASN1_OBJECT 1742 1_1_0 EXIST::FUNCTION:
EVP_MD_meth_set_flags 1743 1_1_0 EXIST::FUNCTION:
-@@ -1796,14 +1795,14 @@ EC_POINT_cmp 1745 1_1_0 EXIST::FUNCTION:EC
+@@ -1796,14 +1761,14 @@ EC_POINT_cmp 1745 1_1_0 EXIST::FUNCTION:EC
ASN1_buf_print 1746 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_hex2ctrl 1747 1_1_0 EXIST::FUNCTION:
PEM_write_bio_PKCS8PrivateKey 1748 1_1_0 EXIST::FUNCTION:
@@ -132166,7 +167878,16 @@
X509_reject_clear 1757 1_1_0 EXIST::FUNCTION:
DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH
LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1850,7 +1849,7 @@ EVP_CIPHER_CTX_clear_flags 1796 1_1_0 EXIST::FUNCTION:
+@@ -1822,8 +1787,6 @@ TS_TST_INFO_get_exts 1766 1_1_0 EXIST::FUNCTION:TS
+ PKCS7_RECIP_INFO_free 1771 1_1_0 EXIST::FUNCTION:
+ ASN1_tag2bit 1772 1_1_0 EXIST::FUNCTION:
+ TS_REQ_add_ext 1773 1_1_0 EXIST::FUNCTION:TS
+-CRYPTO_get_new_dynlockid 1774 1_1_0 NOEXIST::FUNCTION:
+-RAND_cleanup 1775 1_1_0 NOEXIST::FUNCTION:
+ X509_digest 1776 1_1_0 EXIST::FUNCTION:
+ CRYPTO_THREAD_cleanup_local 1777 1_1_0 EXIST::FUNCTION:
+ NETSCAPE_CERT_SEQUENCE_it 1778 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+@@ -1850,11 +1813,11 @@ RAND_set_rand_engine 1791 1_1_0 EXIST::FUNCTION:ENGINE
ECDSA_size 1797 1_1_0 EXIST::FUNCTION:EC
X509_ALGOR_get0 1798 1_1_0 EXIST::FUNCTION:
d2i_ACCESS_DESCRIPTION 1799 1_1_0 EXIST::FUNCTION:
@@ -132175,7 +167896,12 @@
a2i_IPADDRESS_NC 1801 1_1_0 EXIST::FUNCTION:
CTLOG_STORE_load_default_file 1802 1_1_0 EXIST::FUNCTION:CT
PKCS12_SAFEBAG_create_pkcs8_encrypt 1803 1_1_0 EXIST::FUNCTION:
-@@ -1862,13 +1861,13 @@ ASN1_BIT_STRING_new 1808 1_1_0 EXIST::FUNCTION:
+-RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:
++RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
+ CONF_get_string 1805 1_1_0 EXIST::FUNCTION:
+ X509_cmp_current_time 1806 1_1_0 EXIST::FUNCTION:
+ i2d_DSAPrivateKey 1807 1_1_0 EXIST::FUNCTION:DSA
+@@ -1862,13 +1825,13 @@ i2d_DSAPrivateKey 1807 1_1_0 EXIST::FUNCTION:DSA
BIO_new_file 1809 1_1_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_get0_algs 1810 1_1_0 EXIST::FUNCTION:
TS_RESP_set_status_info 1811 1_1_0 EXIST::FUNCTION:TS
@@ -132191,7 +167917,7 @@
OPENSSL_hexstr2buf 1819 1_1_0 EXIST::FUNCTION:
EVP_add_cipher 1820 1_1_0 EXIST::FUNCTION:
X509V3_EXT_add_list 1821 1_1_0 EXIST::FUNCTION:
-@@ -1877,7 +1876,7 @@ X509_get_ext_by_critical 1823 1_1_0 EXIST::FUNCTION:
+@@ -1877,7 +1840,7 @@ CMS_compress 1822 1_1_0 EXIST::FUNCTION:CMS
ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION:
ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -132200,8 +167926,11 @@
ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION:
i2d_AUTHORITY_KEYID 1829 1_1_0 EXIST::FUNCTION:
-@@ -1889,7 +1888,7 @@ ASN1_STRING_to_UTF8 1833 1_1_0 EXIST::FUNCTION:
- DSO_METHOD_null 1834 1_1_0 NOEXIST::FUNCTION:
+@@ -1886,10 +1849,9 @@ TS_TST_INFO_get_time 1830 1_1_0 EXIST::FUNCTION:TS
+ ASN1_VISIBLESTRING_it 1831 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ X509V3_EXT_REQ_add_conf 1832 1_1_0 EXIST::FUNCTION:
+ ASN1_STRING_to_UTF8 1833 1_1_0 EXIST::FUNCTION:
+-DSO_METHOD_null 1834 1_1_0 NOEXIST::FUNCTION:
EVP_MD_meth_set_update 1835 1_1_0 EXIST::FUNCTION:
EVP_camellia_192_cbc 1836 1_1_0 EXIST::FUNCTION:CAMELLIA
-lh_stats_bio 1837 1_1_0 EXIST::FUNCTION:
@@ -132209,7 +167938,7 @@
PKCS7_set_signed_attributes 1838 1_1_0 EXIST::FUNCTION:
EC_KEY_priv2buf 1839 1_1_0 EXIST::FUNCTION:EC
BN_BLINDING_free 1840 1_1_0 EXIST::FUNCTION:
-@@ -1908,11 +1907,11 @@ TS_RESP_CTX_set_serial_cb 1851 1_1_0 EXIST::FUNCTION:TS
+@@ -1908,11 +1870,11 @@ TS_RESP_CTX_set_serial_cb 1851 1_1_0 EXIST::FUNCTION:TS
POLICY_MAPPING_it 1852 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICY_MAPPING_it 1852 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ERR_load_KDF_strings 1853 1_1_0 EXIST::FUNCTION:
@@ -132223,7 +167952,7 @@
ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION:
PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:
PKCS7_digest_from_attributes 1861 1_1_0 EXIST::FUNCTION:
-@@ -1928,34 +1927,34 @@ X509_get_ext_by_OBJ 1869 1_1_0 EXIST::FUNCTION:
+@@ -1928,38 +1890,37 @@ DSA_generate_key 1867 1_1_0 EXIST::FUNCTION:DSA
PBEPARAM_new 1870 1_1_0 EXIST::FUNCTION:
EVP_aes_128_cbc 1871 1_1_0 EXIST::FUNCTION:
CRYPTO_dup_ex_data 1872 1_1_0 EXIST::FUNCTION:
@@ -132265,7 +167994,11 @@
NOTICEREF_free 1901 1_1_0 EXIST::FUNCTION:
AES_cfb1_encrypt 1902 1_1_0 EXIST::FUNCTION:
X509v3_get_ext 1903 1_1_0 EXIST::FUNCTION:
-@@ -1969,7 +1968,7 @@ SRP_Calc_B 1910 1_1_0 EXIST::FUNCTION:SRP
+-BN_BLINDING_set_thread_id 1904 1_1_0 NOEXIST::FUNCTION:
+ CRYPTO_gcm128_encrypt_ctr32 1905 1_1_0 EXIST::FUNCTION:
+ SCT_set1_signature 1906 1_1_0 EXIST::FUNCTION:CT
+ CONF_imodule_get_module 1907 1_1_0 EXIST::FUNCTION:
+@@ -1969,7 +1930,7 @@ SRP_Calc_B 1910 1_1_0 EXIST::FUNCTION:SRP
CMS_decrypt_set1_key 1911 1_1_0 EXIST::FUNCTION:CMS
EC_GROUP_get_degree 1912 1_1_0 EXIST::FUNCTION:EC
X509_ALGOR_set0 1913 1_1_0 EXIST::FUNCTION:
@@ -132274,7 +168007,7 @@
X509v3_asid_inherits 1915 1_1_0 EXIST::FUNCTION:RFC3779
EVP_MD_meth_get_app_datasize 1916 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get_num_untrusted 1917 1_1_0 EXIST::FUNCTION:
-@@ -1993,7 +1992,7 @@ X509_NAME_add_entry 1935 1_1_0 EXIST::FUNCTION:
+@@ -1993,7 +1954,7 @@ RSA_flags 1934 1_1_0 EXIST::FUNCTION:RSA
EVP_CIPHER_get_asn1_iv 1936 1_1_0 EXIST::FUNCTION:
i2d_RSAPrivateKey_bio 1937 1_1_0 EXIST::FUNCTION:RSA
PKCS5_PBE_keyivgen 1938 1_1_0 EXIST::FUNCTION:
@@ -132283,7 +168016,7 @@
EC_POINT_copy 1940 1_1_0 EXIST::FUNCTION:EC
X509V3_EXT_CRL_add_nconf 1941 1_1_0 EXIST::FUNCTION:
SHA256_Init 1942 1_1_0 EXIST::FUNCTION:
-@@ -2009,7 +2008,7 @@ PKCS12_unpack_p7data 1951 1_1_0 EXIST::FUNCTION:
+@@ -2009,7 +1970,7 @@ EVP_seed_cbc 1948 1_1_0 EXIST::FUNCTION:SEED
ECDSA_sign 1952 1_1_0 EXIST::FUNCTION:EC
d2i_PKCS12_fp 1953 1_1_0 EXIST::FUNCTION:
CMS_unsigned_get_attr_by_NID 1954 1_1_0 EXIST::FUNCTION:CMS
@@ -132292,7 +168025,7 @@
BN_bntest_rand 1956 1_1_0 EXIST::FUNCTION:
X509_get_pubkey 1957 1_1_0 EXIST::FUNCTION:
i2d_X509_NAME 1958 1_1_0 EXIST::FUNCTION:
-@@ -2029,7 +2028,7 @@ EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:EC,EC2M
+@@ -2029,7 +1990,7 @@ EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:EC,EC2M
EVP_ENCODE_CTX_num 1971 1_1_0 EXIST::FUNCTION:
Camellia_cfb1_encrypt 1972 1_1_0 EXIST::FUNCTION:CAMELLIA
NCONF_load_fp 1973 1_1_0 EXIST::FUNCTION:STDIO
@@ -132301,7 +168034,7 @@
EVP_PKEY_sign 1975 1_1_0 EXIST::FUNCTION:
TS_REQ_get_ext_by_critical 1976 1_1_0 EXIST::FUNCTION:TS
EC_KEY_key2buf 1977 1_1_0 EXIST::FUNCTION:EC
-@@ -2068,33 +2067,33 @@ TS_REQ_get_version 2006 1_1_0 EXIST::FUNCTION:TS
+@@ -2068,33 +2029,33 @@ TS_REQ_get_version 2006 1_1_0 EXIST::FUNCTION:TS
BN_exp 2007 1_1_0 EXIST::FUNCTION:
i2d_SXNET 2008 1_1_0 EXIST::FUNCTION:
OBJ_bsearch_ 2009 1_1_0 EXIST::FUNCTION:
@@ -132342,7 +168075,7 @@
_shadow_DES_check_key 2037 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
_shadow_DES_check_key 2037 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
CMS_RecipientInfo_set0_pkey 2038 1_1_0 EXIST::FUNCTION:CMS
-@@ -2112,17 +2111,17 @@ ASN1_ENUMERATED_it 2047 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2112,17 +2073,17 @@ ASN1_d2i_fp 2045 1_1_0 EXIST::FUNCTION:STDIO
o2i_ECPublicKey 2048 1_1_0 EXIST::FUNCTION:EC
ERR_load_BUF_strings 2049 1_1_0 EXIST::FUNCTION:
PEM_read_bio_RSA_PUBKEY 2050 1_1_0 EXIST::FUNCTION:RSA
@@ -132363,7 +168096,7 @@
OBJ_length 2062 1_1_0 EXIST::FUNCTION:
BN_GENCB_get_arg 2063 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_clear_flags 2064 1_1_0 EXIST::FUNCTION:
-@@ -2130,7 +2129,7 @@ EVP_PKEY_meth_get_verifyctx 2065 1_1_0 EXIST::FUNCTION:
+@@ -2130,7 +2091,7 @@ ENGINE_get_load_pubkey_function 2057 1_1_0 EXIST::FUNCTION:ENGINE
CT_POLICY_EVAL_CTX_get0_cert 2066 1_1_0 EXIST::FUNCTION:CT
PEM_write_DHparams 2067 1_1_0 EXIST::FUNCTION:DH
DH_set_ex_data 2068 1_1_0 EXIST::FUNCTION:DH
@@ -132372,7 +168105,7 @@
CRYPTO_128_unwrap_pad 2070 1_1_0 EXIST::FUNCTION:
BIO_new_CMS 2071 1_1_0 EXIST::FUNCTION:CMS
i2d_ASN1_ENUMERATED 2072 1_1_0 EXIST::FUNCTION:
-@@ -2150,7 +2149,7 @@ i2d_ASN1_GENERALSTRING 2085 1_1_0 EXIST::FUNCTION:
+@@ -2150,7 +2111,7 @@ d2i_RSAPublicKey 2084 1_1_0 EXIST::FUNCTION:RSA
POLICYQUALINFO_new 2086 1_1_0 EXIST::FUNCTION:
PKCS7_RECIP_INFO_get0_alg 2087 1_1_0 EXIST::FUNCTION:
EVP_PKEY_base_id 2088 1_1_0 EXIST::FUNCTION:
@@ -132381,7 +168114,7 @@
X509v3_get_ext_by_NID 2090 1_1_0 EXIST::FUNCTION:
TS_CONF_set_policies 2091 1_1_0 EXIST::FUNCTION:TS
CMS_SignerInfo_cert_cmp 2092 1_1_0 EXIST::FUNCTION:CMS
-@@ -2168,7 +2167,7 @@ X509_get_ext_count 2103 1_1_0 EXIST::FUNCTION:
+@@ -2168,7 +2129,7 @@ SCT_new 2101 1_1_0 EXIST::FUNCTION:CT
CRYPTO_cts128_decrypt 2104 1_1_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_get_fd 2105 1_1_0 EXIST::FUNCTION:
i2d_TS_REQ 2106 1_1_0 EXIST::FUNCTION:TS
@@ -132390,7 +168123,7 @@
ENGINE_register_pkey_meths 2108 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_load_public_key 2109 1_1_0 EXIST::FUNCTION:ENGINE
ASIdOrRange_it 2110 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-@@ -2193,14 +2192,14 @@ BN_mod_exp_recp 2126 1_1_0 EXIST::FUNCTION:
+@@ -2193,14 +2154,14 @@ ENGINE_get_destroy_function 2121 1_1_0 EXIST::FUNCTION:ENGINE
EVP_mdc2 2127 1_1_0 EXIST::FUNCTION:MDC2
EVP_des_cfb64 2128 1_1_0 EXIST::FUNCTION:DES
PKCS7_sign 2129 1_1_0 EXIST::FUNCTION:
@@ -132407,7 +168140,7 @@
ASN1_item_i2d_fp 2137 1_1_0 EXIST::FUNCTION:STDIO
BN_GF2m_mod_sqr 2138 1_1_0 EXIST::FUNCTION:EC2M
ASN1_PRINTABLE_new 2139 1_1_0 EXIST::FUNCTION:
-@@ -2217,7 +2216,7 @@ CRYPTO_THREAD_compare_id 2148 1_1_0 EXIST::FUNCTION:
+@@ -2217,7 +2178,7 @@ i2d_PKCS8PrivateKey_nid_fp 2146 1_1_0 EXIST::FUNCTION:STDIO
d2i_IPAddressChoice 2149 1_1_0 EXIST::FUNCTION:RFC3779
IPAddressFamily_it 2150 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressFamily_it 2150 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
@@ -132416,7 +168149,7 @@
BIO_push 2152 1_1_0 EXIST::FUNCTION:
ASN1_BMPSTRING_new 2153 1_1_0 EXIST::FUNCTION:
COMP_get_type 2154 1_1_0 EXIST::FUNCTION:COMP
-@@ -2228,8 +2227,8 @@ PEM_write_X509 2158 1_1_0 EXIST::FUNCTION:
+@@ -2228,8 +2189,8 @@ d2i_ASIdentifierChoice 2155 1_1_0 EXIST::FUNCTION:RFC3779
BN_CTX_free 2159 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:EC,EC2M
EVP_MD_flags 2161 1_1_0 EXIST::FUNCTION:
@@ -132427,7 +168160,7 @@
BN_GF2m_mod_solve_quad 2164 1_1_0 EXIST::FUNCTION:EC2M
EC_POINT_method_of 2165 1_1_0 EXIST::FUNCTION:EC
PKCS7_ENCRYPT_it 2166 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2239,14 +2238,14 @@ AUTHORITY_INFO_ACCESS_it 2167 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2239,14 +2200,13 @@ EC_POINT_method_of 2165 1_1_0 EXIST::FUNCTION:EC
X509_EXTENSION_create_by_NID 2168 1_1_0 EXIST::FUNCTION:
i2d_RSAPrivateKey 2169 1_1_0 EXIST::FUNCTION:RSA
d2i_CERTIFICATEPOLICIES 2170 1_1_0 EXIST::FUNCTION:
@@ -132441,16 +168174,14 @@
-OCSP_ONEREQ_get_ext 2177 1_1_0 EXIST::FUNCTION:
-DES_read_password 2178 1_1_0 EXIST::FUNCTION:DES,UI
+OCSP_ONEREQ_get_ext 2177 1_1_0 EXIST::FUNCTION:OCSP
-+DES_read_password 2178 1_1_0 NOEXIST::FUNCTION:
BN_get_rfc3526_prime_4096 2179 1_1_0 EXIST::FUNCTION:
d2i_PKCS7_fp 2180 1_1_0 EXIST::FUNCTION:STDIO
PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 1_1_0 EXIST::FUNCTION:
-@@ -2257,13 +2256,13 @@ CMS_RecipientInfo_kari_orig_id_cmp 2184 1_1_0 EXIST::FUNCTION:CMS
+@@ -2257,13 +2217,12 @@ CMS_RecipientInfo_kari_orig_id_cmp 2184 1_1_0 EXIST::FUNCTION:CMS
NETSCAPE_SPKI_b64_encode 2185 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey 2186 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_new 2187 1_1_0 EXIST::FUNCTION:
-OPENSSL_strcasecmp 2188 1_1_0 EXIST::FUNCTION:
-+OPENSSL_strcasecmp 2188 1_1_0 NOEXIST::FUNCTION:
X509_get0_tbs_sigalg 2189 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_new 2190 1_1_0 EXIST::FUNCTION:
d2i_ECDSA_SIG 2191 1_1_0 EXIST::FUNCTION:EC
@@ -132461,7 +168192,7 @@
ASN1_T61STRING_new 2195 1_1_0 EXIST::FUNCTION:
BN_kronecker 2196 1_1_0 EXIST::FUNCTION:
i2d_ACCESS_DESCRIPTION 2197 1_1_0 EXIST::FUNCTION:
-@@ -2272,7 +2271,7 @@ X509_STORE_CTX_set_depth 2199 1_1_0 EXIST::FUNCTION:
+@@ -2272,7 +2231,7 @@ EVP_camellia_192_cfb8 2198 1_1_0 EXIST::FUNCTION:CAMELLIA
X509v3_delete_ext 2200 1_1_0 EXIST::FUNCTION:
ASN1_STRING_set0 2201 1_1_0 EXIST::FUNCTION:
BN_GF2m_add 2202 1_1_0 EXIST::FUNCTION:EC2M
@@ -132470,7 +168201,7 @@
TS_ACCURACY_set_millis 2204 1_1_0 EXIST::FUNCTION:TS
X509V3_EXT_conf 2205 1_1_0 EXIST::FUNCTION:
i2d_DHxparams 2206 1_1_0 EXIST::FUNCTION:DH
-@@ -2283,7 +2282,7 @@ i2d_TS_ACCURACY 2210 1_1_0 EXIST::FUNCTION:TS
+@@ -2283,7 +2242,7 @@ i2d_TS_ACCURACY 2210 1_1_0 EXIST::FUNCTION:TS
ASN1_VISIBLESTRING_free 2211 1_1_0 EXIST::FUNCTION:
NCONF_load_bio 2212 1_1_0 EXIST::FUNCTION:
DSA_get_default_method 2213 1_1_0 EXIST::FUNCTION:DSA
@@ -132479,7 +168210,7 @@
CRYPTO_ccm128_decrypt_ccm64 2215 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_set_clock_precision_digits 2216 1_1_0 EXIST::FUNCTION:TS
SCT_LIST_validate 2217 1_1_0 EXIST::FUNCTION:CT
-@@ -2312,7 +2311,7 @@ EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:EC,EC2M
+@@ -2312,7 +2271,7 @@ EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:EC,EC2M
ENGINE_load_builtin_engines 2240 1_1_0 EXIST::FUNCTION:ENGINE
SRP_VBASE_init 2241 1_1_0 EXIST::FUNCTION:SRP
SHA224_Final 2242 1_1_0 EXIST::FUNCTION:
@@ -132488,7 +168219,7 @@
d2i_TS_TST_INFO 2244 1_1_0 EXIST::FUNCTION:TS
IPAddressOrRange_it 2245 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressOrRange_it 2245 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-@@ -2320,14 +2319,14 @@ ENGINE_get_cipher 2246 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -2320,14 +2279,14 @@ ENGINE_get_cipher 2246 1_1_0 EXIST::FUNCTION:ENGINE
TS_TST_INFO_delete_ext 2247 1_1_0 EXIST::FUNCTION:TS
TS_OBJ_print_bio 2248 1_1_0 EXIST::FUNCTION:TS
X509_time_adj_ex 2249 1_1_0 EXIST::FUNCTION:
@@ -132506,7 +168237,7 @@
X509_VERIFY_PARAM_table_cleanup 2257 1_1_0 EXIST::FUNCTION:
i2d_re_X509_REQ_tbs 2258 1_1_0 EXIST::FUNCTION:
CONF_load_bio 2259 1_1_0 EXIST::FUNCTION:
-@@ -2378,7 +2377,7 @@ UTF8_putc 2302 1_1_0 EXIST::FUNCTION:
+@@ -2378,7 +2337,7 @@ ESS_ISSUER_SERIAL_free 2299 1_1_0 EXIST::FUNCTION:TS
RSA_private_encrypt 2303 1_1_0 EXIST::FUNCTION:RSA
X509_LOOKUP_shutdown 2304 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_set_accuracy 2305 1_1_0 EXIST::FUNCTION:TS
@@ -132515,7 +168246,15 @@
X509at_add1_attr_by_OBJ 2307 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_add0 2308 1_1_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get1_crl 2309 1_1_0 EXIST::FUNCTION:
-@@ -2409,12 +2408,12 @@ EVP_aes_256_xts 2333 1_1_0 EXIST::FUNCTION:
+@@ -2400,7 +2359,6 @@ EVP_camellia_192_ofb 2320 1_1_0 EXIST::FUNCTION:CAMELLIA
+ DH_get_2048_256 2325 1_1_0 EXIST::FUNCTION:DH
+ X509at_delete_attr 2326 1_1_0 EXIST::FUNCTION:
+ PEM_write_bio 2327 1_1_0 EXIST::FUNCTION:
+-CRYPTO_get_locking_callback 2328 1_1_0 NOEXIST::FUNCTION:
+ CMS_signed_get_attr_by_OBJ 2329 1_1_0 EXIST::FUNCTION:CMS
+ X509_REVOKED_add_ext 2330 1_1_0 EXIST::FUNCTION:
+ EVP_CipherUpdate 2331 1_1_0 EXIST::FUNCTION:
+@@ -2409,12 +2367,12 @@ Camellia_cfb8_encrypt 2332 1_1_0 EXIST::FUNCTION:CAMELLIA
EVP_DigestSignFinal 2334 1_1_0 EXIST::FUNCTION:
ASN1_STRING_cmp 2335 1_1_0 EXIST::FUNCTION:
EVP_chacha20_poly1305 2336 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305
@@ -132530,7 +168269,7 @@
X509_keyid_set1 2343 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1 2344 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_asn1_flag 2345 1_1_0 EXIST::FUNCTION:EC
-@@ -2439,12 +2438,12 @@ OTHERNAME_it 2363 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -2439,12 +2397,12 @@ DES_decrypt3 2362 1_1_0 EXIST::FUNCTION:DES
OTHERNAME_it 2363 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509at_add1_attr_by_txt 2364 1_1_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_free 2365 1_1_0 EXIST::FUNCTION:
@@ -132545,7 +168284,7 @@
GENERAL_NAME_new 2372 1_1_0 EXIST::FUNCTION:
DES_encrypt3 2373 1_1_0 EXIST::FUNCTION:DES
PKCS7_get_signer_info 2374 1_1_0 EXIST::FUNCTION:
-@@ -2455,7 +2454,7 @@ ASN1_UTF8STRING_it 2377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2455,7 +2413,7 @@ DES_encrypt3 2373 1_1_0 EXIST::FUNCTION:DES
ASN1_SCTX_set_app_data 2378 1_1_0 EXIST::FUNCTION:
CMS_add0_cert 2379 1_1_0 EXIST::FUNCTION:CMS
i2d_GENERAL_NAME 2380 1_1_0 EXIST::FUNCTION:
@@ -132554,9 +168293,19 @@
ENGINE_get_pkey_asn1_meth_engine 2382 1_1_0 EXIST::FUNCTION:ENGINE
d2i_ASN1_BMPSTRING 2383 1_1_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_create0_p8inf 2384 1_1_0 EXIST::FUNCTION:
-@@ -2492,17 +2491,17 @@ BIO_ctrl 2414 1_1_0 EXIST::FUNCTION:
+@@ -2472,7 +2430,6 @@ TS_TST_INFO_set_time 2394 1_1_0 EXIST::FUNCTION:TS
+ OPENSSL_die 2395 1_1_0 EXIST::FUNCTION:
+ X509_LOOKUP_by_alias 2396 1_1_0 EXIST::FUNCTION:
+ EC_KEY_set_conv_form 2397 1_1_0 EXIST::FUNCTION:EC
+-CRYPTO_lock 2398 1_1_0 NOEXIST::FUNCTION:
+ X509_TRUST_get_count 2399 1_1_0 EXIST::FUNCTION:
+ IPAddressOrRange_free 2400 1_1_0 EXIST::FUNCTION:RFC3779
+ RSA_padding_add_PKCS1_OAEP 2401 1_1_0 EXIST::FUNCTION:RSA
+@@ -2490,19 +2447,18 @@ EVP_rc5_32_12_16_ofb 2411 1_1_0 EXIST::FUNCTION:RC5
+ ASN1_PCTX_set_nm_flags 2413 1_1_0 EXIST::FUNCTION:
+ BIO_ctrl 2414 1_1_0 EXIST::FUNCTION:
X509_CRL_set_default_method 2415 1_1_0 EXIST::FUNCTION:
- DSO_pathbyaddr 2416 1_1_0 NOEXIST::FUNCTION:
+-DSO_pathbyaddr 2416 1_1_0 NOEXIST::FUNCTION:
d2i_RSAPublicKey_fp 2417 1_1_0 EXIST::FUNCTION:RSA,STDIO
-UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION:
+UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION:UI
@@ -132575,7 +168324,7 @@
EVP_aes_256_cfb128 2428 1_1_0 EXIST::FUNCTION:
RSA_set_ex_data 2429 1_1_0 EXIST::FUNCTION:RSA
BN_GENCB_call 2430 1_1_0 EXIST::FUNCTION:
-@@ -2514,8 +2513,8 @@ EVP_get_digestbyname 2435 1_1_0 EXIST::FUNCTION:
+@@ -2514,8 +2470,8 @@ i2d_TS_MSG_IMPRINT_fp 2432 1_1_0 EXIST::FUNCTION:STDIO,TS
X509_CRL_get_lastUpdate 2436 1_1_0 EXIST::FUNCTION:
OBJ_create_objects 2437 1_1_0 EXIST::FUNCTION:
EVP_enc_null 2438 1_1_0 EXIST::FUNCTION:
@@ -132586,7 +168335,7 @@
BN_hex2bn 2441 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_impl_ctx_size 2442 1_1_0 EXIST::FUNCTION:
ASIdentifiers_new 2443 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -2542,12 +2541,12 @@ BIO_s_datagram_sctp 2461 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
+@@ -2542,12 +2498,12 @@ BIO_s_datagram_sctp 2461 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
SXNET_add_id_asc 2462 1_1_0 EXIST::FUNCTION:
X509_print_fp 2463 1_1_0 EXIST::FUNCTION:STDIO
TS_REQ_set_version 2464 1_1_0 EXIST::FUNCTION:TS
@@ -132601,7 +168350,7 @@
NETSCAPE_SPKAC_it 2471 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NETSCAPE_SPKAC_it 2471 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ASIdOrRange_free 2472 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -2561,7 +2560,7 @@ EVP_CIPHER_CTX_ctrl 2479 1_1_0 EXIST::FUNCTION:
+@@ -2561,7 +2517,7 @@ TS_VERIFY_CTX_set_data 2476 1_1_0 EXIST::FUNCTION:TS
ASN1_T61STRING_it 2480 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_T61STRING_it 2480 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ENGINE_get_prev 2481 1_1_0 EXIST::FUNCTION:ENGINE
@@ -132610,16 +168359,25 @@
ERR_load_EC_strings 2483 1_1_0 EXIST::FUNCTION:EC
X509V3_string_free 2484 1_1_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_paramgen 2485 1_1_0 EXIST::FUNCTION:
-@@ -2621,7 +2620,7 @@ PKCS7_ENVELOPE_free 2538 1_1_0 EXIST::FUNCTION:
+@@ -2609,7 +2565,6 @@ CRYPTO_mem_leaks 2525 1_1_0 EXIST::FUNCTION:CRYPTO_MDEBUG
+ DSA_sign 2527 1_1_0 EXIST::FUNCTION:DSA
+ RAND_egd 2528 1_1_0 EXIST::FUNCTION:EGD
+ ASN1_d2i_bio 2529 1_1_0 EXIST::FUNCTION:
+-CRYPTO_THREADID_current 2530 1_1_0 NOEXIST::FUNCTION:
+ X509_REQ_digest 2531 1_1_0 EXIST::FUNCTION:
+ X509_set_notAfter 2532 1_1_0 EXIST::FUNCTION:
+ EVP_CIPHER_type 2533 1_1_0 EXIST::FUNCTION:
+@@ -2620,8 +2575,7 @@ CMS_signed_get0_data_by_OBJ 2536 1_1_0 EXIST::FUNCTION:CMS
+ PKCS7_ENVELOPE_free 2538 1_1_0 EXIST::FUNCTION:
PKCS12_key_gen_uni 2539 1_1_0 EXIST::FUNCTION:
WHIRLPOOL 2540 1_1_0 EXIST::FUNCTION:WHIRLPOOL
- a2i_ipadd 2541 1_1_0 EXIST::FUNCTION:
+-a2i_ipadd 2541 1_1_0 EXIST::FUNCTION:
-UI_set_default_method 2542 1_1_0 EXIST::FUNCTION:
+UI_set_default_method 2542 1_1_0 EXIST::FUNCTION:UI
EC_POINT_is_at_infinity 2543 1_1_0 EXIST::FUNCTION:EC
i2d_NOTICEREF 2544 1_1_0 EXIST::FUNCTION:
EC_KEY_new 2545 1_1_0 EXIST::FUNCTION:EC
-@@ -2641,25 +2640,25 @@ EVP_PKEY_CTX_get_keygen_info 2558 1_1_0 EXIST::FUNCTION:
+@@ -2641,25 +2595,25 @@ EC_GROUP_new_by_curve_name 2555 1_1_0 EXIST::FUNCTION:EC
d2i_ASN1_UINTEGER 2559 1_1_0 EXIST::FUNCTION:
i2s_ASN1_INTEGER 2560 1_1_0 EXIST::FUNCTION:
d2i_EC_PUBKEY_fp 2561 1_1_0 EXIST::FUNCTION:EC,STDIO
@@ -132650,7 +168408,7 @@
PKCS12_SAFEBAG_get_nid 2580 1_1_0 EXIST::FUNCTION:
EVP_MD_CTX_set_update_fn 2581 1_1_0 EXIST::FUNCTION:
BIO_f_asn1 2582 1_1_0 EXIST::FUNCTION:
-@@ -2693,11 +2692,11 @@ EVP_DecodeUpdate 2609 1_1_0 EXIST::FUNCTION:
+@@ -2693,11 +2647,11 @@ ENGINE_register_complete 2607 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_get_default_RAND 2610 1_1_0 EXIST::FUNCTION:ENGINE
ERR_peek_last_error_line 2611 1_1_0 EXIST::FUNCTION:
ENGINE_get_ssl_client_cert_function 2612 1_1_0 EXIST::FUNCTION:ENGINE
@@ -132664,7 +168422,15 @@
SEED_encrypt 2617 1_1_0 EXIST::FUNCTION:SEED
IPAddressRange_it 2618 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
IPAddressRange_it 2618 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-@@ -2741,7 +2740,7 @@ EVP_aes_256_cbc_hmac_sha1 2652 1_1_0 EXIST::FUNCTION:
+@@ -2728,7 +2682,6 @@ EC_GROUP_clear_free 2636 1_1_0 EXIST::FUNCTION:EC
+ ERR_load_COMP_strings 2641 1_1_0 EXIST::FUNCTION:COMP
+ EVP_PKEY_meth_add0 2642 1_1_0 EXIST::FUNCTION:
+ EVP_rc4_40 2643 1_1_0 EXIST::FUNCTION:RC4
+-BN_BLINDING_get_thread_id 2644 1_1_0 NOEXIST::FUNCTION:
+ RSA_bits 2645 1_1_0 EXIST::FUNCTION:RSA
+ ASN1_item_dup 2646 1_1_0 EXIST::FUNCTION:
+ GENERAL_NAMES_it 2647 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+@@ -2741,7 +2694,7 @@ MD4_Init 2650 1_1_0 EXIST::FUNCTION:MD4
SCT_validate 2653 1_1_0 EXIST::FUNCTION:CT
EC_GROUP_dup 2654 1_1_0 EXIST::FUNCTION:EC
EVP_sha1 2655 1_1_0 EXIST::FUNCTION:
@@ -132673,7 +168439,15 @@
BN_dup 2657 1_1_0 EXIST::FUNCTION:
TS_MSG_IMPRINT_print_bio 2658 1_1_0 EXIST::FUNCTION:TS
CONF_module_set_usr_data 2659 1_1_0 EXIST::FUNCTION:
-@@ -2769,7 +2768,7 @@ d2i_CMS_ReceiptRequest 2680 1_1_0 EXIST::FUNCTION:CMS
+@@ -2751,7 +2704,6 @@ EC_KEY_generate_key 2660 1_1_0 EXIST::FUNCTION:EC
+ EVP_aes_128_ofb 2663 1_1_0 EXIST::FUNCTION:
+ CMS_data 2664 1_1_0 EXIST::FUNCTION:CMS
+ X509_load_cert_file 2665 1_1_0 EXIST::FUNCTION:
+-CRYPTO_THREADID_cpy 2666 1_1_0 NOEXIST::FUNCTION:
+ EC_GFp_nistp521_method 2667 1_1_0 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
+ ECDSA_SIG_free 2668 1_1_0 EXIST::FUNCTION:EC
+ d2i_PKCS12_BAGS 2669 1_1_0 EXIST::FUNCTION:
+@@ -2769,7 +2721,7 @@ d2i_CMS_ReceiptRequest 2680 1_1_0 EXIST::FUNCTION:CMS
X509_CRL_INFO_it 2681 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_CRL_INFO_it 2681 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BUF_reverse 2682 1_1_0 EXIST::FUNCTION:
@@ -132682,7 +168456,7 @@
X509_REQ_delete_attr 2684 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_set_signer_cert 2685 1_1_0 EXIST::FUNCTION:TS
X509V3_EXT_d2i 2686 1_1_0 EXIST::FUNCTION:
-@@ -2777,7 +2776,7 @@ ASN1_GENERALSTRING_it 2687 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -2777,7 +2729,7 @@ TS_RESP_CTX_set_signer_cert 2685 1_1_0 EXIST::FUNCTION:TS
ASN1_GENERALSTRING_it 2687 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
POLICYQUALINFO_free 2688 1_1_0 EXIST::FUNCTION:
EC_KEY_set_group 2689 1_1_0 EXIST::FUNCTION:EC
@@ -132691,7 +168465,7 @@
PEM_write_ECPKParameters 2691 1_1_0 EXIST::FUNCTION:EC
X509_VERIFY_PARAM_lookup 2692 1_1_0 EXIST::FUNCTION:
X509_LOOKUP_by_fingerprint 2693 1_1_0 EXIST::FUNCTION:
-@@ -2787,7 +2786,7 @@ d2i_ECPrivateKey_fp 2696 1_1_0 EXIST::FUNCTION:EC,STDIO
+@@ -2787,7 +2739,7 @@ d2i_ECPrivateKey_fp 2696 1_1_0 EXIST::FUNCTION:EC,STDIO
TS_CONF_set_ordering 2697 1_1_0 EXIST::FUNCTION:TS
X509_CRL_get_ext 2698 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_OBJ 2699 1_1_0 EXIST::FUNCTION:
@@ -132700,7 +168474,7 @@
ASN1_PRINTABLESTRING_new 2701 1_1_0 EXIST::FUNCTION:
i2d_PBEPARAM 2702 1_1_0 EXIST::FUNCTION:
NETSCAPE_SPKI_new 2703 1_1_0 EXIST::FUNCTION:
-@@ -2821,8 +2820,8 @@ CMS_ContentInfo_print_ctx 2730 1_1_0 EXIST::FUNCTION:CMS
+@@ -2821,8 +2773,8 @@ CMS_ContentInfo_print_ctx 2730 1_1_0 EXIST::FUNCTION:CMS
d2i_PKCS7_SIGNED 2731 1_1_0 EXIST::FUNCTION:
GENERAL_NAMES_free 2732 1_1_0 EXIST::FUNCTION:
SCT_get_timestamp 2733 1_1_0 EXIST::FUNCTION:CT
@@ -132711,7 +168485,7 @@
CMS_verify_receipt 2735 1_1_0 EXIST::FUNCTION:CMS
CRYPTO_THREAD_lock_new 2736 1_1_0 EXIST::FUNCTION:
BIO_get_ex_data 2737 1_1_0 EXIST::FUNCTION:
-@@ -2835,9 +2834,9 @@ d2i_IPAddressRange 2743 1_1_0 EXIST::FUNCTION:RFC3779
+@@ -2835,9 +2787,9 @@ d2i_IPAddressRange 2743 1_1_0 EXIST::FUNCTION:RFC3779
ERR_remove_state 2744 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_0_0
X509_CRL_print_fp 2745 1_1_0 EXIST::FUNCTION:STDIO
TS_CONF_load_key 2746 1_1_0 EXIST::FUNCTION:TS
@@ -132723,7 +168497,7 @@
X509_REQ_to_X509 2750 1_1_0 EXIST::FUNCTION:
EVP_aes_192_wrap_pad 2751 1_1_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_new 2752 1_1_0 EXIST::FUNCTION:
-@@ -2848,8 +2847,8 @@ CT_POLICY_EVAL_CTX_new 2756 1_1_0 EXIST::FUNCTION:CT
+@@ -2848,8 +2800,8 @@ CT_POLICY_EVAL_CTX_new 2756 1_1_0 EXIST::FUNCTION:CT
NETSCAPE_SPKI_it 2757 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NETSCAPE_SPKI_it 2757 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CRYPTO_THREAD_unlock 2758 1_1_0 EXIST::FUNCTION:
@@ -132734,7 +168508,7 @@
OPENSSL_init 2761 1_1_0 EXIST::FUNCTION:
TS_RESP_get_tst_info 2762 1_1_0 EXIST::FUNCTION:TS
X509_VERIFY_PARAM_get_depth 2763 1_1_0 EXIST::FUNCTION:
-@@ -2858,8 +2857,8 @@ BIO_set 2765 1_1_0 EXIST::FUNCTION:
+@@ -2858,8 +2810,8 @@ EVP_SealFinal 2764 1_1_0 EXIST::FUNCTION:RSA
CONF_imodule_set_flags 2766 1_1_0 EXIST::FUNCTION:
i2d_ASN1_SET_ANY 2767 1_1_0 EXIST::FUNCTION:
EVP_PKEY_decrypt 2768 1_1_0 EXIST::FUNCTION:
@@ -132745,16 +168519,17 @@
EVP_des_ede3_cbc 2770 1_1_0 EXIST::FUNCTION:DES
X509_up_ref 2771 1_1_0 EXIST::FUNCTION:
OBJ_NAME_do_all_sorted 2772 1_1_0 EXIST::FUNCTION:
-@@ -2873,7 +2872,7 @@ RSAPrivateKey_it 2777 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2872,8 +2824,7 @@ RSAPrivateKey_it 2777 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+ RSAPrivateKey_it 2777 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
X509_NAME_ENTRY_free 2778 1_1_0 EXIST::FUNCTION:
BIO_new_fd 2779 1_1_0 EXIST::FUNCTION:
- ENGINE_cleanup 2780 1_1_0 NOEXIST::FUNCTION:
+-ENGINE_cleanup 2780 1_1_0 NOEXIST::FUNCTION:
-sk_value 2781 1_1_0 EXIST::FUNCTION:
+OPENSSL_sk_value 2781 1_1_0 EXIST::FUNCTION:
NCONF_get_section 2782 1_1_0 EXIST::FUNCTION:
PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2885,7 +2884,7 @@ PKCS12_setup_mac 2788 1_1_0 EXIST::FUNCTION:
+@@ -2885,7 +2836,7 @@ CMS_RecipientInfo_encrypt 2786 1_1_0 EXIST::FUNCTION:CMS
PEM_read_bio_PKCS7 2789 1_1_0 EXIST::FUNCTION:
SHA512_Final 2790 1_1_0 EXIST:!VMSVAX:FUNCTION:
X509_VERIFY_PARAM_set1_host 2791 1_1_0 EXIST::FUNCTION:
@@ -132763,7 +168538,7 @@
d2i_ASN1_T61STRING 2793 1_1_0 EXIST::FUNCTION:
DES_pcbc_encrypt 2794 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_print_params 2795 1_1_0 EXIST::FUNCTION:
-@@ -2907,8 +2906,8 @@ ENGINE_register_all_DH 2809 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -2907,8 +2858,8 @@ ENGINE_register_all_DH 2809 1_1_0 EXIST::FUNCTION:ENGINE
ERR_clear_error 2810 1_1_0 EXIST::FUNCTION:
EC_KEY_dup 2811 1_1_0 EXIST::FUNCTION:EC
X509_LOOKUP_init 2812 1_1_0 EXIST::FUNCTION:
@@ -132774,7 +168549,11 @@
X509V3_EXT_print_fp 2815 1_1_0 EXIST::FUNCTION:STDIO
OBJ_bsearch_ex_ 2816 1_1_0 EXIST::FUNCTION:
DES_ofb64_encrypt 2817 1_1_0 EXIST::FUNCTION:DES
-@@ -2926,7 +2925,7 @@ CRYPTO_get_id_callback 2828 1_1_0 NOEXIST::FUNCTION:
+@@ -2922,11 +2873,10 @@ SCT_free 2824 1_1_0 EXIST::FUNCTION:CT
+ TS_TST_INFO_get_msg_imprint 2825 1_1_0 EXIST::FUNCTION:TS
+ X509v3_addr_add_range 2826 1_1_0 EXIST::FUNCTION:RFC3779
+ PKCS12_get_friendlyname 2827 1_1_0 EXIST::FUNCTION:
+-CRYPTO_get_id_callback 2828 1_1_0 NOEXIST::FUNCTION:
X509_CRL_add_ext 2829 1_1_0 EXIST::FUNCTION:
X509_REQ_get_signature_nid 2830 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext 2831 1_1_0 EXIST::FUNCTION:TS
@@ -132783,7 +168562,12 @@
EVP_camellia_256_cfb8 2833 1_1_0 EXIST::FUNCTION:CAMELLIA
EC_KEY_get0_public_key 2834 1_1_0 EXIST::FUNCTION:EC
SRP_Calc_x 2835 1_1_0 EXIST::FUNCTION:SRP
-@@ -2959,14 +2958,14 @@ TS_MSG_IMPRINT_get_msg 2859 1_1_0 EXIST::FUNCTION:TS
+@@ -2954,19 +2904,18 @@ CRYPTO_mem_debug_realloc 2851 1_1_0 EXIST::FUNCTION:CRYPTO_MDEBUG
+ ASN1_UTCTIME_check 2856 1_1_0 EXIST::FUNCTION:
+ ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+-check_defer 2858 1_1_0 NOEXIST::FUNCTION:
+ TS_MSG_IMPRINT_get_msg 2859 1_1_0 EXIST::FUNCTION:TS
PKCS8_add_keyusage 2860 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_dup 2861 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_new 2862 1_1_0 EXIST::FUNCTION:
@@ -132800,7 +168584,7 @@
BN_CTX_start 2871 1_1_0 EXIST::FUNCTION:
BN_print 2872 1_1_0 EXIST::FUNCTION:
EC_KEY_set_flags 2873 1_1_0 EXIST::FUNCTION:EC
-@@ -2981,10 +2980,10 @@ X509_CINF_it 2880 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -2981,10 +2930,10 @@ SCT_set0_signature 2878 1_1_0 EXIST::FUNCTION:CT
TS_CONF_set_accuracy 2881 1_1_0 EXIST::FUNCTION:TS
DES_crypt 2882 1_1_0 EXIST::FUNCTION:DES
BN_BLINDING_create_param 2883 1_1_0 EXIST::FUNCTION:
@@ -132814,7 +168598,7 @@
POLICY_CONSTRAINTS_it 2888 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICY_CONSTRAINTS_it 2888 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
NCONF_free_data 2889 1_1_0 EXIST::FUNCTION:
-@@ -3012,7 +3011,7 @@ EVP_des_ede3_cfb1 2909 1_1_0 EXIST::FUNCTION:DES
+@@ -3012,7 +2961,7 @@ EVP_des_ede3_cfb1 2909 1_1_0 EXIST::FUNCTION:DES
TS_REQ_to_TS_VERIFY_CTX 2910 1_1_0 EXIST::FUNCTION:TS
d2i_PBEPARAM 2911 1_1_0 EXIST::FUNCTION:
BN_get0_nist_prime_521 2912 1_1_0 EXIST::FUNCTION:
@@ -132823,7 +168607,7 @@
X509_PUBKEY_get0 2914 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_parent_ctx 2915 1_1_0 EXIST::FUNCTION:
EC_GROUP_set_seed 2916 1_1_0 EXIST::FUNCTION:EC
-@@ -3025,7 +3024,7 @@ RC5_32_decrypt 2921 1_1_0 EXIST::FUNCTION:RC5
+@@ -3025,7 +2974,7 @@ RC5_32_decrypt 2921 1_1_0 EXIST::FUNCTION:RC5
i2d_X509_REQ_INFO 2922 1_1_0 EXIST::FUNCTION:
EVP_des_cfb1 2923 1_1_0 EXIST::FUNCTION:DES
OBJ_NAME_cleanup 2924 1_1_0 EXIST::FUNCTION:
@@ -132832,16 +168616,18 @@
DES_cfb64_encrypt 2926 1_1_0 EXIST::FUNCTION:DES
CAST_cfb64_encrypt 2927 1_1_0 EXIST::FUNCTION:CAST
EVP_PKEY_asn1_set_param 2928 1_1_0 EXIST::FUNCTION:
-@@ -3042,7 +3041,7 @@ X509_get1_email 2938 1_1_0 EXIST::FUNCTION:
+@@ -3042,9 +2991,8 @@ ENGINE_by_id 2934 1_1_0 EXIST::FUNCTION:ENGINE
EC_POINT_point2oct 2939 1_1_0 EXIST::FUNCTION:EC
EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:EC
ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:OCSP
CRYPTO_strdup 2943 1_1_0 EXIST::FUNCTION:
- DSO_get_default_method 2944 1_1_0 NOEXIST::FUNCTION:
+-DSO_get_default_method 2944 1_1_0 NOEXIST::FUNCTION:
i2d_X509_CRL_bio 2945 1_1_0 EXIST::FUNCTION:
-@@ -3052,7 +3051,7 @@ X509v3_addr_get_afi 2948 1_1_0 EXIST::FUNCTION:RFC3779
+ EVP_PKEY_asn1_set_item 2946 1_1_0 EXIST::FUNCTION:
+ CRYPTO_ccm128_encrypt 2947 1_1_0 EXIST::FUNCTION:
+@@ -3052,7 +3000,7 @@ X509v3_addr_get_afi 2948 1_1_0 EXIST::FUNCTION:RFC3779
X509_STORE_CTX_get0_param 2949 1_1_0 EXIST::FUNCTION:
EVP_add_alg_module 2950 1_1_0 EXIST::FUNCTION:
X509_check_purpose 2951 1_1_0 EXIST::FUNCTION:
@@ -132850,8 +168636,11 @@
X509_PURPOSE_get_count 2953 1_1_0 EXIST::FUNCTION:
d2i_PKCS12_bio 2954 1_1_0 EXIST::FUNCTION:
ASN1_item_free 2955 1_1_0 EXIST::FUNCTION:
-@@ -3117,8 +3116,8 @@ DES_ede3_cfb64_encrypt 3012 1_1_0 EXIST::FUNCTION:DES
- DSO_METHOD_vms 3013 1_1_0 NOEXIST::FUNCTION:
+@@ -3114,14 +3062,12 @@ PEM_read_bio_RSAPublicKey 3009 1_1_0 EXIST::FUNCTION:RSA
+ EVP_PKEY_asn1_set_private 3010 1_1_0 EXIST::FUNCTION:
+ EVP_PKEY_get0_RSA 3011 1_1_0 EXIST::FUNCTION:RSA
+ DES_ede3_cfb64_encrypt 3012 1_1_0 EXIST::FUNCTION:DES
+-DSO_METHOD_vms 3013 1_1_0 NOEXIST::FUNCTION:
POLICY_MAPPING_free 3014 1_1_0 EXIST::FUNCTION:
EVP_aes_128_gcm 3015 1_1_0 EXIST::FUNCTION:
-BIO_dgram_non_fatal_error 3016 1_1_0 EXIST::FUNCTION:
@@ -132860,8 +168649,11 @@
+OCSP_request_is_signed 3017 1_1_0 EXIST::FUNCTION:OCSP
i2d_BASIC_CONSTRAINTS 3018 1_1_0 EXIST::FUNCTION:
EC_KEY_get_method 3019 1_1_0 EXIST::FUNCTION:EC
- CRYPTO_get_dynlock_destroy_callback 3020 1_1_0 NOEXIST::FUNCTION:
-@@ -3140,7 +3139,7 @@ PKCS7_it 3034 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+-CRYPTO_get_dynlock_destroy_callback 3020 1_1_0 NOEXIST::FUNCTION:
+ EC_POINT_bn2point 3021 1_1_0 EXIST::FUNCTION:EC
+ PBE2PARAM_it 3022 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ PBE2PARAM_it 3022 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+@@ -3140,7 +3086,7 @@ RC4_set_key 3028 1_1_0 EXIST::FUNCTION:RC4
PKCS7_it 3034 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CMS_unsigned_get_attr_by_OBJ 3035 1_1_0 EXIST::FUNCTION:CMS
BN_clear 3036 1_1_0 EXIST::FUNCTION:
@@ -132870,7 +168662,7 @@
GENERAL_NAME_cmp 3038 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set_purpose 3039 1_1_0 EXIST::FUNCTION:
X509_REVOKED_get_ext_d2i 3040 1_1_0 EXIST::FUNCTION:
-@@ -3148,7 +3147,7 @@ X509V3_set_conf_lhash 3041 1_1_0 EXIST::FUNCTION:
+@@ -3148,7 +3094,7 @@ CMS_unsigned_get_attr_by_OBJ 3035 1_1_0 EXIST::FUNCTION:CMS
PKCS7_ENC_CONTENT_it 3042 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ENC_CONTENT_it 3042 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PKCS12_item_pack_safebag 3043 1_1_0 EXIST::FUNCTION:
@@ -132879,7 +168671,7 @@
i2d_X509_PUBKEY 3045 1_1_0 EXIST::FUNCTION:
EVP_DecryptUpdate 3046 1_1_0 EXIST::FUNCTION:
CAST_cbc_encrypt 3047 1_1_0 EXIST::FUNCTION:CAST
-@@ -3202,12 +3201,12 @@ d2i_ECPrivateKey_bio 3094 1_1_0 EXIST::FUNCTION:EC
+@@ -3202,12 +3148,12 @@ d2i_ECPrivateKey_bio 3094 1_1_0 EXIST::FUNCTION:EC
BIO_s_secmem 3095 1_1_0 EXIST::FUNCTION:
ENGINE_get_default_EC 3096 1_1_0 EXIST::FUNCTION:ENGINE
TS_RESP_create_response 3097 1_1_0 EXIST::FUNCTION:TS
@@ -132894,7 +168686,7 @@
USERNOTICE_new 3104 1_1_0 EXIST::FUNCTION:
POLICY_MAPPING_new 3105 1_1_0 EXIST::FUNCTION:
CRYPTO_gcm128_release 3106 1_1_0 EXIST::FUNCTION:
-@@ -3218,9 +3217,9 @@ PEM_read_DSA_PUBKEY 3110 1_1_0 EXIST::FUNCTION:DSA
+@@ -3218,9 +3164,9 @@ PEM_read_DSA_PUBKEY 3110 1_1_0 EXIST::FUNCTION:DSA
X509_get0_subject_key_id 3111 1_1_0 EXIST::FUNCTION:
i2s_ASN1_ENUMERATED 3112 1_1_0 EXIST::FUNCTION:
X509v3_get_ext_by_OBJ 3113 1_1_0 EXIST::FUNCTION:
@@ -132906,7 +168698,7 @@
i2d_RSA_PSS_PARAMS 3117 1_1_0 EXIST::FUNCTION:RSA
EVP_aes_128_wrap_pad 3118 1_1_0 EXIST::FUNCTION:
ASN1_BIT_STRING_set 3119 1_1_0 EXIST::FUNCTION:
-@@ -3248,16 +3247,16 @@ TXT_DB_free 3139 1_1_0 EXIST::FUNCTION:
+@@ -3248,16 +3194,16 @@ CONF_load_fp 3136 1_1_0 EXIST::FUNCTION:STDIO
ASN1_STRING_set 3140 1_1_0 EXIST::FUNCTION:
d2i_ESS_CERT_ID 3141 1_1_0 EXIST::FUNCTION:TS
EVP_PKEY_meth_set_derive 3142 1_1_0 EXIST::FUNCTION:
@@ -132927,7 +168719,7 @@
X509_CRL_get0_by_cert 3153 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_set_tsa 3154 1_1_0 EXIST::FUNCTION:TS
i2d_ASN1_GENERALIZEDTIME 3155 1_1_0 EXIST::FUNCTION:
-@@ -3268,11 +3267,11 @@ X509_VERIFY_PARAM_set_time 3159 1_1_0 EXIST::FUNCTION:
+@@ -3268,11 +3214,11 @@ TS_TST_INFO_set_tsa 3154 1_1_0 EXIST::FUNCTION:TS
BN_reciprocal 3160 1_1_0 EXIST::FUNCTION:
d2i_PKCS7_SIGN_ENVELOPE 3161 1_1_0 EXIST::FUNCTION:
X509_NAME_digest 3162 1_1_0 EXIST::FUNCTION:
@@ -132941,7 +168733,11 @@
PKCS12_SAFEBAG_create_crl 3168 1_1_0 EXIST::FUNCTION:
d2i_X509_NAME 3169 1_1_0 EXIST::FUNCTION:
IDEA_cfb64_encrypt 3170 1_1_0 EXIST::FUNCTION:IDEA
-@@ -3286,20 +3285,20 @@ CRYPTO_get_dynlock_create_callback 3177 1_1_0 NOEXIST::FUNCTION:
+@@ -3282,24 +3228,23 @@ HMAC_Init 3173 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_
+ EVP_MD_CTX_update_fn 3174 1_1_0 EXIST::FUNCTION:
+ EVP_aes_128_ecb 3175 1_1_0 EXIST::FUNCTION:
+ i2d_PKCS7_bio_stream 3176 1_1_0 EXIST::FUNCTION:
+-CRYPTO_get_dynlock_create_callback 3177 1_1_0 NOEXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3178 1_1_0 EXIST::FUNCTION:
EC_KEY_set_enc_flags 3179 1_1_0 EXIST::FUNCTION:EC
i2d_PUBKEY_fp 3180 1_1_0 EXIST::FUNCTION:STDIO
@@ -132967,7 +168763,7 @@
CRYPTO_THREAD_run_once 3195 1_1_0 EXIST::FUNCTION:
TS_REQ_print_bio 3196 1_1_0 EXIST::FUNCTION:TS
SCT_get_version 3197 1_1_0 EXIST::FUNCTION:CT
-@@ -3307,7 +3306,7 @@ IDEA_set_encrypt_key 3198 1_1_0 EXIST::FUNCTION:IDEA
+@@ -3307,7 +3252,7 @@ IDEA_set_encrypt_key 3198 1_1_0 EXIST::FUNCTION:IDEA
ENGINE_get_DH 3199 1_1_0 EXIST::FUNCTION:ENGINE
i2d_ASIdentifierChoice 3200 1_1_0 EXIST::FUNCTION:RFC3779
SRP_Calc_A 3201 1_1_0 EXIST::FUNCTION:SRP
@@ -132976,7 +168772,7 @@
EVP_idea_cfb64 3203 1_1_0 EXIST::FUNCTION:IDEA
PKCS12_newpass 3204 1_1_0 EXIST::FUNCTION:
EVP_aes_256_cbc_hmac_sha256 3205 1_1_0 EXIST::FUNCTION:
-@@ -3321,11 +3320,11 @@ EVP_CIPHER_CTX_new 3212 1_1_0 EXIST::FUNCTION:
+@@ -3321,11 +3266,11 @@ X509_issuer_name_hash_old 3208 1_1_0 EXIST::FUNCTION:MD5
MD4_Final 3213 1_1_0 EXIST::FUNCTION:MD4
EVP_PKEY_id 3214 1_1_0 EXIST::FUNCTION:
CMS_RecipientInfo_get0_pkey_ctx 3215 1_1_0 EXIST::FUNCTION:CMS
@@ -132990,7 +168786,7 @@
BIO_hex_string 3221 1_1_0 EXIST::FUNCTION:
X509_REQ_sign_ctx 3222 1_1_0 EXIST::FUNCTION:
CRYPTO_ocb128_init 3223 1_1_0 EXIST::FUNCTION:OCB
-@@ -3377,8 +3376,8 @@ BIO_vprintf 3267 1_1_0 EXIST::FUNCTION:
+@@ -3377,10 +3322,9 @@ ENGINE_set_load_pubkey_function 3266 1_1_0 EXIST::FUNCTION:ENGINE
CMS_RecipientInfo_decrypt 3268 1_1_0 EXIST::FUNCTION:CMS
RSA_generate_key 3269 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA
PKCS7_set0_type_other 3270 1_1_0 EXIST::FUNCTION:
@@ -132999,9 +168795,11 @@
+OCSP_REQUEST_new 3271 1_1_0 EXIST::FUNCTION:OCSP
+BIO_lookup 3272 1_1_0 EXIST::FUNCTION:SOCK
EC_GROUP_get0_cofactor 3273 1_1_0 EXIST::FUNCTION:EC
- CRYPTO_THREADID_set_numeric 3274 1_1_0 NOEXIST::FUNCTION:
+-CRYPTO_THREADID_set_numeric 3274 1_1_0 NOEXIST::FUNCTION:
SCT_print 3275 1_1_0 EXIST::FUNCTION:CT
-@@ -3390,9 +3389,9 @@ X509_NAME_get_text_by_OBJ 3280 1_1_0 EXIST::FUNCTION:
+ X509_PUBKEY_set 3276 1_1_0 EXIST::FUNCTION:
+ POLICY_CONSTRAINTS_free 3277 1_1_0 EXIST::FUNCTION:
+@@ -3390,9 +3334,9 @@ d2i_DSA_PUBKEY_bio 3279 1_1_0 EXIST::FUNCTION:DSA
RSA_padding_check_none 3281 1_1_0 EXIST::FUNCTION:RSA
CRYPTO_set_mem_debug 3282 1_1_0 EXIST::FUNCTION:
TS_VERIFY_CTX_init 3283 1_1_0 EXIST::FUNCTION:TS
@@ -133013,7 +168811,7 @@
X509_LOOKUP_ctrl 3287 1_1_0 EXIST::FUNCTION:
SRP_check_known_gN_param 3288 1_1_0 EXIST::FUNCTION:SRP
d2i_DIST_POINT 3289 1_1_0 EXIST::FUNCTION:
-@@ -3412,7 +3411,7 @@ DSA_SIG_free 3301 1_1_0 EXIST::FUNCTION:DSA
+@@ -3412,7 +3356,7 @@ DSA_SIG_free 3301 1_1_0 EXIST::FUNCTION:DSA
BIO_asn1_set_suffix 3302 1_1_0 EXIST::FUNCTION:
EVP_PKEY_set_type_str 3303 1_1_0 EXIST::FUNCTION:
i2d_X509_SIG 3304 1_1_0 EXIST::FUNCTION:
@@ -133022,7 +168820,11 @@
X509_STORE_CTX_set_trust 3306 1_1_0 EXIST::FUNCTION:
TS_ACCURACY_set_micros 3307 1_1_0 EXIST::FUNCTION:TS
EVP_DigestFinal_ex 3308 1_1_0 EXIST::FUNCTION:
-@@ -3440,20 +3439,20 @@ DSO_set_name_converter 3329 1_1_0 NOEXIST::FUNCTION:
+@@ -3436,24 +3380,23 @@ CTLOG_free 3325 1_1_0 EXIST::FUNCTION:CT
+ EVP_CIPHER_meth_dup 3326 1_1_0 EXIST::FUNCTION:
+ CMS_get1_crls 3327 1_1_0 EXIST::FUNCTION:CMS
+ X509_aux_print 3328 1_1_0 EXIST::FUNCTION:
+-DSO_set_name_converter 3329 1_1_0 NOEXIST::FUNCTION:
OPENSSL_thread_stop 3330 1_1_0 EXIST::FUNCTION:
X509_policy_node_get0_parent 3331 1_1_0 EXIST::FUNCTION:
X509_PKEY_free 3332 1_1_0 EXIST::FUNCTION:
@@ -133046,7 +168848,7 @@
ASN1_VISIBLESTRING_new 3347 1_1_0 EXIST::FUNCTION:
BN_set_flags 3348 1_1_0 EXIST::FUNCTION:
d2i_PrivateKey_bio 3349 1_1_0 EXIST::FUNCTION:
-@@ -3461,8 +3460,8 @@ ASN1_SEQUENCE_ANY_it 3350 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -3461,8 +3404,8 @@ CMS_SignerInfo_verify_content 3343 1_1_0 EXIST::FUNCTION:CMS
ASN1_SEQUENCE_ANY_it 3350 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ASN1_UTCTIME_adj 3351 1_1_0 EXIST::FUNCTION:
BN_mod_sqrt 3352 1_1_0 EXIST::FUNCTION:
@@ -133057,7 +168859,7 @@
EVP_PKEY_meth_get_paramgen 3355 1_1_0 EXIST::FUNCTION:
X509_ATTRIBUTE_create_by_OBJ 3356 1_1_0 EXIST::FUNCTION:
RSA_generate_key_ex 3357 1_1_0 EXIST::FUNCTION:RSA
-@@ -3471,7 +3470,7 @@ DIST_POINT_free 3359 1_1_0 EXIST::FUNCTION:
+@@ -3471,7 +3414,7 @@ CMS_SignerInfo_get0_algs 3358 1_1_0 EXIST::FUNCTION:CMS
ESS_SIGNING_CERT_free 3360 1_1_0 EXIST::FUNCTION:TS
SCT_new_from_base64 3361 1_1_0 EXIST::FUNCTION:CT
OpenSSL_version 3362 1_1_0 EXIST::FUNCTION:
@@ -133066,7 +168868,7 @@
ECDSA_SIG_get0 3364 1_1_0 EXIST::FUNCTION:EC
BN_set_word 3365 1_1_0 EXIST::FUNCTION:
ENGINE_set_flags 3366 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -3489,14 +3488,14 @@ PKCS12_PBE_add 3376 1_1_0 EXIST::FUNCTION:
+@@ -3489,21 +3432,19 @@ RSA_padding_check_SSLv23 3373 1_1_0 EXIST::FUNCTION:RSA
EC_KEY_set_public_key_affine_coordinates 3377 1_1_0 EXIST::FUNCTION:EC
EVP_EncryptInit_ex 3378 1_1_0 EXIST::FUNCTION:
ENGINE_add 3379 1_1_0 EXIST::FUNCTION:ENGINE
@@ -133079,11 +168881,17 @@
EVP_aes_192_ocb 3384 1_1_0 EXIST::FUNCTION:OCB
EVP_camellia_256_cfb1 3385 1_1_0 EXIST::FUNCTION:CAMELLIA
-DES_read_2passwords 3386 1_1_0 EXIST::FUNCTION:DES,UI
-+DES_read_2passwords 3386 1_1_0 NOEXIST::FUNCTION:
CRYPTO_secure_actual_size 3387 1_1_0 EXIST::FUNCTION:
COMP_CTX_free 3388 1_1_0 EXIST::FUNCTION:COMP
i2d_PBE2PARAM 3389 1_1_0 EXIST::FUNCTION:
-@@ -3511,13 +3510,13 @@ EVP_aes_128_ctr 3397 1_1_0 EXIST::FUNCTION:
+ EC_POINT_make_affine 3390 1_1_0 EXIST::FUNCTION:EC
+ DSA_generate_parameters 3391 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DSA
+ ASN1_BIT_STRING_num_asc 3392 1_1_0 EXIST::FUNCTION:
+-ERR_release_err_state_table 3393 1_1_0 NOEXIST::FUNCTION:
+ X509_INFO_free 3394 1_1_0 EXIST::FUNCTION:
+ d2i_PKCS8_PRIV_KEY_INFO_fp 3395 1_1_0 EXIST::FUNCTION:STDIO
+ X509_OBJECT_retrieve_match 3396 1_1_0 EXIST::FUNCTION:
+@@ -3511,13 +3452,13 @@ d2i_PKCS8_PRIV_KEY_INFO_fp 3395 1_1_0 EXIST::FUNCTION:STDIO
EVP_PBE_find 3398 1_1_0 EXIST::FUNCTION:
SHA512_Transform 3399 1_1_0 EXIST:!VMSVAX:FUNCTION:
ERR_add_error_vdata 3400 1_1_0 EXIST::FUNCTION:
@@ -133099,7 +168907,7 @@
CONF_imodule_get_usr_data 3408 1_1_0 EXIST::FUNCTION:
CRYPTO_new_ex_data 3409 1_1_0 EXIST::FUNCTION:
PEM_read_PKCS8_PRIV_KEY_INFO 3410 1_1_0 EXIST::FUNCTION:
-@@ -3531,7 +3530,7 @@ ASN1_mbstring_copy 3417 1_1_0 EXIST::FUNCTION:
+@@ -3531,7 +3472,7 @@ DH_check_pub_key 3416 1_1_0 EXIST::FUNCTION:DH
PKCS7_set_type 3418 1_1_0 EXIST::FUNCTION:
BIO_gets 3419 1_1_0 EXIST::FUNCTION:
RSA_padding_check_PKCS1_type_1 3420 1_1_0 EXIST::FUNCTION:RSA
@@ -133108,7 +168916,7 @@
i2d_X509_REQ_fp 3422 1_1_0 EXIST::FUNCTION:STDIO
BN_BLINDING_convert_ex 3423 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_print 3424 1_1_0 EXIST::FUNCTION:
-@@ -3540,15 +3539,15 @@ PEM_ASN1_read 3426 1_1_0 EXIST::FUNCTION:STDIO
+@@ -3540,15 +3481,15 @@ PEM_ASN1_read 3426 1_1_0 EXIST::FUNCTION:STDIO
SCT_get_log_entry_type 3427 1_1_0 EXIST::FUNCTION:CT
EVP_CIPHER_meth_get_init 3428 1_1_0 EXIST::FUNCTION:
X509_ALGOR_free 3429 1_1_0 EXIST::FUNCTION:
@@ -133127,7 +168935,7 @@
EVP_MD_meth_get_init 3439 1_1_0 EXIST::FUNCTION:
ASN1_BIT_STRING_free 3440 1_1_0 EXIST::FUNCTION:
i2d_PROXY_CERT_INFO_EXTENSION 3441 1_1_0 EXIST::FUNCTION:
-@@ -3557,7 +3556,7 @@ X509_CRL_up_ref 3443 1_1_0 EXIST::FUNCTION:
+@@ -3557,7 +3498,7 @@ CTLOG_new_null 3436 1_1_0 EXIST::FUNCTION:CT
EVP_EncodeFinal 3444 1_1_0 EXIST::FUNCTION:
X509_set_ex_data 3445 1_1_0 EXIST::FUNCTION:
ERR_get_next_error_library 3446 1_1_0 EXIST::FUNCTION:
@@ -133136,7 +168944,7 @@
BN_get_rfc3526_prime_2048 3448 1_1_0 EXIST::FUNCTION:
BIO_new_bio_pair 3449 1_1_0 EXIST::FUNCTION:
EC_GFp_nistp256_method 3450 1_1_0 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
-@@ -3588,14 +3587,14 @@ ASYNC_WAIT_CTX_get_changed_fds 3474 1_1_0 EXIST::FUNCTION:
+@@ -3588,14 +3529,14 @@ RIPEMD160_Init 3473 1_1_0 EXIST::FUNCTION:RMD160
EVP_PKEY_save_parameters 3475 1_1_0 EXIST::FUNCTION:
SCT_set_source 3476 1_1_0 EXIST::FUNCTION:CT
DES_set_odd_parity 3477 1_1_0 EXIST::FUNCTION:DES
@@ -133155,7 +168963,7 @@
X509V3_EXT_add_alias 3486 1_1_0 EXIST::FUNCTION:
BN_get_params 3487 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
PKCS5_pbkdf2_set 3488 1_1_0 EXIST::FUNCTION:
-@@ -3613,7 +3612,7 @@ BIO_ptr_ctrl 3499 1_1_0 EXIST::FUNCTION:
+@@ -3613,7 +3554,7 @@ ENGINE_register_digests 3491 1_1_0 EXIST::FUNCTION:ENGINE
EVP_rc4_hmac_md5 3500 1_1_0 EXIST::FUNCTION:MD5,RC4
OPENSSL_strlcat 3501 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_new 3502 1_1_0 EXIST::FUNCTION:
@@ -133164,9 +168972,23 @@
BUF_MEM_grow_clean 3504 1_1_0 EXIST::FUNCTION:
X509_NAME_print_ex_fp 3505 1_1_0 EXIST::FUNCTION:STDIO
X509_check_host 3506 1_1_0 EXIST::FUNCTION:
-@@ -3677,13 +3676,13 @@ X509_STORE_set1_param 3563 1_1_0 EXIST::FUNCTION:
+@@ -3663,7 +3604,6 @@ i2o_SCT_signature 3543 1_1_0 EXIST::FUNCTION:CT
+ CMS_decrypt 3550 1_1_0 EXIST::FUNCTION:CMS
+ BN_mpi2bn 3551 1_1_0 EXIST::FUNCTION:
+ EVP_aes_128_cfb128 3552 1_1_0 EXIST::FUNCTION:
+-EVP_cleanup 3553 1_1_0 NOEXIST::FUNCTION:
+ RC5_32_ecb_encrypt 3554 1_1_0 EXIST::FUNCTION:RC5
+ EVP_CIPHER_meth_new 3555 1_1_0 EXIST::FUNCTION:
+ i2d_RSA_OAEP_PARAMS 3556 1_1_0 EXIST::FUNCTION:RSA
+@@ -3671,19 +3611,17 @@ i2d_RSA_OAEP_PARAMS 3556 1_1_0 EXIST::FUNCTION:RSA
+ BIO_get_callback_arg 3558 1_1_0 EXIST::FUNCTION:
+ ENGINE_register_RSA 3559 1_1_0 EXIST::FUNCTION:ENGINE
+ i2v_GENERAL_NAMES 3560 1_1_0 EXIST::FUNCTION:
+-EVP_CIPHER_CTX_cipher_data 3561 1_1_0 NOEXIST::FUNCTION:
+ PKCS7_decrypt 3562 1_1_0 EXIST::FUNCTION:
+ X509_STORE_set1_param 3563 1_1_0 EXIST::FUNCTION:
RAND_file_name 3564 1_1_0 EXIST::FUNCTION:
- DSO_METHOD_dl 3565 1_1_0 NOEXIST::FUNCTION:
+-DSO_METHOD_dl 3565 1_1_0 NOEXIST::FUNCTION:
EVP_CipherInit_ex 3566 1_1_0 EXIST::FUNCTION:
-BIO_dgram_sctp_notification_cb 3567 1_1_0 EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_notification_cb 3567 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
@@ -133180,7 +169002,7 @@
CRYPTO_ccm128_aad 3572 1_1_0 EXIST::FUNCTION:
IPAddressFamily_new 3573 1_1_0 EXIST::FUNCTION:RFC3779
d2i_TS_ACCURACY 3574 1_1_0 EXIST::FUNCTION:TS
-@@ -3693,7 +3692,7 @@ EVP_camellia_256_cbc 3577 1_1_0 EXIST::FUNCTION:CAMELLIA
+@@ -3693,7 +3631,7 @@ EVP_camellia_256_cbc 3577 1_1_0 EXIST::FUNCTION:CAMELLIA
i2d_PROXY_POLICY 3578 1_1_0 EXIST::FUNCTION:
X509_subject_name_hash_old 3579 1_1_0 EXIST::FUNCTION:MD5
PEM_read_bio_DSA_PUBKEY 3580 1_1_0 EXIST::FUNCTION:DSA
@@ -133189,7 +169011,7 @@
PEM_write_DSAparams 3582 1_1_0 EXIST::FUNCTION:DSA
ASN1_TIME_to_generalizedtime 3583 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_critical 3584 1_1_0 EXIST::FUNCTION:
-@@ -3703,7 +3702,7 @@ PEM_write_RSAPublicKey 3587 1_1_0 EXIST::FUNCTION:RSA
+@@ -3703,17 +3641,16 @@ PEM_write_RSAPublicKey 3587 1_1_0 EXIST::FUNCTION:RSA
EVP_MD_meth_dup 3588 1_1_0 EXIST::FUNCTION:
ENGINE_unregister_ciphers 3589 1_1_0 EXIST::FUNCTION:ENGINE
X509_issuer_and_serial_cmp 3590 1_1_0 EXIST::FUNCTION:
@@ -133197,8 +169019,10 @@
+OCSP_response_create 3591 1_1_0 EXIST::FUNCTION:OCSP
SHA224 3592 1_1_0 EXIST::FUNCTION:
MD2_options 3593 1_1_0 EXIST::FUNCTION:MD2
- CRYPTO_set_locking_callback 3594 1_1_0 NOEXIST::FUNCTION:
-@@ -3713,7 +3712,7 @@ RAND_bytes 3596 1_1_0 EXIST::FUNCTION:
+-CRYPTO_set_locking_callback 3594 1_1_0 NOEXIST::FUNCTION:
+ X509_REQ_it 3595 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ X509_REQ_it 3595 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ RAND_bytes 3596 1_1_0 EXIST::FUNCTION:
PKCS7_free 3597 1_1_0 EXIST::FUNCTION:
X509_NAME_ENTRY_create_by_txt 3598 1_1_0 EXIST::FUNCTION:
DES_cbc_cksum 3599 1_1_0 EXIST::FUNCTION:DES
@@ -133207,7 +169031,7 @@
BN_is_prime 3601 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
CMS_get0_signers 3602 1_1_0 EXIST::FUNCTION:CMS
i2d_PrivateKey_fp 3603 1_1_0 EXIST::FUNCTION:STDIO
-@@ -3736,7 +3735,7 @@ TS_CONF_set_signer_digest 3619 1_1_0 EXIST::FUNCTION:TS
+@@ -3736,11 +3673,10 @@ TS_CONF_set_signer_digest 3619 1_1_0 EXIST::FUNCTION:TS
OBJ_new_nid 3620 1_1_0 EXIST::FUNCTION:
CMS_ReceiptRequest_new 3621 1_1_0 EXIST::FUNCTION:CMS
SRP_VBASE_get1_by_user 3622 1_1_0 EXIST::FUNCTION:SRP
@@ -133216,7 +169040,16 @@
ENGINE_get_ex_data 3624 1_1_0 EXIST::FUNCTION:ENGINE
BN_print_fp 3625 1_1_0 EXIST::FUNCTION:STDIO
MD2_Update 3626 1_1_0 EXIST::FUNCTION:MD2
-@@ -3786,17 +3785,17 @@ ESS_CERT_ID_new 3669 1_1_0 EXIST::FUNCTION:TS
+-CRYPTO_THREADID_set_callback 3627 1_1_0 NOEXIST::FUNCTION:
+ ENGINE_free 3628 1_1_0 EXIST::FUNCTION:ENGINE
+ d2i_X509_ATTRIBUTE 3629 1_1_0 EXIST::FUNCTION:
+ TS_RESP_free 3630 1_1_0 EXIST::FUNCTION:TS
+@@ -3781,22 +3717,21 @@ ERR_load_DH_strings 3664 1_1_0 EXIST::FUNCTION:DH
+ EVP_MD_block_size 3665 1_1_0 EXIST::FUNCTION:
+ TS_X509_ALGOR_print_bio 3666 1_1_0 EXIST::FUNCTION:TS
+ d2i_PKCS7_ENVELOPE 3667 1_1_0 EXIST::FUNCTION:
+-OBJ_cleanup 3668 1_1_0 NOEXIST::FUNCTION:
+ ESS_CERT_ID_new 3669 1_1_0 EXIST::FUNCTION:TS
EC_POINT_invert 3670 1_1_0 EXIST::FUNCTION:EC
CAST_set_key 3671 1_1_0 EXIST::FUNCTION:CAST
ENGINE_get_pkey_meth 3672 1_1_0 EXIST::FUNCTION:ENGINE
@@ -133237,7 +169070,7 @@
ASN1_STRING_free 3684 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_inherit 3685 1_1_0 EXIST::FUNCTION:
EC_GROUP_get_curve_name 3686 1_1_0 EXIST::FUNCTION:EC
-@@ -3806,20 +3805,20 @@ EVP_PKEY_decrypt_old 3689 1_1_0 EXIST::FUNCTION:
+@@ -3806,20 +3741,20 @@ RSA_print 3687 1_1_0 EXIST::FUNCTION:RSA
ASN1_UTCTIME_cmp_time_t 3690 1_1_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1_ip 3691 1_1_0 EXIST::FUNCTION:
OTHERNAME_free 3692 1_1_0 EXIST::FUNCTION:
@@ -133263,7 +169096,7 @@
CMS_add0_CertificateChoices 3706 1_1_0 EXIST::FUNCTION:CMS
POLICYINFO_new 3707 1_1_0 EXIST::FUNCTION:
X509_CRL_get0_by_serial 3708 1_1_0 EXIST::FUNCTION:
-@@ -3832,15 +3831,15 @@ ENGINE_register_all_digests 3713 1_1_0 EXIST::FUNCTION:ENGINE
+@@ -3832,15 +3767,15 @@ ENGINE_register_all_digests 3713 1_1_0 EXIST::FUNCTION:ENGINE
X509_REQ_get_version 3714 1_1_0 EXIST::FUNCTION:
i2d_ASN1_UTCTIME 3715 1_1_0 EXIST::FUNCTION:
TS_STATUS_INFO_new 3716 1_1_0 EXIST::FUNCTION:TS
@@ -133282,7 +169115,7 @@
X509_STORE_CTX_get0_policy_tree 3726 1_1_0 EXIST::FUNCTION:
DES_set_key_checked 3727 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_meth_free 3728 1_1_0 EXIST::FUNCTION:
-@@ -3869,9 +3868,9 @@ EVP_PKEY_meth_get_sign 3750 1_1_0 EXIST::FUNCTION:
+@@ -3869,9 +3804,9 @@ DES_fcrypt 3748 1_1_0 EXIST::FUNCTION:DES
TS_REQ_get_nonce 3751 1_1_0 EXIST::FUNCTION:TS
ENGINE_unregister_EC 3752 1_1_0 EXIST::FUNCTION:ENGINE
X509v3_get_ext_count 3753 1_1_0 EXIST::FUNCTION:
@@ -133294,7 +169127,7 @@
BIO_set_callback 3757 1_1_0 EXIST::FUNCTION:
BN_GF2m_poly2arr 3758 1_1_0 EXIST::FUNCTION:EC2M
CMS_unsigned_get_attr_count 3759 1_1_0 EXIST::FUNCTION:CMS
-@@ -3881,7 +3880,7 @@ ECDH_compute_key 3762 1_1_0 EXIST::FUNCTION:EC
+@@ -3881,18 +3816,17 @@ ECDH_compute_key 3762 1_1_0 EXIST::FUNCTION:EC
ASN1_TIME_print 3763 1_1_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_peerkey 3764 1_1_0 EXIST::FUNCTION:
BN_mod_lshift1 3765 1_1_0 EXIST::FUNCTION:
@@ -133303,7 +169136,8 @@
PEM_write_DHxparams 3767 1_1_0 EXIST::FUNCTION:DH
BN_mod_exp2_mont 3768 1_1_0 EXIST::FUNCTION:
ASN1_PRINTABLE_free 3769 1_1_0 EXIST::FUNCTION:
-@@ -3890,9 +3889,9 @@ PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+-CRYPTO_thread_id 3770 1_1_0 NOEXIST::FUNCTION:
+ PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_MD_CTX_copy 3772 1_1_0 EXIST::FUNCTION:
ENGINE_set_ctrl_function 3773 1_1_0 EXIST::FUNCTION:ENGINE
@@ -133316,7 +169150,7 @@
EC_KEY_METHOD_set_init 3777 1_1_0 EXIST::FUNCTION:EC
EVP_PKEY_asn1_copy 3778 1_1_0 EXIST::FUNCTION:
RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-@@ -3900,7 +3899,7 @@ RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -3900,7 +3834,7 @@ RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
X509_STORE_CTX_get_error_depth 3780 1_1_0 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_set_string 3781 1_1_0 EXIST::FUNCTION:
EC_GROUP_new_curve_GFp 3782 1_1_0 EXIST::FUNCTION:EC
@@ -133325,12 +169159,11 @@
Camellia_ofb128_encrypt 3784 1_1_0 EXIST::FUNCTION:CAMELLIA
X509_new 3785 1_1_0 EXIST::FUNCTION:
EC_KEY_get_conv_form 3786 1_1_0 EXIST::FUNCTION:EC
-@@ -3931,15 +3930,15 @@ USERNOTICE_it 3809 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
+@@ -3931,15 +3865,14 @@ CMS_signed_delete_attr 3807 1_1_0 EXIST::FUNCTION:CMS
PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BN_mul_word 3811 1_1_0 EXIST::FUNCTION:
-DES_enc_read 3812 1_1_0 EXIST::FUNCTION:DES
-+DES_enc_read 3812 1_1_0 NOEXIST::FUNCTION:
i2d_IPAddressRange 3813 1_1_0 EXIST::FUNCTION:RFC3779
CMS_unsigned_add1_attr_by_txt 3814 1_1_0 EXIST::FUNCTION:CMS
d2i_RSA_PUBKEY 3815 1_1_0 EXIST::FUNCTION:RSA
@@ -133344,7 +169177,7 @@
X509_PURPOSE_get_by_sname 3820 1_1_0 EXIST::FUNCTION:
X509_PURPOSE_set 3821 1_1_0 EXIST::FUNCTION:
BN_mod_inverse 3822 1_1_0 EXIST::FUNCTION:
-@@ -3961,20 +3960,20 @@ BN_GF2m_mod_inv_arr 3837 1_1_0 EXIST::FUNCTION:EC2M
+@@ -3961,20 +3894,20 @@ BN_GF2m_mod_inv_arr 3837 1_1_0 EXIST::FUNCTION:EC2M
X509_REQ_get1_email 3838 1_1_0 EXIST::FUNCTION:
EC_KEY_print 3839 1_1_0 EXIST::FUNCTION:EC
i2d_ASN1_INTEGER 3840 1_1_0 EXIST::FUNCTION:
@@ -133369,7 +169202,7 @@
EVP_PKEY_asn1_set_security_bits 3855 1_1_0 EXIST::FUNCTION:
i2d_CERTIFICATEPOLICIES 3856 1_1_0 EXIST::FUNCTION:
i2d_X509_CERT_AUX 3857 1_1_0 EXIST::FUNCTION:
-@@ -3982,8 +3981,8 @@ i2o_ECPublicKey 3858 1_1_0 EXIST::FUNCTION:EC
+@@ -3982,8 +3915,8 @@ i2o_ECPublicKey 3858 1_1_0 EXIST::FUNCTION:EC
PKCS12_SAFEBAG_create0_pkcs8 3859 1_1_0 EXIST::FUNCTION:
OBJ_get0_data 3860 1_1_0 EXIST::FUNCTION:
EC_GROUP_get0_seed 3861 1_1_0 EXIST::FUNCTION:EC
@@ -133380,14 +169213,14 @@
ASRange_it 3863 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
ASRange_it 3863 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
i2d_TS_RESP 3864 1_1_0 EXIST::FUNCTION:TS
-@@ -3997,12 +3996,12 @@ RSA_OAEP_PARAMS_it 3871 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
+@@ -3997,17 +3930,15 @@ RSA_OAEP_PARAMS_it 3871 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
RSA_OAEP_PARAMS_it 3871 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
BN_bn2mpi 3872 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_cleanup 3873 1_1_0 EXIST::FUNCTION:
-OCSP_onereq_get0_id 3874 1_1_0 EXIST::FUNCTION:
+OCSP_onereq_get0_id 3874 1_1_0 EXIST::FUNCTION:OCSP
X509_get_default_cert_dir 3875 1_1_0 EXIST::FUNCTION:
- DSO_get_method 3876 1_1_0 NOEXIST::FUNCTION:
+-DSO_get_method 3876 1_1_0 NOEXIST::FUNCTION:
PROXY_POLICY_free 3877 1_1_0 EXIST::FUNCTION:
PEM_write_DSAPrivateKey 3878 1_1_0 EXIST::FUNCTION:DSA
-sk_delete_ptr 3879 1_1_0 EXIST::FUNCTION:
@@ -133395,7 +169228,12 @@
CMS_add0_RevocationInfoChoice 3880 1_1_0 EXIST::FUNCTION:CMS
ASN1_PCTX_get_flags 3881 1_1_0 EXIST::FUNCTION:
EVP_MD_meth_set_result_size 3882 1_1_0 EXIST::FUNCTION:
-@@ -4019,19 +4018,19 @@ PBKDF2PARAM_new 3891 1_1_0 EXIST::FUNCTION:
+ i2d_X509_CRL 3883 1_1_0 EXIST::FUNCTION:
+-BIO_sock_cleanup 3884 1_1_0 NOEXIST::FUNCTION:
+ ASN1_INTEGER_it 3885 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ ASN1_INTEGER_it 3885 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ TS_ACCURACY_new 3886 1_1_0 EXIST::FUNCTION:TS
+@@ -4019,19 +3950,19 @@ TS_RESP_CTX_set_status_info_cond 3890 1_1_0 EXIST::FUNCTION:TS
ENGINE_set_RSA 3892 1_1_0 EXIST::FUNCTION:ENGINE
i2d_X509_ATTRIBUTE 3893 1_1_0 EXIST::FUNCTION:
PKCS7_ctrl 3894 1_1_0 EXIST::FUNCTION:
@@ -133419,7 +169257,7 @@
PKCS8_pkey_get0_attrs 3907 1_1_0 EXIST::FUNCTION:
PKCS8_pkey_add1_attr_by_NID 3908 1_1_0 EXIST::FUNCTION:
ASYNC_is_capable 3909 1_1_0 EXIST::FUNCTION:
-@@ -4194,16 +4193,24 @@ DH_meth_set_generate_key 4067 1_1_0 EXIST::FUNCTION:DH
+@@ -4194,16 +4125,25 @@ DH_meth_set_generate_key 4067 1_1_0 EXIST::FUNCTION:DH
DH_meth_free 4068 1_1_0 EXIST::FUNCTION:DH
DH_meth_get_generate_key 4069 1_1_0 EXIST::FUNCTION:DH
DH_set_flags 4070 1_1_0 EXIST::FUNCTION:DH
@@ -133450,17 +169288,28 @@
+X509_OBJECT_new 4089 1_1_0 EXIST::FUNCTION:
+X509_STORE_get0_param 4090 1_1_0 EXIST::FUNCTION:
+PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION:
++X509_get_pathlen 4092 1_1_0 EXIST::FUNCTION:
diff --git a/util/libssl.num b/util/libssl.num
-index 636892c..8af95d1 100644
+index 636892cd8a66..d023293808c7 100644
--- a/util/libssl.num
+++ b/util/libssl.num
-@@ -394,3 +394,4 @@ SSL_enable_ct 393 1_1_0 EXIST::FUNCTION:CT
+@@ -7,7 +7,6 @@ SSL_CTX_set_srp_client_pwd_callback 5 1_1_0 EXIST::FUNCTION:SRP
+ SSL_CTX_set_srp_password 7 1_1_0 EXIST::FUNCTION:SRP
+ SSL_shutdown 8 1_1_0 EXIST::FUNCTION:
+ SSL_CTX_set_msg_callback 9 1_1_0 EXIST::FUNCTION:
+-SSL_COMP_free_compression_methods 10 1_1_0 NOEXIST::FUNCTION:
+ SSL_SESSION_get0_ticket 11 1_1_0 EXIST::FUNCTION:
+ SSL_get1_supported_ciphers 12 1_1_0 EXIST::FUNCTION:
+ SSL_state_string_long 13 1_1_0 EXIST::FUNCTION:
+@@ -394,3 +393,6 @@ SSL_enable_ct 393 1_1_0 EXIST::FUNCTION:CT
SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT
SSL_CTX_get_ciphers 395 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_hostname 396 1_1_0 EXIST::FUNCTION:
+SSL_client_version 397 1_1_0 EXIST::FUNCTION:
++SSL_SESSION_get_protocol_version 398 1_1_0 EXIST::FUNCTION:
++SSL_is_dtls 399 1_1_0 EXIST::FUNCTION:
diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl
-index a809f71..5bf0168 100755
+index a809f710b41a..5bf0168b6a7c 100755
--- a/util/mkbuildinf.pl
+++ b/util/mkbuildinf.pl
@@ -1,4 +1,11 @@
@@ -133477,7 +169326,7 @@
my ($cflags, $platform) = @ARGV;
diff --git a/util/mkdef.pl b/util/mkdef.pl
-index 9f8d561..c2fbfe7 100755
+index 9f8d561b0087..c2fbfe7062f3 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -1,4 +1,11 @@
@@ -133526,7 +169375,7 @@
}
}
diff --git a/util/mkdir-p.pl b/util/mkdir-p.pl
-index e73d02b..4f44266 100755
+index e73d02b073bb..4f44266802c0 100755
--- a/util/mkdir-p.pl
+++ b/util/mkdir-p.pl
@@ -1,6 +1,10 @@
@@ -133544,7 +169393,7 @@
# On some systems, the -p option to mkdir (= also create any missing parent
# directories) is not available.
diff --git a/util/mkerr.pl b/util/mkerr.pl
-index 4fd5520..7d07978 100644
+index 4fd5520d87cb..7d0797859fc9 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -1,7 +1,12 @@
@@ -133571,7 +169420,7 @@
my $pack_errcode;
my $load_errcode;
-@@ -62,6 +69,8 @@ Options:
+@@ -62,6 +69,8 @@ mkerr.pl [options] ...
-hprefix P Prepend the filenames in generated #include <header>
statements with prefix P. Default: 'openssl/' (without
the quotes, naturally)
@@ -133820,7 +169669,7 @@
} else {
print OUT " {${rstr}, \"$rn\"},\n";
diff --git a/util/mkrc.pl b/util/mkrc.pl
-index 8b74ff8..c177349 100755
+index 8b74ff8adc56..c177349c13e4 100755
--- a/util/mkrc.pl
+++ b/util/mkrc.pl
@@ -1,5 +1,10 @@
@@ -133844,32 +169693,235 @@
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
-diff --git a/util/perlpath.pl b/util/perlpath.pl
-index a1f236b..80388e2 100755
---- a/util/perlpath.pl
-+++ b/util/perlpath.pl
-@@ -1,8 +1,13 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+diff --git a/util/openssl-format-source b/util/openssl-format-source
+index 725883601f5c..36ea43231c5f 100755
+--- a/util/openssl-format-source
++++ b/util/openssl-format-source
+@@ -1,5 +1,13 @@
+ #!/bin/sh
#
++# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
++#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
- # modify the '#!/usr/local/bin/perl'
- # line in all scripts that rely on perl.
++#
+ # openssl-format-source
+ # - format source tree according to OpenSSL coding style using indent
+ #
+diff --git a/util/perl/OpenSSL/Util/Pod.pm b/util/perl/OpenSSL/Util/Pod.pm
+new file mode 100644
+index 000000000000..5c0af95918ef
+--- /dev/null
++++ b/util/perl/OpenSSL/Util/Pod.pm
+@@ -0,0 +1,158 @@
++# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++package OpenSSL::Util::Pod;
++
++use strict;
++use warnings;
++
++use Exporter;
++use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
++$VERSION = "0.1";
++ at ISA = qw(Exporter);
++ at EXPORT = qw(extract_pod_info);
++ at EXPORT_OK = qw();
++
++=head1 NAME
++
++OpenSSL::Util::Pod - utilities to manipulate .pod files
++
++=head1 SYNOPSIS
++
++ use OpenSSL::Util::Pod;
++
++ my %podinfo = extract_pod_info("foo.pod");
++
++ # or if the file is already opened... Note that this consumes the
++ # remainder of the file.
++
++ my %podinfo = extract_pod_info(\*STDIN);
++
++=head1 DESCRIPTION
++
++=over
++
++=item B<extract_pod_info "FILENAME", HASHREF>
++
++=item B<extract_pod_info "FILENAME">
++
++=item B<extract_pod_info GLOB, HASHREF>
++
++=item B<extract_pod_info GLOB>
++
++Extracts information from a .pod file, given a STRING (file name) or a
++GLOB (a file handle). The result is given back as a hash table.
++
++The additional hash is for extra parameters:
++
++=over
++
++=item B<section =E<gt> N>
++
++The value MUST be a number, and will be the default man section number
++to be used with the given .pod file. This number can be altered if
++the .pod file has a line like this:
++
++ =for comment openssl_manual_section: 4
++
++=item B<debug =E<gt> 0|1>
++
++If set to 1, extra debug text will be printed on STDERR
++
++=back
++
++=back
++
++=head1 RETURN VALUES
++
++=over
++
++=item B<extract_pod_info> returns a hash table with the following
++items:
++
++=over
++
++=item B<section =E<gt> N>
++
++The man section number this .pod file belongs to. Often the same as
++was given as input.
++
++=item B<names =E<gt> [ "name", ... ]>
++
++All the names extracted from the NAME section.
++
++=back
++
++=back
++
++=cut
++
++sub extract_pod_info {
++ my $input = shift;
++ my $defaults_ref = shift || {};
++ my %defaults = ( debug => 0, section => 0, %$defaults_ref );
++ my $fh = undef;
++ my $filename = undef;
++
++ # If not a file handle, then it's assume to be a file path (a string)
++ unless (ref $input eq "GLOB") {
++ $filename = $input;
++ open $fh, $input or die "Trying to read $filename: $!\n";
++ print STDERR "DEBUG: Reading $input\n" if $defaults{debug};
++ $input = $fh;
++ }
++
++ my %podinfo = ( section => $defaults{section});
++ while(<$input>) {
++ s|\R$||;
++ if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
++ print STDERR "DEBUG: Found man section number $1\n"
++ if $defaults{debug};
++ $podinfo{section} = $1;
++ }
++
++ # Stop reading when we have reached past the NAME section.
++ last if (m|^=head1|
++ && defined $podinfo{lastsect}
++ && $podinfo{lastsect} eq "NAME");
++
++ # Collect the section name
++ if (m|^=head1\s*(.*)|) {
++ $podinfo{lastsect} = $1;
++ $podinfo{lastsect} =~ s/\s+$//;
++ print STDERR "DEBUG: Found new pod section $1\n"
++ if $defaults{debug};
++ print STDERR "DEBUG: Clearing pod section text\n"
++ if $defaults{debug};
++ $podinfo{lastsecttext} = "";
++ }
++
++ next if (m|^=| || m|^\s*$|);
++
++ # Collect the section text
++ print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
++ if $defaults{debug};
++ $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
++ $podinfo{lastsecttext} .= $_;
++ }
++
++
++ if (defined $fh) {
++ close $fh;
++ print STDERR "DEBUG: Done reading $filename\n" if $defaults{debug};
++ }
++
++ $podinfo{lastsecttext} =~ s| - .*$||;
++
++ my @names =
++ map { s|\s+||g; $_ }
++ split(m|,|, $podinfo{lastsecttext});
++
++ return ( section => $podinfo{section}, names => [ @names ] );
++}
++
++1;
+diff --git a/util/perlpath.pl b/util/perlpath.pl
+deleted file mode 100755
+index a1f236bd9843..000000000000
+--- a/util/perlpath.pl
++++ /dev/null
+@@ -1,35 +0,0 @@
+-#!/usr/local/bin/perl
-#
-
- require "find.pl";
-
+-# modify the '#!/usr/local/bin/perl'
+-# line in all scripts that rely on perl.
+-#
+-
+-require "find.pl";
+-
+-$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
+-&find(".");
+-
+-sub wanted
+- {
+- return unless /\.pl$/ || /^[Cc]onfigur/;
+-
+- open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+- @a=<IN>;
+- close(IN);
+-
+- if (-d $ARGV[0]) {
+- $a[0]="#!$ARGV[0]/perl\n";
+- }
+- else {
+- $a[0]="#!$ARGV[0]\n";
+- }
+-
+- # Playing it safe...
+- $new="$_.new";
+- open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+- print OUT @a;
+- close(OUT);
+-
+- rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+- chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+- }
diff --git a/util/process_docs.pl b/util/process_docs.pl
new file mode 100644
-index 0000000..efc4ef5
+index 000000000000..8b8de81acdaa
--- /dev/null
+++ b/util/process_docs.pl
-@@ -0,0 +1,263 @@
+@@ -0,0 +1,235 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
@@ -133885,12 +169937,18 @@
+use File::Basename;
+use File::Copy;
+use File::Path;
++use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+use Getopt::Long;
+use Pod::Usage;
+
+use lib '.';
+use configdata;
+
++# We know we are in the 'util' directory and that our perl modules are
++# in util/perl
++use lib catdir(dirname($0), "perl");
++use OpenSSL::Util::Pod;
++
+my %options = ();
+GetOptions(\%options,
+ 'sourcedir=s', # Source directory
@@ -133944,50 +170002,16 @@
+foreach my $subdir (keys %{$options{subdir}}) {
+ my $section = $options{subdir}->{$subdir};
+ my $podsourcedir = catfile($options{sourcedir}, $subdir);
-+ my $podglob = '"'.catfile($podsourcedir, "*.pod").'"';
++ my $podglob = catfile($podsourcedir, "*.pod");
+
+ foreach my $podfile (glob $podglob) {
+ my $podname = basename($podfile, ".pod");
+ my $podpath = catfile($podfile);
-+ my %podinfo = ( section => $section );
++ my %podinfo = extract_pod_info($podpath,
++ { debug => $options{debug},
++ section => $section });
++ my @podfiles = grep { $_ ne $podname } @{$podinfo{names}};
+
-+ print STDERR "DEBUG: Reading $podpath\n" if $options{debug};
-+ open my $pod_fh, $podpath or die "Trying to read $podpath: $!\n";
-+ while (<$pod_fh>) {
-+ s|\R$||;
-+ if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
-+ print STDERR "DEBUG: Found man section number $1\n"
-+ if $options{debug};
-+ $podinfo{section} = $1;
-+ }
-+ last if (m|^=head1|
-+ && defined $podinfo{lastsect}
-+ && $podinfo{lastsect} eq "NAME");
-+ if (m|^=head1\s*(.*)|) {
-+ $podinfo{lastsect} = $1;
-+ $podinfo{lastsect} =~ s/\s+$//;
-+ print STDERR "DEBUG: Found new pod section $1\n"
-+ if $options{debug};
-+ print STDERR "DEBUG: Clearing pod section text\n"
-+ if $options{debug};
-+ $podinfo{lastsecttext} = "";
-+ }
-+ next if (m|^=| || m|^\s*$|);
-+ print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
-+ if $options{debug};
-+ $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
-+ $podinfo{lastsecttext} .= $_;
-+ }
-+ close $pod_fh;
-+ print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
-+ $podinfo{lastsecttext} =~ s| - .*$||;
-+ print STDERR "DEBUG: Done reading $podpath\n" if $options{debug};
-+
-+ my @podfiles =
-+ grep { $_ ne $podname }
-+ map { s|\s+||g; $_ }
-+ split(m|,|, $podinfo{lastsecttext});
-+
+ my $updir = updir();
+ my $name = uc $podname;
+ my $suffix = { man => ".$podinfo{section}",
@@ -134134,7 +170158,7 @@
+
+=cut
diff --git a/util/selftest.pl b/util/selftest.pl
-index 06d494a..d1d1159 100644
+index 06d494a2fb93..d1d11593fa27 100644
--- a/util/selftest.pl
+++ b/util/selftest.pl
@@ -1,7 +1,12 @@
@@ -134153,7 +170177,7 @@
if (! -f "Configure") {
print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
diff --git a/util/su-filter.pl b/util/su-filter.pl
-index 3715ba2..5996f58 100644
+index 3715ba263d70..5996f58225dc 100644
--- a/util/su-filter.pl
+++ b/util/su-filter.pl
@@ -1,7 +1,11 @@
@@ -134171,8 +170195,31 @@
use strict;
my $in_su = 0;
+diff --git a/util/toutf8.sh b/util/toutf8.sh
+deleted file mode 100644
+index 8a4254b3df3d..000000000000
+--- a/util/toutf8.sh
++++ /dev/null
+@@ -1,17 +0,0 @@
+-#! /bin/sh
+-#
+-# Very simple script to detect and convert files that we want to re-encode to UTF8
+-
+-git ls-tree -r --name-only HEAD | \
+- while read F; do
+- charset=`file -bi "$F" | sed -e 's|.*charset=||'`
+- if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then
+- iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \
+- ( cmp -s "$F" "$F.utf8" || \
+- ( echo "$F"
+- mv "$F" "$F.iso-8859-1"
+- mv "$F.utf8" "$F"
+- )
+- )
+- fi
+- done
diff --git a/util/with_fallback.pm b/util/with_fallback.pm
-index 014f355..b6deb20 100644
+index 014f3551564a..b6deb2092e96 100644
--- a/util/with_fallback.pm
+++ b/util/with_fallback.pm
@@ -1,4 +1,9 @@
Modified: openssl/branches/1.1.0/debian/rules
===================================================================
--- openssl/branches/1.1.0/debian/rules 2016-06-10 18:43:56 UTC (rev 804)
+++ openssl/branches/1.1.0/debian/rules 2016-06-10 19:30:09 UTC (rev 805)
@@ -26,6 +26,11 @@
export CROSS_COMPILE ?= $(DEB_HOST_GNU_TYPE)-
endif
+ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+ NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+ MAKEFLAGS += -j$(NUMJOBS)
+endif
+
CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms
OPT_alpha = ev4 ev5
ARCHOPTS = OPT_$(DEB_HOST_ARCH)
More information about the Pkg-openssl-changes
mailing list